diff options
Diffstat (limited to 'inc/auth/punbb.class.php')
| -rw-r--r-- | inc/auth/punbb.class.php | 121 |
1 files changed, 111 insertions, 10 deletions
diff --git a/inc/auth/punbb.class.php b/inc/auth/punbb.class.php index e4e7bca42..455432d51 100644 --- a/inc/auth/punbb.class.php +++ b/inc/auth/punbb.class.php @@ -5,11 +5,6 @@ * Uses external Trust mechanism to check against PunBB's * user cookie. PunBB's PUN_ROOT must be defined correctly. * - * It inherits from the MySQL module, so you may set up - * the correct SQL strings for user modification if you like. - * - * @todo This is far from perfect yet. SQL Strings should be - * predefined. Logging in should be handled correctly. * @author Andreas Gohr <andi@splitbrain.org> */ @@ -17,28 +12,124 @@ if(!defined('PUN_ROOT')) define('PUN_ROOT', DOKU_INC.'../forum/'); require_once PUN_ROOT.'include/common.php'; require_once DOKU_INC.'inc/auth/mysql.class.php'; +#dbg($GLOBALS); +#dbg($pun_user); + class auth_punbb extends auth_mysql { /** + * Constructor. + * + * Sets additional capabilities and config strings + */ + function auth_punbb(){ + global $conf; + $this->cando['external'] = true; + $this->cando['logoff'] = true; + + // make sure we use a crypt understood by punbb + if(function_exists('sha1')){ + $conf['passcrypt'] = 'sha1'; + }else{ + $conf['passcrypt'] = 'md5'; + } + + // get global vars from PunBB config + global $db_host; + global $db_name; + global $db_username; + global $db_password; + global $db_prefix; + + // now set up the mysql config strings + $conf['auth']['mysql']['server'] = $db_host; + $conf['auth']['mysql']['user'] = $db_username; + $conf['auth']['mysql']['password'] = $db_password; + $conf['auth']['mysql']['database'] = $db_name; + + $conf['auth']['mysql']['checkPass'] = "SELECT u.password AS pass + FROM ${db_prefix}users AS u, ${db_prefix}groups AS g + WHERE u.group_id = g.g_id + AND u.username = '%{user}' + AND g.g_title != 'Guest'"; + $conf['auth']['mysql']['getUserInfo'] = "SELECT password AS pass, realname AS name, email AS mail, + id, g_title as `group` + FROM ${db_prefix}users AS u, ${db_prefix}groups AS g + WHERE u.group_id = g.g_id + AND u.username = '%{user}'"; + $conf['auth']['mysql']['getGroups'] = "SELECT g.g_title as `group` + FROM ${db_prefix}users AS u, ${db_prefix}groups AS g + WHERE u.group_id = g.g_id + AND u.username = '%{user}'"; + $conf['auth']['mysql']['getUsers'] = "SELECT DISTINCT u.username AS user + FROM ${db_prefix}users AS u, ${db_prefix}groups AS g + WHERE u.group_id = g.g_id"; + $conf['auth']['mysql']['FilterLogin'] = "u.username LIKE '%{user}'"; + $conf['auth']['mysql']['FilterName'] = "u.realname LIKE '%{name}'"; + $conf['auth']['mysql']['FilterEmail'] = "u.email LIKE '%{email}'"; + $conf['auth']['mysql']['FilterGroup'] = "g.g_title LIKE '%{group}'"; + $conf['auth']['mysql']['SortOrder'] = "ORDER BY u.username"; + $conf['auth']['mysql']['addUser'] = "INSERT INTO ${db_prefix}users + (username, password, email, realname) + VALUES ('%{user}', '%{pass}', '%{email}', '%{name}')"; + $conf['auth']['mysql']['addGroup'] = "INSERT INTO ${db_prefix}groups (g_title) VALUES ('%{group}')"; + $conf['auth']['mysql']['addUserGroup']= "UPDATE ${db_prefix}users + SET group_id=%{gid} + WHERE id='%{uid}'"; + $conf['auth']['mysql']['delGroup'] = "DELETE FROM ${db_prefix}groups WHERE g_id='%{gid}'"; + $conf['auth']['mysql']['getUserID'] = "SELECT id FROM ${db_prefix}users WHERE username='%{user}'"; + $conf['auth']['mysql']['updateUser'] = "UPDATE ${db_prefix}users SET"; + $conf['auth']['mysql']['UpdateLogin'] = "username='%{user}'"; + $conf['auth']['mysql']['UpdatePass'] = "password='%{pass}'"; + $conf['auth']['mysql']['UpdateEmail'] = "email='%{email}'"; + $conf['auth']['mysql']['UpdateName'] = "realname='%{name}'"; + $conf['auth']['mysql']['UpdateTarget']= "WHERE id=%{uid}"; + $conf['auth']['mysql']['delUserGroup']= "UPDATE ${db_prefix}users SET g_id=4 WHERE id=%{uid}"; + $conf['auth']['mysql']['getGroupID'] = "SELECT g_id AS id FROM ${db_prefix}groups WHERE g_title='%{group}'"; + + $conf['auth']['mysql']['TablesToLock']= array("${db_prefix}users", "${db_prefix}users AS u", + "${db_prefix}groups", "${db_prefix}groups AS g"); + + $conf['auth']['mysql']['debug'] = 1; + // call mysql constructor + $this->auth_mysql(); + } + + /** * Just checks against the $pun_user variable */ function trustExternal($user,$pass,$sticky=false){ global $USERINFO; global $conf; + global $lang; global $pun_user; + global $pun_config; $sticky ? $sticky = true : $sticky = false; //sanity check // someone used the login form if(isset($user)){ - msg('Please login at the forum',-1); - //FIXME a redirect to PunBBs login would be nice here - auth_logoff(); - return false; + if($this->checkPass($user,$pass)){ + $expire = ($sticky) ? time() + 31536000 : 0; + $uinfo = $this->getUserData($user); + pun_setcookie($uinfo['id'], auth_cryptPassword($pass), $expire); + $pun_user = array(); + $pun_user['password'] = auth_cryptPassword($pass); + $pun_user['username'] = $user; + $pun_user['realname'] = $uinfo['name']; + $pun_user['email'] = $uinfo['mail']; + $pun_user['g_title'] = $uinfo['group']; + }else{ + //invalid credentials - log off + msg($lang['badlogin'],-1); + auth_logoff(); + return false; + } } if(isset($pun_user) && !$pun_user['is_guest']){ // okay we're logged in - set the globals - $USERINFO['name'] = $pun_user['username']; + $USERINFO['pass'] = $pun_user['password']; + $USERINFO['name'] = $pun_user['realname']; $USERINFO['mail'] = $pun_user['email']; $USERINFO['grps'] = array($pun_user['g_title']); @@ -52,4 +143,14 @@ class auth_punbb extends auth_mysql { auth_logoff(); return false; } + + /** + * remove punbb cookie on logout + */ + function logOff(){ + global $pun_user; + $pun_user = array(); + pun_setcookie(1, random_pass(8), time() + 31536000); + } } +//Setup VIM: ex: et ts=2 enc=utf-8 : |