Tuesday, January 6th 2009, 4:37am UTC+1

You are not logged in.

  • Login
  • Register

[Guide] Access to WBB3 User database using Joomla!

Dear visitor, welcome to WoltLab Community Forum. If this is your first visit here, please read the Help. It explains how this page works. You must be registered before you can use all the page's features. Please use the registration form, to register here or read more information about the registration process. If you are already registered, please login here.

esi

Trainee

Posts: 25

1

Wednesday, February 13th 2008, 4:05pm

[Guide] Access to WBB3 User database using Joomla!

I just figured out a way to access Woltlab forums user database using Joomla and thought it might be a good idea to share it here
after following this guide you will be able to link user authentication of Joomla with WBB forum

- first you need to download MySQL Auth extention for Joomla
- install the component and the module (don't forget to activate the module after installation)
- in Administration page of Joomla, Select SQL Auth from Components menu
- in the settings page enter your forums database host and user information (for security reasons I suggest make a secondary user with only READ access to your forum's database)

for 'Getuserinfo query', enter the following line

MySQL queries

 
1

SELECT userID, username AS name, username AS username, email, salt FROM wcf1_user WHERE username='%{user}' and password=SHA1(CONCAT(salt, SHA1(CONCAT(salt, SHA1('%{pass}')))))


Note:
using the default MySQL Auth component, cookies are not working properly and you need to login two times in order to actually login, however it's not a big deal I can probably find a way to fix this problem (or maybe someone else can provide a customized version of MySQL Auth faster than I do)

Regards,
esi
  • Go to the top of the page

esi

Trainee

Posts: 25

2

Friday, February 15th 2008, 6:08am

update:

fix for cookies problem, now when you login to Joomla, you will be also logged-in in WBB
this is a quick how to, but a technical one I'll probably release a separate Joomla bridge soon :)

create wbb_uid, wbb_psw and wbb_salt fields in joomla users table in database

then change Getuserinfo_query to

MySQL queries

 
1

SELECT userID, username AS name, username AS username, email, salt FROM wcf1_user WHERE username='%{user}' and password=SHA1(CONCAT(salt, SHA1(CONCAT(salt, SHA1('%{pass}')))))


replace content of "sqlauth.php" file which is under /components/com_sqlauth/ folder with following code

PHP Source code

 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250

<?php

/**********************\
File : sqlauth.php
Created : 
Updated : 
Author : 
Function : 
Comments : 

\**********************/


function sqlauth_get_config() {
global $database;
//get config
$query "SELECT *"
"\n FROM #__sqlauth"
;
$database->setQuery$query );
if(!$result $database->query()) {
echo $database->stderr();
return;
}
$rows $database->loadObjectList();

$array_cfg = array();
foreach ($rows as $row ) {
$array_cfg[$row->name] = $row->value;
}

Return $array_cfg;

}
function sqlauth_auth($username$password) {
global $mosConfig_absolute_path;

$config sqlauth_get_config();


global $mosConfig_absolute_path;

$db = new database($config['sqlauth_dbhost'], $config['sqlauth_user'], $config['sqlauth_password'], $config['sqlauth_dbname']);

$sql stripslashes($config['sqlauth_getuserinfo']);
$sql str_replace('%{user}'addslashes($username),$sql);
$sql str_replace('%{pass}'addslashes($password),$sql);

$db->setQuery$sql );
if ($db->loadObject$row )) {
Return $row;
} else {
Return false;
}
}




function sqlauth_login$username=null,$passwd=null$remember=null ) {
global $acl$mosConfig_absolute_path$database $mainframe$my;
global $_VERSION$_COOKIE,$_POST;

// if no username and password passed from function, then function is being called from login module/component
if (!$username || !$passwd) {
$username strvalmosGetParam$_POST'username''' ) );
$password mosGetParam$_POST'passwd''' );
$passwd md5$password );
$bypost 1;
// extra check to ensure that Joomla! sessioncookie exists
if (!$mainframe->_session->session_id) {
mosErrorAlert_ALERT_ENABLED );
return;
}

josSpoofCheck(NULL,1);
}
if (!$username || !$passwd) {
mosErrorAlert_LOGIN_INCOMPLETE );
exit();
} else {
$row null;
if ( $remember && strlen($username) == 32 && strlen($passwd) == 32 && $userid ) {
// query used for remember me cookie --modified by esi
$harden mosHash( @$_SERVER['HTTP_USER_AGENT'] );

$query "SELECT id, name, username, password, usertype, block, gid, wbb_uid, wbb_psw, wbb_salt"
"\n FROM #__users"
"\n WHERE id = " . (int) $userid
;
$database->setQuery$query );
$database->loadObject($user);

$check_username md5$user->username $harden );
$check_password md5$user->password $harden );

if ( $check_username == $username && $check_password == $passwd ) {
$row $user;
}
} else {
// query used for login via login module --modified by esi
$query "SELECT id, name, username, password, usertype, block, gid, wbb_uid, wbb_psw, wbb_salt"
"\n FROM #__users"
"\n WHERE username = "$database->Quote$username )
. "\n AND password = "$database->Quote$passwd )
;
$database->setQuery$query );
$database->loadObject$row );
}

if (is_object$row )) {
// user blocked from login
if ($row->block == 1) {
mosErrorAlert(_LOGIN_BLOCKED);
}

// fudge the group stuff
$grp $acl->getAroGroup$row->id );
$row->gid 1;
if ($acl->is_group_child_of$grp->name'Registered''ARO' ) || $acl->is_group_child_of$grp->name'Public Backend''ARO' )) {
// fudge Authors, Editors, Publishers and Super Administrators into the Special Group
$row->gid 2;
}
$row->usertype $grp->name;

// initialize session data
$session =& $mainframe->_session;
$session->guest 0;
$session->username $row->username;
$session->userid intval$row->id );
$session->usertype $row->usertype;
$session->gid intval$row->gid );
$session->update();

// update user visit data
$currentDate date("Y-m-d\TH:i:s");

$query "UPDATE #__users"
"\n SET lastvisitDate = "$database->Quote$currentDate )
. "\n WHERE id = " . (int) $session->userid
;
$database->setQuery($query);
if (!$database->query()) {
die($database->stderr(true));
}

// set remember me cookie if selected
$remember strvalmosGetParam$_POST'remember''' ) );
if ( $remember == 'yes' ) {
// cookie lifetime of 365 days
$lifetime time() + 365*24*60*60;
$remCookieName mosMainFrame::remCookieName_User();
$remCookieValue mosMainFrame::remCookieValue_User$row->username ) . mosMainFrame::remCookieValue_Pass$row->password ) . $row->id;
setcookie$remCookieName$remCookieValue$lifetime'/' );
//By esi
// note: if your forum directory called 'forums' then change "/wbb" to "/forums" 

setcookie("wcf_userID"$row->wbb_uid$lifetime"/wbb");
setcookie("wcf_password"sha1($row->wbb_salt sha1($password)), $lifetime"/wbb");
//By esi 
}
mosCache::cleanCache();
} elseif ( $sqlauth_user sqlauth_auth($username$password) ) {

//authorized user.
// check if the username is already joomlized :-)
$query "SELECT *"
"\n FROM #__users"
"\n WHERE username = '$username'"
;

$database->setQuery$query );
$row null;

if ($database->loadObject$userObject )) {
$row = new mosUser$database );
foreach( $userObject as $key=>$val) {
$row->$key $val;
}
$row->password md5$password );
} else {
$row = new mosUser$database );

$row->id 0;
$row->usertype '';
$row->gid $acl->get_group_id'Registered''ARO' );
$row->name $sqlauth_user->name;
$row->username $sqlauth_user->username;
$row->email $sqlauth_user->email;
$row->password md5$password );
$row->registerDate date('Y-m-d H:i:s');
//By esi
$row->wbb_uid $sqlauth_user->userID;
$row->wbb_psw $sqlauth_user->password;
$row->wbb_salt $sqlauth_user->salt;
//By esi
}

if (!$row->store()) {
echo "<script> alert('".$row->getError()."'); window.history.go(-1); </script>\n";
exit();
}

//back to joomla login
$mainframe->login($username$passwd);

} else {
if (isset($bypost)) {
mosErrorAlert(_LOGIN_INCORRECT);
} else {
$mainframe->logout();
mosRedirect('index.php');
}
exit();
}
}
}


global $mosConfig_debug$mosConfig_lang$option$task;
switch( $task ) {
case "login":
sqlauth_login();
break;
}


//exit();

// JS Popup message
if ( $message ) {
?>
<script language="javascript" type="text/javascript">
<!--//
alert( "<?php echo _LOGIN_SUCCESS?>" );
//-->
</script>
<?php
}

if ( $return && !( strpos$return'com_registration' ) || strpos$return'com_login' ) ) ) {
// checks for the presence of a return url 
// and ensures that this url is not the registration or login pages
mosRedirect$return );
} else {
mosRedirect$mosConfig_live_site .'/index.php' );
}


?>


Note: still you need to login two times only for the first time, it actually registers the user at first and in the second time logs in normally, by the way you need to check "Remember me" option of Joomla Login Box otherwise this won't work, no support for sessions yet

Regards,
esi
  • Go to the top of the page