LiveUser Authentication

The authentication process relies primarily on the «liveuser_users» table (or its equivalent in XML, ...).

The «liveuser_users» Table

It contains a basic list of fields:

  • auth_user_id: the authentication user id. It is used to link to a permission user id in the «liveuser_perm_user» table.
  • handle: the user name used during the login process
  • passwd: the password for the login. If activated in the configuration file, the password will be encrypted.
  • lastlogin: the date and time the user last logged in
  • owner_user_id: ?
  • owner_group_id: ?
  • is_active: boolean specifying whether the account is still active. Note that login is denied to inactive accounts.

This may further be extended if needed. We'll see below how to proceed.

The configuration file

The configuration file is mainly an array of all parameters used for authentication and permission management. In particular, you'll define there all containers to be used.

In this sample, we'll only use one authentication container. You can refer to the LiveUser examples provided with the package to see how to merge XML and DB data sources.

Here is the sample configuration file that we've used. Some parameters are explored below.

Download 'conf.php'

Code
getMessage() . ' ' . $db->getUserInfo();
  }

$db->setFetchMode(MDB2_FETCHMODE_ASSOC);

$conf =
    array(
        'debug' => true,
        'session'  => array(
            'name'     => 'PHPSESSION',           // liveuser session name
            'varname'  => 'ludata'                // liveuser session var name
        ),
        'login' => array(
            'force'    => false                   // should the user be forced to login
        ),
        'logout' => array(
            'destroy'  => true                    // whether to destroy the session on logout
        ),
        'authContainers' => array(
            array(
                'type'          => 'MDB2',        // auth container name
                'expireTime'    => 3600,          // max lifetime of a session in seconds
                'idleTime'      => 1800,          // max time between 2 requests
                'allowDuplicateHandles' => 0,
                'allowEmptyPasswords'   => 0,     // 0=false, 1=true
                'passwordEncryptionMode'=> 'MD5',
                'storage' => array(
                    'dsn' => $dsn,
                    'alias' => array(             // contains any additional
                                                  // or non-default field alias
                        'lastlogin' => 'last_login',
                        'is_active' => 'is_active',
                        'owner_user_id' => 'owner_user_id',
                        'owner_group_id' => 'owner_group_id',
                        'email' => 'email'
                    ),
                    'fields' => array(            // contains any additional
                                                  // or non-default field types
                        'lastlogin' => 'timestamp',
                        'is_active' => 'boolean',
                        'owner_user_id' => 'integer',
                        'owner_group_id' => 'integer',
                        'email' => 'text'
                    ),
                    'tables' => array(            // contains additional tables
                                                  // or fields in existing tables
                        'users' => array(
                            'fields' => array(
                                'lastlogin' => false,
                                'is_active' => false,
                                'owner_user_id' => false,
                                'owner_group_id' => false,
                                'email' => false
                            )
                        )
                    )
                )
            )
        )
    );

PEAR::setErrorHandling(PEAR_ERROR_RETURN);

$LU = LiveUser::singleton($conf);

if (!$LU->init()) {
    var_dump($LU->getErrors());
    die();
}
$handle = (array_key_exists('handle', $_REQUEST)) ? $_REQUEST['handle'] : null;
$passwd = (array_key_exists('passwd', $_REQUEST)) ? $_REQUEST['passwd'] : null;
$logout = (array_key_exists('logout', $_REQUEST)) ? $_REQUEST['logout'] : false;
if ($logout)
  {
//  $LU->logout(true);
  $LU->logout(false);                       // does not delete the RememberMe cookie
  }
elseif(!$LU->isLoggedIn() || ($handle && $LU->getProperty('handle') != $handle))
  {
  if (!$handle)
    {
    $LU->login(null, null, true);
    }
  else
    {
    $LU->login($handle, $passwd, false);
    }
  }

?>

For the authentication feature, you have to take care of the «authContainers» array.

Code

   ...
        ),
        'authContainers' => array(
            array(
                'type'          => 'MDB2',        // auth container name
                'expireTime'    => 3600,          // max lifetime of a session in seconds
                'idleTime'      => 1800,          // max time between 2 requests
                'allowDuplicateHandles' => 0,
  ...

Add a field in the table

What if you want to add a field to the «liveuser_users» table?

  1. first add the field in the database: example email as text (max. 100 characters)
  2. then add in the configuration file (authContainers part) 1 line in the «alias» array
  3. one line in the «fields» array. Indicate there which data type it contains: timestamp, boolean, integer or text (or...?)
  4. and 1 line in the tables/users/fields array
Code
   ...
   $auth_conf = array(
   ...
                    'alias' => array( 
                        'lastlogin' => 'lastlogin',
                        'is_active' => 'is_active',
                        'owner_user_id' => 'owner_user_id',
                        'owner_group_id' => 'owner_group_id',
                        'email' => 'email'
                    ),
                    'fields' => array(
                        'lastlogin' => 'timestamp',
                        'is_active' => 'boolean',
                        'owner_user_id' => 'integer',
                        'owner_group_id' => 'integer',
                        'email' => 'text'
                    ),
                    'tables' => array(
                        'users' => array(
                            'fields' => array(
                                'lastlogin' => false,
                                'is_active' => false,
                                'owner_user_id' => false,
                                'owner_group_id' => false,
                                'email' => false
   ...   

Rename a basic field in the database

What if you have one of the basic fields named differently? For instance, instead of having «lastlogin», your field is called «last_login».

You'll need to modify the configuration again (authContainer part):

  • add one line in the 'alias' array with the remapping that LiveUser will need to do
Code
   ...
   $auth_conf = array(
   ...
                    'alias' => array(
                        'lastlogin' => 'last_login',
   ...

Other Changes

Allow empty passwords

With «allowEmptyPasswords», you can specify whether LiveUser will try to login with an empty password. Set it to «0» if you do not want empty password to be allowed. Set it to «1» if empty passwords are allowed.

Code
   ...
        'authContainers' => array(
            array(
                'type'          => 'MDB2',
                'expireTime'    => 3600,
                'idleTime'      => 1800,
                'allowDuplicateHandles' => 0,
                'allowEmptyPasswords'   => 0,
   ...

Change the password encryption mode

By default, the encryption mode is set to MD5. This particular encryption algorithm does not allow you to decrypt the password. If you want to switch to the RC4 algorithm, you may try the following:

  • change in the configuration file the «passwordEncryptionMode» to «RC4»
  • if not yet present, add the «secret» key to be used by this encryption algorithm
Code
   ...
   $auth_conf = array(
                'type'          => 'MDB2',
                'expireTime'    => 3600,
                'idleTime'      => 1800,
                'allowDuplicateHandles' => 0,
                'allowEmptyPasswords'   => 0,
                'passwordEncryptionMode'=> 'RC4',
                'secret'        => 'test',
   ...

Change the DB abstraction layer: from MDB2 to DB

If you want to change from MDB2 to DB, several changes need to be done to the configuration file:

  1. replace require_once MDB2.php by require_once DB.php
  2. replace $db =& MDB2::connect($dsn); by $db =& DB::connect($dsn);
  3. replace $db->setFetchMode(MDB2_FETCHMODE_ASSOC); by $db->setFetchMode(DB_FETCHMODE_ASSOC);
  4. in the auth configuration array, replace 'type'=> 'MDB2' by 'type'=> 'DB'
  5. in the perm configuration array, replace the storage name from MDB2' to 'DB'

Add the «Remember Me»

When a login is done with the «Remember Me» activated, the login information will be stored in a cookie, if allowed by the client. Then the next time the user will come back, he will not need to login again.

If you want to activate the «Remember Me» feature, ensure you:

  1. add a checkbox to your login form, so that the user can choose to activate it or not.
  2. add a 'cookie' array in the configuration file
  3. make sure that the LiveUser login instruction uses the value from the form
Code
   ...
        'logout' => array(
            'destroy'  => true
        ),
        'cookie' => array(
            'name' => 'loginInfo',  // name of the Remember me cookie
            'lifetime' => 30,       // cookie lifetime in days
            'path' => null,         // cookie path ?
            'domain' => null,       // cookie domain ?
            'secret' => 'test',     // the encryption key for the RC4 algorithm
            'savedir' => '.',       // absolute path to writeable directory ?
                                    // (no trailing slash)
            'secure' => false,      // whether cookie only send over secure connection
        ),
        'authContainers' => array(
  ...

Depending on how you implemented the logout, the cookie may or not be deleted during the logout. If you use the configuration file at the top of this page, the logout implies the lost of the cookie. If you want the cookie to persist after the logout, you'll need to change the logout line as follows:

Code
   ...
$logout = (array_key_exists('logout', $_REQUEST)) ? $_REQUEST['logout'] : false;
$remember = (array_key_exists('rememberMe', $_REQUEST)) ? $_REQUEST['rememberMe'] : false;
if ($logout)
  {
  $LU->logout(false);
  }
...

Note that the «Remember Me» feature requires either the mcrypt extension or the PEAR::Crypt_RC4 package.

The Login

function login($handle = '', $passwd = '', $remember = false, $auth_user_id = false)

Parameter(s)

This method takes 3 parameters:

  • the handle (i.e. the username) of the user trying to log on. The login is then done with handle/password.
  • the password of the user trying to log on
  • a boolean specifying whether the «remember me» feature is to be used
  • the authentication user id to be used instead of the handle. If used, the user can log on with its id/password.

Return value

This method returns:

  • «true» on success
  • «false» in case of failure

Get in touch!

We'd love to hear from you, what you think about this page or what we can do for you.

Contact Us

View this page with IE8+, Mozilla Firefox, Safari, Chrome and Mobiles

Last modificaton on 21 May 2015 by St├ęphane Van Nerom

© 2006-2014 - GVN - All rights reserved
v2.0.14