13ff230f7SMatthias Grimm<?php 23ff230f7SMatthias Grimm/* 3a771ad3aSmatthiasgrimm * This is an example configuration for the mysql auth module. 4a771ad3aSmatthiasgrimm * 5a771ad3aSmatthiasgrimm * This SQL statements are optimized for following table structure. 6a771ad3aSmatthiasgrimm * If you use a different one you have to change them accordingly. 7a771ad3aSmatthiasgrimm * See comments of every statement for details. 8a771ad3aSmatthiasgrimm * 9a771ad3aSmatthiasgrimm * TABLE users 10a771ad3aSmatthiasgrimm * uid login pass firstname lastname email 11a771ad3aSmatthiasgrimm * 12a771ad3aSmatthiasgrimm * TABLE groups 13a771ad3aSmatthiasgrimm * gid name 14a771ad3aSmatthiasgrimm * 15a771ad3aSmatthiasgrimm * TABLE usergroup 16a771ad3aSmatthiasgrimm * uid gid 17a771ad3aSmatthiasgrimm * 18a771ad3aSmatthiasgrimm * To use this configuration you have to copy them to local.php 19a771ad3aSmatthiasgrimm * or at least include this file in local.php. 203ff230f7SMatthias Grimm */ 213ff230f7SMatthias Grimm 22a771ad3aSmatthiasgrimm/* Options to configure database access. You need to set up this 23a771ad3aSmatthiasgrimm * options carefully, otherwise you won't be able to access you 24a771ad3aSmatthiasgrimm * database. 25a771ad3aSmatthiasgrimm */ 26a771ad3aSmatthiasgrimm$conf['auth']['mysql']['server'] = ''; 27a771ad3aSmatthiasgrimm$conf['auth']['mysql']['user'] = ''; 28a771ad3aSmatthiasgrimm$conf['auth']['mysql']['password'] = ''; 29a771ad3aSmatthiasgrimm$conf['auth']['mysql']['database'] = ''; 303ff230f7SMatthias Grimm 31dfdd92d5Smatthiasgrimm/* This option enables debug messages in the mysql module. It is 32dfdd92d5Smatthiasgrimm * mostly usefull for system admins. 33dfdd92d5Smatthiasgrimm */ 34dfdd92d5Smatthiasgrimm$conf['auth']['mysql']['debug'] = 0; 35dfdd92d5Smatthiasgrimm 363ff230f7SMatthias Grimm/* Normally password encryption is done by DokuWiki (recommended) but for 373ff230f7SMatthias Grimm * some reasons it might be usefull to let the database do the encryption. 38*24bc1a35Smatthiasgrimm * Set 'forwardClearPass' to '1' and the cleartext password is forwarded to 393ff230f7SMatthias Grimm * the database, otherwise the encrypted one. 403ff230f7SMatthias Grimm */ 41*24bc1a35Smatthiasgrimm$conf['auth']['mysql']['forwardClearPass'] = 0; 423ff230f7SMatthias Grimm 433ff230f7SMatthias Grimm/* Multiple table operations will be protected by locks. This array tolds 443ff230f7SMatthias Grimm * the module which tables to lock. If you use any aliases for table names 453ff230f7SMatthias Grimm * these array must also contain these aliases. Any unamed alias will cause 46a771ad3aSmatthiasgrimm * a warning during operation. See the example below. 473ff230f7SMatthias Grimm */ 483ff230f7SMatthias Grimm$conf['auth']['mysql']['TablesToLock']= array("users", "users AS u","groups", "groups AS g", "usergroup", "usergroup AS ug"); 493ff230f7SMatthias Grimm 50*24bc1a35Smatthiasgrimm/***********************************************************************/ 51*24bc1a35Smatthiasgrimm/* Basic SQL statements for user authentication (required) */ 52*24bc1a35Smatthiasgrimm/***********************************************************************/ 533ff230f7SMatthias Grimm 54*24bc1a35Smatthiasgrimm/* This statement is used to grant or deny access to the wiki. The result 55*24bc1a35Smatthiasgrimm * should be a table with exact one line containing at least the password 56*24bc1a35Smatthiasgrimm * of the user. If the result table is empty or contains more than one 57*24bc1a35Smatthiasgrimm * row, access will be denied. 58*24bc1a35Smatthiasgrimm * 593ff230f7SMatthias Grimm * The module access the password as 'pass' so a alias might be necessary. 60*24bc1a35Smatthiasgrimm * 61*24bc1a35Smatthiasgrimm * Following patters will be replaced: 62a771ad3aSmatthiasgrimm * %{user} user name 63a771ad3aSmatthiasgrimm * %{pass} encrypted or clear text password (depends on 'encryptPass') 64a771ad3aSmatthiasgrimm * %{dgroup} default group name 653ff230f7SMatthias Grimm */ 663ff230f7SMatthias Grimm$conf['auth']['mysql']['checkPass'] = "SELECT pass 673ff230f7SMatthias Grimm FROM usergroup AS ug 683ff230f7SMatthias Grimm JOIN users AS u ON u.uid=ug.uid 693ff230f7SMatthias Grimm JOIN groups AS g ON g.gid=ug.gid 70a771ad3aSmatthiasgrimm WHERE login='%{user}' 71a771ad3aSmatthiasgrimm AND name='%{dgroup}'"; 723ff230f7SMatthias Grimm 73*24bc1a35Smatthiasgrimm/* This statement should return a table with exact one row containing 74*24bc1a35Smatthiasgrimm * information about one user. The field needed are: 75*24bc1a35Smatthiasgrimm * 'pass' containing the encrypted or clear text password 76*24bc1a35Smatthiasgrimm * 'name' the user's full name 77*24bc1a35Smatthiasgrimm * 'mail' the user's email address 78*24bc1a35Smatthiasgrimm * 79*24bc1a35Smatthiasgrimm * Keep in mind that Dokuwiki will access thise information through the 80*24bc1a35Smatthiasgrimm * names listed above so aliasses might be neseccary. 81*24bc1a35Smatthiasgrimm * 82*24bc1a35Smatthiasgrimm * Following patters will be replaced: 83*24bc1a35Smatthiasgrimm * %{user} user name 84*24bc1a35Smatthiasgrimm */ 85*24bc1a35Smatthiasgrimm$conf['auth']['mysql']['getUserInfo'] = "SELECT pass, CONCAT(firstname,' ',lastname) AS name, email AS mail 86*24bc1a35Smatthiasgrimm FROM users 87*24bc1a35Smatthiasgrimm WHERE login='%{user}'"; 88*24bc1a35Smatthiasgrimm 89*24bc1a35Smatthiasgrimm/* This statement is used to get all groups a user is member of. The 90*24bc1a35Smatthiasgrimm * result should be a table containing all groups the given user is 91*24bc1a35Smatthiasgrimm * member of. The module access the group name as 'group' so a alias 92*24bc1a35Smatthiasgrimm * might be nessecary. 93*24bc1a35Smatthiasgrimm * 94*24bc1a35Smatthiasgrimm * Following patters will be replaced: 95a771ad3aSmatthiasgrimm * %{user} user name 9675bfc19cSMatthias Grimm */ 973ff230f7SMatthias Grimm$conf['auth']['mysql']['getGroups'] = "SELECT name as `group` 983ff230f7SMatthias Grimm FROM groups g, users u, usergroup ug 993ff230f7SMatthias Grimm WHERE u.uid = ug.uid 1003ff230f7SMatthias Grimm AND g.gid = ug.gid 101a771ad3aSmatthiasgrimm AND u.login='%{user}'"; 10275bfc19cSMatthias Grimm 103*24bc1a35Smatthiasgrimm/***********************************************************************/ 104*24bc1a35Smatthiasgrimm/* Additional minimum SQL statements to use the user manager */ 105*24bc1a35Smatthiasgrimm/***********************************************************************/ 10675bfc19cSMatthias Grimm 107*24bc1a35Smatthiasgrimm/* This statement should return a table containing all user login names 108*24bc1a35Smatthiasgrimm * that meet certain filter criteria. The filter expressions will be added 109*24bc1a35Smatthiasgrimm * case dependend by the module. At the end a sort expression will be added. 110*24bc1a35Smatthiasgrimm * Important is that this list contains no double entries fo a user. Each 111*24bc1a35Smatthiasgrimm * user name is only allowed once in the table. 112*24bc1a35Smatthiasgrimm * 11375bfc19cSMatthias Grimm * The login name will be accessed as 'user' to a alias might be neseccary. 114*24bc1a35Smatthiasgrimm * No patterns will be replaced in this statement but following patters 115*24bc1a35Smatthiasgrimm * will be replaced in the filter expressions: 116a771ad3aSmatthiasgrimm * %{user} in FilterLogin user's login name 117a771ad3aSmatthiasgrimm * %{name} in FilterName user's full name 118a771ad3aSmatthiasgrimm * %{email} in FilterEmail user's email address 119a771ad3aSmatthiasgrimm * %{group} in FilterGroup group name 12075bfc19cSMatthias Grimm */ 1213ff230f7SMatthias Grimm$conf['auth']['mysql']['getUsers'] = "SELECT DISTINCT login AS user 1223ff230f7SMatthias Grimm FROM users AS u 1233ff230f7SMatthias Grimm LEFT JOIN usergroup AS ug ON u.uid=ug.uid 1243ff230f7SMatthias Grimm LEFT JOIN groups AS g ON ug.gid=g.gid"; 125a771ad3aSmatthiasgrimm$conf['auth']['mysql']['FilterLogin'] = "login LIKE '%{user}'"; 126a771ad3aSmatthiasgrimm$conf['auth']['mysql']['FilterName'] = "CONCAT(firstname,' ',lastname) LIKE '%{name}'"; 127a771ad3aSmatthiasgrimm$conf['auth']['mysql']['FilterEmail'] = "email LIKE '%{email}'"; 128a771ad3aSmatthiasgrimm$conf['auth']['mysql']['FilterGroup'] = "name LIKE '%{group}'"; 1293ff230f7SMatthias Grimm$conf['auth']['mysql']['SortOrder'] = "ORDER BY login"; 1303ff230f7SMatthias Grimm 131*24bc1a35Smatthiasgrimm/***********************************************************************/ 132*24bc1a35Smatthiasgrimm/* Additional SQL statements to add new users with the user manager */ 133*24bc1a35Smatthiasgrimm/***********************************************************************/ 134*24bc1a35Smatthiasgrimm 135*24bc1a35Smatthiasgrimm/* This statement should add a user to the database. Minimum information 136*24bc1a35Smatthiasgrimm * to store are: login name, password, email address and full name. 137*24bc1a35Smatthiasgrimm * 13875bfc19cSMatthias Grimm * Following patterns will be replaced: 139a771ad3aSmatthiasgrimm * %{user} user's login name 140a771ad3aSmatthiasgrimm * %{pass} password (encrypted or clear text, depends on 'encryptPass') 141a771ad3aSmatthiasgrimm * %{email} email address 142a771ad3aSmatthiasgrimm * %{name} user's full name 14375bfc19cSMatthias Grimm */ 1443ff230f7SMatthias Grimm$conf['auth']['mysql']['addUser'] = "INSERT INTO users 1453ff230f7SMatthias Grimm (login, pass, email, firstname, lastname) 146a771ad3aSmatthiasgrimm VALUES ('%{user}', '%{pass}', '%{email}', 147a771ad3aSmatthiasgrimm SUBSTRING_INDEX('%{name}',' ', 1), 148a771ad3aSmatthiasgrimm SUBSTRING_INDEX('%{name}',' ', -1))"; 14975bfc19cSMatthias Grimm 150*24bc1a35Smatthiasgrimm/* This statement should add a group to the database. 151*24bc1a35Smatthiasgrimm * Following patterns will be replaced: 152*24bc1a35Smatthiasgrimm * %{group} group name 153*24bc1a35Smatthiasgrimm */ 154*24bc1a35Smatthiasgrimm$conf['auth']['mysql']['addGroup'] = "INSERT INTO groups (name) 155*24bc1a35Smatthiasgrimm VALUES ('%{group}')"; 156*24bc1a35Smatthiasgrimm 157*24bc1a35Smatthiasgrimm/* This statement should connect a user to a group (a user become member 158*24bc1a35Smatthiasgrimm * of that group). 159*24bc1a35Smatthiasgrimm * Following patterns will be replaced: 160*24bc1a35Smatthiasgrimm * %{user} user's login name 161*24bc1a35Smatthiasgrimm * %{uid} id of a user dataset 162*24bc1a35Smatthiasgrimm * %{group} group name 163*24bc1a35Smatthiasgrimm * %{gid} id of a group dataset 164*24bc1a35Smatthiasgrimm */ 165*24bc1a35Smatthiasgrimm$conf['auth']['mysql']['addUserGroup']= "INSERT INTO usergroup (uid, gid) 166*24bc1a35Smatthiasgrimm VALUES ('%{uid}', '%{gid}')"; 167*24bc1a35Smatthiasgrimm 168*24bc1a35Smatthiasgrimm/* This statement should remove a group fom the database. 169*24bc1a35Smatthiasgrimm * Following patterns will be replaced: 170*24bc1a35Smatthiasgrimm * %{group} group name 171*24bc1a35Smatthiasgrimm * %{gid} id of a group dataset 172*24bc1a35Smatthiasgrimm */ 173*24bc1a35Smatthiasgrimm$conf['auth']['mysql']['delGroup'] = "DELETE FROM groups 174*24bc1a35Smatthiasgrimm WHERE gid='%{gid}'"; 175*24bc1a35Smatthiasgrimm 176*24bc1a35Smatthiasgrimm/* This statement should return the database index of a given user name. 177*24bc1a35Smatthiasgrimm * The module will access the index with the name 'id' so a alias might be 178*24bc1a35Smatthiasgrimm * necessary. 179*24bc1a35Smatthiasgrimm * following patters will be replaced: 180*24bc1a35Smatthiasgrimm * %{user} user name 181*24bc1a35Smatthiasgrimm */ 182*24bc1a35Smatthiasgrimm$conf['auth']['mysql']['getUserID'] = "SELECT uid AS id 183*24bc1a35Smatthiasgrimm FROM users 184*24bc1a35Smatthiasgrimm WHERE login='%{user}'"; 185*24bc1a35Smatthiasgrimm 186*24bc1a35Smatthiasgrimm/***********************************************************************/ 187*24bc1a35Smatthiasgrimm/* Additional SQL statements to delete users with the user manager */ 188*24bc1a35Smatthiasgrimm/***********************************************************************/ 189*24bc1a35Smatthiasgrimm 190*24bc1a35Smatthiasgrimm/* This statement should remove a user fom the database. 191*24bc1a35Smatthiasgrimm * Following patterns will be replaced: 192*24bc1a35Smatthiasgrimm * %{user} user's login name 193*24bc1a35Smatthiasgrimm * %{uid} id of a user dataset 194*24bc1a35Smatthiasgrimm */ 195*24bc1a35Smatthiasgrimm$conf['auth']['mysql']['delUser'] = "DELETE FROM users 196*24bc1a35Smatthiasgrimm WHERE uid='%{uid}'"; 197*24bc1a35Smatthiasgrimm 198*24bc1a35Smatthiasgrimm/* This statement should remove all connections from a user to any group 199*24bc1a35Smatthiasgrimm * (a user quits membership of all groups). 200*24bc1a35Smatthiasgrimm * Following patterns will be replaced: 201*24bc1a35Smatthiasgrimm * %{uid} id of a user dataset 202*24bc1a35Smatthiasgrimm */ 203*24bc1a35Smatthiasgrimm$conf['auth']['mysql']['delUserRefs'] = "DELETE FROM usergroup 204*24bc1a35Smatthiasgrimm WHERE uid='%{uid}'"; 205*24bc1a35Smatthiasgrimm 206*24bc1a35Smatthiasgrimm/***********************************************************************/ 207*24bc1a35Smatthiasgrimm/* Additional SQL statements to modify users with the user manager */ 208*24bc1a35Smatthiasgrimm/***********************************************************************/ 209*24bc1a35Smatthiasgrimm 210*24bc1a35Smatthiasgrimm/* This statements should modify a user entry in the database. The 211*24bc1a35Smatthiasgrimm * statements UpdateLogin, UpdatePass, UpdateEmail and UpdateName will be 212*24bc1a35Smatthiasgrimm * added to updateUser on demand. Only changed parameters will be used. 213*24bc1a35Smatthiasgrimm * 214dfdd92d5Smatthiasgrimm * Following patterns will be replaced: 215dfdd92d5Smatthiasgrimm * %{user} user's login name 216dfdd92d5Smatthiasgrimm * %{pass} password (encrypted or clear text, depends on 'encryptPass') 217dfdd92d5Smatthiasgrimm * %{email} email address 218dfdd92d5Smatthiasgrimm * %{name} user's full name 219dfdd92d5Smatthiasgrimm * %{uid} user id that should be updated 220dfdd92d5Smatthiasgrimm */ 221dfdd92d5Smatthiasgrimm$conf['auth']['mysql']['updateUser'] = "UPDATE users SET"; 222dfdd92d5Smatthiasgrimm$conf['auth']['mysql']['UpdateLogin'] = "login='%{user}'"; 223dfdd92d5Smatthiasgrimm$conf['auth']['mysql']['UpdatePass'] = "pass='%{pass}'"; 224dfdd92d5Smatthiasgrimm$conf['auth']['mysql']['UpdateEmail'] = "email='%{email}'"; 225dfdd92d5Smatthiasgrimm$conf['auth']['mysql']['UpdateName'] = "firstname=SUBSTRING_INDEX('%{name}',' ', 1), 226dfdd92d5Smatthiasgrimm lastname=SUBSTRING_INDEX('%{name}',' ', -1)"; 227dfdd92d5Smatthiasgrimm$conf['auth']['mysql']['UpdateTarget']= "WHERE uid=%{uid}"; 228dfdd92d5Smatthiasgrimm 22975bfc19cSMatthias Grimm/* This statement should remove a single connection from a user to a 23075bfc19cSMatthias Grimm * group (a user quits membership of that group). 231*24bc1a35Smatthiasgrimm * 23275bfc19cSMatthias Grimm * Following patterns will be replaced: 233a771ad3aSmatthiasgrimm * %{user} user's login name 234a771ad3aSmatthiasgrimm * %{uid} id of a user dataset 235a771ad3aSmatthiasgrimm * %{group} group name 236a771ad3aSmatthiasgrimm * %{gid} id of a group dataset 23775bfc19cSMatthias Grimm */ 2383ff230f7SMatthias Grimm$conf['auth']['mysql']['delUserGroup']= "DELETE FROM usergroup 239a771ad3aSmatthiasgrimm WHERE uid='%{uid}' 240a771ad3aSmatthiasgrimm AND gid='%{gid}'"; 24175bfc19cSMatthias Grimm 242*24bc1a35Smatthiasgrimm/* This statement should return the database index of a given group name. 243*24bc1a35Smatthiasgrimm * The module will access the index with the name 'id' so a alias might 244*24bc1a35Smatthiasgrimm * be necessary. 245*24bc1a35Smatthiasgrimm * 246*24bc1a35Smatthiasgrimm * Following patters will be replaced: 247*24bc1a35Smatthiasgrimm * %{group} group name 24875bfc19cSMatthias Grimm */ 249*24bc1a35Smatthiasgrimm$conf['auth']['mysql']['getGroupID'] = "SELECT gid AS id 250*24bc1a35Smatthiasgrimm FROM groups 251*24bc1a35Smatthiasgrimm WHERE name='%{group}'"; 252*24bc1a35Smatthiasgrimm 253a771ad3aSmatthiasgrimm 254