#173 db_ext configuration for Wordpress auth

None
open
nobody
None
5
2015-10-26
2010-05-07
Estanis
No

Hello.
I have installed MRBS with a wordpress site and i would like to use the wordpress autentication users, so only registered users in worpress can make a room reservation.
I configured the db_ext in the conf.inc.php with the database name, login wpuser table and password... but it doesn't work... Does anyone try it with the wordpress autentication users?
thank you

Discussion

  • John Beranek

    John Beranek - 2012-08-01
    • summary: db_ext configuration --> db_ext configuration for Wordpress auth
    • milestone: -->
     
  • Juan Jose Pablos

    It would be nice to have the right settings on this bug so others can test it.
    Here is the config that I used to test it:

    $auth["type"] = "db_ext";
    $auth['db_ext']['db_username'] = 'apache';
    $auth['db_ext']['db_password'] = 'apache_password';
    $auth['db_ext']['db_name'] = 'wordpress';
    $auth['db_ext']['db_table'] = 'wp_users';
    $auth['db_ext']['column_name_username'] = 'user_login';
    $auth['db_ext']['column_name_password'] = 'user_pass';
    $auth['db_ext']['password_format'] = 'md5';

    But somehow it did not work for me. I found an article that might be useful, wordpress uses 2 different password formats.

    http://blog.cedric.ws/how-to-make-use-of-wordpress-passwords

     
  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2015-10-26

    You have to configure the auth_db_ext file to use the same password hashing as Wordpress. I've recently implemented, tested and used this. Create a new Auth_db_ext file, and paste the following text. *
    Note, you will have to insert your wordpress file path as indicated in BOLD.
    Note, you will have to reference 'wp' as your password format in your config.inc.php file
    Email me at pzali@cmu.edu for more info

    // $Id: auth_db_ext.inc 1115 2009-05-28 22:23:30Z jberanek $

    include_once('INSERT YOUR FILE PATH TO WORDPRESS HERE /wp-includes/class-phpass.php' );
    //include_once('C:/wamp/www/sandbox/wordpress/wp-includes/class-phpass.php' );

    function authValidateUser($user, $pass)
    {
    global $auth;

    $retval = 0;

    $user = strtolower($user);

    if (empty($auth['db_ext']['db_system']))
    {
    $auth['db_ext']['db_system'] = 'mysqli';
    }

    $conn = sql_connect($auth['db_ext']['db_system'],
    $auth['db_ext']['db_host'],
    $auth['db_ext']['db_username'],
    $auth['db_ext']['db_password'],
    $auth['db_ext']['db_name']);

    // wordpress' username that his password going to compare
    $user_name = htmlspecialchars($user,ENT_QUOTES);

    // plain password to compare
    $password = $pass;

    $hasher = new PasswordHash(8, TRUE);
    

    $query = "SELECT " . $auth['db_ext']['column_name_password'] .
    " FROM " . $auth['db_ext']['db_table'] .
    " WHERE ". $auth['db_ext']['column_name_username'] . "='$user_name'";

    $r = sql_query($query, $conn);
    

    if ($r && (sql_count($r, $conn) == 1)) // force a unique match
    {
    $row = sql_row($r, 0, $conn);

    switch ($auth['db_ext']['password_format'])
    {
      case 'md5':
        if (md5($pass) == $row[0])
        {
          $retval = 1;
        }
        break;
    
      case 'sha1':
        if (sha1($pass) == $row[0])
        {
          $retval = 1;
        }
        break;
    
      case 'crypt':
        $recrypt = crypt($pass,$row[0]);
        if ($row[0] == $recrypt)
        {
          $retval = 1;
        }
        break;
    
      case 'wp':
        if ($hasher->CheckPassword( $password, $row[0] ))
        {
        $retval = 1;
        } 
        break;
    
      default:
        // Otherwise assume plaintext
    
        // Backwards-compatibility config option
        if ($auth['db_ext']['use_md5_passwords'] == 1)
        {
          $pass = md5($pass);
        }
    
        if ($pass == $row[0])
        {
          $retval = 1;
        }
        break;
    }
    

    }

    return $retval;
    }

    / authGetUserLevel($user)
    *
    * Determines the users access level
    *
    * $user - The user name

    * Returns:
    * The users access level
    */

    function authGetUserLevel($user)
    {
    global $auth;

    $retval = 0;

    if (empty($auth['db_ext']['db_system']))
    {
    $auth['db_ext']['db_system'] = 'mysqli';
    }

    $conn = sql_connect($auth['db_ext']['db_system'],
    $auth['db_ext']['db_host'],
    $auth['db_ext']['db_username'],
    $auth['db_ext']['db_password'],
    $auth['db_ext']['db_name']);

    // wordpress' username that level going to compare
    $user_name = htmlspecialchars($user,ENT_QUOTES);

    $query = "SELECT " . $auth['db_ext']['column_name_level'] .
    " FROM " . $auth['db_ext']['db_table'] .
    " WHERE ". $auth['db_ext']['column_name_username'] . "='$user_name'";

    $r = sql_query($query, $conn);
    

    if ($r && (sql_count($r, $conn) == 1)) // force a unique match
    {
    $row = sql_row($r, 0, $conn);
    $retval = $row[0];
    }

    return $retval;

    }

    ?>

     
    Last edit: Anonymous 2015-10-26


Anonymous

Cancel  Add attachments