authentication help

[adams]

I am currently looking at integrating YaBBSE into
the webmail program Squirrelmail (http://www.squirrelmail.org/). Squirrelmail uses sessions for each user after authenticating with the IMAP mail server. For this reason I have a $username for anyone that has already been authenticated to my site and I would like for the user to have access to YaBBSE.

Does this mean that I can get rid of all the authentication and cookies in YaBBSE and just use the $username from Squirrelmail as the $user in YaBBSE?

Perhaps this has already been covered in another thread but I was unable to find it.

[Mike Bobbitt]

Well, I might as well piggyback on this thread too...

I've got a photo gallery script that works with YaBB (written in PERL) and I want to now also allow it to use YaBB SE (I.E. MySQL) authentication. I'm new to MySQL, but think I can work my way through this based on the above example. However, if someone *already* has some PERL code for this, I'd greatly appreciate it!

Shameless plug here: http://perl.bobbitt.ca/album

Thanks

[Mike Bobbitt]

Ok, I've made a lot of progress, and now have working code for PERL. Well, almost working. If I run the script as a regular user, I get this:

Code Select Expand

DBI connect('yabbse:localhost:3306','root',...) failed: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13) at album.pl line 2678

But if I run it as root, it works fine. So the code is OK, it's just permissions for MySQL or something like that... Can anyone lend me a hand?

Here's the code as it is so far:

Code Select Expand

   use DBI;
   my $user_sql,$dbh,$sth,$rv,@row;

      debug("Using database Authentication (type $authentication_type)",2,__LINE__);

      # Set "logged in" user
      $loggedin=$username;

      # Connect to database
      $dbh=DBI->connect("DBI:mysql:$db_name:$db_hostname:$db_port",$db_user,$db_password);

      # Build SQL command
      $user_sql="SELECT $db_passwdfield FROM $db_membertable WHERE $db_username = '$username'";

      if ($dbh)
      {
         # Check SQL command
         $sth=$dbh->prepare($user_sql);

         # Check for errors
         if (!$sth)
         {
            $warning.=$S{293};
            $warning.=$sth->errstr."<br />";
         }

         # Run SQL command
         $rv=$sth->execute;
         debug("Query returned $rv rows.",2,__LINE__);

         # Check for errors
         if (!$rv)
         {
            $warning.=$S{293};
            $warning.=$sth->errstr."<br />";
         }

         # Fetch Rows
         while(@row=$sth->fetchrow_array)
         {
            $storedpass=$row[0];
         }

         # Disconnect from database
         $dbh->disconnect;
      }
      else
      {
         $warning.=$S{293}."<br />";
      }

You'll need to customize some vars to get it working, but generally, this is it.

Cheers

[[Unknown]]

*shudders...*
I wasn't aware mysql maniuplation in perl was so.... painful..

Anyway, it looks to me as if you simply need to chmod /var/lib/mysql/mysql.sock to 755 or 777.... as it would only make sense for it to be permissions in this case.  The other alternative is that you might not have mysql/dbi set up for this other user. I mean, I'm not a king of li/unix but I am aware that some software has to be configured/installed for every user. Whether I'm right or wrong, it's a permissions/configuration issue on SOME file.

As far as the broader topic of this goes, I've made two programs YaBBSE-aware, (one I wrote in PHP, the other is 'aspGumChat' in ASP) and I think the easiest way to do authentication would be to bail (return, exit, whatever) if they aren't regged.  At least to me, it seems more failsafe, as you can't accidently let them in later.

Also, I think it's worth saying that...

Code Select Expand

if ($user != "") {
$user_sql = "SELECT memberName AS name, passwd, memberGroup AS group FROM yabbse_members WHERE memberName = '$user'";
$sql_result = mysql_query($user_sql,$connection) or die ("Couldn't execute user query.");
$row = mysql_fetch_array($sql_result);
if ($row["passwd"] != crypt($password, substr($password, 0, 2)))
         exit("Wrong password.");
if($row['group']!="Administrator" && $row['group']!="Global Moderator")
         exit("Sorry, you're not authorized to be here.");
doYourCrap();
... is a nice way to do your admin stuff, as long as you are certain no one can hack into your mysql/install.php.

-[Unknown]

[Mike Bobbitt]

Thanks man, that's also good info.

I should point out that the permissions problem was a problem with my MySQL installation, not with the code itself, so once I resolved that (pretty much as you described it) then it all worked great.

Cheers

[[Unknown]]

You are more than welcome.

-[Unknown]