Extension:PHPBB Auth

This extension links MediaWiki to phpBB's user table for authentication, and disallows the creation of new accounts in MediaWiki. Users must then log in to the wiki with their phpBB account.

Extension
The extension requires PHP5+, MySQL 4 or 5, MediaWiki 1.11+ and phpBB3 or phpBB2. If you need help, post an issue at Github.


 * 1) Download the extension (For phpBB3 clone the latest version from github, for phpBB2 use v2.7).
 * 2) Add the code below to the bottom of LocalSettings.php.
 * 3) Copy files from downloaded archive to directory extensions.
 * 4) Make a new phpBB group called Wiki. If you set   to true, only users in the Wiki group can edit MediaWiki.

Usernames rules
MediaWiki does not follow the same user naming conventions as phpBB, so there may be problem if someone uses an invalid username. Although all MediaWiki usernames are valid in phpBB, some phpBB usernames are not valid in MediaWiki. For example, MediaWiki does not allow the '[]' bracket symbols.

The problem can be circumvented by installing a phpBB extension to restrict MediaWiki-incompatible characters in phpBB. The Restrict Username mod (beta) can do this.

Instead of installing the phpBB MOD, you can set Limit username chars to Alphanumeric only in the User registration settings of phpBB3.

Furthermore, watch out that MediaWiki doesn't allow the same phrase as password that you chose for your username. phpBB doesn't have a problem with password and username being the same phrase.

Problems with not sharing a database
Some users experience an error when phpBB and MediaWiki are in different databases, while other users have no problem doing so. It's possible that this may be related to non-English software, which is common to users reporting the error. For more information, see the php|uber.leet forums.

Deactivated phpBB Accounts
The Plugin currently allows access to the wiki, if a user is listed in the phpBB's user table (and member of a specific group, if that feature is used). It is not checking, whether the account is set active or inactive in the phpBB's database. This allows some users to log into the wiki with a phpBB account, that was not reviewed by the phpBB administrator. (See also entry on the discussion page)

Release log

 * Release 3.0.3 (Jan. 1, 2008)
 * Fixed a potential SQL injection security hole.
 * Added support for multiple Wiki Groups.


 * Release 3.0.2 (Dec. 28, 2007)
 * Now works with and requires phpBB3.
 * Now works with and requires MW 1.11.x
 * Now requires PHP5.
 * Uses phpBB3 username case folding methods.
 * Uses phpass for password hashing.
 * When the user is not in the "Wiki" group the user now sees a MediaWiki error that says so.
 * When the user is not found in the phpBB user database they now see a MediaWiki error asking them to register.
 * Added a link to phpBB's register page from the login screen.
 * Plug-in now uses MediaWiki Hooks.


 * Release 2.7
 * Fixed a potential SQL injection security hole.


 * Release 2.6
 * Fixed a login bug where MW was displaying an error the first time a user logged into it.
 * Now works with MW 9.2


 * Release 2.5
 * I made a change to the MySQL connection that might fix some of the issues people have been having.


 * Release 2.4
 * Better MySQL error reporting. More solid MySQL Query calls.


 * Release 2.3
 * phpBB usernames with an apostrophe in them will now work.


 * Release 2.2
 * Fixed a bug that was printing a SQL statment when called.


 * Release 2.1
 * Fixed a bug that was not letting preferences be saved.


 * Release 2.0
 * Works with MediaWiki 1.5.x
 * Fixed the dup name issues. The 1.5 release of MediaWiki added a new function to check for the correct casing of a name before adding it to the wiki database.
 * I test user names with a space in them and they seem to work fine too.
 * Added support for phpBB and the wiki being on two different servers/databases.
 * With the new release of MediaWiki 1.5, I was able to disable some template stuff.


 * Release 1.9
 * Now auto detects MySQL version and uses the correct query.
 * Ver 1.9 will work on both MySQL 4.0.x and 4.1.x


 * Release 1.7
 * Added the code to allow the admin to disable the phpBB wiki group requirement.


 * Release 1.5
 * MediaWiki forces all usernames into a first letter uppercase the rest lower case. (gotroot becomes Gotroot) This is ok until you have a user who has an uppercase letter in the middle of their name. (RetroFit becomes Retrofit) This can cause a problem when trying to Auth with the phpBB user table. I do not have a fix for this. (FIXED)

Community Contributions
Here are some contributions the community has made for this plug-in. They are custom changes that are not part of the plug-ins default code. If you have problems with the custom code below please contact the authors of those sections.

Additional security
The Plugin does not test if a phpBB account is active or not when granting access to the wiki. So anyone can get access even if the phpBB account is not active. In cases, where the access to the phpBB is limited by the administrator, an account that has not yet been allowed to the phpBB, should usually not be allowed to the wiki either. To reach that the Plugin should by default check the `user_type` column in the phpBB_user table and report an error, if the type was '1' (deactivated account) but grant access if the type is '0' (active account) or '2' (phpBB board Founder). Edit on line 328 on Auth_phpBB.php WHERE `username_clean` = '%s' to WHERE `username_clean` = '%s' AND `user_type` != 1 Now an account that is deactivated will not grant acces to the wiki either. Heinrich krebs 09:28, 5 October 2009 (UTC)

compatibility and no error-messages
Using this extension, there are a lot of error-messages in the log. So I decided to optimize the code. First there was the message: PHP Strict Standards:  Declaration of Auth_phpBB::modifyUITemplate should be compatible with AuthPlugin::modifyUITemplate(&$template, &$type) this is no big thing, I just extended the function with one more parameter (type), the code is still the same ;-)

Farther more, there was the message: PHP Deprecated:  mysql_connect: The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead So I optimized the code to use the mysqli-PHP-extension. All mysql-calls do have an mysqli-eqivalent, but the parameters are different...

Are you interested in the "new version" ? Please ask me... Wolfib 18:23, 23 October 2014 (UTC)

Suggested Alternative
I (Nicholas Dunnaway) have not updated Auth_phpBB in a few years. Here is a link to another SSO solution that is active as of April.10.2012. Extension:Phpbb_Single_Sign-On