Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-12178

User group is not set correctly when using authentication plugin and external custom user_id

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Won't Fix
    • 3.0.11, 3.0.12
    • 3.1.12-RC1
    • Authentication
    • None
    • PHP 5.4.10, MySQL 5.5

    Description

      According to the phpbb developer wiki it is possible to write authentication plugins that use a custom user_id instead of the default sequence.

      I did write an authentication plugin that uses an external id as user_id and removed the sequence from the user_id column in the phpbb_users table.
      Here the code I use to generate a user_row returned by the login function of my authentication plugin upon successful authentication:

      	$new_user_row = array(
      		 
      		'user_id'	=> $external_user['loginid'],
      		 
      		'username'	=> $external_user['username'],
      		 
      		'user_password'	=> phpbb_hash($password),
      		 
      		'user_email'	=> $external_user['email'],
      		 
      		'group_id'		=> (int) $row['group_id'],
      		 
      		'user_type'	=> USER_NORMAL,
      		 
      		'user_ip'	=> $user->ip,
      		 
      	);

      And indeed user profiles can be created using a custom user_id, but
      unfortunately the group is not set correctly.

      When looking into the phpbb_user_group table I realized that all new entries did look like the following rows:

      group_id user_id group_leader user_pending
      2 0 0 0
      2 0 0 0
      2 0 0 0

      As you can see the user_id column was always 0.

      This pointed me to look into the add_user function to find the error.
      It turns out that the add_user function ignores the user_id field in $user_row when adding the entry to the USER_GROUP_TABLE.
      Instead it was using $db->sql_nextid() as user_id value, which is obviously fine when using the generated user_ids, but when using external ids breaks the link between user and group.
      Here the questionable snippet from the add_user function:

       
      		 
      $user_id = $db->sql_nextid();
      		 
       
      		 
      // Insert Custom Profile Fields
      		 
      if ($cp_data !== false && sizeof($cp_data))
      		 
      {
      		 
      	$cp_data['user_id'] = (int) $user_id;
      		 
       
      		 
      	if (!class_exists('custom_profile'))
      		 
      	{
      		 
      		include_once($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx);
      		 
      	}
      		 
       
      		 
      	$sql = 'INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . ' ' .
      		 
      		$db->sql_build_array('INSERT', custom_profile::build_insert_sql_array($cp_data));
      		 
      		$db->sql_query($sql);
      		 
      }
      		 
       
      		 
      // Place into appropriate group...
      		 
      $sql = 'INSERT INTO ' . USER_GROUP_TABLE . ' ' . $db->sql_build_array('INSERT', array(
      		 
      	'user_id'		=> (int) $user_id,
      		 
      	'group_id'		=> (int) $user_row['group_id'],
      		 
      	'user_pending'	=> 0)
      		 
      );
      		 
      $db->sql_query($sql);

      Attachments

        Activity

          People

            CHItA CHItA
            CarloD CarloD [X] (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: