[[mysql|« MySQL Authentification Backend]]
====== MySQL DokuWiki/Gallery2 ======
[[http://gallery.menalto.com/|Gallery2]]\\
This assumes that all user/group accounts will be created and maintained through Gallery2.\\
Gallery version 2.2.1 core 1.2.0.1\\
DokuWiki version 2007-06-26b\\
Also tested on\\
Gallery version 2.2.4 core 1.2.0.6 \\
DokuWiki version 2008-05-05\\
===== MySQL authentication in Gallery2 =====
Gallery2 stores passwords md5encrypted with salt as the first 4 chars. The code below is the function with which Gallery2 creates its passwords:
/**
* Create a hashed password using md5 plus salt.
* @param string $password plaintext password
* @param string $salt (optional) salt or hash containing salt (randomly generated if omitted)
* @return string hashed password
*/
function md5Salt($password, $salt='') {
if (empty($salt)) {
for ($i = 0; $i < 4; $i++) {
$char = mt_rand(48, 109);
$char += ($char > 90) ? 13 : ($char > 57) ? 7 : 0;
$salt .= chr($char);
}
} else {
$salt = substr($salt, 0, 4);
}
return $salt . md5($salt . $password);
}
===== DokuWiki changes =====
Due to how gallery stores its passwords as stated above, none of DokuWikis built-in-encryptions work so one must edit the function ''auth_verifyPassword'' in inc/auth.php:
...
}elseif($len == 32){
$method = 'md5';
}elseif($len == 36){ //gallery2 md5 with salt
$method = 'md5';
$privatesalt = substr($crypt,0,4);
$clear = $privatesalt.$clear;
$crypt = substr($crypt, 4, 32);
}elseif($len == 40){
$method = 'sha1';
...
Lastly the file conf/mysql.conf.php:
/* Options to configure database access. You need to set up this
* options carefully, otherwise you won't be able to access you
* database.
*/
$conf['auth']['mysql']['server'] = '';
$conf['auth']['mysql']['user'] = '';
$conf['auth']['mysql']['password'] = '';
$conf['auth']['mysql']['database'] = '';
/* This option enables debug messages in the mysql module. It is
* mostly usefull for system admins.
*/
$conf['auth']['mysql']['debug'] = 0;
/* Normally password encryption is done by DokuWiki (recommended) but for
* some reasons it might be useful to let the database do the encryption.
* Set 'forwardClearPass' to '1' and the cleartext password is forwarded to
* the database, otherwise the encrypted one.
*/
$conf['auth']['mysql']['forwardClearPass'] = 0;
/* Multiple table operations will be protected by locks. This array tells
* the module which tables to lock. If you use any aliases for table names
* these array must also contain these aliases. Any unnamed alias will cause
* a warning during operation. See the example below.
*/
$conf['auth']['mysql']['TablesToLock']= array("g2_User", "g2_User AS u","g2_Group", "g2_Group AS g", "g2_UserGroupMap", "g2_UserGroupMap AS ug");
/***********************************************************************/
/* Basic SQL statements for user authentication (required) */
/***********************************************************************/
/* This statement is used to grant or deny access to the wiki. The result
* should be a table with exact one line containing at least the password
* of the user. If the result table is empty or contains more than one
* row, access will be denied.
*
* The module access the password as 'pass' so a alias might be necessary.
*
* Following patters will be replaced:
* %{user} user name
* %{pass} encrypted or clear text password (depends on 'encryptPass')
* %{dgroup} default group name
*/
$conf['auth']['mysql']['checkPass'] = "SELECT g_hashedPassword AS pass
FROM g2_UserGroupMap AS ug
JOIN g2_User AS u ON u.g_id=ug.g_userId
JOIN g2_Group AS g ON g.g_id=ug.g_groupId
WHERE g_userName='%{user}'
AND g_groupName='%{dgroup}'";
/* This statement should return a table with exact one row containing
* information about one user. The field needed are:
* 'pass' containing the encrypted or clear text password
* 'name' the user's full name
* 'mail' the user's email address
*
* Keep in mind that DokuWiki will access this information through the
* names listed above so aliases might be necessary.
*
* Following patters will be replaced:
* %{user} user name
*/
$conf['auth']['mysql']['getUserInfo'] = "SELECT g_hashedPassword AS pass, g_fullName AS name, g_email AS mail
FROM g2_User
WHERE g_userName='%{user}'";
/* This statement is used to get all groups a user is member of. The
* result should be a table containing all groups the given user is
* member of. The module access the group name as 'group' so a alias
* might be necessary.
*
* Following patters will be replaced:
* %{user} user name
*/
$conf['auth']['mysql']['getGroups'] = "SELECT g_groupName as `group`
FROM g2_Group g, g2_User u, g2_UserGroupMap ug
WHERE u.g_id = ug.g_userId
AND g.g_id = ug.g_groupId
AND u.g_userName='%{user}'";
/***********************************************************************/
/* Additional minimum SQL statements to use the user manager */
/***********************************************************************/
/* This statement should return a table containing all user login names
* that meet certain filter criteria. The filter expressions will be added
* case dependent by the module. At the end a sort expression will be added.
* Important is that this list contains no double entries for a user. Each
* user name is only allowed once in the table.
*
* The login name will be accessed as 'user' to a alias might be necessary.
* No patterns will be replaced in this statement but following patters
* will be replaced in the filter expressions:
* %{user} in FilterLogin user's login name
* %{name} in FilterName user's full name
* %{email} in FilterEmail user's email address
* %{group} in FilterGroup group name
*/
$conf['auth']['mysql']['getUsers'] = "SELECT DISTINCT g_userName AS user
FROM g2_User AS u
LEFT JOIN g2_UserGroupMap AS ug ON u.g_id=ug.g_userId
LEFT JOIN g2_Group AS g ON ug.g_groupId=g.g_id";
$conf['auth']['mysql']['FilterLogin'] = "g_userName LIKE '%{user}'";
$conf['auth']['mysql']['FilterName'] = "g_fullName LIKE '%{name}'";
$conf['auth']['mysql']['FilterEmail'] = "g_email LIKE '%{email}'";
$conf['auth']['mysql']['FilterGroup'] = "g_groupName LIKE '%{group}'";
$conf['auth']['mysql']['SortOrder'] = "ORDER BY g_userName";
/***********************************************************************/
/* Additional SQL statements to add new users with the user manager */
/***********************************************************************/
/* This statement should add a user to the database. Minimum information
* to store are: login name, password, email address and full name.
*
* Following patterns will be replaced:
* %{user} user's login name
* %{pass} password (encrypted or clear text, depends on 'encryptPass')
* %{email} email address
* %{name} user's full name
*/
$conf['auth']['mysql']['addUser'] = ""; /*"INSERT INTO users
(login, pass, email, firstname, lastname)
VALUES ('%{user}', '%{pass}', '%{email}',
SUBSTRING_INDEX('%{name}',' ', 1),
SUBSTRING_INDEX('%{name}',' ', -1))";
*/
/* This statement should add a group to the database.
* Following patterns will be replaced:
* %{group} group name
*/
$conf['auth']['mysql']['addGroup'] = ""; /*"INSERT INTO groups (name)
VALUES ('%{group}')";
*/
/* This statement should connect a user to a group (a user become member
* of that group).
* Following patterns will be replaced:
* %{user} user's login name
* %{uid} id of a user dataset
* %{group} group name
* %{gid} id of a group dataset
*/
$conf['auth']['mysql']['addUserGroup']= ""; /*"INSERT INTO usergroup (uid, gid)
VALUES ('%{uid}', '%{gid}')";
*/
/* This statement should remove a group from the database.
* Following patterns will be replaced:
* %{group} group name
* %{gid} id of a group dataset
*/
$conf['auth']['mysql']['delGroup'] = ""; /*"DELETE FROM groups
WHERE gid='%{gid}'";
*/
/* This statement should return the database index of a given user name.
* The module will access the index with the name 'id' so a alias might be
* necessary.
* following patters will be replaced:
* %{user} user name
*/
$conf['auth']['mysql']['getUserID'] = ""; /*"SELECT uid AS id
FROM users
WHERE login='%{user}'";
*/
/***********************************************************************/
/* Additional SQL statements to delete users with the user manager */
/***********************************************************************/
/* This statement should remove a user from the database.
* Following patterns will be replaced:
* %{user} user's login name
* %{uid} id of a user dataset
*/
$conf['auth']['mysql']['delUser'] = ""; /*"DELETE FROM users
WHERE uid='%{uid}'";
*/
/* This statement should remove all connections from a user to any group
* (a user quits membership of all groups).
* Following patterns will be replaced:
* %{uid} id of a user dataset
*/
$conf['auth']['mysql']['delUserRefs'] = ""; /*"DELETE FROM usergroup
WHERE uid='%{uid}'";
*/
/***********************************************************************/
/* Additional SQL statements to modify users with the user manager */
/***********************************************************************/
/* This statements should modify a user entry in the database. The
* statements UpdateLogin, UpdatePass, UpdateEmail and UpdateName will be
* added to updateUser on demand. Only changed parameters will be used.
*
* Following patterns will be replaced:
* %{user} user's login name
* %{pass} password (encrypted or clear text, depends on 'encryptPass')
* %{email} email address
* %{name} user's full name
* %{uid} user id that should be updated
*/
$conf['auth']['mysql']['updateUser'] = ""; //"UPDATE users SET";
$conf['auth']['mysql']['UpdateLogin'] = ""; //"login='%{user}'";
$conf['auth']['mysql']['UpdatePass'] = ""; //"pass='%{pass}'";
$conf['auth']['mysql']['UpdateEmail'] = ""; //"email='%{email}'";
$conf['auth']['mysql']['UpdateName'] = ""; //"firstname=SUBSTRING_INDEX('%{name}',' ', 1),
//lastname=SUBSTRING_INDEX('%{name}',' ', -1)";
$conf['auth']['mysql']['UpdateTarget']= ""; //"WHERE uid=%{uid}";
/* This statement should remove a single connection from a user to a
* group (a user quits membership of that group).
*
* Following patterns will be replaced:
* %{user} user's login name
* %{uid} id of a user dataset
* %{group} group name
* %{gid} id of a group dataset
*/
$conf['auth']['mysql']['delUserGroup']= ""; /*"DELETE FROM usergroup
WHERE uid='%{uid}'
AND gid='%{gid}'";
*/
/* This statement should return the database index of a given group name.
* The module will access the index with the name 'id' so a alias might
* be necessary.
*
* Following patters will be replaced:
* %{group} group name
*/
$conf['auth']['mysql']['getGroupID'] = "SELECT g_id AS id
FROM g2_Group
WHERE g_groupName='%{group}'";
--- //[[runeson@gmail.com|Anders Runeson]] 2007-07-23 15:24//