Skip to main content
Integrating ElkArte with existing users table? (Single-sign on) Started by heat23 · · Read 7743 times 0 Members and 1 Guest are viewing this topic. previous topic - next topic

Integrating ElkArte with existing users table? (Single-sign on)

Hello there,
I couldn't any information in the Docs about this so I was hoping to get the answer here. i am evaluating which forum software to use on my existing website and ElkArte seems like  great choice. However, I do not want people to reigster via ElkArte at all, and I want to use my existing user registration system in order for people to access my ElkArte forum. Is there a way to do this easily? Any guide / examples on how to implement this? I believe what I am asking for is a way to do Single-Sign On.  Thanks!

Re: Integrating ElkArte with existing users table? (Single-sign on)

Reply #1

A very quick&dirty example could be:
Code: [Select]
<?php

if (!defined('ELK'))
die('No access...');

class ValidateLogin_Integrate
{
public static function integrate_action_login()
{
global $context;

$context['disable_login_hashing'] = true;
}

public static function integrate_validate_login()
{
$db = database();

$request = $db->query('', '
SELECT *
FROM [icode]{your_database[/icode].[icode]{your_table}[/icode]
WHERE name = {string:username}
LIMIT 1',
array(
'username' => $_POST['user'],
'db_error_skip' => true
)
);

$result = $db->fetch_assoc($request);
echo '<pre>';
print_r($result);

// Check if the user exists in Elk {db_prefix}members as well
// If not create the new member using registerMember (and set 'interface' to something like 'external'

die();
}
}
The die above is just to show the result of the query, of course in the final code it should not be there.

The general idea is:
1) disable the Elk's client-side password hashing (otherwise you would not be able to compare the password),
2) verify the user exists in your database,
3) if exists create a new user in the Elk database.

The code above requires the two methods are "attached" to two hooks: integrate_action_login and integrate_validate_login.

I left out all the settings required for creating the new user, but if you need any hint feel free to ask. ;D
Bugs creator.
Features destroyer.
Template killer.

Re: Integrating ElkArte with existing users table? (Single-sign on)

Reply #2

Quote from: emanuele – A very quick&dirty example could be:
Code: [Select]
<?php

if (!defined('ELK'))
die('No access...');

class ValidateLogin_Integrate
{
public static function integrate_action_login()
{
global $context;

$context['disable_login_hashing'] = true;
}

public static function integrate_validate_login()
{
$db = database();

$request = $db->query('', '
SELECT *
FROM [icode]{your_database[/icode].[icode]{your_table}[/icode]
WHERE name = {string:username}
LIMIT 1',
array(
'username' => $_POST['user'],
'db_error_skip' => true
)
);

$result = $db->fetch_assoc($request);
echo '<pre>';
print_r($result);

// Check if the user exists in Elk {db_prefix}members as well
// If not create the new member using registerMember (and set 'interface' to something like 'external'

die();
}
}
The die above is just to show the result of the query, of course in the final code it should not be there.

The general idea is:
1) disable the Elk's client-side password hashing (otherwise you would not be able to compare the password),
2) verify the user exists in your database,
3) if exists create a new user in the Elk database.

The code above requires the two methods are "attached" to two hooks: integrate_action_login and integrate_validate_login.

I left out all the settings required for creating the new user, but if you need any hint feel free to ask. ;D

Thanks for the prompt reply! Does this mean anytime the user changes their username or password on my existing site, that I need to update it in the ELK database? Is there a way to make it so that I don't need to use the Elk USER table at all?

Re: Integrating ElkArte with existing users table? (Single-sign on)

Reply #3

Nope, Elk relies almost everywhere on the members table (for example all the JOINs all around the code).
If you can't rely on the name (and from what you say you cannot at all), then... do you have a reliable id? Something that identifies a member without any doubt.
Bugs creator.
Features destroyer.
Template killer.

Re: Integrating ElkArte with existing users table? (Single-sign on)

Reply #4

Is there a way to easily remove the Registration page and links or change where it points to?

Re: Integrating ElkArte with existing users table? (Single-sign on)

Reply #5

Sorry, I lost that one open on the other computer... :-\
I should stop this behaviour of mine... lol

Yes, the actionArray still has precedence over naming pattern, so using the integrate_actions hook and changing the "routing" of the 'register' action, you can decide where to send it... actually you could just use the hook to directly redirect any user asking for the page to somewhere else:
Code: [Select]
if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'register')
{
    // do the redirect
    die(); // just in case
}
Bugs creator.
Features destroyer.
Template killer.

Re: Integrating ElkArte with existing users table? (Single-sign on)

Reply #6

Quote from: emanuele –
The general idea is:
1) disable the Elk's client-side password hashing (otherwise you would not be able to compare the password),
2) verify the user exists in your database,
3) if exists create a new user in the Elk database.

I know this is a old post now, but thought I'd try and create a package for LDAP auth.

I can't see a way to disable the login hashing any more, and even if I do hash_passwd gets past via integrate_validate_login not passwd so I can't validate the password anyway. Am I missing something obvious or doing it the wrong way?

Re: Integrating ElkArte with existing users table? (Single-sign on)

Reply #7

Hi,

the client-side hashing is done through javascript calling a function during an onsubmit event of the login form, to disable it, you just have to set $context['disable_login_hashing'] to true before the output of the template.
Using hooks, any of integrate_user_info, integrate_init_theme, integrate_load_theme should do. :)
Bugs creator.
Features destroyer.
Template killer.

Re: Integrating ElkArte with existing users table? (Single-sign on)

Reply #8

Quote from: emanuele – Hi,

the client-side hashing is done through javascript calling a function during an onsubmit event of the login form, to disable it, you just have to set $context['disable_login_hashing'] to true before the output of the template.
Using hooks, any of integrate_user_info, integrate_init_theme, integrate_load_theme should do. :)

I've tried all that but $_POST['hash_passwrd'] isn't set. $_POST['passwrd'] is though and I can see the password I put in there. It's just not passed in to the hook.

Code: [Select]
if (in_array('retry', call_integration_hook('integrate_validate_login', array($_POST['user'], isset($_POST['hash_passwrd']) && strlen($_POST['hash_passwrd']) == 40 ? $_POST['hash_passwrd'] : null, $modSettings['cookieTime'])), true))

Re: Integrating ElkArte with existing users table? (Single-sign on)

Reply #9

Nope, but $_POST is a superglobal, just use it. ;)
Bugs creator.
Features destroyer.
Template killer.

Re: Integrating ElkArte with existing users table? (Single-sign on)

Reply #10

Quote from: emanuele – Nope, but $_POST is a superglobal, just use it. ;)

I was trying to cleanly integrate rather than just pulling things out of globals, that seemed a bit messy.

If thats the only way then I'll use it that way.

Thanks for your guidance.

 

Re: Integrating ElkArte with existing users table? (Single-sign on)

Reply #11

Hi,

If anyone wants something that kinda works, then see the attached files.

You need to add the following to the bottom of Settings.php, well with your configuration for each part..

Code: [Select]

// LDAP Settings
$ldapSettings['host']   = '127.0.01';
$ldapSettings['pass']   = 'password';
$ldapSettings['rdn']    = 'cn=who,dc=blah,dc=bleh';
$ldapSettings['dn']     = "dc=blah,dc=bleh";

It will register the user if the user does not exist then logs in as usual.

Alot of features need to be added, like checking if the password has changed on the LDAP server and update Elkarte.
Configuring the module properly.
etc....

If there is interest from anyone then I'll update and create a better package rather than doing the minimum to get something working.


Re: Integrating ElkArte with existing users table? (Single-sign on)

Reply #12

Really nice one.. do you have a public repository @github or something similar for that addon?
One suggestion: there's currently no licensing information included..
Thorsten "TE" Eurich
------------------------

Re: Integrating ElkArte with existing users table? (Single-sign on)

Reply #13

Quote from: TE – Really nice one.. do you have a public repository @github or something similar for that addon?
One suggestion: there's currently no licensing information included..

I can put it on github if it’s of any use. Sorry though I had. Licence I’ll put a BSD one on as that’s what I tend to use.