Ok, first read this post by Kai Backman who did most of the coding:
https://vborg.vbsupport.ru/showpost....1&postcount=10
Then, here's my modifications to the code, with my comments I just added now.
AuthPlugin_vBulletin.php file:
Code:
<?php
/**
* Authentication plugin interface. Instantiate a subclass of AuthPlugin
* and set $wgAuth to it to authenticate against some external tool.
*
* The default behavior is not to do anything, and use the local user
* database for all authentication. A subclass can require that all
* accounts authenticate externally, or use it only as a fallback; also
* you can transparently create internal wiki accounts the first time
* someone logs in who can be authenticated externally.
*
* This interface is new, and might change a bit before 1.4.0 final is
* done...
*
* @package MediaWiki
*/
require_once("includes/AuthPlugin.php");
class AuthPlugin_vBulletin extends AuthPlugin {
// Persistent DB connection
var $vb_database;
function AuthPlugin_vBulletin($host, $username, $password, $dbname)
{
$this->vb_database = mysql_pconnect($host, $username, $password);
mysql_select_db($dbname, $this->vb_database);
}
/**
* Check whether there exists a user account with the given name.
* The name will be normalized to MediaWiki's requirements, so
* you might need to munge it (for instance, for lowercase initial
* letters).
*
* @param string $username
* @return bool
* @access public
*/
function userExists( $username ) {
$username = addslashes($username);
$vb_find_user_query = "SELECT membergroupids FROM user WHERE LOWER(username)=LOWER('" . $username . "')";
$vb_find_result = mysql_query($vb_find_user_query, $this->vb_database);
if(mysql_num_rows($vb_find_result) == 1) {
$vb_user_info = mysql_fetch_array($vb_find_result);
$membergroupids = $vb_user_info['membergroupids'];
$membergrouparray = explode(",",$membergroupids);
/* weeno comment
This version checks to see if a user is in a special secondary group. In
my case, this is group 17. I only allow users who are promoted to this
group (I call it Wiki Editor), to be authorized. Mine has a post count of 20
minimum */
/* weeno comment
Below is some very ugly code to exclude illegal mediawiki chars. These
chars are simply denied. People have to change their username by asking
to log in. Could be done in some sorta automatic way perhaps, but then
you risk collisions. Come to think of it, this will fail if the illegal char is
the first and only character in the username. Can someone fix this? */
if ( !strpos($username,"#") and
!strpos($username,"+") and
!strpos($username,"<") and
!strpos($username,">") and
!strpos($username,"[") and
!strpos($username,"]") and
!strpos($username,"|") and
!strpos($username,"{") and
!strpos($username,"}") )
{
if(in_array("17",$membergrouparray))
return true;
else
return false;
}
}
return false;
}
/**
* Check if a username+password pair is a valid login.
* The name will be normalized to MediaWiki's requirements, so
* you might need to munge it (for instance, for lowercase initial
* letters).
*
* @param string $username
* @param string $password
* @return bool
* @access public
*/
function authenticate( $username, $password )
{
$username = addslashes($username);
$vb_find_user_query = "SELECT password, salt, membergroupids FROM user WHERE LOWER(username)=LOWER('" .
$username . "')";
$vb_find_result = mysql_query($vb_find_user_query, $this->vb_database);
if(mysql_num_rows($vb_find_result) == 1)
{
$vb_user_info = mysql_fetch_array($vb_find_result);
$membergroupids = $vb_user_info['membergroupids'];
$membergrouparray = explode(",",$membergroupids);
/* same check. A function would perhaps be cleaner */
if ( !strpos($username,"#") and
!strpos($username,"+") and
!strpos($username,"<") and
!strpos($username,">") and
!strpos($username,"[") and
!strpos($username,"]") and
!strpos($username,"|") and
!strpos($username,"{") and
!strpos($username,"}") )
{
if(in_array("17",$membergrouparray))
if(md5(md5($password) . $vb_user_info['salt']) == $vb_user_info['password'])
return true;
}
}
return false;
}
/**
* Return true if the wiki should create a new local account automatically
* when asked to login a user who doesn't exist locally but does in the
* external auth database.
*
* If you don't automatically create accounts, you must still create
* accounts in some way. It's not possible to authenticate without
* a local account.
*
* This is just a question, and shouldn't perform any actions.
*
* @return bool
* @access public
*/
function autoCreate() {
return true;
}
/**
* Return true to prevent logins that don't authenticate here from being
* checked against the local database's password fields.
*
* This is just a question, and shouldn't perform any actions.
*
* @return bool
* @access public
*/
function strict() {
return false;
}
/**
* When creating a user account, optionally fill in preferences and such.
* For instance, you might pull the email address or real name from the
* external user database.
*
* The User object is passed by reference so it can be modified; don't
* forget the & on your function declaration.
*
* @param User $user
* @access public
*/
function initUser( &$user ) {
$vb_find_user_query = "SELECT email FROM user WHERE LOWER(username)=LOWER('" .
addslashes($user->mName) . "')";
$vb_find_result = mysql_query($vb_find_user_query, $this->vb_database);
if(mysql_num_rows($vb_find_result) == 1) {
$vb_user_info = mysql_fetch_array($vb_find_result);
/* weeno comment
the following two lines copy the email over and make it validated
so it can be used in the wiki */
$user->mEmail = $vb_user_info['email'];
$user->mEmailAuthenticated = wfTimestampNow();
}
else {
// ERROR?
}
}
}
?>
Other changes I had to make:
vBulletin AdminCP: exclude the characters from new registrations so it's not an ongoing issue.
I edited out some of the html in the MediaWiki code under SpecialPreferences.php to remove any options to change usernames and passwords, so people couldn't get their accounts out of sync.
any questions? It's still rather crude. but works. I'm working on more forum<->wiki interaction like listing recent articles and stuff. this stuff is still in progress.
arn
More Information