Solution for multiple adminstrator groups + PHP-Nuke bridge Solution for multiple adminstrator groups + PHP-Nuke bridge
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Solution for multiple adminstrator groups + PHP-Nuke bridge

Started by amirw2k, November 30, 2005, 01:58:24 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

amirw2k

First of all, you've got a great product. I've used ver 1.1d with PHP-Nuke and now I was very happy to see that you created this Bridge so I can upgrade my gallery :)

I've built a bridge for PHP-Nuke using the phpBB 2.0.18 bridge. The gallery works as a stand-alone gallery and all I wanted is a user database integration, so now it's checking the phpnuke cookie as well as phpbb's sessions table to verify the user.

My question regards the file udb_base.inc.php (the main bridge file).

I had a lot of troubles making the administrator of the gallery get full access and this is the main reason as I found out:

$USER_DATA['has_admin_access'] = (in_array($USER_DATA['groups'][0] - 100,$this->admingroups)) ? 1 : 0;

This line is inside the function authenticate(). The problem is that it only checks to see if the first group of the current user's groups array is an administrator group (check if it's in the array of adminiatration groups).

This leads into a case in which if the administration group in phpBB is not in place 0 of the user's groups array, then the user will not be identified as an administrator. In phpBB when you create a new group, it automatically gets a random number. Maybe I missed something in the logic of this, but as I see it, this issue can be solved in two ways:
1. Replace this line with this:
$USER_DATA['has_admin_access'] = (in_array($this->admingroups[0]+100, $USER_DATA['groups'])) ? 1 : 0;
This means you can have only one administration group which will be in place 0 (this is set in the specific bridge file).

2. This is what I did. Simply check all user's groups against all administration groups

    $has_admin_access = 0;
foreach($USER_DATA['groups'] as $c_id => $c_group_id)
{
//Is current group id in admin groups?
$has_admin_access = (in_array($c_group_id - 100,$this->admingroups)) ? 1 : 0;

if ($has_admin_access == 1)
{
break; //Has admin access, don't check anymore
}
}
//Set admin access
$USER_DATA['has_admin_access'] = $has_admin_access;


This was what solved my problem and enabled me to log in as an administator.

In the phpnuke.inc.php file I set:
$this->admingroups = array(1111);
Where 1111 is the new group I created in phpBB especially for gallery administrators (1111 is an example random number chosen by phpBB).

That's about it. I tried to put all changes to the phpnuke.inc.php bridge file, but this is one thing I couldn't avoid. If you know of a better solution, I'd be happy to hear about it.

By the way, if anyone is interested in the php-nuke bridge, I'll be posting it when I can be sure it's stable enough. I have no intention to make it as a module, but only to use it as stand-alone gallery that connects to the users/groups tables in the database. I think it's the best solution and can make things much simpler for future versions upgrades.

By the way, I'm using a highly modified PHP-Nuke 7.0 along with a highly modified phpBB.

Best Regards,
Amir W.

Nibbler

You can override the core_udb::authenticate() method by providing an implementation in the phpnuke bridge file, core_udb is just there to make simple operations easier. Thanks for posting this, perhaps it will help others looking to do similar things.

amirw2k

Hi Nibbler,

You are right. It's possible to copy the whole authenticate function into phpnuke.inc.php and override it without touching the original files. The only down-side to this is it can be confusing especially if the core_udb will be updated in future versions for some reason, but this is what I'm going to do when I publish the bridge.

Amir W