Modules/2.0/sqlauth

From the makers of InspIRCd.
Jump to: navigation, search

sqlauth module (2.0 version)

Current Future
2.0 Documentation 3.0 Documentation
Return to the 2.0 Module List
Description
This module allows you to allow and deny connections to your irc servers using a backend database, and is customizable to work with the majority of popular web based software. If software has both a username and a password field in one of its tables, it is likely to work with this module.
Configuration Tags
<sqlauth dbid="1"
        query="SELECT username FROM testusers WHERE username='$nick' AND password='$md5pass' LIMIT 1"
        killreason="Access denied"
        allowpattern="Guest*"
        verbose="1">

The variables in the tag have the following meanings:

  • dbid - The database id which this module is to use. Please see the documentation of the m_mysql module for more details.
  • killreason - The reason to give when disconnecting a user who provides invalid credentials. You should usually place a url to your registration system here so that users may register, or contact details of who to gain access from.
  • allowpattern - If defined, this is a pattern which if matched will automatically allow the nick onto irc without checking it against the database.
  • verbose - This variable if set to 'yes' will notify opers of failed connections to the server if they have the usermode +s.

For a list of settings which are known to work with certain popular software, please see our Integrating m_sqlauth.so with other software page.

  • query - This contains a freeform query, which can be used to match a user. The SQL query may return any of the variables below, which are replaced in the query before dispatching it to the SQL provider module. If the query returns one or more rows, the user is considered to be authenticated. If the query errors, or contains no result rows the user is considered to not be authenticated.
VariableEffect
$nickThis is replaced with the user's nickname.
$hostThis is replaced with the user's resolved hostname.
$ipThis is replaced with the user's IP address
$passThis is replaced with the user's plaintext password. This is insecure and should not be used unless absolutely neccessary!
$md5passThis is replaced with an MD5 sum of the user's password. This requires the m_md5.so module to be loaded. This is insecure and should not be used unless absolutely neccessary!
$sha256passThis is replaced with an SHA256 sum of the user's password. This requires the m_sha256.so module to be loaded.
$identThis is replaced with the user's ident (username) string. Do not use the m_ident module if you use this variable to authenticate users, otherwise you will be unable to determine if you are checking the ident string returned by the user's ident server, or the one sent by the USER command.
$gecosThis is replaced with the user's GECOS (Real name).
$serverThis is replaced with name of the server the user connected to.
$uuidThis is replaced with the user's UUID. This is of limited and specialist use as the user's UUID changes upon every connection.
Modes
This module does not implement any extra user or channel modes.
Extended Bans (Extbans)
This module implements no extended bans.
Commands
This module adds no extra commands.
Special Notes
This module will check the user's nickname against the user field, and their password against the password field. The password is collected using the RFC 1459 notation, e.g.
PASS :password

The user will not be prompted for their password, if this is not clear enough to your users, you should place it into the kill message. It is highly recommended that if you are using a system such as this, you should disable nick changing once users are connected with the following syntax in your configuration file:

<disabled commands="NICK">

With such a setting in place, you can be sure that everyone who connects is registered, and they cannot possibly impersonate others. Beware of mixing this system with other systems which may force user nickchanges. If a users nick is changed when such a system is in place, they will be unable to change it back without reconnecting!

Extra ModuleThis module is an 'extra' module. This means that by default it is not compiled when you type make to build your IRCd. To enable this module follow these steps.
Dependencies