Merge branch 'master' into stable

author: Guy Brand <gb@unistra.fr> 2013-03-06 14:08:08 +0100
committer: Guy Brand <gb@unistra.fr> 2013-03-06 14:08:08 +0100
commit: 23678e344b4ddcad14254c106ecb93af174fdaa0 (patch)
tree: a5c787e4d87313a7fb6f18cb4c78bf210d92d60c /inc/auth.php
parent: 847cef0a6bfd2ff9dc54e1fc140f5ba0ece0017a (diff)
parent: 5721a1547938df76003c6d91ea003dc1c70abd94 (diff)
download: rpg-23678e344b4ddcad14254c106ecb93af174fdaa0.tar.gz
rpg-23678e344b4ddcad14254c106ecb93af174fdaa0.tar.bz2
1 files changed, 46 insertions, 41 deletions
diff --git a/inc/auth.php b/inc/auth.php
index 99adfa791..68b6b438d 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -34,38 +34,38 @@ define('AUTH_ADMIN', 255);
  */
 function auth_setup() {
     global $conf;
-    /* @var auth_basic $auth */
+    /* @var DokuWiki_Auth_Plugin $auth */
     global $auth;
     /* @var Input $INPUT */
     global $INPUT;
     global $AUTH_ACL;
     global $lang;
+    global $config_cascade;
+    global $plugin_controller;
     $AUTH_ACL = array();
 
     if(!$conf['useacl']) return false;
 
-    // load the the backend auth functions and instantiate the auth object XXX
-    if(@file_exists(DOKU_INC.'inc/auth/'.$conf['authtype'].'.class.php')) {
-        require_once(DOKU_INC.'inc/auth/basic.class.php');
-        require_once(DOKU_INC.'inc/auth/'.$conf['authtype'].'.class.php');
-
-        $auth_class = "auth_".$conf['authtype'];
-        if(class_exists($auth_class)) {
-            $auth = new $auth_class();
-            if($auth->success == false) {
-                // degrade to unauthenticated user
-                unset($auth);
-                auth_logoff();
-                msg($lang['authtempfail'], -1);
-            }
-        } else {
-            nice_die($lang['authmodfailed']);
-        }
-    } else {
-        nice_die($lang['authmodfailed']);
+    // try to load auth backend from plugins
+    foreach ($plugin_controller->getList('auth') as $plugin) {
+    	if ($conf['authtype'] === $plugin) {
+    		$auth = $plugin_controller->load('auth', $plugin);
+    		break;
+    	}
     }
 
-    if(!isset($auth) || !$auth) return false;
+	if(!isset($auth) || !$auth){
+        msg($lang['authtempfail'], -1);
+        return false;
+    }
+
+    if ($auth->success == false) {
+		// degrade to unauthenticated user
+	    unset($auth);
+	    auth_logoff();
+	    msg($lang['authtempfail'], -1);
+        return false;
+	}
 
     // do the login either by cookie or provided credentials XXX
     $INPUT->set('http_credentials', false);
@@ -91,7 +91,9 @@ function auth_setup() {
     }
 
     // apply cleaning
-    $INPUT->set('u', $auth->cleanUser($INPUT->str('u')));
+    if (true === $auth->success) {
+        $INPUT->set('u', $auth->cleanUser($INPUT->str('u')));
+    }
 
     if($INPUT->str('authtok')) {
         // when an authentication token is given, trust the session
@@ -266,7 +268,7 @@ function auth_login($user, $pass, $sticky = false, $silent = false) {
 function auth_validateToken($token) {
     if(!$token || $token != $_SESSION[DOKU_COOKIE]['auth']['token']) {
         // bad token
-        header("HTTP/1.0 401 Unauthorized");
+        http_status(401);
         print 'Invalid auth token - maybe the session timed out';
         unset($_SESSION[DOKU_COOKIE]['auth']['token']); // no second chance
         exit;
@@ -299,7 +301,7 @@ function auth_createToken() {
  *
  * This is neither unique nor unfakable - still it adds some
  * security. Using the first part of the IP makes sure
- * proxy farms like AOLs are stil okay.
+ * proxy farms like AOLs are still okay.
  *
  * @author  Andreas Gohr <andi@splitbrain.org>
  *
@@ -310,9 +312,9 @@ function auth_browseruid() {
     $uid = '';
     $uid .= $_SERVER['HTTP_USER_AGENT'];
     $uid .= $_SERVER['HTTP_ACCEPT_ENCODING'];
-    $uid .= $_SERVER['HTTP_ACCEPT_LANGUAGE'];
     $uid .= $_SERVER['HTTP_ACCEPT_CHARSET'];
     $uid .= substr($ip, 0, strpos($ip, '.'));
+    $uid = strtolower($uid);
     return md5($uid);
 }
 
@@ -534,9 +536,10 @@ function auth_aclcheck($id, $user, $groups) {
         return AUTH_ADMIN;
     }
 
-    $ci = '';
-    if(!$auth->isCaseSensitive()) $ci = 'ui';
-
+    if(!$auth->isCaseSensitive()) {
+        $user   = utf8_strtolower($user);
+        $groups = array_map('utf8_strtolower', $groups);
+    }
     $user   = $auth->cleanUser($user);
     $groups = array_map(array($auth, 'cleanGroup'), (array) $groups);
     $user   = auth_nameencode($user);
@@ -560,11 +563,14 @@ function auth_aclcheck($id, $user, $groups) {
     }
 
     //check exact match first
-    $matches = preg_grep('/^'.preg_quote($id, '/').'\s+(\S+)\s+/'.$ci, $AUTH_ACL);
+    $matches = preg_grep('/^'.preg_quote($id, '/').'\s+(\S+)\s+/u', $AUTH_ACL);
     if(count($matches)) {
         foreach($matches as $match) {
             $match = preg_replace('/#.*$/', '', $match); //ignore comments
             $acl   = preg_split('/\s+/', $match);
+            if(!$auth->isCaseSensitive() && $acl[1] !== '@ALL') {
+                $acl[1] = utf8_strtolower($acl[1]);
+            }
             if(!in_array($acl[1], $groups)) {
                 continue;
             }
@@ -575,7 +581,7 @@ function auth_aclcheck($id, $user, $groups) {
         }
         if($perm > -1) {
             //we had a match - return it
-            return $perm;
+            return (int) $perm;
         }
     }
 
@@ -587,11 +593,14 @@ function auth_aclcheck($id, $user, $groups) {
     }
 
     do {
-        $matches = preg_grep('/^'.preg_quote($path, '/').'\s+(\S+)\s+/'.$ci, $AUTH_ACL);
+        $matches = preg_grep('/^'.preg_quote($path, '/').'\s+(\S+)\s+/u', $AUTH_ACL);
         if(count($matches)) {
             foreach($matches as $match) {
                 $match = preg_replace('/#.*$/', '', $match); //ignore comments
                 $acl   = preg_split('/\s+/', $match);
+                if(!$auth->isCaseSensitive() && $acl[1] !== '@ALL') {
+                    $acl[1] = utf8_strtolower($acl[1]);
+                }
                 if(!in_array($acl[1], $groups)) {
                     continue;
                 }
@@ -602,7 +611,7 @@ function auth_aclcheck($id, $user, $groups) {
             }
             //we had a match - return it
             if($perm != -1) {
-                return $perm;
+                return (int) $perm;
             }
         }
         //get next higher namespace
@@ -772,23 +781,19 @@ function register() {
         return false;
     }
 
-    // create substitutions for use in notification email
-    $substitutions = array(
-        'NEWUSER'  => $login,
-        'NEWNAME'  => $fullname,
-        'NEWEMAIL' => $email,
-    );
+    // send notification about the new user
+    $subscription = new Subscription();
+    $subscription->send_register($login, $fullname, $email);
 
+    // are we done?
     if(!$conf['autopasswd']) {
         msg($lang['regsuccess2'], 1);
-        notify('', 'register', '', $login, false, $substitutions);
         return true;
     }
 
-    // autogenerated password? then send him the password
+    // autogenerated password? then send password to user
     if(auth_sendPassword($login, $pass)) {
         msg($lang['regsuccess'], 1);
-        notify('', 'register', '', $login, false, $substitutions);
         return true;
     } else {
         msg($lang['regmailfail'], -1);
author	Guy Brand <gb@unistra.fr>	2013-03-06 14:08:08 +0100
committer	Guy Brand <gb@unistra.fr>	2013-03-06 14:08:08 +0100
commit	23678e344b4ddcad14254c106ecb93af174fdaa0 (patch)
tree	a5c787e4d87313a7fb6f18cb4c78bf210d92d60c /inc/auth.php
parent	847cef0a6bfd2ff9dc54e1fc140f5ba0ece0017a (diff)
parent	5721a1547938df76003c6d91ea003dc1c70abd94 (diff)
download	rpg-23678e344b4ddcad14254c106ecb93af174fdaa0.tar.gz rpg-23678e344b4ddcad14254c106ecb93af174fdaa0.tar.bz2