Error with phpbb

Hello,

I have a forum running with phpBB. It has a function to connect it with jabber, but it does not work.I tried all kind of function_jabber versions for phpBB but nothing works.

Informácia

Nemôžem autorizovať užívateľa na Jabber serveri. (Unable to authorize user on jabber server)

SEND: <?xml version='1.0' encoding='UTF-8' ?>

SEND: <stream:stream to='brut.me' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>

RECV: <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="brut.me" id="4mm19pryzt" xml:lang="en" version="1.0">

RECV: <stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"></starttls><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>ANONYMOUS</mechanism><mechanism>SCRAM-SHA-1</mechanism><mechanism>PADE</mechanism><mechanism>CRAM-MD5</mechanism><mechanism>DIGEST-MD5</mechanism></mechanisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><ver xmlns="urn:xmpp:features:rosterver"/><register xmlns="http://jabber.org/features/iq-register"/><c xmlns="http://jabber.org/protocol/caps" hash="sha-1" node="https://www.igniterealtime.org/projects/openfire/" ver="SYRb1knANdPf5N02Bg7k6wxMVvo="/></stream:features>

Switching to TLS.

SEND: <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>

RECV: <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>

SEND: <?xml version='1.0' encoding='UTF-8' ?>

SEND: <stream:stream to='brut.me' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>

RECV: <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="brut.me" id="4mm19pryzt" xml:lang="en" version="1.0"><stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>ANONYMOUS</mechanism><mechanism>SCRAM-SHA-1</mechanism><mechanism>PADE</mechanism><mechanism>CRAM-MD5</mechanism><mechanism>DIGEST-MD5</mechanism></mechanisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><ver xmlns="urn:xmpp:features:rosterver"/><register xmlns="http://jabber.org/features/iq-register"/><c xmlns="http://jabber.org/protocol/caps" hash="sha-1" node="https://www.igniterealtime.org/projects/openfire/" ver="SYRb1knANdPf5N02Bg7k6wxMVvo="/></stream:features>

SEND: <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='DIGEST-MD5'/>

RECV: <challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">cmVhbG09ImJydXQubWUiLG5vbmNlPSJJQy9yL3BncEZVd2VLbUFRR21jend3Rjk3cURUTUt3Z1RQYzJ4d0hWIixjaGFyc2V0PXV0Zi04LGFsZ29yaXRobT1tZDUtc2Vzcw==</challenge>

SEND: <response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>dXNlcm5hbWU9IkJydXQiLHJlc3BvbnNlPSJhODE4NGE3YzExMGZjODk4YzkzYTBkZjdhZGFkMzU0MSIsY2hhcnNldD0idXRmLTgiLG5jPSIwMDAwMDAwMSIscW9wPSJhdXRoIixub25jZT0iSUMvci9wZ3BGVXdlS21BUUdtY3p3d0Y5N3FEVE1Ld2dUUGMyeHdIViIsZGlnZXN0LXVyaT0ieG1wcC9icnV0Lm1lIixyZWFsbT0iYnJ1dC5tZSIsY25vbmNlPSJORGczWmpSaFptUmpNVE5pTURKaE9XSmhZV1kxTldFM09XVm1NRGswWVRZPSI=</response>

RECV: <failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><not-authorized/></failure>

Error: Server sent "failure".

SEND: </stream:stream>

afaik the phpBB uses SASL, is there the problem?

This seems to be a response to a faulty username/password combination. Does Openfire log anything?

Also, if this account is important to you, I recommend that you immediately change its password. I do not recommend copy/pasting authentication-related raw data on public forums. :grimacing:

thanx, yes it is important xD I changed the password of it, I did not realize… no it seems there is nothing in logs about this, but the password can not be wrong as I am able to connect to the account using converse with the same password

my phpBB is an older version, but I tried the protocol file from the newest version, but no connection too

The username that is provided by phpBB to Openfire is “Brut”, with a capital letter ‘B’. Is that intended?

I am not sure, but if I put brut all lowercase the same result, I have googled that there may be some errors in the line .base64, I tried various versions, nothing worked, this should be the original one, is there everything allright (its from the function_jabber.php of phpBB)? is the mechanism compatible with openfire?

else if (in_array('PLAIN', $methods) && ($this->session['ssl'] || !empty($this->session['tls'])))
{
	// http://www.ietf.org/rfc/rfc4616.txt (PLAIN SASL Mechanism)
	$this->send("<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='PLAIN'>"
		. base64_encode($this->username . '@' . $this->server . chr(0) . $this->username . chr(0) . $this->password) .'</auth>');

The code that you are copy/pasting is an implementation of the PLAIN SASL mechanism. The snippet of XMPP that you shared earlier showed that the DIGEST-MD5 SASL mechanism was used.

functions_jabber.php (21.4 KB)

ahah, I am not much of a coder, so I did not realize that, here I uploaded the full file, I asked on phpBB forum too, but they told me I have to ask here

I’m afraid that I can’t spare the time to debug that code. What you can try to do is disable the DIGEST-MD5 mechanism in Openfire. This will cause phpBB to use the PLAIN mechanism. If there’s a compatibility issue in the DIGEST-MD5 implementation, then you have a good chance of uncovering it that way.

You can disable SASL implementations in the Openfire admin console (under Server > Server Settings > Registration & Login)

thank You, I unchecked the DIGEST MD5 option and the error disappeared, need to test if it is working like it should but it seems to be fixed.

but how nnecessary is this function? would I miss this function in other clients etc?

This would suggest that the SASL DIGEST-MD5 implementation of phpBB has some compatibility issue. Given that Openfire has, for years, used that as one of the primary methods of authentication, I’m tempted to think that this compatibility issue’s origin lies with phpBB more than with Openfire.

The DIGEST-MD5 SASL mechanism is old, and should be replaced by more modern SASL mechanisms. In reality, I suspect that many clients will still use it. Disabling it is not ideal for compatiblity.

Thank You for Your time, I trust You that You are right and will write to phpBB support forum about this.

I will see, I officially support blabber.im, gajim and old version of trillian astra, it looks like they work without it, but hope they will fix it

1 Like

Can you please provide links to the other forum threads, on both sides? That will help developers to communicate with each-other, and might help future readers that have similar issues.

of course, here it is
https://www.phpbb.com/community/viewtopic.php?t=2635716

1 Like