Admin Authentication

I am trying to make it so the site owner has only Publisher level access in Mambo and admin access in Phorum. In trying to accomplish this I somehow lost admin access to Phorum altogether. I have tried to reset the table values as they were but access still fails. I am lost in cookies, login access from Mambo, and admin setting in the Phorum DB. I have noticed that syncuser.php resets the admin setting in the phorum._users, making me assume that the settings are somehow based on the settings in the mos_users table in Mambo.

First, how do I get my admin access back in Phorum? Next, how can I make it so the site owner log into Mambo and give him admin access to Phorum?

Also, I have, on occasion, noticed that an error is generated after login stating (paraphrased) that id #i does not exist in the users table and that syncuser needs to be run. Under what conditions would this error be generated?

UPDATE: The exact error is:
No user data found for user id **. The master application for Phorum probably did not synchronize the user data.

TIA!



Edited 1 time(s). Last edit at 02/26/2007 02:14PM by webdr.

The connector.php in embed_phorum/connectors/mambo/connector.php is the file to look at. That one syncs the users from mambo to phorum. An interesting part for you is:

            $syncuser = array
            (
                "user_id"      => $mambo_user->id,
                "username"     => $data[0]->username,
                "email"        => $data[0]->email,
                "real_name"    => $data[0]->name,
                "admin"        => $data[0]->usertype == 'Super Administrator' ? 1 : 0,

There, the admin flag is set to a true value for the synchronized Phorum user. Just before that, the user data is selected from the database using an SQL query. You'll have to check whether your user type is 'Super Aministrator' or something else. If you need users from a different type to be admin in Phorum, then you'll have the assignment of the admin field for Phorum here.

---

Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce

Thanks, Maurice. That took care of getting the admin value to not change. Still have the other two problems though.

The user data is not sync'ing and I cannot log into the admin interface via admin.php. With the latter all I get is the admin log over and over, no matter what I enter into the username and password fields. No error, just no access.

Any idea of why these would fail?

User data not syncing and not being able to login could be the same problem. If the admin if synced from Mambo with the username, password and admin flag set to 1, then you should be able to login.

If you take a look at the database, do you see the mambo users there? And does the amin field for the admin look okay? Also, the password for the admin should be set. For others it is okay if it's empty.

---

Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce

In the phorum_users table, do you have a (unique) record for the administrator? The contents of the admin field for this user should be 1. If the user logging in is not an admin, there is no message generated, you just go back to the empty login page.

Yes, it was the same problem, more or less. I hacked the code in Mambo to create a special phorum usertype and mucked up the code in syncuser.php evaluating that usertype. I tracked down the bug and killed it. :-)

I have made so many hacks on this system, I should have just coded the entire thing from scratch. The problem with hacks is that updates are really frustrating.

Thanks for your patience and assistance!

Then tell us what you had to hack to get embed_phorum working for you in the way you wanted. If it are things that I can handle from the module cleanly, then they can be added it there, so your upgrade path will be easier.

---

Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce

OK, in connector.php I added a line and modified one:

"user_id" => $mambo_user->id,
"username" => $data[0]->username,
"email" => $data[0]->email,
"real_name" => $data[0]->name,
"admin" => ($data[0]->usertype == 'Super Administrator' || $data[0]->usertype == 'Publisher') ? 1 : 0, // allows Publisher type to be admin
//checks for phorum user type so that
//registered users of Mambo must register separately
"phorum_user" => $data[0]->usertype == 'phorum' ? 1 : 0,

In syncuser.php:
// No user found. Add the user.
else
{
// Is user a phorum user? If not, do not add.
if (!$syncuser["phorum_user"]) {
return;
}

phorum_user_add($syncuser);
}

I still need to code an error message to let registered Mambo users know they need to register independently of Mambo. The syncuser failure error really should never apply.

I also did a couple hacks on com_register and com_login components in Mambo to allow for separate signups and logins, though these do not really affect anything with Phorum except for the phorum usertype.

It would be more useful if Phorum and Mambo shared the same users table and Phorum still used the Phorum login and signup templates, though I can see some security issues which should be addressed.

Quote

It would be more useful if Phorum and Mambo shared the same users table

That would not make the solution very generic, since every system will have different tables in different databases (if there are databases at all, since the user auth might be coming from other sources like plain text files, htaccess password chekcs, /etc/passwd, LDAP, etc.).

You users shouldn't need to register separately for Phorum. The whole idea is to make Phorum slave of Mambo (I'm not sure if you meant this, but it sounds like this because users "need to register independently").

If you do not add the user from the connector, then do you also not return a user from the get_user_id() method in the connector? If you still return a user id there, even if the user is not a phorum user, then I can imagine why you'd get error messages. What you tell by returning a user id in the method is "Dear Phorum, please asume that user id [X] is logged in on the system". But if user id [X] is not available, because you did not sync the user to Phorum, then you'll get the error message "No user data found for user id **. The master application for Phorum probably did not synchronize the user data." for sure.

---

Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce

I do not question the intent of the component and the development rationale. However, in my case, the site owner absolutely needs separate usertypes for Phorum and Mambo. Under normal circumstances I would much rather not have to hack another developer's code, especially code which is subject to frequent updates.

As much as I may bemoan the extra work, I still get paid for it. ;-)