Table of Contents
⇐ authPDO
Joomla
Configuration for authPDO plugin to login to DokuWiki with existing Joomla username & password.
NOTICE: There is a plugin authjoomla3 which basically does the same, employing AuthPDO functionality and getting settings automatically from Joomla installation.
However, for security reasons setting AuthPDO can be better, because unlike authjoomla3 it doesn't access Joomla directory. So we can limit the PHP access of web sites to each other, with open_basedir. For example, using NGINX:
location ~ \.php$ { try_files $uri $uri/ /doku.php; fastcgi_pass unix:/run/php-fpm/php-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PHP_VALUE open_basedir="/usr/share/nginx/www/dokuwiki/:/tmp/"; include fastcgi_params; }
So DokuWiki site would have access only to its folder (and temp folder or whatever you set there), but not to Joomla files. Also, the DokuWiki user for the database can have very limited rights too — just to read users tables information.
Scenario
The intention is to permit the users registered on Joomla site to make edits in the Wiki, using the same credentials. This does not give a 'single sign-on' experience, just enables a user to have the same username, password etc. on both Joomla and Dokuwiki installations.
Works on PHP 7 + MySQL + Joomla 3.9.
Wiki Configuration
Just in case, backup conf/local.php
In the AuthPDO section, configure the following:
plugin>authpdo>debug | Checkbox - enable this for testing, otherwise disable |
plugin>authpdo>dsn | mysql:host=localhost;dbname=<DB NAME>;charset=utf8mb4 |
(← That is, if the charset in Joomla DB is utf8mb4; otherwise just utf8). | |
plugin>authpdo>user | <DB-USERNAME> |
plugin>authpdo>pass | <DB-PASSWORD> |
plugin>authpdo>select-user | SELECT `username` AS user, `password` AS `hash`, `email` AS mail, `name`, `id` AS uid from `#__users` WHERE (`username`= :user AND `block`=0); |
(1. Replace “#_” in the table name with the actual prefix used in that DB, e.g. it could be jos_users. 2. `block`=0 means do not authenticate blocked users, such as spammers). |
|
plugin>authpdo>select-user-groups | SELECT `title` AS `group` FROM `#__user_usergroup_map` AS m, `d0_usergroups` AS g WHERE m.`group_id` = g.`id` AND m.`user_id` = :uid; |
(Replace “#_” in the table name with actual prefix of that DB, e.g. it could be jos_users. |
In the Authentication section:
authtype | authpdo |
passcrypt | bcrypt |
superuser | <USERNAME OF THE SUPERUSER> |
disableactions | register |
And if you like to replace default DokuWiki groups with group structure from Joomla:
defaultgroup | Registered |
superuser | @Super Users |
In ACL settings, assign to group @Registered
the same rights as @user
.
It's posible to add settings for typical Joomla groups “Author”, “Manager” etc., according to your particular needs.