I have checked this now, and apparently a lot has changed in the forum software. The login via phpbb worked like this:
- first, it checked whether there was already a wiki account.
- if not, it checked via calls to phpbb whether the user exists, and the password is correct.
- it then created a new wiki account for that user
The password check was completely outdated, so it could only allow users who already had a wiki account before the process was updated.
I have now modified AuthPhpbb.php to work with current phpbb. Please try logging in now!
Here is the modified source code:
Code: Select all
<?php
# Changed by Christian Ghisler, 23.5.2021:
# Support for phpbb 3.3, checkk password via passwords_manager->check
# Changed by Christian Ghisler, 10.6.2013:
# User account must be enabled
# User account must be older than 2 weeks
# User must have at least 1 forum post
#
# Copyright (C) 2004 Brion Vibber <brion@pobox.com>
# http://www.mediawiki.org/
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
# http://www.gnu.org/copyleft/gpl.html
define('IN_PHPBB', true);
$phpbb_root_path = '../board/';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
require_once($phpbb_root_path . 'config.php');
include($phpbb_root_path . 'common.' . $phpEx);
global $request;
$request->enable_super_globals();
class PHPbbAuth extends AuthPlugin {
function PHPbbAuth() {
$sqlrow = 0;
}
function queryPhpbbMysql($username) {
global $dbhost, $dbuser, $dbpasswd, $dbname, $table_prefix;
$link = mysqli_connect($dbhost,$dbuser,$dbpasswd,$dbname);
if (mysqli_connect_errno())
{
print "Failed to connect to MySQL: " . mysqli_connect_error();
}
//mysql_select_db($dbname, $link) or die( "Unable to select user database for phpbb authentication" .
// $dbhost . "," . $dbuser . "," . $dbpasswd . "," . $dbname );
$query="SELECT * FROM " . $table_prefix . "users WHERE LOWER(username) =
'" . strtolower($username) . "'";
$result = mysqli_query($link, $query);
$sqlrow = 0;
if($result)
{
$sqlrow = mysqli_fetch_array($result);
mysqli_free_result($result);
}
mysqli_close($link);
if ($sqlrow['username']=='') {
print "User name not found or forbidden characters in user name!";
return null;
}
if ($sqlrow['user_type']==1) {
print "Account is disabled, sorry!";
return null;
}
if ($sqlrow['user_posts']==0) {
print "Only users with at least one post in the forum are allowed to write here!";
return null;
}
$user_age = time() - $sqlrow['user_regdate'];
if ($user_age) {
if ($user_age<=86400*14) {
print "Account too young, you must be registered for 14 days or more!";
return null;
}
}
return $sqlrow;
}
/**
* Check whether there exists a user account with the given name.
* The name will be normalized to MediaWiki's requirements, so
* you might need to munge it (for instance, for lowercase initial
* letters).
*
* @param string $username
* @return bool
* @access public
*/
function userExists( $username ) {
# Override this!
$sqlrow=$this->queryPhpbbMysql($username);
if ($sqlrow)
return true;
return false;
}
/**
* Check if a username+password pair is a valid login.
* The name will be normalized to MediaWiki's requirements, so
* you might need to munge it (for instance, for lowercase initial
* letters).
*
* @param string $username
* @param string $password
* @return bool
* @access public
*/
function authenticate( $username, $password ) {
# Override this!
global $phpbb_container,$phpbb_root_path,$phpEx,$user,$request,$auth;
$sqlrow=$this->queryPhpbbMysql($username);
if ($sqlrow) {
$request->enable_super_globals();
$passwords_manager = $phpbb_container->get('passwords.manager');
if ($passwords_manager->check($password, $sqlrow['user_password']))
return true;
}
return false;
}
/**
* Return true if the wiki should create a new local account automatically
* when asked to login a user who doesn't exist locally but does in the
* external auth database.
*
* If you don't automatically create accounts, you must still create
* accounts in some way. It's not possible to authenticate without
* a local account.
*
* This is just a question, and shouldn't perform any actions.
*
* @return bool
* @access public
*/
function autoCreate() {
return true;
}
/**
* Return true to prevent logins that don't authenticate here from being
* checked against the local database's password fields.
*
* This is just a question, and shouldn't perform any actions.
*
* @return bool
* @access public
*/
function strict() {
return false; // otherwise requesting a new password doesn't work
}
/**
* When creating a user account, optionally fill in preferences and such.
* For instance, you might pull the email address or real name from the
* external user database.
*
* The User object is passed by reference so it can be modified; don't
* forget the & on your function declaration.
*
* @param User $user
* @access public
*/
function initUser( &$user, $autocreate = false ) {
$sqlrow=$this->queryPhpbbMysql($user->mName);
if ($sqlrow) {
$mail = $sqlrow['user_email'];
$user->mEmail = $mail;
}
}
public function allowPasswordChange() {
return false;
}
public function allowSetLocalPassword() {
return false;
}
public function updateExternalDB( $user ) {
return true;
}
}
?>