MyBB Community Forums

(2010-10-26, 09:22 AM)sayravai Wrote: [ -> ]Attached is the AuthMyBB.php I'm using, and it works with the latest (final) versions of MyBB and MediaWiki. You'll need to change the row

var $forum_path = "../forums/";

to point to whatever directory you're hosting your MyBB in (relative to the MediaWiki directory). After changing the default path (if required), save the file to your MediaWiki directory.

These are the settings I have in the LocalSettings.php of MediaWiki:

# Don't let users mess with their accounts through MediaWiki
$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['*']['edit'] = false;

# Users cannot use the login function inside of the wiki to login.
$wgUseWikiLogin = false;

# These lines are required for the plugin to load
require_once("./AuthMyBB.php");
$wgAuth = new AuthMyBB();

# Disable everything of caching, caching is boe for the login system.
$wgEnableParserCache = false;
$wgCachePages = false;

As I said earlier, this still has some issues - with people using underscores in their login names, if I remember correctly - but at least it works for the most part.

Hope this helps someone.

Thanks!! This sure helped me!!

---

Is there a way to show the contribution made by a user in their profile in Mybb and postbit?

See this thread for the working version of a MyBB -> Mediawiki bridge:
http://community.mybb.com/thread-90914.html

There are already working version. I use MyBB 1.6.2 and MediaWiki 1.18alpha (r84839).

Hi, everyone. This utility is precisely what I needed - you've saved me a lot of work in coding it myself.

Having looked at the code, though, I note that it's susceptible to "SQL injection" attacks that can be used to do all kinds of terrible things to your database, your website, etc. For instance, I managed to do this by grabbing the first simple example I found:

Fatal error: [SQL] [1064] You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '_OR_'x'='x' ORDER BY regdate ASC LIMIT 1' at line 1
SELECT username FROM mybb_users WHERE username='Anything' OR 'x'='x' OR username='Anything'_OR_'x'='x' ORDER BY regdate ASC LIMIT 1 in /../forum/inc/db_mysql.php on line 550

(The sample came from here: http://www.unixwiz.net/techtips/sql-injection.html)

I'm going to look into a refinement that deals with this better, but thought that I'd pass on word of this problem.

---

FWIW, I've found that these changes help (for now) with _this form_ of attack. I haven't begun to look at where $username comes from, but in dealing with the variable where this module uses it, you can prevent these SQL attacks.

In the function userExists, I've added the two preg_replace lines.

function userExists($username) {
error_log("AuthMyBB : userExists : " . $username); # log to apache error_log for debug
$username = preg_replace("/\'.*$/", "", $username); # strips anything after '
$username = preg_replace("/[=;]*/", "", $username); # removes '=' and ';'
error_log("AuthMyBB : userExists (post hack): " . $username);

The same goes in authenticate:

function authenticate($username, $password) {
$username = preg_replace("/\'.*$/", "", $username);
$username = preg_replace("/[=;]*/", "", $username);

I think these are needed at a minimum, though a better solution will probably show up (e.g. whevere MyBB is taking the form input). At a glance, I'd say the problem exists in the function updateUser as well.

mediawiki is really high-weight for small website.
i install it beside my forum and integration work good with mediawiki 1.19
but my page load with delay .
mediawiki suggest that use apc cache and i cant install it correctly in my cpanel .
help :
http://www.mediawiki.org/wiki/Extension:APC

(2012-05-15, 01:34 PM)heavaz60 Wrote: [ -> ]mediawiki is really high-weight for small website.
i install it beside my forum and integration work good with mediawiki 1.19
but my page load with delay .
mediawiki suggest that use apc cache and i cant install it correctly in my cpanel .
help :
http://www.mediawiki.org/wiki/Extension:APC

You'd have to ask your host about that. They manage the server, so they will be able to install apc if they want to.

in the Manuel of installation of extension said that :

Download the files from SVN or download a snapshot (select your version of MediaWiki)
Create the folder $IP/extensions/APC
Add the files to that folder
Add to the end of LocalSettings.php (MW 1.17+):
require_once("$IP/extensions/APC/APC.php");

host should do this step !?

Has anyone a working bridge between MyBB 1.6.8 and MediaWiki 1.19.2 ?

I downloaded the code from http://community.mybb.com/thread-90914.html and I successfully configured LocalSettings.php and AuthMyBB.php (had to change line 2 from 'require_once "AuthPlugin.php";' to 'require_once "includes/AuthPlugin.php";').

However if I try to login on MediaWiki I get an SQL error saying:
"1146: Table 'usr_web1234_14.objectcache' doesn't exist (localhost)"

usr_web1234_14 is the database of my MyBB installation - objectcache is a MediaWiki table.
So it's logical that it doesn't find the table.
Am I supposed to use the same database for MediaWiki and MyBB?

Any help is highly appreciated!

I have problem for integration. This is writing in error log 9800 times.

[Thu Feb 05 08:45:04 2015] [error] [client 127.0.0.1] PHP Strict Standards:  Declaration of Auth_MyBB::modifyUITemplate() should be compatible with AuthPlugin::modifyUITemplate(&$template, &$type) in /home/game/public_html/site.com/viki/Auth_MyBB.php on line 248

FWIW, I (almost) have this working with MediaWiki 1.72 and MyBB 1.8.4 - Attached the version of AuthBB.php, I had to clean up some things...

My problem is that it won't autocreate new accounts for MediaWiki "the first time".  Eg: I tried creating one in IE (new user).  Authenticated but then returned an error:
   Auto-creation of a local account failed:
   Automatic account creation is not allowed

However, then I tried again in Edge and it worked.  Once created I was able to continue in the original browser.  Suggestions welcome

You'll need something like this in the LocalSettings.php for MediaWiki:

    ## Hook up to myBB database
    ## Don't let users mess with their accounts through MediaWiki
    $wgGroupPermissions['*']['createaccount'] = false;
    $wgGroupPermissions['*']['edit'] = false;
    
    # We need to be able to automagically create accounts for new mybb logins though
    $wgGroupPermissions['user']['autocreateaccount'] = true;
    
    # Users cannot use the login function inside of the wiki to login.
    $wgUseWikiLogin = false;
    
    # These lines are required for the plugin to load
    require_once("./AuthMyBB.php");
    $wgAuth = new AuthMyBB();
    
    # Disable everything of caching, caching is bad for the login system.
    $wgEnableParserCache = false;
    $wgCachePages = false;

I assume this still has the spaces/underscore issues of the other versions posted before.

---

Hmmpfh. Now it created the account, but it's also creating accounts for users that haven't been approved on MyBB yet - which is a very helpful door for spammers

---

It didn't seem to like the attachment, so here's the code for AuthMyBB.php:
You may also want to make sure the banned and admin groups are correct for your installation.

<?PHP
//AuthMyBB
//Kresty - Removed errors with MyBB 1.8.4 and WikiMedia 1.72
// Still having trouble with new accounts - Wouldn't create in IE, but did in Edge?
//
// You'll need something like this in LocalSettings.php of WikiMedia:
//
//    ## Hook up to myBB database
//    ## Don't let users mess with their accounts through MediaWiki
//    $wgGroupPermissions['*']['createaccount'] = false;
//    $wgGroupPermissions['*']['edit'] = false;
//    
//    # We need to be able to automagically create accounts for new mybb logins though
//    $wgGroupPermissions['user']['autocreateaccount'] = true;
//    
//    # Users cannot use the login function inside of the wiki to login.
//    $wgUseWikiLogin = false;
//    
//    # These lines are required for the plugin to load
//    require_once("./AuthMyBB.php");
//    $wgAuth = new AuthMyBB();
//    
//    # Disable everything of caching, caching is bad for the login system.
//    $wgEnableParserCache = false;
//    $wgCachePages = false;
//
//Rewritten by flash.tato, based on the Chris Boulton's source code
//It is full compatible with MyBB 1.4

if(!class_exists("AuthPlugin"))
	require_once("AuthPlugin.php");
	
define('IN_MYBB', 1);
	
class AuthMyBB extends AuthPlugin
{

	var $forum_path = "../forum/"; // The path to your copy of MyBB (with a trailing slash)
	
	var $config;
	
	var $db;
	
  // 1 is guests (don't want them making accounts), 5 is unapproved users, 7 is banned for our BB
	var $banned_usergroups = array(1,5,7);
	
  // 4 is administrators for us
	var $admin_usergroups = array();
	
	var $cookie_prefix;
	
	var $cookie_path;
	
	function __construct()
	{
		if(!file_exists($this->forum_path . "inc/config.php"))
		{
			die("Can't find config file");
		}
		require_once($this->forum_path . "inc/config.php");
		$this->config = $config;
		require_once($this->forum_path . "inc/functions.php");
		require_once($this->forum_path . "inc/db_base.php");
		require_once($this->forum_path . "inc/db_".$config['database']['type'].".php");
  	switch($config['database']['type'])
  	{
  		case "sqlite3":
  			$this->db = new DB_SQLite3;
  			break;
  		case "sqlite2":
  			$this->db = new DB_SQLite2;
  			break;
  		case "pgsql":
  			$this->db = new DB_PgSQL;
  			break;
  		case "mysqli":
  			$this->db = new DB_MySQLi;
  			break;
  		default:
        $this->db = new DB_MySQL;
  		}
		if(!extension_loaded($this->db->engine))
		{
			if(DIRECTORY_SEPARATOR == '\\')
			{
				@dl('php_'.$this->db->engine.'.dll');
			} 
			else 
			{
				@dl($this->db->engine.'.so');
			}
			if(!extension_loaded($this->db->engine))
			{
				die("Can't load DB extension");
			}
		}
		$this->db->connect($config['database']);
		$this->db->set_table_prefix($config['database']['table_prefix']);
		$this->db->type = $config['database']['type'];
		$query = $this->db->simple_select("usergroups", "gid", "isbannedgroup='1'");
		while($usergroup = $this->db->fetch_array($query))
		{
			$this->banned_usergroups[] = intval($usergroup['gid']);
		}
		$query_2 = $this->db->simple_select("usergroups", "gid", "cancp='1'");
		while($usergroup_2 = $this->db->fetch_array($query_2))
		{
			$this->admin_usergroups[] = intval($usergroup_2['gid']);
		}
		$query_3 = $this->db->simple_select("settings", "value", "name='cookieprefix'");
		$cookie_prefix = $this->db->fetch_array($query_3);
		$this->cookie_prefix = $cookie_prefix['value'];
		$query_4 = $this->db->simple_select("settings", "value", "name='cookiepath'");
		$cookie_path = $this->db->fetch_array($query_4);
		$this->cookie_path = $cookie_path['value'];
	}
	
	function userExists($username)
	{
		$db = &$this->db;
		$query = $db->simple_select("users", "username", "username='" . $this->fixUserName($username) . "'");
		$user = $db->fetch_array($query);
		if($user['username'])
		{
			return true;
		}
		else
		{
			return false;
		}
	}
	
	function authenticate($username, $password)
	{
		$db = &$this->db;
		$query = $db->simple_select("users", "username,password,salt,usergroup", "username='" . $db->escape_string($this->fixUserName($username)) . "'");
		$user = $db->fetch_array($query);
		$salted_psw = md5(md5($user['salt']).md5($password));
		if($user['username'] && $salted_psw == $user['password'])
		{
			if(in_array(intval($user['usergroup']), $this->banned_usergroups))
			{
				return false;
			}
			return true;
		}
		else
		{
			return false;
		}
	}
	
	function modifyUITemplate(&$template, &$type)
	{
		$template->set('usedomain', false);
		$template->set('useemail', false);
		$template->set('create', false);
	}
	
	function setDomain($domain)
	{
		$this->domain = $domain;
	}
	
	function validDomain($domain)
	{
		return true;
	}
	
	function updateUser(&$user)
	{
		$db = &$this->db;
		$query = $db->simple_select("users", "username,email,usergroup,additionalgroups", "username='" . $this->fixUserName($user->getName()) . "'");
		$res = $db->fetch_array($query);
		if($res)
		{
			if(in_array($res['usergroup'], $this->admin_usergroups))
			{
				$is_admin = true;
			}
			$memberships = explode(",", $res['additionalgroups']);
			for($i=0;$i<count($memberships);$i++)
			{
				if(in_array($memberships[$i], $this->admin_usergroups))
				{
					$is_admin = true;
				}
			}
			if($is_admin == true)
			{
				if (!in_array("sysop", $user->getEffectiveGroups()))
				{
					$user->addGroup('sysop');
				}
			}
			else
			{
				if (in_array("sysop", $user->getEffectiveGroups()))
				{
					$user->removeGroup('sysop');
					return true;
				}
			}
			$user->setEmail($res['email']);
			$user->setRealName($res['username']);
			return true;
		}
		return false;
	}
	
	function autoCreate()
	{
		return true;
	}
	
	function allowPasswordChange()
	{
		return false;
	}
	
	function setPassword($user, $password)
	{
		return true;
	}
	
	function updateExternalDB($user)
	{
		return true;
	}
	
	function canCreateAccounts()
	{
		return true;
	}
	
	function addUser($user, $password, $email = '', $realname = '')
	{
		return false;
	}
	
	function strict()
	{
		return true;
	}
	
	function initUser(&$user, $autocreate = false)
	{
		$user->mEmailAuthenticated = wfTimestampNow();
		$this->updateUser($user);
	}
	
	function getCanonicalName($username)
	{
		$dbr = wfGetDB( DB_SLAVE );
		
		$res = $dbr->selectRow('user', array("user_name"),
						"lower(user_name)=lower(".
						$dbr->addQuotes($username).")",
						"AuthMyBB::getCanonicalName" );
		
		if($res)
		{
			return $res->user_name;
		}
		else
		{
			return $username;
		}
	}
	
	function fixUserName($username)
	{
		if(strpos($username, " ") === false)
			return $username;
		$db = &$this->db;
		$username = str_replace("__", " ", $username);
		$query = $db->simple_select("users", "username", "username='$username' OR username='" . str_replace(" ", "_", $username) . "'", array('order_by' => 'regdate', 'order_dir' => 'ASC', 'limit' => 1));
		$result = $db->fetch_array($query);
		$user = $result['username'];
		if($user)
			return $user;
		else
			return $username;
	}
	
}
?>