MyBB Community Forums

Hello everyone,

I just wanted to share some of the work I've done in getting MyBB to use an external authentication mechanism. The changes are very simple and I'm sharing it for 2 reasons:
1. Might save someone an hour of time.
2. I'm open to advice on whether I've implemented it in a reasonable way. I'm new to MyBB so maybe this could be done via a plugin to make upgrades easier? I tried to keep it as simple as possible so as future integration with newer versions will be easy.

I've attached a diff of the inc/functions_user.php which is the only file changed.

107c107,112
<       if(salt_password(md5($password), $user['salt']) == $user['password'])
---
>
>       // default mybb user auth for admin user (uid = 1)
>       // eage auth for everyone else
>       if(     ( $user['uid'] == 1 &&
>               salt_password(md5($password), $user['salt']) == $user['password']) ||
>               my_password_test($user['username'],$password) )
578c583,598
< ?>
\ No newline at end of file
---
>
> /**
>  * An external authentication test for users.
>  *
>  * @param string The username.
>  * @param string The password.
>  * @return boolean True if username/password are valid, false if not.
> */
> function my_password_test($username, $password)
> {
>       //external authentication test here
>       // prehaps using DB connection or Web Service
>       return false;
> }
>
> ?>

To work you need to have the users in the MyBB database although their password is ignored (unless they are uid 1). So next job will be automating an import of current users and disabling password changes within MyBB.

Looking forward to any comments/suggestions.