User Authentication Across Modules

[pgoneill]

We are implementing an intranet using CMSMS and all pages are login protected via FrontEndUsers and CustomContent.  This works great - no complaints.

We also have PunBB installed, but since it's not part of the templates/pages exactly, two logins are required.  This isn't a big deal, except for  the fact that anyone anywhere would be able to visit the forum.  And if we turn all Guest priveledges off, people can still register.  If we turn registration off, there's no way for people to use the board, so it all becomes moot.

Here's the question:

Is it possible to somehow mirror the information in the cms_module_feusers_users table with the information in cms_module_punbb_users?

In other words, we (the admins) would like to manually set up authorized intranet users in the FrontEndUsers admin interface and have that reflected with default values in the PunBB database.  So, we create a FrontEndUser and a forum account is also created.

Granted, the values differ between the two tables, but the necessary ones - username and password - can be mirrored and the rest set to default.  Beyond that, we disable forum registration and even if someone can get to the forum, they won't be able to see anything or go to another location on the site without logging in.

Our thinking is that it is programmatically possible...but how.  All help and pointers will be greatly appreciated!

EDIT: Alternatively, if there is a way to hide the forum behind the FrontEndUser module, that would work, too.

[calguy1000]

Everything is possible given time

But the one sentence answer is:  "you'll be able to do it yourself soon!!"

We're in the process of developing the ability for people to add their own custom workflows.  Although this will require modifying some modules, it will be possible in the 0.14 series to hook modules together in this way.

essentially, you'll be able to write a user tag that givent he information from feusers, creates a user in the punbb module, etc, etc.

Hope this helps, more details will follow

[pgoneill]

That'd be great.

However, in the interim, I considered whether or not .htaccess authentication could be used - if it's secure enough.  I've never dealt with it before, so I'll have to look into it.

Currently, the intranet is on a Windows server in our building and is open only to restricted IP addresses and uses Windows User Authentication to let people into it.  However, this requires that all users have write/modify access to the tmp and upload directories (otherwise, Smarty caching breaks down).

The IT guys don't like having those directories writable by all users.  My argument, however, is that the user base is controlled and limited, so if someone were A) knowledgable enough to abuse the system and B) malicious enough to abuse the system we'd already have an idea of who it would be.

However, in the future we want to put it in a more public place - so people on the road can access the intranet.  Which means we need a strong user authentication system.  FrontEndUsers would be fine.  Except that people can still get to the forum.

It's a catch 22.

[calguy1000]

then in the present all works (reasonably) well, and when the 0.14 series comes out, all you'll need to do is write a user tag that when a new user is created in feusers, the event is trapped, and the same user account is created in the forum.  likewise for the case when an feuser is deleted.

btw, .htaccess works okay, and is reasonably secure, and can be made even more secure with different encryption and authentication means.

[pgoneill]

Well, I'll look forward to 0.14.

In the meantime, can "Protected Pages" provide a similar level of security - i.e. password protecting the entire site using PunBB accounts?  I hadn't even considered that potential yet...

[calguy1000]

ProtectedPages has been deprecated, and replaced with the FrontendUsers/CucstomContent combination.