summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--conf/mysql.conf.php.example211
-rw-r--r--inc/auth/mysql.class.php70
2 files changed, 188 insertions, 93 deletions
diff --git a/conf/mysql.conf.php.example b/conf/mysql.conf.php.example
index 66fcf5f13..bd67be82c 100644
--- a/conf/mysql.conf.php.example
+++ b/conf/mysql.conf.php.example
@@ -33,12 +33,12 @@ $conf['auth']['mysql']['database'] = '';
*/
$conf['auth']['mysql']['debug'] = 0;
-/* Normally password encryptionis done by DokuWiki (recommended) but for
+/* Normally password encryption is done by DokuWiki (recommended) but for
* some reasons it might be usefull to let the database do the encryption.
- * Set 'encryptPass' to '1' and the cleartext password is forwarded to
+ * Set 'forwardClearPass' to '1' and the cleartext password is forwarded to
* the database, otherwise the encrypted one.
*/
-$conf['auth']['mysql']['encryptPass'] = 0;
+$conf['auth']['mysql']['forwardClearPass'] = 0;
/* Multiple table operations will be protected by locks. This array tolds
* the module which tables to lock. If you use any aliases for table names
@@ -47,31 +47,18 @@ $conf['auth']['mysql']['encryptPass'] = 0;
*/
$conf['auth']['mysql']['TablesToLock']= array("users", "users AS u","groups", "groups AS g", "usergroup", "usergroup AS ug");
-/* This statement should return the database index of a given user name.
- * The module will access the index with the name 'id' so a alias might be
- * necessary.
- * following patters will be replaced:
- * %{user} user name
- */
-$conf['auth']['mysql']['getUserID'] = "SELECT uid AS id
- FROM users
- WHERE login='%{user}'";
+/***********************************************************************/
+/* Basic SQL statements for user authentication (required) */
+/***********************************************************************/
-/* This statement should return the database index of a given group name.
- * The module will access the index with the name 'id' so a alias might be
- * necessary.
- * following patters will be replaced:
- * %{group} group name
- */
-$conf['auth']['mysql']['getGroupID'] = "SELECT gid AS id
- FROM groups
- WHERE name='%{group}'";
-
-/* This statement is used to grant or deny access to the wiki. The result should
- * be a table with exact one line containing at least the password of the user.
- * If the result table is empty or contains more than one row, access will be denied.
+/* This statement is used to grant or deny access to the wiki. The result
+ * should be a table with exact one line containing at least the password
+ * of the user. If the result table is empty or contains more than one
+ * row, access will be denied.
+ *
* The module access the password as 'pass' so a alias might be necessary.
- * following patters will be replaced:
+ *
+ * Following patters will be replaced:
* %{user} user name
* %{pass} encrypted or clear text password (depends on 'encryptPass')
* %{dgroup} default group name
@@ -83,40 +70,49 @@ $conf['auth']['mysql']['checkPass'] = "SELECT pass
WHERE login='%{user}'
AND name='%{dgroup}'";
-/* This statement is used to get all groups a user is member of. The result should
- * be a table containing all groups the given user is member of. The module access
- * the group name as 'group' so a alias might be nessecary.
- * following patters will be replaced:
- * %{user} user name
- */
-$conf['auth']['mysql']['getGroups'] = "SELECT name as `group`
- FROM groups g, users u, usergroup ug
- WHERE u.uid = ug.uid
- AND g.gid = ug.gid
- AND u.login='%{user}'";
-
-/* This statement should return a table with exact one row containing information
- * about one user. The field needed are:
+/* This statement should return a table with exact one row containing
+ * information about one user. The field needed are:
* 'pass' containing the encrypted or clear text password
* 'name' the user's full name
* 'mail' the user's email address
- * Keep in mind that Dokuwiki will access thise information through the names
- * listed above so aliasses might be neseccary.
- * following patters will be replaced:
+ *
+ * Keep in mind that Dokuwiki will access thise information through the
+ * names listed above so aliasses might be neseccary.
+ *
+ * Following patters will be replaced:
* %{user} user name
*/
$conf['auth']['mysql']['getUserInfo'] = "SELECT pass, CONCAT(firstname,' ',lastname) AS name, email AS mail
FROM users
WHERE login='%{user}'";
-/* This statement should return a table containing all user login names that meet
- * certain filter criteria. The filter expressions will be added case dependend by
- * the module. At the end a sort expression will be added.
- * Important is that this list contains no double entries fo a user. Each user
- * name is only allowed once in the table.
+/* This statement is used to get all groups a user is member of. The
+ * result should be a table containing all groups the given user is
+ * member of. The module access the group name as 'group' so a alias
+ * might be nessecary.
+ *
+ * Following patters will be replaced:
+ * %{user} user name
+ */
+$conf['auth']['mysql']['getGroups'] = "SELECT name as `group`
+ FROM groups g, users u, usergroup ug
+ WHERE u.uid = ug.uid
+ AND g.gid = ug.gid
+ AND u.login='%{user}'";
+
+/***********************************************************************/
+/* Additional minimum SQL statements to use the user manager */
+/***********************************************************************/
+
+/* This statement should return a table containing all user login names
+ * that meet certain filter criteria. The filter expressions will be added
+ * case dependend by the module. At the end a sort expression will be added.
+ * Important is that this list contains no double entries fo a user. Each
+ * user name is only allowed once in the table.
+ *
* The login name will be accessed as 'user' to a alias might be neseccary.
- * No patterns will be replaced in this statement but following patters will be
- * replaced in the filter expressions:
+ * No patterns will be replaced in this statement but following patters
+ * will be replaced in the filter expressions:
* %{user} in FilterLogin user's login name
* %{name} in FilterName user's full name
* %{email} in FilterEmail user's email address
@@ -132,8 +128,13 @@ $conf['auth']['mysql']['FilterEmail'] = "email LIKE '%{email}'";
$conf['auth']['mysql']['FilterGroup'] = "name LIKE '%{group}'";
$conf['auth']['mysql']['SortOrder'] = "ORDER BY login";
-/* This statement should add a user to the database. Minimum information to
- * store are: login name, password, email address and full name.
+/***********************************************************************/
+/* Additional SQL statements to add new users with the user manager */
+/***********************************************************************/
+
+/* This statement should add a user to the database. Minimum information
+ * to store are: login name, password, email address and full name.
+ *
* Following patterns will be replaced:
* %{user} user's login name
* %{pass} password (encrypted or clear text, depends on 'encryptPass')
@@ -146,38 +147,23 @@ $conf['auth']['mysql']['addUser'] = "INSERT INTO users
SUBSTRING_INDEX('%{name}',' ', 1),
SUBSTRING_INDEX('%{name}',' ', -1))";
-/* This statements should modify a user entry in the database. The statements
- * UpdateLogin, UpdatePass, UpdateEmail and UpdateName will be added to
- * updateUser on demand. Only changed parameters will be used.
+/* This statement should add a group to the database.
* Following patterns will be replaced:
- * %{user} user's login name
- * %{pass} password (encrypted or clear text, depends on 'encryptPass')
- * %{email} email address
- * %{name} user's full name
- * %{uid} user id that should be updated
- */
-$conf['auth']['mysql']['updateUser'] = "UPDATE users SET";
-$conf['auth']['mysql']['UpdateLogin'] = "login='%{user}'";
-$conf['auth']['mysql']['UpdatePass'] = "pass='%{pass}'";
-$conf['auth']['mysql']['UpdateEmail'] = "email='%{email}'";
-$conf['auth']['mysql']['UpdateName'] = "firstname=SUBSTRING_INDEX('%{name}',' ', 1),
- lastname=SUBSTRING_INDEX('%{name}',' ', -1)";
-$conf['auth']['mysql']['UpdateTarget']= "WHERE uid=%{uid}";
+ * %{group} group name
+ */
+$conf['auth']['mysql']['addGroup'] = "INSERT INTO groups (name)
+ VALUES ('%{group}')";
-/* This statement should remove a user fom the database.
+/* This statement should connect a user to a group (a user become member
+ * of that group).
* Following patterns will be replaced:
* %{user} user's login name
* %{uid} id of a user dataset
- */
-$conf['auth']['mysql']['delUser'] = "DELETE FROM users
- WHERE uid='%{uid}'";
-
-/* This statement should add a group to the database.
- * Following patterns will be replaced:
* %{group} group name
+ * %{gid} id of a group dataset
*/
-$conf['auth']['mysql']['addGroup'] = "INSERT INTO groups (name)
- VALUES ('%{group}')";
+$conf['auth']['mysql']['addUserGroup']= "INSERT INTO usergroup (uid, gid)
+ VALUES ('%{uid}', '%{gid}')";
/* This statement should remove a group fom the database.
* Following patterns will be replaced:
@@ -187,19 +173,62 @@ $conf['auth']['mysql']['addGroup'] = "INSERT INTO groups (name)
$conf['auth']['mysql']['delGroup'] = "DELETE FROM groups
WHERE gid='%{gid}'";
-/* This statement should connect a user to a group (a user become member
- * of that group).
+/* This statement should return the database index of a given user name.
+ * The module will access the index with the name 'id' so a alias might be
+ * necessary.
+ * following patters will be replaced:
+ * %{user} user name
+ */
+$conf['auth']['mysql']['getUserID'] = "SELECT uid AS id
+ FROM users
+ WHERE login='%{user}'";
+
+/***********************************************************************/
+/* Additional SQL statements to delete users with the user manager */
+/***********************************************************************/
+
+/* This statement should remove a user fom the database.
* Following patterns will be replaced:
* %{user} user's login name
* %{uid} id of a user dataset
- * %{group} group name
- * %{gid} id of a group dataset
*/
-$conf['auth']['mysql']['addUserGroup']= "INSERT INTO usergroup (uid, gid)
- VALUES ('%{uid}', '%{gid}')";
+$conf['auth']['mysql']['delUser'] = "DELETE FROM users
+ WHERE uid='%{uid}'";
+
+/* This statement should remove all connections from a user to any group
+ * (a user quits membership of all groups).
+ * Following patterns will be replaced:
+ * %{uid} id of a user dataset
+ */
+$conf['auth']['mysql']['delUserRefs'] = "DELETE FROM usergroup
+ WHERE uid='%{uid}'";
+
+/***********************************************************************/
+/* Additional SQL statements to modify users with the user manager */
+/***********************************************************************/
+
+/* This statements should modify a user entry in the database. The
+ * statements UpdateLogin, UpdatePass, UpdateEmail and UpdateName will be
+ * added to updateUser on demand. Only changed parameters will be used.
+ *
+ * Following patterns will be replaced:
+ * %{user} user's login name
+ * %{pass} password (encrypted or clear text, depends on 'encryptPass')
+ * %{email} email address
+ * %{name} user's full name
+ * %{uid} user id that should be updated
+ */
+$conf['auth']['mysql']['updateUser'] = "UPDATE users SET";
+$conf['auth']['mysql']['UpdateLogin'] = "login='%{user}'";
+$conf['auth']['mysql']['UpdatePass'] = "pass='%{pass}'";
+$conf['auth']['mysql']['UpdateEmail'] = "email='%{email}'";
+$conf['auth']['mysql']['UpdateName'] = "firstname=SUBSTRING_INDEX('%{name}',' ', 1),
+ lastname=SUBSTRING_INDEX('%{name}',' ', -1)";
+$conf['auth']['mysql']['UpdateTarget']= "WHERE uid=%{uid}";
/* This statement should remove a single connection from a user to a
* group (a user quits membership of that group).
+ *
* Following patterns will be replaced:
* %{user} user's login name
* %{uid} id of a user dataset
@@ -210,11 +239,15 @@ $conf['auth']['mysql']['delUserGroup']= "DELETE FROM usergroup
WHERE uid='%{uid}'
AND gid='%{gid}'";
-/* This statement should remove all connections from a user to any group
- * (a user quits membership of all groups).
- * Following patterns will be replaced:
- * %{uid} id of a user dataset
+/* This statement should return the database index of a given group name.
+ * The module will access the index with the name 'id' so a alias might
+ * be necessary.
+ *
+ * Following patters will be replaced:
+ * %{group} group name
*/
-$conf['auth']['mysql']['delUserRefs'] = "DELETE FROM usergroup
- WHERE uid='%{uid}'";
+$conf['auth']['mysql']['getGroupID'] = "SELECT gid AS id
+ FROM groups
+ WHERE name='%{group}'";
+
diff --git a/inc/auth/mysql.class.php b/inc/auth/mysql.class.php
index cc53ab073..cb789fc12 100644
--- a/inc/auth/mysql.class.php
+++ b/inc/auth/mysql.class.php
@@ -43,7 +43,69 @@ class auth_mysql extends auth_basic {
$this->cnf = $conf['auth']['mysql'];
$this->defaultgroup = $conf['defaultgroup'];
}
-
+
+ /**
+ * Check if authorisation mechanism supports fn and
+ * that fn will operate in the current environment
+ *
+ * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net>
+ * @author Christopher Smith <chris@jalakai.co.uk>
+ * @return bool
+ */
+ function canDo($fn) {
+ /* general database configuration set? */
+ if (empty($this->cnf['server']) || empty($this->cnf['user']) ||
+ empty($this->cnf['password']) || empty($this->cnf['database']))
+ return false;
+
+ /* lock array filled with tables names? */
+ if (!is_array($this->cnf['TablesToLock']) || empty($this->cnf['TablesToLock']))
+ return false;
+
+ switch($fn) {
+ case 'checkPass':
+ $config = array('checkPass');
+ break;
+ case 'getUserData':
+ $config = array('getUserInfo','getGroups');
+ break;
+ case 'createUser':
+ $config = array('getUserInfo','getGroups','addUser',
+ 'getUserID','addGroup','addUserGroup','delGroup');
+ break;
+ case 'modifyUser':
+ $config = array('getUserID','updateUser','UpdateTarget',
+ 'getGroups','getGroupID','addGroup','addUserGroup',
+ 'delGroup','getGroupID','delUserGroup');
+ break;
+ case 'deleteUsers':
+ $config = array('getUserID','delUser','delUserRefs');
+ break;
+ case 'getUserCount':
+ $config = array('getUsers');
+ break;
+ case 'retrieveUsers':
+ $config = array('getUsers','getUserInfo','getGroups');
+ break;
+ case 'joinGroup':
+ $config = array('getUserID','getGroupID','addGroup',
+ 'addUserGroup','delGroup');
+ break;
+ case 'leaveGroup':
+ $config = array('getUserID','getGroupID','delUserGroup');
+ break;
+ default:
+ return false; /* unknown function call */
+ }
+
+ foreach ($config as $statement)
+ if (empty($this->cnf[$statement]))
+ return false; /* required statement not set */
+
+ /* all tests passed :-) */
+ return true;
+ }
+
/**
* Checks if the given user exists and the given plaintext password
* is correct. Furtheron it might be checked wether the user is
@@ -69,7 +131,7 @@ class auth_mysql extends auth_basic {
$result = $this->_queryDB($sql);
if($result !== false && count($result) == 1) {
- if($this->cnf['encryptPass'] == 1)
+ if($this->cnf['forwardClearPass'] == 1)
$rc = true;
else
$rc = auth_verifyPassword($pass,$result[0]['pass']);
@@ -134,7 +196,7 @@ class auth_mysql extends auth_basic {
$grps = array($this->defaultgroup);
$this->_lockTables("WRITE");
- $pwd = $this->cnf['encryptPass'] ? $pwd : auth_cryptPassword($pwd);
+ $pwd = $this->cnf['forwardClearPass'] ? $pwd : auth_cryptPassword($pwd);
$rc = $this->_addUser($user,$pwd,$name,$mail,$grps);
$this->_unlockTables();
$this->_closeDB();
@@ -588,7 +650,7 @@ class auth_mysql extends auth_basic {
if ($cnt++ > 0) $sql .= ", ";
$sql .= str_replace('%{name}',$value,$this->cnf['UpdateName']);
} else if ($item == 'pass') {
- if (!$this->cnf['encryptPass'])
+ if (!$this->cnf['forwardClearPass'])
$value = auth_cryptPassword($value);
if ($cnt++ > 0) $sql .= ", ";
$sql .= str_replace('%{pass}',$value,$this->cnf['UpdatePass']);
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-10 07:14:42 +0000