Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-12178

User group is not set correctly when using authentication plugin and external custom user_id

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 3.0.11, 3.0.12
    • Fix Version/s: 3.1.12-RC1
    • Component/s: Authentication
    • Labels:
      None
    • Environment:
      PHP 5.4.10, MySQL 5.5

      Description

      According to the phpbb developer wiki it is possible to write authentication plugins that use a custom user_id instead of the default sequence.

      I did write an authentication plugin that uses an external id as user_id and removed the sequence from the user_id column in the phpbb_users table.
      Here the code I use to generate a user_row returned by the login function of my authentication plugin upon successful authentication:

      	$new_user_row = array(
      		'user_id'	=> $external_user['loginid'],
      		'username'	=> $external_user['username'],
      		'user_password'	=> phpbb_hash($password),
      		'user_email'	=> $external_user['email'],
      		'group_id'		=> (int) $row['group_id'],
      		'user_type'	=> USER_NORMAL,
      		'user_ip'	=> $user->ip,
      	);
      

      And indeed user profiles can be created using a custom user_id, but
      unfortunately the group is not set correctly.

      When looking into the phpbb_user_group table I realized that all new entries did look like the following rows:

      group_id user_id group_leader user_pending
      2 0 0 0
      2 0 0 0
      2 0 0 0

      As you can see the user_id column was always 0.

      This pointed me to look into the add_user function to find the error.
      It turns out that the add_user function ignores the user_id field in $user_row when adding the entry to the USER_GROUP_TABLE.
      Instead it was using $db->sql_nextid() as user_id value, which is obviously fine when using the generated user_ids, but when using external ids breaks the link between user and group.
      Here the questionable snippet from the add_user function:

       
      $user_id = $db->sql_nextid();
       
      // Insert Custom Profile Fields
      if ($cp_data !== false && sizeof($cp_data))
      {
      	$cp_data['user_id'] = (int) $user_id;
       
      	if (!class_exists('custom_profile'))
      	{
      		include_once($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx);
      	}
       
      	$sql = 'INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . ' ' .
      		$db->sql_build_array('INSERT', custom_profile::build_insert_sql_array($cp_data));
      		$db->sql_query($sql);
      }
       
      // Place into appropriate group...
      $sql = 'INSERT INTO ' . USER_GROUP_TABLE . ' ' . $db->sql_build_array('INSERT', array(
      	'user_id'		=> (int) $user_id,
      	'group_id'		=> (int) $user_row['group_id'],
      	'user_pending'	=> 0)
      );
      $db->sql_query($sql);
      

        Attachments

          Activity

            People

            • Assignee:
              CHItA CHItA
              Reporter:
              CarloD CarloD [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: