SQL Database External Authentication Drop-In for Codiad using PHP Data Objects.
Written by Korynkai (Matt Schultz) of QuantuMatriX Technologies.
-
Download
SQL.phphere: SQL.php (right-click -> Save Link As). -
Edit
SQL.phpin a text editor, changing configuration values as needed (see below in "Configuration" for a description of these values). Do not edit the core logic (anything under the "Do not edit anything under..." line) -- you can break functionality, corrupt your users.php file, or even accidentally allow anybody to log in and modify your code. Only edit under the line if you're looking to experiment and have a test environment set up. -
Save
SQL.phpsomewhere on the webserver, preferably somewhere within the Codiad root (I created a special directory for External Authentication calledauthon my setup) and ensure your webserver daemon has permissions to read the file. -
Edit Codiad's
config.phpin a text editor, uncommenting and/or adding the linedefine("AUTH_PATH", "/path/to/SQL.php");. Replace "/path/to" with the actual path. You may use theBASE_PATHdirective if you savedSQL.phpto somewhere within the Codiad root. For example, on my setup (with theauthdirectory), this is set todefine("AUTH_PATH", BASE_PATH . "/auth/SQL.php");
❗ Make sure the database and table specified has a username and password column as specified in the configuration and the password column uses a hash format compatible with PHP's "password_verify()" method. The simplest table for Codiad would be created by executing the following SQL: CREATE TABLE users ( "user" TEXT NOT NULL, "password" TEXT NOT NULL );. When in doubt about password hashes, you may use the following command from a shell which has PHP in its path to generate a compatible password hash: php -r 'print password_hash("<PASSWORD>", PASSWORD_DEFAULT)."\n";'. NEVER use straight password hashes like MD5, SHA1/2, etc... These should be considered insecure regardless of the implementation. PHP's password_hash() and password_verify() methods automatically salt the password and use a known-secure algorithm.
Codiad-SQLExternalAuth should support most (if not all) database drivers supported by PDO. Please read http://php.net/manual/en/pdo.drivers.php for all the drivers supported and details for each driver.
The following values should be set in accordance with the specific SQL set-up being used:
-
$serverwould be your SQL server's connection DSN (portis optional if the default port is used); For example: -
$server = "pgsql:host=localhost;port=5432;dbname=codiad";for PostgreSQL running locally with database namecodiadand port 5432 (default for PostgreSQL, shown as an example). -
$server = "mysql:host=localhost;dbname=codiad";for MySQL running locally with database namecodiad. -
$server = "sqlite:/path/to/sqlite.db"for an SQLite database file on the local filesystem at/path/to/sqlite.db. -
$dbuserand$dbpassare the username and password to use for Codiad to connect to a networked database server requiring authentication. These should be left blank if connecting to SQLite or another database that does not require a username and password. Example: -
$dbuser = "codiad"; -
$dbpass = "secret"; -
$users_tableis the database table for Codiad to use when searching for user entries. Example: -
$users_table = "users"; -
$username_columnand$password_columnare the columns within the database table which represent the Codiad username and password fields. The password column must be compatible with PHP's "password_verify" method (as described in the "Installation" section). Example: -
$username_column = "user"; -
$password_column = "password"; -
$createusereither allows or denies the automatic creation of a Codiad user upon successful authentication. If set to true, auserwill be created if the user successfully authenticates through the database but is not present within Codiad'sdata/users.phpfile. If set tofalse, the user will be denied access if they are not present within Codiad'sdata/users.phpfile, regardless of whether or not the user has successfully authenticated. Default istrue.