Authentication and BibORB

Configure the authentication support in BibORB 1.3.2.

Introduction

If BibORB is used in a collaborative way, you will want to define who can add, modify or delete references. Presently, two authentication methods are supported: MySQL and files.

Access restriction using .htaccess

You can use .htaccess to restrict the access to BibORB. Create a new .htpasswd file and uncomment the authentication section in .htaccess

AuthName BibORB Restricted Area
AuthType Basic
AuthUserFile /path/to/htpasswd
require valid-user

MySQL authentication

Values to defined in config.php:

/**
 * If TRUE, this will disable authentification.
 * All users will have the administrator status
 */
$disable_authentication = FALSE;

/**
 * Authentication methods: mysql, files
 * Used if $disable_authentication = FALSE
 */
$authentication_method = 'mysql';

The next step is to correctly set up php/auth_backends/auth.mysql.php. This is done by defining:

/**
    The database configuration
*/
$host = "localhost";
$db = "biborb";
$dbuser = "biborb-admin";
$pass = "biborbdev";
$table = "biborb_users";
$auth_table = "biborb_auth";
  • $host: address of the machine hosting the database.
  • $db: name of the database.
  • $dbuser: a valid MySQL user which has access to the database.
  • $pass: its password.
  • $table: the table containing valid biborb users and passwords.
  • $auth_table: the table that defined authorizations for biborb users.

data/biborb.sql contains the SQL structure used with the MySQL authentication. Have a look to php/auth_backends/auth.mysql.php for details about the structure of the database.

Files authentication

If you don't want or don't have access to a database, you can configure authorizations using files.

Values to defined in config.php:

/**
 * If TRUE, this will disable authentification.
 * All users will have the administrator status
 */
$disable_authentication = FALSE;

/**
 * Authentication methods: mysql, files
 * Used if $disable_authentication = FALSE
 */
$authentication_method = 'files';

Files used to defines access are php/auth_backends/bib_access.txt and php/auth_backends/bib_users.txt

  • php/auth_backends/bib_users.txt: it contains a list of user/password: user:crypted_password,isAdmin where isAdmin=1 if the user is an administrator (all privileges, add/delete bibliographies), 0 otherwise. 
    testuser:testpass,0
admin:admin,1
    Use php/auth_backends/crypt_password.php to crypt your password, then copy it in bib_users.txt .
  • php/auth_backends/bib_access.txt: it defines the users' privileges on each database (a: add reference, d: delete reference, m: update reference) 
    abibliography:testuser*m,anotheruser*adm
anotherbiblio:testuser*adm,anotheruser*am