README "phorum-02032000-tom.patch" 02.03.2000, munich
======================================================

This patch adds basic authentication capabilities to the
existing phorum 3.1 application.

It creates or modifies the following files:
	o include/login.php 
	o include/forums.php
	o AUTHENTICATION_TABLES
	o index.php
	o post.php


You can apply this patch to phorum 3.1 using the following method:
	o unpack a plain, unmodified phorum tarball
	o copy the file "phorum-02032000-tom.patch" into the
	  phorum-source directory.
	o issue the following command:
	  shell> cat phorum-02032000-tom.patch | patch -E -p 0
	o then follow the installation instruction of phorum.
	o create the required new tables:
	  shell> mysql phorum < AUTHENTICATION_TABLES
	o after that, you have to fill in some data into the
	  tables. Currently, there is no tool, which helps you
	  doing that - so you need to do it manually using mysql.



	  
Description of the tables
======================================================

users 
-----
holds the username and the encrypted (using crypt() ) password

subscribers
-----------
uid(ref to users.uid) and forum-name(ref to forums.name), it is used to
determine, wether a user is a member of a protected forum or not.

protected
---------
name (ref to forums.name) is the name of a protected forum.




How does it work
======================================================

A user can access a forum, if she is a member of the forum (or a
"subscriber") AND if the password is correct. Passwords are stored
encrypted in the database. I used the following command to fill my users
table:
mysql> load data infile '/etc/htpasswd' into table users fields terminated
by ':' (username,password);

the login.php (see below) encrypts the user-supplied password and compares
it with the one within the database. It uses the first two characters of
the stored password for encrypting the user-supplied one.

If a user is a member in multiple forums and changes to another forum, she
will not need to reauthenticate, login.php checks if the user is still
logged in (using $PHP_AUTH_USER).

To protect a forum, you have to insert it's name into the table "protected"
and to insert some existing users into the table "subscribers".




Author and License of the patch
======================================================

The author of the patch is Thomas Linden <tom@daemon.de> or <tom@consol.de>.

The patch is (as phorum itself) released under the terms of the GNU
General Public License.
