Authentification

I don't think that that is what chanh means. He's talking about POP3, which means that the credentials would be the mailbox' username + password. The e-mailaddress is something completely different from that. This POP3 solution would be very useful for forums that have to integrate with a mail server. So what you would do is tell Phorum that it can check the credentails by trying to startup a POP3 session on a configured POP3 server. Mind that this setup is one you would run against a single POP3 server. This is in no way a system to use for public access.

---

Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce

Well, it is not entirely what I mean.

For example let say you want anybody with Gmail account can use your forum then you will create a authencation call to pop3.gmail.com to authenticate the user when the user type in johndoe@gmail.com in the login box and their password in the password box then phorum will make a call to pop3.gmail.com to get the status whether this user with this password is valid if yes then phorum will check against phorum table to see if this user already there if not add this user and somehow keep track of the fact that he is login using gmail credential so that next time he login again phorum don't have to create again but just go to pop3.gmail.com to get his cridential.

I hope that explain this pop3 a little.

Thanks

[opensourceCMS.com]
[ongetc.com]
Chanh Ong

That is about the way that I explained it. You only seem to want to be able to have users authenticate against multiple POP3 servers, even those that you do not maintain (I doubt that you are the maintainer of the Gmail POP3 servers ;-). I think it's evil to let people fill in their real POP3 credentials for a forum in case you are not the owner of the POP3 credentials. How can I tell that you are not using my Gmail POP3 credentials for reading my mail over there? I can't. You could as well be harvesting pop3-credentials for evil causes.

The only sane setup for this is therefore: Phorum checks credentails agains a pre-configured POP3-server, which is under your control. Of course you could setup this system to pre-configure pop3.gmail.com as the POP3 server to use for checking. In that case, I hope that the forum users are security minded enough to know that they shouldn't give up their secret credentials to a non-related website.

---

Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce

You are right but I just pick Gmail as an example but the real use would be for intranet. Let say I want to set up phorum to be used inside our network and let anyone in our enterpise with a valid email to use our phorum so I just allow anyone with our email address to login.

Obviously everyone will trust the intranet site and enter their email account and password. That is what I use to authenticate my user in my intranet site for my web application. I can not afford to maintain several teen thousands of users.

[opensourceCMS.com]
[ongetc.com]
Chanh Ong

I also want to add the reason why I mention using POP3 as an external authentication method is it is the most simple form of external authetication and once the underline logic is in place then it is just a matter of adding other form of external authentication like LDAP, Mambo or any other external applications. All it needs is coding the method on how to make the call to which server of method.

POP3 and LDAP will be great for enterprise site and application and exteranl CMS or other package will be great for public site.

If phorum has this feature this will open the flood gate for phorum to be adopt by many people since there is virtually no forum package out there that support this feature. Forum is a must to have but also it needs to be flexible to be able to integrate well with other apps.

PS: I must add that phorum is the first developers I encounter that are open minded to make your application to be integrated well with other apps which I and many people like me are appreciate.

[opensourceCMS.com]
[ongetc.com]
Chanh Ong



Edited 1 time(s). Last edit at 01/28/2006 11:07AM by chanh.

chanh, since you are talking about integration on an intranet POP3 layer, we are talking about exactly the same thing :) I think it's an interesting idea, that could be implemented by using the synchronization module that I'll write for my own website.

---

Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce

I will love to do some testing when you have something to release.

Thanks

[opensourceCMS.com]
[ongetc.com]
Chanh Ong

So, I see two different ideas here. Mine is transparent integration with other apps. I don't see why you have to log in twice if the apps are on the same web site.

Your idea is external authentication where users would still have to log in to the Phorum, but would be authenticated against some external system, most likely using a module.

Frankly, the latter is much simpler. A single hook in include/user.php could handle that.

How does this sound for a hook:

receives the user and password typed into the login form.
the module would do whatever it needed to check the user, attempt to retrieve their user_id from the Phorum system using phorum_user_check_field(). If they don't exist, add them via phorum_user_add(). In the end, return the user_id of the user in the Phorum system.

Is that too complicated for this module? I think it needs to be up to the module to know how to identify the user. could be username, email, or the external system may know the user_id.

Brian - Cowboy Ninja Coder - Personal Blog - Twitter

Yes, it is two separate idea here that I am suggesting.

One is to be able to integrate into our site or any site that want to use phorum. In our case would be Mambo but it can be MODx or anything else. This idea is to help me and anyone that want to integrate phorum into their web site. I also need to have a way to migrate all posts and subforum into phorum.

How big of a project is the above wishes?

The second is using phorum as the only application for the site and will use phorum as the frontend to allow user to login to phorum login form and phorum will authenticate user credential to external source whether it is POP3, LDAP or whatever else that might be. This idea is for phorum extensability!

You idea on using the module for this is perfect!

Thanks

[opensourceCMS.com]
[ongetc.com]
Chanh Ong



Edited 1 time(s). Last edit at 01/28/2006 07:01PM by chanh.

Quote
brianlmoon
So, I see two different ideas here. Mine is transparent integration with other apps. I don't see why you have to log in twice if the apps are on the same web site.

I would like to learn more about your idea on this "transparent integration" with other apps.

How is it be done?
I would love to use this for my sites!

PS: I take a look at the Wordpress integration at the blog site and it is just a hack to extract the information from the cookie to do the autologin to phorum. I like the sounding of your idea better.

Thanks

[opensourceCMS.com]
[ongetc.com]
Chanh Ong



Edited 1 time(s). Last edit at 01/29/2006 02:08AM by chanh.