Extension:IPBAuth

How To
$wgGroupPermissions['*']['edit'] = false; $wgGroupPermissions['*']['createaccount'] = false;
 * Download and install MediaWiki
 * Open your LocalSettings.php file
 * Insert the following code at the end of the file, before the ?>:

require_once("extensions/AuthPlugin_IPB.php"); $wgAuth = new AuthPlugin_IPB; <?php
 * Copy this AuthPlugin_IPB.php file and put it in the wiki extensions directory, ie: extensions/AuthPlugin_IPB.php
 * 1) http://www.mediawiki.org/
 * 2) This program is free software; you can redistribute it and/or modify
 * 3) it under the terms of the GNU General Public License as published by
 * 4) the Free Software Foundation; either version 2 of the License, or
 * 5) (at your option) any later version.
 * 6) This program is distributed in the hope that it will be useful,
 * 7) but WITHOUT ANY WARRANTY; without even the implied warranty of
 * 8) MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * 9) GNU General Public License for more details.
 * 10) You should have received a copy of the GNU General Public License along
 * 11) with this program; if not, write to the Free Software Foundation, Inc.,
 * 12) 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 * 13) http://www.gnu.org/copyleft/gpl.html
 * 1) with this program; if not, write to the Free Software Foundation, Inc.,
 * 2) 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 * 3) http://www.gnu.org/copyleft/gpl.html

/** * Authentication plugin interface. Instantiate a subclass of AuthPlugin * and set $wgAuth to it to authenticate against some external tool. * * The default behavior is not to do anything, and use the local user * database for all authentication. A subclass can require that all * accounts authenticate externally, or use it only as a fallback; also * you can transparently create internal wiki accounts the first time * someone logs in who can be authenticated externally. * * This interface is new, and might change a bit before 1.4.0 final is * done... * * @package MediaWiki */

/** * Authenticate with IPB login * * 2007-02-18: v1.0 orginal by quekky *    - create the user in MW if it does not exist *    - set/unset the admin group in MW if the user is a admin in IPB *    - tested in IPB 2.1 * 2007-02-18: v1.1 modified by quekky *    - added support for 1.3 *    - fixed email setting in initUser */

require_once("AuthPlugin.php");

/* set to '2.1' or '1.3' */ define( 'IPB_VERSION', '2.1' );

class AuthPlugin_IPB extends AuthPlugin{

// Create a persistent DB connection var $ipb_database; var $passwordchange; /**	 * Init */	function AuthPlugin_IPB { global $wgDBserver, $wgDBuser, $wgDBpassword, $wgDBname; /*		 * set your settings here */		$dbhost = $wgDBserver; //$wgDBserver $dbusername = $wgDBuser; //$wgDBuser $dbpassword = $wgDBpassword; //$wgDBpassword $dbname = $wgDBname; //$wgDBname $this->ipb_prefix = 'ibf_'; //'ibf_' // set the usergroups for the administrators $this->admin_usergroups = Array(4); $this->user_rights = Array("sysop"); // set the usergroups for those who can edit the wiki $this->allowed_usergroups = Array(4,3,9); /*		 * end user settings */		$this->passwordchange = false; $this->ipb_database = mysql_pconnect($dbhost, $dbusername, $dbpassword); mysql_select_db($dbname, $this->ipb_database); }	/**	 * Check whether there exists a user account with the given name. * The name will be normalized to MediaWiki's requirements, so	 * you might need to munge it (for instance, for lowercase initial	 * letters). *	 * @param $username String: username. * @return bool * @public */	function userExists( $username ) { $username = addslashes($username); if(IPB_VERSION == '1.3') { $ipb_find_user_query = "SELECT mgroup FROM {$this->ipb_prefix}members WHERE lower(name)=lower('{$username}') AND (restrict_post='0' OR restrict_post=null)"; }		if(IPB_VERSION == '2.1') { $ipb_find_user_query = "SELECT mgroup FROM {$this->ipb_prefix}members WHERE lower(name)=lower('{$username}') AND (restrict_post='0' OR restrict_post=null)"; }		$ipb_find_result = mysql_query($ipb_find_user_query, $this->ipb_database); // make sure that there is only one person with the username if (mysql_num_rows($ipb_find_result) == 1) { $ipb_userinfo = mysql_fetch_assoc($ipb_find_result); mysql_free_result($ipb_find_result); // Only registered and admins. Banned and unregistered don't belong here. if (in_array($ipb_userinfo['mgroup'], $this->allowed_usergroups)) { return true; }		}		// if no one is registered with that username, or there are more than 1 entries // or they have illegal characters return FALSE (they do not exist) return false; }

/**	 * Check if a username+password pair is a valid login. * The name will be normalized to MediaWiki's requirements, so	 * you might need to munge it (for instance, for lowercase initial	 * letters). *	 * @param $username String: username. * @param $password String: user password. * @return bool * @public */	function authenticate( $username, $password ) { $username = addslashes($username); $password = addslashes($password); if(IPB_VERSION == '1.3') { $ipb_find_user_query = "SELECT mgroup FROM {$this->ipb_prefix}members WHERE lower(name)=lower('{$username}') AND password = MD5('{$password}')"; }		if(IPB_VERSION == '2.1') { $ipb_find_user_query = "SELECT mgroup FROM {$this->ipb_prefix}members m, {$this->ipb_prefix}members_converge c WHERE m.id=c.converge_id AND lower(name)=lower('{$username}') AND converge_pass_hash = MD5(CONCAT(MD5(converge_pass_salt),MD5('{$password}')))"; }		$ipb_find_result = mysql_query($ipb_find_user_query, $this->ipb_database); if (mysql_num_rows($ipb_find_result) == 1) { $ipb_userinfo = mysql_fetch_assoc($ipb_find_result); mysql_free_result($ipb_find_result); // Only registered and admins. Banned and unregistered don't belong here. if (in_array($ipb_userinfo['mgroup'], $this->allowed_usergroups)) { $this->passwordchange = true; return true; }		}		return false; }

/**	 * When a user logs in, optionally fill in preferences and such. * For instance, you might pull the email address or real name from the * external user database. *	 * The User object is passed by reference so it can be modified; don't	 * forget the & on your function declaration. *	 * @param User $user * @public */	function updateUser( &$user ) { $username = addslashes($user->getName); if(IPB_VERSION == '1.3') { $ipb_find_user_query = "SELECT mgroup, email, name realname FROM {$this->ipb_prefix}members WHERE lower(name)=lower('{$username}')"; }		if(IPB_VERSION == '2.1') { $ipb_find_user_query = "SELECT mgroup, mgroup_others groupids, email, members_display_name realname FROM {$this->ipb_prefix}members WHERE lower(name)=lower('{$username}')"; }		$ipb_find_result = mysql_query($ipb_find_user_query, $this->ipb_database); // make sure that there is only one person with the username if (mysql_num_rows($ipb_find_result) == 1) { $ipb_userinfo = mysql_fetch_assoc($ipb_find_result); mysql_free_result($ipb_find_result); $user->setEmail($ipb_userinfo['email']); $user->confirmEmail; $user->setRealName($ipb_userinfo['realname']); // go through the users member groups to see if one of them is administrative $user_membergroups = explode(",", $ipb_userinfo['groupids']); $admin_secondary = FALSE; for ($x = 0; $x < count($user_membergroups); $x++) { if (in_array($user_membergroups[$x], $this->admin_usergroups)) $admin_secondary = TRUE; }			if (in_array($ipb_userinfo['mgroup'], $this->admin_usergroups) || $admin_secondary === TRUE) { // if a user is not a sysop, make them a sysop if (!in_array("sysop", $user->getEffectiveGroups)) { $user->addGroup('sysop'); $user->saveSettings; return TRUE; }			}			// if the user is not an administrator, but they were, and they are still a sysop, remove their sysop status if (!in_array($ipb_userinfo['mgroup'], $this->admin_usergroups) && $admin_secondary === FALSE) { if (in_array("sysop", $user->getEffectiveGroups)) { $user->removeGroup('sysop'); $user->saveSettings; return TRUE; }			}			$user->saveSettings; return true; }		return false; }

/**	 * Return true if the wiki should create a new local account automatically * when asked to login a user who doesn't exist locally but does in the * external auth database. *	 * If you don't automatically create accounts, you must still create * accounts in some way. It's not possible to authenticate without * a local account. *	 * This is just a question, and shouldn't perform any actions. *	 * @return bool * @public */	function autoCreate { return true; }

/**	 * Can users change their passwords? *	 * @return bool */	function allowPasswordChange { return $this->passwordchange; }

/**	 * Set the given password in the authentication database. * As a special case, the password may be set to null to request * locking the password to an unusable value, with the expectation * that it will be set later through a mail reset or other method. *	 * Return true if successful. *	 * @param $user User object. * @param $password String: password. * @return bool * @public */	function setPassword( $user, $password ) { return true; }

/**	 * Update user information in the external authentication database. * Return true if successful. *	 * @param $user User object. * @return bool * @public */	function updateExternalDB( $user ) { return false; }

/**	 * Check to see if external accounts can be created. * Return true if external accounts can be created. * @return bool * @public */	function canCreateAccounts { return false; }

/**	 * Add a user to the external authentication database. * Return true if successful. *	 * @param User $user * @param string $password * @return bool * @public */	function addUser( $user, $password ) { return false; }

/**	 * Return true to prevent logins that don't authenticate here from being * checked against the local database's password fields. *	 * This is just a question, and shouldn't perform any actions. *	 * @return bool * @public */	function strict { return true; }

/**	 * When creating a user account, optionally fill in preferences and such. * For instance, you might pull the email address or real name from the * external user database. *	 * The User object is passed by reference so it can be modified; don't	 * forget the & on your function declaration. *	 * @param $user User object. * @public */	function initUser( &$user ) { $username = addslashes($user->getName); if(IPB_VERSION == '1.3') { $ipb_find_user_query = "SELECT email, name realname FROM {$this->ipb_prefix}members WHERE lower(name)=lower('{$username}')"; }		if(IPB_VERSION == '2.1') { $ipb_find_user_query = "SELECT email, members_display_name realname FROM {$this->ipb_prefix}members WHERE lower(name)=lower('{$username}')"; }		$ipb_find_result = mysql_query($ipb_find_user_query, $this->ipb_database); // make sure that there is only one person with the username if (mysql_num_rows($ipb_find_result) == 1) { $ipb_userinfo = mysql_fetch_assoc($ipb_find_result); mysql_free_result($ipb_find_result); $user->setEmail($ipb_userinfo['email']); $user->confirmEmail; $user->setRealName($ipb_userinfo['realname']); $user->saveSettings; }	}

/**	 * If you want to munge the case of an account name before the final * check, now is your chance. */	function getCanonicalName( $username ) { return $username; } }

?> html('link') ?> add this line Please Login with your Forum user name, or Register here
 * Optional, edit includes/templates/Userlogin.php and under

Change Log

 * v1.0
 * - create the user in MW if it does not exist
 * - set/unset the admin group in MW if the user is a admin in IPB
 * - tested in IPB 2.1
 * v1.1
 * - added support for 1.3
 * - fixed email setting in initUser

= Alternative solution = An alternative Invision Power Board Authentication plugin is available from www.ipbwiki.com, there's a free version available which handles login integration and a paying version which provides skin integration, bbcode support, etc...