Hello there,
I couldn't any information in the Docs about this so I was hoping to get the answer here. i am evaluating which forum software to use on my existing website and ElkArte seems like great choice. However, I do not want people to reigster via ElkArte at all, and I want to use my existing user registration system in order for people to access my ElkArte forum. Is there a way to do this easily? Any guide / examples on how to implement this? I believe what I am asking for is a way to do Single-Sign On. Thanks!
A very quick&dirty example could be:
<?php
if (!defined('ELK'))
die('No access...');
class ValidateLogin_Integrate
{
public static function integrate_action_login()
{
global $context;
$context['disable_login_hashing'] = true;
}
public static function integrate_validate_login()
{
$db = database();
$request = $db->query('', '
SELECT *
FROM [icode]{your_database[/icode].[icode]{your_table}[/icode]
WHERE name = {string:username}
LIMIT 1',
array(
'username' => $_POST['user'],
'db_error_skip' => true
)
);
$result = $db->fetch_assoc($request);
echo '<pre>';
print_r($result);
// Check if the user exists in Elk {db_prefix}members as well
// If not create the new member using registerMember (and set 'interface' to something like 'external'
die();
}
}
The die above is just to show the result of the query, of course in the final code it should not be there.
The general idea is:
1) disable the Elk's client-side password hashing (otherwise you would not be able to compare the password),
2) verify the user exists in your database,
3) if exists create a new user in the Elk database.
The code above requires the two methods are "attached" to two hooks: integrate_action_login and integrate_validate_login.
I left out all the settings required for creating the new user, but if you need any hint feel free to ask. ;D
Thanks for the prompt reply! Does this mean anytime the user changes their username or password on my existing site, that I need to update it in the ELK database? Is there a way to make it so that I don't need to use the Elk USER table at all?
Nope, Elk relies almost everywhere on the members table (for example all the JOINs all around the code).
If you can't rely on the name (and from what you say you cannot at all), then... do you have a reliable id? Something that identifies a member without any doubt.
Is there a way to easily remove the Registration page and links or change where it points to?
Sorry, I lost that one open on the other computer... :-\
I should stop this behaviour of mine... lol
Yes, the actionArray still has precedence over naming pattern, so using the integrate_actions hook and changing the "routing" of the 'register' action, you can decide where to send it... actually you could just use the hook to directly redirect any user asking for the page to somewhere else:
if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'register')
{
// do the redirect
die(); // just in case
}
I know this is a old post now, but thought I'd try and create a package for LDAP auth.
I can't see a way to disable the login hashing any more, and even if I do hash_passwd gets past via integrate_validate_login not passwd so I can't validate the password anyway. Am I missing something obvious or doing it the wrong way?
Hi,
the client-side hashing is done through javascript calling a function during an onsubmit event of the login form, to disable it, you just have to set $context['disable_login_hashing'] to true before the output of the template.
Using hooks, any of integrate_user_info, integrate_init_theme, integrate_load_theme should do. :)
I've tried all that but $_POST['hash_passwrd'] isn't set. $_POST['passwrd'] is though and I can see the password I put in there. It's just not passed in to the hook.
if (in_array('retry', call_integration_hook('integrate_validate_login', array($_POST['user'], isset($_POST['hash_passwrd']) && strlen($_POST['hash_passwrd']) == 40 ? $_POST['hash_passwrd'] : null, $modSettings['cookieTime'])), true))
Nope, but $_POST is a superglobal, just use it. ;)
I was trying to cleanly integrate rather than just pulling things out of globals, that seemed a bit messy.
If thats the only way then I'll use it that way.
Thanks for your guidance.
Hi,
If anyone wants something that kinda works, then see the attached files.
You need to add the following to the bottom of Settings.php, well with your configuration for each part..
// LDAP Settings
$ldapSettings['host'] = '127.0.01';
$ldapSettings['pass'] = 'password';
$ldapSettings['rdn'] = 'cn=who,dc=blah,dc=bleh';
$ldapSettings['dn'] = "dc=blah,dc=bleh";
It will register the user if the user does not exist then logs in as usual.
Alot of features need to be added, like checking if the password has changed on the LDAP server and update Elkarte.
Configuring the module properly.
etc....
If there is interest from anyone then I'll update and create a better package rather than doing the minimum to get something working.
Really nice one.. do you have a public repository @github or something similar for that addon?
One suggestion: there's currently no licensing information included..
I can put it on github if it’s of any use. Sorry though I had. Licence I’ll put a BSD one on as that’s what I tend to use.