From MediaWiki.org

Jump to: navigation, search

**Manual on MediaWiki Extensions**
**List of MediaWiki Extensions**
IPBAuth Release status: beta
Implementation	User identity
Description
Author(s)	Quekky / MZXGiant^Talk
License	No license specified
Download	see below Change log
check usage (experimental)

[edit] Installation

Download and install MediaWiki
Open your LocalSettings.php file
Insert the following code at the end of the file:

$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['createaccount'] = false;
 
require_once("extensions/AuthPlugin_IPB.php");
$wgAuth = new AuthPlugin_IPB();

Copy this AuthPlugin_IPB.php file and put it in the wiki extensions directory, ie: extensions/AuthPlugin_IPB.php

<?php
# http://www.mediawiki.org/
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# http://www.gnu.org/copyleft/gpl.html

/**
 * Authentication plugin interface. Instantiate a subclass of AuthPlugin
 * and set $wgAuth to it to authenticate against some external tool.
 *
 * The default behavior is not to do anything, and use the local user
 * database for all authentication. A subclass can require that all
 * accounts authenticate externally, or use it only as a fallback; also
 * you can transparently create internal wiki accounts the first time
 * someone logs in who can be authenticated externally.
 *
 * This interface is new, and might change a bit before 1.4.0 final is
 * done...
 *
 * @package MediaWiki
 */
 
/**
 * Authenticate with IPB login
 * 
 * 2007-02-18: v1.0 orginal by quekky
 *     - create the user in MW if it does not exist
 *     - set/unset the admin group in MW if the user is a admin in IPB
 *     - tested in IPB 2.1
 * 2007-02-18: v1.1 modified by quekky
 *     - added support for 1.3
 *     - fixed email setting in initUser
 * 
 * 2009-08-30: v1.2 modified by MZXGiant [mzxgiant at gmail dot com]
 *     - added support for 3.0, making this the first MediaWiki<->IPB3
 *       capable extension to my knowledge
 *     - tested in IPB 3.0.1
 */
 
require_once("AuthPlugin.php");
 
 
/* set to '3.0', '2.1', or '1.3' */
define( 'IPB_VERSION', '3.0' );
 
class AuthPlugin_IPB extends AuthPlugin{
 
    // Create a persistent DB connection
    var $ipb_database;
 
    var $passwordchange;
 
    /**
     * Init
     */
    function AuthPlugin_IPB() {
        global $wgDBserver, $wgDBuser, $wgDBpassword, $wgDBname;
 
        /*
         * set your settings here
         */
        $dbhost = $wgDBserver; //$wgDBserver
        $dbusername = $wgDBuser; //$wgDBuser
        $dbpassword = $wgDBpassword; //$wgDBpassword
        $dbname = $wgDBname; //$wgDBname
        $this->ipb_prefix = 'ipb3_'; //'ibf_'
        // set the usergroups for the administrators
        $this->admin_usergroups = Array(4);
        $this->user_rights = Array("sysop");
        // set the usergroups for those who can edit the wiki
        $this->allowed_usergroups = Array(4,3,9);
        /*
         * end user settings
         */
 
        $this->passwordchange = false;
        $this->ipb_database = mysql_pconnect($dbhost, $dbusername, $dbpassword);
        mysql_select_db($dbname, $this->ipb_database);
    }
 
    /**
     * Check whether there exists a user account with the given name.
     * The name will be normalized to MediaWiki's requirements, so
     * you might need to munge it (for instance, for lowercase initial
     * letters).
     *
     * @param $username String: username.
     * @return bool
     * @public
     */
    function userExists( $username ) {
        $username = addslashes($username);
        if(IPB_VERSION == '1.3') {
            $ipb_find_user_query = "SELECT mgroup FROM {$this->ipb_prefix}members WHERE lower(name)=lower('{$username}') AND (restrict_post='0' OR restrict_post=null)";
        }
        if(IPB_VERSION == '2.1') {
            $ipb_find_user_query = "SELECT mgroup FROM {$this->ipb_prefix}members WHERE lower(name)=lower('{$username}') AND (restrict_post='0' OR restrict_post=null)";
        }
        if(IPB_VERSION == '3.0') {
            $ipb_find_user_query = "SELECT member_group_id mgroup FROM {$this->ipb_prefix}members WHERE lower(name)=lower('{$username}') AND (restrict_post='0' OR restrict_post=null OR restrict_post='')";
        }
        $ipb_find_result = mysql_query($ipb_find_user_query, $this->ipb_database);
        // make sure that there is only one person with the username
        if (mysql_num_rows($ipb_find_result) == 1) {
            $ipb_userinfo = mysql_fetch_assoc($ipb_find_result);
            mysql_free_result($ipb_find_result);
            // Only registered and admins. Banned and unregistered don't belong here.
            if (in_array($ipb_userinfo['mgroup'], $this->allowed_usergroups)) {
                return true;
            }
        }
        // if no one is registered with that username, or there are more than 1 entries
        // or they have illegal characters return FALSE (they do not exist)
        return false;
    }
 
    /**
     * Check if a username+password pair is a valid login.
     * The name will be normalized to MediaWiki's requirements, so
     * you might need to munge it (for instance, for lowercase initial
     * letters).
     *
     * @param $username String: username.
     * @param $password String: user password.
     * @return bool
     * @public
     */
    function authenticate( $username, $password ) {
        $username = addslashes($username);
        $password = addslashes($password);
        if(IPB_VERSION == '1.3') {
            $ipb_find_user_query = "SELECT mgroup FROM {$this->ipb_prefix}members WHERE lower(name)=lower('{$username}') AND password = MD5('{$password}')";
        }
        if(IPB_VERSION == '2.1') {
            $ipb_find_user_query = "SELECT mgroup FROM {$this->ipb_prefix}members m, {$this->ipb_prefix}members_converge c WHERE m.id=c.converge_id AND lower(name)=lower('{$username}') AND converge_pass_hash = MD5(CONCAT(MD5(converge_pass_salt),MD5('{$password}')))";
        }
        if(IPB_VERSION == '3.0') {
            $ipb_find_user_query = "SELECT member_group_id mgroup FROM {$this->ipb_prefix}members m WHERE lower(name)=lower('{$username}') AND members_pass_hash = MD5(CONCAT(MD5(members_pass_salt),MD5('{$password}')))";
        }
        $ipb_find_result = mysql_query($ipb_find_user_query, $this->ipb_database);
        if (mysql_num_rows($ipb_find_result) == 1) {
            $ipb_userinfo = mysql_fetch_assoc($ipb_find_result);
            mysql_free_result($ipb_find_result);
            // Only registered and admins. Banned and unregistered don't belong here.
            if (in_array($ipb_userinfo['mgroup'], $this->allowed_usergroups)) {
                $this->passwordchange = true;
                return true;
            }
        }
        return false;
    }
 
 
    /**
     * When a user logs in, optionally fill in preferences and such.
     * For instance, you might pull the email address or real name from the
     * external user database.
     *
     * The User object is passed by reference so it can be modified; don't
     * forget the & on your function declaration.
     *
     * @param User $user
     * @public
     */
    function updateUser( &$user ) {
        $username = addslashes($user->getName());
        if(IPB_VERSION == '1.3') {
            $ipb_find_user_query = "SELECT mgroup, email, name realname FROM {$this->ipb_prefix}members WHERE lower(name)=lower('{$username}')";
        }
        if(IPB_VERSION == '2.1') {
            $ipb_find_user_query = "SELECT mgroup, mgroup_others groupids, email, members_display_name realname FROM {$this->ipb_prefix}members WHERE lower(name)=lower('{$username}')";
        }
        if(IPB_VERSION == '3.0' ) {
            $ipb_find_user_query = "SELECT member_group_id mgroup, mgroup_others groupids, email, members_display_name realname FROM {$this->ipb_prefix}members WHERE lower(name)=lower('{$username}')";
        }
        $ipb_find_result = mysql_query($ipb_find_user_query, $this->ipb_database);
        // make sure that there is only one person with the username
        if (mysql_num_rows($ipb_find_result) == 1) {
            $ipb_userinfo = mysql_fetch_assoc($ipb_find_result);
            mysql_free_result($ipb_find_result);
            $user->setEmail($ipb_userinfo['email']);
            $user->confirmEmail();
            $user->setRealName($ipb_userinfo['realname']);
            // go through the users member groups to see if one of them is administrative
            $user_membergroups = explode(",", $ipb_userinfo['groupids']);
            $admin_secondary = FALSE;
            for ($x = 0; $x < count($user_membergroups); $x++) {
                if (in_array($user_membergroups[$x], $this->admin_usergroups)) $admin_secondary = TRUE;
            }
 
            if (in_array($ipb_userinfo['mgroup'], $this->admin_usergroups) || $admin_secondary === TRUE) {
                // if a user is not a sysop, make them a sysop
                if (!in_array("sysop", $user->getEffectiveGroups())) {
                    $user->addGroup('sysop');
                    $user->saveSettings();
                    return TRUE;
                }
            }
            // if the user is not an administrator, but they were, and they are still a sysop, remove their sysop status
            if (!in_array($ipb_userinfo['mgroup'], $this->admin_usergroups) && $admin_secondary === FALSE) {
                if (in_array("sysop", $user->getEffectiveGroups())) {
                    $user->removeGroup('sysop');
                    $user->saveSettings();
                    return TRUE;
                }
            }
            $user->saveSettings();
            return true;
        }
        return false;
    }
 
 
    /**
     * Return true if the wiki should create a new local account automatically
     * when asked to login a user who doesn't exist locally but does in the
     * external auth database.
     *
     * If you don't automatically create accounts, you must still create
     * accounts in some way. It's not possible to authenticate without
     * a local account.
     *
     * This is just a question, and shouldn't perform any actions.
     *
     * @return bool
     * @public
     */
    function autoCreate() {
        return true;
    }
 
    /**
     * Can users change their passwords?
     *
     * @return bool
     */
    function allowPasswordChange() {
        return $this->passwordchange;
    }
 
    /**
     * Set the given password in the authentication database.
     * As a special case, the password may be set to null to request
     * locking the password to an unusable value, with the expectation
     * that it will be set later through a mail reset or other method.
     *
     * Return true if successful.
     *
     * @param $user User object.
     * @param $password String: password.
     * @return bool
     * @public
     */
    function setPassword( $user, $password ) {
        return true;
    }
 
    /**
     * Update user information in the external authentication database.
     * Return true if successful.
     *
     * @param $user User object.
     * @return bool
     * @public
     */
    function updateExternalDB( $user ) {
        return false;
    }
 
    /**
     * Check to see if external accounts can be created.
     * Return true if external accounts can be created.
     * @return bool
     * @public
     */
    function canCreateAccounts() {
        return false;
    }
 
    /**
     * Add a user to the external authentication database.
     * Return true if successful.
     *
     * @param User $user
     * @param string $password
     * @return bool
     * @public
     */
    function addUser( $user, $password ) {
        return false;
    }
 
 
    /**
     * Return true to prevent logins that don't authenticate here from being
     * checked against the local database's password fields.
     *
     * This is just a question, and shouldn't perform any actions.
     *
     * @return bool
     * @public
     */
    function strict() {
        return true;
    }
 
    /**
     * When creating a user account, optionally fill in preferences and such.
     * For instance, you might pull the email address or real name from the
     * external user database.
     *
     * The User object is passed by reference so it can be modified; don't
     * forget the & on your function declaration.
     *
     * @param $user User object.
     * @public
     */
    function initUser( &$user ) {
        $username = addslashes($user->getName());
        if(IPB_VERSION == '1.3') {
            $ipb_find_user_query = "SELECT email, name realname FROM {$this->ipb_prefix}members WHERE lower(name)=lower('{$username}')";
        }
        if(IPB_VERSION == '2.1') {
            $ipb_find_user_query = "SELECT email, members_display_name realname FROM {$this->ipb_prefix}members WHERE lower(name)=lower('{$username}')";
        }
        if(IPB_VERSION == '3.0') {
            $ipb_find_user_query = "SELECT email, members_display_name realname FROM {$this->ipb_prefix}members WHERE lower(name)=lower('{$username}')";
        }
        $ipb_find_result = mysql_query($ipb_find_user_query, $this->ipb_database);
        // make sure that there is only one person with the username
        if (mysql_num_rows($ipb_find_result) == 1) {
            $ipb_userinfo = mysql_fetch_assoc($ipb_find_result);
            mysql_free_result($ipb_find_result);
            $user->setEmail($ipb_userinfo['email']);
            $user->confirmEmail();
            $user->setRealName($ipb_userinfo['realname']);
            $user->saveSettings();
        }
    }
 
    /**
     * If you want to munge the case of an account name before the final
     * check, now is your chance.
     */
    function getCanonicalName( $username ) {
        return $username;
    }
}
 
?>

Optional, edit includes/templates/Userlogin.php and under

<p id="userloginlink"><?php $this->html('link') ?></p>

add this line

<p id="userloginlink">Please Login with your <a href="/forums/">Forum user name</a>, or <a href="/forums/index.php?act=Reg">Register here</a></p>

[edit] Change Log

v1.0
- - create the user in MW if it does not exist
- - set/unset the admin group in MW if the user is a admin in IPB
- - tested in IPB 2.1
v1.1
- - added support for 1.3
- - fixed email setting in initUser
v1.2 [MZXGiant's Fork]
- - added support for 3.0, making this the first MediaWiki<->IPB3
- capable extension to my knowledge
- - tested in IPB 3.0.1

[edit] Alternative solution

An alternative Invision Power Board Authentication plugin is available from www.ipbwiki.com, there's a free version available which handles login integration and a paying version which provides skin integration, bbcode support, etc.

[edit] IPB3 Beta

As of v1.2 by MZXGiant, this supports IPB 3.0.1, and is the only one to do so to the best of the author's knowledge at this time.

Extension:IPBAuth

From MediaWiki.org

Contents

[edit] Installation

[edit] Change Log

[edit] Alternative solution

[edit] IPB3 Beta

Views

Personal tools

Site

Search

Support

Download

Development

Communication

Toolbox