DokuWiki

It's better when it's simple

User Tools

Site Tools

Trace:
plugin:authpdo

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
plugin:authpdo [2016-08-04 00:01] 2001:982:a513:1:49f0:d259:c92:b649plugin:authpdo [2018-04-30 16:30] – [Real World Examples] Aleksandr
Line 24: Line 24:
  
 ===== Real World Examples ===== ===== Real World Examples =====
 +
 Before you go forward to [[#Configuration]] section, let's see quickly how many and what kind of real world configurations of PDO Authentication exist. The variation reflects the flexibility PDO is offering.  Before you go forward to [[#Configuration]] section, let's see quickly how many and what kind of real world configurations of PDO Authentication exist. The variation reflects the flexibility PDO is offering. 
  
-  * [[plugin:authpdo:moodle|Moodle]] - an e-learning system [[http://moodle.org]]+  * [[plugin:authpdo:moodle|Moodle]] -- an e-learning system [[https://moodle.org/|moodle.org]] 
 +  * [[plugin:authpdo:phpbb3|phpBB3]] -- an open-source bulletin-board system [[https://www.phpbb.com/|phpbb.com]] 
 +  * [[plugin:authpdo:Nextcloud|Nextcloud]] -- a private cloud system [[https://nextcloud.com/|nextcloud.com]] 
 +  * [[plugin:authpdo:Questions2Answers|Questions2Answers]] -- Q&A Forum [[http://www.question2answer.org/|question2answer.org]]
    
 ===== Configuration ===== ===== Configuration =====
Line 75: Line 79:
 There are a couple of settings you most probably want to tune when enabling authpdo: There are a couple of settings you most probably want to tune when enabling authpdo:
  
-  * [[config:authtype|Configuration Setting: authtype]] - enable the plugin here +  * [[config:authtype|Configuration Setting: authtype]] -- enable the plugin here 
-  * [[config:superuser|Configuration Setting: superuser]] - all users are read from your database when enabling authpdo, your super user probably is named differently than your initial local wiki admin +  * [[config:superuser|Configuration Setting: superuser]] -- all users are read from your database when enabling authpdo, your super user probably is named differently than your initial local wiki admin 
-  * [[config:passcrypt|Configuration Setting: passcrypt]] - this setting defines how new passwords are saved in the database, it should match your database's application+  * [[config:passcrypt|Configuration Setting: passcrypt]] -- this setting defines how new passwords are saved in the database, it should match your database's application 
 +  * [[config:defaultgroup|Configuration Setting: defaultgroup]] -- This group is added by default to all users regardless of the groups that might be pulled from the database. Make sure that you don’t grant more rights than necessary to this group. 
  
 ==== Minimal SQL Setup ==== ==== Minimal SQL Setup ====
Line 87: Line 93:
 This statement is used to get a single user from the database. This statement should return exactly one row if the user exists. Or no row if it doesn't. This statement is used to get a single user from the database. This statement should return exactly one row if the user exists. Or no row if it doesn't.
  
-^ Guaranteed Placeholders ^^ +^ Guaranteed Placeholders                                                                                                                                                                                                                         || 
-| '':user''    | the username of the user whose data is requested  +| '':user''                   | the username of the user whose data is requested                                                                                                                                                                   
-^ Mandatory fields to return ^^ +^ Mandatory fields to return                                                                                                                                                                                                                      || 
-| ''user''     | the user name as written in the database | +| ''user''                    | the user name as written in the database                                                                                                                                                                           
-| ''hash'' or ''clear''  | either the hashed password of the user or the clear text password((you really shouldn't store clear text passwords!)) | +| ''hash'' or ''clear''       | either the hashed password of the user or the clear text password((you really shouldn't store clear text passwords!))\\ If you do not return this field you have to implement the [[#Option check-pass]] instead.  
-| ''mail''     | the email address of the user | +| ''mail''                    | the email address of the user                                                                                                                                                                                      
-| ''name''     | the full name of the user | +| ''name''                    | the full name of the user                                                                                                                                                                                          
-^ Optional fields to return ^^ +^ Optional fields to return                                                                                                                                                                                                                       || 
-| ''*''        | you may return any arbitrary field you may need later to identify the user. Typically a user ID makes sense. Eg. we're returning a ''uid'' in the example below |+| ''*''                       | you may return any arbitrary field you may need later to identify the user. Typically a user ID makes sense. Eg. we're returning a ''uid'' in the example below                                                    |
  
 Example: Example:
Line 128: Line 134:
 </code> </code>
  
 +=== Option 'check-pass' ===
 +
 +:!: If your database uses one of the [[config:passcrypt|hashing mechanisms]] supported in DokuWiki you don't need (and shouldn't) set this option. It is only needed if you want to do the password check directly in a SQL statement. This is useful where other fields are used as salt.
 +
 +This statement is used to check the password a user is providing upon login.
 +
 +When you set up this setting, your ''select-user'' user statement does not need to return a ''hash'' or ''pass'' field.
 +
 +This statement should return a single row on success and no rows on failure.
 +
 +^ Guaranteed Placeholders ^^
 +| '':user''    | the username of the user who is trying to login  |
 +| '':clear''   | the clear text password the user entered  |
 +| '':hash''    | the hashed password using the hashing defined in [[config:passcrypt|passcrypt]] |
 +^ Optional Placeholders ^^
 +| ''*''        | Any field you returned in [[#Option 'select-user']] is available as a placeholder here (prefixed by a colon). |
 +
 +Example:
 +<code sql>
 +SELECT uid
 +  FROM user
 + WHERE login = :user
 +   AND pass = MD5(CONCAT(MD5(user), MD5(:clear)))
 +</code>
 ==== Additional SQL Setup ==== ==== Additional SQL Setup ====
  
Line 248: Line 278:
 | '':mail''    | A ''%'' wrapped search string to search in email addresses   | | '':mail''    | A ''%'' wrapped search string to search in email addresses   |
 ^ Mandatory fields to return ^^ ^ Mandatory fields to return ^^
-| ''user''     The login name |+| ''count''     Number of users |
  
  
plugin/authpdo.txt · Last modified: 2020-10-31 18:31 by webtist_hanschur
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki

Global DokuWiki Links