diff options
Diffstat (limited to 'inc/auth')
| -rw-r--r-- | inc/auth/ad.class.php | 40 | ||||
| -rw-r--r-- | inc/auth/basic.class.php | 728 | ||||
| -rw-r--r-- | inc/auth/ldap.class.php | 5 | ||||
| -rw-r--r-- | inc/auth/mysql.class.php | 932 | ||||
| -rw-r--r-- | inc/auth/pgsql.class.php | 417 | ||||
| -rw-r--r-- | inc/auth/plain.class.php | 282 |
6 files changed, 1207 insertions, 1197 deletions
diff --git a/inc/auth/ad.class.php b/inc/auth/ad.class.php index cc080dc93..bc4168527 100644 --- a/inc/auth/ad.class.php +++ b/inc/auth/ad.class.php @@ -33,10 +33,10 @@ * // add a list of comma separated ldap contact fields. * $conf['auth']['ad']['additional'] = 'field1,field2'; * - * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) - * @author James Van Lommel <jamesvl@gmail.com> - * @link http://www.nosq.com/blog/2005/08/ldap-activedirectory-and-dokuwiki/ - * @author Andreas Gohr <andi@splitbrain.org> + * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) + * @author James Van Lommel <jamesvl@gmail.com> + * @link http://www.nosq.com/blog/2005/08/ldap-activedirectory-and-dokuwiki/ + * @author Andreas Gohr <andi@splitbrain.org> */ require_once(DOKU_INC.'inc/adLDAP.php'); @@ -51,11 +51,10 @@ class auth_ad extends auth_basic { /** * Constructor */ - function auth_ad() { + function __construct() { global $conf; $this->cnf = $conf['auth']['ad']; - // additional information fields if (isset($this->cnf['additional'])) { $this->cnf['additional'] = str_replace(' ', '', $this->cnf['additional']); @@ -72,21 +71,21 @@ class auth_ad extends auth_basic { // Prepare SSO if($_SERVER['REMOTE_USER'] && $this->cnf['sso']){ - // remove possible NTLM domain - list($dom,$usr) = explode('\\',$_SERVER['REMOTE_USER'],2); - if(!$usr) $usr = $dom; + // remove possible NTLM domain + list($dom,$usr) = explode('\\',$_SERVER['REMOTE_USER'],2); + if(!$usr) $usr = $dom; - // remove possible Kerberos domain - list($usr,$dom) = explode('@',$usr); + // remove possible Kerberos domain + list($usr,$dom) = explode('@',$usr); - $dom = strtolower($dom); - $_SERVER['REMOTE_USER'] = $usr; + $dom = strtolower($dom); + $_SERVER['REMOTE_USER'] = $usr; - // we need to simulate a login - if(empty($_COOKIE[DOKU_COOKIE])){ - $_REQUEST['u'] = $_SERVER['REMOTE_USER']; - $_REQUEST['p'] = 'sso_only'; - } + // we need to simulate a login + if(empty($_COOKIE[DOKU_COOKIE])){ + $_REQUEST['u'] = $_SERVER['REMOTE_USER']; + $_REQUEST['p'] = 'sso_only'; + } } // prepare adLDAP standard configuration @@ -147,7 +146,7 @@ class auth_ad extends auth_basic { * * @author James Van Lommel <james@nosq.com> */ - function getUserData($user){ + function getUserData($user){ global $conf; global $lang; global $ID; @@ -297,7 +296,7 @@ class auth_ad extends auth_basic { * @param $user nick of the user to be changed * @param $changes array of field/value pairs to be changed * @return bool - */ + */ function modifyUser($user, $changes) { $return = true; @@ -380,7 +379,6 @@ class auth_ad extends auth_basic { function _constructPattern($filter) { $this->_pattern = array(); foreach ($filter as $item => $pattern) { -// $this->_pattern[$item] = '/'.preg_quote($pattern,"/").'/i'; // don't allow regex characters $this->_pattern[$item] = '/'.str_replace('/','\/',$pattern).'/i'; // allow regex characters } } diff --git a/inc/auth/basic.class.php b/inc/auth/basic.class.php index c7e7031bf..7c0a5f2c9 100644 --- a/inc/auth/basic.class.php +++ b/inc/auth/basic.class.php @@ -9,395 +9,393 @@ */ class auth_basic { + var $success = true; - var $success = true; - - - /** - * Posible things an auth backend module may be able to - * do. The things a backend can do need to be set to true - * in the constructor. - */ - var $cando = array ( - 'addUser' => false, // can Users be created? - 'delUser' => false, // can Users be deleted? - 'modLogin' => false, // can login names be changed? - 'modPass' => false, // can passwords be changed? - 'modName' => false, // can real names be changed? - 'modMail' => false, // can emails be changed? - 'modGroups' => false, // can groups be changed? - 'getUsers' => false, // can a (filtered) list of users be retrieved? - 'getUserCount'=> false, // can the number of users be retrieved? - 'getGroups' => false, // can a list of available groups be retrieved? - 'external' => false, // does the module do external auth checking? - 'logout' => true, // can the user logout again? (eg. not possible with HTTP auth) - ); + /** + * Posible things an auth backend module may be able to + * do. The things a backend can do need to be set to true + * in the constructor. + */ + var $cando = array ( + 'addUser' => false, // can Users be created? + 'delUser' => false, // can Users be deleted? + 'modLogin' => false, // can login names be changed? + 'modPass' => false, // can passwords be changed? + 'modName' => false, // can real names be changed? + 'modMail' => false, // can emails be changed? + 'modGroups' => false, // can groups be changed? + 'getUsers' => false, // can a (filtered) list of users be retrieved? + 'getUserCount'=> false, // can the number of users be retrieved? + 'getGroups' => false, // can a list of available groups be retrieved? + 'external' => false, // does the module do external auth checking? + 'logout' => true, // can the user logout again? (eg. not possible with HTTP auth) + ); + /** + * Constructor. + * + * Carry out sanity checks to ensure the object is + * able to operate. Set capabilities in $this->cando + * array here + * + * Set $this->success to false if checks fail + * + * @author Christopher Smith <chris@jalakai.co.uk> + */ + function __construct() { + // the base class constructor does nothing, derived class + // constructors do the real work + } - /** - * Constructor. - * - * Carry out sanity checks to ensure the object is - * able to operate. Set capabilities in $this->cando - * array here - * - * Set $this->success to false if checks fail - * - * @author Christopher Smith <chris@jalakai.co.uk> - */ - function auth_basic() { - // the base class constructor does nothing, derived class - // constructors do the real work - } + /** + * Capability check. [ DO NOT OVERRIDE ] + * + * Checks the capabilities set in the $this->cando array and + * some pseudo capabilities (shortcutting access to multiple + * ones) + * + * ususal capabilities start with lowercase letter + * shortcut capabilities start with uppercase letter + * + * @author Andreas Gohr <andi@splitbrain.org> + * @return bool + */ + function canDo($cap) { + switch($cap){ + case 'Profile': + // can at least one of the user's properties be changed? + return ( $this->cando['modPass'] || + $this->cando['modName'] || + $this->cando['modMail'] ); + break; + case 'UserMod': + // can at least anything be changed? + return ( $this->cando['modPass'] || + $this->cando['modName'] || + $this->cando['modMail'] || + $this->cando['modLogin'] || + $this->cando['modGroups'] || + $this->cando['modMail'] ); + break; + default: + // print a helping message for developers + if(!isset($this->cando[$cap])){ + msg("Check for unknown capability '$cap' - Do you use an outdated Plugin?",-1); + } + return $this->cando[$cap]; + } + } - /** - * Capability check. [ DO NOT OVERRIDE ] - * - * Checks the capabilities set in the $this->cando array and - * some pseudo capabilities (shortcutting access to multiple - * ones) - * - * ususal capabilities start with lowercase letter - * shortcut capabilities start with uppercase letter - * - * @author Andreas Gohr <andi@splitbrain.org> - * @return bool - */ - function canDo($cap) { - switch($cap){ - case 'Profile': - // can at least one of the user's properties be changed? - return ( $this->cando['modPass'] || - $this->cando['modName'] || - $this->cando['modMail'] ); - break; - case 'UserMod': - // can at least anything be changed? - return ( $this->cando['modPass'] || - $this->cando['modName'] || - $this->cando['modMail'] || - $this->cando['modLogin'] || - $this->cando['modGroups'] || - $this->cando['modMail'] ); - break; - default: - // print a helping message for developers - if(!isset($this->cando[$cap])){ - msg("Check for unknown capability '$cap' - Do you use an outdated Plugin?",-1); + /** + * Trigger the AUTH_USERDATA_CHANGE event and call the modification function. [ DO NOT OVERRIDE ] + * + * You should use this function instead of calling createUser, modifyUser or + * deleteUsers directly. The event handlers can prevent the modification, for + * example for enforcing a user name schema. + * + * @author Gabriel Birke <birke@d-scribe.de> + * @param string $type Modification type ('create', 'modify', 'delete') + * @param array $params Parameters for the createUser, modifyUser or deleteUsers method. The content of this array depends on the modification type + * @return mixed Result from the modification function or false if an event handler has canceled the action + */ + function triggerUserMod($type, $params) { + $validTypes = array( + 'create' => 'createUser', + 'modify' => 'modifyUser', + 'delete' => 'deleteUsers' + ); + if(empty($validTypes[$type])) + return false; + $eventdata = array('type' => $type, 'params' => $params, 'modification_result' => null); + $evt = new Doku_Event('AUTH_USER_CHANGE', $eventdata); + if ($evt->advise_before(true)) { + $result = call_user_func_array(array($this, $validTypes[$type]), $params); + $evt->data['modification_result'] = $result; } - return $this->cando[$cap]; + $evt->advise_after(); + unset($evt); + return $result; } - } - /** - * Trigger the AUTH_USERDATA_CHANGE event and call the modification function. [ DO NOT OVERRIDE ] - * - * You should use this function instead of calling createUser, modifyUser or - * deleteUsers directly. The event handlers can prevent the modification, for - * example for enforcing a user name schema. - * - * @author Gabriel Birke <birke@d-scribe.de> - * @param string $type Modification type ('create', 'modify', 'delete') - * @param array $params Parameters for the createUser, modifyUser or deleteUsers method. The content of this array depends on the modification type - * @return mixed Result from the modification function or false if an event handler has canceled the action - */ - function triggerUserMod($type, $params) - { - $validTypes = array( - 'create' => 'createUser', - 'modify' => 'modifyUser', - 'delete' => 'deleteUsers' - ); - if(empty($validTypes[$type])) - return false; - $eventdata = array('type' => $type, 'params' => $params, 'modification_result' => null); - $evt = new Doku_Event('AUTH_USER_CHANGE', $eventdata); - if ($evt->advise_before(true)) { - $result = call_user_func_array(array($this, $validTypes[$type]), $params); - $evt->data['modification_result'] = $result; + /** + * Log off the current user [ OPTIONAL ] + * + * Is run in addition to the ususal logoff method. Should + * only be needed when trustExternal is implemented. + * + * @see auth_logoff() + * @author Andreas Gohr <andi@splitbrain.org> + */ + function logOff(){ } - $evt->advise_after(); - unset($evt); - return $result; - } - /** - * Log off the current user [ OPTIONAL ] - * - * Is run in addition to the ususal logoff method. Should - * only be needed when trustExternal is implemented. - * - * @see auth_logoff() - * @author Andreas Gohr <andi@splitbrain.org> - */ - function logOff(){ - } + /** + * Do all authentication [ OPTIONAL ] + * + * Set $this->cando['external'] = true when implemented + * + * If this function is implemented it will be used to + * authenticate a user - all other DokuWiki internals + * will not be used for authenticating, thus + * implementing the checkPass() function is not needed + * anymore. + * + * The function can be used to authenticate against third + * party cookies or Apache auth mechanisms and replaces + * the auth_login() function + * + * The function will be called with or without a set + * username. If the Username is given it was called + * from the login form and the given credentials might + * need to be checked. If no username was given it + * the function needs to check if the user is logged in + * by other means (cookie, environment). + * + * The function needs to set some globals needed by + * DokuWiki like auth_login() does. + * + * @see auth_login() + * @author Andreas Gohr <andi@splitbrain.org> + * + * @param string $user Username + * @param string $pass Cleartext Password + * @param bool $sticky Cookie should not expire + * @return bool true on successful auth + */ + function trustExternal($user,$pass,$sticky=false){ + /* some example: + + global $USERINFO; + global $conf; + $sticky ? $sticky = true : $sticky = false; //sanity check + + // do the checking here - /** - * Do all authentication [ OPTIONAL ] - * - * Set $this->cando['external'] = true when implemented - * - * If this function is implemented it will be used to - * authenticate a user - all other DokuWiki internals - * will not be used for authenticating, thus - * implementing the checkPass() function is not needed - * anymore. - * - * The function can be used to authenticate against third - * party cookies or Apache auth mechanisms and replaces - * the auth_login() function - * - * The function will be called with or without a set - * username. If the Username is given it was called - * from the login form and the given credentials might - * need to be checked. If no username was given it - * the function needs to check if the user is logged in - * by other means (cookie, environment). - * - * The function needs to set some globals needed by - * DokuWiki like auth_login() does. - * - * @see auth_login() - * @author Andreas Gohr <andi@splitbrain.org> - * - * @param string $user Username - * @param string $pass Cleartext Password - * @param bool $sticky Cookie should not expire - * @return bool true on successful auth - */ - function trustExternal($user,$pass,$sticky=false){ -# // some example: -# -# global $USERINFO; -# global $conf; -# $sticky ? $sticky = true : $sticky = false; //sanity check -# -# // do the checking here -# -# // set the globals if authed -# $USERINFO['name'] = 'FIXME'; -# $USERINFO['mail'] = 'FIXME'; -# $USERINFO['grps'] = array('FIXME'); -# $_SERVER['REMOTE_USER'] = $user; -# $_SESSION[DOKU_COOKIE]['auth']['user'] = $user; -# $_SESSION[DOKU_COOKIE]['auth']['pass'] = $pass; -# $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO; -# return true; - } + // set the globals if authed + $USERINFO['name'] = 'FIXME'; + $USERINFO['mail'] = 'FIXME'; + $USERINFO['grps'] = array('FIXME'); + $_SERVER['REMOTE_USER'] = $user; + $_SESSION[DOKU_COOKIE]['auth']['user'] = $user; + $_SESSION[DOKU_COOKIE]['auth']['pass'] = $pass; + $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO; + return true; - /** - * Check user+password [ MUST BE OVERRIDDEN ] - * - * Checks if the given user exists and the given - * plaintext password is correct - * - * May be ommited if trustExternal is used. - * - * @author Andreas Gohr <andi@splitbrain.org> - * @return bool - */ - function checkPass($user,$pass){ - msg("no valid authorisation system in use", -1); - return false; - } + */ + } + + /** + * Check user+password [ MUST BE OVERRIDDEN ] + * + * Checks if the given user exists and the given + * plaintext password is correct + * + * May be ommited if trustExternal is used. + * + * @author Andreas Gohr <andi@splitbrain.org> + * @return bool + */ + function checkPass($user,$pass){ + msg("no valid authorisation system in use", -1); + return false; + } - /** - * Return user info [ MUST BE OVERRIDDEN ] - * - * Returns info about the given user needs to contain - * at least these fields: - * - * name string full name of the user - * mail string email addres of the user - * grps array list of groups the user is in - * - * @author Andreas Gohr <andi@splitbrain.org> - * @return array containing user data or false - */ - function getUserData($user) { - if(!$this->cando['external']) msg("no valid authorisation system in use", -1); - return false; - } + /** + * Return user info [ MUST BE OVERRIDDEN ] + * + * Returns info about the given user needs to contain + * at least these fields: + * + * name string full name of the user + * mail string email addres of the user + * grps array list of groups the user is in + * + * @author Andreas Gohr <andi@splitbrain.org> + * @return array containing user data or false + */ + function getUserData($user) { + if(!$this->cando['external']) msg("no valid authorisation system in use", -1); + return false; + } - /** - * Create a new User [implement only where required/possible] - * - * Returns false if the user already exists, null when an error - * occurred and true if everything went well. - * - * The new user HAS TO be added to the default group by this - * function! - * - * Set addUser capability when implemented - * - * @author Andreas Gohr <andi@splitbrain.org> - */ - function createUser($user,$pass,$name,$mail,$grps=null){ - msg("authorisation method does not allow creation of new users", -1); - return null; - } + /** + * Create a new User [implement only where required/possible] + * + * Returns false if the user already exists, null when an error + * occurred and true if everything went well. + * + * The new user HAS TO be added to the default group by this + * function! + * + * Set addUser capability when implemented + * + * @author Andreas Gohr <andi@splitbrain.org> + */ + function createUser($user,$pass,$name,$mail,$grps=null){ + msg("authorisation method does not allow creation of new users", -1); + return null; + } - /** - * Modify user data [implement only where required/possible] - * - * Set the mod* capabilities according to the implemented features - * - * @author Chris Smith <chris@jalakai.co.uk> - * @param $user nick of the user to be changed - * @param $changes array of field/value pairs to be changed (password will be clear text) - * @return bool - */ - function modifyUser($user, $changes) { - msg("authorisation method does not allow modifying of user data", -1); - return false; - } + /** + * Modify user data [implement only where required/possible] + * + * Set the mod* capabilities according to the implemented features + * + * @author Chris Smith <chris@jalakai.co.uk> + * @param $user nick of the user to be changed + * @param $changes array of field/value pairs to be changed (password will be clear text) + * @return bool + */ + function modifyUser($user, $changes) { + msg("authorisation method does not allow modifying of user data", -1); + return false; + } - /** - * Delete one or more users [implement only where required/possible] - * - * Set delUser capability when implemented - * - * @author Chris Smith <chris@jalakai.co.uk> - * @param array $users - * @return int number of users deleted - */ - function deleteUsers($users) { - msg("authorisation method does not allow deleting of users", -1); - return false; - } + /** + * Delete one or more users [implement only where required/possible] + * + * Set delUser capability when implemented + * + * @author Chris Smith <chris@jalakai.co.uk> + * @param array $users + * @return int number of users deleted + */ + function deleteUsers($users) { + msg("authorisation method does not allow deleting of users", -1); + return false; + } - /** - * Return a count of the number of user which meet $filter criteria - * [should be implemented whenever retrieveUsers is implemented] - * - * Set getUserCount capability when implemented - * - * @author Chris Smith <chris@jalakai.co.uk> - */ - function getUserCount($filter=array()) { - msg("authorisation method does not provide user counts", -1); - return 0; - } + /** + * Return a count of the number of user which meet $filter criteria + * [should be implemented whenever retrieveUsers is implemented] + * + * Set getUserCount capability when implemented + * + * @author Chris Smith <chris@jalakai.co.uk> + */ + function getUserCount($filter=array()) { + msg("authorisation method does not provide user counts", -1); + return 0; + } - /** - * Bulk retrieval of user data [implement only where required/possible] - * - * Set getUsers capability when implemented - * - * @author Chris Smith <chris@jalakai.co.uk> - * @param start index of first user to be returned - * @param limit max number of users to be returned - * @param filter array of field/pattern pairs, null for no filter - * @return array of userinfo (refer getUserData for internal userinfo details) - */ - function retrieveUsers($start=0,$limit=-1,$filter=null) { - msg("authorisation method does not support mass retrieval of user data", -1); - return array(); - } + /** + * Bulk retrieval of user data [implement only where required/possible] + * + * Set getUsers capability when implemented + * + * @author Chris Smith <chris@jalakai.co.uk> + * @param start index of first user to be returned + * @param limit max number of users to be returned + * @param filter array of field/pattern pairs, null for no filter + * @return array of userinfo (refer getUserData for internal userinfo details) + */ + function retrieveUsers($start=0,$limit=-1,$filter=null) { + msg("authorisation method does not support mass retrieval of user data", -1); + return array(); + } - /** - * Define a group [implement only where required/possible] - * - * Set addGroup capability when implemented - * - * @author Chris Smith <chris@jalakai.co.uk> - * @return bool - */ - function addGroup($group) { - msg("authorisation method does not support independent group creation", -1); - return false; - } + /** + * Define a group [implement only where required/possible] + * + * Set addGroup capability when implemented + * + * @author Chris Smith <chris@jalakai.co.uk> + * @return bool + */ + function addGroup($group) { + msg("authorisation method does not support independent group creation", -1); + return false; + } - /** - * Retrieve groups [implement only where required/possible] - * - * Set getGroups capability when implemented - * - * @author Chris Smith <chris@jalakai.co.uk> - * @return array - */ - function retrieveGroups($start=0,$limit=0) { - msg("authorisation method does not support group list retrieval", -1); - return array(); - } + /** + * Retrieve groups [implement only where required/possible] + * + * Set getGroups capability when implemented + * + * @author Chris Smith <chris@jalakai.co.uk> + * @return array + */ + function retrieveGroups($start=0,$limit=0) { + msg("authorisation method does not support group list retrieval", -1); + return array(); + } - /** - * Return case sensitivity of the backend [OPTIONAL] - * - * When your backend is caseinsensitive (eg. you can login with USER and - * user) then you need to overwrite this method and return false - */ - function isCaseSensitive(){ - return true; - } + /** + * Return case sensitivity of the backend [OPTIONAL] + * + * When your backend is caseinsensitive (eg. you can login with USER and + * user) then you need to overwrite this method and return false + */ + function isCaseSensitive(){ + return true; + } - /** - * Sanitize a given username [OPTIONAL] - * - * This function is applied to any user name that is given to - * the backend and should also be applied to any user name within - * the backend before returning it somewhere. - * - * This should be used to enforce username restrictions. - * - * @author Andreas Gohr <andi@splitbrain.org> - * @param string $user - username - * @param string - the cleaned username - */ - function cleanUser($user){ - return $user; - } + /** + * Sanitize a given username [OPTIONAL] + * + * This function is applied to any user name that is given to + * the backend and should also be applied to any user name within + * the backend before returning it somewhere. + * + * This should be used to enforce username restrictions. + * + * @author Andreas Gohr <andi@splitbrain.org> + * @param string $user - username + * @param string - the cleaned username + */ + function cleanUser($user){ + return $user; + } - /** - * Sanitize a given groupname [OPTIONAL] - * - * This function is applied to any groupname that is given to - * the backend and should also be applied to any groupname within - * the backend before returning it somewhere. - * - * This should be used to enforce groupname restrictions. - * - * Groupnames are to be passed without a leading '@' here. - * - * @author Andreas Gohr <andi@splitbrain.org> - * @param string $group - groupname - * @param string - the cleaned groupname - */ - function cleanGroup($group){ - return $group; - } + /** + * Sanitize a given groupname [OPTIONAL] + * + * This function is applied to any groupname that is given to + * the backend and should also be applied to any groupname within + * the backend before returning it somewhere. + * + * This should be used to enforce groupname restrictions. + * + * Groupnames are to be passed without a leading '@' here. + * + * @author Andreas Gohr <andi@splitbrain.org> + * @param string $group - groupname + * @param string - the cleaned groupname + */ + function cleanGroup($group){ + return $group; + } - /** - * Check Session Cache validity [implement only where required/possible] - * - * DokuWiki caches user info in the user's session for the timespan defined - * in $conf['auth_security_timeout']. - * - * This makes sure slow authentication backends do not slow down DokuWiki. - * This also means that changes to the user database will not be reflected - * on currently logged in users. - * - * To accommodate for this, the user manager plugin will touch a reference - * file whenever a change is submitted. This function compares the filetime - * of this reference file with the time stored in the session. - * - * This reference file mechanism does not reflect changes done directly in - * the backend's database through other means than the user manager plugin. - * - * Fast backends might want to return always false, to force rechecks on - * each page load. Others might want to use their own checking here. If - * unsure, do not override. - * - * @param string $user - The username - * @author Andreas Gohr <andi@splitbrain.org> - * @return bool - */ - function useSessionCache($user){ - global $conf; - return ($_SESSION[DOKU_COOKIE]['auth']['time'] >= @filemtime($conf['cachedir'].'/sessionpurge')); - } + /** + * Check Session Cache validity [implement only where required/possible] + * + * DokuWiki caches user info in the user's session for the timespan defined + * in $conf['auth_security_timeout']. + * + * This makes sure slow authentication backends do not slow down DokuWiki. + * This also means that changes to the user database will not be reflected + * on currently logged in users. + * + * To accommodate for this, the user manager plugin will touch a reference + * file whenever a change is submitted. This function compares the filetime + * of this reference file with the time stored in the session. + * + * This reference file mechanism does not reflect changes done directly in + * the backend's database through other means than the user manager plugin. + * + * Fast backends might want to return always false, to force rechecks on + * each page load. Others might want to use their own checking here. If + * unsure, do not override. + * + * @param string $user - The username + * @author Andreas Gohr <andi@splitbrain.org> + * @return bool + */ + function useSessionCache($user){ + global $conf; + return ($_SESSION[DOKU_COOKIE]['auth']['time'] >= @filemtime($conf['cachedir'].'/sessionpurge')); + } } //Setup VIM: ex: et ts=2 : diff --git a/inc/auth/ldap.class.php b/inc/auth/ldap.class.php index 8eb411995..a6a15ee3d 100644 --- a/inc/auth/ldap.class.php +++ b/inc/auth/ldap.class.php @@ -15,7 +15,7 @@ class auth_ldap extends auth_basic { /** * Constructor */ - function auth_ldap(){ + function __construct(){ global $conf; $this->cnf = $conf['auth']['ldap']; @@ -307,8 +307,6 @@ class auth_ldap extends auth_basic { } } return $result; - - } /** @@ -360,7 +358,6 @@ class auth_ldap extends auth_basic { function _constructPattern($filter) { $this->_pattern = array(); foreach ($filter as $item => $pattern) { -// $this->_pattern[$item] = '/'.preg_quote($pattern,"/").'/i'; // don't allow regex characters $this->_pattern[$item] = '/'.str_replace('/','\/',$pattern).'/i'; // allow regex characters } } diff --git a/inc/auth/mysql.class.php b/inc/auth/mysql.class.php index 653c725a3..9dcf82a87 100644 --- a/inc/auth/mysql.class.php +++ b/inc/auth/mysql.class.php @@ -6,7 +6,7 @@ * @author Andreas Gohr <andi@splitbrain.org> * @author Chris Smith <chris@jalakai.co.uk> * @author Matthias Grimm <matthias.grimmm@sourceforge.net> -*/ + */ class auth_mysql extends auth_basic { @@ -25,65 +25,74 @@ class auth_mysql extends auth_basic { * * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ - function auth_mysql() { - global $conf; - $this->cnf = $conf['auth']['mysql']; - - if (method_exists($this, 'auth_basic')) - parent::auth_basic(); - - if(!function_exists('mysql_connect')) { - if ($this->cnf['debug']) - msg("MySQL err: PHP MySQL extension not found.",-1,__LINE__,__FILE__); - $this->success = false; - return; - } - - // default to UTF-8, you rarely want something else - if(!isset($this->cnf['charset'])) $this->cnf['charset'] = 'utf8'; - - $this->defaultgroup = $conf['defaultgroup']; - - // set capabilities based upon config strings set - if (empty($this->cnf['server']) || empty($this->cnf['user']) || - !isset($this->cnf['password']) || empty($this->cnf['database'])){ - if ($this->cnf['debug']) - msg("MySQL err: insufficient configuration.",-1,__LINE__,__FILE__); - $this->success = false; - return; - } - - $this->cando['addUser'] = $this->_chkcnf(array('getUserInfo', - 'getGroups', - 'addUser', - 'getUserID', - 'getGroupID', - 'addGroup', - 'addUserGroup'),true); - $this->cando['delUser'] = $this->_chkcnf(array('getUserID', - 'delUser', - 'delUserRefs'),true); - $this->cando['modLogin'] = $this->_chkcnf(array('getUserID', - 'updateUser', - 'UpdateTarget'),true); - $this->cando['modPass'] = $this->cando['modLogin']; - $this->cando['modName'] = $this->cando['modLogin']; - $this->cando['modMail'] = $this->cando['modLogin']; - $this->cando['modGroups'] = $this->_chkcnf(array('getUserID', - 'getGroups', - 'getGroupID', - 'addGroup', - 'addUserGroup', - 'delGroup', - 'getGroupID', - 'delUserGroup'),true); - /* getGroups is not yet supported - $this->cando['getGroups'] = $this->_chkcnf(array('getGroups', - 'getGroupID'),false); */ - $this->cando['getUsers'] = $this->_chkcnf(array('getUsers', - 'getUserInfo', - 'getGroups'),false); - $this->cando['getUserCount'] = $this->_chkcnf(array('getUsers'),false); + function __construct() { + global $conf; + $this->cnf = $conf['auth']['mysql']; + + if (method_exists($this, 'auth_basic')){ + parent::__construct(); + } + + if(!function_exists('mysql_connect')) { + if ($this->cnf['debug']){ + msg("MySQL err: PHP MySQL extension not found.",-1,__LINE__,__FILE__); + } + $this->success = false; + return; + } + + // default to UTF-8, you rarely want something else + if(!isset($this->cnf['charset'])) $this->cnf['charset'] = 'utf8'; + + $this->defaultgroup = $conf['defaultgroup']; + + // set capabilities based upon config strings set + if (empty($this->cnf['server']) || empty($this->cnf['user']) || + !isset($this->cnf['password']) || empty($this->cnf['database'])){ + + if ($this->cnf['debug']){ + msg("MySQL err: insufficient configuration.",-1,__LINE__,__FILE__); + } + $this->success = false; + return; + } + + $this->cando['addUser'] = $this->_chkcnf(array( + 'getUserInfo', + 'getGroups', + 'addUser', + 'getUserID', + 'getGroupID', + 'addGroup', + 'addUserGroup'),true); + $this->cando['delUser'] = $this->_chkcnf(array( + 'getUserID', + 'delUser', + 'delUserRefs'),true); + $this->cando['modLogin'] = $this->_chkcnf(array( + 'getUserID', + 'updateUser', + 'UpdateTarget'),true); + $this->cando['modPass'] = $this->cando['modLogin']; + $this->cando['modName'] = $this->cando['modLogin']; + $this->cando['modMail'] = $this->cando['modLogin']; + $this->cando['modGroups'] = $this->_chkcnf(array( + 'getUserID', + 'getGroups', + 'getGroupID', + 'addGroup', + 'addUserGroup', + 'delGroup', + 'getGroupID', + 'delUserGroup'),true); + /* getGroups is not yet supported + $this->cando['getGroups'] = $this->_chkcnf(array('getGroups', + 'getGroupID'),false); */ + $this->cando['getUsers'] = $this->_chkcnf(array( + 'getUsers', + 'getUserInfo', + 'getGroups'),false); + $this->cando['getUserCount'] = $this->_chkcnf(array('getUsers'),false); } /** @@ -93,17 +102,17 @@ class auth_mysql extends auth_basic { * @return bool */ function _chkcnf($keys, $wop=false){ - foreach ($keys as $key){ - if (empty($this->cnf[$key])) return false; - } + foreach ($keys as $key){ + if (empty($this->cnf[$key])) return false; + } - /* write operation and lock array filled with tables names? */ - if ($wop && (!is_array($this->cnf['TablesToLock']) || - !count($this->cnf['TablesToLock']))){ - return false; - } + /* write operation and lock array filled with tables names? */ + if ($wop && (!is_array($this->cnf['TablesToLock']) || + !count($this->cnf['TablesToLock']))){ + return false; + } - return true; + return true; } /** @@ -122,23 +131,23 @@ class auth_mysql extends auth_basic { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ function checkPass($user,$pass){ - $rc = false; - - if($this->_openDB()) { - $sql = str_replace('%{user}',$this->_escape($user),$this->cnf['checkPass']); - $sql = str_replace('%{pass}',$this->_escape($pass),$sql); - $sql = str_replace('%{dgroup}',$this->_escape($this->defaultgroup),$sql); - $result = $this->_queryDB($sql); - - if($result !== false && count($result) == 1) { - if($this->cnf['forwardClearPass'] == 1) - $rc = true; - else - $rc = auth_verifyPassword($pass,$result[0]['pass']); + $rc = false; + + if($this->_openDB()) { + $sql = str_replace('%{user}',$this->_escape($user),$this->cnf['checkPass']); + $sql = str_replace('%{pass}',$this->_escape($pass),$sql); + $sql = str_replace('%{dgroup}',$this->_escape($this->defaultgroup),$sql); + $result = $this->_queryDB($sql); + + if($result !== false && count($result) == 1) { + if($this->cnf['forwardClearPass'] == 1) + $rc = true; + else + $rc = auth_verifyPassword($pass,$result[0]['pass']); + } + $this->_closeDB(); } - $this->_closeDB(); - } - return $rc; + return $rc; } /** @@ -156,14 +165,14 @@ class auth_mysql extends auth_basic { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ function getUserData($user){ - if($this->_openDB()) { - $this->_lockTables("READ"); - $info = $this->_getUserInfo($user); - $this->_unlockTables(); - $this->_closeDB(); - } else - $info = false; - return $info; + if($this->_openDB()) { + $this->_lockTables("READ"); + $info = $this->_getUserInfo($user); + $this->_unlockTables(); + $this->_closeDB(); + } else + $info = false; + return $info; } /** @@ -186,22 +195,22 @@ class auth_mysql extends auth_basic { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ function createUser($user,$pwd,$name,$mail,$grps=null){ - if($this->_openDB()) { - if (($info = $this->_getUserInfo($user)) !== false) - return false; // user already exists - - // set defaultgroup if no groups were given - if ($grps == null) - $grps = array($this->defaultgroup); - - $this->_lockTables("WRITE"); - $pwd = $this->cnf['forwardClearPass'] ? $pwd : auth_cryptPassword($pwd); - $rc = $this->_addUser($user,$pwd,$name,$mail,$grps); - $this->_unlockTables(); - $this->_closeDB(); - if ($rc) return true; - } - return null; // return error + if($this->_openDB()) { + if (($info = $this->_getUserInfo($user)) !== false) + return false; // user already exists + + // set defaultgroup if no groups were given + if ($grps == null) + $grps = array($this->defaultgroup); + + $this->_lockTables("WRITE"); + $pwd = $this->cnf['forwardClearPass'] ? $pwd : auth_cryptPassword($pwd); + $rc = $this->_addUser($user,$pwd,$name,$mail,$grps); + $this->_unlockTables(); + $this->_closeDB(); + if ($rc) return true; + } + return null; // return error } /** @@ -233,36 +242,36 @@ class auth_mysql extends auth_basic { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ function modifyUser($user, $changes) { - $rc = false; + $rc = false; - if (!is_array($changes) || !count($changes)) - return true; // nothing to change + if (!is_array($changes) || !count($changes)) + return true; // nothing to change - if($this->_openDB()) { - $this->_lockTables("WRITE"); + if($this->_openDB()) { + $this->_lockTables("WRITE"); - if (($uid = $this->_getUserID($user))) { - $rc = $this->_updateUserInfo($changes, $uid); + if (($uid = $this->_getUserID($user))) { + $rc = $this->_updateUserInfo($changes, $uid); - if ($rc && isset($changes['grps']) && $this->cando['modGroups']) { - $groups = $this->_getGroups($user); - $grpadd = array_diff($changes['grps'], $groups); - $grpdel = array_diff($groups, $changes['grps']); + if ($rc && isset($changes['grps']) && $this->cando['modGroups']) { + $groups = $this->_getGroups($user); + $grpadd = array_diff($changes['grps'], $groups); + $grpdel = array_diff($groups, $changes['grps']); - foreach($grpadd as $group) - if (($this->_addUserToGroup($user, $group, 1)) == false) - $rc = false; + foreach($grpadd as $group) + if (($this->_addUserToGroup($user, $group, 1)) == false) + $rc = false; - foreach($grpdel as $group) - if (($this->_delUserFromGroup($user, $group)) == false) - $rc = false; - } - } + foreach($grpdel as $group) + if (($this->_delUserFromGroup($user, $group)) == false) + $rc = false; + } + } - $this->_unlockTables(); - $this->_closeDB(); - } - return $rc; + $this->_unlockTables(); + $this->_closeDB(); + } + return $rc; } /** @@ -277,20 +286,20 @@ class auth_mysql extends auth_basic { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ function deleteUsers($users) { - $count = 0; - - if($this->_openDB()) { - if (is_array($users) && count($users)) { - $this->_lockTables("WRITE"); - foreach ($users as $user) { - if ($this->_delUser($user)) - $count++; - } - $this->_unlockTables(); - } - $this->_closeDB(); - } - return $count; + $count = 0; + + if($this->_openDB()) { + if (is_array($users) && count($users)) { + $this->_lockTables("WRITE"); + foreach ($users as $user) { + if ($this->_delUser($user)) + $count++; + } + $this->_unlockTables(); + } + $this->_closeDB(); + } + return $count; } /** @@ -304,23 +313,23 @@ class auth_mysql extends auth_basic { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ function getUserCount($filter=array()) { - $rc = 0; - - if($this->_openDB()) { - $sql = $this->_createSQLFilter($this->cnf['getUsers'], $filter); - - if ($this->dbver >= 4) { - $sql = substr($sql, 6); /* remove 'SELECT' or 'select' */ - $sql = "SELECT SQL_CALC_FOUND_ROWS".$sql." LIMIT 1"; - $this->_queryDB($sql); - $result = $this->_queryDB("SELECT FOUND_ROWS()"); - $rc = $result[0]['FOUND_ROWS()']; - } else if (($result = $this->_queryDB($sql))) - $rc = count($result); - - $this->_closeDB(); - } - return $rc; + $rc = 0; + + if($this->_openDB()) { + $sql = $this->_createSQLFilter($this->cnf['getUsers'], $filter); + + if ($this->dbver >= 4) { + $sql = substr($sql, 6); /* remove 'SELECT' or 'select' */ + $sql = "SELECT SQL_CALC_FOUND_ROWS".$sql." LIMIT 1"; + $this->_queryDB($sql); + $result = $this->_queryDB("SELECT FOUND_ROWS()"); + $rc = $result[0]['FOUND_ROWS()']; + } else if (($result = $this->_queryDB($sql))) + $rc = count($result); + + $this->_closeDB(); + } + return $rc; } /** @@ -334,24 +343,24 @@ class auth_mysql extends auth_basic { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ function retrieveUsers($first=0,$limit=10,$filter=array()) { - $out = array(); - - if($this->_openDB()) { - $this->_lockTables("READ"); - $sql = $this->_createSQLFilter($this->cnf['getUsers'], $filter); - $sql .= " ".$this->cnf['SortOrder']." LIMIT $first, $limit"; - $result = $this->_queryDB($sql); + $out = array(); + + if($this->_openDB()) { + $this->_lockTables("READ"); + $sql = $this->_createSQLFilter($this->cnf['getUsers'], $filter); + $sql .= " ".$this->cnf['SortOrder']." LIMIT $first, $limit"; + $result = $this->_queryDB($sql); + + if (!empty($result)) { + foreach ($result as $user) + if (($info = $this->_getUserInfo($user['user']))) + $out[$user['user']] = $info; + } - if (!empty($result)) { - foreach ($result as $user) - if (($info = $this->_getUserInfo($user['user']))) - $out[$user['user']] = $info; + $this->_unlockTables(); + $this->_closeDB(); } - - $this->_unlockTables(); - $this->_closeDB(); - } - return $out; + return $out; } /** @@ -364,15 +373,15 @@ class auth_mysql extends auth_basic { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ function joinGroup($user, $group) { - $rc = false; - - if ($this->_openDB()) { - $this->_lockTables("WRITE"); - $rc = $this->_addUserToGroup($user, $group); - $this->_unlockTables(); - $this->_closeDB(); - } - return $rc; + $rc = false; + + if ($this->_openDB()) { + $this->_lockTables("WRITE"); + $rc = $this->_addUserToGroup($user, $group); + $this->_unlockTables(); + $this->_closeDB(); + } + return $rc; } /** @@ -385,16 +394,16 @@ class auth_mysql extends auth_basic { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ function leaveGroup($user, $group) { - $rc = false; - - if ($this->_openDB()) { - $this->_lockTables("WRITE"); - $uid = $this->_getUserID($user); - $rc = $this->_delUserFromGroup($user, $group); - $this->_unlockTables(); - $this->_closeDB(); - } - return $rc; + $rc = false; + + if ($this->_openDB()) { + $this->_lockTables("WRITE"); + $uid = $this->_getUserID($user); + $rc = $this->_delUserFromGroup($user, $group); + $this->_unlockTables(); + $this->_closeDB(); + } + return $rc; } /** @@ -422,36 +431,36 @@ class auth_mysql extends auth_basic { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ function _addUserToGroup($user, $group, $force=0) { - $newgroup = 0; - - if (($this->dbcon) && ($user)) { - $gid = $this->_getGroupID($group); - if (!$gid) { - if ($force) { // create missing groups - $sql = str_replace('%{group}',$this->_escape($group),$this->cnf['addGroup']); - $gid = $this->_modifyDB($sql); - $newgroup = 1; // group newly created - } - if (!$gid) return false; // group didn't exist and can't be created - } - - $sql = $this->cnf['addUserGroup']; - if(strpos($sql,'%{uid}') !== false){ - $uid = $this->_getUserID($user); - $sql = str_replace('%{uid}', $this->_escape($uid),$sql); - } - $sql = str_replace('%{user}', $this->_escape($user),$sql); - $sql = str_replace('%{gid}', $this->_escape($gid),$sql); - $sql = str_replace('%{group}',$this->_escape($group),$sql); - if ($this->_modifyDB($sql) !== false) return true; + $newgroup = 0; + + if (($this->dbcon) && ($user)) { + $gid = $this->_getGroupID($group); + if (!$gid) { + if ($force) { // create missing groups + $sql = str_replace('%{group}',$this->_escape($group),$this->cnf['addGroup']); + $gid = $this->_modifyDB($sql); + $newgroup = 1; // group newly created + } + if (!$gid) return false; // group didn't exist and can't be created + } - if ($newgroup) { // remove previously created group on error - $sql = str_replace('%{gid}', $this->_escape($gid),$this->cnf['delGroup']); - $sql = str_replace('%{group}',$this->_escape($group),$sql); - $this->_modifyDB($sql); + $sql = $this->cnf['addUserGroup']; + if(strpos($sql,'%{uid}') !== false){ + $uid = $this->_getUserID($user); + $sql = str_replace('%{uid}', $this->_escape($uid),$sql); + } + $sql = str_replace('%{user}', $this->_escape($user),$sql); + $sql = str_replace('%{gid}', $this->_escape($gid),$sql); + $sql = str_replace('%{group}',$this->_escape($group),$sql); + if ($this->_modifyDB($sql) !== false) return true; + + if ($newgroup) { // remove previously created group on error + $sql = str_replace('%{gid}', $this->_escape($gid),$this->cnf['delGroup']); + $sql = str_replace('%{group}',$this->_escape($group),$sql); + $this->_modifyDB($sql); + } } - } - return false; + return false; } /** @@ -464,24 +473,23 @@ class auth_mysql extends auth_basic { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ function _delUserFromGroup($user, $group) { - $rc = false; + $rc = false; - - if (($this->dbcon) && ($user)) { - $sql = $this->cnf['delUserGroup']; - if(strpos($sql,'%{uid}') !== false){ - $uid = $this->_getUserID($user); - $sql = str_replace('%{uid}', $this->_escape($uid),$sql); - } - $gid = $this->_getGroupID($group); - if ($gid) { - $sql = str_replace('%{user}', $this->_escape($user),$sql); - $sql = str_replace('%{gid}', $this->_escape($gid),$sql); - $sql = str_replace('%{group}',$this->_escape($group),$sql); - $rc = $this->_modifyDB($sql) == 0 ? true : false; + if (($this->dbcon) && ($user)) { + $sql = $this->cnf['delUserGroup']; + if(strpos($sql,'%{uid}') !== false){ + $uid = $this->_getUserID($user); + $sql = str_replace('%{uid}', $this->_escape($uid),$sql); + } + $gid = $this->_getGroupID($group); + if ($gid) { + $sql = str_replace('%{user}', $this->_escape($user),$sql); + $sql = str_replace('%{gid}', $this->_escape($gid),$sql); + $sql = str_replace('%{group}',$this->_escape($group),$sql); + $rc = $this->_modifyDB($sql) == 0 ? true : false; + } } - } - return $rc; + return $rc; } /** @@ -498,19 +506,19 @@ class auth_mysql extends auth_basic { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ function _getGroups($user) { - $groups = array(); + $groups = array(); - if($this->dbcon) { - $sql = str_replace('%{user}',$this->_escape($user),$this->cnf['getGroups']); - $result = $this->_queryDB($sql); + if($this->dbcon) { + $sql = str_replace('%{user}',$this->_escape($user),$this->cnf['getGroups']); + $result = $this->_queryDB($sql); - if($result !== false && count($result)) { - foreach($result as $row) - $groups[] = $row['group']; + if($result !== false && count($result)) { + foreach($result as $row) + $groups[] = $row['group']; + } + return $groups; } - return $groups; - } - return false; + return false; } /** @@ -526,12 +534,12 @@ class auth_mysql extends auth_basic { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ function _getUserID($user) { - if($this->dbcon) { - $sql = str_replace('%{user}',$this->_escape($user),$this->cnf['getUserID']); - $result = $this->_queryDB($sql); - return $result === false ? false : $result[0]['id']; - } - return false; + if($this->dbcon) { + $sql = str_replace('%{user}',$this->_escape($user),$this->cnf['getUserID']); + $result = $this->_queryDB($sql); + return $result === false ? false : $result[0]['id']; + } + return false; } /** @@ -553,33 +561,33 @@ class auth_mysql extends auth_basic { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ function _addUser($user,$pwd,$name,$mail,$grps){ - if($this->dbcon && is_array($grps)) { - $sql = str_replace('%{user}', $this->_escape($user),$this->cnf['addUser']); - $sql = str_replace('%{pass}', $this->_escape($pwd),$sql); - $sql = str_replace('%{name}', $this->_escape($name),$sql); - $sql = str_replace('%{email}',$this->_escape($mail),$sql); - $uid = $this->_modifyDB($sql); - - if ($uid) { - foreach($grps as $group) { - $gid = $this->_addUserToGroup($user, $group, 1); - if ($gid === false) break; - } - - if ($gid) return true; - else { - /* remove the new user and all group relations if a group can't - * be assigned. Newly created groups will remain in the database - * and won't be removed. This might create orphaned groups but - * is not a big issue so we ignore this problem here. - */ - $this->_delUser($user); - if ($this->cnf['debug']) - msg ("MySQL err: Adding user '$user' to group '$group' failed.",-1,__LINE__,__FILE__); - } + if($this->dbcon && is_array($grps)) { + $sql = str_replace('%{user}', $this->_escape($user),$this->cnf['addUser']); + $sql = str_replace('%{pass}', $this->_escape($pwd),$sql); + $sql = str_replace('%{name}', $this->_escape($name),$sql); + $sql = str_replace('%{email}',$this->_escape($mail),$sql); + $uid = $this->_modifyDB($sql); + + if ($uid) { + foreach($grps as $group) { + $gid = $this->_addUserToGroup($user, $group, 1); + if ($gid === false) break; + } + + if ($gid) return true; + else { + /* remove the new user and all group relations if a group can't + * be assigned. Newly created groups will remain in the database + * and won't be removed. This might create orphaned groups but + * is not a big issue so we ignore this problem here. + */ + $this->_delUser($user); + if ($this->cnf['debug']) + msg ("MySQL err: Adding user '$user' to group '$group' failed.",-1,__LINE__,__FILE__); + } + } } - } - return false; + return false; } /** @@ -595,18 +603,18 @@ class auth_mysql extends auth_basic { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ function _delUser($user) { - if($this->dbcon) { - $uid = $this->_getUserID($user); - if ($uid) { - $sql = str_replace('%{uid}',$this->_escape($uid),$this->cnf['delUserRefs']); - $this->_modifyDB($sql); - $sql = str_replace('%{uid}',$this->_escape($uid),$this->cnf['delUser']); - $sql = str_replace('%{user}', $this->_escape($user),$sql); - $this->_modifyDB($sql); - return true; - } - } - return false; + if($this->dbcon) { + $uid = $this->_getUserID($user); + if ($uid) { + $sql = str_replace('%{uid}',$this->_escape($uid),$this->cnf['delUserRefs']); + $this->_modifyDB($sql); + $sql = str_replace('%{uid}',$this->_escape($uid),$this->cnf['delUser']); + $sql = str_replace('%{user}', $this->_escape($user),$sql); + $this->_modifyDB($sql); + return true; + } + } + return false; } /** @@ -623,14 +631,14 @@ class auth_mysql extends auth_basic { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ function _getUserInfo($user){ - $sql = str_replace('%{user}',$this->_escape($user),$this->cnf['getUserInfo']); - $result = $this->_queryDB($sql); - if($result !== false && count($result)) { - $info = $result[0]; - $info['grps'] = $this->_getGroups($user); - return $info; - } - return false; + $sql = str_replace('%{user}',$this->_escape($user),$this->cnf['getUserInfo']); + $result = $this->_queryDB($sql); + if($result !== false && count($result)) { + $info = $result[0]; + $info['grps'] = $this->_getGroups($user); + return $info; + } + return false; } /** @@ -653,43 +661,43 @@ class auth_mysql extends auth_basic { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ function _updateUserInfo($changes, $uid) { - $sql = $this->cnf['updateUser']." "; - $cnt = 0; - $err = 0; - - if($this->dbcon) { - foreach ($changes as $item => $value) { - if ($item == 'user') { - if (($this->_getUserID($changes['user']))) { - $err = 1; /* new username already exists */ - break; /* abort update */ + $sql = $this->cnf['updateUser']." "; + $cnt = 0; + $err = 0; + + if($this->dbcon) { + foreach ($changes as $item => $value) { + if ($item == 'user') { + if (($this->_getUserID($changes['user']))) { + $err = 1; /* new username already exists */ + break; /* abort update */ + } + if ($cnt++ > 0) $sql .= ", "; + $sql .= str_replace('%{user}',$value,$this->cnf['UpdateLogin']); + } else if ($item == 'name') { + if ($cnt++ > 0) $sql .= ", "; + $sql .= str_replace('%{name}',$value,$this->cnf['UpdateName']); + } else if ($item == 'pass') { + if (!$this->cnf['forwardClearPass']) + $value = auth_cryptPassword($value); + if ($cnt++ > 0) $sql .= ", "; + $sql .= str_replace('%{pass}',$value,$this->cnf['UpdatePass']); + } else if ($item == 'mail') { + if ($cnt++ > 0) $sql .= ", "; + $sql .= str_replace('%{email}',$value,$this->cnf['UpdateEmail']); + } } - if ($cnt++ > 0) $sql .= ", "; - $sql .= str_replace('%{user}',$value,$this->cnf['UpdateLogin']); - } else if ($item == 'name') { - if ($cnt++ > 0) $sql .= ", "; - $sql .= str_replace('%{name}',$value,$this->cnf['UpdateName']); - } else if ($item == 'pass') { - if (!$this->cnf['forwardClearPass']) - $value = auth_cryptPassword($value); - if ($cnt++ > 0) $sql .= ", "; - $sql .= str_replace('%{pass}',$value,$this->cnf['UpdatePass']); - } else if ($item == 'mail') { - if ($cnt++ > 0) $sql .= ", "; - $sql .= str_replace('%{email}',$value,$this->cnf['UpdateEmail']); - } - } - - if ($err == 0) { - if ($cnt > 0) { - $sql .= " ".str_replace('%{uid}', $uid, $this->cnf['UpdateTarget']); - if(get_class($this) == 'auth_mysql') $sql .= " LIMIT 1"; //some PgSQL inheritance comp. - $this->_modifyDB($sql); - } - return true; - } - } - return false; + + if ($err == 0) { + if ($cnt > 0) { + $sql .= " ".str_replace('%{uid}', $uid, $this->cnf['UpdateTarget']); + if(get_class($this) == 'auth_mysql') $sql .= " LIMIT 1"; //some PgSQL inheritance comp. + $this->_modifyDB($sql); + } + return true; + } + } + return false; } /** @@ -705,12 +713,12 @@ class auth_mysql extends auth_basic { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ function _getGroupID($group) { - if($this->dbcon) { - $sql = str_replace('%{group}',$this->_escape($group),$this->cnf['getGroupID']); - $result = $this->_queryDB($sql); - return $result === false ? false : $result[0]['id']; - } - return false; + if($this->dbcon) { + $sql = str_replace('%{group}',$this->_escape($group),$this->cnf['getGroupID']); + $result = $this->_queryDB($sql); + return $result === false ? false : $result[0]['id']; + } + return false; } /** @@ -723,32 +731,32 @@ class auth_mysql extends auth_basic { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ function _openDB() { - if (!$this->dbcon) { - $con = @mysql_connect ($this->cnf['server'], $this->cnf['user'], $this->cnf['password']); - if ($con) { - if ((mysql_select_db($this->cnf['database'], $con))) { - if ((preg_match("/^(\d+)\.(\d+)\.(\d+).*/", mysql_get_server_info ($con), $result)) == 1) { - $this->dbver = $result[1]; - $this->dbrev = $result[2]; - $this->dbsub = $result[3]; - } - $this->dbcon = $con; - if(!empty($this->cnf['charset'])){ - mysql_query('SET CHARACTER SET "' . $this->cnf['charset'] . '"', $con); - } - return true; // connection and database successfully opened - } else { - mysql_close ($con); - if ($this->cnf['debug']) - msg("MySQL err: No access to database {$this->cnf['database']}.",-1,__LINE__,__FILE__); - } - } else if ($this->cnf['debug']) - msg ("MySQL err: Connection to {$this->cnf['user']}@{$this->cnf['server']} not possible.", - -1,__LINE__,__FILE__); - - return false; // connection failed - } - return true; // connection already open + if (!$this->dbcon) { + $con = @mysql_connect ($this->cnf['server'], $this->cnf['user'], $this->cnf['password']); + if ($con) { + if ((mysql_select_db($this->cnf['database'], $con))) { + if ((preg_match("/^(\d+)\.(\d+)\.(\d+).*/", mysql_get_server_info ($con), $result)) == 1) { + $this->dbver = $result[1]; + $this->dbrev = $result[2]; + $this->dbsub = $result[3]; + } + $this->dbcon = $con; + if(!empty($this->cnf['charset'])){ + mysql_query('SET CHARACTER SET "' . $this->cnf['charset'] . '"', $con); + } + return true; // connection and database successfully opened + } else { + mysql_close ($con); + if ($this->cnf['debug']) + msg("MySQL err: No access to database {$this->cnf['database']}.",-1,__LINE__,__FILE__); + } + } else if ($this->cnf['debug']) + msg ("MySQL err: Connection to {$this->cnf['user']}@{$this->cnf['server']} not possible.", + -1,__LINE__,__FILE__); + + return false; // connection failed + } + return true; // connection already open } /** @@ -757,10 +765,10 @@ class auth_mysql extends auth_basic { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ function _closeDB() { - if ($this->dbcon) { - mysql_close ($this->dbcon); - $this->dbcon = 0; - } + if ($this->dbcon) { + mysql_close ($this->dbcon); + $this->dbcon = 0; + } } /** @@ -776,23 +784,23 @@ class auth_mysql extends auth_basic { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ function _queryDB($query) { - if($this->cnf['debug'] >= 2){ - msg('MySQL query: '.hsc($query),0,__LINE__,__FILE__); - } - - $resultarray = array(); - if ($this->dbcon) { - $result = @mysql_query($query,$this->dbcon); - if ($result) { - while (($t = mysql_fetch_assoc($result)) !== false) - $resultarray[]=$t; - mysql_free_result ($result); - return $resultarray; - } - if ($this->cnf['debug']) - msg('MySQL err: '.mysql_error($this->dbcon),-1,__LINE__,__FILE__); - } - return false; + if($this->cnf['debug'] >= 2){ + msg('MySQL query: '.hsc($query),0,__LINE__,__FILE__); + } + + $resultarray = array(); + if ($this->dbcon) { + $result = @mysql_query($query,$this->dbcon); + if ($result) { + while (($t = mysql_fetch_assoc($result)) !== false) + $resultarray[]=$t; + mysql_free_result ($result); + return $resultarray; + } + if ($this->cnf['debug']) + msg('MySQL err: '.mysql_error($this->dbcon),-1,__LINE__,__FILE__); + } + return false; } /** @@ -807,16 +815,16 @@ class auth_mysql extends auth_basic { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ function _modifyDB($query) { - if ($this->dbcon) { - $result = @mysql_query($query,$this->dbcon); - if ($result) { - $rc = mysql_insert_id($this->dbcon); //give back ID on insert - if ($rc !== false) return $rc; - } - if ($this->cnf['debug']) - msg('MySQL err: '.mysql_error($this->dbcon),-1,__LINE__,__FILE__); - } - return false; + if ($this->dbcon) { + $result = @mysql_query($query,$this->dbcon); + if ($result) { + $rc = mysql_insert_id($this->dbcon); //give back ID on insert + if ($rc !== false) return $rc; + } + if ($this->cnf['debug']) + msg('MySQL err: '.mysql_error($this->dbcon),-1,__LINE__,__FILE__); + } + return false; } /** @@ -838,21 +846,21 @@ class auth_mysql extends auth_basic { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ function _lockTables($mode) { - if ($this->dbcon) { - if (is_array($this->cnf['TablesToLock']) && !empty($this->cnf['TablesToLock'])) { - if ($mode == "READ" || $mode == "WRITE") { - $sql = "LOCK TABLES "; - $cnt = 0; - foreach ($this->cnf['TablesToLock'] as $table) { - if ($cnt++ != 0) $sql .= ", "; - $sql .= "$table $mode"; + if ($this->dbcon) { + if (is_array($this->cnf['TablesToLock']) && !empty($this->cnf['TablesToLock'])) { + if ($mode == "READ" || $mode == "WRITE") { + $sql = "LOCK TABLES "; + $cnt = 0; + foreach ($this->cnf['TablesToLock'] as $table) { + if ($cnt++ != 0) $sql .= ", "; + $sql .= "$table $mode"; + } + $this->_modifyDB($sql); + return true; + } } - $this->_modifyDB($sql); - return true; - } } - } - return false; + return false; } /** @@ -862,11 +870,11 @@ class auth_mysql extends auth_basic { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ function _unlockTables() { - if ($this->dbcon) { - $this->_modifyDB("UNLOCK TABLES"); - return true; - } - return false; + if ($this->dbcon) { + $this->_modifyDB("UNLOCK TABLES"); + return true; + } + return false; } /** @@ -882,38 +890,38 @@ class auth_mysql extends auth_basic { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ function _createSQLFilter($sql, $filter) { - $SQLfilter = ""; - $cnt = 0; - - if ($this->dbcon) { - foreach ($filter as $item => $pattern) { - $tmp = '%'.$this->_escape($pattern).'%'; - if ($item == 'user') { - if ($cnt++ > 0) $SQLfilter .= " AND "; - $SQLfilter .= str_replace('%{user}',$tmp,$this->cnf['FilterLogin']); - } else if ($item == 'name') { - if ($cnt++ > 0) $SQLfilter .= " AND "; - $SQLfilter .= str_replace('%{name}',$tmp,$this->cnf['FilterName']); - } else if ($item == 'mail') { - if ($cnt++ > 0) $SQLfilter .= " AND "; - $SQLfilter .= str_replace('%{email}',$tmp,$this->cnf['FilterEmail']); - } else if ($item == 'grps') { - if ($cnt++ > 0) $SQLfilter .= " AND "; - $SQLfilter .= str_replace('%{group}',$tmp,$this->cnf['FilterGroup']); - } - } - - // we have to check SQLfilter here and must not use $cnt because if - // any of cnf['Filter????'] is not defined, a malformed SQL string - // would be generated. - - if (strlen($SQLfilter)) { - $glue = strpos(strtolower($sql),"where") ? " AND " : " WHERE "; - $sql = $sql.$glue.$SQLfilter; - } - } - - return $sql; + $SQLfilter = ""; + $cnt = 0; + + if ($this->dbcon) { + foreach ($filter as $item => $pattern) { + $tmp = '%'.$this->_escape($pattern).'%'; + if ($item == 'user') { + if ($cnt++ > 0) $SQLfilter .= " AND "; + $SQLfilter .= str_replace('%{user}',$tmp,$this->cnf['FilterLogin']); + } else if ($item == 'name') { + if ($cnt++ > 0) $SQLfilter .= " AND "; + $SQLfilter .= str_replace('%{name}',$tmp,$this->cnf['FilterName']); + } else if ($item == 'mail') { + if ($cnt++ > 0) $SQLfilter .= " AND "; + $SQLfilter .= str_replace('%{email}',$tmp,$this->cnf['FilterEmail']); + } else if ($item == 'grps') { + if ($cnt++ > 0) $SQLfilter .= " AND "; + $SQLfilter .= str_replace('%{group}',$tmp,$this->cnf['FilterGroup']); + } + } + + // we have to check SQLfilter here and must not use $cnt because if + // any of cnf['Filter????'] is not defined, a malformed SQL string + // would be generated. + + if (strlen($SQLfilter)) { + $glue = strpos(strtolower($sql),"where") ? " AND " : " WHERE "; + $sql = $sql.$glue.$SQLfilter; + } + } + + return $sql; } /** @@ -924,15 +932,15 @@ class auth_mysql extends auth_basic { * @param boolean $like Escape wildcard chars as well? */ function _escape($string,$like=false){ - if($this->dbcon){ - $string = mysql_real_escape_string($string, $this->dbcon); - }else{ - $string = addslashes($string); - } - if($like){ - $string = addcslashes($string,'%_'); - } - return $string; + if($this->dbcon){ + $string = mysql_real_escape_string($string, $this->dbcon); + }else{ + $string = addslashes($string); + } + if($like){ + $string = addcslashes($string,'%_'); + } + return $string; } } diff --git a/inc/auth/pgsql.class.php b/inc/auth/pgsql.class.php index cf8bf7600..b422b100d 100644 --- a/inc/auth/pgsql.class.php +++ b/inc/auth/pgsql.class.php @@ -9,7 +9,7 @@ * @author Andreas Gohr <andi@splitbrain.org> * @author Chris Smith <chris@jalakai.co.uk> * @author Matthias Grimm <matthias.grimmm@sourceforge.net> -*/ + */ require_once(DOKU_INC.'inc/auth/mysql.class.php'); @@ -24,63 +24,72 @@ class auth_pgsql extends auth_mysql { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> * @author Andreas Gohr <andi@splitbrain.org> */ - function auth_pgsql() { - global $conf; - $this->cnf = $conf['auth']['pgsql']; - if(!$this->cnf['port']) $this->cnf['port'] = 5432; - - if (method_exists($this, 'auth_basic')) - parent::auth_basic(); - - if(!function_exists('pg_connect')) { - if ($this->cnf['debug']) - msg("PgSQL err: PHP Postgres extension not found.",-1); - $this->success = false; - return; - } - - $this->defaultgroup = $conf['defaultgroup']; - - // set capabilities based upon config strings set - if (empty($this->cnf['user']) || - empty($this->cnf['password']) || empty($this->cnf['database'])){ - if ($this->cnf['debug']) - msg("PgSQL err: insufficient configuration.",-1,__LINE__,__FILE__); - $this->success = false; - return; - } - - $this->cando['addUser'] = $this->_chkcnf(array('getUserInfo', - 'getGroups', - 'addUser', - 'getUserID', - 'getGroupID', - 'addGroup', - 'addUserGroup')); - $this->cando['delUser'] = $this->_chkcnf(array('getUserID', - 'delUser', - 'delUserRefs')); - $this->cando['modLogin'] = $this->_chkcnf(array('getUserID', - 'updateUser', - 'UpdateTarget')); - $this->cando['modPass'] = $this->cando['modLogin']; - $this->cando['modName'] = $this->cando['modLogin']; - $this->cando['modMail'] = $this->cando['modLogin']; - $this->cando['modGroups'] = $this->_chkcnf(array('getUserID', - 'getGroups', - 'getGroupID', - 'addGroup', - 'addUserGroup', - 'delGroup', - 'getGroupID', - 'delUserGroup')); - /* getGroups is not yet supported - $this->cando['getGroups'] = $this->_chkcnf(array('getGroups', - 'getGroupID')); */ - $this->cando['getUsers'] = $this->_chkcnf(array('getUsers', - 'getUserInfo', - 'getGroups')); - $this->cando['getUserCount'] = $this->_chkcnf(array('getUsers')); + function __construct() { + global $conf; + $this->cnf = $conf['auth']['pgsql']; + if(!$this->cnf['port']){ + $this->cnf['port'] = 5432; + } + + if (method_exists($this, 'auth_basic')){ + parent::auth_basic(); + } + + if(!function_exists('pg_connect')) { + if ($this->cnf['debug']) + msg("PgSQL err: PHP Postgres extension not found.",-1); + $this->success = false; + return; + } + + $this->defaultgroup = $conf['defaultgroup']; + + // set capabilities based upon config strings set + if (empty($this->cnf['user']) || + empty($this->cnf['password']) || empty($this->cnf['database'])){ + if ($this->cnf['debug']){ + msg("PgSQL err: insufficient configuration.",-1,__LINE__,__FILE__); + } + $this->success = false; + return; + } + + $this->cando['addUser'] = $this->_chkcnf(array( + 'getUserInfo', + 'getGroups', + 'addUser', + 'getUserID', + 'getGroupID', + 'addGroup', + 'addUserGroup')); + $this->cando['delUser'] = $this->_chkcnf(array( + 'getUserID', + 'delUser', + 'delUserRefs')); + $this->cando['modLogin'] = $this->_chkcnf(array( + 'getUserID', + 'updateUser', + 'UpdateTarget')); + $this->cando['modPass'] = $this->cando['modLogin']; + $this->cando['modName'] = $this->cando['modLogin']; + $this->cando['modMail'] = $this->cando['modLogin']; + $this->cando['modGroups'] = $this->_chkcnf(array( + 'getUserID', + 'getGroups', + 'getGroupID', + 'addGroup', + 'addUserGroup', + 'delGroup', + 'getGroupID', + 'delUserGroup')); + /* getGroups is not yet supported + $this->cando['getGroups'] = $this->_chkcnf(array('getGroups', + 'getGroupID')); */ + $this->cando['getUsers'] = $this->_chkcnf(array( + 'getUsers', + 'getUserInfo', + 'getGroups')); + $this->cando['getUserCount'] = $this->_chkcnf(array('getUsers')); } /** @@ -90,10 +99,10 @@ class auth_pgsql extends auth_mysql { * @return bool */ function _chkcnf($keys, $wop=false){ - foreach ($keys as $key){ - if (empty($this->cnf[$key])) return false; - } - return true; + foreach ($keys as $key){ + if (empty($this->cnf[$key])) return false; + } + return true; } // @inherit function checkPass($user,$pass) @@ -114,18 +123,18 @@ class auth_pgsql extends auth_mysql { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ function getUserCount($filter=array()) { - $rc = 0; + $rc = 0; - if($this->_openDB()) { - $sql = $this->_createSQLFilter($this->cnf['getUsers'], $filter); + if($this->_openDB()) { + $sql = $this->_createSQLFilter($this->cnf['getUsers'], $filter); - // no equivalent of SQL_CALC_FOUND_ROWS in pgsql? - if (($result = $this->_queryDB($sql))){ - $rc = count($result); + // no equivalent of SQL_CALC_FOUND_ROWS in pgsql? + if (($result = $this->_queryDB($sql))){ + $rc = count($result); + } + $this->_closeDB(); } - $this->_closeDB(); - } - return $rc; + return $rc; } /** @@ -139,22 +148,22 @@ class auth_pgsql extends auth_mysql { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ function retrieveUsers($first=0,$limit=10,$filter=array()) { - $out = array(); - - if($this->_openDB()) { - $this->_lockTables("READ"); - $sql = $this->_createSQLFilter($this->cnf['getUsers'], $filter); - $sql .= " ".$this->cnf['SortOrder']." LIMIT $limit OFFSET $first"; - $result = $this->_queryDB($sql); - - foreach ($result as $user) - if (($info = $this->_getUserInfo($user['user']))) - $out[$user['user']] = $info; - - $this->_unlockTables(); - $this->_closeDB(); - } - return $out; + $out = array(); + + if($this->_openDB()) { + $this->_lockTables("READ"); + $sql = $this->_createSQLFilter($this->cnf['getUsers'], $filter); + $sql .= " ".$this->cnf['SortOrder']." LIMIT $limit OFFSET $first"; + $result = $this->_queryDB($sql); + + foreach ($result as $user) + if (($info = $this->_getUserInfo($user['user']))) + $out[$user['user']] = $info; + + $this->_unlockTables(); + $this->_closeDB(); + } + return $out; } // @inherit function joinGroup($user, $group) @@ -177,38 +186,38 @@ class auth_pgsql extends auth_mysql { * @author Andreas Gohr <andi@splitbrain.org> */ function _addUserToGroup($user, $group, $force=0) { - $newgroup = 0; - - if (($this->dbcon) && ($user)) { - $gid = $this->_getGroupID($group); - if (!$gid) { - if ($force) { // create missing groups - $sql = str_replace('%{group}',addslashes($group),$this->cnf['addGroup']); - $this->_modifyDB($sql); - //group should now exists try again to fetch it - $gid = $this->_getGroupID($group); - $newgroup = 1; // group newly created - } - } - if (!$gid) return false; // group didn't exist and can't be created + $newgroup = 0; - $sql = $this->cnf['addUserGroup']; - if(strpos($sql,'%{uid}') !== false){ - $uid = $this->_getUserID($user); - $sql = str_replace('%{uid}', addslashes($uid), $sql); - } - $sql = str_replace('%{user}', addslashes($user),$sql); - $sql = str_replace('%{gid}', addslashes($gid),$sql); - $sql = str_replace('%{group}',addslashes($group),$sql); - if ($this->_modifyDB($sql) !== false) return true; - - if ($newgroup) { // remove previously created group on error - $sql = str_replace('%{gid}', addslashes($gid),$this->cnf['delGroup']); - $sql = str_replace('%{group}',addslashes($group),$sql); - $this->_modifyDB($sql); + if (($this->dbcon) && ($user)) { + $gid = $this->_getGroupID($group); + if (!$gid) { + if ($force) { // create missing groups + $sql = str_replace('%{group}',addslashes($group),$this->cnf['addGroup']); + $this->_modifyDB($sql); + //group should now exists try again to fetch it + $gid = $this->_getGroupID($group); + $newgroup = 1; // group newly created + } + } + if (!$gid) return false; // group didn't exist and can't be created + + $sql = $this->cnf['addUserGroup']; + if(strpos($sql,'%{uid}') !== false){ + $uid = $this->_getUserID($user); + $sql = str_replace('%{uid}', addslashes($uid), $sql); + } + $sql = str_replace('%{user}', addslashes($user),$sql); + $sql = str_replace('%{gid}', addslashes($gid),$sql); + $sql = str_replace('%{group}',addslashes($group),$sql); + if ($this->_modifyDB($sql) !== false) return true; + + if ($newgroup) { // remove previously created group on error + $sql = str_replace('%{gid}', addslashes($gid),$this->cnf['delGroup']); + $sql = str_replace('%{group}',addslashes($group),$sql); + $this->_modifyDB($sql); + } } - } - return false; + return false; } // @inherit function _delUserFromGroup($user $group) @@ -234,37 +243,37 @@ class auth_pgsql extends auth_mysql { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ function _addUser($user,$pwd,$name,$mail,$grps){ - if($this->dbcon && is_array($grps)) { - $sql = str_replace('%{user}', addslashes($user),$this->cnf['addUser']); - $sql = str_replace('%{pass}', addslashes($pwd),$sql); - $sql = str_replace('%{name}', addslashes($name),$sql); - $sql = str_replace('%{email}',addslashes($mail),$sql); - if($this->_modifyDB($sql)){ - $uid = $this->_getUserID($user); - }else{ - return false; + if($this->dbcon && is_array($grps)) { + $sql = str_replace('%{user}', addslashes($user),$this->cnf['addUser']); + $sql = str_replace('%{pass}', addslashes($pwd),$sql); + $sql = str_replace('%{name}', addslashes($name),$sql); + $sql = str_replace('%{email}',addslashes($mail),$sql); + if($this->_modifyDB($sql)){ + $uid = $this->_getUserID($user); + }else{ + return false; + } + + if ($uid) { + foreach($grps as $group) { + $gid = $this->_addUserToGroup($user, $group, 1); + if ($gid === false) break; + } + + if ($gid) return true; + else { + /* remove the new user and all group relations if a group can't + * be assigned. Newly created groups will remain in the database + * and won't be removed. This might create orphaned groups but + * is not a big issue so we ignore this problem here. + */ + $this->_delUser($user); + if ($this->cnf['debug']) + msg("PgSQL err: Adding user '$user' to group '$group' failed.",-1,__LINE__,__FILE__); + } + } } - - if ($uid) { - foreach($grps as $group) { - $gid = $this->_addUserToGroup($user, $group, 1); - if ($gid === false) break; - } - - if ($gid) return true; - else { - /* remove the new user and all group relations if a group can't - * be assigned. Newly created groups will remain in the database - * and won't be removed. This might create orphaned groups but - * is not a big issue so we ignore this problem here. - */ - $this->_delUser($user); - if ($this->cnf['debug']) - msg("PgSQL err: Adding user '$user' to group '$group' failed.",-1,__LINE__,__FILE__); - } - } - } - return false; + return false; } // @inherit function _delUser($user) @@ -282,24 +291,24 @@ class auth_pgsql extends auth_mysql { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ function _openDB() { - if (!$this->dbcon) { - $dsn = $this->cnf['server'] ? 'host='.$this->cnf['server'] : ''; - $dsn .= ' port='.$this->cnf['port']; - $dsn .= ' dbname='.$this->cnf['database']; - $dsn .= ' user='.$this->cnf['user']; - $dsn .= ' password='.$this->cnf['password']; - - $con = @pg_connect($dsn); - if ($con) { - $this->dbcon = $con; - return true; // connection and database successfully opened - } else if ($this->cnf['debug']){ - msg ("PgSQL err: Connection to {$this->cnf['user']}@{$this->cnf['server']} not possible.", - -1,__LINE__,__FILE__); + if (!$this->dbcon) { + $dsn = $this->cnf['server'] ? 'host='.$this->cnf['server'] : ''; + $dsn .= ' port='.$this->cnf['port']; + $dsn .= ' dbname='.$this->cnf['database']; + $dsn .= ' user='.$this->cnf['user']; + $dsn .= ' password='.$this->cnf['password']; + + $con = @pg_connect($dsn); + if ($con) { + $this->dbcon = $con; + return true; // connection and database successfully opened + } else if ($this->cnf['debug']){ + msg ("PgSQL err: Connection to {$this->cnf['user']}@{$this->cnf['server']} not possible.", + -1,__LINE__,__FILE__); + } + return false; // connection failed } - return false; // connection failed - } - return true; // connection already open + return true; // connection already open } /** @@ -308,10 +317,10 @@ class auth_pgsql extends auth_mysql { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ function _closeDB() { - if ($this->dbcon) { - pg_close ($this->dbcon); - $this->dbcon = 0; - } + if ($this->dbcon) { + pg_close ($this->dbcon); + $this->dbcon = 0; + } } /** @@ -327,17 +336,17 @@ class auth_pgsql extends auth_mysql { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ function _queryDB($query) { - if ($this->dbcon) { - $result = @pg_query($this->dbcon,$query); - if ($result) { - while (($t = pg_fetch_assoc($result)) !== false) - $resultarray[]=$t; - pg_free_result ($result); - return $resultarray; - }elseif ($this->cnf['debug']) - msg('PgSQL err: '.pg_last_error($this->dbcon),-1,__LINE__,__FILE__); - } - return false; + if ($this->dbcon) { + $result = @pg_query($this->dbcon,$query); + if ($result) { + while (($t = pg_fetch_assoc($result)) !== false) + $resultarray[]=$t; + pg_free_result ($result); + return $resultarray; + }elseif ($this->cnf['debug']) + msg('PgSQL err: '.pg_last_error($this->dbcon),-1,__LINE__,__FILE__); + } + return false; } /** @@ -347,17 +356,17 @@ class auth_pgsql extends auth_mysql { * @author Andreas Gohr */ function _modifyDB($query) { - if ($this->dbcon) { - $result = @pg_query($this->dbcon,$query); - if ($result) { - pg_free_result ($result); - return true; - } - if ($this->cnf['debug']){ - msg('PgSQL err: '.pg_last_error($this->dbcon),-1,__LINE__,__FILE__); + if ($this->dbcon) { + $result = @pg_query($this->dbcon,$query); + if ($result) { + pg_free_result ($result); + return true; + } + if ($this->cnf['debug']){ + msg('PgSQL err: '.pg_last_error($this->dbcon),-1,__LINE__,__FILE__); + } } - } - return false; + return false; } /** @@ -367,11 +376,11 @@ class auth_pgsql extends auth_mysql { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ function _lockTables($mode) { - if ($this->dbcon) { - $this->_modifyDB('BEGIN'); - return true; - } - return false; + if ($this->dbcon) { + $this->_modifyDB('BEGIN'); + return true; + } + return false; } /** @@ -380,11 +389,11 @@ class auth_pgsql extends auth_mysql { * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> */ function _unlockTables() { - if ($this->dbcon) { - $this->_modifyDB('COMMIT'); - return true; - } - return false; + if ($this->dbcon) { + $this->_modifyDB('COMMIT'); + return true; + } + return false; } // @inherit function _createSQLFilter($sql, $filter) @@ -398,11 +407,11 @@ class auth_pgsql extends auth_mysql { * @param boolean $like Escape wildcard chars as well? */ function _escape($string,$like=false){ - $string = pg_escape_string($string); - if($like){ - $string = addcslashes($string,'%_'); - } - return $string; + $string = pg_escape_string($string); + if($like){ + $string = addcslashes($string,'%_'); + } + return $string; } } diff --git a/inc/auth/plain.class.php b/inc/auth/plain.class.php index 3941190e9..e682d2522 100644 --- a/inc/auth/plain.class.php +++ b/inc/auth/plain.class.php @@ -20,24 +20,24 @@ class auth_plain extends auth_basic { * * @author Christopher Smith <chris@jalakai.co.uk> */ - function auth_plain() { - global $config_cascade; - - if (!@is_readable($config_cascade['plainauth.users']['default'])){ - $this->success = false; - }else{ - if(@is_writable($config_cascade['plainauth.users']['default'])){ - $this->cando['addUser'] = true; - $this->cando['delUser'] = true; - $this->cando['modLogin'] = true; - $this->cando['modPass'] = true; - $this->cando['modName'] = true; - $this->cando['modMail'] = true; - $this->cando['modGroups'] = true; + function __construct() { + global $config_cascade; + + if (!@is_readable($config_cascade['plainauth.users']['default'])){ + $this->success = false; + }else{ + if(@is_writable($config_cascade['plainauth.users']['default'])){ + $this->cando['addUser'] = true; + $this->cando['delUser'] = true; + $this->cando['modLogin'] = true; + $this->cando['modPass'] = true; + $this->cando['modName'] = true; + $this->cando['modMail'] = true; + $this->cando['modGroups'] = true; + } + $this->cando['getUsers'] = true; + $this->cando['getUserCount'] = true; } - $this->cando['getUsers'] = true; - $this->cando['getUserCount'] = true; - } } /** @@ -51,10 +51,10 @@ class auth_plain extends auth_basic { */ function checkPass($user,$pass){ - $userinfo = $this->getUserData($user); - if ($userinfo === false) return false; + $userinfo = $this->getUserData($user); + if ($userinfo === false) return false; - return auth_verifyPassword($pass,$this->users[$user]['pass']); + return auth_verifyPassword($pass,$this->users[$user]['pass']); } /** @@ -71,8 +71,8 @@ class auth_plain extends auth_basic { */ function getUserData($user){ - if($this->users === null) $this->_loadUserData(); - return isset($this->users[$user]) ? $this->users[$user] : false; + if($this->users === null) $this->_loadUserData(); + return isset($this->users[$user]) ? $this->users[$user] : false; } /** @@ -88,29 +88,29 @@ class auth_plain extends auth_basic { * @author Chris Smith <chris@jalakai.co.uk> */ function createUser($user,$pwd,$name,$mail,$grps=null){ - global $conf; - global $config_cascade; + global $conf; + global $config_cascade; - // user mustn't already exist - if ($this->getUserData($user) !== false) return false; + // user mustn't already exist + if ($this->getUserData($user) !== false) return false; - $pass = auth_cryptPassword($pwd); + $pass = auth_cryptPassword($pwd); - // set default group if no groups specified - if (!is_array($grps)) $grps = array($conf['defaultgroup']); + // set default group if no groups specified + if (!is_array($grps)) $grps = array($conf['defaultgroup']); - // prepare user line - $groups = join(',',$grps); - $userline = join(':',array($user,$pass,$name,$mail,$groups))."\n"; + // prepare user line + $groups = join(',',$grps); + $userline = join(':',array($user,$pass,$name,$mail,$groups))."\n"; - if (io_saveFile($config_cascade['plainauth.users']['default'],$userline,true)) { - $this->users[$user] = compact('pass','name','mail','grps'); - return $pwd; - } + if (io_saveFile($config_cascade['plainauth.users']['default'],$userline,true)) { + $this->users[$user] = compact('pass','name','mail','grps'); + return $pwd; + } - msg('The '.$config_cascade['plainauth.users']['default']. - ' file is not writable. Please inform the Wiki-Admin',-1); - return null; + msg('The '.$config_cascade['plainauth.users']['default']. + ' file is not writable. Please inform the Wiki-Admin',-1); + return null; } /** @@ -122,78 +122,78 @@ class auth_plain extends auth_basic { * @return bool */ function modifyUser($user, $changes) { - global $conf; - global $ACT; - global $INFO; - global $config_cascade; - - // sanity checks, user must already exist and there must be something to change - if (($userinfo = $this->getUserData($user)) === false) return false; - if (!is_array($changes) || !count($changes)) return true; - - // update userinfo with new data, remembering to encrypt any password - $newuser = $user; - foreach ($changes as $field => $value) { - if ($field == 'user') { - $newuser = $value; - continue; + global $conf; + global $ACT; + global $INFO; + global $config_cascade; + + // sanity checks, user must already exist and there must be something to change + if (($userinfo = $this->getUserData($user)) === false) return false; + if (!is_array($changes) || !count($changes)) return true; + + // update userinfo with new data, remembering to encrypt any password + $newuser = $user; + foreach ($changes as $field => $value) { + if ($field == 'user') { + $newuser = $value; + continue; + } + if ($field == 'pass') $value = auth_cryptPassword($value); + $userinfo[$field] = $value; + } + + $groups = join(',',$userinfo['grps']); + $userline = join(':',array($newuser, $userinfo['pass'], $userinfo['name'], $userinfo['mail'], $groups))."\n"; + + if (!$this->deleteUsers(array($user))) { + msg('Unable to modify user data. Please inform the Wiki-Admin',-1); + return false; + } + + if (!io_saveFile($config_cascade['plainauth.users']['default'],$userline,true)) { + msg('There was an error modifying your user data. You should register again.',-1); + // FIXME, user has been deleted but not recreated, should force a logout and redirect to login page + $ACT == 'register'; + return false; } - if ($field == 'pass') $value = auth_cryptPassword($value); - $userinfo[$field] = $value; - } - - $groups = join(',',$userinfo['grps']); - $userline = join(':',array($newuser, $userinfo['pass'], $userinfo['name'], $userinfo['mail'], $groups))."\n"; - - if (!$this->deleteUsers(array($user))) { - msg('Unable to modify user data. Please inform the Wiki-Admin',-1); - return false; - } - - if (!io_saveFile($config_cascade['plainauth.users']['default'],$userline,true)) { - msg('There was an error modifying your user data. You should register again.',-1); - // FIXME, user has been deleted but not recreated, should force a logout and redirect to login page - $ACT == 'register'; - return false; - } - - $this->users[$newuser] = $userinfo; - return true; + + $this->users[$newuser] = $userinfo; + return true; } /** - * Remove one or more users from the list of registered users + * Remove one or more users from the list of registered users * - * @author Christopher Smith <chris@jalakai.co.uk> - * @param array $users array of users to be deleted - * @return int the number of users deleted + * @author Christopher Smith <chris@jalakai.co.uk> + * @param array $users array of users to be deleted + * @return int the number of users deleted */ function deleteUsers($users) { - global $config_cascade; + global $config_cascade; - if (!is_array($users) || empty($users)) return 0; + if (!is_array($users) || empty($users)) return 0; - if ($this->users === null) $this->_loadUserData(); + if ($this->users === null) $this->_loadUserData(); - $deleted = array(); - foreach ($users as $user) { - if (isset($this->users[$user])) $deleted[] = preg_quote($user,'/'); - } + $deleted = array(); + foreach ($users as $user) { + if (isset($this->users[$user])) $deleted[] = preg_quote($user,'/'); + } - if (empty($deleted)) return 0; + if (empty($deleted)) return 0; - $pattern = '/^('.join('|',$deleted).'):/'; + $pattern = '/^('.join('|',$deleted).'):/'; - if (io_deleteFromFile($config_cascade['plainauth.users']['default'],$pattern,true)) { - foreach ($deleted as $user) unset($this->users[$user]); - return count($deleted); - } + if (io_deleteFromFile($config_cascade['plainauth.users']['default'],$pattern,true)) { + foreach ($deleted as $user) unset($this->users[$user]); + return count($deleted); + } - // problem deleting, reload the user list and count the difference - $count = count($this->users); - $this->_loadUserData(); - $count -= count($this->users); - return $count; + // problem deleting, reload the user list and count the difference + $count = count($this->users); + $this->_loadUserData(); + $count -= count($this->users); + return $count; } /** @@ -203,18 +203,18 @@ class auth_plain extends auth_basic { */ function getUserCount($filter=array()) { - if($this->users === null) $this->_loadUserData(); + if($this->users === null) $this->_loadUserData(); - if (!count($filter)) return count($this->users); + if (!count($filter)) return count($this->users); - $count = 0; - $this->_constructPattern($filter); + $count = 0; + $this->_constructPattern($filter); - foreach ($this->users as $user => $info) { - $count += $this->_filter($user, $info); - } + foreach ($this->users as $user => $info) { + $count += $this->_filter($user, $info); + } - return $count; + return $count; } /** @@ -228,27 +228,27 @@ class auth_plain extends auth_basic { */ function retrieveUsers($start=0,$limit=0,$filter=array()) { - if ($this->users === null) $this->_loadUserData(); + if ($this->users === null) $this->_loadUserData(); - ksort($this->users); + ksort($this->users); - $i = 0; - $count = 0; - $out = array(); - $this->_constructPattern($filter); + $i = 0; + $count = 0; + $out = array(); + $this->_constructPattern($filter); - foreach ($this->users as $user => $info) { - if ($this->_filter($user, $info)) { - if ($i >= $start) { - $out[$user] = $info; - $count++; - if (($limit > 0) && ($count >= $limit)) break; - } - $i++; + foreach ($this->users as $user => $info) { + if ($this->_filter($user, $info)) { + if ($i >= $start) { + $out[$user] = $info; + $count++; + if (($limit > 0) && ($count >= $limit)) break; + } + $i++; + } } - } - return $out; + return $out; } /** @@ -275,26 +275,26 @@ class auth_plain extends auth_basic { * @author Andreas Gohr <andi@splitbrain.org> */ function _loadUserData(){ - global $config_cascade; + global $config_cascade; - $this->users = array(); + $this->users = array(); - if(!@file_exists($config_cascade['plainauth.users']['default'])) return; + if(!@file_exists($config_cascade['plainauth.users']['default'])) return; - $lines = file($config_cascade['plainauth.users']['default']); - foreach($lines as $line){ - $line = preg_replace('/#.*$/','',$line); //ignore comments - $line = trim($line); - if(empty($line)) continue; + $lines = file($config_cascade['plainauth.users']['default']); + foreach($lines as $line){ + $line = preg_replace('/#.*$/','',$line); //ignore comments + $line = trim($line); + if(empty($line)) continue; - $row = explode(":",$line,5); - $groups = array_values(array_filter(explode(",",$row[4]))); + $row = explode(":",$line,5); + $groups = array_values(array_filter(explode(",",$row[4]))); - $this->users[$row[0]]['pass'] = $row[1]; - $this->users[$row[0]]['name'] = urldecode($row[2]); - $this->users[$row[0]]['mail'] = $row[3]; - $this->users[$row[0]]['grps'] = $groups; - } + $this->users[$row[0]]['pass'] = $row[1]; + $this->users[$row[0]]['name'] = urldecode($row[2]); + $this->users[$row[0]]['mail'] = $row[3]; + $this->users[$row[0]]['grps'] = $groups; + } } /** @@ -317,11 +317,11 @@ class auth_plain extends auth_basic { } function _constructPattern($filter) { - $this->_pattern = array(); - foreach ($filter as $item => $pattern) { -// $this->_pattern[$item] = '/'.preg_quote($pattern,"/").'/i'; // don't allow regex characters - $this->_pattern[$item] = '/'.str_replace('/','\/',$pattern).'/i'; // allow regex characters - } + $this->_pattern = array(); + foreach ($filter as $item => $pattern) { + // $this->_pattern[$item] = '/'.preg_quote($pattern,"/").'/i'; // don't allow regex characters + $this->_pattern[$item] = '/'.str_replace('/','\/',$pattern).'/i'; // allow regex characters + } } } |