Integrating Dokuwiki and phpBB2

Tags: howtos

Published on Sunday, April 1, 2007

« Previous post: Claws-mail and GPG — Next post: Promoting Privacy »

Dokuwiki is a nice Wiki system if you don’t need tons of extra features and plugins. If you happen to have a phpBB2 installation running, too, you can tell Dokuwiki to use this database to authenticate users. Here’s how that works.

The following changes should be made to your local.php configuration file. The might get overwritten if you store them elsewhere. Here is an excerpt from my configuration file:

/* you want ACLs and MySQL */
$conf['useacl'] = 1;
$conf['authtype'] = 'mysql';

/* I do not want users to register via Dokuwiki */
$conf['openregister']= 0;

/* check the MD5-hash via MySQL */
$conf['auth']['mysql']['forwardClearPass'] = 1;

Moreover, you have to configure the database connection:

$conf['auth']['mysql']['server']   = 'your server';
$conf['auth']['mysql']['user']     = 'your username';
$conf['auth']['mysql']['password'] = 'your password';
$conf['auth']['mysql']['database'] = 'your database';

Pay special attention to the values of TablesToLock. If you use a specific table in a query, add this table to the array:

$conf['auth']['mysql']['TablesToLock']= array( "your_table",
"your_table AS another_table" );

As a last step, we have to define some queries Dokuwiki uses for certain actions. The names are quite telling, so I will not explain them in great detail.

$conf['auth']['mysql']['checkPass'] =  "SELECT user_password AS login
					FROM forum_users /* change it :-) */
					WHERE
					username='%{user}'
					AND
					user_password=MD5('%{pass}')";

$conf['auth']['mysql']['getUserInfo'] = "SELECT user_password AS pass,
					 username AS name, user_email
					 AS mail
					 FROM forum_users
					 WHERE
					 username='%{user}'";

/* this query is from the dokuwiki documentation */
$conf['auth']['mysql']['getGroups']   = "SELECT a.group_name AS `group`
					 FROM forum_groups a,
					 forum_users b,
					 forum_user_group c
					 WHERE b.user_id = c.user_id
					 AND
					 a.group_id = c.group_id
					 AND
					 b.username='%{user}'";

For all those black hats laughing right now because they see SQL injection possibilities: Not likely. The strings are escaped by the Dokuwiki authentication code. However, I would not use that method for any vital applications. Then again, if they are vital, you’d probably be writing your own wiki anyway…

A last remark: There are more options which you could add (searching for users via the user manager, updating user information etc.). This article show the absolute minimum you need to supply. To set the proper access rights, just add the groups you have in your phpBB2 installation to the acl.auth.php file. I would advise you to use the built-in group management system of phpBB2 because you will almost certainly need user groups in your discussion forum, too.