From a16dd68e698185f207e0bd3cf3b3f22619417519 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Sat, 21 Jan 2006 19:11:49 +0100
Subject: [PATCH] streamlining auth backends :!:
This patch is a start to make all the auth backend mor alike in
configuration and to update all backend to the new OO method.
This patch changed some config placeholders and thus may break
existing configs! Here is a list of the new place holders used
in MySQL and LDAP:
%{user} - the login name
%{group} - a group name
%{pass} - the password (cleartext or crypted)
%{dgroup} - the default group
%{guid} - a group id
%{uid} - a user id
%{name} - full name of a user
%{email} - email of a user
%{dn} - DN for a user (LDAP only)
The LDAP backend was enhanced a little bit. The default group
now is always added to the list of returned groups. A different
Server Port can be configured.
More changes will follow.
darcs-hash:20060121181149-7ad00-79de68aa7f87aef87dcff9dd7afd50adda859289.gz
---
inc/auth/ldap.class.php | 407 +++++++++++++++++++++++++++++++++++++++
inc/auth/ldap.php | 293 ----------------------------
inc/auth/mysql.class.php | 231 +++++++++++-----------
inc/auth/mysql.php | 196 -------------------
inc/auth/plain.class.php | 12 +-
inc/auth/plain.php | 120 ------------
6 files changed, 527 insertions(+), 732 deletions(-)
create mode 100644 inc/auth/ldap.class.php
delete mode 100644 inc/auth/ldap.php
delete mode 100644 inc/auth/mysql.php
delete mode 100644 inc/auth/plain.php
diff --git a/inc/auth/ldap.class.php b/inc/auth/ldap.class.php
new file mode 100644
index 000000000..cfaf93ca7
--- /dev/null
+++ b/inc/auth/ldap.class.php
@@ -0,0 +1,407 @@
+<?php
+/**
+ * auth/basic.class.php
+ *
+ * foundation authorisation class
+ * all auth classes should inherit from this class
+ *
+ * @author Chris Smith <chris@jalakaic.co.uk>
+ */
+
+class auth_ldap extends auth_basic {
+ var $cnf = null;
+ var $con = null;
+
+ /**
+ * Constructor
+ */
+ function auth_ldap(){
+ global $conf;
+ $this->cnf = $conf['auth']['ldap'];
+ }
+
+
+ /**
+ * Check user+password
+ *
+ * Checks if the given user exists and the given
+ * plaintext password is correct by trying to bind
+ * to the LDAP server
+ *
+ * @author Andreas Gohr <andi@splitbrain.org>
+ * @return bool
+ */
+ function checkPass($user,$pass){
+ // reject empty password
+ if(empty($pass)) return false;
+ if(!$this->_openLDAP()) return false;
+
+ // indirect user bind
+ if($this->cnf['binddn'] && $this->cnf['bindpw']){
+ // use superuser credentials
+ if(!@ldap_bind($this->con,$this->cnf['binddn'],$this->cnf['bindpw'])){
+ if($this->cnf['debug'])
+ msg('LDAP errstr: '.htmlspecialchars(ldap_error($this->con)),0);
+ return false;
+ }
+
+ }else if($this->cnf['binddn'] &&
+ $this->cnf['usertree'] &&
+ $this->cnf['userfilter']) {
+ // special bind string
+ $dn = $this->_makeFilter($this->cnf['binddn'],
+ array('user'=>$user,'server'=>$this->cnf['server']));
+
+ }else if(strpos($cnf['usertree'], '%{user}')) {
+ // direct user bind
+ $dn = $this->_makeFilter($this->cnf['usertree'],
+ array('user'=>$user,'server'=>$this->cnf['server']));
+
+ }else{
+ // Anonymous bind
+ if(!@ldap_bind($this->con)){
+ msg("LDAP: can not bind anonymously",-1);
+ if($this->cnf['debug'])
+ msg('LDAP errstr: '.htmlspecialchars(ldap_error($this->con)),0);
+ return false;
+ }
+ }
+
+ // Try to bind to with the dn if we have one.
+ if(!empty($dn)) {
+ // User/Password bind
+ if(!@ldap_bind($this->con,$dn,$pass)){
+ if($this->cnf['debug']){
+ msg("LDAP: bind with $dn failed", -1);
+ msg('LDAP errstr: '.htmlspecialchars(ldap_error($this->con)),0);
+ }
+ return false;
+ }
+ return true;
+ }else{
+ // See if we can find the user
+ $info = $this->getUserData($user);
+ if(empty($info['dn'])) {
+ return false;
+ } else {
+ $dn = $info['dn'];
+ }
+
+ // Try to bind with the dn provided
+ if(!@ldap_bind($this->con,$dn,$pass)){
+ if($this->cnf['debug']){
+ msg("LDAP: bind with $dn failed", -1);
+ msg('LDAP errstr: '.htmlspecialchars(ldap_error($this->con)),0);
+ }
+ return false;
+ }
+ return true;
+ }
+
+ return false;
+ }
+
+ /**
+ * Return user info [ MUST BE OVERRIDDEN ]
+ *
+ * Returns info about the given user needs to contain
+ * at least these fields:
+ *
+ * name string full name of the user
+ * mail string email addres of the user
+ * grps array list of groups the user is in
+ *
+ * This LDAP specific function returns the following
+ * addional fields:
+ *
+ * dn string distinguished name (DN)
+ * uid string Posix User ID
+ *
+ * @author Andreas Gohr <andi@splitbrain.org>
+ * @author Trouble
+ * @author Dan Allen <dan.j.allen@gmail.com>
+ * @auhtor <evaldas.auryla@pheur.org>
+ * @return array containing user data or false
+ */
+ function getUserData($user) {
+ global $conf;
+ if(!$this->_openLDAP()) return false;
+
+ $info['user'] = $user;
+ $info['server'] = $this->cnf['server'];
+
+ //get info for given user
+ $base = $this->_makeFilter($this->cnf['usertree'], $info);
+ if(!empty($this->cnf['userfilter'])) {
+ $filter = $this->_makeFilter($this->cnf['userfilter'], $info);
+ } else {
+ $filter = "(ObjectClass=*)";
+ }
+
+ $sr = @ldap_search($this->con, $base, $filter);
+ $result = @ldap_get_entries($this->con, $sr);
+ if($this->cnf['debug'])
+ msg('LDAP errstr: '.htmlspecialchars(ldap_error($this->con)),0);
+
+ // Don't accept more or less than one response
+ if($result['count'] != 1){
+ return false; //user not found
+ }
+
+ $user_result = $result[0];
+ ldap_free_result($sr);
+
+ // general user info
+ $info['dn'] = $user_result['dn'];
+ $info['mail'] = $user_result['mail'][0];
+ $info['name'] = $user_result['cn'][0];
+ $info['grps'] = array();
+
+ // overwrite if other attribs are specified.
+ if(is_array($this->cnf['mapping'])){
+ foreach($this->cnf['mapping'] as $localkey => $key) {
+ if(is_array($key)) {
+ // use regexp to clean up user_result
+ list($key, $regexp) = each($key);
+ foreach($user_result[$key] as $grp){
+ if (preg_match($regexp,$grp,$match)) {
+ if($localkey == 'grps') {
+ $info[$localkey][] = $match[1];
+ } else {
+ $info[$localkey] = $match[1];
+ }
+ }
+ }
+ } else {
+ $info[$localkey] = $user_result[$key][0];
+ }
+ }
+ }
+ $user_result = array_merge($info,$user_result);
+
+ //get groups for given user if grouptree is given
+ if ($this->cnf['grouptree'] && $this->cnf['groupfilter']) {
+ $base = $this->_makeFilter($this->cnf['grouptree'], $user_result);
+ $filter = $this->_makeFilter($this->cnf['groupfilter'], $user_result);
+
+ $sr = @ldap_search($this->con, $base, $filter, array('cn'));
+ if(!$sr){
+ msg("LDAP: Reading group memberships failed",-1);
+ if($this->cnf['debug'])
+ msg('LDAP errstr: '.htmlspecialchars(ldap_error($this->con)),0);
+ return false;
+ }
+ $result = ldap_get_entries($this->con, $sr);
+ ldap_free_result($sr);
+
+ foreach($result as $grp){
+ if(!empty($grp['cn'][0])) $info['grps'][] = $grp['cn'][0];
+ }
+ }
+
+ // always add the default group to the list of groups
+ if(!in_array($conf['defaultgroup'],$info['grps'])){
+ $info['grps'][] = $conf['defaultgroup'];
+ }
+
+ return $info;
+ }
+
+ /**
+ * Create a new User [implement only where required/possible]
+ *
+ * Returns false if the user already exists, null when an error
+ * occured and the cleartext password of the new user if
+ * everything went well.
+ *
+ * The new user HAS TO be added to the default group by this
+ * function!
+ *
+ * @author Andreas Gohr <andi@splitbrain.org>
+ */
+# function createUser($user,$pass,$name,$mail,$grps=null){
+#
+# msg("authorisation method does not allow creation of new users", -1);
+# return null;
+# }
+
+ /**
+ * Modify user data [implement only where required/possible]
+ *
+ * @author Chris Smith <chris@jalakai.co.uk>
+ * @param $user nick of the user to be changed
+ * @param $changes array of field/value pairs to be changed (password will be clear text)
+ * @return bool
+ */
+# function modifyUser($user, $changes) {
+# msg("authorisation method does not allow modifying of user data", -1);
+# return false;
+# }
+
+ /**
+ * Delete one or more users [implement only where required/possible]
+ *
+ * @author Chris Smith <chris@jalakai.co.uk>
+ * @param array $users
+ * @return int number of users deleted
+ */
+# function deleteUsers($users) {
+# msg("authorisation method does not allow deleting of users", -1);
+# return false;
+# }
+
+ /**
+ * Return a count of the number of user which meet $filter criteria
+ * [should be implemented whenever retrieveUsers is implemented]
+ *
+ * @author Chris Smith <chris@jalakai.co.uk>
+ */
+# function getUserCount($filter=array()) {
+#
+# msg("authorisation method does not provide user counts", -1);
+# return 0;
+# }
+
+ /**
+ * Bulk retrieval of user data [implement only where required/possible]
+ *
+ * @author Chris Smith <chris@jalakai.co.uk>
+ * @param start index of first user to be returned
+ * @param limit max number of users to be returned
+ * @param filter array of field/pattern pairs, null for no filter
+ * @return array of userinfo (refer getUserData for internal userinfo details)
+ */
+# function retrieveUsers($start=0,$limit=-1,$filter=null) {
+# msg("authorisation method does not support mass retrieval of user data", -1);
+# return array();
+# }
+
+ /**
+ * Define a group [implement only where required/possible]
+ *
+ * @author Chris Smith <chris@jalakai.co.uk>
+ * @return bool
+ */
+# function addGroup($group) {
+# msg("authorisation method does not support independent group creation", -1);
+# return false;
+# }
+
+ /**
+ * Retrieve groups [implement only where required/possible]
+ *
+ * @author Chris Smith <chris@jalakai.co.uk>
+ * @return array
+ */
+# function retrieveGroups($start=0,$limit=0) {
+# msg("authorisation method does not support group list retrieval", -1);
+# return array();
+# }
+
+ /**
+ * Give user membership of a group [implement only where required/possible]
+ *
+ * @author Chris Smith <chris@jalakai.co.uk>
+ * @return bool
+ */
+# function joinGroup($user, $group) {
+# msg("authorisation method does not support alteration of group memberships", -1);
+# return false;
+# }
+
+ /**
+ * Remove user from a group [implement only where required/possible]
+ *
+ * @author Chris Smith <chris@jalakai.co.uk>
+ * @return bool
+ */
+# function leaveGroup($user, $group) {
+# msg("authorisation method does not support alteration of group memberships", -1);
+# return false;
+# }
+
+ /**
+ * Make LDAP filter strings.
+ *
+ * Used by auth_getUserData to make the filter
+ * strings for grouptree and groupfilter
+ *
+ * filter string ldap search filter with placeholders
+ * placeholders array array with the placeholders
+ *
+ * @author Troels Liebe Bentsen <tlb@rapanden.dk>
+ * @return string
+ */
+ function _makeFilter($filter, $placeholders) {
+ preg_match_all("/%{([^}]+)/", $filter, $matches, PREG_PATTERN_ORDER);
+ //replace each match
+ foreach ($matches[1] as $match) {
+ //take first element if array
+ if(is_array($placeholders[$match])) {
+ $value = $placeholders[$match][0];
+ } else {
+ $value = $placeholders[$match];
+ }
+ $filter = str_replace('%{'.$match.'}', $value, $filter);
+ }
+ return $filter;
+ }
+
+ /**
+ * Opens a connection to the configured LDAP server and sets the wnated
+ * option on the connection
+ *
+ * @author Andreas Gohr <andi@splitbrain.org>
+ */
+ function _openLDAP(){
+ if($this->con) return true; // connection already established
+
+ if(!$this->cnf['port']) $port = 636;
+ $this->con = @ldap_connect($this->cnf['server'],$this->cnf['port']);
+ if(!$this->con){
+ msg("LDAP: couldn't connect to LDAP server",-1);
+ return false;
+ }
+
+ //set protocol version and dependend options
+ if($this->cnf['version']){
+ if(!@ldap_set_option($this->con, LDAP_OPT_PROTOCOL_VERSION,
+ $this->cnf['version'])){
+ msg('Setting LDAP Protocol version '.$this->cnf['version'].' failed',-1);
+ if($this->cnf['debug'])
+ msg('LDAP errstr: '.htmlspecialchars(ldap_error($this->con)),0);
+ }else{
+ //use TLS (needs version 3)
+ if($this->cnf['starttls']) {
+ if (!@ldap_start_tls($this->con)){
+ msg('Starting TLS failed',-1);
+ if($this->cnf['debug'])
+ msg('LDAP errstr: '.htmlspecialchars(ldap_error($this->con)),0);
+ }
+ }
+ // needs version 3
+ if(isset($this->cnf['referrals'])) {
+ if(!@ldap_set_option($this->con, LDAP_OPT_REFERRALS,
+ $this->cnf['referrals'])){
+ msg('Setting LDAP referrals to off failed',-1);
+ if($this->cnf['debug'])
+ msg('LDAP errstr: '.htmlspecialchars(ldap_error($this->con)),0);
+ }
+ }
+ }
+ }
+
+ //set deref mode
+ if($this->cnf['deref']){
+ if(!@ldap_set_option($this->con, LDAP_OPT_DEREF, $this->cnf['deref'])){
+ msg('Setting LDAP Deref mode '.$this->cnf['deref'].' failed',-1);
+ if($this->cnf['debug'])
+ msg('LDAP errstr: '.htmlspecialchars(ldap_error($this->con)),0);
+ }
+ }
+
+ return true;
+ }
+}
+
+//Setup VIM: ex: et ts=4 enc=utf-8 :
diff --git a/inc/auth/ldap.php b/inc/auth/ldap.php
deleted file mode 100644
index e4a43835a..000000000
--- a/inc/auth/ldap.php
+++ /dev/null
@@ -1,293 +0,0 @@
-<?php
-/**
- * LDAP authentication backend
- *
- * tested with openldap 2.x on Debian only
- *
- * PHPs LDAP extension is needed
- *
- * @license GPL 2 (http://www.gnu.org/licenses/gpl.html)
- * @author Andreas Gohr <andi@splitbrain.org>
- */
-
-//check for LDAP extension on load
-if(!function_exists('ldap_connect'))
- msg("LDAP extension not found",-1);
-
-/**
- * Connect to the LDAP server
- *
- * Holds the connection in global scope for multiple use
- *
- * @author Andreas Gohr <andi@splitbrain.org>
- */
-function auth_ldap_connect(){
- global $LDAP_CONNECTION;
- global $conf;
- $cnf = $conf['auth']['ldap'];
-
- if(!$LDAP_CONNECTION){
- $LDAP_CONNECTION = @ldap_connect($cnf['server']);
- if(!$LDAP_CONNECTION){
- msg("LDAP: couldn't connect to LDAP server",-1);
- return false;
- }
- //set protocol version
- if($cnf['version']){
- if(!@ldap_set_option($LDAP_CONNECTION,
- LDAP_OPT_PROTOCOL_VERSION,
- $cnf['version'])){
- msg('Setting LDAP Protocol version '.$cnf['version'].' failed',-1);
- if($cnf['debug'])
- msg('LDAP errstr: '.htmlspecialchars(ldap_error($LDAP_CONNECTION)),0);
-
- } else {
- //use TLS (needs version 3)
- if($cnf['starttls']) {
- if (!@ldap_start_tls($LDAP_CONNECTION)){
- msg('Starting TLS failed',-1);
- if($cnf['debug'])
- msg('LDAP errstr: '.htmlspecialchars(ldap_error($LDAP_CONNECTION)),0);
- }
- }
- // needs version 3
- if(isset($cnf['referrals'])) {
- if(!@ldap_set_option($LDAP_CONNECTION,
- LDAP_OPT_REFERRALS,
- $cnf['referrals'])){
- msg('Setting LDAP referrals to off failed',-1);
- if($cnf['debug'])
- msg('LDAP errstr: '.htmlspecialchars(ldap_error($LDAP_CONNECTION)),0);
- }
- }
- }
- }
- //set deref mode
- if($cnf['deref']){
- if(!@ldap_set_option($LDAP_CONNECTION,
- LDAP_OPT_DEREF,
- $cnf['deref'])){
- msg('Setting LDAP Deref mode '.$cnf['deref']. 'failed',-1);
- if($cnf['debug'])
- msg('LDAP errstr: '.htmlspecialchars(ldap_error($LDAP_CONNECTION)),0);
- }
- }
- }
- return $LDAP_CONNECTION;
-}
-
-/**
- * Check user+password [required auth function]
- *
- * Checks if the given user exists and the given
- * plaintext password is correct by trying to bind
- * to the LDAP server
- *
- * @author Andreas Gohr <andi@splitbrain.org>
- * @return bool
- */
-function auth_checkPass($user,$pass){
- global $conf;
- $cnf = $conf['auth']['ldap'];
-
- //reject empty password
- if(empty($pass)) return false;
-
- //connect to LDAP Server
- $conn = auth_ldap_connect();
- if(!$conn) return false;
-
- // indirect user bind
- if(!empty($cnf['binddn']) and !empty($cnf['bindpw'])) {
- //use superuser credentials
- if(!@ldap_bind($conn,$cnf['binddn'],$cnf['bindpw'])){
- if($cnf['debug']) msg('LDAP errstr: '.htmlspecialchars(ldap_error($conn)),0);
- return false;
- }
-
- // special bind string
- } else if(!empty($cnf['binddn']) and !empty($cnf['usertree']) and !empty($cnf['userfilter'])) {
- $dn = auth_ldap_makeFilter($cnf['binddn'], array('user'=>$user,'server'=>$cnf['server']));
-
- // direct user bind
- } else if(strpos($cnf['usertree'], '%{user}')) {
- $dn = auth_ldap_makeFilter($cnf['usertree'], array('user'=>$user,'server'=>$cnf['server']));
-
- // Anonymous bind
- } else {
- if(!@ldap_bind($conn)){
- msg("LDAP: can not bind anonymously",-1);
- if($cnf['debug']) msg('LDAP errstr: '.htmlspecialchars(ldap_error($conn)),0);
- return false;
- }
- }
-
- // Try to bind to with the dn if we have one.
- if(!empty($dn)) {
- // User/Password bind
- if(!@ldap_bind($conn,$dn,$pass)){
- if($cnf['debug']) msg('LDAP errstr: '.htmlspecialchars(ldap_error($conn)),0);
- return false;
- }
- return true;
- } else {
- // See if we can find the user
- $info = auth_getUserData($user);
- if(empty($info['dn'])) {
- return false;
- } else {
- $dn = $info['dn'];
- }
- // Try to bind with the dn provided
- if(!@ldap_bind($conn,$dn,$pass)){
- if($cnf['debug']) msg('LDAP errstr: '.htmlspecialchars(ldap_error($conn)),0);
- return false;
- }
- return true;
- }
-
- return false;
-}
-
-/**
- * Return user info [required auth function]
- *
- * Returns info about the given user needs to contain
- * at least these fields:
- *
- * name string full name of the user
- * mail string email addres of the user
- * grps array list of groups the user is in
- *
- * This LDAP specific function returns the following
- * addional fields:
- *
- * dn string distinguished name (DN)
- * uid string Posix User ID
- *
- * @author Andreas Gohr <andi@splitbrain.org>
- * @author Trouble
- * @author Dan Allen <dan.j.allen@gmail.com>
- * @auhtor <evaldas.auryla@pheur.org>
- */
-function auth_getUserData($user){
- global $conf;
- $cnf = $conf['auth']['ldap'];
-
- //connect to LDAP Server
- $conn = auth_ldap_connect();
- if(!$conn) return false;
-
- $info['user']= $user;
- $info['server']= $cnf['server'];
-
- //get info for given user
- $base = auth_ldap_makeFilter($cnf['usertree'], $info);
- if(!empty($cnf['userfilter'])) {
- $filter = auth_ldap_makeFilter($cnf['userfilter'], $info);
- } else {
- $filter = "(ObjectClass=*)";
- }
-
- $sr = @ldap_search($conn, $base, $filter);
- $result = @ldap_get_entries($conn, $sr);
- if($cnf['debug']) msg('LDAP errstr: '.htmlspecialchars(ldap_error($conn)),0);
-
- // Don't accept more or less than one response
- if($result['count'] != 1){
- return false; //user not found
- }
-
- $user_result = $result[0];
-
- //general user info
- $info['dn']= $user_result['dn'];
- $info['mail']= $user_result['mail'][0];
- $info['name']= $user_result['cn'][0];
-
- #overwrite if other attribs are specified.
- if(is_array($cnf['mapping'])){
- foreach($cnf['mapping'] as $localkey => $key) {
- if(is_array($key)) {
- //use regexp to clean up user_result
- list($key, $regexp) = each($key);
- foreach($user_result[$key] as $grp){
- if (preg_match($regexp,$grp,$match)) {
- if($localkey == 'grps') {
- $info[$localkey][] = $match[1];
- } else {
- $info[$localkey] = $match[1];
- }
- }
- }
- } else {
- $info[$localkey] = $user_result[$key][0];
- }
- }
- }
-
- //get groups for given user if grouptree is given
- if (!empty($cnf['grouptree'])) {
- $base = auth_ldap_makeFilter($cnf['grouptree'], $user_result);
- $filter = auth_ldap_makeFilter($cnf['groupfilter'], $user_result);
-
- $sr = @ldap_search($conn, $base, $filter);
- if(!$sr){
- msg("LDAP: Reading group memberships failed",-1);
- if($cnf['debug']) msg('LDAP errstr: '.htmlspecialchars(ldap_error($conn)),0);
- return false;
- }
- $result = ldap_get_entries($conn, $sr);
- foreach($result as $grp){
- if(!empty($grp['cn'][0]))
- $info['grps'][] = $grp['cn'][0];
- }
- }
-
- //if no groups were found always return the default group
- if(!count($info['grps'])) $info['grps'][] = $conf['defaultgroup'];
-
- return $info;
-}
-
-/**
- * Create a new User [required auth function]
- *
- * Not implemented
- *
- * @author Andreas Gohr <andi@splitbrain.org>
- */
-function auth_createUser($user,$pass,$name,$mail){
- msg("Sorry. Creating users is not supported by the LDAP backend",-1);
- return null;
-}
-
-
-/**
- * Make ldap filter strings.
- *
- * Used by auth_getUserData to make the filter
- * strings for grouptree and groupfilter
- *
- * filter string ldap search filter with placeholders
- * placeholders array array with the placeholders
- *
- * @author Troels Liebe Bentsen <tlb@rapanden.dk>
- * @return string
- */
-function auth_ldap_makeFilter($filter, $placeholders) {
- preg_match_all("/%{([^}]+)/", $filter, $matches, PREG_PATTERN_ORDER);
- //replace each match
- foreach ($matches[1] as $match) {
- //take first element if array
- if(is_array($placeholders[$match])) {
- $value = $placeholders[$match][0];
- } else {
- $value = $placeholders[$match];
- }
- $filter = str_replace('%{'.$match.'}', $value, $filter);
- }
- return $filter;
-}
-
-//Setup VIM: ex: et ts=2 enc=utf-8 :
diff --git a/inc/auth/mysql.class.php b/inc/auth/mysql.class.php
index 8fdb16122..5017d5b83 100644
--- a/inc/auth/mysql.class.php
+++ b/inc/auth/mysql.class.php
@@ -42,8 +42,6 @@ class auth_mysql extends auth_basic {
}
/**
- * [public function]
- *
* Checks if the given user exists and the given plaintext password
* is correct. Furtheron it might be checked wether the user is
* member of the right group
@@ -61,11 +59,11 @@ class auth_mysql extends auth_basic {
function checkPass($user,$pass){
$rc = false;
- if($this->openDB()) {
- $sql = str_replace('%u',addslashes($user),$this->cnf['checkPass']);
- $sql = str_replace('%p',addslashes($pass),$sql);
- $sql = str_replace('%g',addslashes($this->defaultgroup),$sql);
- $result = $this->queryDB($sql);
+ if($this->_openDB()) {
+ $sql = str_replace('%{user}',addslashes($user),$this->cnf['checkPass']);
+ $sql = str_replace('%{pass}',addslashes($pass),$sql);
+ $sql = str_replace('%{dgroup}',addslashes($this->defaultgroup),$sql);
+ $result = $this->_queryDB($sql);
if($result !== false && count($result) == 1) {
if($this->cnf['encryptPass'] == 1)
@@ -73,7 +71,7 @@ class auth_mysql extends auth_basic {
else
$rc = auth_verifyPassword($pass,$result[0]['pass']);
}
- $this->closeDB();
+ $this->_closeDB();
}
return $rc;
}
@@ -93,11 +91,11 @@ class auth_mysql extends auth_basic {
* @author Matthias Grimm <matthiasgrimm@users.sourceforge.net>
*/
function getUserData($user){
- if($this->openDB()) {
- $this->lockTables("READ");
- $info = $this->getUserInfo($user);
- $this->unlockTables();
- $this->closeDB();
+ if($this->_openDB()) {
+ $this->_lockTables("READ");
+ $info = $this->_getUserInfo($user);
+ $this->_unlockTables();
+ $this->_closeDB();
} else
$info = false;
return $info;
@@ -124,19 +122,19 @@ class auth_mysql extends auth_basic {
* @author Matthias Grimm <matthiasgrimm@users.sourceforge.net>
*/
function createUser($user,$pwd,$name,$mail,$grps=null){
- if($this->openDB()) {
- if (($info = $this->getUserInfo($user)) !== false)
+ if($this->_openDB()) {
+ if (($info = $this->_getUserInfo($user)) !== false)
return false; // user already exists
// set defaultgroup if no groups were given
if ($grps == null)
$grps = array($this->defaultgroup);
- $this->lockTables("WRITE");
+ $this->_lockTables("WRITE");
$pwd = $this->cnf['encryptPass'] ? $pwd : auth_cryptPassword($pwd);
- $rc = $this->addUser($user,$pwd,$name,$mail,$grps);
- $this->unlockTables();
- $this->closeDB();
+ $rc = $this->_addUser($user,$pwd,$name,$mail,$grps);
+ $this->_unlockTables();
+ $this->_closeDB();
if ($rc) return $pwd;
}
return null; // return error
@@ -164,9 +162,9 @@ class auth_mysql extends auth_basic {
if (!is_array($changes) || !count($changes))
return true; // nothing to change
- if($this->openDB()) {
- $this->lockTables("WRITE");
- if (($info = $this->getUserInfo($user)) !== false) {
+ if($this->_openDB()) {
+ $this->_lockTables("WRITE");
+ if (($info = $this->_getUserInfo($user)) !== false) {
$newuser = $user;
foreach ($changes as $field => $value) {
if ($field == 'user')
@@ -176,14 +174,14 @@ class auth_mysql extends auth_basic {
$info[$field] = $value; // update user record
}
- $rc = $this->delUser($user); // remove user from database
+ $rc = $this->_delUser($user); // remove user from database
if ($rc)
- $rc = $this->addUser($newuser,$info['pass'],$info['name'],$info['mail'],$info['grps']);
+ $rc = $this->_addUser($newuser,$info['pass'],$info['name'],$info['mail'],$info['grps']);
if (!$rc)
msg($lang['modUserFailed'], -1);
}
- $this->unlockTables();
- $this->closeDB();
+ $this->_unlockTables();
+ $this->_closeDB();
}
return $rc;
}
@@ -202,16 +200,16 @@ class auth_mysql extends auth_basic {
function deleteUsers($users) {
$count = 0;
- if($this->openDB()) {
- if (is_array($users) && !empty($users)) {
- $this->lockTables("WRITE");
+ if($this->_openDB()) {
+ if (is_array($users) && count($users)) {
+ $this->_lockTables("WRITE");
foreach ($users as $user) {
- if ($this->delUser($user))
+ if ($this->_delUser($user))
$count++;
}
- $this->unlockTables();
+ $this->_unlockTables();
}
- $this->closeDB();
+ $this->_closeDB();
}
return $count;
}
@@ -229,12 +227,12 @@ class auth_mysql extends auth_basic {
function getUserCount($filter=array()) {
$rc = 0;
- if($this->openDB()) {
- $sql = $this->createSQLFilter($this->cnf['getUsers'], $filter);
- $result = $this->queryDB($sql);
+ if($this->_openDB()) {
+ $sql = $this->_createSQLFilter($this->cnf['getUsers'], $filter);
+ $result = $this->_queryDB($sql);
if ($result)
$rc = count($result);
- $this->closeDB();
+ $this->_closeDB();
}
return $rc;
}
@@ -256,14 +254,14 @@ class auth_mysql extends auth_basic {
$i = 0;
$count = 0;
- if($this->openDB()) {
- $this->lockTables("READ");
- $sql = $this->createSQLFilter($this->cnf['getUsers'], $filter)." ".$this->cnf['SortOrder'];
- $result = $this->queryDB($sql);
+ if($this->_openDB()) {
+ $this->_lockTables("READ");
+ $sql = $this->_createSQLFilter($this->cnf['getUsers'], $filter)." ".$this->cnf['SortOrder'];
+ $result = $this->_queryDB($sql);
if ($result) {
foreach ($result as $user) {
if ($i++ >= $start) {
- $info = $this->getUserInfo($user['user']);
+ $info = $this->_getUserInfo($user['user']);
if ($info) {
$out[$user['user']] = $info;
if (($limit > 0) && (++$count >= $limit)) break;
@@ -271,8 +269,8 @@ class auth_mysql extends auth_basic {
}
}
}
- $this->unlockTables();
- $this->closeDB();
+ $this->_unlockTables();
+ $this->_closeDB();
}
return $out;
}
@@ -291,11 +289,11 @@ class auth_mysql extends auth_basic {
function joinGroup($user, $group) {
$rc = false;
- if($this->openDB()) {
- $this->lockTables("WRITE");
- $rc = addUserToGroup($user, $group);
- $this->unlockTables();
- $this->closeDB();
+ if($this->_openDB()) {
+ $this->_lockTables("WRITE");
+ $rc = _addUserToGroup($user, $group);
+ $this->_unlockTables();
+ $this->_closeDB();
}
return $rc;
}
@@ -314,22 +312,22 @@ class auth_mysql extends auth_basic {
function leaveGroup($user, $group) {
$rc = false;
- if($this->openDB()) {
- $this->lockTables("WRITE");
+ if($this->_openDB()) {
+ $this->_lockTables("WRITE");
- $uid = $this->getUserID($user);
+ $uid = $this->_getUserID($user);
if ($uid) {
- $gid = $this->getGroupID($group);
+ $gid = $this->_getGroupID($group);
if ($gid) {
- $sql = str_replace('%uid',addslashes($uid),$this->cnf['delUserGroup']);
- $sql = str_replace('%u' ,addslashes($user),$sql);
- $sql = str_replace('%gid',addslashes($gid),$sql);
- $sql = str_replace('%g' ,addslashes($group),$sql);
- $rc = $this->modifyDB($sql) == 0 ? true : false;
+ $sql = str_replace('%{uid}', addslashes($uid),$this->cnf['delUserGroup']);
+ $sql = str_replace('%{user}', addslashes($user),$sql);
+ $sql = str_replace('%{gid}', addslashes($gid),$sql);
+ $sql = str_replace('%{group}',addslashes($group),$sql);
+ $rc = $this->_modifyDB($sql) == 0 ? true : false;
}
}
- $this->unlochTables();
- $this->closeDB();
+ $this->_unlockTables();
+ $this->_closeDB();
}
return $rc;
}
@@ -350,32 +348,32 @@ class auth_mysql extends auth_basic {
*
* @author Matthias Grimm <matthiasgrimm@users.sourceforge.net>
*/
- function addUserToGroup($user, $group, $force=0) {
+ function _addUserToGroup($user, $group, $force=0) {
$newgroup = 0;
- if($this->dbcon) {
- $uid = $this->getUserID($user);
+ if($this->_dbcon) {
+ $uid = $this->_getUserID($user);
if ($uid) {
- $gid = $this->getGroupID($group);
+ $gid = $this->_getGroupID($group);
if (!$gid) {
if ($force) { // create missing groups
$sql = str_replace('%g',addslashes($group),$this->cnf['addGroup']);
- $gid = $this->modifyDB($sql);
+ $gid = $this->_modifyDB($sql);
$newgroup = 1; // group newly created
}
if (!$gid) return false; // group didm't exist and can't be created
}
- $sql = str_replace('%uid',addslashes($uid),$this->cnf['addUserGroup']);
- $sql = str_replace('%u' ,addslashes($user),$sql);
- $sql = str_replace('%gid',addslashes($gid),$sql);
- $sql = str_replace('%g' ,addslashes($group),$sql);
- if ($this->modifyDB($sql) !== false) return true;
+ $sql = str_replace('%{uid}', addslashes($uid),$this->cnf['addUserGroup']);
+ $sql = str_replace('%{user}', addslashes($user),$sql);
+ $sql = str_replace('%{gid}', addslashes($gid),$sql);
+ $sql = str_replace('%{group}',addslashes($group),$sql);
+ if ($this->_modifyDB($sql) !== false) return true;
if ($newgroup) { // remove previously created group on error
- $sql = str_replace('%gid',addslashes($gid),$this->cnf['delGroup']);
- $sql = str_replace('%g' ,addslashes($group),$sql);
- $this->modifyDB($sql);
+ $sql = str_replace('%{gid}', addslashes($gid),$this->cnf['delGroup']);
+ $sql = str_replace('%{group}',addslashes($group),$sql);
+ $this->_modifyDB($sql);
}
}
}
@@ -395,12 +393,12 @@ class auth_mysql extends auth_basic {
*
* @author Matthias Grimm <matthiasgrimm@users.sourceforge.net>
*/
- function getGroups($user) {
+ function _getGroups($user) {
$groups = array();
- if($this->dbcon) {
+ if($this->_dbcon) {
$sql = str_replace('%u',addslashes($user),$this->cnf['getGroups']);
- $result = $this->queryDB($sql);
+ $result = $this->_queryDB($sql);
if(count($result)) {
foreach($result as $row)
@@ -423,10 +421,10 @@ class auth_mysql extends auth_basic {
*
* @author Matthias Grimm <matthiasgrimm@users.sourceforge.net>
*/
- function getUserID($user) {
- if($this->dbcon) {
+ function _getUserID($user) {
+ if($this->_dbcon) {
$sql = str_replace('%u',addslashes($user),$this->cnf['getUserID']);
- $result = $this->queryDB($sql);
+ $result = $this->_queryDB($sql);
return $result === false ? false : $result[0]['id'];
}
return false;
@@ -439,7 +437,7 @@ class auth_mysql extends auth_basic {
* for this function to work. Otherwise it will return
* 'false'.
*
- * @param $user nick of the user
+ * @param $user login of the user
* @param $pwd encrypted password
* @param $name full name of the user
* @param $mail email address
@@ -450,17 +448,17 @@ class auth_mysql extends auth_basic {
* @author Chris Smith <chris@jalakai.co.uk>
* @author Matthias Grimm <matthiasgrimm@users.sourceforge.net>
*/
- function addUser($user,$pwd,$name,$mail,$grps){
- if($this->dbcon && is_array($grps)) {
- $sql = str_replace('%u' ,addslashes($user),$this->cnf['addUser']);
- $sql = str_replace('%p' ,addslashes($pwd),$sql);
- $sql = str_replace('%n' ,addslashes($name),$sql);
- $sql = str_replace('%e' ,addslashes($mail),$sql);
- $uid = $this->modifyDB($sql);
+ function _addUser($user,$pwd,$name,$mail,$grps){
+ if($this->_dbcon && is_array($grps)) {
+ $sql = str_replace('%{user}', addslashes($user),$this->cnf['addUser']);
+ $sql = str_replace('%{pass}', addslashes($pwd),$sql);
+ $sql = str_replace('%{name}', addslashes($name),$sql);
+ $sql = str_replace('%{email}',addslashes($mail),$sql);
+ $uid = $this->_modifyDB($sql);
if ($uid) {
foreach($grps as $group) {
- $gid = $this->addUserToGroup($user, $group, 1);
+ $gid = $this->_addUserToGroup($user, $group, 1);
if ($gid === false) break;
}
@@ -471,9 +469,9 @@ class auth_mysql extends auth_basic {
* and won't be removed. This might create orphaned groups but
* is not a big issue so we ignore this problem here.
*/
- $this->delUser($user);
- $text = str_replace('%u' ,addslashes($user),$this->cnf['joinGroupFailed']);
- $text = str_replace('%g' ,addslashes($group),$text);
+ $this->_delUser($user);
+ $text = str_replace('%u',addslashes($user),$this->cnf['joinGroupFailed']);
+ $text = str_replace('%g',addslashes($group),$text);
msg($text, -1);
}
}
@@ -493,15 +491,15 @@ class auth_mysql extends auth_basic {
*
* @author Matthias Grimm <matthiasgrimm@users.sourceforge.net>
*/
- function delUser($user) {
- if($this->dbcon) {
- $uid = $this->getUserID($user);
+ function _delUser($user) {
+ if($this->_dbcon) {
+ $uid = $this->_getUserID($user);
if ($uid) {
- $sql = str_replace('%uid',addslashes($uid),$this->cnf['delUser']);
- $sql = str_replace('%u', addslashes($user),$sql);
- $this->modifyDB($sql);
- $sql = str_replace('%uid',addslashes($uid),$this->cnf['delUserRefs']);
- $this->modifyDB($sql);
+ $sql = str_replace('%{uid}',addslashes($uid),$this->cnf['delUser']);
+ $sql = str_replace('%{user}', addslashes($user),$sql);
+ $this->_modifyDB($sql);
+ $sql = str_replace('%{uid}',addslashes($uid),$this->cnf['delUserRefs']);
+ $this->_modifyDB($sql);
return true;
}
}
@@ -521,12 +519,12 @@ class auth_mysql extends auth_basic {
*
* @author Matthias Grimm <matthiasgrimm@users.sourceforge.net>
*/
- function getUserInfo($user){
- $sql = str_replace('%u',addslashes($user),$this->cnf['getUserInfo']);
- $result = $this->queryDB($sql);
+ function _getUserInfo($user){
+ $sql = str_replace('%{user}',addslashes($user),$this->cnf['getUserInfo']);
+ $result = $this->_queryDB($sql);
if(count($result)) {
$info = $result[0];
- $info['grps'] = $this->getGroups($user);
+ $info['grps'] = $this->_getGroups($user);
return $info;
}
return false;
@@ -544,10 +542,10 @@ class auth_mysql extends auth_basic {
*
* @author Matthias Grimm <matthiasgrimm@users.sourceforge.net>
*/
- function getGroupID($group) {
+ function _getGroupID($group) {
if($this->dbcon) {
- $sql = str_replace('%g',addslashes($group),$this->cnf['getGroupID']);
- $result = $this->queryDB($sql);
+ $sql = str_replace('%{group}',addslashes($group),$this->cnf['getGroupID']);
+ $result = $this->_queryDB($sql);
return $result === false ? false : $result[0]['id'];
}
return false;
@@ -562,7 +560,7 @@ class auth_mysql extends auth_basic {
*
* @author Matthias Grimm <matthiasgrimm@users.sourceforge.net>
*/
- function openDB() {
+ function _openDB() {
global $lang;
if (!$this->dbcon) {
@@ -591,7 +589,7 @@ class auth_mysql extends auth_basic {
*
* @author Matthias Grimm <matthiasgrimm@users.sourceforge.net>
*/
- function closeDB() {
+ function _closeDB() {
if ($this->dbcon) {
mysql_close ($this->dbcon);
$this->dbcon = 0;
@@ -610,7 +608,7 @@ class auth_mysql extends auth_basic {
*
* @author Matthias Grimm <matthiasgrimm@users.sourceforge.net>
*/
- function queryDB($query) {
+ function _queryDB($query) {
if ($this->dbcon) {
$result = @mysql_query($query,$this->dbcon);
if ($result) {
@@ -635,7 +633,7 @@ class auth_mysql extends auth_basic {
*
* @author Matthias Grimm <matthiasgrimm@users.sourceforge.net>
*/
- function modifyDB($query) {
+ function _modifyDB($query) {
if ($this->dbcon) {
$result = @mysql_query($query,$this->dbcon);
if ($result) {
@@ -665,7 +663,7 @@ class auth_mysql extends auth_basic {
*
* @author Matthias Grimm <matthiasgrimm@users.sourceforge.net>
*/
- function lockTables($mode) {
+ function _lockTables($mode) {
if ($this->dbcon) {
if (is_array($this->cnf['TablesToLock']) && !empty($this->cnf['TablesToLock'])) {
if ($mode == "READ" || $mode == "WRITE") {
@@ -689,7 +687,7 @@ class auth_mysql extends auth_basic {
*
* @author Matthias Grimm <matthiasgrimm@users.sourceforge.net>
*/
- function unlockTables() {
+ function _unlockTables() {
if ($this->dbcon) {
$this->modifyDB("UNLOCK TABLES");
return true;
@@ -709,7 +707,7 @@ class auth_mysql extends auth_basic {
*
* @author Matthias Grimm <matthiasgrimm@users.sourceforge.net>
*/
- function createSQLFilter($sql, $filter) {
+ function _createSQLFilter($sql, $filter) {
$SQLfilter = "";
$cnt = 0;
@@ -718,16 +716,16 @@ class auth_mysql extends auth_basic {
$tmp = addslashes('%'.mysql_real_escape_string($pattern, $this->dbcon).'%');
if ($item == 'user') {
if ($cnt++ > 0) $SQLfilter .= " AND ";
- $SQLfilter .= str_replace('%u',$tmp,$this->cnf['FilterLogin']);
+ $SQLfilter .= str_replace('%{user}',$tmp,$this->cnf['FilterLogin']);
} else if ($item == 'name') {
if ($cnt++ > 0) $SQLfilter .= " AND ";
- $SQLfilter .= str_replace('%n',$tmp,$this->cnf['FilterName']);
+ $SQLfilter .= str_replace('%{name}',$tmp,$this->cnf['FilterName']);
} else if ($item == 'mail') {
if ($cnt++ > 0) $SQLfilter .= " AND ";
- $SQLfilter .= str_replace('%e',$tmp,$this->cnf['FilterEmail']);
+ $SQLfilter .= str_replace('%{email}',$tmp,$this->cnf['FilterEmail']);
} else if ($item == 'grps') {
if ($cnt++ > 0) $SQLfilter .= " AND ";
- $SQLfilter .= str_replace('%g',$tmp,$this->cnf['FilterGroup']);
+ $SQLfilter .= str_replace('%{group}',$tmp,$this->cnf['FilterGroup']);
}
}
@@ -747,4 +745,3 @@ class auth_mysql extends auth_basic {
}
//Setup VIM: ex: et ts=2 enc=utf-8 :
-
diff --git a/inc/auth/mysql.php b/inc/auth/mysql.php
deleted file mode 100644
index 8f236fe57..000000000
--- a/inc/auth/mysql.php
+++ /dev/null
@@ -1,196 +0,0 @@
-<?php
-/**
- * MySQL authentication backend
- *
- * PHP's MySQL extension is needed
- *
- * @license GPL 2 (http://www.gnu.org/licenses/gpl.html)
- * @author Andreas Gohr <andi@splitbrain.org>
- */
-
-//check for MySQL extension on load
-if(!function_exists('mysql_connect'))
- msg("MySQL extension not found",-1);
-
-/**
- * Execute SQL
- *
- * Executes SQL statements and returns the results as list
- * of hashes. Returns false on error. Returns auto_increment
- * IDs on INSERT statements.
- *
- * @author Andreas Gohr <andi@splitbrain.org>
- */
-function auth_mysql_runsql($sql_string) {
- global $conf;
- $cnf = $conf['auth']['mysql'];
-
- $link = @mysql_connect ($cnf['server'], $cnf['user'], $cnf['password']);
- if(!$link){
- msg('MySQL: Connection to database failed!',-1);
- return false;
- }
- $result = @mysql_db_query($cnf['database'],$sql_string,$link);
- if(!$result){
- msg('MySQL: '.mysql_error($link));
- return false;
- }
-
- //mysql_db_query returns 1 on a insert statement -> no need to ask for results
- if ($result != 1) {
- for($i=0; $i< mysql_num_rows($result); $i++) {
- $temparray = mysql_fetch_assoc($result);
- $resultarray[]=$temparray;
- }
- mysql_free_result ($result);
- } elseif (mysql_insert_id($link)) {
- $resultarray = mysql_insert_id($link); //give back ID on insert
- } else
- $resultarray = 0; // asure that the return value is valid
-
- mysql_close ($link);
- return $resultarray;
-}
-
-/**
- * Check user+password [required auth function]
- *
- * Checks if the given user exists and the given plaintext password
- * is correct. Furtheron it might be checked wether the user is
- * member of the right group
- *
- * Depending on which SQL string is defined in the config, password
- * checking is done here (getpass) or by the database (passcheck)
- *
- * @author Andreas Gohr <andi@splitbrain.org>
- * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net>
- * @return bool
- */
-function auth_checkPass($user,$pass){
- global $conf;
- $cnf = $conf['auth']['mysql'];
-
- if($cnf['getpass']){
- // we check the pass ourself against the crypted one
- $sql = str_replace('%u',addslashes($user),$cnf['getpass']);
- $sql = str_replace('%g',addslashes($conf['defaultgroup']),$sql);
- $result = auth_mysql_runsql($sql);
-
- if(count($result)){
- return(auth_verifyPassword($pass,$result[0]['pass']));
- }
- }else{
- // we leave pass checking to the database
- $sql = str_replace('%u',addslashes($user),$cnf['passcheck']);
- $sql = str_replace('%g',addslashes($conf['defaultgroup']),$sql);
- $sql = str_replace('%p',addslashes($pass),$sql);
- $result = auth_mysql_runsql($sql);
-
- if(count($result) == 1){
- return true;
- }
- }
- return false;
-}
-
-/**
- * Return user info [required auth function]
- *
- * Returns info about the given user needs to contain
- * at least these fields:
- *
- * name string full name of the user
- * mail string email addres of the user
- * grps array list of groups the user is in
- *
- * @author Andreas Gohr <andi@splitbrain.org>
- */
-function auth_getUserData($user){
- global $conf;
- $cnf = $conf['auth']['mysql'];
-
- $sql = str_replace('%u',addslashes($user),$cnf['userinfo']);
- $result = auth_mysql_runsql($sql);
- if(!count($result)) return false;
- $info = $result[0];
-
- $sql = str_replace('%u',addslashes($user),$cnf['groups']);
- $result = auth_mysql_runsql($sql);
- if(!count($result)){
- $info['grps'][] = $conf['defaultgroup'];
- }else{
- foreach($result as $row){
- $info['grps'][] = $row['group'];
- }
- }
-
- return $info;
-}
-
-/**
- * Create a new User [required auth function]
- *
- * user string username
- * pass string password
- * name string full name of the user
- * mail string email address
- *
- * Returns false if the user already exists, null when an error
- * occoured and the cleartext password of the new user if
- * everything went well.
- *
- * The user HAS TO be added to the default group by this
- * function
- *
- * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net>
- */
-function auth_createUser($user,$pass,$name,$mail){
- global $conf;
- $cnf = $conf['auth']['mysql'];
-
- //check if user exists
- $info = auth_getUserData($user);
- if ($info != false) return false;
-
- //get groupid of default group
- if($cnf['getgroupid']){
- $sql = str_replace('%g',addslashes($conf['defaultgroup']),$cnf['getgroupid']);
- $result = auth_mysql_runsql($sql);
- if($result === false) return null;
- if (count($result) == 1){
- $gid = $result[0]['gid'];
- }else{
- msg("MySQL: Couldn't find the default group",-1);
- return null;
- }
- }
-
- //prepare the insert
- $sql = str_replace('%u' ,addslashes($user),$cnf['adduser']);
- $sql = str_replace('%p' ,addslashes(auth_cryptPassword($pass)),$sql);
- $sql = str_replace('%n' ,addslashes($name),$sql);
- $sql = str_replace('%e' ,addslashes($mail),$sql);
- $sql = str_replace('%gid',addslashes($gid),$sql);
- $sql = str_replace('%g' ,addslashes($conf['defaultgroup']),$sql);
-
- //do the insert
- $uid = auth_mysql_runsql($sql);
- if($uid == 0){
- msg("Registering of the new user '$user' failed!", -1);
- return null;
- }
-
- //add to default group
- if ($cnf['addusergroup']) {
- $sql = str_replace('%uid',addslashes($uid),$cnf['addusergroup']);
- $sql = str_replace('%u' ,addslashes($user),$sql);
- $sql = str_replace('%gid',addslashes($gid),$sql);
- $sql = str_replace('%g' ,addslashes($conf['defaultgroup']),$sql);
- $result = auth_mysql_runsql($sql);
- if($result === false) msg("MySQL: couldn't add user to the default group");
- }
-
- return $pass;
-}
-
-//Setup VIM: ex: et ts=2 enc=utf-8 :
diff --git a/inc/auth/plain.class.php b/inc/auth/plain.class.php
index 140bd7519..2331ae908 100644
--- a/inc/auth/plain.class.php
+++ b/inc/auth/plain.class.php
@@ -39,7 +39,7 @@ class auth_plain extends auth_basic {
}
/**
- * Return user info [required auth function]
+ * Return user info
*
* Returns info about the given user needs to contain
* at least these fields:
@@ -57,7 +57,7 @@ class auth_plain extends auth_basic {
}
/**
- * Create a new User [implement only where required/possible]
+ * Create a new User
*
* Returns false if the user already exists, null when an error
* occured and the cleartext password of the new user if
@@ -94,7 +94,7 @@ class auth_plain extends auth_basic {
}
/**
- * Modify user data [implement only where required/possible]
+ * Modify user data
*
* @author Chris Smith <chris@jalakai.co.uk>
* @param $user nick of the user to be changed
@@ -196,7 +196,7 @@ class auth_plain extends auth_basic {
}
/**
- * Bulk retrieval of user data [implement only where required/possible]
+ * Bulk retrieval of user data
*
* @author Chris Smith <chris@jalakai.co.uk>
* @param start index of first user to be returned
@@ -230,7 +230,7 @@ class auth_plain extends auth_basic {
}
/**
- * Give user membership of a group [implement only where required/possible]
+ * Give user membership of a group
*
* @author Chris Smith <chris@jalakai.co.uk>
* @return bool
@@ -247,7 +247,7 @@ class auth_plain extends auth_basic {
}
/**
- * Remove user from a group [implement only where required/possible]
+ * Remove user from a group
*
* @author Chris Smith <chris@jalakai.co.uk>
* @return bool
diff --git a/inc/auth/plain.php b/inc/auth/plain.php
deleted file mode 100644
index d9569c3fd..000000000
--- a/inc/auth/plain.php
+++ /dev/null
@@ -1,120 +0,0 @@
-<?php
-/**
- * Plaintext authentication backend
- *
- * If you want to authenticate against something
- * else then the builtin flatfile auth system
- * you have to reimplement the "required auth
- * functions"
- *
- * @license GPL 2 (http://www.gnu.org/licenses/gpl.html)
- * @author Andreas Gohr <andi@splitbrain.org>
- */
-
-// we only accept page ids for auth_plain
-if(isset($_REQUEST['u']))
- $_REQUEST['u'] = cleanID($_REQUEST['u']);
-
-/**
- * Check user+password [required auth function]
- *
- * Checks if the given user exists and the given
- * plaintext password is correct
- *
- * @author Andreas Gohr <andi@splitbrain.org>
- * @return bool
- */
-function auth_checkPass($user,$pass){
- $users = auth_plain_loadUserData();
-
- if(!isset($users[$user])) return false;
-
- return auth_verifyPassword($pass,$users[$user]['pass']);
-}
-
-/**
- * Return user info [required auth function]
- *
- * Returns info about the given user needs to contain
- * at least these fields:
- *
- * name string full name of the user
- * mail string email addres of the user
- * grps array list of groups the user is in
- *
- * @author Andreas Gohr <andi@splitbrain.org>
- */
-function auth_getUserData($user){
- static $users = null;
-
- if($users == null) {
- $users = auth_plain_loadUserData();
- }
- return $users[$user];
-}
-
-/**
- * Create a new User [required auth function]
- *
- * Returns false if the user already exists, null when an error
- * occured and the cleartext password of the new user if
- * everything went well.
- *
- * The new user HAS TO be added to the default group by this
- * function!
- *
- * @author Andreas Gohr <andi@splitbrain.org>
- */
-function auth_createUser($user,$pass,$name,$mail){
- global $conf;
-
- $users = auth_plain_loadUserData();
- if(isset($users[$user])) return false;
-
- $userline = join(':',array($user,
- auth_cryptPassword($pass),
- $name,
- $mail,
- $conf['defaultgroup']));
- $userline .= "\n";
- $fh = fopen(DOKU_CONF.'users.auth.php','a');
- if($fh){
- fwrite($fh,$userline);
- fclose($fh);
- return $pass;
- }
- msg('The users.auth.php file is not writable. Please inform the Wiki-Admin',-1);
- return null;
-}
-
-/**
- * Load all user data
- *
- * Used by the plaintext auth functions
- * loads the user file into a datastructure
- *
- * @author Andreas Gohr <andi@splitbrain.org>
- */
-function auth_plain_loadUserData(){
- $data = array();
- if(!@file_exists(DOKU_CONF.'users.auth.php')){
- return $data;
- }
- $lines = file(DOKU_CONF.'users.auth.php');
- foreach($lines as $line){
- $line = preg_replace('/#.*$/','',$line); //ignore comments
- $line = trim($line);
- if(empty($line)) continue;
-
- $row = split(":",$line,5);
- $groups = split(",",$row[4]);
- $data[$row[0]]['pass'] = $row[1];
- $data[$row[0]]['name'] = urldecode($row[2]);
- $data[$row[0]]['mail'] = $row[3];
- $data[$row[0]]['grps'] = $groups;
- }
- return $data;
-}
-
-
-//Setup VIM: ex: et ts=2 enc=utf-8 :
--
GitLab