Topic: SME user authentication using PHP

[adam blake]

Hi all,

I haven't been able to find a thread about this topic.

I am designing an intranet web page and want to make a login page (login.php) using PHP. But instead of setting up my own -duplicate- database with a list of users and their passwords I want to check the username and password against SME's list so that if one of the users changes their SME password using the User Panel I do not have to manually change my database.

Put simply how can I use SME's username & password database to authenticate a login as it does for Horde's IMP and the User Panel by Dungog?

Suggestions much appreciated!

adam

[Ray Mitchell]

I have a future need for that also to access a MySQL database (yet to be created) and woudl also be interested in the answer.
Thanks & Regards
Ray Mitchell

[Nathan Fowler]

It's pretty easy, I do this now.

Basically, what I do is I try to authenticate the user against IMAP, since any "user" on the system has a mailbox, you can pass the username/password against IMAP, if the login is successful (Mailbox is able to be opened), then this is a good user.

I'd be more than happy to publish some example PHP code if necessary.

Thanks,
Nathan

[adam blake]

Thanks Nathan, that is certainly one way of doing it. Is that the way that Horde IMP (webmail) does it? I have been flicking through their code to see what they do.

cheers,

adam

[Dan Brown]

Yes, that's how horde does it in a standard SME installation, though there are other options.

[adam blake]

Thanks Dan!

If anyone else has other suggestions they would be appreciated still, but now I have something to start working on.

adam

[Doyle Glaze]

Nathan Fowler wrote:
>
> It's pretty easy, I do this now.
>
> Basically, what I do is I try to authenticate the user
> against IMAP, since any "user" on the system has a mailbox,
> you can pass the username/password against IMAP, if the login
> is successful (Mailbox is able to be opened), then this is a
> good user.
>
> I'd be more than happy to publish some example PHP code if
> necessary.
>
> Thanks,
> Nathan

I would love to see your code on this....Thanks

[Nathan Fowler]

//Example code, assume that $username and $password is passed via FORM (hopefully SSL!)
//For more information see http://us2.php.net/manual/en/function.imap-open.php
//Assume file is named imaplogin.php

echo("\n");
echo("\n");
echo("\n");

//Username & Password passed.
if($username && $password){
   //Define your variables to suit your needs
   $IMAPSERVER = "127.0.0.1";
   $IMAPPORT = "143/notls";

   $mbox = imap_open ("\{$IMAPSERVER:$IMAPPORT}", "$username", "$password",OP_HALFOPEN) || die("Invalid username or password: " .  imap_last_error());

   //Do stuff here, user/pass is good.
   echo("Hi $username, welcome to the system.");
}else{
   //Need login
   echo("\n");
   echo("Username:  
\n");
   echo("Password:  
\n");
   echo("\n");
   echo("\n");
}

echo("");
echo("\n");

?>

[Nathan Fowler]

Note that the first and last line echo [HTML] with the < and > tags, however, the forum stripped these tags.

[adam blake]

Thanks for the code Nathan!

Cheers,

adam

[adam blake]

I want to take this one step further now, and I am hoping you may be able to help. While the user is logged in I would like them to be able to access the User Manager panel (Dungog) but without having to log on again using the browser's session based logon, ie. is there a way I can set the internal $AUTH_USER and $AUTH_PASS and $REALM (or whatever it is) variables? If not I may have to reproduce the user interface by going through the code for this panel, but that doesn't sound that easy and I think it uses a lot og CGI.

cheers,

adam

[Nathan Fowler]

I don't think so since these are directly controlled by Apache ACLs.

What does the User Manager panel do that you would like?

I've created some PHP code that allows users to change their passwords.

[adam blake]

Hi Nathan,

The User Panel allows them to change their password, vacation message and auto-responder plus a heap more, but those are the things I want them to do. Anything you have would be appreciated, anything else I can always ask Dungog about as they wrote the interface - perhaps it can be "skinned" I just have to find a way of logging them in automatically so they don't have to log in twice.

cheers,

adam

[Judd Stohl]

Dungog has a user panel  

RPM's are available here:
 http://www.dungog.net/sme/files/userpanel/

Hope this helps.

-Judd