The InspIRCd Project
Home | Developers | Wiki | Forums | Bug Tracker | SVN | Download | Blog | Stats
Personal tools

Modules/sqlauth

From the makers of InspIRCd.

Jump to: navigation, search


Description
This module allows you to allow and deny connections to your irc servers using a backend database, and is customizable to work with the majority of popular web based software. If software has both a username and a password field in one of its tables, it is likely to work with this module.
Configuration Tags

1.1 Configuration

To use this module you must define a tag as shown below: 

<sqlauth usertable="testusers"
        dbid="1"
        userfield="username"
        passfield="password"
        killreason="Access denied"
        encryption=""
        allowpattern="Guest*"
        verbose="1">

The variables in the tag have the following meanings:

  • dbid - The database id which this module is to use. Please see the documentation of the m_sql module for more details.
  • usertable - The table name which contains the users
  • userfield - The field name within the database which contains the username
  • passfield - The field name within the database which contains the password
  • killreason - The reason to give when disconnecting a user who provides invalid credentials. You should usually place a url to your registration system here so that users may register, or contact details of who to gain access from.
  • encryption - This variable indicates which encryption method is used on the password. If it is defined but set to an empty value no encryption is used (e.g. passwords are assumed to be plaintext, case insensitive). Common values for this when it is defined are "md5" and "passwd". Please note that this field allows for two ways to define an encryption type. The first way is to just put the name of a php function which takes one parameter, e.g. "md5" or "passwd". The second way, if you want to define a php function which takes a salt like "encrypt", is to place a bracket in the function, e.g: ENCRYPT('MYSALT',. This, when expanded, would be: ENCRYPT('MYSALT','USERPASS').
  • allowpattern - If defined, this is a pattern which if matched will automatically allow the nick onto irc without checking it against the database.
  • verbose - This variable if set to 'yes' will notify opers of failed connections to the server if they have the usermode +s.

For a list of settings which are known to work with certain popular software, please see our Integrating m_sqlauth.so with other software page.

1.2 Configuration

<sqlauth dbid="1"
        query="SELECT username FROM testusers WHERE username='$nick' AND password='$md5pass' LIMIT 1"
        killreason="Access denied"
        allowpattern="Guest*"
        verbose="1">

The variables in the tag have the following meanings:

  • dbid - The database id which this module is to use. Please see the documentation of the m_sql module for more details.
  • killreason - The reason to give when disconnecting a user who provides invalid credentials. You should usually place a url to your registration system here so that users may register, or contact details of who to gain access from.
  • allowpattern - If defined, this is a pattern which if matched will automatically allow the nick onto irc without checking it against the database.
  • verbose - This variable if set to 'yes' will notify opers of failed connections to the server if they have the usermode +s.

For a list of settings which are known to work with certain popular software, please see our Integrating m_sqlauth.so with other software page.

  • query - This contains a freeform query, which can be used to match a user. The SQL query may return any of the variables below, which are replaced in the query before dispatching it to the SQL provider module. If the query returns one or more rows, the user is considered to be authenticated. If the query errors, or contains no result rows the user is considered to not be authenticated.
VariableEffect
$nickThis is replaced with the user's nickname.
$hostThis is replaced with the user's resolved hostname.
$ipThis is replaced with the user's IP address
$passThis is replaced with the user's plaintext password. This should not be used unless absolutely neccessary!
$md5passThis is replaced with an MD5 sum of the user's password. This requires the m_md5.so module to be loaded.
$sha256passThis is replaced with an SHA256 sum of the user's password. This requires the m_sha256.so module to be loaded.
Additional Modes
None
Additional Commands
None
Special Notes
This module will check the user's nickname against the user field, and their password against the password field. The password is collected using the RFC 1459 notation, e.g. 
PASS :password

The user will not be prompted for their password, if this is not clear enough to your users, you should place it into the kill message. It is highly recommended that if you are using a system such as this, you should disable nick changing once users are connected with the following syntax in your configuration file: 

<disabled commands="NICK">

With such a setting in place, you can be sure that everyone who connects is registered, and they cannot possibly impersonate others. Beware of mixing this system with other systems which may force user nickchanges. If a users nick is changed when such a system is in place, they will be unable to change it back without reconnecting!

Extra ModuleThis module is an 'extra' module. This means that by default it is not compiled when you type make to build your IRCd. To enable this module follow these steps.


Dependencies
Retrieved from "http://www.inspircd.org/wiki/Modules/sqlauth"
head
Advertisement
head
head