Screenshot instructions:
Windows
Mac
Red Hat Linux
Ubuntu
Click URL instructions:
Right-click on ad, choose "Copy Link", then paste here →
(This may not be possible with some types of ads)
|
From: Reini Urban <rurban@us...> - 2004-11-01 10:44:13
|
Update of /cvsroot/phpwiki/phpwiki/lib/WikiUser
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv22479/WikiUser
Added Files:
AdoDb.php BogoLogin.php Db.php File.php HttpAuth.php IMAP.php
LDAP.php POP3.php PearDb.php PersonalPage.php Session.php
Log Message:
seperate PassUser methods into seperate dir (memory usage)
fix WikiUser (old) overlarge data session
remove wikidb arg from various page class methods, use global ->_dbi instead
...
--- NEW FILE: AdoDb.php ---
<?php //-*-php-*-
rcs_id('$Id: AdoDb.php,v 1.1 2004/11/01 10:43:58 rurban Exp $');
/* Copyright (C) 2004 $ThePhpWikiProgrammingTeam
*/
class _AdoDbPassUser
extends _DbPassUser
/**
* ADODB methods
* Simple sprintf, no prepare.
*
* Warning: Since we use FETCH_MODE_ASSOC (string hash) and not the also faster
* FETCH_MODE_ROW (numeric), we have to use the correct aliases in auth_* sql statements!
*
* TODO: Change FETCH_MODE in adodb WikiDB sublasses.
*
* @tables: user
*/
{
var $_authmethod = 'AdoDb';
function _AdoDbPassUser($UserName='',$prefs=false) {
if (!$this->_prefs and isa($this,"_AdoDbPassUser")) {
if ($prefs) $this->_prefs = $prefs;
if (!isset($this->_prefs->_method))
_PassUser::_PassUser($UserName);
}
if (!$this->isValidName($UserName)) {
trigger_error(_("Invalid username."),E_USER_WARNING);
return false;
}
$this->_userid = $UserName;
$this->getAuthDbh();
$this->_auth_crypt_method = $GLOBALS['request']->_dbi->getAuthParam('auth_crypt_method');
// Don't prepare the configured auth statements anymore
return $this;
}
function getPreferences() {
// override the generic slow method here for efficiency
_AnonUser::getPreferences();
$this->getAuthDbh();
if (isset($this->_prefs->_select)) {
$dbh = & $this->_auth_dbi;
$rs = $dbh->Execute(sprintf($this->_prefs->_select, $dbh->qstr($this->_userid)));
if ($rs->EOF) {
$rs->Close();
} else {
$prefs_blob = @$rs->fields['prefs'];
$rs->Close();
if ($restored_from_db = $this->_prefs->retrieve($prefs_blob)) {
$updated = $this->_prefs->updatePrefs($restored_from_db);
//$this->_prefs = new UserPreferences($restored_from_db);
return $this->_prefs;
}
}
}
if ($this->_HomePagehandle) {
if ($restored_from_page = $this->_prefs->retrieve
($this->_HomePagehandle->get('pref'))) {
$updated = $this->_prefs->updatePrefs($restored_from_page);
//$this->_prefs = new UserPreferences($restored_from_page);
return $this->_prefs;
}
}
return $this->_prefs;
}
function setPreferences($prefs, $id_only=false) {
// if the prefs are changed
if (_AnonUser::setPreferences($prefs, 1)) {
global $request;
$packed = $this->_prefs->store();
//$user = $request->_user;
//unset($user->_auth_dbi);
if (!$id_only and isset($this->_prefs->_update)) {
$this->getAuthDbh();
$dbh = &$this->_auth_dbi;
$db_result = $dbh->Execute(sprintf($this->_prefs->_update,
$dbh->qstr($packed),
$dbh->qstr($this->_userid)));
$db_result->Close();
//delete pageprefs:
if ($this->_HomePagehandle and $this->_HomePagehandle->get('pref'))
$this->_HomePagehandle->set('pref', '');
} else {
//store prefs in homepage, not in cookie
if ($this->_HomePagehandle and !$id_only)
$this->_HomePagehandle->set('pref', $packed);
}
return count($this->_prefs->unpack($packed));
}
return 0;
}
function userExists() {
$this->getAuthDbh();
$dbh = &$this->_auth_dbi;
if (!$dbh) { // needed?
return $this->_tryNextUser();
}
if (!$this->isValidName()) {
return $this->_tryNextUser();
}
$dbi =& $GLOBALS['request']->_dbi;
if (empty($this->_authselect) and $dbi->getAuthParam('auth_check')) {
$this->_authselect = $this->prepare($dbi->getAuthParam('auth_check'),
array("userid","password"));
}
if (empty($this->_authselect))
trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
'DBAUTH_AUTH_CHECK', 'ADODB'),
E_USER_WARNING);
//NOTE: for auth_crypt_method='crypt' no special auth_user_exists is needed
if ($this->_auth_crypt_method == 'crypt') {
$rs = $dbh->Execute(sprintf($this->_authselect, $dbh->qstr($this->_userid)));
if (!$rs->EOF) {
$rs->Close();
return true;
} else {
$rs->Close();
}
}
else {
if (! $dbi->getAuthParam('auth_user_exists'))
trigger_error(fmt("%s is missing", 'DBAUTH_AUTH_USER_EXISTS'),
E_USER_WARNING);
$this->_authcheck = $this->prepare($dbi->getAuthParam('auth_user_exists'),
'userid');
$rs = $dbh->Execute(sprintf($this->_authcheck, $dbh->qstr($this->_userid)));
if (!$rs->EOF) {
$rs->Close();
return true;
} else {
$rs->Close();
}
}
// maybe the user is allowed to create himself. Generally not wanted in
// external databases, but maybe wanted for the wiki database, for performance
// reasons
if (empty($this->_authcreate) and $dbi->getAuthParam('auth_create')) {
$this->_authcreate = $this->prepare($dbi->getAuthParam('auth_create'),
array("userid", "password"));
}
if (!empty($this->_authcreate) and
isset($GLOBALS['HTTP_POST_VARS']['auth']) and
isset($GLOBALS['HTTP_POST_VARS']['auth']['passwd']))
{
$dbh->Execute(sprintf($this->_authcreate,
$dbh->qstr($GLOBALS['HTTP_POST_VARS']['auth']['passwd']),
$dbh->qstr($this->_userid)));
return true;
}
return $this->_tryNextUser();
}
function checkPass($submitted_password) {
//global $DBAuthParams;
$this->getAuthDbh();
if (!$this->_auth_dbi) { // needed?
return $this->_tryNextPass($submitted_password);
}
if (!$this->isValidName()) {
return $this->_tryNextPass($submitted_password);
}
$dbh =& $this->_auth_dbi;
$dbi =& $GLOBALS['request']->_dbi;
if (empty($this->_authselect) and $dbi->getAuthParam('auth_check')) {
$this->_authselect = $this->prepare($dbi->getAuthParam('auth_check'),
array("userid", "password"));
}
if (!isset($this->_authselect))
$this->userExists();
if (!isset($this->_authselect))
trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
'DBAUTH_AUTH_CHECK', 'ADODB'),
E_USER_WARNING);
//NOTE: for auth_crypt_method='crypt' defined('ENCRYPTED_PASSWD',true) must be set
if ($this->_auth_crypt_method == 'crypt') {
$rs = $dbh->Execute(sprintf($this->_authselect, $dbh->qstr($this->_userid)));
if (!$rs->EOF) {
$stored_password = $rs->fields['password'];
$rs->Close();
$result = $this->_checkPass($submitted_password, $stored_password);
} else {
$rs->Close();
$result = false;
}
} else {
$rs = $dbh->Execute(sprintf($this->_authselect,
$dbh->qstr($submitted_password),
$dbh->qstr($this->_userid)));
if (isset($rs->fields['ok']))
$okay = $rs->fields['ok'];
elseif (isset($rs->fields[1]))
$okay = $rs->fields[1];
else {
$okay = reset($rs->fields);
}
$rs->Close();
$result = !empty($okay);
}
if ($result) {
$this->_level = WIKIAUTH_USER;
return $this->_level;
} else {
return $this->_tryNextPass($submitted_password);
}
}
function mayChangePass() {
return $GLOBALS['request']->_dbi->getAuthParam('auth_update');
}
function storePass($submitted_password) {
$this->getAuthDbh();
$dbh = &$this->_auth_dbi;
$dbi =& $GLOBALS['request']->_dbi;
if ($dbi->getAuthParam('auth_update') and empty($this->_authupdate)) {
$this->_authupdate = $this->prepare($dbi->getAuthParam('auth_update'),
array("userid", "password"));
}
if (!isset($this->_authupdate)) {
trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
'DBAUTH_AUTH_UPDATE', 'ADODB'),
E_USER_WARNING);
return false;
}
if ($this->_auth_crypt_method == 'crypt') {
if (function_exists('crypt'))
$submitted_password = crypt($submitted_password);
}
$rs = $dbh->Execute(sprintf($this->_authupdate,
$dbh->qstr($submitted_password),
$dbh->qstr($this->_userid)
));
$rs->Close();
return $rs;
}
}
// $Log: AdoDb.php,v $
// Revision 1.1 2004/11/01 10:43:58 rurban
// seperate PassUser methods into seperate dir (memory usage)
// fix WikiUser (old) overlarge data session
// remove wikidb arg from various page class methods, use global ->_dbi instead
// ...
//
// Local Variables:
// mode: php
// tab-width: 8
// c-basic-offset: 4
// c-hanging-comment-ender-p: nil
// indent-tabs-mode: nil
// End:
?>
--- NEW FILE: BogoLogin.php ---
<?php //-*-php-*-
rcs_id('$Id: BogoLogin.php,v 1.1 2004/11/01 10:43:58 rurban Exp $');
/* Copyright (C) 2004 $ThePhpWikiProgrammingTeam
*/
/** Without stored password. A _BogoLoginPassUser with password
* is automatically upgraded to a PersonalPagePassUser.
*/
class _BogoLoginPassUser
extends _PassUser
{
var $_authmethod = 'BogoLogin';
function userExists() {
if (isWikiWord($this->_userid)) {
$this->_level = WIKIAUTH_BOGO;
return true;
} else {
$this->_level = WIKIAUTH_ANON;
return false;
}
}
/** A BogoLoginUser requires no password at all
* But if there's one stored, we should prefer PersonalPage instead
*/
function checkPass($submitted_password) {
if ($this->_prefs->get('passwd')) {
if (isset($this->_prefs->_method) and $this->_prefs->_method == 'HomePage') {
$user = new _PersonalPagePassUser($this->_userid, $this->_prefs);
if ($user->checkPass($submitted_password)) {
if (!check_php_version(5))
eval("\$this = \$user;");
// /*PHP5 patch*/$this = $user;
$user = UpgradeUser($this, $user);
$this->_level = WIKIAUTH_USER;
return $this->_level;
} else {
$this->_level = WIKIAUTH_ANON;
return $this->_level;
}
} else {
$stored_password = $this->_prefs->get('passwd');
if ($this->_checkPass($submitted_password, $stored_password)) {
$this->_level = WIKIAUTH_USER;
return $this->_level;
} else {
return $this->_tryNextPass($submitted_password);
}
}
}
if (isWikiWord($this->_userid)) {
$this->_level = WIKIAUTH_BOGO;
} else {
$this->_level = WIKIAUTH_ANON;
}
return $this->_level;
}
}
// $Log: BogoLogin.php,v $
// Revision 1.1 2004/11/01 10:43:58 rurban
// seperate PassUser methods into seperate dir (memory usage)
// fix WikiUser (old) overlarge data session
// remove wikidb arg from various page class methods, use global ->_dbi instead
// ...
//
// Local Variables:
// mode: php
// tab-width: 8
// c-basic-offset: 4
// c-hanging-comment-ender-p: nil
// indent-tabs-mode: nil
// End:
?>
--- NEW FILE: Db.php ---
<?php //-*-php-*-
rcs_id('$Id: Db.php,v 1.1 2004/11/01 10:43:58 rurban Exp $');
/* Copyright (C) 2004 $ThePhpWikiProgrammingTeam
*/
/**
* Baseclass for PearDB and ADODB PassUser's
* Authenticate against a database, to be able to use shared users.
* internal: no different $DbAuthParams['dsn'] defined, or
* external: different $DbAuthParams['dsn']
* The magic is done in the symbolic SQL statements in config/config.ini, similar to
* libnss-mysql.
*
* We support only the SQL and ADODB backends.
* The other WikiDB backends (flat, cvs, dba, ...) should be used for pages,
* not for auth stuff. If one would like to use e.g. dba for auth, he should
* use PearDB (SQL) with the right $DBAuthParam['auth_dsn'].
* (Not supported yet, since we require SQL. SQLite would make since when
* it will come to PHP)
*
* @tables: user, pref
*
* Preferences are handled in the parent class _PassUser, because the
* previous classes may also use DB pref_select and pref_update.
*
* Flat files auth is handled by the auth method "File".
*/
class _DbPassUser
extends _PassUser
{
var $_authselect, $_authupdate, $_authcreate;
// This can only be called from _PassUser, because the parent class
// sets the auth_dbi and pref methods, before this class is initialized.
function _DbPassUser($UserName='',$prefs=false) {
if (!$this->_prefs) {
if ($prefs) $this->_prefs = $prefs;
}
if (!isset($this->_prefs->_method))
_PassUser::_PassUser($UserName);
elseif (!$this->isValidName($UserName)) {
trigger_error(_("Invalid username."),E_USER_WARNING);
return false;
}
$this->_authmethod = 'Db';
//$this->getAuthDbh();
//$this->_auth_crypt_method = @$GLOBALS['DBAuthParams']['auth_crypt_method'];
$dbi =& $GLOBALS['request']->_dbi;
$dbtype = $dbi->getParam('dbtype');
if ($dbtype == 'ADODB') {
include_once("lib/WikiUser/AdoDb.php");
if (check_php_version(5))
return new _AdoDbPassUser($UserName,$this->_prefs);
else {
$user = new _AdoDbPassUser($UserName,$this->_prefs);
eval("\$this = \$user;");
return $user;
}
}
elseif ($dbtype == 'SQL') {
include_once("lib/WikiUser/PearDb.php");
if (check_php_version(5))
return new _PearDbPassUser($UserName,$this->_prefs);
else {
$user = new _PearDbPassUser($UserName,$this->_prefs);
eval("\$this = \$user;");
return $user;
}
}
return false;
}
function mayChangePass() {
return !isset($this->_authupdate);
}
}
// $Log: Db.php,v $
// Revision 1.1 2004/11/01 10:43:58 rurban
// seperate PassUser methods into seperate dir (memory usage)
// fix WikiUser (old) overlarge data session
// remove wikidb arg from various page class methods, use global ->_dbi instead
// ...
//
// Local Variables:
// mode: php
// tab-width: 8
// c-basic-offset: 4
// c-hanging-comment-ender-p: nil
// indent-tabs-mode: nil
// End:
?>
--- NEW FILE: File.php ---
<?php //-*-php-*-
rcs_id('$Id: File.php,v 1.1 2004/11/01 10:43:58 rurban Exp $');
/* Copyright (C) 2004 $ThePhpWikiProgrammingTeam
*/
class _FilePassUser
extends _PassUser
/**
* Check users defined in a .htaccess style file
* username:crypt\n...
*
* Preferences are handled in _PassUser
*/
{
var $_file, $_may_change;
// This can only be called from _PassUser, because the parent class
// sets the pref methods, before this class is initialized.
function _FilePassUser($UserName='', $prefs=false, $file='') {
if (!$this->_prefs and isa($this, "_FilePassUser")) {
if ($prefs) $this->_prefs = $prefs;
if (!isset($this->_prefs->_method))
_PassUser::_PassUser($UserName);
}
$this->_userid = $UserName;
// read the .htaccess style file. We use our own copy of the standard pear class.
//include_once 'lib/pear/File_Passwd.php';
$this->_may_change = defined('AUTH_USER_FILE_STORABLE') && AUTH_USER_FILE_STORABLE;
if (empty($file) and defined('AUTH_USER_FILE'))
$file = AUTH_USER_FILE;
include_once(dirname(__FILE__)."/pear/File_Passwd.php"); // same style as in main.php
// "__PHP_Incomplete_Class"
if (!empty($file) or empty($this->_file) or !isa($this->_file,"File_Passwd"))
$this->_file = new File_Passwd($file, false, $file.'.lock');
else
return false;
return $this;
}
function mayChangePass() {
return $this->_may_change;
}
function userExists() {
if (!$this->isValidName()) {
return $this->_tryNextUser();
}
$this->_authmethod = 'File';
if (isset($this->_file->users[$this->_userid]))
return true;
return $this->_tryNextUser();
}
function checkPass($submitted_password) {
if (!$this->isValidName()) {
trigger_error(_("Invalid username"),E_USER_WARNING);
return $this->_tryNextPass($submitted_password);
}
//include_once 'lib/pear/File_Passwd.php';
if ($this->_file->verifyPassword($this->_userid, $submitted_password)) {
$this->_authmethod = 'File';
$this->_level = WIKIAUTH_USER;
if ($this->isAdmin()) // member of the Administrators group
$this->_level = WIKIAUTH_ADMIN;
return $this->_level;
}
return $this->_tryNextPass($submitted_password);
}
function storePass($submitted_password) {
if (!$this->isValidName()) {
return false;
}
if ($this->_may_change) {
$this->_file = new File_Passwd($this->_file->_filename, true,
$this->_file->_filename.'.lock');
$result = $this->_file->modUser($this->_userid,$submitted_password);
$this->_file->close();
$this->_file = new File_Passwd($this->_file->_filename, false);
return $result;
}
return false;
}
}
// $Log: File.php,v $
// Revision 1.1 2004/11/01 10:43:58 rurban
// seperate PassUser methods into seperate dir (memory usage)
// fix WikiUser (old) overlarge data session
// remove wikidb arg from various page class methods, use global ->_dbi instead
// ...
//
// Local Variables:
// mode: php
// tab-width: 8
// c-basic-offset: 4
// c-hanging-comment-ender-p: nil
// indent-tabs-mode: nil
// End:
?>
--- NEW FILE: HttpAuth.php ---
<?php //-*-php-*-
rcs_id('$Id: HttpAuth.php,v 1.1 2004/11/01 10:43:58 rurban Exp $');
/* Copyright (C) 2004 $ThePhpWikiProgrammingTeam
*/
/**
* We have two possibilities here.
* 1) The webserver location is already HTTP protected (usually Basic). Then just
* use the username and do nothing
* 2) The webserver location is not protected, so we enforce basic HTTP Protection
* by sending a 401 error and let the client display the login dialog.
* This makes only sense if HttpAuth is the last method in USER_AUTH_ORDER,
* since the other methods cannot be transparently called after this enforced
* external dialog.
* Try the available auth methods (most likely Bogo) and sent this header back.
* header('Authorization: Basic '.base64_encode("$userid:$passwd")."\r\n";
*/
class _HttpAuthPassUser
extends _PassUser
{
function _HttpAuthPassUser($UserName='',$prefs=false) {
if ($prefs) $this->_prefs = $prefs;
if (!isset($this->_prefs->_method))
_PassUser::_PassUser($UserName);
if ($UserName) $this->_userid = $UserName;
$this->_authmethod = 'HttpAuth';
if ($this->userExists())
return $this;
else
return $GLOBALS['ForbiddenUser'];
}
function _http_username() {
if (!isset($_SERVER))
$_SERVER =& $GLOBALS['HTTP_SERVER_VARS'];
if (!empty($_SERVER['PHP_AUTH_USER']))
return $_SERVER['PHP_AUTH_USER'];
if (!empty($_SERVER['REMOTE_USER']))
return $_SERVER['REMOTE_USER'];
if (!empty($GLOBALS['HTTP_ENV_VARS']['REMOTE_USER']))
return $GLOBALS['HTTP_ENV_VARS']['REMOTE_USER'];
if (!empty($GLOBALS['REMOTE_USER']))
return $GLOBALS['REMOTE_USER'];
return '';
}
//force http auth authorization
function userExists() {
// todo: older php's
$username = $this->_http_username();
if (empty($username) or strtolower($username) != strtolower($this->_userid)) {
header('WWW-Authenticate: Basic realm="'.WIKI_NAME.'"');
header('HTTP/1.0 401 Unauthorized');
exit;
}
$this->_userid = $username;
// we should check if he is a member of admin,
// because HttpAuth has its own logic.
$this->_level = WIKIAUTH_USER;
if ($this->isAdmin())
$this->_level = WIKIAUTH_ADMIN;
return $this;
}
function checkPass($submitted_password) {
return $this->userExists()
? ($this->isAdmin() ? WIKIAUTH_ADMIN : WIKIAUTH_USER)
: WIKIAUTH_ANON;
}
function mayChangePass() {
return false;
}
// hmm... either the server dialog or our own.
function PrintLoginForm (&$request, $args, $fail_message = false,
$seperate_page = true) {
header('WWW-Authenticate: Basic realm="'.WIKI_NAME.'"');
header('HTTP/1.0 401 Unauthorized');
exit;
}
}
// $Log: HttpAuth.php,v $
// Revision 1.1 2004/11/01 10:43:58 rurban
// seperate PassUser methods into seperate dir (memory usage)
// fix WikiUser (old) overlarge data session
// remove wikidb arg from various page class methods, use global ->_dbi instead
// ...
//
// Local Variables:
// mode: php
// tab-width: 8
// c-basic-offset: 4
// c-hanging-comment-ender-p: nil
// indent-tabs-mode: nil
// End:
?>
--- NEW FILE: IMAP.php ---
<?php //-*-php-*-
rcs_id('$Id: IMAP.php,v 1.1 2004/11/01 10:43:58 rurban Exp $');
/* Copyright (C) 2004 $ThePhpWikiProgrammingTeam
*/
class _IMAPPassUser
extends _PassUser
/**
* Define the var IMAP_AUTH_HOST in config/config.ini (with port probably)
*
* Preferences are handled in _PassUser
*/
{
function checkPass($submitted_password) {
if (!$this->isValidName()) {
return $this->_tryNextPass($submitted_password);
}
$userid = $this->_userid;
$mbox = @imap_open( "{" . IMAP_AUTH_HOST . "}",
$userid, $submitted_password, OP_HALFOPEN );
if ($mbox) {
imap_close($mbox);
$this->_authmethod = 'IMAP';
$this->_level = WIKIAUTH_USER;
return $this->_level;
} else {
trigger_error(_("Unable to connect to IMAP server "). IMAP_AUTH_HOST,
E_USER_WARNING);
}
return $this->_tryNextPass($submitted_password);
}
//CHECKME: this will not be okay for the auth policy strict
function userExists() {
return true;
if (checkPass($this->_prefs->get('passwd')))
return true;
return $this->_tryNextUser();
}
function mayChangePass() {
return false;
}
}
// $Log: IMAP.php,v $
// Revision 1.1 2004/11/01 10:43:58 rurban
// seperate PassUser methods into seperate dir (memory usage)
// fix WikiUser (old) overlarge data session
// remove wikidb arg from various page class methods, use global ->_dbi instead
// ...
//
// Local Variables:
// mode: php
// tab-width: 8
// c-basic-offset: 4
// c-hanging-comment-ender-p: nil
// indent-tabs-mode: nil
// End:
?>
--- NEW FILE: LDAP.php ---
<?php //-*-php-*-
rcs_id('$Id: LDAP.php,v 1.1 2004/11/01 10:43:58 rurban Exp $');
/* Copyright (C) 2004 $ThePhpWikiProgrammingTeam
*/
class _LDAPPassUser
extends _PassUser
/**
* Define the vars LDAP_AUTH_HOST and LDAP_BASE_DN in config/config.ini
*
* Preferences are handled in _PassUser
*/
{
function _init() {
if ($this->_ldap = ldap_connect(LDAP_AUTH_HOST)) { // must be a valid LDAP server!
global $LDAP_SET_OPTION;
if (!empty($LDAP_SET_OPTION)) {
foreach ($LDAP_SET_OPTION as $key => $value) {
//if (is_string($key) and defined($key))
// $key = constant($key);
ldap_set_option($this->_ldap, $key, $value);
}
}
if (LDAP_AUTH_USER)
if (LDAP_AUTH_PASSWORD)
// Windows Active Directory Server is strict
$r = ldap_bind($this->_ldap, LDAP_AUTH_USER, LDAP_AUTH_PASSWORD);
else
$r = ldap_bind($this->_ldap, LDAP_AUTH_USER);
else
$r = true; // anonymous bind allowed
if (!$r) {
$this->_free();
trigger_error(sprintf("Unable to bind LDAP server %s", LDAP_AUTH_HOST),
E_USER_WARNING);
return false;
}
return $this->_ldap;
} else {
return false;
}
}
function _free() {
if (isset($this->_sr) and is_resource($this->_sr)) ldap_free_result($this->_sr);
if (isset($this->_ldap) and is_resource($this->_ldap)) ldap_close($this->_ldap);
unset($this->_sr);
unset($this->_ldap);
}
function checkPass($submitted_password) {
$this->_authmethod = 'LDAP';
$userid = $this->_userid;
if (!$this->isValidName()) {
return $this->_tryNextPass($submitted_password);
}
if (strstr($userid,'*')) {
trigger_error(fmt("Invalid username '%s' for LDAP Auth",$userid),
E_USER_WARNING);
return WIKIAUTH_FORBIDDEN;
}
if ($ldap = $this->_init()) {
// Need to set the right root search information. See config/config.ini
$st_search = LDAP_SEARCH_FIELD
? LDAP_SEARCH_FIELD."=$userid"
: "uid=$userid";
if (!$this->_sr = ldap_search($ldap, LDAP_BASE_DN, $st_search)) {
$this->_free();
return $this->_tryNextPass($submitted_password);
}
$info = ldap_get_entries($ldap, $this->_sr);
if (empty($info["count"])) {
$this->_free();
return $this->_tryNextPass($submitted_password);
}
// There may be more hits with this userid.
// Of course it would be better to narrow down the BASE_DN
for ($i = 0; $i < $info["count"]; $i++) {
$dn = $info[$i]["dn"];
// The password is still plain text.
// On wrong password the ldap server will return:
// "Unable to bind to server: Server is unwilling to perform"
// The @ catches this error message.
if ($r = @ldap_bind($ldap, $dn, $submitted_password)) {
// ldap_bind will return TRUE if everything matches
$this->_free();
$this->_level = WIKIAUTH_USER;
return $this->_level;
}
}
$this->_free();
}
return $this->_tryNextPass($submitted_password);
}
function userExists() {
$userid = $this->_userid;
if (strstr($userid,'*')) {
trigger_error(fmt("Invalid username '%s' for LDAP Auth", $userid),
E_USER_WARNING);
return false;
}
if ($ldap = $this->_init()) {
// Need to set the right root search information. see ../index.php
$st_search = LDAP_SEARCH_FIELD
? LDAP_SEARCH_FIELD."=$userid"
: "uid=$userid";
if (!$this->_sr = ldap_search($ldap, LDAP_BASE_DN, $st_search)) {
$this->_free();
return $this->_tryNextUser();
}
$info = ldap_get_entries($ldap, $this->_sr);
if ($info["count"] > 0) {
$this->_free();
return true;
}
}
$this->_free();
return $this->_tryNextUser();
}
function mayChangePass() {
return false;
}
}
// $Log: LDAP.php,v $
// Revision 1.1 2004/11/01 10:43:58 rurban
// seperate PassUser methods into seperate dir (memory usage)
// fix WikiUser (old) overlarge data session
// remove wikidb arg from various page class methods, use global ->_dbi instead
// ...
//
// Local Variables:
// mode: php
// tab-width: 8
// c-basic-offset: 4
// c-hanging-comment-ender-p: nil
// indent-tabs-mode: nil
// End:
?>
--- NEW FILE: POP3.php ---
<?php //-*-php-*-
rcs_id('$Id: POP3.php,v 1.1 2004/11/01 10:43:58 rurban Exp $');
/* Copyright (C) 2004 $ThePhpWikiProgrammingTeam
*/
class _POP3PassUser
extends _IMAPPassUser {
/**
* Define the var POP3_AUTH_HOST in config/config.ini
* Preferences are handled in _PassUser
*/
function checkPass($submitted_password) {
if (!$this->isValidName()) {
return $this->_tryNextPass($submitted_password);
}
$userid = $this->_userid;
$pass = $submitted_password;
$host = defined('POP3_AUTH_HOST') ? POP3_AUTH_HOST : 'localhost:110';
if (defined('POP3_AUTH_PORT'))
$port = POP3_AUTH_PORT;
elseif (strstr($host,':')) {
list(,$port) = split(':',$host);
} else {
$port = 110;
}
$retval = false;
$fp = fsockopen($host, $port, $errno, $errstr, 10);
if ($fp) {
// Get welcome string
$line = fgets($fp, 1024);
if (! strncmp("+OK ", $line, 4)) {
// Send user name
fputs($fp, "user $userid\n");
// Get response
$line = fgets($fp, 1024);
if (! strncmp("+OK ", $line, 4)) {
// Send password
fputs($fp, "pass $pass\n");
// Get response
$line = fgets($fp, 1024);
if (! strncmp("+OK ", $line, 4)) {
$retval = true;
}
}
}
// quit the connection
fputs($fp, "quit\n");
// Get the sayonara message
$line = fgets($fp, 1024);
fclose($fp);
} else {
trigger_error(_("Couldn't connect to %s","POP3_AUTH_HOST ".$host.':'.$port),
E_USER_WARNING);
}
$this->_authmethod = 'POP3';
if ($retval) {
$this->_level = WIKIAUTH_USER;
} else {
$this->_level = WIKIAUTH_ANON;
}
return $this->_level;
}
}
// $Log: POP3.php,v $
// Revision 1.1 2004/11/01 10:43:58 rurban
// seperate PassUser methods into seperate dir (memory usage)
// fix WikiUser (old) overlarge data session
// remove wikidb arg from various page class methods, use global ->_dbi instead
// ...
//
// Local Variables:
// mode: php
// tab-width: 8
// c-basic-offset: 4
// c-hanging-comment-ender-p: nil
// indent-tabs-mode: nil
// End:
?>
--- NEW FILE: PearDb.php ---
<?php //-*-php-*-
rcs_id('$Id: PearDb.php,v 1.1 2004/11/01 10:43:58 rurban Exp $');
/* Copyright (C) 2004 $ThePhpWikiProgrammingTeam
*/
class _PearDbPassUser
extends _DbPassUser
/**
* Pear DB methods
* Now optimized not to use prepare, ...query(sprintf($sql,quote())) instead.
* We use FETCH_MODE_ROW, so we don't need aliases in the auth_* SQL statements.
*
* @tables: user
* @tables: pref
*/
{
var $_authmethod = 'PearDb';
function _PearDbPassUser($UserName='',$prefs=false) {
//global $DBAuthParams;
if (!$this->_prefs and isa($this,"_PearDbPassUser")) {
if ($prefs) $this->_prefs = $prefs;
}
if (!isset($this->_prefs->_method))
_PassUser::_PassUser($UserName);
elseif (!$this->isValidName($UserName)) {
trigger_error(_("Invalid username."), E_USER_WARNING);
return false;
}
$this->_userid = $UserName;
// make use of session data. generally we only initialize this every time,
// but do auth checks only once
$this->_auth_crypt_method = $GLOBALS['request']->_dbi->getAuthParam('auth_crypt_method');
return $this;
}
function getPreferences() {
// override the generic slow method here for efficiency and not to
// clutter the homepage metadata with prefs.
_AnonUser::getPreferences();
$this->getAuthDbh();
if (isset($this->_prefs->_select)) {
$dbh = &$this->_auth_dbi;
$db_result = $dbh->query(sprintf($this->_prefs->_select,$dbh->quote($this->_userid)));
// patched by frederik@...
$prefs = $db_result->fetchRow();
$prefs_blob = @$prefs["prefs"];
if ($restored_from_db = $this->_prefs->retrieve($prefs_blob)) {
$updated = $this->_prefs->updatePrefs($restored_from_db);
//$this->_prefs = new UserPreferences($restored_from_db);
return $this->_prefs;
}
}
if ($this->_HomePagehandle) {
if ($restored_from_page = $this->_prefs->retrieve
($this->_HomePagehandle->get('pref'))) {
$updated = $this->_prefs->updatePrefs($restored_from_page);
//$this->_prefs = new UserPreferences($restored_from_page);
return $this->_prefs;
}
}
return $this->_prefs;
}
function setPreferences($prefs, $id_only=false) {
// if the prefs are changed
if ($count = _AnonUser::setPreferences($prefs, 1)) {
//global $request;
//$user = $request->_user;
//unset($user->_auth_dbi);
// this must be done in $request->_setUser, not here!
//$request->setSessionVar('wiki_user', $user);
$this->getAuthDbh();
$packed = $this->_prefs->store();
if (!$id_only and isset($this->_prefs->_update)) {
$dbh = &$this->_auth_dbi;
$dbh->simpleQuery(sprintf($this->_prefs->_update,
$dbh->quote($packed),
$dbh->quote($this->_userid)));
//delete pageprefs:
if ($this->_HomePagehandle and $this->_HomePagehandle->get('pref'))
$this->_HomePagehandle->set('pref', '');
} else {
//store prefs in homepage, not in cookie
if ($this->_HomePagehandle and !$id_only)
$this->_HomePagehandle->set('pref', $packed);
}
return $count; //count($this->_prefs->unpack($packed));
}
return 0;
}
function userExists() {
//global $DBAuthParams;
$this->getAuthDbh();
$dbh = &$this->_auth_dbi;
if (!$dbh) { // needed?
return $this->_tryNextUser();
}
if (!$this->isValidName()) {
return $this->_tryNextUser();
}
$dbi =& $GLOBALS['request']->_dbi;
// Prepare the configured auth statements
if ($dbi->getAuthParam('auth_check') and empty($this->_authselect)) {
$this->_authselect = $this->prepare($dbi->getAuthParam('auth_check'),
array("userid", "password"));
}
if (empty($this->_authselect))
trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
'DBAUTH_AUTH_CHECK', 'SQL'),
E_USER_WARNING);
//NOTE: for auth_crypt_method='crypt' no special auth_user_exists is needed
if ($this->_auth_crypt_method == 'crypt') {
$rs = $dbh->query(sprintf($this->_authselect, $dbh->quote($this->_userid)));
if ($rs->numRows())
return true;
}
else {
if (! $dbi->getAuthParam('auth_user_exists'))
trigger_error(fmt("%s is missing",'DBAUTH_AUTH_USER_EXISTS'),
E_USER_WARNING);
$this->_authcheck = $this->prepare($dbi->getAuthParam('auth_user_exists'),"userid");
$rs = $dbh->query(sprintf($this->_authcheck, $dbh->quote($this->_userid)));
if ($rs->numRows())
return true;
}
// maybe the user is allowed to create himself. Generally not wanted in
// external databases, but maybe wanted for the wiki database, for performance
// reasons
if (empty($this->_authcreate) and $dbi->getAuthParam('auth_create')) {
$this->_authcreate = $this->prepare($dbi->getAuthParam('auth_create'),
array("userid", "password"));
}
if (!empty($this->_authcreate) and isset($GLOBALS['HTTP_POST_VARS']['auth']['passwd'])) {
$passwd = $GLOBALS['HTTP_POST_VARS']['auth']['passwd'];
$dbh->simpleQuery(sprintf($this->_authcreate,
$dbh->quote($passwd),
$dbh->quote($this->_userid)
));
return true;
}
return $this->_tryNextUser();
}
function checkPass($submitted_password) {
//global $DBAuthParams;
$this->getAuthDbh();
if (!$this->_auth_dbi) { // needed?
return $this->_tryNextPass($submitted_password);
}
if (!$this->isValidName()) {
return $this->_tryNextPass($submitted_password);
}
if (!isset($this->_authselect))
$this->userExists();
if (!isset($this->_authselect))
trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
'DBAUTH_AUTH_CHECK','SQL'),
E_USER_WARNING);
//NOTE: for auth_crypt_method='crypt' defined('ENCRYPTED_PASSWD',true) must be set
$dbh = &$this->_auth_dbi;
if ($this->_auth_crypt_method == 'crypt') {
$stored_password = $dbh->getOne(sprintf($this->_authselect,
$dbh->quote($this->_userid)));
$result = $this->_checkPass($submitted_password, $stored_password);
} else {
$okay = $dbh->getOne(sprintf($this->_authselect,
$dbh->quote($submitted_password),
$dbh->quote($this->_userid)));
$result = !empty($okay);
}
if ($result) {
$this->_level = WIKIAUTH_USER;
return $this->_level;
} else {
return $this->_tryNextPass($submitted_password);
}
}
function mayChangePass() {
return $GLOBALS['request']->_dbi->getAuthParam('auth_update');
}
function storePass($submitted_password) {
if (!$this->isValidName()) {
return false;
}
$this->getAuthDbh();
$dbh = &$this->_auth_dbi;
$dbi =& $GLOBALS['request']->_dbi;
if ($dbi->getAuthParam('auth_update') and empty($this->_authupdate)) {
$this->_authupdate = $this->prepare($dbi->getAuthParam('auth_update'),
array("userid", "password"));
}
if (empty($this->_authupdate)) {
trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
'DBAUTH_AUTH_UPDATE','SQL'),
E_USER_WARNING);
return false;
}
if ($this->_auth_crypt_method == 'crypt') {
if (function_exists('crypt'))
$submitted_password = crypt($submitted_password);
}
$dbh->simpleQuery(sprintf($this->_authupdate,
$dbh->quote($submitted_password),
$dbh->quote($this->_userid)
));
return true;
}
}
// $Log: PearDb.php,v $
// Revision 1.1 2004/11/01 10:43:58 rurban
// seperate PassUser methods into seperate dir (memory usage)
// fix WikiUser (old) overlarge data session
// remove wikidb arg from various page class methods, use global ->_dbi instead
// ...
//
// Local Variables:
// mode: php
// tab-width: 8
// c-basic-offset: 4
// c-hanging-comment-ender-p: nil
// indent-tabs-mode: nil
// End:
?>
--- NEW FILE: PersonalPage.php ---
<?php //-*-php-*-
rcs_id('$Id: PersonalPage.php,v 1.1 2004/11/01 10:43:58 rurban Exp $');
/* Copyright (C) 2004 $ThePhpWikiProgrammingTeam
*/
/**
* This class is only to simplify the auth method dispatcher.
* It inherits almost all all methods from _PassUser.
*/
class _PersonalPagePassUser
extends _PassUser
{
var $_authmethod = 'PersonalPage';
function userExists() {
return $this->_HomePagehandle and $this->_HomePagehandle->exists();
}
/** A PersonalPagePassUser requires PASSWORD_LENGTH_MINIMUM.
* BUT if the user already has a homepage with an empty password
* stored, allow login but warn him to change it.
*/
function checkPass($submitted_password) {
if ($this->userExists()) {
$stored_password = $this->_prefs->get('passwd');
if (empty($stored_password)) {
trigger_error(sprintf(
_("PersonalPage login method:\n").
_("You stored an empty password in your '%s' page.\n").
_("Your access permissions are only for a BogoUser.\n").
_("Please set your password in UserPreferences."),
$this->_userid), E_USER_WARNING);
$this->_level = WIKIAUTH_BOGO;
return $this->_level;
}
if ($this->_checkPass($submitted_password, $stored_password))
return ($this->_level = WIKIAUTH_USER);
return _PassUser::checkPass($submitted_password);
}
return WIKIAUTH_ANON;
}
}
// $Log: PersonalPage.php,v $
// Revision 1.1 2004/11/01 10:43:58 rurban
// seperate PassUser methods into seperate dir (memory usage)
// fix WikiUser (old) overlarge data session
// remove wikidb arg from various page class methods, use global ->_dbi instead
// ...
//
// Local Variables:
// mode: php
// tab-width: 8
// c-basic-offset: 4
// c-hanging-comment-ender-p: nil
// indent-tabs-mode: nil
// End:
?>
--- NEW FILE: Session.php ---
<?php //-*-php-*-
rcs_id('$Id: Session.php,v 1.1 2004/11/01 10:43:58 rurban Exp $');
/* Copyright (C) 2004 $ThePhpWikiProgrammingTeam
*/
/**
* Support reuse of existing user session from another application.
* You have to define which session variable holds the userid, and
* at what level is that user then. 1: BogoUser, 2: PassUser
* define('AUTH_SESS_USER','userid');
* define('AUTH_SESS_LEVEL',2);
*/
class _SessionPassUser
extends _PassUser
{
function _SessionPassUser($UserName='',$prefs=false) {
if ($prefs) $this->_prefs = $prefs;
if (!defined("AUTH_SESS_USER") or !defined("AUTH_SESS_LEVEL")) {
trigger_error(
"AUTH_SESS_USER or AUTH_SESS_LEVEL is not defined for the SessionPassUser method",
E_USER_ERROR);
exit;
}
$sess =& $GLOBALS['HTTP_SESSION_VARS'];
// user hash: "[user][userid]" or object "user->id"
if (strstr(AUTH_SESS_USER,"][")) {
$sess = $GLOBALS['HTTP_SESSION_VARS'];
// recurse into hashes: "[user][userid]", sess = sess[user] => sess = sess[userid]
foreach (split("][",AUTH_SESS_USER) as $v) {
$v = str_replace(array("[","]"),'',$v);
$sess = $sess[$v];
}
$this->_userid = $sess;
} elseif (strstr(AUTH_SESS_USER,"->")) {
// object "user->id" (no objects inside hashes supported!)
list($obj,$key) = split("->",AUTH_SESS_USER);
$this->_userid = $sess[$obj]->$key;
} else {
$this->_userid = $sess[AUTH_SESS_USER];
}
if (!isset($this->_prefs->_method))
_PassUser::_PassUser($this->_userid);
$this->_level = AUTH_SESS_LEVEL;
$this->_authmethod = 'Session';
}
function userExists() {
return !empty($this->_userid);
}
function checkPass($submitted_password) {
return $this->userExists() and $this->_level;
}
function mayChangePass() {
return false;
}
}
// $Log: Session.php,v $
// Revision 1.1 2004/11/01 10:43:58 rurban
// seperate PassUser methods into seperate dir (memory usage)
// fix WikiUser (old) overlarge data session
// remove wikidb arg from various page class methods, use global ->_dbi instead
// ...
//
// Local Variables:
// mode: php
// tab-width: 8
// c-basic-offset: 4
// c-hanging-comment-ender-p: nil
// indent-tabs-mode: nil
// End:
?>
|