summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--BaseAuth.php204
-rw-r--r--BitUser.php613
-rw-r--r--admin/admin_login_inc.php107
-rw-r--r--auth/bit_auth.php97
-rw-r--r--auth/imap_auth.php97
-rw-r--r--auth/ldap_auth.php215
-rw-r--r--bit_setup_inc.php68
-rw-r--r--register.php18
-rw-r--r--templates/admin_login.tpl88
-rw-r--r--templates/register.tpl28
10 files changed, 942 insertions, 593 deletions
diff --git a/BaseAuth.php b/BaseAuth.php
new file mode 100644
index 0000000..e8e12af
--- /dev/null
+++ b/BaseAuth.php
@@ -0,0 +1,204 @@
+<?php
+global $gBitUser;
+
+class BaseAuth {
+ var $mLogin;
+ var $mConfig;
+ var $mInfo;
+ var $mCfg;
+ var $mErrors =array();
+
+ static $mAuthMethod;
+
+ function BaseAuth($authId) {
+ global $gBitSystem;
+ global $gBitUser;
+ $this->mCfg = BaseAuth::$mAuthMethod[$authId];
+ $this->mCfg['auth_id'] = $authId;
+ foreach ($this->getSettings() as $op_id => $op) {
+ $var_id = substr($op_id,strrpos($op_id,"_")+1);
+ $var = $gBitSystem->getConfig($op_id, $op['default']);
+ if ($op['type']=="checkbox") {
+ $var = ($var== "y");
+ }
+ $this->mConfig[$var_id]=$var;
+ }
+ }
+
+ function register($id,$hash) {
+ if (!function_exists('preFlightWarning')) {
+ function preFlightWarning($str) {
+ ?><div style="background: white; z-index: 50000; margin: 0em; padding: 1px; color: red; text-align: center;"">
+ <h1>
+ <img src="<?php echo LIBERTY_PKG_URL; ?>/icons/warning.png" alt="Warning" />
+ <?php echo $str; ?>
+ <img src="<?php echo LIBERTY_PKG_URL; ?>/icons/warning.png" alt="Warning" />
+ </h1>
+ </div><?php
+ }
+ }
+ global $gBitSystem;
+ $err = false;
+ if (! empty(BaseAuth::$mAuthMethod[$id])) {
+ preFlightWarning("Auth Registration Failed: $id already registered");
+ $err = true;
+ }
+ if (empty($hash['name'])) {
+ preFlightWarning("Auth Registration Failed: $id: No Name given");
+ $err = true;
+ }
+ if (empty($hash['file'])) {
+ preFlightWarning("Auth Registration Failed: $id: No file given");
+ $err = true;
+ }elseif(!file_exists($hash['file'])) {
+ preFlightWarning("Auth Registration Failed: $id: File (".basename($hash['file']).") doesn't exist");
+ $err = true;
+ }
+ if (empty($hash['class'])) {
+ preFlightWarning("Auth Registration Failed: $id: No class given");
+ $err = true;
+ }
+ if (!$err) {
+ BaseAuth::$mAuthMethod[$id]=$hash;
+ }
+ }
+
+ function getAuthMethodCount() {
+ return count(BaseAuth::$mAuthMethod);
+ }
+
+ function validate($user,$pass,$challenge,$response) {
+ if (!$this->isSupported()) return false;
+ $this->mLogin = $user;
+ $this->mInfo['login']=$user;
+ $this->mInfo['password']=$pass;
+ }
+
+ function getUserData() {
+ return $this->mInfo;
+ }
+
+ function isSupported() {
+ $this->mErrors[] = "BaseAuth is not an authentcation method";
+ return false;
+ }
+
+ function createUser(&$userattr) {
+ $this->mErrors[] = "BaseAuth is not an authentcation method";
+ return false;
+ }
+
+ function getSettings() {
+ return array();
+ }
+
+ function canManageAuth() {
+ $this->mErrors[] = "BaseAuth is not an authentcation method";
+ return false;
+ }
+
+ function getRegistrationFields() {
+ return array();
+ }
+
+ function isActive($package = '') {
+ global $gBitSystem;
+ global $gBitUser;
+ if (empty($package) && !empty($this->mCfg['auth_id'])) {
+ $package = $this->mCfg['auth_id'];
+ }
+ for ($i=0;$i<count($gBitUser->mAuthMethod);$i++) {
+ $default="";
+ if ($i==0) {
+ $default="bit";
+ }
+ if ($gBitSystem->getConfig("users_auth_method_$i",$default)== $package) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ function init($authId) {
+ global $gBitUser;
+ global $gBitSystem;
+ if (is_numeric($authId)) {
+ $default="";
+ if ($authId==0) {
+ $default="tiki";
+ }
+ $method_name=$gBitSystem->getConfig("users_auth_method_$authId",$default);
+ if (!empty($method_name)) {
+ return BaseAuth::init($method_name);
+ }
+ } elseif (!empty($authId)) {
+ $method=BaseAuth::$mAuthMethod[$authId];
+ require_once($method['file']);
+ $cl = $method['class'];
+ $instance = new $cl();
+ if ($instance->isSupported()) {
+ return $instance;
+ }
+ }
+ return false;
+ }
+
+ function settings() {
+ global $gBitSystem;
+ global $gBitUser;
+ global $gBitSmarty;
+ $authSettings = array();
+ foreach( BaseAuth::$mAuthMethod as $meth_name => $method ) {
+ $instance = BaseAuth::init($meth_name) ;
+ if ($instance) {
+ foreach ($instance->getSettings() as $op_id => $op) {
+ if (!empty($_REQUEST[$op_id])) {
+ if( $op['type'] == 'checkbox' ) {
+ simple_set_toggle( $op_id, USERS_PKG_NAME );
+ } else {
+ simple_set_value( $op_id, USERS_PKG_NAME );
+ }
+ }
+ $value = $gBitSystem->getConfig($op_id, $op['default']);
+ $op['value']=$value;
+ $method['options'][$op_id] = $op;
+ }
+ $method['canManageAuth'] = $instance->canManageAuth();
+ $authSettings['avail'][$meth_name]=$method;
+ } else {
+ $authSettings['err'][$meth_name]=implode("<br />",$instance->mErrors);
+ }
+ }
+ if (!empty($_REQUEST["loginprefs"])) {
+ $used =array();
+ for ($i=0,$j=0;$i<count($authSettings['avail']);$i++,$j++) {
+ $gBitSystem->storeConfig( "users_auth_method_$i",null, USERS_PKG_NAME );
+ if (empty($_REQUEST["users_auth_method_$i"])) {
+ $j--;
+ } elseif(!empty($used[$_REQUEST["users_auth_method_$i"]])) {
+ $j--;
+ } else {
+ $used[$_REQUEST["users_auth_method_$i"]]="stored_$j";
+ $gBitSystem->storeConfig( "users_auth_method_$j", $_REQUEST["users_auth_method_$i"], USERS_PKG_NAME );
+ }
+ }
+ }
+ $canManageAuth = false;
+ for ($i=0;$i<count($authSettings['avail']);$i++) {
+ $default="";
+ if ($i==0) {
+ $default="bit";
+ }
+ $authSettings['avail_method'][$i]['value']=$gBitSystem->getConfig("users_auth_method_$i",$default);
+ if (!$canManageAuth&&!empty($authSettings['avail_method'][$i]['value'])) {
+ $canManageAuth = $authSettings['avail'][$authSettings['avail_method'][$i]['value']]['canManageAuth'];
+ }
+ }
+ if (($gBitSystem->getConfig('users_allow_register','y')=='y')&&!$canManageAuth) {
+ $authSettings['err']['bit_reg']="Registration is enabled but there are no Auth Methods that support this, Registration won't work!";
+ }
+ $method['active']=BaseAuth::isActive($meth_name);
+ $gBitSmarty->assign_by_ref( 'authSettings', $authSettings);
+ }
+}
+?> \ No newline at end of file
diff --git a/BitUser.php b/BitUser.php
index c9398bd..f5b1a75 100644
--- a/BitUser.php
+++ b/BitUser.php
@@ -1,6 +1,6 @@
<?php
/**
- * $Header: /cvsroot/bitweaver/_bit_users/BitUser.php,v 1.84 2006/07/04 15:06:06 squareing Exp $
+ * $Header: /cvsroot/bitweaver/_bit_users/BitUser.php,v 1.85 2006/07/12 22:03:02 hash9 Exp $
*
* Lib for user administration, groups and permissions
* This lib uses pear so the constructor requieres
@@ -12,7 +12,7 @@
* All Rights Reserved. See copyright.txt for details and a complete list of authors.
* Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details
*
- * $Id: BitUser.php,v 1.84 2006/07/04 15:06:06 squareing Exp $
+ * $Id: BitUser.php,v 1.85 2006/07/12 22:03:02 hash9 Exp $
* @package users
*/
@@ -40,7 +40,7 @@ define("ACCOUNT_DISABLED", -6);
* Class that holds all information for a given user
*
* @author spider <spider@steelsun.com>
- * @version $Revision: 1.84 $
+ * @version $Revision: 1.85 $
* @package users
* @subpackage BitUser
*/
@@ -50,10 +50,9 @@ class BitUser extends LibertyAttachable {
var $mGroups;
var $mInfo;
var $mTicket;
- // used by LDAP to hold email and real_name temporarily
- var $mTmpStore;
+ var $mAuth;
-/**
+ /**
* Constructor - will automatically load all relevant data if passed a user string
*
* @access public
@@ -63,13 +62,13 @@ class BitUser extends LibertyAttachable {
function BitUser( $pUserId=NULL, $pContentId=NULL ) {
LibertyAttachable::LibertyAttachable();
$this->registerContentType( BITUSER_CONTENT_TYPE_GUID, array(
- 'content_type_guid' => BITUSER_CONTENT_TYPE_GUID,
- 'content_description' => 'User Information',
- 'handler_class' => 'BitUser',
- 'handler_package' => 'users',
- 'handler_file' => 'BitUser.php',
- 'maintainer_url' => 'http://www.bitweaver.org'
- ) );
+ 'content_type_guid' => BITUSER_CONTENT_TYPE_GUID,
+ 'content_description' => 'User Information',
+ 'handler_class' => 'BitUser',
+ 'handler_package' => 'users',
+ 'handler_file' => 'BitUser.php',
+ 'maintainer_url' => 'http://www.bitweaver.org'
+ ) );
$this->mUserId = ( @$this->verifyId( $pUserId ) ? $pUserId : NULL);
$this->mContentId = $pContentId;
}
@@ -85,7 +84,7 @@ class BitUser extends LibertyAttachable {
return $ret;
}
-/**
+ /**
* load - loads all settings & preferences for this user
*
* @access public
@@ -149,9 +148,9 @@ class BitUser extends LibertyAttachable {
if( $pFull ) {
$this->mInfo['real_name'] = trim($this->mInfo['real_name']);
$this->mInfo['display_name'] = ((!empty($this->mInfo['real_name']) ? $this->mInfo['real_name'] :
- (!empty($this->mUsername) ? $this->mUsername :
- (!empty($this->mInfo['email']) ? substr($this->mInfo['email'],0, strpos($this->mInfo['email'],'@')) :
- $this->mUserId))));
+ (!empty($this->mUsername) ? $this->mUsername :
+ (!empty($this->mInfo['email']) ? substr($this->mInfo['email'],0, strpos($this->mInfo['email'],'@')) :
+ $this->mUserId))));
//print("displayName: ".$this->mInfo['display_name']);
$this->defaults();
$this->mInfo['publicEmail'] = scrambleEmail( $this->mInfo['email'], ( $this->getPreference( 'users_email_display' ) ? $this->getPreference( 'users_email_display' ) : NULL ) );
@@ -265,8 +264,8 @@ class BitUser extends LibertyAttachable {
}
function isAdmin() {
-// print "PURE VIRTUAL BASE FUNCTION";
-// die;
+ // print "PURE VIRTUAL BASE FUNCTION";
+ // die;
return FALSE;
}
@@ -274,11 +273,11 @@ class BitUser extends LibertyAttachable {
global $gBitSystem, $gBitUser;
$ret = FALSE;
if( !empty( $_REQUEST['tk'] ) ) {
- if( !($ret = $_REQUEST['tk'] == $this->mTicket ) && $pFatalOnError ) {
+ if( !($ret = $_REQUEST['tk'] == $this->mTicket ) && $pFatalOnError ) {
$userString = $gBitUser->isRegistered() ? "\nUSER ID: ".$gBitUser->mUserId.' ( '.$gBitUser->getField( 'email' ).' ) ' : '';
error_log( tra( "Security Violation" )."$userString ".$_SERVER['REMOTE_ADDR']."\nURI: $_SERVER[REQUEST_URI] \nREFERER: $_SERVER[HTTP_REFERER] " );
$gBitSystem->fatalError( "Security Violation" );
- }
+ }
}
return $ret;
}
@@ -316,7 +315,7 @@ class BitUser extends LibertyAttachable {
// check some new user requirements
if( !$this->isRegistered() ) {
/*if( empty( $pParamHash['login'] ) ) {
- $this->mErrors['login'] = 'You must enter a username';
+ $this->mErrors['login'] = 'You must enter a username';
}*/
if( empty( $pParamHash['registration_date'] ) ) {
$pParamHash['registration_date'] = date( "U" );
@@ -350,11 +349,11 @@ class BitUser extends LibertyAttachable {
} elseif( !empty( $pParamHash['password2'] ) && ($pParamHash['password'] != $pParamHash['password2']) ) {
$this->mErrors['password'] = tra( 'The passwords do not match' );
} elseif( $gBitSystem->isFeatureActive( 'users_pass_chr_num' ) &&
- (!preg_match_all( "/[0-9]+/",$pParamHash["password"],$foo ) || !preg_match_all("/[A-Za-z]+/",$pParamHash["password"],$foo)) ) {
+ (!preg_match_all( "/[0-9]+/",$pParamHash["password"],$foo ) || !preg_match_all("/[A-Za-z]+/",$pParamHash["password"],$foo)) ) {
$this->mErrors['password'] = tra( 'Password must contain both letters and numbers' );
} else {
// Generate a unique hash
-// $pParamHash['user_store']['hash'] = md5( strtolower( (!empty($pParamHash['login'])?$pParamHash['login']:'') ).$pParamHash['password'].$pParamHash['email'] );
+ // $pParamHash['user_store']['hash'] = md5( strtolower( (!empty($pParamHash['login'])?$pParamHash['login']:'') ).$pParamHash['password'].$pParamHash['email'] );
$pParamHash['user_store']['hash'] = md5( $pParamHash['password'] );
$now = $gBitSystem->getUTCTime();
if( !isset( $pParamHash['pass_due'] ) && $gBitSystem->getConfig('users_pass_due') ) {
@@ -394,10 +393,10 @@ class BitUser extends LibertyAttachable {
$errors = array();
}
if( !eregi (
- '^[-!#$%&\`*+\\./0-9=?A-Z^_`a-z{|}~]+'.'@'.
- '(localhost|[-!$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.'.
- '[-!$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+)$'
- , $pEmail ) ) {
+ '^[-!#$%&\`*+\\./0-9=?A-Z^_`a-z{|}~]+'.'@'.
+ '(localhost|[-!$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.'.
+ '[-!$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+)$'
+ , $pEmail ) ) {
$errors['email'] = 'The email address "'.$pEmail.'" is invalid.';
} elseif( !empty( $this ) && is_object( $this ) && $this->userExists( array( 'email' => $pEmail ) ) ) {
$errors['email'] = 'The email address "'.$pEmail.'" has already been registered.';
@@ -435,25 +434,25 @@ class BitUser extends LibertyAttachable {
// fgets function reference : http://www.php.net/manual/en/function.fgets.php
// A "Real domain name required for sender address"
- $Out = $this->get_SMTP_response( $Connect );
- if ( ereg ( "^220", $Out ) ) {
+ $Out = $this->get_SMTP_response( $Connect );
+ if ( ereg ( "^220", $Out ) ) {
// Inform client's reaching to server who connect.
if( $gBitSystem->hasValidSenderEmail() ) {
$senderEmail = $gBitSystem->getConfig( 'site_sender_email' );
fputs ( $Connect, "HELO $HTTP_HOST\r\n" );
-if ($gDebug) echo "Run : HELO $HTTP_HOST<br>";
+ if ($gDebug) echo "Run : HELO $HTTP_HOST<br>";
$Out = $this->get_SMTP_response ( $Connect ); // Receive server's answering cord.
// Inform sender's address to server.
fputs ( $Connect, "MAIL FROM: <{$senderEmail}>\r\n" );
-if ($gDebug) echo "Run : MAIL FROM: &lt;{$senderEmail}&gt;<br>";
+ if ($gDebug) echo "Run : MAIL FROM: &lt;{$senderEmail}&gt;<br>";
$From = $this->get_SMTP_response ( $Connect ); // Receive server's answering cord.
// Inform listener's address to server.
fputs ( $Connect, "RCPT TO: <{$pEmail}>\r\n" );
-if ($gDebug) echo "Run : RCPT TO: &lt;{$pEmail}&gt;<br>";
+ if ($gDebug) echo "Run : RCPT TO: &lt;{$pEmail}&gt;<br>";
$To = $this->get_SMTP_response ( $Connect ); // Receive server's answering cord.
// Finish connection.
fputs ( $Connect, "QUIT\r\n");
-if ($gDebug) echo "Run : QUIT<br>";
+ if ($gDebug) echo "Run : QUIT<br>";
fclose($Connect);
// Server's answering cord about MAIL and TO command checks.
// Server about listener's address reacts to 550 codes if there does not exist
@@ -472,7 +471,7 @@ if ($gDebug) echo "Run : QUIT<br>";
}
-/**
+ /**
* register - will handle everything necessary for registering a user and sending appropriate emails, etc.
*
* @access public
@@ -480,57 +479,71 @@ if ($gDebug) echo "Run : QUIT<br>";
* @return returnString
*/
function register( &$pParamHash ) {
- global $notificationlib, $gBitSmarty, $gBitSystem;
+ global $notificationlib, $gBitSmarty, $gBitSystem, $gBitUser;
$ret = FALSE;
if( !empty( $_FILES['fPortraitFile'] ) && empty( $_FILES['fAvatarFile'] ) ) {
$pParamHash['fAutoAvatar'] = TRUE;
}
- if( $this->store( $pParamHash ) ) {
- require_once( KERNEL_PKG_PATH.'notification_lib.php' );
- $notificationlib->post_new_user_event( $pParamHash['login'] );
- $ret = TRUE;
+ if ($this->verify($pParamHash)) {
+ for ($i=0;$i<BaseAuth::getAuthMethodCount();$i++) {
+ $instance = BaseAuth::init($i);
+ if ($instance && $instance->canManageAuth()) {
+ $res = $instance->createUser($pParamHash);
+ $this->mErrors = array_merge($this->mErrors,$instance->mErrors);
+ if ($res) {
+ break;
+ } else {
+ return false;
+ }
+ }
+ }
+ if( $this->store( $pParamHash ) ) {
+ require_once( KERNEL_PKG_PATH.'notification_lib.php' );
+ $notificationlib->post_new_user_event( $pParamHash['login'] );
+ $ret = TRUE;
- // set local time zone as default when registering
- $this->storePreference( 'site_display_timezone', 'Local' );
+ // set local time zone as default when registering
+ $this->storePreference( 'site_display_timezone', 'Local' );
- if( !empty( $_REQUEST['CUSTOM'] ) ) {
- foreach( $_REQUEST['CUSTOM'] as $field=>$value ) {
- $this->storePreference( $field, $value );
+ if( !empty( $_REQUEST['CUSTOM'] ) ) {
+ foreach( $_REQUEST['CUSTOM'] as $field=>$value ) {
+ $this->storePreference( $field, $value );
+ }
}
- }
- // Handle optional user preferences that may be collected during registration
- if( !empty( $pParamHash['prefs'] ) ) {
- foreach( array_keys( $pParamHash['prefs'] ) as $key ) {
- $this->storePreference( $key, $pParamHash['prefs'][$key] );
+ // Handle optional user preferences that may be collected during registration
+ if( !empty( $pParamHash['prefs'] ) ) {
+ foreach( array_keys( $pParamHash['prefs'] ) as $key ) {
+ $this->storePreference( $key, $pParamHash['prefs'][$key] );
+ }
}
- }
- $siteName = $gBitSystem->getConfig('site_title', $_SERVER['HTTP_HOST'] );
- $gBitSmarty->assign('siteName',$_SERVER["SERVER_NAME"]);
- $gBitSmarty->assign('mail_site',$_SERVER["SERVER_NAME"]);
- $gBitSmarty->assign('mail_user',$pParamHash['login']);
- if( $gBitSystem->isFeatureActive( 'users_validate_user' ) ) {
- // $apass = addslashes(substr(md5($gBitSystem->genPass()),0,25));
- $apass = $pParamHash['user_store']['provpass'];
- $foo = parse_url($_SERVER["REQUEST_URI"]);
- $foo1=str_replace("register","confirm",$foo["path"]);
- $machine = httpPrefix().$foo1;
+ $siteName = $gBitSystem->getConfig('site_title', $_SERVER['HTTP_HOST'] );
+ $gBitSmarty->assign('siteName',$_SERVER["SERVER_NAME"]);
+ $gBitSmarty->assign('mail_site',$_SERVER["SERVER_NAME"]);
+ $gBitSmarty->assign('mail_user',$pParamHash['login']);
+ if( $gBitSystem->isFeatureActive( 'users_validate_user' ) ) {
+ // $apass = addslashes(substr(md5($gBitSystem->genPass()),0,25));
+ $apass = $pParamHash['user_store']['provpass'];
+ $foo = parse_url($_SERVER["REQUEST_URI"]);
+ $foo1=str_replace("register","confirm",$foo["path"]);
+ $machine = httpPrefix().$foo1;
- // Send the mail
- $gBitSmarty->assign('msg',tra('You will receive an email with information to login for the first time into this site'));
- $gBitSmarty->assign('mail_machine',$machine);
- $gBitSmarty->assign('mail_apass',$apass);
- $mail_data = $gBitSmarty->fetch('bitpackage:users/user_validation_mail.tpl');
- mail($pParamHash["email"], $siteName.' - '.tra('Your registration information'),$mail_data,"From: ".$gBitSystem->getConfig('site_sender_email')."\r\nContent-type: text/plain;charset=utf-8\r\n");
- $gBitSmarty->assign('showmsg','y');
- }
- if( $gBitSystem->isFeatureActive( 'send_welcome_email' ) ) {
- // Send the welcome mail
- $gBitSmarty->assign( 'mailPassword',$pParamHash['password'] );
- $gBitSmarty->assign( 'mailEmail',$pParamHash['email'] );
- $mail_data = $gBitSmarty->fetch('bitpackage:users/welcome_mail.tpl');
- mail($pParamHash["email"], tra( 'Welcome to' ).' '.$siteName,$mail_data,"From: ".$gBitSystem->getConfig('site_sender_email')."\r\nContent-type: text/plain;charset=utf-8\r\n");
+ // Send the mail
+ $gBitSmarty->assign('msg',tra('You will receive an email with information to login for the first time into this site'));
+ $gBitSmarty->assign('mail_machine',$machine);
+ $gBitSmarty->assign('mail_apass',$apass);
+ $mail_data = $gBitSmarty->fetch('bitpackage:users/user_validation_mail.tpl');
+ mail($pParamHash["email"], $siteName.' - '.tra('Your registration information'),$mail_data,"From: ".$gBitSystem->getConfig('site_sender_email')."\r\nContent-type: text/plain;charset=utf-8\r\n");
+ $gBitSmarty->assign('showmsg','y');
+ }
+ if( $gBitSystem->isFeatureActive( 'send_welcome_email' ) ) {
+ // Send the welcome mail
+ $gBitSmarty->assign( 'mailPassword',$pParamHash['password'] );
+ $gBitSmarty->assign( 'mailEmail',$pParamHash['email'] );
+ $mail_data = $gBitSmarty->fetch('bitpackage:users/welcome_mail.tpl');
+ mail($pParamHash["email"], tra( 'Welcome to' ).' '.$siteName,$mail_data,"From: ".$gBitSystem->getConfig('site_sender_email')."\r\nContent-type: text/plain;charset=utf-8\r\n");
+ }
}
}
return( $ret );
@@ -601,18 +614,18 @@ if ($gDebug) echo "Run : QUIT<br>";
$this->purgeImage( 'portrait' );
$this->purgeImage( 'logo' );
$userTables = array(
- 'users_semaphores',
- // these have to be dealt with functions in there own packages
- //'stars_history',
- //'tidbits_user_bookmarks_urls',
- //'tidbits_user_bookmarks_folders',
- //'tidbits_user_menus',
- //'tidbits_user_tasks',
- 'users_cnxn',
- 'users_watches',
- 'users_favorites_map',
- 'users_users',
- //'liberty_content', you can't delete a content without deleting the associated object - and it is not because a user dissapears that all his production must dissapear - other users can have work on it
+ 'users_semaphores',
+ // these have to be dealt with functions in there own packages
+ //'stars_history',
+ //'tidbits_user_bookmarks_urls',
+ //'tidbits_user_bookmarks_folders',
+ //'tidbits_user_menus',
+ //'tidbits_user_tasks',
+ 'users_cnxn',
+ 'users_watches',
+ 'users_favorites_map',
+ 'users_users',
+ //'liberty_content', you can't delete a content without deleting the associated object - and it is not because a user dissapears that all his production must dissapear - other users can have work on it
);
foreach( $userTables as $table ) {
$query = "DELETE FROM `".BIT_DB_PREFIX.$table."` WHERE `user_id` = ?";
@@ -655,7 +668,7 @@ if ($gDebug) echo "Run : QUIT<br>";
}
function login( $pLogin, $pPassword, $pChallenge=NULL, $pResponse=NULL ) {
- global $gBitSystem, $user_cookie_site,$gBitUser;
+ global $gBitSystem, $user_cookie_site,$gBitUser;
$isvalid = false;
// Make sure cookies are enabled
@@ -707,7 +720,7 @@ if ($gDebug) echo "Run : QUIT<br>";
$https_mode = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on';
if ($https_mode) {
$stay_in_ssl_mode = ((isset($_SERVER['HTTP_REFERER']) && (substr($_SERVER['HTTP_REFERER'], 0, 5) == 'https'))
- || (isset($_REQUEST['stay_in_ssl_mode']) && $_REQUEST['stay_in_ssl_mode'] == 'on'));
+ || (isset($_REQUEST['stay_in_ssl_mode']) && $_REQUEST['stay_in_ssl_mode'] == 'on'));
if (!$stay_in_ssl_mode) {
$site_http_domain = $gBitSystem->getConfig('site_http_domain', false);
$site_http_port = $gBitSystem->getConfig('site_http_port', 80);
@@ -715,11 +728,11 @@ if ($gDebug) echo "Run : QUIT<br>";
if ($site_http_domain) {
$prefix = 'http://' . $site_http_domain;
if ($site_http_port != 80)
- $prefix .= ':' . $site_http_port;
+ $prefix .= ':' . $site_http_port;
$prefix .= $site_http_prefix;
$url = $prefix . $url;
if (SID)
- $url .= '?' . SID;
+ $url .= '?' . SID;
}
}
}
@@ -729,243 +742,98 @@ if ($gDebug) echo "Run : QUIT<br>";
function validate($user, $pass, $challenge, $response) {
global $gBitSystem;
// these will help us keep tabs of what is going on
- $userTikiValid = false;
- $userTikiPresent = false;
- $userAuthValid = false;
- $userAuthPresent = false;
- // see if we are to use PEAR::Auth
- $auth_pear = ($gBitSystem->getConfig("users_auth_method", "tiki") == "auth");
- $create_tiki = ($gBitSystem->getConfig("users_auth_create_gBitDbUser", "n") == "y");
- $create_auth = ($gBitSystem->getConfig("users_auth_create_user_auth", "n") == "y");
- $skip_admin = ($gBitSystem->getConfig("users_auth_skip_admin", "n") == "y");
- // first attempt a login via the standard Tiki system
- $userId = $this->validateBitUser($user, $pass, $challenge, $response);
- if ($userId) {
- $userTikiValid = true;
- $userTikiPresent = true;
- // silence mErrors check since it's not always set.
- } elseif (@$this->mErrors['login'] == 'Password incorrect') {
- $userTikiPresent = true;
- } elseif (@$this->mErrors['login'] == 'User not found') {
- }
- // if we aren't using LDAP this will be quick
- if ( !$auth_pear || ($user == "admin" && $skip_admin) ) {
- // TODO nothing here yet, as skip_admin is broken - wolff_borg
- } elseif ( $auth_pear ) {
- // next see if we need to check LDAP
- // check the user account
- $result = $this->validateAuth($user, $pass);
- switch ($result) {
- case USER_VALID:
- unset($this->mErrors['login']);
- $userAuthValid = true;
- $userAuthPresent = true;
- break;
- case PASSWORD_INCORRECT:
- $this->mErrors['login'] = 'Password incorrect';
- $userAuthPresent = true;
- break;
- case USER_NOT_FOUND:
- // disable this error as user may have an account in Tiki only - wolff_borg
- //$this->mErrors['login'] = 'User not found';
- break;
+ $userId=ANONYMOUS_USER_ID;
+ $authValid = false;
+ $authPresent = false;
- }
- }
-/*
-echo "userId: $userId<br>";
-echo "auth_pear: $auth_pear<br>";
-echo "create_tiki: $create_tiki<br>";
-echo "create_auth: $create_auth<br>";
-echo "skip_admin: $skip_admin<br>";
-echo "userTikiValid: $userTikiValid<br>";
-echo "userAuthValid: $userAuthValid<br>";
-echo "userTikiPresent: $userTikiPresent<br>";
-echo "userAuthPresent: $userAuthPresent<br>";
-*/
- // start off easy
- // if the user verified in Tiki and Auth, or
- // was not present in either, than skip all this
- if ( $auth_pear ) {
-//echo "1<br>";
- // if the user was logged into Tiki but not found in Auth
- // see if we can create a new account
- if ( $create_auth && $userTikiPresent && !$userAuthPresent ) {
-//echo "2<br>";
- // need to make this better! *********************************************************
- $result = $this->create_user_auth($user, $pass);
- // if the server didn't work, do something!
- if ($result == SERVER_ERROR || $result != USER_VALID) {
- $this->mErrors['login'] = 'Auth server error creating user';
+ $create_auth = ($gBitSystem->getConfig("users_create_user_auth", "n") == "y");
+
+ for ($i=0;$i<BaseAuth::getAuthMethodCount();$i++) {
+ $instance = BaseAuth::init($i);
+ if ($instance) {
+ $result = $instance->validate($user, $pass, $challenge, $response);
+ switch ($result) {
+ case USER_VALID:
+ unset($this->mErrors['login']);
+ $authPresent = true;
+ $authValid = true;
+ break;
+ case PASSWORD_INCORRECT:
+ //$this->mErrors['login'] = 'Password incorrect';
+ $authPresent = true;
+ break;
+ case USER_NOT_FOUND:
+ break;
}
- }
- // if the user was logged into Auth but not found in Tiki
- // see if we can create a new account
- elseif( $create_tiki && $userAuthValid && !$userTikiPresent ) {
-//echo "3<br>";
-//echo "user: $user<br>";
-//echo "pass: $pass<br>";
- // need to make this better! *********************************************************
- // if it worked ok, just log in
- $authUserInfo = array( 'login' => $user, 'password' => $pass, 'real_name' => $this->mTmpStore['real_name'], 'email' => $this->mTmpStore['email'] );
- // TODO somehow, mUserId gets set to -1 at this point - no idea how
- // set to NULL to prevent overwriting Guest user - wolff_borg
- $this->mUserId = NULL;
-//echo "mUserId: ".$this->mUserId."<br>";
- if ( $this->store( $authUserInfo ) ) {
- $userId = $this->mUserId;
+ if ($authPresent) {
+ if (empty($instance->mInfo['email'])) {
+ $instance->mInfo['email']=$user;
+ }
+ //If we're given a user_id then the user is already in the tiki list:
+ if(!empty($instance->mInfo['user_id'])) {
+ $this->mUserId = $instance->mInfo['user_id'];
+ //Is the user already in the tiki list:
+ } elseif ($this->mDb->getOne("SELECT COUNT(*) FROM `".BIT_DB_PREFIX."users_users` WHERE `login`=?", array($instance->mLogin))>0) {
+ // Update Details
+ $authUserInfo = array( 'login' => $instance->mInfo['login'], 'password' => $instance->mInfo['password'], 'real_name' => $instance->mInfo['real_name'], 'email' => $instance->mInfo['email'] );
+ $userInfo = $this->getUserInfo(array('login' => $user ));
+ $this->mUserId = $userInfo['user_id'];
+ $this->store( $authUserInfo );
+ # TODO: Fix this - if user is an LDAP user, with a TIKI user already created,
+ # storing user info causes errors. NEED TO FIX - wolff_borg
+ $this->mErrors = array();
+ } else {
+ //Add the user to the tiki list:
+ // need to make this better! *********************************************************
+ // if it worked ok, just log in
+ $authUserInfo = array( 'login' => $instance->mInfo['login'], 'password' => $instance->mInfo['password'], 'real_name' => $instance->mInfo['real_name'], 'email' => $instance->mInfo['email'] );
+ // TODO somehow, mUserId gets set to -1 at this point - no idea how
+ // set to NULL to prevent overwriting Guest user - wolff_borg
+ $this->mUserId = NULL;
+ //echo "mUserId: ".$this->mUserId."<br>";
+ if ( $this->store( $authUserInfo ) ) {
+ $userId = $this->mUserId;
+ }
+ }
+ if ($create_auth&&$i>0) {
+ // if the user was logged into this system and we should progate users down other auth methods
+ for ($j=$i;$i>=0;$j--) {
+ $prob_method_name=$gBitSystem->getConfig("users_auth_method_$j",$default);
+ if (! empty($prob_method_name)) {
+ $p_instance = BaseAuth::init($prob_method_name);
+ if ($p_instance && $p_instance->canManageAuth()) {
+ $result = $p_instance->validate($user, $pass, $challenge, $response);
+ if ($result == USER_VALID || $result ==PASSWORD_INCORRECT) {
+ // see if we can create a new account
+ $userattr = $instance->getUserData();
+ if (empty($userattr['login'])) {
+ $userattr['login'] = $user;
+ }
+ if (empty($userattr['password'])) {
+ $userattr['password'] = $pass;
+ }
+ $p_instance->createUser($userattr);
+ }
+ }
+ $this->mErrors = array_merge($this->mErrors,$p_instance->mErrors);
+ }
+ }
+ }
+ $this->mAuth = $instance;
+ break;
}
}
- // if the user was logged into Auth but not found in Tiki
- // see if we can create a new account
- elseif( $userAuthValid && $userTikiPresent ) {
-//echo "4<br>";
-//echo "user: $user<br>";
- $real_name = $this->mTmpStore['real_name'];
- $email = $this->mTmpStore['email'];
- $userInfo = $this->getUserInfo(array('login' => $user ));
-//vd($userInfo);
- $this->mUserId = $userInfo['user_id'];
- $authUserInfo = array( 'login' => $user, 'password' => $pass, 'real_name' => $real_name, 'email' => $email );
- $this->store( $authUserInfo );
- # TODO: Fix this - if user is an LDAP user, with a TIKI user already created,
- # storing user info causes errors. NEED TO FIX - wolff_borg
- $this->mErrors = array();
- }
+ $this->mErrors = array_merge($this->mErrors,$instance->mErrors);
}
- if( $userId ) {
-//echo "5<br>";
+ if( $authValid && $userId ) {
+ //echo "5<br>";
$this->update_lastlogin( $userId );
$this->mUserId = $userId;
$this->load();
}
-//echo "6<br>";
-//vd($this->mErrors);
return( count( $this->mErrors ) == 0 );
}
- // validate the user in the PEAR::Auth system
- function validateAuth($user, $pass) {
- global $gBitSystem;
- require_once (UTIL_PKG_PATH."pear/Auth/Auth.php");
- // just make sure we're supposed to be here
- if ($gBitSystem->getConfig("users_auth_method", "tiki") != "auth")
- return false;
- // make sure that we can actually attempt this
- if (!function_exists('ldap_connect')) {
- $this->mErrors['login']=tra("LDAP Authentication requested but PHP LDAP Extention not loaded."). " (".$this->mErrors['login'].")";
- return false;
- }
- // get all of the LDAP options from the database
- $options["host"] = $gBitSystem->getConfig("users_ldap_host", "localhost");
- $options["port"] = $gBitSystem->getConfig("users_ldap_port", "389");
- $options["scope"] = $gBitSystem->getConfig("users_ldap_scope", "sub");
- $options["basedn"] = $gBitSystem->getConfig("users_ldap_basedn", "");
- $options["userdn"] = $gBitSystem->getConfig("users_ldap_userdn", "");
- $options["userattr"] = $gBitSystem->getConfig("users_ldap_userattr", "uid");
- $options["useroc"] = $gBitSystem->getConfig("users_ldap_useroc", "posixAccount");
- $options["groupdn"] = $gBitSystem->getConfig("users_ldap_groupdn", "");
- $options["groupattr"] = $gBitSystem->getConfig("users_ldap_groupattr", "cn");
- $options["groupoc"] = $gBitSystem->getConfig("users_ldap_groupoc", "groupOfUniqueNames");
- $options["memberattr"] = $gBitSystem->getConfig("users_ldap_memberattr", "uniqueMember");
- $options["memberisdn"] = ($gBitSystem->getConfig("users_ldap_memberisdn", "y") == "y");
- $options["adminuser"] = $gBitSystem->getConfig("users_ldap_adminuser", "");
- $options["adminpass"] = $gBitSystem->getConfig("users_ldap_adminpass", "");
- // set the Auth options
- $a = new Auth("LDAP", $options, "", false, $user, $pass);
- // check if the login correct
- $a->login();
- $ret = '';
- switch ($a->getStatus()) {
- case AUTH_LOGIN_OK:
- $ret=USER_VALID;
- $ds=ldap_connect($options["host"], $options["port"]); // Connects to LDAP Server
- if ($ds) {
- $r=ldap_bind($ds, $options["adminuser"], $options["adminpass"]);
- $attrs = array("cn", "mail");
- $sr=ldap_search($ds, $options["basedn"], "(".$options["userattr"]."=".$user.")", $attrs); // Search
- $info = ldap_get_entries($ds, $sr);
- $this->mTmpStore["real_name"] = $info[0]["cn"][0];
- $this->mTmpStore["email"] = $info[0]["mail"][0];
- ldap_close($ds);
- }
- break;
- case AUTH_USER_NOT_FOUND:
- $ret=USER_NOT_FOUND;
- break;
- case AUTH_WRONG_LOGIN:
- $ret=PASSWORD_INCORRECT;
- break;
- default:
- $ret=SERVER_ERROR;
- break;
- }
- return $ret;
- }
-
- // validate the user in the bitweaver database - validation is case insensitive, and we like it that way!
- function validateBitUser( $pLogin, $pass, $challenge, $response ) {
- global $gBitSystem;
- $ret = NULL;
- if( empty( $pLogin ) ) {
- $this->mErrors['login'] = 'User not found';
- } elseif( empty( $pass ) ) {
- $this->mErrors['login'] = 'Password incorrect';
- } else {
- $loginVal = strtoupper( $pLogin ); // case insensitive login
- $loginCol = ' UPPER(`'.(strpos( $pLogin, '@' ) ? 'email' : 'login').'`)';
- // first verify that the user exists
- $query = "select `email`, `login`, `user_id`, `user_password` from `".BIT_DB_PREFIX."users_users` where " . $this->mDb->convert_binary(). " $loginCol = ?";
- $result = $this->mDb->query( $query, array( $loginVal ) );
- if( !$result->numRows() ) {
- $this->mErrors['login'] = 'User not found';
- } else {
- $res = $result->fetchRow();
- $userId = $res['user_id'];
- $user = $res['login'];
- // TikiWiki 1.8+ uses this bizarro conglomeration of fields to get the hash. this sucks for many reasons
- $hash = md5( strtolower($user) . $pass . $res['email']);
- $hash2 = md5($pass);
- // next verify the password with 2 hashes methods, the old one (pass)) and the new one (login.pass;email)
- // TODO - this needs cleaning up - wolff_borg
- if( !$gBitSystem->isFeatureActive( 'feature_challenge' ) || empty($response) ) {
- $query = "select `user_id`, `hash` from `".BIT_DB_PREFIX."users_users` where " . $this->mDb->convert_binary(). " $loginCol = ? and (`hash`=? or `hash`=?)";
- if ( $row = $this->mDb->getRow( $query, array( $loginVal, $hash, $hash2 ) ) ) {
- // auto-update old hashes with simple and standard md5( password )
- $hashUpdate = '';
- if( $row['hash'] == $hash ) {
- $hashUpdate = 'hash=?, ';
- $bindVars[] = $hash2;
- }
- $bindVars[] = $gBitSystem->getUTCTime();
- $bindVars[] = $userId;
- $query = "update `".BIT_DB_PREFIX."users_users` set $hashUpdate `last_login`=`current_login`, `current_login`=? where `user_id`=?";
- $result = $this->mDb->query($query, $bindVars );
- $ret = $userId;
- } else {
- $this->mErrors['login'] = 'Password incorrect';
- }
- } else {
- // Use challenge-reponse method
- // Compare pass against md5(user,challenge,hash)
- $hash = $this->mDb->getOne("select `hash` from `".BIT_DB_PREFIX."users_users` where " . $this->mDb->convert_binary(). " $loginCol = ?", array( $pLogin ) );
- if (!isset($_SESSION["challenge"])) {
- $this->mErrors['login'] = 'Invalid challenge';
- }
- //print("pass: $pass user: $user hash: $hash <br/>");
- //print("challenge: ".$_SESSION["challenge"]." challenge: $challenge<br/>");
- //print("response : $response<br/>");
- if ($response == md5( strtolower($user) . $hash . $_SESSION["challenge"]) ) {
- $ret = $userId;
- $this->update_lastlogin( $userId );
- } else {
- $this->mErrors['login'] = 'Invalid challenge';
- }
- }
- }
- }
- return( $ret );
- }
// update the lastlogin status on this user
function update_lastlogin( $pUserId ) {
$ret = FALSE;
@@ -978,38 +846,6 @@ echo "userAuthPresent: $userAuthPresent<br>";
}
return $ret;
}
- // create a new user in the Auth directory
- function create_user_auth($user, $pass) {
- global $gBitSystem;
- $options = array();
- $options["host"] = $gBitSystem->getConfig("users_ldap_host", "localhost");
- $options["port"] = $gBitSystem->getConfig("users_ldap_port", "389");
- $options["scope"] = $gBitSystem->getConfig("users_ldap_scope", "sub");
- $options["basedn"] = $gBitSystem->getConfig("users_ldap_basedn", "");
- $options["userdn"] = $gBitSystem->getConfig("users_ldap_userdn", "");
- $options["userattr"] = $gBitSystem->getConfig("users_ldap_userattr", "uid");
- $options["useroc"] = $gBitSystem->getConfig("users_ldap_useroc", "posixAccount");
- $options["groupdn"] = $gBitSystem->getConfig("users_ldap_groupdn", "");
- $options["groupattr"] = $gBitSystem->getConfig("users_ldap_groupattr", "cn");
- $options["groupoc"] = $gBitSystem->getConfig("users_ldap_groupoc", "groupOfUniqueNames");
- $options["memberattr"] = $gBitSystem->getConfig("users_ldap_memberattr", "uniqueMember");
- $options["memberisdn"] = ($gBitSystem->getConfig("users_ldap_memberisdn", "y") == "y");
- $options["adminuser"] = $gBitSystem->getConfig("users_ldap_adminuser", "");
- $options["adminpass"] = $gBitSystem->getConfig("users_ldap_adminpass", "");
- // set additional attributes here
- $userattr = array();
- $userattr["email"] = $this->mDb->getOne("select `email` from `".BIT_DB_PREFIX."users_users`
- where `login`=?", array($user));
- // set the Auth options
- $a = new Auth("LDAP", $options);
- // check if the login correct
- if ($a->addUser($user, $pass, $userattr) === true)
- $status = USER_VALID;
- // otherwise use the error status given back
- else
- $status = $a->getStatus();
- return $status;
- }
function get_users_names($offset = 0, $max_records = -1, $sort_mode = 'login_desc', $find = '') {
// Return an array of users indicating name, email, last changed pages, versions, last_login
@@ -1050,7 +886,7 @@ echo "userAuthPresent: $userAuthPresent<br>";
function lookupHomepage( $iHomepage ) {
$ret = NULL;
if ( @$this->verifyId($iHomepage)) {
- // iHomepage is the user_id for the user...
+ // iHomepage is the user_id for the user...
$key = 'user_id';
} elseif (substr($iHomepage,0,7) == 'mailto:') {
// iHomepage is the email address of the user...
@@ -1090,38 +926,7 @@ echo "userAuthPresent: $userAuthPresent<br>";
}
return $ret;
}
-/*
- // all of these methods have been replaced by the single getUserInfo method
- function get_user_info($user, $iCaseSensitive = TRUE) {
- if (!$iCaseSensitive) {
- $query = "SELECT * FROM `".BIT_DB_PREFIX."users_users` where LOWER(`login`) = ?";
- } else {
- $query = "select * from `".BIT_DB_PREFIX."users_users` where `login`=?";
- }
- $result = $this->mDb->query($query,array($iCaseSensitive ? $user : strtolower($user)));
- $res = $result->fetchRow();
- $groups = $this->getGroups( $res['user_id'] );
- $res["groups"] = $groups;
- return $res;
- }
- function get_user_info_from_email($email) {
- $query = "select * from `".BIT_DB_PREFIX."users_users` where `email`=?";
- $result = $this->mDb->query($query,array($email));
- $res = $result->fetchRow();
- return $res;
- }
- function get_user_password($user) {
- $query = "select `user_password` from `".BIT_DB_PREFIX."users_users` where " . $this->mDb->convert_binary(). " `login`=?";
- $pass = $this->mDb->getOne($query, array($user));
- return $pass;
- }
- function get_user_hash($user) {
- $query = "select `hash` from `".BIT_DB_PREFIX."users_users` where " .
- $this->mDb->convert_binary(). " `login` = ?";
- $pass = $this->mDb->getOne($query, array($user));
- return $pass;
- }
-*/
+
function getByHash( $hash ) {
$query = "select `user_id` from `".BIT_DB_PREFIX."users_cnxn` where `cookie`=?";
return $this->mDb->getOne( $query, array($hash) );
@@ -1234,7 +1039,7 @@ echo "userAuthPresent: $userAuthPresent<br>";
// setup the hash for central storage functions
$pStorageHash['upload']['max_width'] = PORTRAIT_MAX_DIM;
$pStorageHash['upload']['max_height'] = PORTRAIT_MAX_DIM;
-// $pStorageHash['upload']['dest_base_name'] = 'portrait';
+ // $pStorageHash['upload']['dest_base_name'] = 'portrait';
$pStorageHash['upload']['dest_path'] = $this->getStorageBranch( 'self',$this->mUserId );
$pStorageHash['storage_type'] = STORAGE_IMAGE;
$pStorageHash['content_type_guid'] = BITUSER_CONTENT_TYPE_GUID;
@@ -1268,7 +1073,7 @@ echo "userAuthPresent: $userAuthPresent<br>";
// setup the hash for central storage functions
$pStorageHash['upload']['max_width'] = AVATAR_MAX_DIM;
$pStorageHash['upload']['max_height'] = AVATAR_MAX_DIM;
-// $pStorageHash['upload']['dest_base_name'] = 'avatar';
+ // $pStorageHash['upload']['dest_base_name'] = 'avatar';
$pStorageHash['upload']['dest_path'] = $this->getStorageBranch( 'self',$this->mUserId );
$pStorageHash['storage_type'] = STORAGE_IMAGE;
$pStorageHash['content_type_guid'] = BITUSER_CONTENT_TYPE_GUID;
@@ -1290,7 +1095,7 @@ echo "userAuthPresent: $userAuthPresent<br>";
function storeLogo( &$pStorageHash ) {
- if( $this->isValid() && count( $pStorageHash ) ) {
+ if( $this->isValid() && count( $pStorageHash ) ) {
// setup the hash for central storage functions
$pStorageHash['upload']['max_width'] = LOGO_MAX_DIM;
$pStorageHash['upload']['max_height'] = LOGO_MAX_DIM;
@@ -1484,7 +1289,7 @@ echo "userAuthPresent: $userAuthPresent<br>";
return $ret;
while ($res = $result->fetchRow()) {
- $ret[] = $res;
+ $ret[] = $res;
}
return $ret;
@@ -1510,7 +1315,7 @@ echo "userAuthPresent: $userAuthPresent<br>";
$result = $this->mDb->query($query,array());
$ret = array();
while ($res = $result->fetchRow()) {
- $ret[] = $res['event'];
+ $ret[] = $res['event'];
}
return $ret;
}
@@ -1525,7 +1330,7 @@ echo "userAuthPresent: $userAuthPresent<br>";
$pUserName = $this->mUsername;
}
if( function_exists( 'override_user_url' ) ) {
- $ret = override_user_url( $pUserName );
+ $ret = override_user_url( $pUserName );
} else {
global $gBitSystem;
@@ -1567,9 +1372,9 @@ echo "userAuthPresent: $userAuthPresent<br>";
}
if( !empty( $pHash ) ) {
$displayName = (((!empty($pHash['real_name']) && $gBitSystem->getConfig( 'users_display_name', 'real_name' ) == 'real_name') ? $pHash['real_name'] :
- (!empty($pHash['user']) ? $pHash['user'] :
- (!empty($pHash['login']) ? $pHash['login'] :
- (!empty($pHash['email']) ? substr($pHash['email'],0, strpos($pHash['email'],'@')) : $pHash['user_id'])))));
+ (!empty($pHash['user']) ? $pHash['user'] :
+ (!empty($pHash['login']) ? $pHash['login'] :
+ (!empty($pHash['email']) ? substr($pHash['email'],0, strpos($pHash['email'],'@')) : $pHash['user_id'])))));
if (!empty($pHash['user'])) {
$iHomepage = $pHash['user'];
} elseif (!empty($pHash['login'])) {
@@ -1587,14 +1392,14 @@ echo "userAuthPresent: $userAuthPresent<br>";
if( $pUseLink ) {
if( $gBitUser->hasPermission( 'p_users_view_user_homepage' ) ) {
$ret = '<a class="username" title="'.tra( 'Visit the userpage of' ).': '.$displayName
- .'" href="'.BitUser::getDisplayUrl( $iHomepage ).'">'
- . htmlspecialchars( ( ( isset( $pHash['link_label'] ) ) ? ( $pHash['link_label'] ) : ( $displayName ) ) )
- .'</a>';
+ .'" href="'.BitUser::getDisplayUrl( $iHomepage ).'">'
+ . htmlspecialchars( ( ( isset( $pHash['link_label'] ) ) ? ( $pHash['link_label'] ) : ( $displayName ) ) )
+ .'</a>';
} else {
$ret = '<a class="username" title="'.tra( 'Visit the userpage of' ).': '.$displayName
- .'" href="'.USERS_PKG_URL.'my.php">'
- . htmlspecialchars( ( ( isset( $pHash['link_label'] ) ) ? ( $pHash['link_label'] ) : ( $displayName ) ) )
- .'</a>';
+ .'" href="'.USERS_PKG_URL.'my.php">'
+ . htmlspecialchars( ( ( isset( $pHash['link_label'] ) ) ? ( $pHash['link_label'] ) : ( $displayName ) ) )
+ .'</a>';
}
} else {
$ret = $displayName;
@@ -1606,7 +1411,7 @@ echo "userAuthPresent: $userAuthPresent<br>";
}
- /**
+ /**
* Returns include file that will
* @return the fully specified path to file to be included
*/
@@ -1742,7 +1547,7 @@ function scrambleEmail($email, $method='unicode') {
switch ($method) {
case 'strtr':
$trans = array( "@" => tra(" AT "),
- "." => tra(" DOT ")
+ "." => tra(" DOT ")
);
$ret = strtr($email, $trans);
break;
@@ -1755,12 +1560,12 @@ function scrambleEmail($email, $method='unicode') {
break;
case 'unicode':
case 'y':// for previous compatibility
- $encoded = '';
- for ($i = 0; $i < strlen($email); $i++) {
- $encoded .= '&#' . ord($email[$i]). ';';
- }
- $ret = $encoded;
- break;
+ $encoded = '';
+ for ($i = 0; $i < strlen($email); $i++) {
+ $encoded .= '&#' . ord($email[$i]). ';';
+ }
+ $ret = $encoded;
+ break;
default:
$ret = NULL;
break;
diff --git a/admin/admin_login_inc.php b/admin/admin_login_inc.php
index 71e0bfa..d80e797 100644
--- a/admin/admin_login_inc.php
+++ b/admin/admin_login_inc.php
@@ -1,14 +1,19 @@
<?php
-// $Header: /cvsroot/bitweaver/_bit_users/admin/admin_login_inc.php,v 1.17 2006/07/03 21:22:38 hash9 Exp $
+// $Header: /cvsroot/bitweaver/_bit_users/admin/admin_login_inc.php,v 1.18 2006/07/12 22:03:03 hash9 Exp $
// Copyright (c) 2002-2003, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
$loginSettings = array(
+ 'users_create_user_auth' => array(
+ 'label' => "Propgate Users",
+ 'type' => "checkbox",
+ 'note' => "Create a User in all lower Authentication Methods.<br />This won't work for methods in Method 1.",
+ ),
'users_allow_register' => array(
'label' => "Users can register",
'type' => "checkbox",
- 'note' => "",
+ 'note' => "Registration is attempted for the lowest level supporting the creation of new users.",
),
'send_welcome_email' => array(
'label' => "Send registration welcome email",
@@ -232,104 +237,10 @@ if( !empty( $_REQUEST["httpprefs"] ) ) {
}
}
-$ldapSettings = array(
- 'users_auth_create_gBitDbUser' => array(
- 'label' => "Create user if not in bitweaver",
- 'type' => "checkbox",
- 'note' => "",
- ),
- 'users_auth_create_user_auth' => array(
- 'label' => "Create user if not in Auth",
- 'type' => "checkbox",
- 'note' => "",
- ),
- 'users_auth_skip_admin' => array(
- 'label' => "Just use bitweaver auth for admin",
- 'type' => "checkbox",
- 'note' => "",
- ),
- 'users_ldap_host' => array(
- 'label' => "LDAP Host",
- 'type' => "text",
- 'note' => "",
- ),
- 'users_ldap_port' => array(
- 'label' => "LDAP Port",
- 'type' => "text",
- 'note' => "",
- ),
- 'users_ldap_basedn' => array(
- 'label' => "LDAP Base DN",
- 'type' => "text",
- 'note' => "",
- ),
- 'users_ldap_userdn' => array(
- 'label' => "LDAP User DN",
- 'type' => "text",
- 'note' => "",
- ),
- 'users_ldap_userattr' => array(
- 'label' => "LDAP User Attribute",
- 'type' => "text",
- 'note' => "",
- ),
- 'users_ldap_useroc' => array(
- 'label' => "LDAP User OC",
- 'type' => "text",
- 'note' => "",
- ),
- 'users_ldap_groupdn' => array(
- 'label' => "LDAP Group DN",
- 'type' => "text",
- 'note' => "",
- ),
- 'users_ldap_groupattr' => array(
- 'label' => "LDAP Group Atribute",
- 'type' => "text",
- 'note' => "",
- ),
- 'users_ldap_groupoc' => array(
- 'label' => "LDAP Group OC",
- 'type' => "text",
- 'note' => "",
- ),
- 'users_ldap_memberattr' => array(
- 'label' => "LDAP Member Attribute",
- 'type' => "text",
- 'note' => "",
- ),
- 'users_ldap_memberisdn' => array(
- 'label' => "LDAP Member Is DN",
- 'type' => "text",
- 'note' => "",
- ),
- 'users_ldap_adminuser' => array(
- 'label' => "LDAP Admin User",
- 'type' => "text",
- 'note' => "",
- ),
- 'users_ldap_adminpass' => array(
- 'label' => "LDAP Admin Pwd",
- 'type' => "password",
- 'note' => "",
- ),
-);
-$gBitSmarty->assign( 'ldapSettings', $ldapSettings );
-
-$ldapEnabled= function_exists('ldap_connect');
-$gBitSmarty->assign( 'ldapEnabled', $ldapEnabled );
-
-if( $ldapEnabled && !empty( $_REQUEST["auth_pear"] ) ) {
- foreach( array_keys( $ldapSettings ) as $feature ) {
- if( $ldapSettings[$feature]['type'] == 'text' ) {
- simple_set_value( $feature, USERS_PKG_NAME );
- } else {
- simple_set_toggle( $feature, USERS_PKG_NAME );
- }
- }
-}
$listHash = array();
$groupList = $gBitUser->getAllGroups($listHash);
$gBitSmarty->assign_by_ref('groupList', $groupList['data']);
+require_once(USERS_PKG_PATH.'auth/auth.php');
+BaseAuth::settings();
?>
diff --git a/auth/bit_auth.php b/auth/bit_auth.php
new file mode 100644
index 0000000..4ea625b
--- /dev/null
+++ b/auth/bit_auth.php
@@ -0,0 +1,97 @@
+<?php
+class BitAuth extends BaseAuth {
+
+ function BitAuth() {
+ parent::BaseAuth('bit');
+ }
+
+ function validate($user,$pass,$challenge,$response) {
+ parent::validate($user,$pass,$challenge,$response);
+ global $gBitSystem;
+ global $gBitDb;
+ $ret = SERVER_ERROR;
+ if( empty( $user ) ) {
+ $this->mErrors['login'] = 'User not found';
+ } elseif( empty( $pass ) ) {
+ $this->mErrors['login'] = 'Password incorrect';
+ } else {
+ $loginVal = strtoupper( $user ); // case insensitive login
+ $loginCol = ' UPPER(`'.(strpos( $user, '@' ) ? 'email' : 'login').'`)';
+ // first verify that the user exists
+ $query = "select `email`, `login`, `user_id`, `user_password` from `".BIT_DB_PREFIX."users_users` where " . $gBitDb->convert_binary(). " $loginCol = ?";
+ $result = $gBitDb->query( $query, array( $loginVal ) );
+ if( !$result->numRows() ) {
+ $this->mErrors['login'] = 'User not found';
+ } else {
+ $res = $result->fetchRow();
+ $userId = $res['user_id'];
+ $user = $res['login'];
+ // TikiWiki 1.8+ uses this bizarro conglomeration of fields to get the hash. this sucks for many reasons
+ $hash = md5( strtolower($user) . $pass . $res['email']);
+ $hash2 = md5($pass);
+ // next verify the password with 2 hashes methods, the old one (pass)) and the new one (login.pass;email)
+ // TODO - this needs cleaning up - wolff_borg
+ if( !$gBitSystem->isFeatureActive( 'feature_challenge' ) || empty($response) ) {
+ $query = "select `user_id`, `hash` from `".BIT_DB_PREFIX."users_users` where " . $gBitDb->convert_binary(). " $loginCol = ? and (`hash`=? or `hash`=?)";
+ if ( $row = $gBitDb->getRow( $query, array( $loginVal, $hash, $hash2 ) ) ) {
+ // auto-update old hashes with simple and standard md5( password )
+ $hashUpdate = '';
+ if( $row['hash'] == $hash ) {
+ $hashUpdate = 'hash=?, ';
+ $bindVars[] = $hash2;
+ }
+ $bindVars[] = $gBitSystem->getUTCTime();
+ $bindVars[] = $userId;
+ $query = "update `".BIT_DB_PREFIX."users_users` set $hashUpdate `last_login`=`current_login`, `current_login`=? where `user_id`=?";
+ $result = $gBitDb->query($query, $bindVars );
+ $ret=USER_VALID;
+ } else {
+ $ret=PASSWORD_INCORRECT;
+ $this->mErrors[] = 'Password incorrect';
+ }
+ } else {
+ // Use challenge-reponse method
+ // Compare pass against md5(user,challenge,hash)
+ $hash = $gBitDb->getOne("select `hash` from `".BIT_DB_PREFIX."users_users` where " . $gBitDb->convert_binary(). " $loginCol = ?", array( $user ) );
+ if (!isset($_SESSION["challenge"])) {
+ $this->mErrors[] = 'Invalid challenge';
+ $ret=PASSWORD_INCORRECT;
+ }
+ //print("pass: $pass user: $user hash: $hash <br/>");
+ //print("challenge: ".$_SESSION["challenge"]." challenge: $challenge<br/>");
+ //print("response : $response<br/>");
+ if ($response == md5( strtolower($user) . $hash . $_SESSION["challenge"]) ) {
+ $ret = USER_VALID;
+ $this->update_lastlogin( $userId );
+ } else {
+ $this->mErrors[] = 'Invalid challenge';
+ $ret=PASSWORD_INCORRECT;
+ }
+ }
+ }
+ if (!empty($userId)) {
+ $this->mInfo['user_id']=$userId;
+ }
+ }
+ return( $ret );
+ }
+
+ function canManageAuth() {
+ return true;
+ }
+
+ function isSupported() {
+ return true;
+ }
+
+ function createUser(&$userattr) {
+ //$authUserInfo = array( 'login' => $instance->mInfo['login'], 'password' => $instance->mInfo['password'], 'real_name' => $instance->mInfo['real_name'], 'email' => $instance->mInfo['email'] );
+ if (empty($userattr["email"])) {
+ $userattr["email"] = $userattr["login"];
+ }
+ $u = new BitUser();
+ $res = $u->store( $userattr );
+ $this->mErrors = array_merge($this->mErrors,$u->mErrors);
+ return $res;
+ }
+} \ No newline at end of file
diff --git a/auth/imap_auth.php b/auth/imap_auth.php
new file mode 100644
index 0000000..951c1fa
--- /dev/null
+++ b/auth/imap_auth.php
@@ -0,0 +1,97 @@
+<?php
+class IMAPAuth extends BaseAuth {
+
+ function IMAPAuth() {
+ parent::BaseAuth('imap');
+ }
+
+ function validate($user,$pass,$challenge,$response) {
+ parent::validate($user,$pass,$challenge,$response);
+ $mailbox = '{' . $this->mConfig['server'];
+ if ($this->mConfig["ssl"]) {
+ $mailbox .= "/ssl";
+ if ($this->mConfig["sslvalidate"]) {
+ $mailbox .= "/validate-cert";
+ } else {
+ $mailbox .= "/novalidate-cert";
+ }
+ }
+ $mailbox .= ':'.$this->mConfig["port"].'}INBOX';
+
+ $imapauth = @imap_open($mailbox,$user , $pass);
+ if (!$imapauth) {
+ $this->mErrors['login']=imap_errors();
+ $ret=USER_NOT_FOUND;
+ } else {
+ $ret=USER_VALID;
+ $this->mInfo["real_name"] = $user;
+ if(empty($this->mConfig["email"])) {
+ $this->mInfo["email"] = $user;
+ } else {
+ $info=array('login'=>$user);
+ $replace_func = create_function('$matches','$info = '.var_export($info,true).';
+ $m = $matches[0];
+ $m = substr($m,1,strlen($m)-2);
+ if(empty($info[$m])) return "";
+ return strtolower($info[$m]);');
+ $this->mInfo["email"] = preg_replace_callback('/%.*?%/',$replace_func,$this->mConfig["email"]);
+ }
+ imap_close($imapauth);
+ }
+ return $ret;
+ }
+
+ function isSupported() {
+ $ret = true;
+ if (!function_exists('imap_open')) {
+ $this->mErrors['support']=tra("IMAP Authentication is not supported as PHP IMAP Extention not loaded.");
+ $ret = false;
+ }
+ return $ret;
+ }
+
+ function createUser(&$userattr) {
+ $this->mErrors['create']=tra("Cannot create users in an IMAP Server.");
+ return false;
+ }
+
+ function canManageAuth() {
+ $this->mErrors[]=tra("Cannot create users in an IMAP Server.");
+ return false;
+ }
+
+ function getSettings() {
+ return array(
+ 'users_imap_server' => array(
+ 'label' => "IMAP Server",
+ 'type' => "text",
+ 'note' => "",
+ 'default' => '',
+ ),
+ 'users_imap_ssl' => array(
+ 'label' => "Connect Using SSL",
+ 'type' => "checkbox",
+ 'note' => "",
+ 'default' => 'y',
+ ),
+ 'users_imap_sslvalidate' => array(
+ 'label' => "Require SSL Certificate to be valid",
+ 'type' => "checkbox",
+ 'note' => "",
+ 'default' => 'n',
+ ),
+ 'users_imap_port' => array(
+ 'label' => "IMAP Port",
+ 'type' => "text",
+ 'note' => "",
+ 'default' => '993',
+ ),
+ 'users_imap_email' => array(
+ 'label' => "LDAP User E-Mail Address",
+ 'type' => "text",
+ 'note' => "If empty the login is used.<br />Otherwise all %login% is replaced with the login name, and the result used as the email address.<br />Please remember to include the @ sign",
+ 'default' => "%login%@redhat.com",
+ ),
+ );
+ }
+} \ No newline at end of file
diff --git a/auth/ldap_auth.php b/auth/ldap_auth.php
new file mode 100644
index 0000000..da14bac
--- /dev/null
+++ b/auth/ldap_auth.php
@@ -0,0 +1,215 @@
+<?php
+if (file_exists(UTIL_PKG_PATH."pear/Auth/Auth.php")) {
+ require_once (UTIL_PKG_PATH."pear/Auth/Auth.php");
+} else {
+ @include_once("Auth.php");
+}
+
+class LDAPAuth extends BaseAuth {
+ function LDAPAuth() {
+ parent::BaseAuth('ldap');
+ }
+
+ function validate($user,$pass,$challenge,$response) {
+ parent::validate($user,$pass,$challenge,$response);
+ // set the Auth options
+ $a = new Auth("LDAP", $this->mConfig, "", false, $user, $pass);
+ // check if the login correct
+ $a->login();
+ $ret = '';
+ switch ($a->getStatus()) {
+ case AUTH_LOGIN_OK:
+ $ret=USER_VALID;
+ $ds=ldap_connect($this->mConfig["host"], $this->mConfig["port"]); // Connects to LDAP Server
+ if ($ds) {
+ $r=ldap_bind($ds, $this->mConfig["adminuser"], $this->mConfig["adminpass"]);
+ if ($r) {
+ $attrs = array("cn", "mail");
+ $sr=ldap_search($ds, $this->mConfig["basedn"], "(".$this->mConfig["userattr"]."=".$user.")", $attrs); // Search
+ $info = ldap_get_entries($ds, $sr);
+ $this->mInfo["real_name"] = $info[0]["cn"][0];
+ if(empty($this->mConfig["email"])) {
+ if(empty($info[0]["mail"][0])) {
+ $this->mInfo["email"] = $info[0][$this->mConfig["userattr"]][0];
+ } else {
+ $this->mInfo["email"] = $info[0]["mail"][0];
+ }
+ } else {
+ $replace_func = create_function('$matches','$info = '.var_export($info,true).';
+ $m = $matches[0];
+ $m = substr($m,1,strlen($m)-2);
+ if(empty($info[0][$m][0])) return "";
+ return strtolower($info[0][$m][0]);');
+ $this->mInfo["email"] = preg_replace_callback('/%.*?%/',$replace_func,$this->mConfig["email"]);
+ }
+ }
+ ldap_close($ds);
+ }
+ break;
+ case AUTH_USER_NOT_FOUND:
+ $ret=USER_NOT_FOUND;
+ break;
+ case AUTH_WRONG_LOGIN:
+ $ret=PASSWORD_INCORRECT;
+ break;
+ default:
+ $ret=SERVER_ERROR;
+ break;
+ }
+ return $ret;
+ }
+
+ function isSupported() {
+ $ret = true;
+ if (! class_exists("Auth")) {
+ $this->mErrors['support']=tra("LDAP Authentication is not supported as PEAR Package Auth is not availible.");
+ $ret = false;
+ }
+ if (!function_exists('ldap_connect')) {
+ $this->mErrors['support']=tra("LDAP Authentication is not supported as PHP LDAP Extention not loaded.");
+ $ret = false;
+ }
+ return $ret;
+ }
+
+ // create a new user in the Auth directory
+ function createUser(&$userattr) {
+ global $gBitDb;
+ // set additional attributes here
+ if (empty($userattr["email"])) {
+ $userattr["email"] = $gBitDb->getOne("select `email` from `".BIT_DB_PREFIX."users_users` where `login`=?", array($userattr["login"]));
+ }
+ // set the Auth options
+ $a = new Auth("LDAP", $this->mConfig);
+ // check if the login correct
+ if ($a->addUser($userattr["login"], $userattr["password"], $userattr) === true) {
+ return true;
+ } else {
+ // otherwise use the error status given back
+ $this->mErrors['create'] = $a->getStatus();
+ return false;
+ }
+ }
+
+ function canManageAuth() {
+ return true;
+ }
+
+ function getSettings() {
+ global $gBitUser;
+ $listHash = array();
+ $groups = $gBitUser->getAllGroups($listHash);
+ $groups=$groups['data'];
+ $groupsD =array();
+ foreach ($groups as $g) {
+ $groupsD[$g['group_id']]= "{$g['group_name']} ( {$g['group_desc']} )";
+ }
+ $groups = $groupsD;
+ return array(
+ 'users_ldap_host' => array(
+ 'label' => "LDAP Host",
+ 'type' => "text",
+ 'note' => "",
+ 'default' => 'localhost',
+ ),
+ 'users_ldap_port' => array(
+ 'label' => "LDAP Port",
+ 'type' => "text",
+ 'note' => "",
+ 'default' => '389',
+ ),
+ 'users_ldap_basedn' => array(
+ 'label' => "LDAP Base DN",
+ 'type' => "text",
+ 'note' => "",
+ 'default' => '',
+ ),
+ 'users_ldap_userdn' => array(
+ 'label' => "LDAP User DN",
+ 'type' => "text",
+ 'note' => "",
+ 'default' => '',
+ ),
+ 'users_ldap_userattr' => array(
+ 'label' => "LDAP User Attribute",
+ 'type' => "text",
+ 'note' => "",
+ 'default' => 'uid',
+ ),
+ 'users_ldap_email' => array(
+ 'label' => "LDAP User E-Mail Address",
+ 'type' => "text",
+ 'note' => "If empty the attribute \"mail\" is used, if it not set for a user, <em>LDAP User Attribute</em> is used instead.<br />Otherwise all %<em>feilds</em>% are replaced with the first value from the ldap attribute of the same name, and the result used as the email address.<br />Please remember to include the @ sign",
+ 'default' => '',
+ ),
+ 'users_ldap_useroc' => array(
+ 'label' => "LDAP User OC",
+ 'type' => "text",
+ 'note' => "",
+ 'default' => 'inetOrgPerson',
+ ),
+ 'users_ldap_groupdn' => array(
+ 'label' => "LDAP Group DN",
+ 'type' => "text",
+ 'note' => "",
+ 'default' => '',
+ ),
+ 'users_ldap_groupattr' => array(
+ 'label' => "LDAP Group Atribute",
+ 'type' => "text",
+ 'note' => "",
+ 'default' => 'cn',
+ ),
+ 'users_ldap_groupoc' => array(
+ 'label' => "LDAP Group OC",
+ 'type' => "text",
+ 'note' => "",
+ 'default' => 'groupOfUniqueNames',
+ ),
+ 'users_ldap_memberattr' => array(
+ 'label' => "LDAP Member Attribute",
+ 'type' => "text",
+ 'note' => "",
+ 'default' => 'uniqueMember',
+ ),
+ 'users_ldap_memberisdn' => array(
+ 'label' => "LDAP Member Is DN",
+ 'type' => "text",
+ 'note' => "",
+ 'default' => '',
+ ),
+ 'users_ldap_adminuser' => array(
+ 'label' => "LDAP Admin User",
+ 'type' => "text",
+ 'note' => "",
+ 'default' => '',
+ ),
+ 'users_ldap_adminpass' => array(
+ 'label' => "LDAP Admin Pwd",
+ 'type' => "password",
+ 'note' => "",
+ 'default' => '',
+ ),
+ 'users_ldap_scope' => array(
+ 'label' => "LDAP Scope",
+ 'type' => "option",
+ 'note' => "",
+ 'default' => 'sub',
+ 'options' => array(
+ 'sub' => "Sub",
+ 'one' => "One",
+ 'base' => "Base",
+ ),
+ ),
+ 'users_ldap_group' => array(
+ 'label' => "LDAP Group",
+ 'type' => "option",
+ 'note' => "",
+ 'default' => '3',
+ 'options' => $groups,
+ ),
+ );
+ }
+}
+
+?> \ No newline at end of file
diff --git a/bit_setup_inc.php b/bit_setup_inc.php
index 38d8c78..27db7af 100644
--- a/bit_setup_inc.php
+++ b/bit_setup_inc.php
@@ -64,7 +64,7 @@ if( !defined( 'LOGO_MAX_DIM' ) ) {
umask(0007);
}
session_start();
- // just use a simple COOKIE (unique random string) that is linked to the users_cnxn table.
+ // just use a simple COOKIE (unique random string) that is linked to the users_cnxn table.
// This way, nuking rows in the users_cnxn table can log people out and is much more reliable than SESSIONS
$cookie_site = strtolower( ereg_replace("[^a-zA-Z0-9]", "", $gBitSystem->getConfig('site_title', 'bitweaver')) );
global $user_cookie_site;
@@ -124,51 +124,6 @@ if( !defined( 'LOGO_MAX_DIM' ) ) {
$site_https_login_required = $gBitSystem->getConfig('site_https_login_required', 'n');
$users_change_language = $gBitSystem->getConfig("users_change_language", 'y');
-/*
-
- All of this stuff should now be converted to gBitSystem->isFeatureActive or ->getConfig
-
- $gBitSmarty->assign('users_allow_register', $users_allow_register);
- $gBitSmarty->assign('site_url_index', $site_url_index);
- $gBitSmarty->assign('site_use_proxy', $site_use_proxy);
- $gBitSmarty->assign('site_proxy_host', $site_proxy_host);
- $gBitSmarty->assign('site_proxy_port', $site_proxy_port);
- $gBitSmarty->assign('users_change_language', $users_change_language);
- $gBitSmarty->assign('users_eponymous_groups', $users_eponymous_groups);
-
- $site_user_assigned_modules = 'n';
- $gBitSmarty->assign('users_remember_time', $users_remember_time);
- $gBitSmarty->assign('users_webserverauth', 'n');
- $gBitSmarty->assign('users_uf_use_db', 'y');
- $gBitSmarty->assign('uf_use_dir', '');
- $gBitSmarty->assign('users_userfiles_quota', 30);
- $gBitSmarty->assign('users_register_passcode', $users_register_passcode);
- $gBitSmarty->assign('users_register_passcode', $users_register_passcode);
- $gBitSmarty->assign('users_min_pass_length', 1);
- $gBitSmarty->assign('users_pass_chr_num', 'n');
- $gBitSmarty->assign('users_pass_due', 999);
- $gBitSmarty->assign('users_random_number_reg', 'n');
- // PEAR::Auth support
- $gBitSmarty->assign('users_auth_method', "tiki");
- $gBitSmarty->assign('auth_pear', "tiki");
- $gBitSmarty->assign('users_auth_create_gBitDbUser', 'n');
- $gBitSmarty->assign('users_auth_create_user_auth', 'n');
- $gBitSmarty->assign('users_auth_skip_admin', 'y');
- $gBitSmarty->assign('users_ldap_host', 'localhost');
- $gBitSmarty->assign('users_ldap_port', '389');
- $gBitSmarty->assign('users_ldap_scope', 'sub');
- $gBitSmarty->assign('users_ldap_basedn', '');
- $gBitSmarty->assign('users_ldap_userdn', '');
- $gBitSmarty->assign('users_ldap_userattr', 'uid');
- $gBitSmarty->assign('users_ldap_useroc', 'inetOrgPerson');
- $gBitSmarty->assign('users_ldap_groupdn', '');
- $gBitSmarty->assign('users_ldap_groupattr', 'cn');
- $gBitSmarty->assign('users_ldap_groupoc', 'groupOfUniqueNames');
- $gBitSmarty->assign('users_ldap_memberattr', 'uniqueMember');
- $gBitSmarty->assign('users_ldap_memberisdn', 'y');
- $gBitSmarty->assign('users_ldap_adminuser', '');
- $gBitSmarty->assign('users_ldap_adminpass', '');
-*/
// Permissions
// Get group permissions here
@@ -210,4 +165,25 @@ if( !defined( 'LOGO_MAX_DIM' ) ) {
$displayTitle = !empty( $site_menu_title ) ? $site_menu_title : $gBitSystem->getConfig( 'site_title', 'Site' );
$gBitSystem->registerAppMenu( USERS_PKG_NAME, 'My '.$displayTitle, ($gBitSystem->getConfig('users_preferences') == 'y' ? USERS_PKG_URL.'my.php':''), 'bitpackage:users/menu_users.tpl' );
}
+
+require_once(USERS_PKG_PATH.'BaseAuth.php');
+
+BaseAuth::register('imap',array(
+ 'name' => 'IMAP Auth',
+ 'file' => USERS_PKG_PATH.'auth/imap_auth.php',
+ 'class' => 'IMAPAuth',
+));
+
+BaseAuth::register('ldap',array(
+ 'name' => 'LDAP Auth',
+ 'file' => USERS_PKG_PATH.'auth/ldap_auth.php',
+ 'class' => 'LDAPAuth',
+));
+
+BaseAuth::register('bit',array(
+ 'name' => 'Bitweaver Auth',
+ 'file' => USERS_PKG_PATH.'auth/bit_auth.php',
+ 'class' => 'BitAuth',
+));
+
?>
diff --git a/register.php b/register.php
index 01b510c..255f482 100644
--- a/register.php
+++ b/register.php
@@ -1,6 +1,6 @@
<?php
/**
- * $Header: /cvsroot/bitweaver/_bit_users/register.php,v 1.20 2006/06/05 03:13:32 spiderr Exp $
+ * $Header: /cvsroot/bitweaver/_bit_users/register.php,v 1.21 2006/07/12 22:03:03 hash9 Exp $
*
* Copyright (c) 2004 bitweaver.org
* Copyright (c) 2003 tikwiki.org
@@ -8,7 +8,7 @@
* All Rights Reserved. See copyright.txt for details and a complete list of authors.
* Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details
*
- * $Id: register.php,v 1.20 2006/06/05 03:13:32 spiderr Exp $
+ * $Id: register.php,v 1.21 2006/07/12 22:03:03 hash9 Exp $
* @package users
* @subpackage functions
*/
@@ -39,7 +39,7 @@ if( isset( $_REQUEST["register"] ) ) {
// novalidation is set to yes if a user confirms his email is correct after tiki fails to validate it
if( $gBitSystem->isFeatureActive( 'users_random_number_reg' ) ) {
if( (empty( $reg['novalidation'] ) || $reg['novalidation'] != 'yes')
- && (!isset( $_SESSION['random_number'] ) || $_SESSION['random_number']!=$reg['regcode'])) {
+ && (!isset( $_SESSION['random_number'] ) || $_SESSION['random_number']!=$reg['regcode'])) {
$errors['users_random_number_reg'] = "Wrong registration code";
}
}
@@ -50,7 +50,6 @@ if( isset( $_REQUEST["register"] ) ) {
$errors['passcode'] = 'Wrong passcode! You need to know the passcode to register at this site';
}
}
-
if( empty( $errors ) ) {
$newUser = new BitPermUser();
if( $newUser->register( $reg ) ) {
@@ -101,6 +100,17 @@ if( isset( $_REQUEST["register"] ) ) {
trim_array( $fields );
$gBitSmarty->assign('customFields', $fields);
}
+ for ($i=0;$i<BaseAuth::getAuthMethodCount();$i++) {
+ $instance = BaseAuth::init($i);
+ if ($instance && $instance->canManageAuth()) {
+ $auth_reg_fields = $instance->getRegistrationFields();
+ foreach (array_keys($auth_reg_fields) as $auth_field) {
+ $auth_reg_fields[$auth_field]['value'] = $auth_reg_fields[$auth_field]['default'];
+ }
+ $gBitSmarty->assign('auth_reg_fields', $auth_reg_fields);
+ break;
+ }
+ }
}
$languages = array();
diff --git a/templates/admin_login.tpl b/templates/admin_login.tpl
index 256d52d..7ad4863 100644
--- a/templates/admin_login.tpl
+++ b/templates/admin_login.tpl
@@ -4,17 +4,29 @@
<input type="hidden" name="page" value="{$page}" />
<div class="row">
- {if ! $ldapEnabled}
- {formfeedback error="PHP LDAP Extention not loaded; LDAP Authentication not available."}
- {/if}
+ {foreach from=$authSettings.err item='auth_error' key='auth_type'}
+ {formfeedback error=$auth_error}
+ {/foreach}
{formlabel label="Authentication method" for="users_auth_method"}
{forminput}
+ {foreach from=$authSettings.avail_method item='auth_method' key='iter'}
+ <label>Method {$iter+1}</label>
+ <select name="users_auth_method_{$iter}">
+ <option value="" disabled {if $auth_method.value eq ''} selected="selected"{/if}>-</option>
+ {foreach from=$authSettings.avail item='method' key='meth_name'}
+ <option value="{$meth_name}" {if $auth_method.value eq $meth_name} selected="selected"{/if}>{$method.name}</option>
+ {/foreach}
+ </select><br />
+ {/foreach}
+ {*
+ {if $gBitSystem->getConfig("users_auth_method_`$smarty.section.auth_select_outer.iteration-1`") eq 'tiki'} selected="selected"{/if}
<select name="users_auth_method" id="users_auth_method">
<option value="tiki" {if $gBitSystem->getConfig('users_auth_method') eq 'tiki'} selected="selected"{/if}>{tr}Just bitweaver{/tr}</option>
<option value="ws" {if $gBitSystem->getConfig('users_auth_method') eq 'ws'} selected="selected"{/if}>{tr}Web Server{/tr}</option>
{if $ldapEnabled}<option value="auth" {if $gBitSystem->getConfig('users_auth_method') eq 'auth'} selected="selected"{/if}>{tr}bitweaver and PEAR::Auth{/tr}</option>{/if}
</select>
- {formhelp note=""}
+ *}
+ {*formhelp note="Registration requrires that Bitweaver Auth be in the Method List"*}
{/forminput}
</div>
@@ -64,7 +76,7 @@
<select name="registration_group_choice[]" multiple="multiple" size="5">
<option value="">&nbsp;</option>
{foreach key=g item=gr from=$groupList}
- {if $gr.group_id ne -1}
+ {if $gr.group_id ne -1}
<option value="{$gr.group_id}" {if $gr.is_public eq 'y'} selected="selected"{/if}>{$gr.group_name|truncate:"52":" ..."}</option>
{/if}
{/foreach}
@@ -128,42 +140,36 @@
</div>
{/form}
{/jstab}
-
- {if $ldapEnabled}
- {jstab title="PEAR::Auth"}
- {form legend="PEAR::Auth"}
- <input type="hidden" name="page" value="{$page}" />
-
- {foreach from=$ldapSettings key=feature item=output}
- <div class="row">
- {formlabel label=`$output.label` for=$feature}
- {forminput}
- {if $output.type == 'text'}
- <input type="text" size="50" name="{$feature}" id="{$feature}" value="{$gBitSystem->getConfig($feature)|escape}" />
- {else}
- {html_checkboxes name="$feature" values="y" checked=$gBitSystem->getConfig($feature) labels=false id=$feature}
- {/if}
- {formhelp note=`$output.note` page=`$output.page` link=`$output.link`}
- {/forminput}
+ {foreach from=$authSettings.avail item='method' key='meth_name'}
+ {if count($method.options)>0}
+ {jstab title=$method.name}
+ {form legend=$method.name}
+ <input type="hidden" name="page" value="{$page}" />
+ {foreach from=$method.options item='output' key='op_id'}
+ <div class="row">
+ {formlabel label=$output.label for=$op_id}
+ {forminput}
+ {if $output.type == 'checkbox'}
+ {html_checkboxes name="$op_id" values="y" selected=$output.value labels=false id=$op_id}
+ {elseif $output.type == 'option'}
+ <select name="{$op_id}" id="{$op_id}">
+ {foreach from=$output.options item='op_text' key='op_value'}
+ <option value="{$op_value}" {if $output.value eq $op_value} selected="selected"{/if}>{$op_text}</option>
+ {/foreach}
+ </select>
+ {else}
+ <input type="text" size="50" name="{$op_id}" id="{$op_id}" value="{$output.value|escape}" />
+ {/if}
+ {formhelp note=`$output.note` page=`$output.page` link=`$output.link`}
+ {/forminput}
+ </div>
+ {/foreach}
+ <div class="row submit">
+ <input type="submit" name="auth_{$meth_name}" value="{tr}Change {$method.name} preferences{/tr}" />
</div>
- {/foreach}
+ {/form}
+ {/jstab}
+ {/if}
+ {/foreach}
- <div class="row">
- {formlabel label="LDAP Scope" for="users_ldap_scope"}
- {forminput}
- <select name="users_ldap_scope" id="users_ldap_scope">
- <option value="sub" {if $gBitSystem->getConfig('users_ldap_scope') eq "sub"} selected="selected"{/if}>sub</option>
- <option value="one" {if $gBitSystem->getConfig('users_ldap_scope') eq "one"} selected="selected"{/if}>one</option>
- <option value="base" {if $gBitSystem->getConfig('users_ldap_scope') eq "base"} selected="selected"{/if}>base</option>
- </select>
- {formhelp note=""}
- {/forminput}
- </div>
-
- <div class="row submit">
- <input type="submit" name="auth_pear" value="{tr}Change preferences{/tr}" />
- </div>
- {/form}
- {/jstab}
- {/if}
{/jstabs}
diff --git a/templates/register.tpl b/templates/register.tpl
index 1cfe5ba..7afa631 100644
--- a/templates/register.tpl
+++ b/templates/register.tpl
@@ -9,6 +9,13 @@
<div class="body">
<p>{tr}If you are already registered, please{/tr} <a href="{$smarty.const.USERS_PKG_URL}login.php">{tr}login{/tr}</a></p>
{form enctype="multipart/form-data" legend="Please fill in the following details"}
+ {foreach from=$reg.CUSTOM item='custom' key='custom_name'}
+ <input type="hidden" name="CUSTOM[{$custom_name}]" value="{$custom}"/>
+ {/foreach}
+ {foreach from=$reg.auth item='auth' key='auth_name'}
+ <input type="hidden" name="auth[{$auth_name}]" value="{$auth}"/>
+ {/foreach}
+ {formfeedback error=$errors.create}
{if $notrecognized eq 'y'}
<input type="hidden" name="login" value="{$reg.login}"/>
<input type="hidden" name="password" value="{$reg.password}"/>
@@ -159,6 +166,27 @@
</div>
{/section}
+ {foreach from=$auth_reg_fields item='output' key='op_id'}
+ {assign var=op_name value="auth[$op_id]"}
+ <div class="row">
+ {formlabel label=$output.label for=$op_id}
+ {forminput}
+ {if $output.type == 'checkbox'}
+ {html_checkboxes name="$op_name" values="y" selected=$output.value labels=false id=$op_id}
+ {elseif $output.type == 'option'}
+ <select name="{$op_name}" id="{$op_id}">
+ {foreach from=$output.options item='op_text' key='op_value'}
+ <option value="{$op_value}" {if $output.value eq $op_value} selected="selected"{/if}>{$op_text}</option>
+ {/foreach}
+ </select>
+ {else}
+ <input type="text" size="50" name="{$op_name}" id="{$op_id}" value="{$output.value|escape}" />
+ {/if}
+ {formhelp note=`$output.note` page=`$output.page` link=`$output.link`}
+ {/forminput}
+ </div>
+ {/foreach}
+
{if $gBitSystem->isFeatureActive('users_random_number_reg')}
<hr />