NZEYIMANA Emery Fabrice

After googling around for a plug-in to help me authenticate PHPBB3 forums against an already existing web application and finding none, I decided to write my own. I modelled it to auth_db and auth_apache and named it auth_dbext as short for authentication using DB from external source (external to PHPBB Database).

I am sharing it with others who might have a similar need and of course any improvements are welcome.

I have not implement some optional parts (see http://wiki.phpbb.com/Authentication_plugins for more info)

The login code is in the function (The full source code is at auth_dbext.phps)

[code lang="php"]
/**
* Login function
*/
function login_dbext(&$username, &$password)
{
global $db;

// do not allow empty password
if (!$password)
{
return array(
'status' => LOGIN_ERROR_PASSWORD,
'error_msg' => 'NO_PASSWORD_SUPPLIED',
'user_row' => array('user_id' => ANONYMOUS),
);
}

if (!$username)
{
return array(
'status' => LOGIN_ERROR_USERNAME,
'error_msg' => 'LOGIN_ERROR_USERNAME',
'user_row' => array('user_id' => ANONYMOUS),
);
}

/////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Note: on my systems, I include these following lines from an external file that is not web-accessible
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
$db_host = "localhost"; // Here goes the MySQL server address, hostname or IP
$db_user = "username"; // Here goes the MySQL user allowed to read the table below (GRANT SELECT ON ....)
$db_password = "passwd"; // Here should go the password associated with the above user
$db_database = "dbName"; // Here goes the Database containing the table below
$db_table = "tblUsers"; // Here will goes the table list users allowed to login into PHPBB
////////////////////////////////////////////////////////////////////////////////////////////////////////////
$col_username = "username";
$col_password = "password";
$hashMethod = "sha1"; // Can be one of: md5, sha1, plain
// In case you choose to use a non-standard hashing function, be
// sure to change below where the $hashedPassword variable is created

$objMySqli = new mysqli($db_host, $db_user, $db_password, $db_database);

/* check connection */
if (mysqli_connect_errno())
{
return array(
'status' => LOGIN_ERROR_EXTERNAL_AUTH ,
'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH ',
'user_row' => array('user_id' => ANONYMOUS),
);
}

// Check the User/Password
if($hashMethod == 'sha1')
{
$hashedPassword = sha1($password);
} elseif($hashMethod == 'md5') {
$hashedPassword = md5($password);
} else {
$hashedPassword = $password;
}
$sql =
"SELECT 11 as ID
FROM " . $db_table . "
WHERE
" . $col_username . " = '" . mysqli_real_escape_string($username) . "' AND
" . $col_password . " = '" . mysqli_real_escape_string($hashedPassword) . "'
";

if ( $result = $objMySqli->query($sql) )
{
if ( $result->num_rows <= 0 )
{
return array(
'status' => LOGIN_ERROR_USERNAME,
'error_msg' => 'LOGIN_ERROR_USERNAME',
'user_row' => array('user_id' => ANONYMOUS),
);
}

$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . "
WHERE username = '" . $db->sql_escape($username) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);

if ($row)
{
// User inactive...
if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
{
return array(
'status' => LOGIN_ERROR_ACTIVE,
'error_msg' => 'ACTIVE_ERROR',
'user_row' => $row,
);
}

// Successful login...
return array(
'status' => LOGIN_SUCCESS,
'error_msg' => false,
'user_row' => $row,
);
}

// this is the user's first login so create an empty profile
return array(
'status' => LOGIN_SUCCESS_CREATE_PROFILE,
'error_msg' => false,
'user_row' => user_row_dbext($username, sha1($password)),
);
} else {
// TODO: Handle this situation
}

// Not logged in using the external DB
return array(
'status' => LOGIN_ERROR_EXTERNAL_AUTH,
'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH',
'user_row' => array('user_id' => ANONYMOUS),
);
}
[/code]

To use this plugin, copy it to the directory /includes/auth/ (the file should be /includes/auth/auth_dbext.php ) in your PHPBB3 install location. This file can be downloaded at auth_dbext.php (ZIP) or view a highlighted source file at auth_dbext.phps

Clément Says:
November 3rd, 2010 at 16:22

merci de partager.
Justement le wiki du phpBB n’est pas assez clair sur l’implémentation du plugin d’authentification. Mukomere!!!

Deji Says:
November 1st, 2012 at 10:57

This is what I using the code, after using appropriate database name, username, password, host name:
“General Error
Authentication method not found”

Anyway help will be appreciated.

Thanks.

NZEYIMANA Emery Fabrice Says:
November 4th, 2012 at 15:39

Hello Deji, I have no idea what the problem is. Let me know which version you are using and I will try and see if I can find out and help.

pht Says:
November 12th, 2012 at 10:03

Hello, Deji

Most probably you have not changed the default authentication method or wrongly spelled it’s name while setting up the method
using ACP. In PHPBB the function names are
based on the authentication method name, i.e.
if you have set the authentication method name
as ‘dbext’ the name of the login method you need to implement in the file named ‘auth_dbext.php’ should be ‘login_dbext’.

Kyle Says:
November 12th, 2012 at 20:11

Hey, I like this script! It does not work on the latest version of phpBB, I was wondering if you could help?

I love the blog!

Kyle Says:
November 12th, 2012 at 20:35

Wait! Found problem, was using MySQL instead of MySQLi extension.

Thank you so much for your great code!

NZEYIMANA Emery Fabrice Says:
November 12th, 2012 at 20:54

Happy to see that the code is still functioning and useful 3+ years after it was published here

Authentication Plug-in for PHPBB using External MySQL Table Source

7 Responses to “Authentication Plug-in for PHPBB using External MySQL Table Source”

Archived Entry