Uma Getting Started Guide

Uma Home

Introduction

How many sites have you built lately that don't require some sort of user authentication? Most likely the site requires at least an admin interface of some sort, which requires some sort of user authentication mechanism. You could just stick a .htaccess file in the directory and deal with adding and removing users using htpasswd. This solution is cumbersome and not very secure. Writing your own authentication and user management system is also a possibility, but this requires time and effort to develop, test and implement. I recommend using Uma. Uma is an open source authentication and user management system that I have written been using for several years and recently released under the LGPL.

What is Uma

Uma is a user management and authentication system written in PHP. It's completely object-oriented, supports MySQL and is flexible, powerful and easy to implement. Uma allows you to have a single database managing access to an unlimited number of web sites, applications and users. Uma is actively developed and paid professional support is available if you need help. Learn more about support here.

If you have several sites, you can have one Uma database and one Uma code installation to service all of your sites. You manage all of your users and sites through one administrative tool, and can grant users access to multiple sites giving the user a single username and password.

Installation

  1. Download the tar from http://sourceforge.net/projects/uma/.

  2. Untar the source in your web server document directory, tar xzvf uma-xx.tar.gz. A directory called uma will be created.

  3. Read the INSTALL file for the latest installation instructions.

  4. Create a database called Uma and load the schema from the file called uma.sql located in the sql directory. If you need help setting up MySQL and creating databases, visit http://www.mysql.com.

  5. Edit the config.php located in the conf directory and set your database connection parameters. Read through this file, there are other things you should set as well, but the database connection parameters are the only required settings to get Uma up and running.

  6. Point your browser at, http://localhost/uma/admin to access the Uma admin tool. If you get an error, check your config.php settings and verify that you can connect to the database with the username and password specified using the MySQL shell client.

  7. Login to the admin tool with the username guest and password guest. If you can't get this to work look at the authenticator.php file in the admin directory, make sure the $permissionLevel is set to 1 and that the $serviceId is set to 1. $serviceId corresponds to the PRIMARY_KEY for the Uma service you are attempting to access. In this case the service is Uma and should have an 'id' of 1. If you are getting a database connection error, repeat step 6 until you get the database parameters correct. You did load the schema right?

Once you get the Uma admin tool working and you can log in, you have successfully installed Uma. You should create yourself a user and grant them a permission level of 99 to the Uma service, Now modify authenticator.php and set $permissionLevel to 99. You should be able to login to the admin tool with your new user and not the guest user - much more secure.

Implementation

Plugging Uma into your site is pretty easy, and it gets easier all the time. You need to have the following files in your PHP include path: Connection.class.php, DataObject.class.php, Utils.class.php, Uma.inc.php, config.php and authenticator.php. I suggest placing all of these files, other than the authenticator.php, outside of your web server's document root.

Connection.class.php - Handles all MySQL PHP function calls.

DataObject.class.php - Provides the common interface for database abstraction. Extends Connection.class.php.

Uma.inc.php - provides all the classes that Uma needs to do its job. All of the classes extend DataObject. You have to include this file for any page that you wish to protect with Uma, or any page that you wish to have access to Uma's objects or session data.

config.php - Provides all of the configuration options for Uma like database connection parameters, e-mail address for errors, text for error messages, etc. Dig around in here and become familiar with the configuration settings.

authenticator.php - Include this file in any page you wish to protect with a Uma login. If the user is not authenticated, this file loads the login page. This is where you set the $permissionLevel required to access the page and the $serviceId corresponding the 'id' column of the service associated with this page.

You will also need to have a login.php file that provides the login page. You can start by using the files I have included in the admin directory. Grab the login.php and the login.html.php and just modify the login.html.php file to give it your site's look and feel.

You should take notice of the file called mepath.php. I use this file to set the location of my Uma files. If you look at index.php in the admin directory, you will see what I am doing.
There is a line that looks like this: ini_set('include_path', @current(file('mepath.php')));
This technique keeps me from having to hardcode the include_path in multiple files. Why not just edit the php.ini file? Often times I don't have access to modify the php.ini file. This is the best solution I have found so far to deal with the include path settings. I recommend using the mepath.php file, but you are free to set your include_path any way you chose.

Although these files aren't necessarily required, you should have a loginerr.php and error.php file in case something bad happens, the user has some place to land. You can do some reporting and logging in the loginerr.php file. When getting started, copy the files I have in the admin directory.

Services

User access is granted to services based on permission levels. For instance, if you have a bowling web site called Bowl4Beer you could create a service called Bowl4Beer using the Uma admin tool. Now all you need to do to protect your site from unauthorized bowlers is simply edit the authenticator.php file and set the $serviceId to correspond to the 'id' column in the Service table for the Bowl4Beer record. The 'id' for Bowl4Beer will appear in parentheses in the admin tool next to service name.

Permissions

Uma uses the value of $permissionLevel (set in authenticator.php) to determine if the user logging in has a high enough permission to access the page. The user's permissions are stored in the Perm table, and can be set using the Uma admin tool. Access is granted for users who have a permission greater than or equal to the value assigned to $permissionLevel in authenticator.php. User's can have different levels of permissions for different services.

Conclusion

Uma allows you to benefit from the vast number of sites that have implemented Uma and use it everyday. Uma continues to improve month after month and is gaining popularity all the time. I hope you will find Uma to be as useful as I have.

My name is Keith Vance and I own Vance Consulting LLC with my wife Mandy. You can learn more about Vance Consulting at http://vanceconsulting.net/ or you can e-mail at keith@vanceconsulting.net.