371 lines
9.6 KiB
PHP
371 lines
9.6 KiB
PHP
|
<?php
|
||
|
# AuthPress.php
|
||
|
# Copyright (C) 2007-2008 Silvan Calarco <silvan.calarco@mambasoft.it>
|
||
|
# Version 0.2.1 - December 31, 2007
|
||
|
# Version 0.2.2 - Add support for PasswordHash (used by bbpress >= 0.9)
|
||
|
#
|
||
|
# - disable password modifications
|
||
|
# - prepend a " " to table names so primitives won't prepend mediawiki prefix
|
||
|
#
|
||
|
# Derived from original AuthPress.php
|
||
|
# Copyright (C) 2005 Rob Lanphier <robla@robla.net>
|
||
|
# Version 0.2.0 - July 26, 2005
|
||
|
# Authenticate MediaWiki users against a bbPress (and possibly WordPress)
|
||
|
# database
|
||
|
#
|
||
|
# Usage instructions, release notes, and other stuff:
|
||
|
# http://codex.wordpress.org/User:RobLa/AuthPress_for_MediaWiki
|
||
|
#
|
||
|
# Derived from AuthPlugin.php
|
||
|
# Copyright (C) 2004 Brion Vibber <brion@pobox.com>
|
||
|
# http://www.mediawiki.org/
|
||
|
#
|
||
|
# This program is free software; you can redistribute it and/or modify
|
||
|
# it under the terms of the GNU General Public License as published by
|
||
|
# the Free Software Foundation; either version 2 of the License, or
|
||
|
# (at your option) any later version.
|
||
|
#
|
||
|
# This program is distributed in the hope that it will be useful,
|
||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
|
# GNU General Public License for more details.
|
||
|
#
|
||
|
# You should have received a copy of the GNU General Public License along
|
||
|
# with this program; if not, write to the Free Software Foundation, Inc.,
|
||
|
# 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||
|
# http://www.gnu.org/copyleft/gpl.html
|
||
|
|
||
|
require_once('AuthPlugin.php');
|
||
|
require_once('PasswordHash.php');
|
||
|
|
||
|
class AuthPress extends AuthPlugin {
|
||
|
|
||
|
var $mAuthPressTablePrefix="wp_";
|
||
|
var $mUseSeparateAuthPressDB=false;
|
||
|
var $mAuthPressDBServer;
|
||
|
var $mAuthPressDBName;
|
||
|
var $mAuthPressUser;
|
||
|
var $mAuthPressPassword;
|
||
|
var $mAuthPressDBconn = -1;
|
||
|
|
||
|
function AuthPress () {
|
||
|
global $wgDBserver, $wgDBname, $wgDBuser, $wgDBpassword;
|
||
|
|
||
|
$this->mAuthPressDBServer=$wgDBserver;
|
||
|
$this->mAuthPressDBName=$wgDBname;
|
||
|
$this->mAuthPressUser=$wgDBuser;
|
||
|
$this->mAuthPressPassword=$wgDBpassword;
|
||
|
}
|
||
|
|
||
|
function setAuthPressTablePrefix ( $prefix ) {
|
||
|
$this->mAuthPressTablePrefix=$prefix;
|
||
|
}
|
||
|
|
||
|
function getAuthPressUserTableName () {
|
||
|
return " ".$this->mAuthPressTablePrefix."users";
|
||
|
}
|
||
|
|
||
|
function setAuthPressDBServer ($server) {
|
||
|
$this->mUseSeparateAuthPressDB=true;
|
||
|
$this->mAuthPressDBServer=$server;
|
||
|
}
|
||
|
|
||
|
function setAuthPressDBName ($dbname) {
|
||
|
$this->mUseSeparateAuthPressDB=true;
|
||
|
$this->mAuthPressDBName=$dbname;
|
||
|
}
|
||
|
|
||
|
function setAuthPressUser ($user) {
|
||
|
$this->mUseSeparateAuthPressDB=true;
|
||
|
$this->mAuthPressUser=$user;
|
||
|
}
|
||
|
|
||
|
function setAuthPressPassword ($password) {
|
||
|
$this->mUseSeparateAuthPressDB=true;
|
||
|
$this->mAuthPressPassword=$password;
|
||
|
}
|
||
|
|
||
|
function &getAuthPressDB () {
|
||
|
if( $this->mUseSeparateAuthPressDB ) {
|
||
|
//print $this->mAuthPressDBServer;
|
||
|
//print $this->mAuthPressUser;
|
||
|
//print $this->mAuthPressPassword;
|
||
|
//print $this->mAuthPressDBName;
|
||
|
if(! is_object($this->mDBconn) ) {
|
||
|
$this->mAuthPressDBconn =
|
||
|
new Database($this->mAuthPressDBServer,
|
||
|
$this->mAuthPressUser,
|
||
|
$this->mAuthPressPassword,
|
||
|
$this->mAuthPressDBName,
|
||
|
false,
|
||
|
0,
|
||
|
$mAuthPressTablePrefix);
|
||
|
}
|
||
|
return $this->mAuthPressDBconn;
|
||
|
}
|
||
|
else {
|
||
|
return wfGetDB( DB_SLAVE );
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
/* Interface documentation copied in from AuthPlugin */
|
||
|
/**
|
||
|
* Check whether there exists a user account with the given name.
|
||
|
* The name will be normalized to MediaWiki's requirements, so
|
||
|
* you might need to munge it (for instance, for lowercase initial
|
||
|
* letters).
|
||
|
*
|
||
|
* @param string $username
|
||
|
* @return bool
|
||
|
* @access public
|
||
|
*/
|
||
|
function userExists( $username ) {
|
||
|
$dbr =& $this->getAuthPressDB();
|
||
|
|
||
|
$res = $dbr->selectRow($this->getAuthPressUserTableName(),
|
||
|
"user_login",
|
||
|
"user_login=".$dbr->addQuotes($username),
|
||
|
"AuthPress::authenticate" );
|
||
|
|
||
|
if($res) {
|
||
|
return true;
|
||
|
} else {
|
||
|
return false;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Check if a username+password pair is a valid login.
|
||
|
* The name will be normalized to MediaWiki's requirements, so
|
||
|
* you might need to munge it (for instance, for lowercase initial
|
||
|
* letters).
|
||
|
*
|
||
|
* @param string $username
|
||
|
* @param string $password
|
||
|
* @return bool
|
||
|
* @access public
|
||
|
*/
|
||
|
function authenticate( $username, $password ) {
|
||
|
$dbr =& $this->getAuthPressDB();
|
||
|
$res = $dbr->selectRow($this->getAuthPressUserTableName(),
|
||
|
"user_pass",
|
||
|
"user_login=".$dbr->addQuotes($username),
|
||
|
"AuthPress::authenticate" );
|
||
|
$hasher = new PasswordHash(8, TRUE);
|
||
|
|
||
|
/**
|
||
|
* For bbpress < 0.9 use MD5 check: $res->user_pass == MD5( $password)
|
||
|
*/
|
||
|
if( $res && ( $hasher->CheckPassword($password, $res->user_pass))) {
|
||
|
return true;
|
||
|
} else {
|
||
|
return false;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Modify options in the login template.
|
||
|
*
|
||
|
* @param UserLoginTemplate $template
|
||
|
* @access public
|
||
|
*/
|
||
|
function modifyUITemplate( &$template ) {
|
||
|
$template->set( 'usedomain', false );
|
||
|
$template->set( 'useemail', false );
|
||
|
$template->set( 'create', false );
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Set the domain this plugin is supposed to use when authenticating.
|
||
|
*
|
||
|
* @param string $domain
|
||
|
* @access public
|
||
|
*/
|
||
|
function setDomain( $domain ) {
|
||
|
$this->domain = $domain;
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Check to see if the specific domain is a valid domain.
|
||
|
*
|
||
|
* @param string $domain
|
||
|
* @return bool
|
||
|
* @access public
|
||
|
*/
|
||
|
function validDomain( $domain ) {
|
||
|
# Override this!
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* When a user logs in, optionally fill in preferences and such.
|
||
|
* For instance, you might pull the email address or real name from the
|
||
|
* external user database.
|
||
|
*
|
||
|
* The User object is passed by reference so it can be modified; don't
|
||
|
* forget the & on your function declaration.
|
||
|
*
|
||
|
* @param User $user
|
||
|
* @access public
|
||
|
*/
|
||
|
function updateUser( &$user ) {
|
||
|
|
||
|
$dbr =& $this->getAuthPressDB();
|
||
|
|
||
|
$res = $dbr->selectRow($this->getAuthPressUserTableName(),
|
||
|
array("user_nicename", "user_email"),
|
||
|
"user_login=".
|
||
|
$dbr->addQuotes($user->mName),
|
||
|
"AuthPress::authenticate" );
|
||
|
|
||
|
if($res) {
|
||
|
$user->setEmail( $res->user_email );
|
||
|
$user->setRealName( $res->user_nicename );
|
||
|
}
|
||
|
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Return true if the wiki should create a new local account automatically
|
||
|
* when asked to login a user who doesn't exist locally but does in the
|
||
|
* external auth database.
|
||
|
*
|
||
|
* If you don't automatically create accounts, you must still create
|
||
|
* accounts in some way. It's not possible to authenticate without
|
||
|
* a local account.
|
||
|
*
|
||
|
* This is just a question, and shouldn't perform any actions.
|
||
|
*
|
||
|
* @return bool
|
||
|
* @access public
|
||
|
*/
|
||
|
function autoCreate() {
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Can users change their passwords?
|
||
|
*
|
||
|
* @return bool
|
||
|
*/
|
||
|
function allowPasswordChange() {
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Set the given password in the authentication database.
|
||
|
* Return true if successful.
|
||
|
*
|
||
|
* @param string $password
|
||
|
* @return bool
|
||
|
* @access public
|
||
|
*/
|
||
|
function setPassword( $password ) {
|
||
|
# we probably don't want users using MW to change password
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Update user information in the external authentication database.
|
||
|
* Return true if successful.
|
||
|
*
|
||
|
* @param User $user
|
||
|
* @return bool
|
||
|
* @access public
|
||
|
*/
|
||
|
function updateExternalDB( $user ) {
|
||
|
# we probably don't want users using MW to change other stuff
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Check to see if external accounts can be created.
|
||
|
* Return true if external accounts can be created.
|
||
|
* @return bool
|
||
|
* @access public
|
||
|
*/
|
||
|
function canCreateAccounts() {
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Add a user to the external authentication database.
|
||
|
* Return true if successful.
|
||
|
*
|
||
|
* @param User $user
|
||
|
* @param string $password
|
||
|
* @return bool
|
||
|
* @access public
|
||
|
*/
|
||
|
function addUser( $user, $password ) {
|
||
|
# disabling
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Return true to prevent logins that don't authenticate here from being
|
||
|
* checked against the local database's password fields.
|
||
|
*
|
||
|
* This is just a question, and shouldn't perform any actions.
|
||
|
*
|
||
|
* @return bool
|
||
|
* @access public
|
||
|
*/
|
||
|
function strict() {
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* When creating a user account, optionally fill in preferences and such.
|
||
|
* For instance, you might pull the email address or real name from the
|
||
|
* external user database.
|
||
|
*
|
||
|
* The User object is passed by reference so it can be modified; don't
|
||
|
* forget the & on your function declaration.
|
||
|
*
|
||
|
* @param User $user
|
||
|
* @access public
|
||
|
*/
|
||
|
function initUser( &$user ) {
|
||
|
/* User's email is already authenticated, because:
|
||
|
* A. They have valid bbPress account
|
||
|
* B. bbPress emailed them the password
|
||
|
* C. They are logged in (presumably using that password
|
||
|
* If something changes about the bbPress email verification,
|
||
|
* then this function might need changing, too
|
||
|
*/
|
||
|
$user->mEmailAuthenticated = wfTimestampNow();
|
||
|
|
||
|
/* Everything else is in updateUser */
|
||
|
$this->updateUser( $user );
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* If you want to munge the case of an account name before the final
|
||
|
* check, now is your chance.
|
||
|
*/
|
||
|
function getCanonicalName ( $username ) {
|
||
|
// connecting to MediaWiki database for this check
|
||
|
$dbr =& wfGetDB( DB_SLAVE );
|
||
|
|
||
|
$res = $dbr->selectRow('user',
|
||
|
array("user_name"),
|
||
|
"lower(user_name)=lower(".
|
||
|
$dbr->addQuotes($username).")",
|
||
|
"AuthPress::getCanonicalName" );
|
||
|
|
||
|
if($res) {
|
||
|
return $res->user_name;
|
||
|
} else {
|
||
|
return $username;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
}
|
||
|
?>
|