mediawiki/mediawiki-AuthPress.php

<?php
# AuthPress.php
# Copyright (C) 2007-2008 Silvan Calarco <silvan.calarco@mambasoft.it>
# Version 0.2.1 - December 31, 2007
# Version 0.2.2 - Add support for PasswordHash (used by bbpress >= 0.9)
#
# - disable password modifications
# - prepend a " " to table names so primitives won't prepend mediawiki prefix
#
# Derived from original AuthPress.php
# Copyright (C) 2005 Rob Lanphier <robla@robla.net>
# Version 0.2.0 - July 26, 2005
# Authenticate MediaWiki users against a bbPress (and possibly WordPress)
# database
#
# Usage instructions, release notes, and other stuff:
# http://codex.wordpress.org/User:RobLa/AuthPress_for_MediaWiki
#
# Derived from AuthPlugin.php
# Copyright (C) 2004 Brion Vibber <brion@pobox.com>
# http://www.mediawiki.org/
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
# http://www.gnu.org/copyleft/gpl.html

require_once('AuthPlugin.php');
require_once('PasswordHash.php');

class AuthPress extends AuthPlugin {
	
	var $mAuthPressTablePrefix="wp_";
	var $mUseSeparateAuthPressDB=false;
	var	$mAuthPressDBServer;
	var	$mAuthPressDBName;
	var	$mAuthPressUser;
	var	$mAuthPressPassword;
	var $mAuthPressDBconn = -1;
	
	function AuthPress () {
		global $wgDBserver, $wgDBname, $wgDBuser, $wgDBpassword;

		$this->mAuthPressDBServer=$wgDBserver;
		$this->mAuthPressDBName=$wgDBname;
		$this->mAuthPressUser=$wgDBuser;
		$this->mAuthPressPassword=$wgDBpassword;
	}

	function setAuthPressTablePrefix ( $prefix ) {
		$this->mAuthPressTablePrefix=$prefix;
	}

	function getAuthPressUserTableName () {
		return " ".$this->mAuthPressTablePrefix."users";
	}

	function setAuthPressDBServer ($server) {
		$this->mUseSeparateAuthPressDB=true;
		$this->mAuthPressDBServer=$server;
	}

	function setAuthPressDBName ($dbname) {
		$this->mUseSeparateAuthPressDB=true;
		$this->mAuthPressDBName=$dbname;
	}

	function setAuthPressUser ($user) {
		$this->mUseSeparateAuthPressDB=true;
		$this->mAuthPressUser=$user;
	}

	function setAuthPressPassword ($password) {
		$this->mUseSeparateAuthPressDB=true;
		$this->mAuthPressPassword=$password;
	}

	function &getAuthPressDB () {
         if( $this->mUseSeparateAuthPressDB ) {
             //print $this->mAuthPressDBServer;
             //print $this->mAuthPressUser;
             //print $this->mAuthPressPassword;
             //print $this->mAuthPressDBName;
             if(! is_object($this->mDBconn) ) {
                 $this->mAuthPressDBconn =
                     new Database($this->mAuthPressDBServer,
                                 $this->mAuthPressUser,
                                 $this->mAuthPressPassword,
                                 $this->mAuthPressDBName,
                                 false,
                                 0,
                                 $mAuthPressTablePrefix);
             }
             return $this->mAuthPressDBconn;
         }
         else {
             return wfGetDB( DB_SLAVE );
         }
     }


	/* Interface documentation copied in from AuthPlugin */
	/**
	 * Check whether there exists a user account with the given name.
	 * The name will be normalized to MediaWiki's requirements, so
	 * you might need to munge it (for instance, for lowercase initial
	 * letters).
	 *
	 * @param string $username
	 * @return bool
	 * @access public
	 */
	function userExists( $username ) {
		$dbr =& $this->getAuthPressDB();
		
		$res = $dbr->selectRow($this->getAuthPressUserTableName(),
				       "user_login",
				       "user_login=".$dbr->addQuotes($username),
				       "AuthPress::authenticate" );

		if($res) {
			return true;
		} else {
			return false;
		}
	}
	
	/**
	 * Check if a username+password pair is a valid login.
	 * The name will be normalized to MediaWiki's requirements, so
	 * you might need to munge it (for instance, for lowercase initial
	 * letters).
	 *
	 * @param string $username
	 * @param string $password
	 * @return bool
	 * @access public
	 */
	function authenticate( $username, $password ) {
		$dbr =& $this->getAuthPressDB();
		$res = $dbr->selectRow($this->getAuthPressUserTableName(),
				       "user_pass",
				       "user_login=".$dbr->addQuotes($username),
				       "AuthPress::authenticate" );
		$hasher = new PasswordHash(8, TRUE);
		
		/**
		 * For bbpress < 0.9 use MD5 check: $res->user_pass == MD5( $password)
		 */
		if( $res && ( $hasher->CheckPassword($password, $res->user_pass))) {
			return true;
		} else {
			return false;
		}
	}
		    
	
	/**
	 * Modify options in the login template.
	 *
	 * @param UserLoginTemplate $template
	 * @access public
	 */
	function modifyUITemplate( &$template ) {
		$template->set( 'usedomain', false );
		$template->set( 'useemail', false );
		$template->set( 'create', false );
	}

	/**
	 * Set the domain this plugin is supposed to use when authenticating.
	 *
	 * @param string $domain
	 * @access public
	 */
	function setDomain( $domain ) {
		$this->domain = $domain;
	}

	/**
	 * Check to see if the specific domain is a valid domain.
	 *
	 * @param string $domain
	 * @return bool
	 * @access public
	 */
	function validDomain( $domain ) {
		# Override this!
		return true;
	}

	/**
	 * When a user logs in, optionally fill in preferences and such.
	 * For instance, you might pull the email address or real name from the
	 * external user database.
	 *
	 * The User object is passed by reference so it can be modified; don't
	 * forget the & on your function declaration.
	 *
	 * @param User $user
	 * @access public
	 */
	function updateUser( &$user ) {

		$dbr =& $this->getAuthPressDB();
		
		$res = $dbr->selectRow($this->getAuthPressUserTableName(),
				       array("user_nicename", "user_email"),
				       "user_login=".
				         $dbr->addQuotes($user->mName),
				       "AuthPress::authenticate" );
		
		if($res) {
			$user->setEmail( $res->user_email );
			$user->setRealName( $res->user_nicename );
		}

		return true;
	}


	/**
	 * Return true if the wiki should create a new local account automatically
	 * when asked to login a user who doesn't exist locally but does in the
	 * external auth database.
	 *
	 * If you don't automatically create accounts, you must still create
	 * accounts in some way. It's not possible to authenticate without
	 * a local account.
	 *
	 * This is just a question, and shouldn't perform any actions.
	 *
	 * @return bool
	 * @access public
	 */
	function autoCreate() {
		return true;
	}
	
	/**
	 * Can users change their passwords?
	 *
	 * @return bool
	 */
	function allowPasswordChange() {
		return false;
	}

	/**
	 * Set the given password in the authentication database.
	 * Return true if successful.
	 *
	 * @param string $password
	 * @return bool
	 * @access public
	 */
	function setPassword( $password ) {
		# we probably don't want users using MW to change password
		return false;
	}

	/**
	 * Update user information in the external authentication database.
	 * Return true if successful.
	 *
	 * @param User $user
	 * @return bool
	 * @access public
	 */
	function updateExternalDB( $user ) {
		# we probably don't want users using MW to change other stuff
		return false;
	}

	/**
	 * Check to see if external accounts can be created.
	 * Return true if external accounts can be created.
	 * @return bool
	 * @access public
	 */
	function canCreateAccounts() {
		return false;
	}

	/**
	 * Add a user to the external authentication database.
	 * Return true if successful.
	 *
	 * @param User $user
	 * @param string $password
	 * @return bool
	 * @access public
	 */
	function addUser( $user, $password ) {
		# disabling
		return false;
	}


	/**
	 * Return true to prevent logins that don't authenticate here from being
	 * checked against the local database's password fields.
	 *
	 * This is just a question, and shouldn't perform any actions.
	 *
	 * @return bool
	 * @access public
	 */
	function strict() {
		return true;
	}
	
	/**
	 * When creating a user account, optionally fill in preferences and such.
	 * For instance, you might pull the email address or real name from the
	 * external user database.
	 *
	 * The User object is passed by reference so it can be modified; don't
	 * forget the & on your function declaration.
	 *
	 * @param User $user
	 * @access public
	 */
	function initUser( &$user ) {
		/* User's email is already authenticated, because:
		 * A.  They have valid bbPress account
		 * B.  bbPress emailed them the password
		 * C.  They are logged in (presumably using that password
		 * If something changes about the bbPress email verification,
		 * then this function might need changing, too
		 */
		$user->mEmailAuthenticated = wfTimestampNow();

		/* Everything else is in updateUser */
		$this->updateUser( $user );
	}

	/**
	 * If you want to munge the case of an account name before the final
	 * check, now is your chance.
	 */
	function getCanonicalName ( $username ) {
		// connecting to MediaWiki database for this check 		
		$dbr =& wfGetDB( DB_SLAVE );
		
		$res = $dbr->selectRow('user',
				       array("user_name"),
				       "lower(user_name)=lower(".
				         $dbr->addQuotes($username).")",
				       "AuthPress::getCanonicalName" );
		
		if($res) {
			return $res->user_name;
		} else {
			return $username;
		}
	}

}
?>