auth selection options need a lot more work, only the one I'm using has been tested

1 files changed, 111 insertions, 0 deletions

diff --git a/includes/classes/BitAuth.php b/includes/classes/BitAuth.php
new file mode 100755
index 0000000..ad2ecac
--- /dev/null
+++ b/includes/classes/BitAuth.php
@@ -0,0 +1,111 @@
+<?php
+/**
+ * $Header$
+ *
+ * @package users
+ */
+
+/**
+ * Class that manages the bitweaver autentication method
+ *
+ * @package users
+ * @subpackage auth
+ */
+
+namespace Bitweaver\Users;
+
+class BitAuth extends BaseAuth {
+
+	public function __construct() {
+		parent::__construct('bit');
+	}
+
+	public function validate($user,$pass,$challenge,$response) {
+		parent::validate($user,$pass,$challenge,$response);
+		global $gBitSystem;
+		global $gBitDb;
+		$ret = SERVER_ERROR;
+		if( empty( $user ) ) {
+			$this->mErrors['login'] = 'User not found';
+		} elseif( empty( $pass ) ) {
+			$this->mErrors['login'] = 'Password incorrect';
+		} else {
+			$loginVal = strtoupper( $user ); // case insensitive login
+			$loginCol = ' UPPER(`'.(strpos( $user, '@' ) ? 'email' : 'login').'`)';
+			// first verify that the user exists
+			$query = "select `email`, `login`, `user_id`, `user_password` from `".BIT_DB_PREFIX."users_users` where " . $gBitDb->convertBinary(). " $loginCol = ?";
+			$result = $gBitDb->query( $query, array( $loginVal ) );
+			if( !$result->numRows() ) {
+				$this->mErrors['login'] = 'User not found';
+			} else {
+				$res = $result->fetchRow();
+				$userId = $res['user_id'];
+				$user = $res['login'];
+				// TikiWiki 1.8+ uses this bizarro conglomeration of fields to get the hash. this sucks for many reasons
+				$hash = md5( strtolower($user) . $pass . $res['email']);
+				$hash2 = md5($pass);
+				// next verify the password with 2 hashes methods, the old one (pass)) and the new one (login.pass;email)
+				// TODO - this needs cleaning up - wolff_borg
+				if( !$gBitSystem->isFeatureActive( 'feature_challenge' ) || empty($response) ) {
+					$query = "select `user_id`, `hash` from `".BIT_DB_PREFIX."users_users` where " . $gBitDb->convertBinary(). " $loginCol = ? and (`hash`=? or `hash`=?)";
+					if ( $row = $gBitDb->getRow( $query, array( $loginVal, $hash, $hash2 ) ) ) {
+						// auto-update old hashes with simple and standard md5( password )
+						$hashUpdate = '';
+						if( $row['hash'] == $hash ) {
+							$hashUpdate = 'hash=?, ';
+							$bindVars[] = $hash2;
+						}
+						$bindVars[] = $gBitSystem->getUTCTime();
+						$bindVars[] = $userId;
+						$query = "update `".BIT_DB_PREFIX."users_users` set  $hashUpdate `last_login`=`current_login`, `current_login`=? where `user_id`=?";
+						$result = $gBitDb->query($query, $bindVars );
+						$ret=USER_VALID;
+					} else {
+						$ret=PASSWORD_INCORRECT;
+						$this->mErrors[] = 'Password incorrect';
+					}
+				} else {
+					// Use challenge-reponse method
+					// Compare pass against md5(user,challenge,hash)
+					$hash = $gBitDb->getOne("select `hash`  from `".BIT_DB_PREFIX."users_users` where " . $gBitDb->convertBinary(). " $loginCol = ?", array( $user ) );
+					if (!isset($_SESSION["challenge"])) {
+						$this->mErrors[] = 'Invalid challenge';
+						$ret=PASSWORD_INCORRECT;
+					}
+					//print("pass: $pass user: $user hash: $hash <br/>");
+					//print("challenge: ".$_SESSION["challenge"]." challenge: $challenge<br/>");
+					//print("response : $response<br/>");
+					if ($response == md5( strtolower($user) . $hash . $_SESSION["challenge"]) ) {
+						$ret = USER_VALID;
+						RoleUser::updateLastLogin( $userId );
+					} else {
+						$this->mErrors[] = 'Invalid challenge';
+						$ret=PASSWORD_INCORRECT;
+					}
+				}
+			}
+			if (!empty($userId)) {
+				$this->mInfo['user_id']=$userId;
+			}
+		}
+		return $ret;
+	}
+
+	public function canManageAuth() {
+		return true;
+	}
+
+	public function isSupported() {
+		return true;
+	}
+
+	public function createUser( &$pUserHash ) {
+		//$authUserInfo = array( 'login' => $instance->mInfo['login'], 'password' => $instance->mInfo['password'], 'real_name' => $instance->mInfo['real_name'], 'email' => $instance->mInfo['email'] );
+		$u = new RolePermUser();
+
+		if( !$u->store( $pUserHash ) ) {
+			$this->mErrors = array_merge($this->mErrors,$u->mErrors);
+		}
+		return $u->mUserId;
+	}
+}