13ff230f7SMatthias Grimm<?php 23ff230f7SMatthias Grimm/* 3a771ad3aSmatthiasgrimm * This is an example configuration for the mysql auth module. 4a771ad3aSmatthiasgrimm * 5a771ad3aSmatthiasgrimm * This SQL statements are optimized for following table structure. 6a771ad3aSmatthiasgrimm * If you use a different one you have to change them accordingly. 7a771ad3aSmatthiasgrimm * See comments of every statement for details. 8a771ad3aSmatthiasgrimm * 9a771ad3aSmatthiasgrimm * TABLE users 10a771ad3aSmatthiasgrimm * uid login pass firstname lastname email 11a771ad3aSmatthiasgrimm * 12a771ad3aSmatthiasgrimm * TABLE groups 13a771ad3aSmatthiasgrimm * gid name 14a771ad3aSmatthiasgrimm * 15a771ad3aSmatthiasgrimm * TABLE usergroup 16a771ad3aSmatthiasgrimm * uid gid 17a771ad3aSmatthiasgrimm * 18a771ad3aSmatthiasgrimm * To use this configuration you have to copy them to local.php 19a771ad3aSmatthiasgrimm * or at least include this file in local.php. 203ff230f7SMatthias Grimm */ 213ff230f7SMatthias Grimm 22a771ad3aSmatthiasgrimm/* Options to configure database access. You need to set up this 23a771ad3aSmatthiasgrimm * options carefully, otherwise you won't be able to access you 24a771ad3aSmatthiasgrimm * database. 25a771ad3aSmatthiasgrimm */ 26a771ad3aSmatthiasgrimm$conf['auth']['mysql']['server'] = ''; 27a771ad3aSmatthiasgrimm$conf['auth']['mysql']['user'] = ''; 28a771ad3aSmatthiasgrimm$conf['auth']['mysql']['password'] = ''; 29a771ad3aSmatthiasgrimm$conf['auth']['mysql']['database'] = ''; 303ff230f7SMatthias Grimm 31*dfdd92d5Smatthiasgrimm/* This option enables debug messages in the mysql module. It is 32*dfdd92d5Smatthiasgrimm * mostly usefull for system admins. 33*dfdd92d5Smatthiasgrimm */ 34*dfdd92d5Smatthiasgrimm$conf['auth']['mysql']['debug'] = 0; 35*dfdd92d5Smatthiasgrimm 363ff230f7SMatthias Grimm/* Normally password encryptionis done by DokuWiki (recommended) but for 373ff230f7SMatthias Grimm * some reasons it might be usefull to let the database do the encryption. 383ff230f7SMatthias Grimm * Set 'encryptPass' to '1' and the cleartext password is forwarded to 393ff230f7SMatthias Grimm * the database, otherwise the encrypted one. 403ff230f7SMatthias Grimm */ 413ff230f7SMatthias Grimm$conf['auth']['mysql']['encryptPass'] = 0; 423ff230f7SMatthias Grimm 433ff230f7SMatthias Grimm/* Multiple table operations will be protected by locks. This array tolds 443ff230f7SMatthias Grimm * the module which tables to lock. If you use any aliases for table names 453ff230f7SMatthias Grimm * these array must also contain these aliases. Any unamed alias will cause 46a771ad3aSmatthiasgrimm * a warning during operation. See the example below. 473ff230f7SMatthias Grimm */ 483ff230f7SMatthias Grimm$conf['auth']['mysql']['TablesToLock']= array("users", "users AS u","groups", "groups AS g", "usergroup", "usergroup AS ug"); 493ff230f7SMatthias Grimm 503ff230f7SMatthias Grimm/* This statement should return the database index of a given user name. 513ff230f7SMatthias Grimm * The module will access the index with the name 'id' so a alias might be 523ff230f7SMatthias Grimm * necessary. 533ff230f7SMatthias Grimm * following patters will be replaced: 54a771ad3aSmatthiasgrimm * %{user} user name 553ff230f7SMatthias Grimm */ 56*dfdd92d5Smatthiasgrimm$conf['auth']['mysql']['getUserID'] = "SELECT uid AS id 57*dfdd92d5Smatthiasgrimm FROM users 58*dfdd92d5Smatthiasgrimm WHERE login='%{user}'"; 593ff230f7SMatthias Grimm 603ff230f7SMatthias Grimm/* This statement should return the database index of a given group name. 613ff230f7SMatthias Grimm * The module will access the index with the name 'id' so a alias might be 623ff230f7SMatthias Grimm * necessary. 633ff230f7SMatthias Grimm * following patters will be replaced: 64a771ad3aSmatthiasgrimm * %{group} group name 653ff230f7SMatthias Grimm */ 66*dfdd92d5Smatthiasgrimm$conf['auth']['mysql']['getGroupID'] = "SELECT gid AS id 67*dfdd92d5Smatthiasgrimm FROM groups 68*dfdd92d5Smatthiasgrimm WHERE name='%{group}'"; 693ff230f7SMatthias Grimm 703ff230f7SMatthias Grimm/* This statement is used to grant or deny access to the wiki. The result should 713ff230f7SMatthias Grimm * be a table with exact one line containing at least the password of the user. 723ff230f7SMatthias Grimm * If the result table is empty or contains more than one row, access will be denied. 733ff230f7SMatthias Grimm * The module access the password as 'pass' so a alias might be necessary. 743ff230f7SMatthias Grimm * following patters will be replaced: 75a771ad3aSmatthiasgrimm * %{user} user name 76a771ad3aSmatthiasgrimm * %{pass} encrypted or clear text password (depends on 'encryptPass') 77a771ad3aSmatthiasgrimm * %{dgroup} default group name 783ff230f7SMatthias Grimm */ 793ff230f7SMatthias Grimm$conf['auth']['mysql']['checkPass'] = "SELECT pass 803ff230f7SMatthias Grimm FROM usergroup AS ug 813ff230f7SMatthias Grimm JOIN users AS u ON u.uid=ug.uid 823ff230f7SMatthias Grimm JOIN groups AS g ON g.gid=ug.gid 83a771ad3aSmatthiasgrimm WHERE login='%{user}' 84a771ad3aSmatthiasgrimm AND name='%{dgroup}'"; 853ff230f7SMatthias Grimm 8675bfc19cSMatthias Grimm/* This statement is used to get all groups a user is member of. The result should 8775bfc19cSMatthias Grimm * be a table containing all groups the given user is member of. The module access 8875bfc19cSMatthias Grimm * the group name as 'group' so a alias might be nessecary. 8975bfc19cSMatthias Grimm * following patters will be replaced: 90a771ad3aSmatthiasgrimm * %{user} user name 9175bfc19cSMatthias Grimm */ 923ff230f7SMatthias Grimm$conf['auth']['mysql']['getGroups'] = "SELECT name as `group` 933ff230f7SMatthias Grimm FROM groups g, users u, usergroup ug 943ff230f7SMatthias Grimm WHERE u.uid = ug.uid 953ff230f7SMatthias Grimm AND g.gid = ug.gid 96a771ad3aSmatthiasgrimm AND u.login='%{user}'"; 9775bfc19cSMatthias Grimm 9875bfc19cSMatthias Grimm/* This statement should return a table with exact one row containing information 9975bfc19cSMatthias Grimm * about one user. The field needed are: 10075bfc19cSMatthias Grimm * 'pass' containing the encrypted or clear text password 10175bfc19cSMatthias Grimm * 'name' the user's full name 10275bfc19cSMatthias Grimm * 'mail' the user's email address 10375bfc19cSMatthias Grimm * Keep in mind that Dokuwiki will access thise information through the names 10475bfc19cSMatthias Grimm * listed above so aliasses might be neseccary. 10575bfc19cSMatthias Grimm * following patters will be replaced: 106a771ad3aSmatthiasgrimm * %{user} user name 10775bfc19cSMatthias Grimm */ 1083ff230f7SMatthias Grimm$conf['auth']['mysql']['getUserInfo'] = "SELECT pass, CONCAT(firstname,' ',lastname) AS name, email AS mail 1093ff230f7SMatthias Grimm FROM users 110a771ad3aSmatthiasgrimm WHERE login='%{user}'"; 11175bfc19cSMatthias Grimm 11275bfc19cSMatthias Grimm/* This statement should return a table containing all user login names that meet 11375bfc19cSMatthias Grimm * certain filter criteria. The filter expressions will be added case dependend by 11475bfc19cSMatthias Grimm * the module. At the end a sort expression will be added. 11575bfc19cSMatthias Grimm * Important is that this list contains no double entries fo a user. Each user 11675bfc19cSMatthias Grimm * name is only allowed once in the table. 11775bfc19cSMatthias Grimm * The login name will be accessed as 'user' to a alias might be neseccary. 11875bfc19cSMatthias Grimm * No patterns will be replaced in this statement but following patters will be 11975bfc19cSMatthias Grimm * replaced in the filter expressions: 120a771ad3aSmatthiasgrimm * %{user} in FilterLogin user's login name 121a771ad3aSmatthiasgrimm * %{name} in FilterName user's full name 122a771ad3aSmatthiasgrimm * %{email} in FilterEmail user's email address 123a771ad3aSmatthiasgrimm * %{group} in FilterGroup group name 12475bfc19cSMatthias Grimm */ 1253ff230f7SMatthias Grimm$conf['auth']['mysql']['getUsers'] = "SELECT DISTINCT login AS user 1263ff230f7SMatthias Grimm FROM users AS u 1273ff230f7SMatthias Grimm LEFT JOIN usergroup AS ug ON u.uid=ug.uid 1283ff230f7SMatthias Grimm LEFT JOIN groups AS g ON ug.gid=g.gid"; 129a771ad3aSmatthiasgrimm$conf['auth']['mysql']['FilterLogin'] = "login LIKE '%{user}'"; 130a771ad3aSmatthiasgrimm$conf['auth']['mysql']['FilterName'] = "CONCAT(firstname,' ',lastname) LIKE '%{name}'"; 131a771ad3aSmatthiasgrimm$conf['auth']['mysql']['FilterEmail'] = "email LIKE '%{email}'"; 132a771ad3aSmatthiasgrimm$conf['auth']['mysql']['FilterGroup'] = "name LIKE '%{group}'"; 1333ff230f7SMatthias Grimm$conf['auth']['mysql']['SortOrder'] = "ORDER BY login"; 1343ff230f7SMatthias Grimm 13575bfc19cSMatthias Grimm/* This statement should add a user to the database. Minimum information to 13675bfc19cSMatthias Grimm * store are: login name, password, email address and full name. 13775bfc19cSMatthias Grimm * Following patterns will be replaced: 138a771ad3aSmatthiasgrimm * %{user} user's login name 139a771ad3aSmatthiasgrimm * %{pass} password (encrypted or clear text, depends on 'encryptPass') 140a771ad3aSmatthiasgrimm * %{email} email address 141a771ad3aSmatthiasgrimm * %{name} user's full name 14275bfc19cSMatthias Grimm */ 1433ff230f7SMatthias Grimm$conf['auth']['mysql']['addUser'] = "INSERT INTO users 1443ff230f7SMatthias Grimm (login, pass, email, firstname, lastname) 145a771ad3aSmatthiasgrimm VALUES ('%{user}', '%{pass}', '%{email}', 146a771ad3aSmatthiasgrimm SUBSTRING_INDEX('%{name}',' ', 1), 147a771ad3aSmatthiasgrimm SUBSTRING_INDEX('%{name}',' ', -1))"; 14875bfc19cSMatthias Grimm 149*dfdd92d5Smatthiasgrimm/* This statements should modify a user entry in the database. The statements 150*dfdd92d5Smatthiasgrimm * UpdateLogin, UpdatePass, UpdateEmail and UpdateName will be added to 151*dfdd92d5Smatthiasgrimm * updateUser on demand. Only changed parameters will be used. 152*dfdd92d5Smatthiasgrimm * Following patterns will be replaced: 153*dfdd92d5Smatthiasgrimm * %{user} user's login name 154*dfdd92d5Smatthiasgrimm * %{pass} password (encrypted or clear text, depends on 'encryptPass') 155*dfdd92d5Smatthiasgrimm * %{email} email address 156*dfdd92d5Smatthiasgrimm * %{name} user's full name 157*dfdd92d5Smatthiasgrimm * %{uid} user id that should be updated 158*dfdd92d5Smatthiasgrimm */ 159*dfdd92d5Smatthiasgrimm$conf['auth']['mysql']['updateUser'] = "UPDATE users SET"; 160*dfdd92d5Smatthiasgrimm$conf['auth']['mysql']['UpdateLogin'] = "login='%{user}'"; 161*dfdd92d5Smatthiasgrimm$conf['auth']['mysql']['UpdatePass'] = "pass='%{pass}'"; 162*dfdd92d5Smatthiasgrimm$conf['auth']['mysql']['UpdateEmail'] = "email='%{email}'"; 163*dfdd92d5Smatthiasgrimm$conf['auth']['mysql']['UpdateName'] = "firstname=SUBSTRING_INDEX('%{name}',' ', 1), 164*dfdd92d5Smatthiasgrimm lastname=SUBSTRING_INDEX('%{name}',' ', -1)"; 165*dfdd92d5Smatthiasgrimm$conf['auth']['mysql']['UpdateTarget']= "WHERE uid=%{uid}"; 166*dfdd92d5Smatthiasgrimm 16775bfc19cSMatthias Grimm/* This statement should remove a user fom the database. 16875bfc19cSMatthias Grimm * Following patterns will be replaced: 169a771ad3aSmatthiasgrimm * %{user} user's login name 170a771ad3aSmatthiasgrimm * %{uid} id of a user dataset 17175bfc19cSMatthias Grimm */ 1723ff230f7SMatthias Grimm$conf['auth']['mysql']['delUser'] = "DELETE FROM users 173a771ad3aSmatthiasgrimm WHERE uid='%{uid}'"; 17475bfc19cSMatthias Grimm 17575bfc19cSMatthias Grimm/* This statement should add a group to the database. 17675bfc19cSMatthias Grimm * Following patterns will be replaced: 177a771ad3aSmatthiasgrimm * %{group} group name 17875bfc19cSMatthias Grimm */ 1793ff230f7SMatthias Grimm$conf['auth']['mysql']['addGroup'] = "INSERT INTO groups (name) 180a771ad3aSmatthiasgrimm VALUES ('%{group}')"; 18175bfc19cSMatthias Grimm 18275bfc19cSMatthias Grimm/* This statement should remove a group fom the database. 18375bfc19cSMatthias Grimm * Following patterns will be replaced: 184a771ad3aSmatthiasgrimm * %{group} group name 185a771ad3aSmatthiasgrimm * %{gid} id of a group dataset 18675bfc19cSMatthias Grimm */ 1873ff230f7SMatthias Grimm$conf['auth']['mysql']['delGroup'] = "DELETE FROM groups 188a771ad3aSmatthiasgrimm WHERE gid='%{gid}'"; 18975bfc19cSMatthias Grimm 19075bfc19cSMatthias Grimm/* This statement should connect a user to a group (a user become member 19175bfc19cSMatthias Grimm * of that group). 19275bfc19cSMatthias Grimm * Following patterns will be replaced: 193a771ad3aSmatthiasgrimm * %{user} user's login name 194a771ad3aSmatthiasgrimm * %{uid} id of a user dataset 195a771ad3aSmatthiasgrimm * %{group} group name 196a771ad3aSmatthiasgrimm * %{gid} id of a group dataset 19775bfc19cSMatthias Grimm */ 1983ff230f7SMatthias Grimm$conf['auth']['mysql']['addUserGroup']= "INSERT INTO usergroup (uid, gid) 199a771ad3aSmatthiasgrimm VALUES ('%{uid}', '%{gid}')"; 20075bfc19cSMatthias Grimm 20175bfc19cSMatthias Grimm/* This statement should remove a single connection from a user to a 20275bfc19cSMatthias Grimm * group (a user quits membership of that group). 20375bfc19cSMatthias Grimm * Following patterns will be replaced: 204a771ad3aSmatthiasgrimm * %{user} user's login name 205a771ad3aSmatthiasgrimm * %{uid} id of a user dataset 206a771ad3aSmatthiasgrimm * %{group} group name 207a771ad3aSmatthiasgrimm * %{gid} id of a group dataset 20875bfc19cSMatthias Grimm */ 2093ff230f7SMatthias Grimm$conf['auth']['mysql']['delUserGroup']= "DELETE FROM usergroup 210a771ad3aSmatthiasgrimm WHERE uid='%{uid}' 211a771ad3aSmatthiasgrimm AND gid='%{gid}'"; 21275bfc19cSMatthias Grimm 21375bfc19cSMatthias Grimm/* This statement should remove all connections from a user to any group 21475bfc19cSMatthias Grimm * (a user quits membership of all groups). 21575bfc19cSMatthias Grimm * Following patterns will be replaced: 216a771ad3aSmatthiasgrimm * %{uid} id of a user dataset 21775bfc19cSMatthias Grimm */ 2183ff230f7SMatthias Grimm$conf['auth']['mysql']['delUserRefs'] = "DELETE FROM usergroup 219a771ad3aSmatthiasgrimm WHERE uid='%{uid}'"; 220a771ad3aSmatthiasgrimm 221