I am using Single Sign-On module to integrate users of PhpBB forum with drupal users. I have installed PhpBB in root of my project. Also I've installed the Single-Sign-On module and configure it properly and it shows the success message after configuring the module.
But I can't login by my Drupal users into PhpBB yet
I tried PhpBB version 3.0.10 and PhpBB version 3.1.2 but any of them have been integrated to Dupal. I am wondering if I should use a specific version to solve my issue or I missing something else about installing this module.
does this moduleintegrate the authentication system of drupal and php or it need to be used with other modules like phpbbforum?
Comment | File | Size | Author |
---|---|---|---|
#7 | phpbb_3.1_plus_multiple_databases.patch | 20.18 KB | Anonymous (not verified) |
#4 | phpbb_3.1_login_0.2.diff | 2.39 KB | cagonza6 |
Comments
Comment #1
cagonza6 CreditAttribution: cagonza6 commentedBefore start, please read this: https://www.phpbb.com/community/viewtopic.php?f=71&t=2253811
I have the same issue than in the first post, so I decided to take a look to the code. Our problem is with a bridge, but the seed of the problem is the same: the hashing of the passwords.
1st part
The old phpBB uses a hash for a certain password with a different structure, as in the link from before:
Old system
The length is 34.
2nd part
The new login algorithm of phpBB use something called CRYPT_BLOWFISH that can generate passwords with other structure, I'm just starting to dig in the problem, but that new "tool" (or whatever it is) give dynamic hashes that depend on the system where the script runs. In different moments gives different hashes:
New system
The length is 60.
The reason
The difference is due to something called "portable_hashes" which make all the process more difficult to hack and, therefore, complicates the hashes.
The Solution
One option is to update the script used "phpass 0.1" to the version 0.3 and including the option to use "portable hashes" or include just that part in the actual code.
At least, that is what I understood after digging into the code and reading about the new hashing systems.
I'm working on that thing.
Comment #2
fizk CreditAttribution: fizk commented@cagonza6 Thanks for your help, it looks like phpBB 3.1 changed the way they create and manage passwords. I'd be happy to review any patches you have.
@faren.de As of right now, phpbb_sso will not work with phpBB 3.1. I'd recommend using the latest phpBB 3.0.x.
Comment #3
cagonza6 CreditAttribution: cagonza6 commentedI have to say that I'm not really a programmer, I just learn by myself.
Anyway, here it is. The changes are not really big, but I think I did break something.
Comment #4
cagonza6 CreditAttribution: cagonza6 commentedI realized I have uploaded the wrong patch. The difference is a modification in a query in the method : _phpbb_sso_check_user ()
filename: phpbb_3.1_login_0.2.diff
Comment #5
fizk CreditAttribution: fizk commentedThanks. I took a look at this, and it seems the auth system allows for a lot more varieties of password hashes. We'll need to be compatible with all of them.
Comment #6
heshanlkIf the server doesn't have mcrypt installed then it uses md5 (if it is available) and this module seems works fine out of the box with 3.1. You need to have cookie domain config same as the domain hosted your Drupal site.
Comment #7
Anonymous (not verified) CreditAttribution: Anonymous commentedI applied two patches (namely the one already attached to this issue and the support for different database than Drupal's current)
After fiddling about and probably having to repeat the same code too many times, I ended up with a working solution.
Currently, the support for different databases uses a helper function in phpbb_sso.module called phpbb_sso_db_set_active. This is similar to the one used in the phpbb_sso.admin.inc.
The current version accepts various values as parameters, which probably should just be a single array instead. See below for the helper.
I found this has to be called after any module_load_includes but before any db_query calls that want to target the phpBB database. One solution would be to have the database details in Drupal's settings.php and have the db_query use the specific target instead.
All-in-all, the patch is still a very much work in progress but it works.
Tested with Drupal 7.36 and phpBB 3.1.3
Now we only need the accompanying extension for phpBB 3.1 to add support for using Drupal logins in phpBB and destroying Drupal sessions with the phpBB ones on logout.
Comment #8
Kapu CreditAttribution: Kapu commentedHey,
I found this topic very helpful in integrating my Drupal site with phpbb 3.1. Session is created succesfully in database, but the cookie is not created. I checked values many times, it seems that all of them are ok. Also tried to use setcookie() function, but with no success. My forum is on forum.mydomain.com, while drupal site on mydomain.com. When I enter forum after logging into Drupal, I still have a cookie for anonymous user, even though my user is logged in.
Comment #9
Sequencing.com CreditAttribution: Sequencing.com commentedWe're experiencing the same issues with session persistence as Kapu. Any possible solutions?
Comment #11
fizk CreditAttribution: fizk commentedI've committed support for phpBB 3.1. It will work if your phpBB password uses the old MD5 hash or the new bcrypt hash, which is expect to cover most cases.
There are a bunch of odd hashes in phpBB 3.1 that I doubt anyone uses, so I haven't added support for them yet.