updated auth_punbb

darcs-hash:20060211180240-7ad00-c7c589aa6e5e67f2d7ad54f7e41837f116a91c9c.gz

updated auth_punbb
5298a619 · Andreas Gohr · 8a831f2b · 5298a619 · 5298a619 · 5298a619
Commit 5298a619 authored 19 years ago by Andreas Gohr
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -207,6 +207,7 @@ function auth_logoff(){
  global $conf;
  global $USERINFO;
  global $INFO, $ID;
+  global $auth;

  if(isset($_SESSION[$conf['title']]['auth']['user']))
    unset($_SESSION[$conf['title']]['auth']['user']);
@@ -218,6 +219,10 @@ function auth_logoff(){
    unset($_SERVER['REMOTE_USER']);
  $USERINFO=null; //FIXME
  setcookie(DOKU_COOKIE,'',time()-600000,'/');
+
+  if($auth && $auth->canDo('logoff')){
+    $auth->logOff();
+  }
 }

 /**

--- a/inc/auth/basic.class.php
+++ b/inc/auth/basic.class.php
@@ -10,44 +10,45 @@
 
 class auth_basic {

-	var $success = true;
+  var $success = true;


-	/**
+  /**
   * Posible things an auth backend module may be able to
   * do. The things a backend can do need to be set to true
   * in the constructor.
   */
-	var $cando = array (
-		'addUser'     => false, // can Users be created?
-	  'delUser'     => false, // can Users be deleted?
-	  'modLogin'    => false, // can login names be changed?
-	  'modPass'     => false, // can passwords be changed?
-	  'modName'     => false, // can real names be changed?
-	  'modMail'     => false, // can emails be changed?
-	  'modGroups'   => false, // can groups be changed?
-	  'getUsers'    => false, // can a (filtered) list of users be retrieved?
-	  'getUserCount'=> false, // can the number of users be retrieved?
-	  'getGroups'   => false, // can a list of available groups be retrieved?
-	  'external'    => false, // does the module do external auth checking?
+  var $cando = array (
+    'addUser'     => false, // can Users be created?
+    'delUser'     => false, // can Users be deleted?
+    'modLogin'    => false, // can login names be changed?
+    'modPass'     => false, // can passwords be changed?
+    'modName'     => false, // can real names be changed?
+    'modMail'     => false, // can emails be changed?
+    'modGroups'   => false, // can groups be changed?
+    'getUsers'    => false, // can a (filtered) list of users be retrieved?
+    'getUserCount'=> false, // can the number of users be retrieved?
+    'getGroups'   => false, // can a list of available groups be retrieved?
+    'external'    => false, // does the module do external auth checking?
+    'logoff'      => false, // has the module some special logoff method?
  );


-	/**
-	 * Constructor.
-	 *
-	 * Carry out sanity checks to ensure the object is
-	 * able to operate. Set capabilities in $this->cando
+  /**
+   * Constructor.
+   *
+   * Carry out sanity checks to ensure the object is
+   * able to operate. Set capabilities in $this->cando
   * array here
-	 * 
-	 * Set $this->success to false if checks fail
-	 *
+   * 
+   * Set $this->success to false if checks fail
+   *
   * @author  Christopher Smith <chris@jalakai.co.uk>
-   */		 
+   */     
  function auth_basic() {
-	 	// the base class constructor does nothing, derived class
+     // the base class constructor does nothing, derived class
    // constructors do the real work
-	}
+  }

  /**
   * Capability check. [ DO NOT OVERRIDE ]
@@ -59,19 +60,19 @@ class auth_basic {
   * ususal capabilities start with lowercase letter
   * shortcut capabilities start with uppercase letter
   *
-	 * @author  Andreas Gohr <andi@splitbrain.org>
-	 * @return  bool
-	 */
+   * @author  Andreas Gohr <andi@splitbrain.org>
+   * @return  bool
+   */
  function canDo($cap) {
-		switch($cap){
-			case 'Profile':
-				// can at least one of the user's properties be changed?
-				return ( $this->cando['modPass']  ||
+    switch($cap){
+      case 'Profile':
+        // can at least one of the user's properties be changed?
+        return ( $this->cando['modPass']  ||
                 $this->cando['modName']  ||
                 $this->cando['modMail'] );
-				break;
-			case 'UserMod':
-			  // can at least anything be changed?
+        break;
+      case 'UserMod':
+        // can at least anything be changed?
        return ( $this->cando['modPass']   ||
                 $this->cando['modName']   ||
                 $this->cando['modMail']   ||
@@ -79,15 +80,26 @@ class auth_basic {
                 $this->cando['modGroups'] ||
                 $this->cando['modMail'] );
        break;
-			default:
-				// print a helping message for developers
-				if(!isset($this->cando[$cap])){
-					msg("Check for unknown capability '$cap' - Do you use an outdated Plugin?",-1);
-				}
-			  return $this->cando[$cap];
-		}
-	}
+      default:
+        // print a helping message for developers
+        if(!isset($this->cando[$cap])){
+          msg("Check for unknown capability '$cap' - Do you use an outdated Plugin?",-1);
+        }
+        return $this->cando[$cap];
+    }
+  }

+  /**
+   * Log off the current user [ OPTIONAL ]
+   *
+   * Is run in addition to the ususal logoff method. Should
+   * only be needed when trustExternal is implemented.
+   *
+   * @see     auth_logoff()
+   * @author  Andreas Gohr
+   */
+  function logOff(){
+  }

  /**
   * Do all authentication [ OPTIONAL ]
@@ -141,139 +153,140 @@ class auth_basic {
 #    return true;
  }

-	/**
-	 * Check user+password [ MUST BE OVERRIDDEN ]
-	 *
-	 * Checks if the given user exists and the given
-	 * plaintext password is correct
-	 *
-	 * @author  Andreas Gohr <andi@splitbrain.org>
-	 * @return  bool
-	 */
-	function checkPass($user,$pass){
-	  msg("no valid authorisation system in use", -1);
-	  return false;
-	}
-	
-	/**
-	 * Return user info [ MUST BE OVERRIDDEN ]
-	 *
-	 * Returns info about the given user needs to contain
-	 * at least these fields:
-	 *
-	 * name string  full name of the user
-	 * mail string  email addres of the user
-	 * grps array   list of groups the user is in
-	 *
-	 * @author  Andreas Gohr <andi@splitbrain.org>
-	 * @return  array containing user data or false
-	 */
-	function getUserData($user) {
+  /**
+   * Check user+password [ MUST BE OVERRIDDEN ]
+   *
+   * Checks if the given user exists and the given
+   * plaintext password is correct
+   *
+   * @author  Andreas Gohr <andi@splitbrain.org>
+   * @return  bool
+   */
+  function checkPass($user,$pass){
+    msg("no valid authorisation system in use", -1);
+    return false;
+  }
+  
+  /**
+   * Return user info [ MUST BE OVERRIDDEN ]
+   *
+   * Returns info about the given user needs to contain
+   * at least these fields:
+   *
+   * name string  full name of the user
+   * mail string  email addres of the user
+   * grps array   list of groups the user is in
+   *
+   * @author  Andreas Gohr <andi@splitbrain.org>
+   * @return  array containing user data or false
+   */
+  function getUserData($user) {
    msg("no valid authorisation system in use", -1);
    return false;
-	}
-	
-	/**
-	 * Create a new User [implement only where required/possible]
-	 *
-	 * Returns false if the user already exists, null when an error
-	 * occured and the cleartext password of the new user if
-	 * everything went well.
-	 * 
-	 * The new user HAS TO be added to the default group by this
-	 * function!
-	 *
+  }
+  
+  /**
+   * Create a new User [implement only where required/possible]
+   *
+   * Returns false if the user already exists, null when an error
+   * occured and the cleartext password of the new user if
+   * everything went well.
+   * 
+   * The new user HAS TO be added to the default group by this
+   * function!
+   *
   * Set addUser capability when implemented
   *
-	 * @author  Andreas Gohr <andi@splitbrain.org>
-	 */
-	function createUser($user,$pass,$name,$mail,$grps=null){
-	  msg("authorisation method does not allow creation of new users", -1);
-	  return null;
-	}
-	
-	/**
-	 * Modify user data [implement only where required/possible]
-	 *
+   * @author  Andreas Gohr <andi@splitbrain.org>
+   */
+  function createUser($user,$pass,$name,$mail,$grps=null){
+    msg("authorisation method does not allow creation of new users", -1);
+    return null;
+  }
+  
+  /**
+   * Modify user data [implement only where required/possible]
+   *
   * Set the mod* capabilities according to the implemented features
   *
-	 * @author  Chris Smith <chris@jalakai.co.uk>
-	 * @param   $user      nick of the user to be changed
-	 * @param   $changes   array of field/value pairs to be changed (password will be clear text)
-	 * @return  bool
-	 */
-	function modifyUser($user, $changes) {
-	  msg("authorisation method does not allow modifying of user data", -1);
-	  return false;
-	}
-	
-	/**
-	 * Delete one or more users [implement only where required/possible]
-	 *
+   * @author  Chris Smith <chris@jalakai.co.uk>
+   * @param   $user      nick of the user to be changed
+   * @param   $changes   array of field/value pairs to be changed (password will be clear text)
+   * @return  bool
+   */
+  function modifyUser($user, $changes) {
+    msg("authorisation method does not allow modifying of user data", -1);
+    return false;
+  }
+  
+  /**
+   * Delete one or more users [implement only where required/possible]
+   *
   * Set delUser capability when implemented
-	 *
-	 * @author  Chris Smith <chris@jalakai.co.uk>
-	 * @param   array  $users
-	 * @return  int    number of users deleted
-	 */
-	function deleteUsers($users) {
-	  msg("authorisation method does not allow deleting of users", -1);
-	  return false;
-	}
+   *
+   * @author  Chris Smith <chris@jalakai.co.uk>
+   * @param   array  $users
+   * @return  int    number of users deleted
+   */
+  function deleteUsers($users) {
+    msg("authorisation method does not allow deleting of users", -1);
+    return false;
+  }

-	/**
-	 * Return a count of the number of user which meet $filter criteria
-	 * [should be implemented whenever retrieveUsers is implemented]
-	 *
-	 * Set getUserCount capability when implemented
-   *
-	 * @author  Chris Smith <chris@jalakai.co.uk>
-	 */
-	function getUserCount($filter=array()) {
-	  msg("authorisation method does not provide user counts", -1);
-	  return 0;
-	}
-	
-	/**
-	 * Bulk retrieval of user data [implement only where required/possible]
-	 *
-	 * Set getUsers capability when implemented
-   *
-	 * @author  Chris Smith <chris@jalakai.co.uk>
-	 * @param   start     index of first user to be returned
-	 * @param   limit     max number of users to be returned
-	 * @param   filter    array of field/pattern pairs, null for no filter
-	 * @return  array of userinfo (refer getUserData for internal userinfo details)
-	 */
-	function retrieveUsers($start=0,$limit=-1,$filter=null) {
-	  msg("authorisation method does not support mass retrieval of user data", -1);
-	  return array();
-	}
-	
-	/**
-	 * Define a group [implement only where required/possible]
-	 * 
-	 * Set addGroup capability when implemented
-   *
-	 * @author  Chris Smith <chris@jalakai.co.uk>
-	 * @return  bool
-	 */
-	function addGroup($group) {
-	  msg("authorisation method does not support independent group creation", -1);
-	  return false;
-	}
+  /**
+   * Return a count of the number of user which meet $filter criteria
+   * [should be implemented whenever retrieveUsers is implemented]
+   *
+   * Set getUserCount capability when implemented
+   *
+   * @author  Chris Smith <chris@jalakai.co.uk>
+   */
+  function getUserCount($filter=array()) {
+    msg("authorisation method does not provide user counts", -1);
+    return 0;
+  }
+  
+  /**
+   * Bulk retrieval of user data [implement only where required/possible]
+   *
+   * Set getUsers capability when implemented
+   *
+   * @author  Chris Smith <chris@jalakai.co.uk>
+   * @param   start     index of first user to be returned
+   * @param   limit     max number of users to be returned
+   * @param   filter    array of field/pattern pairs, null for no filter
+   * @return  array of userinfo (refer getUserData for internal userinfo details)
+   */
+  function retrieveUsers($start=0,$limit=-1,$filter=null) {
+    msg("authorisation method does not support mass retrieval of user data", -1);
+    return array();
+  }
+  
+  /**
+   * Define a group [implement only where required/possible]
+   * 
+   * Set addGroup capability when implemented
+   *
+   * @author  Chris Smith <chris@jalakai.co.uk>
+   * @return  bool
+   */
+  function addGroup($group) {
+    msg("authorisation method does not support independent group creation", -1);
+    return false;
+  }

-	/**
-	 * Retrieve groups [implement only where required/possible]
-	 * 
-	 * Set getGroups capability when implemented
-   *
-	 * @author  Chris Smith <chris@jalakai.co.uk>
-	 * @return  array
-	 */
-	function retrieveGroups($start=0,$limit=0) {
-	  msg("authorisation method does not support group list retrieval", -1);
-	  return array();
-	}
+  /**
+   * Retrieve groups [implement only where required/possible]
+   * 
+   * Set getGroups capability when implemented
+   *
+   * @author  Chris Smith <chris@jalakai.co.uk>
+   * @return  array
+   */
+  function retrieveGroups($start=0,$limit=0) {
+    msg("authorisation method does not support group list retrieval", -1);
+    return array();
+  }

 }
+//Setup VIM: ex: et ts=2 enc=utf-8 :
--- a/inc/auth/punbb.class.php
+++ b/inc/auth/punbb.class.php
@@ -5,11 +5,6 @@
 * Uses external Trust mechanism to check against PunBB's
 * user cookie. PunBB's PUN_ROOT must be defined correctly.
 *
- * It inherits from the MySQL module, so you may set up
- * the correct SQL strings for user modification if you like.
- *
- * @todo      This is far from perfect yet. SQL Strings should be
- *            predefined. Logging in should be handled correctly.
 * @author    Andreas Gohr <andi@splitbrain.org>
 */

@@ -17,28 +12,124 @@ if(!defined('PUN_ROOT')) define('PUN_ROOT', DOKU_INC.'../forum/');
 require_once PUN_ROOT.'include/common.php';
 require_once DOKU_INC.'inc/auth/mysql.class.php';

+#dbg($GLOBALS);
+#dbg($pun_user);
+
 class auth_punbb extends auth_mysql {

+  /**
+   * Constructor.
+   *
+   * Sets additional capabilities and config strings
+   */
+  function auth_punbb(){
+    global $conf;
+    $this->cando['external'] = true; 
+    $this->cando['logoff']   = true; 
+
+    // make sure we use a crypt understood by punbb
+    if(function_exists('sha1')){
+      $conf['passcrypt'] = 'sha1';
+    }else{
+      $conf['passcrypt'] = 'md5';
+    }
+
+    // get global vars from PunBB config
+    global $db_host;
+    global $db_name;
+    global $db_username;
+    global $db_password;
+    global $db_prefix;
+
+    // now set up the mysql config strings
+    $conf['auth']['mysql']['server']   = $db_host;
+    $conf['auth']['mysql']['user']     = $db_username;
+    $conf['auth']['mysql']['password'] = $db_password;
+    $conf['auth']['mysql']['database'] = $db_name;
+
+    $conf['auth']['mysql']['checkPass']   = "SELECT u.password AS pass
+                                               FROM ${db_prefix}users AS u, ${db_prefix}groups AS g
+                                              WHERE u.group_id = g.g_id
+                                                AND u.username = '%{user}'
+                                                AND g.g_title   != 'Guest'";
+    $conf['auth']['mysql']['getUserInfo'] = "SELECT password AS pass, realname AS name, email AS mail,
+                                                    id, g_title as `group`
+                                               FROM ${db_prefix}users AS u, ${db_prefix}groups AS g
+                                              WHERE u.group_id = g.g_id
+                                                AND u.username = '%{user}'";
+    $conf['auth']['mysql']['getGroups']   = "SELECT g.g_title as `group`
+                                               FROM ${db_prefix}users AS u, ${db_prefix}groups AS g
+                                              WHERE u.group_id = g.g_id
+                                                AND u.username = '%{user}'";
+    $conf['auth']['mysql']['getUsers']    = "SELECT DISTINCT u.username AS user
+                                               FROM ${db_prefix}users AS u, ${db_prefix}groups AS g
+                                              WHERE u.group_id = g.g_id";
+    $conf['auth']['mysql']['FilterLogin'] = "u.username LIKE '%{user}'";
+    $conf['auth']['mysql']['FilterName']  = "u.realname LIKE '%{name}'";
+    $conf['auth']['mysql']['FilterEmail'] = "u.email    LIKE '%{email}'";
+    $conf['auth']['mysql']['FilterGroup'] = "g.g_title    LIKE '%{group}'";
+    $conf['auth']['mysql']['SortOrder']   = "ORDER BY u.username";
+    $conf['auth']['mysql']['addUser']     = "INSERT INTO ${db_prefix}users
+                                                    (username, password, email, realname)
+                                             VALUES ('%{user}', '%{pass}', '%{email}', '%{name}')";
+    $conf['auth']['mysql']['addGroup']    = "INSERT INTO ${db_prefix}groups (g_title) VALUES ('%{group}')";
+    $conf['auth']['mysql']['addUserGroup']= "UPDATE ${db_prefix}users 
+                                                SET group_id=%{gid}
+                                              WHERE id='%{uid}'";
+    $conf['auth']['mysql']['delGroup']    = "DELETE FROM ${db_prefix}groups WHERE g_id='%{gid}'";
+    $conf['auth']['mysql']['getUserID']   = "SELECT id FROM ${db_prefix}users WHERE username='%{user}'";
+    $conf['auth']['mysql']['updateUser']  = "UPDATE ${db_prefix}users SET";
+    $conf['auth']['mysql']['UpdateLogin'] = "username='%{user}'";
+    $conf['auth']['mysql']['UpdatePass']  = "password='%{pass}'";
+    $conf['auth']['mysql']['UpdateEmail'] = "email='%{email}'";
+    $conf['auth']['mysql']['UpdateName']  = "realname='%{name}'";
+    $conf['auth']['mysql']['UpdateTarget']= "WHERE id=%{uid}";
+    $conf['auth']['mysql']['delUserGroup']= "UPDATE ${db_prefix}users SET g_id=4 WHERE id=%{uid}";
+    $conf['auth']['mysql']['getGroupID']  = "SELECT g_id AS id FROM ${db_prefix}groups WHERE g_title='%{group}'";
+
+    $conf['auth']['mysql']['TablesToLock']= array("${db_prefix}users", "${db_prefix}users AS u",
+                                                  "${db_prefix}groups", "${db_prefix}groups AS g");
+
+    $conf['auth']['mysql']['debug'] = 1;
+    // call mysql constructor
+    $this->auth_mysql();
+  }
+
  /**
   * Just checks against the $pun_user variable
   */
  function trustExternal($user,$pass,$sticky=false){
    global $USERINFO;
    global $conf;
+    global $lang;
    global $pun_user;
+    global $pun_config;
    $sticky ? $sticky = true : $sticky = false; //sanity check

    // someone used the login form
    if(isset($user)){
-      msg('Please login at the forum',-1);
-      //FIXME a redirect to PunBBs login would be nice here
-      auth_logoff();
-      return false;
+      if($this->checkPass($user,$pass)){
+        $expire = ($sticky) ? time() + 31536000 : 0;
+        $uinfo  = $this->getUserData($user);
+        pun_setcookie($uinfo['id'], auth_cryptPassword($pass), $expire);
+        $pun_user = array();
+        $pun_user['password'] = auth_cryptPassword($pass);
+        $pun_user['username'] = $user;
+        $pun_user['realname'] = $uinfo['name'];
+        $pun_user['email']    = $uinfo['mail'];
+        $pun_user['g_title']  = $uinfo['group'];
+      }else{
+        //invalid credentials - log off
+        msg($lang['badlogin'],-1);
+        auth_logoff();
+        return false;
+      }
    }

    if(isset($pun_user) && !$pun_user['is_guest']){
      // okay we're logged in - set the globals
-      $USERINFO['name'] = $pun_user['username'];
+      $USERINFO['pass'] = $pun_user['password'];
+      $USERINFO['name'] = $pun_user['realname'];
      $USERINFO['mail'] = $pun_user['email'];
      $USERINFO['grps'] = array($pun_user['g_title']);

@@ -52,4 +143,14 @@ class auth_punbb extends auth_mysql {
    auth_logoff();
    return false;
  }
+
+  /**
+   * remove punbb cookie on logout
+   */
+  function logOff(){
+    global $pun_user;
+    $pun_user = array();
+    pun_setcookie(1, random_pass(8), time() + 31536000);
+  }
 }
+//Setup VIM: ex: et ts=2 enc=utf-8 :
--- a/inc/html.php
+++ b/inc/html.php
@@ -1063,6 +1063,7 @@ function html_minoredit(){
 function html_debug(){
  global $conf;
  global $lang;
+  global $auth;
  //remove sensitive data
  $cnf = $conf;
  $cnf['auth']='***';
@@ -1107,6 +1108,12 @@ function html_debug(){
  print $lang['encoding'];
  print '</pre>';

+  if($auth){
+    print '<b>Auth backend capabilities:</b><pre>';
+    print_r($auth->cando);
+    print '</pre>';
+  }
+
  print '<b>$_SESSION:</b><pre>';
  print_r($_SESSION);
  print '</pre>';