thedeadone.net

I’ve managed to get Pligg to use Redbrick’s PubCookie to authenticate logins. For the moment, you can see it in action here. However, this was done for demo purposes so I don’t know if it’ll stay there forever.

I reused the approach that worked for integrating MediaWiki with PubCookie for our Redbrick Wiki. This was based on the work originally described here.

I’ve only tested this with Pligg Beta 8.1.0. I believe future versions may have a better approach for external authentication so I can’t guarantee this will work with future versions.

I’m assuming that you already have an existing and working pubcookie installation. The first thing to do is install Pligg. Get it up and running with it’s own authentication. Make sure you can login with the pre-created “god” account.

We’re going to need to modify the template quite a bit, so create a copy of the existing template, mollio-beat. To do this, just make a copy of ‘templates/mollio-beat’ in ‘templates/’ (including all subdirectories). Make sure the permissions are correct, etc. I renamed this copy “rb” (for Redbrick), so I now had a ‘template/rb’. I went into the admin interface in Pligg and under the Template configuration, changed ‘mollio-beat’ to ‘rb’ and disabled the option that lets users change the template. We don’t want users being able to go back to the old way of authentication.

Next, create a ‘custom_auth’ directory in your pligg directory.

Create a ‘login1.php’ with these contents in ‘custom_auth’. Make sure to replace ‘[url to your pligg install]‘ with the correct URL to your pligg directory. This file simply redirects the user to a pubcookie protected page.

< ?php

session_start();

//we don't want people accessing this page directly!
if (isset($_SERVER['HTTP_REFERER'])) {
//save the referrer so we can redirect back to the page they came from
$_SESSION['http_referrer'] = $_SERVER['HTTP_REFERER'];

//now send them off to the PubCookie protected login page
header('Location: https://[url to your pligg install]/custom_auth/login2.php');
}
else {
header('HTTP/1.1 403 Forbidden');
echo "This page cannot be accessed directly";
}

?>

Create a ‘login2.php’ with these contents in ‘custom_auth’. This page will be protected by pubcookie. The user will then login via pubcookie, be redirected back here and be logged into pligg. You can replace the “@redbrick.dcu.ie” in the email field to something that makes more sense for your setup.

< ?php

// Needed by Pligg

include_once('../Smarty.class.php');
$main_smarty = new Smarty;
include('../config.php');
//include(mnminclude.'html1.php');
//include(mnminclude.'link.php');
//include(mnminclude.'smartyvariables.php');

require_once "HTTP/Request.php";

//this script must be run behind some type of Apache user authorization
//fail immediately if it isn't
if (!isset($_SERVER['REMOTE_USER'])) {
die("The remote user variable is not set");
}

//get the login username
$username = strtolower($_SERVER['REMOTE_USER']);

session_start();

$redirect = $_SESSION['http_referrer'];
unset($_SESSION['http_referrer']);

global $db;

$ok = 1;
// if a user doesn't exit... create the user
if(!user_exists($username)){
// come up with some default email
$email = $username."@redbrick.dcu.ie";
$userip = $_SERVER['REMOTE_ADDR'];
$ok = $db->query(“INSERT INTO users (user_login, user_email, user_pass, user_date, user_ip) VALUES (‘$username’, ‘$email’, ‘password’, now(), ‘$userip’)”);
}

// if everything is okay…
if($ok) {
// log in!
$user=$db->get_row(“SELECT user_id, user_pass, user_login FROM users WHERE user_login = ‘$username’”);
$current_user->user_login = $user->user_login;
$current_user->user_id = $user->user_id;
$current_user->authenticated = TRUE;
$current_user->md5_pass = md5($user->user_pass);
$current_user->SetIDCookie(1, false);
$lastip=$_SERVER['REMOTE_ADDR'];
mysql_query(“UPDATE users SET user_lastip = ‘$lastip’ WHERE user_id = {$user->user_id} LIMIT 1″);
mysql_query(“UPDATE users SET user_lastlogin = now() WHERE user_id = {$user->user_id} LIMIT 1″);
}

//finally redirect the user back to his original page
header(“Location: $redirect”);
?>

Now create a ‘.htaccess’ file. This will make ‘login2.php’ protected by pubcookie. On my setup, to do this, I use this:

PubcookieAppID cpig1
AuthType pubcookie


       require valid-user

Now you need to modify your template to use this new login approach. Go into your template directory (in my case thats ‘template/rb’) and modify “login_center.tpl”. Add these lines near the top of tile and replace [url to your pligg install] with the correct URL to your pligg directory. This will cause all logins to redirect to the new login scripts.

< ?php
/* these lines added to enable pub cookie login! */
header("Location: http://[url to your pligg install]/custom_auth/login1.php");
exit;
?>

Now, open up your Pligg in a browser of choice. Assuming your not currently logged in, follow the login link at the top. You should now have to login using pubcookie. If login is sucessful, you should now be logged into Pligg.

However, you’ll want to give yourself admin powers. So login using your own pubcookie account so that the user account is created in Pligg. Now change the template from ‘rb’ back to ‘mollio-beat’. Hopefully now you should be able to login using the original ‘god’ account. Once logged in, change your pubcookie account to ‘god’ level. Nowe change the the template back to ‘rb’ (or whatever you called it).

People can now log into your Pligg using pubcookie. However, your site isn’t fully secure. Delete ‘register.php’ so that no-one can create accounts. We do not want to delete ‘login.php’ however as this does our ‘logout’. Instead we will modify ‘login.php. Look for these lines:

if($_POST["processlogin"] == 1) {
$username = trim($_POST['username']);
$password = trim($_POST['password']);
$persistent = $_POST['persistent'];
if($current_user->Authenticate($username, $password, $persisten$
$errorMsg=PLIGG_Visual_Login_Error;} else {
if(strlen($_REQUEST['return']) > 1) {
header(‘Location: ‘.$_REQUEST['return']);
} else {
header(‘Location: ‘.my_pligg_base.’/');
}
die;
}
}

We want to prevent hackers from using URLs to log in. So comment out the normal authentication test, as below.

if($_POST["processlogin"] == 1) {
/*$username = trim($_POST['username']);
$password = trim($_POST['password']);
$persistent = $_POST['persistent'];
if($current_user->Authenticate($username, $password, $persisten$
$errorMsg=PLIGG_Visual_Login_Error;} else {
if(strlen($_REQUEST['return']) > 1) {
header(‘Location: ‘.$_REQUEST['return']);
} else {
header(‘Location: ‘.my_pligg_base.’/');
}
die;
}*/
}

Your site is now ready to be used. However I would suggest some further template changes. These are not required to make your site work, but they do improve usablity for your members.

In the template file ‘header.tpl’, remove the line:

{#PLIGG_Visual_Register#}

This will remove the “register option” from the top of the page.

In the template file ‘profile_center.tpl’, remove these lines:

{#PLIGG_Visual_Profile_ChangePass#}

{#PLIGG_Visual_Profile_NewPass#}:

{#PLIGG_Visual_Profile_VerifyNewPass#}:

This will remove the change password option from users profiles. It’s harmless, as the password is not used, but it could convince your users.

In the template file ‘sidebar_modules/login.tpl’, you may want to replace, pretty much everything in this file so that users don’t see a login form in the sidebar. This is what I put in it.

{#PLIGG_Visual_Login_Title#}

You can log in using your Redbrick
username and password due to the magic of pubcookie. Just follow the link
below.

{#PLIGG_Visual_Login#}

A final suggestion, in the admin panel in langauge configuration, I’d recommend changing all instances of “login” to “sign in” and “logout” to “sign out”.

Related Posts:

• Add a “pligg it” button to your webpage!
• A thought-exercise: Redbrick “Web 2.0″
• A new look for thedeadone.net
• Phew! Made it!
• thedeadone.net is back!