Firefox PHP

Module: External Authentication

Posted by Joe Curia 
Guest mode for external authentication
May 07, 2009 01:00AM
Hi - I'm curious if anyone knows how to default to a guest mode, read-only, of the forum when external authetication fails?

I'm using the code below to authenticate a user based on their session data from their PEAR Auth session. If it fails, they get sent to the login page on my domain...where they have to authenticate with PEAR Auth before going into the forum.

But is there a way to enable guest mode, or some kind of read-only mode, if the authentication fails?

My apologies for the choppy code below...

Language: PHP
<?php   // Make sure that this script is loaded inside the Phorum environment. DO NOT // remove this line if (!defined("PHORUM")) return;   // If you need to run php code located in the external application';s server path // you can use the following code as an example   // no need to continue if the external app path is not set. if (empty($PHORUM["phorum_mod_external_authentication"]["app_path"])) return $session_data;   include_once("./include/api/user.php");   // save the working directory and move to the external application';s directory $curcwd = getcwd(); chdir($PHORUM["phorum_mod_external_authentication"]["app_path"]);   // include the necessary code from your external application // forum_inc.php check the authentication of PEAR Auth and // sets the name, username, and email address that gets used in Phorum include_once("/usr/www/users/mydomain/forum_inc.php");   // check for PEAR Auth if ($a->getAuth()) {   // get the session for the external application $session = (!empty($_COOKIE["external_app_session"])) ? $_COOKIE["external_app_session"] : $_SESSION["external_app_session"];   // get the user info from the external application session_name(';_authsession';); session_start(); $user_data = array("user_id"=> NULL, "username"=> $_SESSION["_authsession"]["username"], "email"=> $email, "password"=>md5(microtime()), "admin"=>0); session_name(';phorum_session_v5';); session_start();   // if there is no user data, then no need to continue if (empty($user_data)) { // change back to the Phorum directory chdir($curcwd); // clear the previous session in case the user logged out of the external application and Phorum login is disabled if (!empty($PHORUM["phorum_mod_external_authentication"]["disable_phorum_login"])) { $session_data[PHORUM_SESSION_LONG_TERM] = FALSE; $session_data[PHORUM_SESSION_SHORT_TERM] = FALSE; } return $session_data; }   //switch back to our working directory chdir($curcwd);   // get the api code for various user-related functions include_once("./include/api/user.php");   // it is best to use the external application';s username to authenticate to // Phorum as that should be unique and avoids the hassle of dealing with // Phorum';s serquential user_id assignment for new users $username = $user_data["username"];   // use the external username to get a Phorum user_id $user_id = phorum_api_user_search("username",$username);   // then get the Phorum user data from that user_id $phorum_user_data = phorum_api_user_get($user_id);   // if the Phorum user does not exist then we need to create them. // name, username, email - pulled from forum_inc.php if (empty($phorum_user_data)) { $phorum_user_data = array( // The user_id must be NULL to create a new user "user_id" => NULL, "username" => $username, "real_name" => $name, // by transferring the password, we are ensuring that the user will be // able to login if the admin enables Phorum login "password" => $user_data["password"], // Phorum requires an email. "email" => $user_data["email"], // By default, create a non-admin user. Admin status is handled later. "admin" => 0, "active" => PHORUM_USER_ACTIVE, );   // if the admin wants to automatically transfer admin status if (!empty($PHORUM["phorum_mod_external_authentication"]["transfer_admin_status"])) { // and the user is an admin in the external application, then make the // phorum user an admin. Please note this is just and example. Each // application may have a different way to establish admin status if ($user_data["admin"]) { $phorum_user_data["admin"] = 1; } } // create the new user and get the user_id with which to create a session. // Please note, most applications will give you the md5 of the user';s // password. The constant PHORUM_FLAG_RAW_PASSWORD tells Phorum that the // password is already in md5. If you need to create a user with a plain // text password, simply omit the second variable in this call $user_id = phorum_api_user_save($phorum_user_data, PHORUM_FLAG_RAW_PASSWORD);   // however, if the user exists but is not active, then we should not log them in } elseif (empty($phorum_user_data["active"])) { return $session_data; // or, if the user exists, then run some check on the user';s data } else { // if the extenal application user';s password has changed, update the phorum // user';s password if ($phorum_user_data["password"] != $user_data["password"]) { $phorum_user_data["password"] = $user_data["password"]; // save the updated user data, again with a preset md5 password $user_id = phorum_api_user_save($phorum_user_data,PHORUM_FLAG_RAW_PASSWORD); }   // if the admin wants to automatically transfer admin status and the // external user has been upgraded to admin, upgrade the phorum user, again // assuming the external application establishes admin status this way if ($user_data["admin"] && empty($phorum_user_data["admin"]) && !empty($PHORUM["phorum_mod_external_authentication"]["transfer_admin_status"])) { $phorum_user_data["admin"] = 1; // save the updates user data $user_id = phorum_api_user_save($phorum_user_data); // if the admin wants to automatically transfer admin status and the // external user has been downgraded from admin, downgrade the phorum user } elseif (!$user_data["admin"] && !empty($phorum_user_data["admin"]) && !empty($PHORUM["phorum_mod_external_authentication"]["transfer_admin_status"])) { $phorum_user_data["admin"] = 0; // save the updates user data $user_id = phorum_api_user_save($phorum_user_data); } }   //we have a legit user, so set there session info $session_data[PHORUM_SESSION_LONG_TERM] = $user_id; $session_data[PHORUM_SESSION_SHORT_TERM] = $user_id;   }   //Else not authenticated from PEAR Auth else { header("Location: http://www.mydomain.com/login.php"); } ?>
Re: Guest mode for external authentication
May 07, 2009 02:34AM
Well, you could simply change:
}
 
//Else not authenticated from PEAR Auth
else {
header("Location: [www.mydomain.com];);
}
to:
}
return $session_data;

There is no need for the redirect. If you return the empty $session_data variable the visitor will simply continue on as an anonymous visitor. Then whatever settings you have in set in the Default Settings and individual forum settings regarding access for non-authenticated visitors will be used.


Joe Curia (aka Azumandias)
Modules: l0Admin Mass Email00000000l000000Automatic Time Zones000ll.l00000Enhanced Custom Profiles0.00Google Calendar0000l.l000000Post Previews
000000000Admin Security Suite000000000000Check Modules for Upgrades0000External Authentication000000Group Auto-Email00000.00000Private Message Alerts
000000000Attachment Download Counter0000Custom Attachment Icons000ll.ll00Favorite Forums000000.00000Highlighted Search Terms0000Self-Delete Posts Option
000000000Attachment Watermarks0l00000000Custom Language Database00l.l.0Forum Lockdown00000.00000Ignore Forums0000000000000Threaded Tree View
000000000Automatic Message Pruning00.llll.00Easy Color Scheme Manager0l.l00Forum Subscriptions0000lll000Moderated User Group
Templates:lGeneric Integration000000000 0000Simple Rounded000000 00000000Tabbed Emerald
Re: Module: External Authentication
May 07, 2009 03:14AM
Quote
occdeveloper
I am trying to integrate Phorum into Moodle LMS. I have been able to grab my cookie and retrieve my username and email address from it. It does not use global session variables though. I would like to access my database from within the external authentication module to grab the rest of the user variables.

Whenever I try to access the MySQL database from within the script at this section of hook_user_session_restore // save the working directory and move to the external application's directory // I never can connect with my database connection script. It keeps giving me a resource ID# which is telling me it is trying to make a database connection but cannot access the data.

Is there a specific function or script that I could use to access the database from within the script. The funny thing is that Phorum and Moodle share the same database server and Phorum resides within my Moodle directory structure.

Once you have moved to the Moodle root directory, it looks like you will want to include the ./config.php and ./lib/moodlelib.php files and use the get_complete_user_data() function. Here is the description given for that function:
/**
 * Get a complete user record, which includes all the info
 * in the user record
 * Intended for setting as $USER session variable
 *
 * @uses $CFG
 * @uses SITEID
 * @param string $field The user field to be checked for a given value.
 * @param string $value The value to match for $field.
 * @return user A {@link $USER} object.
 */
function get_complete_user_data($field, $value, $mnethostid=null)
From that description and the username you have pulled from the session data, I would think this line should give you the needed user info:
require_once('config.php');
require_once('lib/moodlelib.php');
$moodle_user_info = get_complete_user_data("username",$session_username);

The config.php file pulls in the Moodle DB connection info and the moodlelib.php file has the needed function. Without proper testing and the time to browse through all of the moodle code, I can't promise that you don't need to include other files before you can call that function, but that seems to be enough. The $moodle_user_info should then be an array of the user's info.

I hope this helps point you in the right direction if nothing else. Good luck!


Joe Curia (aka Azumandias)
Modules: l0Admin Mass Email00000000l000000Automatic Time Zones000ll.l00000Enhanced Custom Profiles0.00Google Calendar0000l.l000000Post Previews
000000000Admin Security Suite000000000000Check Modules for Upgrades0000External Authentication000000Group Auto-Email00000.00000Private Message Alerts
000000000Attachment Download Counter0000Custom Attachment Icons000ll.ll00Favorite Forums000000.00000Highlighted Search Terms0000Self-Delete Posts Option
000000000Attachment Watermarks0l00000000Custom Language Database00l.l.0Forum Lockdown00000.00000Ignore Forums0000000000000Threaded Tree View
000000000Automatic Message Pruning00.llll.00Easy Color Scheme Manager0l.l00Forum Subscriptions0000lll000Moderated User Group
Templates:lGeneric Integration000000000 0000Simple Rounded000000 00000000Tabbed Emerald
Re: Guest mode for external authentication
May 07, 2009 04:25AM
Thank you for the help. I tried just returning the session_data as you suggested but now I'm getting a problem from common.php:

----
Warning: require_once(./include/templates.php) [function.require-once]: failed to open stream: No such file or directory in /usr/www/users/mydomain/forum/common.php on line 1467

Fatal error: require_once() [function.require]: Failed opening required './include/templates.php' (include_path='/usr/home/mydomain/pear/lib') in /usr/www/users/mydomain/forum/common.php on line 1467
----

I tried using set_include_path() to append my forum directory, but still no luck. I'm wondering if there are some other phorum functions I'm missing or if there is a conflict with my PEAR Auth session. Any ideas?
Re: Guest mode for external authentication
May 07, 2009 04:47AM
I'm sorry, the indents on the code you posted confused me a bit. I did not realize that the lines:
//switch back to our working directory
chdir($curcwd);
were within the "if ($a->getAuth()) {" clause. The correct version of what I posted earlier should be:
} else {
    chdir($curcwd);
}
return $session_data;


Joe Curia (aka Azumandias)
Modules: l0Admin Mass Email00000000l000000Automatic Time Zones000ll.l00000Enhanced Custom Profiles0.00Google Calendar0000l.l000000Post Previews
000000000Admin Security Suite000000000000Check Modules for Upgrades0000External Authentication000000Group Auto-Email00000.00000Private Message Alerts
000000000Attachment Download Counter0000Custom Attachment Icons000ll.ll00Favorite Forums000000.00000Highlighted Search Terms0000Self-Delete Posts Option
000000000Attachment Watermarks0l00000000Custom Language Database00l.l.0Forum Lockdown00000.00000Ignore Forums0000000000000Threaded Tree View
000000000Automatic Message Pruning00.llll.00Easy Color Scheme Manager0l.l00Forum Subscriptions0000lll000Moderated User Group
Templates:lGeneric Integration000000000 0000Simple Rounded000000 00000000Tabbed Emerald
Re: Module: External Authentication
May 07, 2009 05:13AM
Works great. Thanks for helping me out. I'll have to clean that code up a bit :)
Re: Module: External Authentication
May 07, 2009 04:34PM
Joe,

Thank you for responding so quickly, I really appreciate that.

What you had listed above I have tried in everyway possible. It would seem this would definitely be the way to pass the variables in. The main problem I am having though is when I require the config.php it requires the setup.php to configure the session $USER variable. Within this script is a error trigger that checks for access from inside the Moodle framework. Even though I am technically sitting within the root directory of the Moodle framework it does not see it that way and triggers this error whenever I try to include the config.php.

If I can just get around this issue it should allow the rest of the scripting to work without a problem. I have not been able to figure out how to correct this issue.

Thank you in advance for your help!



Edited 1 time(s). Last edit at 05/21/2009 05:57PM by Chris M..
Re: Module: External Authentication
May 07, 2009 05:09PM
Hmm, from the source code on the Moodle site, it looks like $CFG->wwwroot is set in the config.php file at line 74. Can you confirm that your config.php file has the wwwroot set (should be something like: $CFG->wwwroot = '[example.com];;).


Joe Curia (aka Azumandias)
Modules: l0Admin Mass Email00000000l000000Automatic Time Zones000ll.l00000Enhanced Custom Profiles0.00Google Calendar0000l.l000000Post Previews
000000000Admin Security Suite000000000000Check Modules for Upgrades0000External Authentication000000Group Auto-Email00000.00000Private Message Alerts
000000000Attachment Download Counter0000Custom Attachment Icons000ll.ll00Favorite Forums000000.00000Highlighted Search Terms0000Self-Delete Posts Option
000000000Attachment Watermarks0l00000000Custom Language Database00l.l.0Forum Lockdown00000.00000Ignore Forums0000000000000Threaded Tree View
000000000Automatic Message Pruning00.llll.00Easy Color Scheme Manager0l.l00Forum Subscriptions0000lll000Moderated User Group
Templates:lGeneric Integration000000000 0000Simple Rounded000000 00000000Tabbed Emerald
Re: Module: External Authentication
May 08, 2009 01:05AM
Joe,

If I can pass the cookie which holds the username over to the hook_user_session_restore.php script and I set that to $user_data. This is the hook_user_session_restore.php script contents:

Language: PHP
  1.  
  2. if (isset($_COOKIE["########t"])) {
  3. $cookie = rc4decrypt($_COOKIE["#########"]);
  4.  
  5. $user_data["username"] = $cookie;
  6.  
  7. // if there is no user data, then no need to continue
  8. if (empty($user_data)) {
  9. //echo "<br>no user data";
  10. // change back to the Phorum directory
  11. chdir($curcwd);
  12. // clear the previous session in case the user logged out of the external application and Phorum login is disabled
  13. if (!empty($PHORUM["phorum_mod_external_authentication"]["disable_phorum_login"])) {
  14. $session_data[PHORUM_SESSION_LONG_TERM] = FALSE;
  15. $session_data[PHORUM_SESSION_SHORT_TERM] = FALSE;
  16. }
  17. return $session_data;
  18. }
  19.  
  20. //switch back to our working directory
  21. chdir($curcwd);
  22.  
  23. // get the api code for various user-related functions
  24. include_once("./include/api/user.php");
  25.  
  26. // it is best to use the external application';s username to authenticate to
  27. // Phorum as that should be unique and avoids the hassle of dealing with
  28. // Phorum';s serquential user_id assignment for new users
  29. $username = $user_data["username"];
  30.  
  31. // use the external username to get a Phorum user_id
  32. $user_id = phorum_api_user_search("username",$username);
  33. // then get the Phorum user data from that user_id
  34. $phorum_user_data = phorum_api_user_get($user_id);
  35.  
  36. // if the Phorum user does not exist then we need to create them
  37. if (empty($phorum_user_data)) {
  38. $phorum_user_data = array(
  39. // The user_id must be NULL to create a new user
  40. "user_id" => NULL,
  41. "username" => $username,
  42. // by transferring the password, we are ensuring that the user will be
  43. // able to login if the admin enables Phorum login
  44. "password" => $user_data["password"],
  45. // Phorum requires an email. If the external application does not,
  46. // a fake email should be used.
  47. "email" => $user_data->email,
  48. // By default, create a non-admin user. Admin status is handled later.
  49. "admin" => 0,
  50. "active" => PHORUM_USER_ACTIVE,
  51. );

thank you again!



Edited 1 time(s). Last edit at 05/21/2009 05:59PM by Chris M..
Re: Module: External Authentication
May 08, 2009 02:23AM
Please attach your full hook_user_session_restore.php file as I would need to see it all to determine where the breakdown in the code appears. My guess is you have a missing closing bracket } somewhere in the code. I would start by making sure all your IF clauses are fully bracketed.


Joe Curia (aka Azumandias)
Modules: l0Admin Mass Email00000000l000000Automatic Time Zones000ll.l00000Enhanced Custom Profiles0.00Google Calendar0000l.l000000Post Previews
000000000Admin Security Suite000000000000Check Modules for Upgrades0000External Authentication000000Group Auto-Email00000.00000Private Message Alerts
000000000Attachment Download Counter0000Custom Attachment Icons000ll.ll00Favorite Forums000000.00000Highlighted Search Terms0000Self-Delete Posts Option
000000000Attachment Watermarks0l00000000Custom Language Database00l.l.0Forum Lockdown00000.00000Ignore Forums0000000000000Threaded Tree View
000000000Automatic Message Pruning00.llll.00Easy Color Scheme Manager0l.l00Forum Subscriptions0000lll000Moderated User Group
Templates:lGeneric Integration000000000 0000Simple Rounded000000 00000000Tabbed Emerald
Sorry, only registered users may post in this forum.

Click here to login