-
Notifications
You must be signed in to change notification settings - Fork 150
Authentication Options
Cypht supports a number of different authentication methods out of the box. You can also create your own authentication method with the site module set. Remember that after making any changes to your hm3.ini file, you must rerun the scripts/config_gen.php script to update your site configuration.
Most webmail programs use this type of authentication. The username and password entered into the login form are passed to a pre-configured IMAP server. If the IMAP server returns success, the user is logged into the web application. When using IMAP authentication in Cypht, the IMAP server will automatically be added to the list of accounts the user can access. To use IMAP authentication, set the auth_type value in your hm3.ini file to IMAP, and configure the following settings:
The name assigned to the server after you login
imap_auth_name=localhost
The hostname or IP address of the IMAP server
imap_auth_server=localhost
The port the IMAP server is listening on
imap_auth_port=143
True or false if the IMAP service is over TLS (blank is the same as false)
imap_auth_tls=
Cypht can attempt to bind to an LDAP server to perform authentication. In order to use this you must set the auth_type to LDAP and configure the following settings:
The hostname or IP address of the LDAP server to authenticate to
ldap_auth_server=localhost
The port the LDAP server is listening on.
ldap_auth_port=389
Enable TLS/SSL connections. Leave blank or set to false to disable. Set to true to enable TLS connections.
ldap_auth_tls=
The "base dn" of the LDAP server
ldap_auth_base_dn="example,dc=com"
Using a database to authenticate is a little harder to setup, but is a flexible way to configure logins. Using this authentication also allows you to create, delete, or change the account passwords using CLI scripts included in Cypht. Database access is done using PHP PDO, so any database back-end supported by PDO can be used. You will have to manually create the database and table. Examples for Mysql, Postgresql, and Sqlite are included in the hm3.sample.ini file. To use a database for authentication, set the auth_type value to DB in your hm3.ini file, and configure the following settings:
Connection type. Can be "host" to connect to a hostname, or "socket" to connect to a unix socket.
db_connection_type=host
Database host name or ip address. If db_connection_type is set to "socket", this value is ignored
db_host=127.0.0.1
If db_connection_type is set to "socket", this should be the filesystem location of the unix socket file. If db_connection_type is set to "host" this value is ignored.
db_socket=/var/lib/mysqld/mysqld.sock
Name of the database with the required tables
db_name=test
User to connect to the database with
db_user=test
Password to connect to the database with
db_pass=123456
Database type. can be any supported PDO driver ; (http://php.net/manual/en/pdo.drivers.php)
db_driver=mysql
Then create the required table to hold users. Mysql/Sqlite and Postgresql examples can be found in the hm3.sample.ini (https://github.com/cypht-org/cypht/blob/master/hm3.sample.ini) file. Here is the Mysql table definition:
CREATE TABLE hm_user (username varchar(250), hash varchar(250), primary key (username));
Cypht includes 3 scripts to manage users from the command line:
php ./scripts/create_account.php <username> <password>
php ./scripts/delete_account.php <username>
php ./scripts/update_password.php <username> <password>
The dynamic module set allows users to authenticate against major E-mail providers, or to derive the E-mail server to login to using the site address, or by trying to auto-detect the correct mail server based on the domain used in the username. To use the dynamic login module set, you need to set the auth_type in your hm3.ini file to dynamic, and enable the dynamic_login module. Then you need to edit the module specific ini file, move it to your app_data_dir as defined in your hm3.ini file, and rerun the config gen script. Details about the module specific settings can be found in the comments of the ini file here:
https://github.com/cypht-org/cypht/blob/master/modules/dynamic_login/dynamic_login.ini
Need more flexibility? You can write your own authentication method for Cypht using the site module set. Set the auth_type setting in your hm3.ini file to custom, and enable the site module set. Next edit the modules/site/libs.php file:
https://github.com/cypht-org/cypht/blob/master/modules/site/lib.php#L101
This file contains a class called Custom_Auth, with a method called check_credentials that takes a username and password. This is where you can add your own custom logic to validate a login. Returning true from that method will log a user in, false will deny access.