From cd52f92def16e676c2458a32d2b8c8f8a7839f06 Mon Sep 17 00:00:00 2001
From: chris <chris@jalakai.co.uk>
Date: Wed, 25 Jan 2006 01:01:25 +0100
Subject: [PATCH] oo auth update - remove legacy auth remnants, add auth->canDo
darcs-hash:20060125000125-9b6ab-9853f11e04d8ea93235317fa8137cef079eb2641.gz
---
inc/auth.php | 98 ++++++++++++++--------------------------
inc/auth/basic.class.php | 26 ++++++++++-
inc/auth/plain.class.php | 35 ++++++++++++++
inc/common.php | 3 +-
inc/html.php | 3 +-
inc/lang/en/lang.php | 3 +-
inc/template.php | 6 ++-
7 files changed, 104 insertions(+), 70 deletions(-)
diff --git a/inc/auth.php b/inc/auth.php
index f9d00b9b1..ddc4007cf 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -17,62 +17,25 @@
// load the the backend auth functions and instantiate the auth object
if (@file_exists(DOKU_INC.'inc/auth/'.$conf['authtype'].'.class.php')) {
- require_once(DOKU_INC.'inc/auth/basic.class.php');
- require_once(DOKU_INC.'inc/auth/'.$conf['authtype'].'.class.php');
+ require_once(DOKU_INC.'inc/auth/basic.class.php');
+ require_once(DOKU_INC.'inc/auth/'.$conf['authtype'].'.class.php');
- $auth_class = "auth_".$conf['authtype'];
- if (!class_exists($auth_class)) $auth_class = "auth_basic";
+ $auth_class = "auth_".$conf['authtype'];
+ if (class_exists($auth_class)) {
$auth = new $auth_class();
- if ($auth->success == false) {
- msg($lang['authmodfailed'],-1);
- unset($auth);
- }
-
- // interface between current dokuwiki/old auth system and new style auth object
- function auth_canDo($fn) {
- global $auth;
- return method_exists($auth, $fn);
- }
-
- // mandatory functions - these should exist
- function auth_checkPass($user,$pass) {
- global $auth;
- return method_exists($auth,'checkPass') ? $auth->checkPass($user, $pass) : false;
- }
-
- function auth_getUserData($user) {
- global $auth;
- return method_exists($auth, 'getUserData') ? $auth->getUserData($user) : false;
- }
-
- // optional functions, behave gracefully if these don't exist;
- // potential calling code should query whether these exist in advance
- function auth_createUser($user,$pass,$name,$mail) {
- global $auth;
- return method_exists($auth, 'createUser') ? $auth->createUser($user,$pass,$name,$mail) : null;
- }
-
- function auth_modifyUser($user, $changes) {
- global $auth;
- return method_exists($auth, 'modifyUser') ? $auth->modifyUser($user,$changes) : false;
- }
-
- function auth_deleteUsers($users) {
- global $auth;
- return method_exists($auth, 'deleteUsers') ? $auth->deleteUsers($users) : 0;
- }
-
- // other functions, will only be accessed by new code
- //- these must query auth_canDo() or test method existence themselves.
-
- } else {
- // old style auth functions
- require_once(DOKU_INC.'inc/auth/'.$conf['authtype'].'.php');
- $auth = null;
-
- // new function, allows other parts of dokuwiki to know what they can and can't do
- function auth_canDo($fn) { return function_exists("auth_$fn"); }
- }
+ if ($auth->success == false) {
+ unset($auth);
+ msg($lang['authtempfail'], -1);
+
+ // turn acl config setting off for the rest of this page
+ $conf['useacl'] = 0;
+ }
+ } else {
+ die($lang['authmodfailed']);
+ }
+ } else {
+ die($lang['authmodfailed']);
+ }
if (!defined('DOKU_COOKIE')) define('DOKU_COOKIE', 'DW'.md5($conf['title']));
@@ -88,7 +51,7 @@
// do the login either by cookie or provided credentials
if($conf['useacl']){
// external trust mechanism in place?
- if(auth_canDo('trustExternal') && !is_null($auth)){
+ if(!is_null($auth) && $auth->canDo('trustExternal')){
$auth->trustExternal($_REQUEST['u'],$_REQUEST['p'],$_REQUEST['r']);
}else{
auth_login($_REQUEST['u'],$_REQUEST['p'],$_REQUEST['r']);
@@ -134,14 +97,15 @@ function auth_login($user,$pass,$sticky=false){
global $USERINFO;
global $conf;
global $lang;
+ global $auth;
$sticky ? $sticky = true : $sticky = false; //sanity check
if(isset($user)){
//usual login
- if (auth_checkPass($user,$pass)){
+ if ($auth->checkPass($user,$pass)){
// make logininfo globally available
$_SERVER['REMOTE_USER'] = $user;
- $USERINFO = auth_getUserData($user); //FIXME move all references to session
+ $USERINFO = $auth->getUserData($user); //FIXME move all references to session
// set cookie
$pass = PMA_blowfish_encrypt($pass,auth_cookiesalt());
@@ -414,8 +378,10 @@ function auth_pwgen(){
function auth_sendPassword($user,$password){
global $conf;
global $lang;
+ global $auth;
+
$hdrs = '';
- $userinfo = auth_getUserData($user);
+ $userinfo = $auth->getUserData($user);
if(!$userinfo['mail']) return false;
@@ -444,8 +410,10 @@ function auth_sendPassword($user,$password){
function register(){
global $lang;
global $conf;
+ global $auth;
if(!$_POST['save']) return false;
+ if(!$auth->canDo('createUser')) return false;
//clean username
$_POST['login'] = preg_replace('/.*:/','',$_POST['login']);
@@ -481,7 +449,7 @@ function register(){
}
//okay try to create the user
- $pass = auth_createUser($_POST['login'],$pass,$_POST['fullname'],$_POST['email']);
+ $pass = $auth->createUser($_POST['login'],$pass,$_POST['fullname'],$_POST['email']);
if(empty($pass)){
msg($lang['reguexists'],-1);
return false;
@@ -511,11 +479,12 @@ function updateprofile() {
global $conf;
global $INFO;
global $lang;
+ global $auth;
if(!$_POST['save']) return false;
// should not be able to get here without modifyUser being possible...
- if(!auth_canDo('modifyUser')) {
+ if(!$auth->canDo('modifyUser')) {
msg($lang['profna'],-1);
return false;
}
@@ -555,7 +524,7 @@ function updateprofile() {
}
}
- return auth_modifyUser($_SERVER['REMOTE_USER'], $changes);
+ return $auth->modifyUser($_SERVER['REMOTE_USER'], $changes);
}
/**
@@ -569,11 +538,12 @@ function updateprofile() {
function act_resendpwd(){
global $lang;
global $conf;
+ global $auth;
if(!$_POST['save']) return false;
// should not be able to get here without modifyUser being possible...
- if(!auth_canDo('modifyUser')) {
+ if(!$auth->canDo('modifyUser')) {
msg($lang['resendna'],-1);
return false;
}
@@ -585,14 +555,14 @@ function act_resendpwd(){
$user = $_POST['login'];
}
- $userinfo = auth_getUserData($user);
+ $userinfo = $auth->getUserData($user);
if(!$userinfo['mail']) {
msg($lang['resendpwdnouser'], -1);
return false;
}
$pass = auth_pwgen();
- if (!auth_modifyUser($user,array('pass' => $pass))) {
+ if (!$auth->modifyUser($user,array('pass' => $pass))) {
msg('error modifying user data',-1);
return false;
}
diff --git a/inc/auth/basic.class.php b/inc/auth/basic.class.php
index f39a9c392..9ea1a598b 100644
--- a/inc/auth/basic.class.php
+++ b/inc/auth/basic.class.php
@@ -5,13 +5,26 @@
* foundation authorisation class
* all auth classes should inherit from this class
*
- * @author Chris Smith <chris@jalakaic.co.uk>
+ * @author Chris Smith <chris@jalakai.co.uk>
*/
class auth_basic {
var $success = true;
+ /**
+ * Constructor
+ *
+ * Carry out sanity checks to ensure the object is
+ * able to operate.
+ *
+ * Set $this->success to false if checks fail
+ *
+ * @author Christopher Smith <chris@jalakai.co.uk>
+ */
+# function auth_basic() {
+# }
+
/**
* Do all authentication [ OPTIONAL ]
*
@@ -60,6 +73,17 @@ class auth_basic {
# return true;
# }
+ /**
+ * Check if authorisation mechanism supports fn and
+ * that fn will operate in the current environment
+ *
+ * @author Christopher Smith <chris@jalakai.co.uk>
+ * @return bool
+ */
+ function canDo($fn) {
+ return method_exists($this, $fn);
+ }
+
/**
* Check user+password [ MUST BE OVERRIDDEN ]
*
diff --git a/inc/auth/plain.class.php b/inc/auth/plain.class.php
index 2331ae908..373bb2907 100644
--- a/inc/auth/plain.class.php
+++ b/inc/auth/plain.class.php
@@ -20,6 +20,41 @@ class auth_plain extends auth_basic {
var $users = null;
var $_pattern = array();
+
+ /**
+ * Constructor
+ *
+ * Carry out sanity checks to ensure the object is
+ * able to operate.
+ *
+ * Set $this->success to false if checks fail
+ *
+ * @author Christopher Smith <chris@jalakai.co.uk>
+ */
+ function auth_plain() {
+ if (!@is_readable(AUTH_USERFILE)) $this->success = false;
+ }
+
+ /**
+ * Check if authorisation mechanism supports fn and
+ * that fn will operate in the current environment
+ *
+ * @author Christopher Smith <chris@jalakai.co.uk>
+ * @return bool
+ */
+ function canDo($fn) {
+
+ switch ($fn) {
+ case 'createUser' :
+ case 'modifyUser' :
+ case 'deleteUsers' :
+ case 'joinGroup' :
+ case 'leaveGroup' :
+ return (@is_writable(AUTH_USERFILE));
+ }
+
+ return method_exists($this, $fn);
+ }
/**
* Check user+password [required auth function]
diff --git a/inc/common.php b/inc/common.php
index b5c29d621..dbd2ed451 100644
--- a/inc/common.php
+++ b/inc/common.php
@@ -1175,6 +1175,7 @@ function is_subscribed($id,$uid){
*/
function subscriber_addresslist($id){
global $conf;
+ global $auth;
$emails = '';
@@ -1188,7 +1189,7 @@ function subscriber_addresslist($id){
if(count($mlist) > 0) {
foreach ($mlist as $who) {
$who = rtrim($who);
- $info = auth_getUserData($who);
+ $info = $auth->getUserData($who);
$level = auth_aclcheck($id,$who,$info['grps']);
if ($level >= AUTH_READ) {
if (strcasecmp($info['mail'],$conf['notify']) != 0) {
diff --git a/inc/html.php b/inc/html.php
index f6950879b..7e1203950 100644
--- a/inc/html.php
+++ b/inc/html.php
@@ -47,6 +47,7 @@ function html_login(){
global $lang;
global $conf;
global $ID;
+ global $auth;
print p_locale_xhtml('login');
?>
@@ -79,7 +80,7 @@ function html_login(){
print '</p>';
}
- if (auth_canDo('modifyUser')) {
+ if ($auth->canDo('modifyUser')) {
print '<p>';
print $lang['pwdforget'];
print ': <a href="'.wl($ID,'do=resendpwd').'" class="wikilink1">'.$lang['btn_resendpwd'].'</a>';
diff --git a/inc/lang/en/lang.php b/inc/lang/en/lang.php
index a543ea46e..fc1be1a27 100644
--- a/inc/lang/en/lang.php
+++ b/inc/lang/en/lang.php
@@ -191,6 +191,7 @@ $lang['unsubscribe_success']= 'Removed %s from subscription list for %s';
$lang['unsubscribe_error'] = 'Error removing %s from subscription list for %s';
/* auth.class lanuage support */
-$lang['authmodfailed'] = 'User authentification not possible. Please inform your Wiki Admin.';
+$lang['authmodfailed'] = 'Bad user authentication configuration. Please inform your Wiki Admin.';
+$lang['authtempfail'] = 'User authentication is temporarily unavailable. If this situation persists, please inform your Wiki Admin.';
//Setup VIM: ex: et ts=2 enc=utf-8 :
diff --git a/inc/template.php b/inc/template.php
index 7fc824bd5..f12788834 100644
--- a/inc/template.php
+++ b/inc/template.php
@@ -304,6 +304,7 @@ function tpl_button($type){
global $NS;
global $INFO;
global $conf;
+ global $auth;
switch($type){
case 'edit':
@@ -357,7 +358,7 @@ function tpl_button($type){
print html_btn('backlink',$ID,'',array('do' => 'backlink'));
break;
case 'profile':
- if(($_SERVER['REMOTE_USER']) && auth_canDo('modifyUser') && ($ACT!='profile')){
+ if(($_SERVER['REMOTE_USER']) && $auth->canDo('modifyUser') && ($ACT!='profile')){
print html_btn('profile',$ID,'',array('do' => 'profile'));
}
break;
@@ -392,6 +393,7 @@ function tpl_actionlink($type,$pre='',$suf=''){
global $ACT;
global $conf;
global $lang;
+ global $auth;
switch($type){
case 'edit':
@@ -464,7 +466,7 @@ function tpl_actionlink($type,$pre='',$suf=''){
tpl_link(wl($ID,'do=backlink'),$pre.$lang['btn_backlink'].$suf, 'class="action backlink"');
break;
case 'profile':
- if(($_SERVER['REMOTE_USER']) && auth_canDo('modifyUser') && ($ACT!='profile')){
+ if(($_SERVER['REMOTE_USER']) && $auth->canDo('modifyUser') && ($ACT!='profile')){
tpl_link(wl($ID,'do=profile'),$pre.$lang['btn_profile'].$suf, 'class="action profile"');
}
break;
--
GitLab