plugin:authmysql:gallery2
Table of Contents
Gallery2
Configuration for authMySQL Auth plugin to authenticate with Gallery2, which let's do:
- Only basic authentication
- No user modification/adding. This assumes that all user/group accounts will be created and maintained through Gallery2.
Tested on:
- Gallery version 2.2.1 core 1.2.0.1 – DokuWiki version 2007-06-26b
- Gallery version 2.2.4 core 1.2.0.6 – DokuWiki version 2008-05-05
Password hashing similar to Gallery2
where snippet should be added.
Hashing
Gallery2 stores passwords md5encrypted with salt as the first 4 chars. The code below is the function with which Gallery2 creates its passwords:
/** * Create a hashed password using md5 plus salt. * @param string $password plaintext password * @param string $salt (optional) salt or hash containing salt (randomly generated if omitted) * @return string hashed password */ function md5Salt($password, $salt='') { if (empty($salt)) { for ($i = 0; $i < 4; $i++) { $char = mt_rand(48, 109); $char += ($char > 90) ? 13 : ($char > 57) ? 7 : 0; $salt .= chr($char); } } else { $salt = substr($salt, 0, 4); } return $salt . md5($salt . $password); }
Detect password hashing
is moved to inc/PassHash.class.php
Due to how gallery stores its passwords as stated above, none of DokuWikis built-in-encryptions work so one must edit the function auth_verifyPassword in inc/auth.php:
... }elseif($len == 32){ $method = 'md5'; }elseif($len == 36){ //gallery2 md5 with salt $method = 'md5'; $privatesalt = substr($crypt,0,4); $clear = $privatesalt.$clear; $crypt = substr($crypt, 4, 32); }elseif($len == 40){ $method = 'sha1'; ...
Configuration
Use the Config Manager or add it to the conf/local.protected.php to store the config protected.
- conf/local.protected.php
<?php /** * Gallery2 configuration for MySQL Auth Plugin * See https://www.dokuwiki.org/plugin:authmysql:gallery2 for details and explanation */ /* Options to configure database access. You need to set up this * options carefully, otherwise you won't be able to access you * database. */ $conf['plugin']['authmysql']['server'] = ''; $conf['plugin']['authmysql']['user'] = ''; $conf['plugin']['authmysql']['password'] = ''; $conf['plugin']['authmysql']['database'] = ''; /* This option enables debug messages in the mysql module. It is * mostly usefull for system admins. */ $conf['plugin']['authmysql']['debug'] = 0; /* Normally password encryption is done by DokuWiki (recommended) but for * some reasons it might be useful to let the database do the encryption. * Set 'forwardClearPass' to '1' and the cleartext password is forwarded to * the database, otherwise the encrypted one. */ $conf['plugin']['authmysql']['forwardClearPass'] = 0; /* Multiple table operations will be protected by locks. This array tells * the module which tables to lock. If you use any aliases for table names * these array must also contain these aliases. Any unnamed alias will cause * a warning during operation. See the example below. */ $conf['plugin']['authmysql']['TablesToLock']= array("g2_User", "g2_User AS u","g2_Group", "g2_Group AS g", "g2_UserGroupMap", "g2_UserGroupMap AS ug"); /***********************************************************************/ /* Basic SQL statements for user authentication (required) */ /***********************************************************************/ /* This statement is used to grant or deny access to the wiki. The result * should be a table with exact one line containing at least the password * of the user. If the result table is empty or contains more than one * row, access will be denied. * * The module access the password as 'pass' so a alias might be necessary. * * Following patters will be replaced: * %{user} user name * %{pass} encrypted or clear text password (depends on 'encryptPass') * %{dgroup} default group name */ $conf['plugin']['authmysql']['checkPass'] = "SELECT g_hashedPassword AS pass FROM g2_UserGroupMap AS ug JOIN g2_User AS u ON u.g_id=ug.g_userId JOIN g2_Group AS g ON g.g_id=ug.g_groupId WHERE g_userName='%{user}' AND g_groupName='%{dgroup}'"; /* This statement should return a table with exact one row containing * information about one user. The field needed are: * 'pass' containing the encrypted or clear text password * 'name' the user's full name * 'mail' the user's email address * * Keep in mind that DokuWiki will access this information through the * names listed above so aliases might be necessary. * * Following patters will be replaced: * %{user} user name */ $conf['plugin']['authmysql']['getUserInfo'] = "SELECT g_hashedPassword AS pass, g_fullName AS name, g_email AS mail FROM g2_User WHERE g_userName='%{user}'"; /* This statement is used to get all groups a user is member of. The * result should be a table containing all groups the given user is * member of. The module access the group name as 'group' so a alias * might be necessary. * * Following patters will be replaced: * %{user} user name */ $conf['plugin']['authmysql']['getGroups'] = "SELECT g_groupName as `group` FROM g2_Group g, g2_User u, g2_UserGroupMap ug WHERE u.g_id = ug.g_userId AND g.g_id = ug.g_groupId AND u.g_userName='%{user}'"; /***********************************************************************/ /* Additional minimum SQL statements to use the user manager */ /***********************************************************************/ /* This statement should return a table containing all user login names * that meet certain filter criteria. The filter expressions will be added * case dependent by the module. At the end a sort expression will be added. * Important is that this list contains no double entries for a user. Each * user name is only allowed once in the table. * * The login name will be accessed as 'user' to a alias might be necessary. * No patterns will be replaced in this statement but following patters * will be replaced in the filter expressions: * %{user} in FilterLogin user's login name * %{name} in FilterName user's full name * %{email} in FilterEmail user's email address * %{group} in FilterGroup group name */ $conf['plugin']['authmysql']['getUsers'] = "SELECT DISTINCT g_userName AS user FROM g2_User AS u LEFT JOIN g2_UserGroupMap AS ug ON u.g_id=ug.g_userId LEFT JOIN g2_Group AS g ON ug.g_groupId=g.g_id"; $conf['plugin']['authmysql']['FilterLogin'] = "g_userName LIKE '%{user}'"; $conf['plugin']['authmysql']['FilterName'] = "g_fullName LIKE '%{name}'"; $conf['plugin']['authmysql']['FilterEmail'] = "g_email LIKE '%{email}'"; $conf['plugin']['authmysql']['FilterGroup'] = "g_groupName LIKE '%{group}'"; $conf['plugin']['authmysql']['SortOrder'] = "ORDER BY g_userName"; /***********************************************************************/ /* Additional SQL statements to add new users with the user manager */ /***********************************************************************/ /* This statement should add a user to the database. Minimum information * to store are: login name, password, email address and full name. * * Following patterns will be replaced: * %{user} user's login name * %{pass} password (encrypted or clear text, depends on 'encryptPass') * %{email} email address * %{name} user's full name */ $conf['plugin']['authmysql']['addUser'] = ""; /*"INSERT INTO users (login, pass, email, firstname, lastname) VALUES ('%{user}', '%{pass}', '%{email}', SUBSTRING_INDEX('%{name}',' ', 1), SUBSTRING_INDEX('%{name}',' ', -1))"; */ /* This statement should add a group to the database. * Following patterns will be replaced: * %{group} group name */ $conf['plugin']['authmysql']['addGroup'] = ""; /*"INSERT INTO groups (name) VALUES ('%{group}')"; */ /* This statement should connect a user to a group (a user become member * of that group). * Following patterns will be replaced: * %{user} user's login name * %{uid} id of a user dataset * %{group} group name * %{gid} id of a group dataset */ $conf['plugin']['authmysql']['addUserGroup']= ""; /*"INSERT INTO usergroup (uid, gid) VALUES ('%{uid}', '%{gid}')"; */ /* This statement should remove a group from the database. * Following patterns will be replaced: * %{group} group name * %{gid} id of a group dataset */ $conf['plugin']['authmysql']['delGroup'] = ""; /*"DELETE FROM groups WHERE gid='%{gid}'"; */ /* This statement should return the database index of a given user name. * The module will access the index with the name 'id' so a alias might be * necessary. * following patters will be replaced: * %{user} user name */ $conf['plugin']['authmysql']['getUserID'] = ""; /*"SELECT uid AS id FROM users WHERE login='%{user}'"; */ /***********************************************************************/ /* Additional SQL statements to delete users with the user manager */ /***********************************************************************/ /* This statement should remove a user from the database. * Following patterns will be replaced: * %{user} user's login name * %{uid} id of a user dataset */ $conf['plugin']['authmysql']['delUser'] = ""; /*"DELETE FROM users WHERE uid='%{uid}'"; */ /* This statement should remove all connections from a user to any group * (a user quits membership of all groups). * Following patterns will be replaced: * %{uid} id of a user dataset */ $conf['plugin']['authmysql']['delUserRefs'] = ""; /*"DELETE FROM usergroup WHERE uid='%{uid}'"; */ /***********************************************************************/ /* Additional SQL statements to modify users with the user manager */ /***********************************************************************/ /* This statements should modify a user entry in the database. The * statements UpdateLogin, UpdatePass, UpdateEmail and UpdateName will be * added to updateUser on demand. Only changed parameters will be used. * * Following patterns will be replaced: * %{user} user's login name * %{pass} password (encrypted or clear text, depends on 'encryptPass') * %{email} email address * %{name} user's full name * %{uid} user id that should be updated */ $conf['plugin']['authmysql']['updateUser'] = ""; //"UPDATE users SET"; $conf['plugin']['authmysql']['UpdateLogin'] = ""; //"login='%{user}'"; $conf['plugin']['authmysql']['UpdatePass'] = ""; //"pass='%{pass}'"; $conf['plugin']['authmysql']['UpdateEmail'] = ""; //"email='%{email}'"; $conf['plugin']['authmysql']['UpdateName'] = ""; //"firstname=SUBSTRING_INDEX('%{name}',' ', 1), //lastname=SUBSTRING_INDEX('%{name}',' ', -1)"; $conf['plugin']['authmysql']['UpdateTarget']= ""; //"WHERE uid=%{uid}"; /* This statement should remove a single connection from a user to a * group (a user quits membership of that group). * * Following patterns will be replaced: * %{user} user's login name * %{uid} id of a user dataset * %{group} group name * %{gid} id of a group dataset */ $conf['plugin']['authmysql']['delUserGroup']= ""; /*"DELETE FROM usergroup WHERE uid='%{uid}' AND gid='%{gid}'"; */ /* This statement should return the database index of a given group name. * The module will access the index with the name 'id' so a alias might * be necessary. * * Following patters will be replaced: * %{group} group name */ $conf['plugin']['authmysql']['getGroupID'] = "SELECT g_id AS id FROM g2_Group WHERE g_groupName='%{group}'";
— Anders Runeson 2007-07-23 15:24
plugin/authmysql/gallery2.txt · Last modified: 2013-02-10 15:06 by Klap-in