Single sign on mambot

patrik.soderberg · **Joined:** Fri Jun 30, 2006 11:46 am **Posts:** 4

Hi,

I'm working on a single sign on solution for Joomla 1.0.9/10 and have reached a problem that I could use some input on. The general idea is to hijack the Joomla login and generate iframes that post the username/password to the other sites that are included in Joomla with the wrapper module.

The problem is that the iframes need time to load before continuing with the Joomla login, something that I tried to solve by creating a intermittant page with the iframes. This works fine as long as the correct password and username is supplied but when a mistake is made the Joomla login will fail and try to go back to the login page but instead it will end up at the intermittant page again and a infinite loop is started.

I tried to solve this by scrapping the intermittant page and adding the iframes to Joomlas login page but then Joomla will redirect and the iframes will not have time to load (well, actually it works fine for us when you are on the same 100Mbit network as the server).

Attached is my work in progress version with some debugging in it that you can ignore. Also the part that makes it create a intermittant page is commented out.

The default parameters are for dotProject, MRBS and SVN (using basic http authentication).

Thanks
Patrik Söderberg

azrulrhm · **Joined:** Wed Jan 18, 2006 1:48 pm **Posts:** 112

I haven't look at the code yet, but my first instinct tells me that you might need t get your hand dirty with javascript to solve the syncronization problem. Just a tips..

psimon · **Joined:** Sun Apr 16, 2006 5:33 am **Posts:** 2

patrik.soderberg wrote:

Hi,

I'm working on a single sign on solution for Joomla 1.0.9/10 and have reached a problem that I could use some input on. The general idea is to hijack the Joomla login and generate iframes that post the username/password to the other sites that are included in Joomla with the wrapper module.

The problem is that the iframes need time to load before continuing with the Joomla login, something that I tried to solve by creating a intermittant page with the iframes. This works fine as long as the correct password and username is supplied but when a mistake is made the Joomla login will fail and try to go back to the login page but instead it will end up at the intermittant page again and a infinite loop is started.

I tried to solve this by scrapping the intermittant page and adding the iframes to Joomlas login page but then Joomla will redirect and the iframes will not have time to load (well, actually it works fine for us when you are on the same 100Mbit network as the server).

Attached is my work in progress version with some debugging in it that you can ignore. Also the part that makes it create a intermittant page is commented out.

The default parameters are for dotProject and MRBS.

Thanks
Patrik Söderberg

Hello Patrik,

do you happend to have ready made code for MRBS-MAMBO/JOOMLA login?
I'm not talking about single sign-on but just regular user database intregration, I want to use mambo/joomla user database in MRBS login. Mambo/joomla are currently in the same SQL database. Since I'm not very good with php etc. I would need some help/hints how to make it work. :-[

Regards,

Peter

patrik.soderberg · **Joined:** Fri Jun 30, 2006 11:46 am **Posts:** 4

Hi Peter,

All you need to do is use the wrapper module in joomla and in the MRBS config.inc.php set up db_ext authentication.

Code:

###############################################
# Authentication settings - read AUTHENTICATION
###############################################
$auth["session"] = "php"; # How to get and keep the user ID. One of
           # "http" "php" "cookie" "ip" "host" "nt" "omni".
$auth["type"] = "db_ext"; # How to validate the user/password. One of "none"
                          # "config" "db" "db_ext" "pop3" "imap" "ldap" "nis"
                          # "nw" "ext".

# The list of administrators (can modify other peoples settings)
#$auth["admin"][] = "127.0.0.1";   # localhost IP address. Useful with IP sessions.
$auth["admin"][] = "admin";   # A user name from the user list. Useful 
                                    #with most other session schemes.

# 'auth_config' user database
# Format: $auth["user"]["name"] = "password";

# 'session_http' configuration settings
$auth["realm"]  = "mrbs";

# 'auth_ext' configuration settings
$auth["prog"]   = "";
$auth["params"] = "";

# 'auth_db_ext' configuration settings
$auth['db_ext']['db_host'] = 'localhost';
$auth['db_ext']['db_username'] = 'dbuser';
$auth['db_ext']['db_password'] = 'secret';
$auth['db_ext']['db_name'] = 'joomla';
$auth['db_ext']['db_table'] = 'jos_users';
$auth['db_ext']['column_name_username'] = 'username';
$auth['db_ext']['column_name_password'] = 'password';
# Either 'md5', 'sha1', 'crypt' or 'plaintext'
$auth['db_ext']['password_format'] = 'md5';

patrik.soderberg · **Joined:** Fri Jun 30, 2006 11:46 am **Posts:** 4

I have now upladed a new version of the mambot which works in our config (Joomla, SMF(Joomlahacks.com), MRBS, SVN, dotProject). It's pretty general but could probably use some minor modifications if SMF is not used.

tweaked · **Joined:** Wed Mar 01, 2006 4:10 am **Posts:** 19

where can I go to download the mambot?

patrik.soderberg · **Joined:** Fri Jun 30, 2006 11:46 am **Posts:** 4

Sorry, as I wrote this for an employer I'm no longer with I don't feel comfortable with releasing more than I already have. If there is a greater demand then what I can see here I might consider asking them to release the final version.

Regards
Patrik Söderberg

aapoter · **Joined:** Tue Jun 10, 2008 10:46 am **Posts:** 1

You can configure MRBS to use Joomla! authentication by editing MRBS files auth_db_ext.inc and config.inc.php.

To file auth_db_ext.inc file you need to add new case inside the switch statement authValidateUser() function like:

Code:

case 'joomla':
list($hash, $salt) = explode(':', $row[0]);
$cryptpass = md5($pass.$salt);
if ($hash == $cryptpass)
{
$retval = 1;
}
break;

And parameters in config.inc.php should be like this:

Code:

$auth["session"] = "php";
$auth["type"] = "db_ext";

# 'auth_db_ext' configuration settings
$auth['db_ext']['db_host'] = 'localhost';
$auth['db_ext']['db_username'] = 'dbuser';
$auth['db_ext']['db_password'] = 'dbpass';
$auth['db_ext']['db_name'] = 'joomla';
$auth['db_ext']['db_table'] = 'jos_users';
$auth['db_ext']['column_name_username'] = 'username';
$auth['db_ext']['column_name_password'] = 'password';
# Either 'md5', 'sha1', 'crypt' or 'plaintext'
$auth['db_ext']['password_format'] = 'joomla'; # This refers to the case in auth_db_ext.inc

merlin777 · **Joined:** Thu May 07, 2009 6:43 am **Posts:** 2

Il try to do what you told in that post, but i get a

Parse error: syntax error, unexpected '{' in httpdocs/mrbs/auth_db_ext.inc on line 43

i am not so clear with the way i should fix thet problem.
I copy the code of the file : (i would be happy to get a answer)

Code:

<?php
/*****************************************************************************
*
*   File name       auth_db_ext.inc
*
*   Description     Authenticate users from a table in another database.
*
*   Notes           To use this authentication scheme, set in config.inc.php:
*         $auth["type"]  = "db_ext";
*                   Assumes passwords are stored in the other table in
*                   plaintext, authValidateUser() will need to be changed if
*                   the password is stored differently.
*
*   History
*    Available in the source control system
*
******************************************************************************/

// $Id: auth_db_ext.inc 994 2009-01-14 21:48:50Z jberanek $


/* authValidateUser($user, $pass)
 * 
 * Checks if the specified username/password pair are valid
 * 
 * $user  - The user name
 * $pass  - The password
 * 
 * Returns:
 *   0        - The pair are invalid or do not exist
 *   non-zero - The pair are valid
 */

function authValidateUser($user, $pass)
{






  global $auth;

  $retval = 0;

  $user = strtolower($user);

  if (empty($auth['db_ext']['db_system'])
  {
    $auth['db_ext']['db_system'] = 'mysql';
  }

  $conn = sql_connect($auth['db_ext']['db_system'],
                      $auth['db_ext']['db_host'],
                      $auth['db_ext']['db_username'],
                      $auth['db_ext']['db_password'],
                      $auth['db_ext']['db_name']);

  $user = addslashes($user);

  if ($auth['db_ext']['use_md5_passwords'] == 1)
  {
    $pass = md5($pass);
  }

  $query = "SELECT " . $auth['db_ext']['column_name_password'] .
           " FROM " . $auth['db_ext']['db_table'] .
           " WHERE ". $auth['db_ext']['column_name_username'] . "='$user'";

  $r = sql_query($query, $conn);

  if ($r && (sql_count($r, $conn) == 1)) // force a unique match
  {
    $row = sql_row($r, 0, $conn);

    switch ($auth['db_ext']['password_format'])
    {
   
         case 'joomla':
list($hash, $salt) = explode(':', $row[0]);
$cryptpass = md5($pass.$salt);
if ($hash == $cryptpass)
{
$retval = 1;
}
break;
   
   
   
   
   
      case 'md5':
        if (md5($pass) == $row[0])
        {
          $retval = 1;
        }
        break;

      case 'sha1':
        if (sha1($pass) == $row[0])
        {
          $retval = 1;
        }
        break;

      case 'crypt':
        $recrypt = crypt($pass,$row[0]);
        if ($row[0] == $recrypt)
        {
          $retval = 1;
        }
        break;

      default:
        // Otherwise assume plaintext
        if ($pass == $row[0])
        {
          $retval = 1;
        }
        break;
      
      

      
      
    }
  }




  return $retval;
}

/* authGetUserLevel($user)
 * 
 * Determines the users access level
 * 
 * $user - The user name
 *
 * Returns:
 *   The users access level
 */
function authGetUserLevel($user, $lev1_admin)
{
  // User not logged in, user level '0'
  if(!isset($user))
  {
    return 0;
  }

  // Check if the user is can modify
  for($i = 0; isset($lev1_admin[$i]); $i++)
  {
    if(strcasecmp($user, $lev1_admin[$i]) == 0)
    {
      return 2;
    }
  }

  // Everybody else is access level '1'
  return 1;
}

?>

merlin777 · **Joined:** Thu May 07, 2009 6:43 am **Posts:** 2

nobody?

Forum rules

Single sign on mambot

Quick reply

Who is online