diff options
| -rw-r--r-- | BaseAuth.php | 204 | ||||
| -rw-r--r-- | BitUser.php | 613 | ||||
| -rw-r--r-- | admin/admin_login_inc.php | 107 | ||||
| -rw-r--r-- | auth/bit_auth.php | 97 | ||||
| -rw-r--r-- | auth/imap_auth.php | 97 | ||||
| -rw-r--r-- | auth/ldap_auth.php | 215 | ||||
| -rw-r--r-- | bit_setup_inc.php | 68 | ||||
| -rw-r--r-- | register.php | 18 | ||||
| -rw-r--r-- | templates/admin_login.tpl | 88 | ||||
| -rw-r--r-- | templates/register.tpl | 28 |
10 files changed, 942 insertions, 593 deletions
diff --git a/BaseAuth.php b/BaseAuth.php new file mode 100644 index 0000000..e8e12af --- /dev/null +++ b/BaseAuth.php @@ -0,0 +1,204 @@ +<?php +global $gBitUser; + +class BaseAuth { + var $mLogin; + var $mConfig; + var $mInfo; + var $mCfg; + var $mErrors =array(); + + static $mAuthMethod; + + function BaseAuth($authId) { + global $gBitSystem; + global $gBitUser; + $this->mCfg = BaseAuth::$mAuthMethod[$authId]; + $this->mCfg['auth_id'] = $authId; + foreach ($this->getSettings() as $op_id => $op) { + $var_id = substr($op_id,strrpos($op_id,"_")+1); + $var = $gBitSystem->getConfig($op_id, $op['default']); + if ($op['type']=="checkbox") { + $var = ($var== "y"); + } + $this->mConfig[$var_id]=$var; + } + } + + function register($id,$hash) { + if (!function_exists('preFlightWarning')) { + function preFlightWarning($str) { + ?><div style="background: white; z-index: 50000; margin: 0em; padding: 1px; color: red; text-align: center;""> + <h1> + <img src="<?php echo LIBERTY_PKG_URL; ?>/icons/warning.png" alt="Warning" /> + <?php echo $str; ?> + <img src="<?php echo LIBERTY_PKG_URL; ?>/icons/warning.png" alt="Warning" /> + </h1> + </div><?php + } + } + global $gBitSystem; + $err = false; + if (! empty(BaseAuth::$mAuthMethod[$id])) { + preFlightWarning("Auth Registration Failed: $id already registered"); + $err = true; + } + if (empty($hash['name'])) { + preFlightWarning("Auth Registration Failed: $id: No Name given"); + $err = true; + } + if (empty($hash['file'])) { + preFlightWarning("Auth Registration Failed: $id: No file given"); + $err = true; + }elseif(!file_exists($hash['file'])) { + preFlightWarning("Auth Registration Failed: $id: File (".basename($hash['file']).") doesn't exist"); + $err = true; + } + if (empty($hash['class'])) { + preFlightWarning("Auth Registration Failed: $id: No class given"); + $err = true; + } + if (!$err) { + BaseAuth::$mAuthMethod[$id]=$hash; + } + } + + function getAuthMethodCount() { + return count(BaseAuth::$mAuthMethod); + } + + function validate($user,$pass,$challenge,$response) { + if (!$this->isSupported()) return false; + $this->mLogin = $user; + $this->mInfo['login']=$user; + $this->mInfo['password']=$pass; + } + + function getUserData() { + return $this->mInfo; + } + + function isSupported() { + $this->mErrors[] = "BaseAuth is not an authentcation method"; + return false; + } + + function createUser(&$userattr) { + $this->mErrors[] = "BaseAuth is not an authentcation method"; + return false; + } + + function getSettings() { + return array(); + } + + function canManageAuth() { + $this->mErrors[] = "BaseAuth is not an authentcation method"; + return false; + } + + function getRegistrationFields() { + return array(); + } + + function isActive($package = '') { + global $gBitSystem; + global $gBitUser; + if (empty($package) && !empty($this->mCfg['auth_id'])) { + $package = $this->mCfg['auth_id']; + } + for ($i=0;$i<count($gBitUser->mAuthMethod);$i++) { + $default=""; + if ($i==0) { + $default="bit"; + } + if ($gBitSystem->getConfig("users_auth_method_$i",$default)== $package) { + return true; + } + } + return false; + } + + function init($authId) { + global $gBitUser; + global $gBitSystem; + if (is_numeric($authId)) { + $default=""; + if ($authId==0) { + $default="tiki"; + } + $method_name=$gBitSystem->getConfig("users_auth_method_$authId",$default); + if (!empty($method_name)) { + return BaseAuth::init($method_name); + } + } elseif (!empty($authId)) { + $method=BaseAuth::$mAuthMethod[$authId]; + require_once($method['file']); + $cl = $method['class']; + $instance = new $cl(); + if ($instance->isSupported()) { + return $instance; + } + } + return false; + } + + function settings() { + global $gBitSystem; + global $gBitUser; + global $gBitSmarty; + $authSettings = array(); + foreach( BaseAuth::$mAuthMethod as $meth_name => $method ) { + $instance = BaseAuth::init($meth_name) ; + if ($instance) { + foreach ($instance->getSettings() as $op_id => $op) { + if (!empty($_REQUEST[$op_id])) { + if( $op['type'] == 'checkbox' ) { + simple_set_toggle( $op_id, USERS_PKG_NAME ); + } else { + simple_set_value( $op_id, USERS_PKG_NAME ); + } + } + $value = $gBitSystem->getConfig($op_id, $op['default']); + $op['value']=$value; + $method['options'][$op_id] = $op; + } + $method['canManageAuth'] = $instance->canManageAuth(); + $authSettings['avail'][$meth_name]=$method; + } else { + $authSettings['err'][$meth_name]=implode("<br />",$instance->mErrors); + } + } + if (!empty($_REQUEST["loginprefs"])) { + $used =array(); + for ($i=0,$j=0;$i<count($authSettings['avail']);$i++,$j++) { + $gBitSystem->storeConfig( "users_auth_method_$i",null, USERS_PKG_NAME ); + if (empty($_REQUEST["users_auth_method_$i"])) { + $j--; + } elseif(!empty($used[$_REQUEST["users_auth_method_$i"]])) { + $j--; + } else { + $used[$_REQUEST["users_auth_method_$i"]]="stored_$j"; + $gBitSystem->storeConfig( "users_auth_method_$j", $_REQUEST["users_auth_method_$i"], USERS_PKG_NAME ); + } + } + } + $canManageAuth = false; + for ($i=0;$i<count($authSettings['avail']);$i++) { + $default=""; + if ($i==0) { + $default="bit"; + } + $authSettings['avail_method'][$i]['value']=$gBitSystem->getConfig("users_auth_method_$i",$default); + if (!$canManageAuth&&!empty($authSettings['avail_method'][$i]['value'])) { + $canManageAuth = $authSettings['avail'][$authSettings['avail_method'][$i]['value']]['canManageAuth']; + } + } + if (($gBitSystem->getConfig('users_allow_register','y')=='y')&&!$canManageAuth) { + $authSettings['err']['bit_reg']="Registration is enabled but there are no Auth Methods that support this, Registration won't work!"; + } + $method['active']=BaseAuth::isActive($meth_name); + $gBitSmarty->assign_by_ref( 'authSettings', $authSettings); + } +} +?>
\ No newline at end of file diff --git a/BitUser.php b/BitUser.php index c9398bd..f5b1a75 100644 --- a/BitUser.php +++ b/BitUser.php @@ -1,6 +1,6 @@ <?php /** - * $Header: /cvsroot/bitweaver/_bit_users/BitUser.php,v 1.84 2006/07/04 15:06:06 squareing Exp $ + * $Header: /cvsroot/bitweaver/_bit_users/BitUser.php,v 1.85 2006/07/12 22:03:02 hash9 Exp $ * * Lib for user administration, groups and permissions * This lib uses pear so the constructor requieres @@ -12,7 +12,7 @@ * All Rights Reserved. See copyright.txt for details and a complete list of authors. * Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details * - * $Id: BitUser.php,v 1.84 2006/07/04 15:06:06 squareing Exp $ + * $Id: BitUser.php,v 1.85 2006/07/12 22:03:02 hash9 Exp $ * @package users */ @@ -40,7 +40,7 @@ define("ACCOUNT_DISABLED", -6); * Class that holds all information for a given user * * @author spider <spider@steelsun.com> - * @version $Revision: 1.84 $ + * @version $Revision: 1.85 $ * @package users * @subpackage BitUser */ @@ -50,10 +50,9 @@ class BitUser extends LibertyAttachable { var $mGroups; var $mInfo; var $mTicket; - // used by LDAP to hold email and real_name temporarily - var $mTmpStore; + var $mAuth; -/** + /** * Constructor - will automatically load all relevant data if passed a user string * * @access public @@ -63,13 +62,13 @@ class BitUser extends LibertyAttachable { function BitUser( $pUserId=NULL, $pContentId=NULL ) { LibertyAttachable::LibertyAttachable(); $this->registerContentType( BITUSER_CONTENT_TYPE_GUID, array( - 'content_type_guid' => BITUSER_CONTENT_TYPE_GUID, - 'content_description' => 'User Information', - 'handler_class' => 'BitUser', - 'handler_package' => 'users', - 'handler_file' => 'BitUser.php', - 'maintainer_url' => 'http://www.bitweaver.org' - ) ); + 'content_type_guid' => BITUSER_CONTENT_TYPE_GUID, + 'content_description' => 'User Information', + 'handler_class' => 'BitUser', + 'handler_package' => 'users', + 'handler_file' => 'BitUser.php', + 'maintainer_url' => 'http://www.bitweaver.org' + ) ); $this->mUserId = ( @$this->verifyId( $pUserId ) ? $pUserId : NULL); $this->mContentId = $pContentId; } @@ -85,7 +84,7 @@ class BitUser extends LibertyAttachable { return $ret; } -/** + /** * load - loads all settings & preferences for this user * * @access public @@ -149,9 +148,9 @@ class BitUser extends LibertyAttachable { if( $pFull ) { $this->mInfo['real_name'] = trim($this->mInfo['real_name']); $this->mInfo['display_name'] = ((!empty($this->mInfo['real_name']) ? $this->mInfo['real_name'] : - (!empty($this->mUsername) ? $this->mUsername : - (!empty($this->mInfo['email']) ? substr($this->mInfo['email'],0, strpos($this->mInfo['email'],'@')) : - $this->mUserId)))); + (!empty($this->mUsername) ? $this->mUsername : + (!empty($this->mInfo['email']) ? substr($this->mInfo['email'],0, strpos($this->mInfo['email'],'@')) : + $this->mUserId)))); //print("displayName: ".$this->mInfo['display_name']); $this->defaults(); $this->mInfo['publicEmail'] = scrambleEmail( $this->mInfo['email'], ( $this->getPreference( 'users_email_display' ) ? $this->getPreference( 'users_email_display' ) : NULL ) ); @@ -265,8 +264,8 @@ class BitUser extends LibertyAttachable { } function isAdmin() { -// print "PURE VIRTUAL BASE FUNCTION"; -// die; + // print "PURE VIRTUAL BASE FUNCTION"; + // die; return FALSE; } @@ -274,11 +273,11 @@ class BitUser extends LibertyAttachable { global $gBitSystem, $gBitUser; $ret = FALSE; if( !empty( $_REQUEST['tk'] ) ) { - if( !($ret = $_REQUEST['tk'] == $this->mTicket ) && $pFatalOnError ) { + if( !($ret = $_REQUEST['tk'] == $this->mTicket ) && $pFatalOnError ) { $userString = $gBitUser->isRegistered() ? "\nUSER ID: ".$gBitUser->mUserId.' ( '.$gBitUser->getField( 'email' ).' ) ' : ''; error_log( tra( "Security Violation" )."$userString ".$_SERVER['REMOTE_ADDR']."\nURI: $_SERVER[REQUEST_URI] \nREFERER: $_SERVER[HTTP_REFERER] " ); $gBitSystem->fatalError( "Security Violation" ); - } + } } return $ret; } @@ -316,7 +315,7 @@ class BitUser extends LibertyAttachable { // check some new user requirements if( !$this->isRegistered() ) { /*if( empty( $pParamHash['login'] ) ) { - $this->mErrors['login'] = 'You must enter a username'; + $this->mErrors['login'] = 'You must enter a username'; }*/ if( empty( $pParamHash['registration_date'] ) ) { $pParamHash['registration_date'] = date( "U" ); @@ -350,11 +349,11 @@ class BitUser extends LibertyAttachable { } elseif( !empty( $pParamHash['password2'] ) && ($pParamHash['password'] != $pParamHash['password2']) ) { $this->mErrors['password'] = tra( 'The passwords do not match' ); } elseif( $gBitSystem->isFeatureActive( 'users_pass_chr_num' ) && - (!preg_match_all( "/[0-9]+/",$pParamHash["password"],$foo ) || !preg_match_all("/[A-Za-z]+/",$pParamHash["password"],$foo)) ) { + (!preg_match_all( "/[0-9]+/",$pParamHash["password"],$foo ) || !preg_match_all("/[A-Za-z]+/",$pParamHash["password"],$foo)) ) { $this->mErrors['password'] = tra( 'Password must contain both letters and numbers' ); } else { // Generate a unique hash -// $pParamHash['user_store']['hash'] = md5( strtolower( (!empty($pParamHash['login'])?$pParamHash['login']:'') ).$pParamHash['password'].$pParamHash['email'] ); + // $pParamHash['user_store']['hash'] = md5( strtolower( (!empty($pParamHash['login'])?$pParamHash['login']:'') ).$pParamHash['password'].$pParamHash['email'] ); $pParamHash['user_store']['hash'] = md5( $pParamHash['password'] ); $now = $gBitSystem->getUTCTime(); if( !isset( $pParamHash['pass_due'] ) && $gBitSystem->getConfig('users_pass_due') ) { @@ -394,10 +393,10 @@ class BitUser extends LibertyAttachable { $errors = array(); } if( !eregi ( - '^[-!#$%&\`*+\\./0-9=?A-Z^_`a-z{|}~]+'.'@'. - '(localhost|[-!$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.'. - '[-!$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+)$' - , $pEmail ) ) { + '^[-!#$%&\`*+\\./0-9=?A-Z^_`a-z{|}~]+'.'@'. + '(localhost|[-!$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.'. + '[-!$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+)$' + , $pEmail ) ) { $errors['email'] = 'The email address "'.$pEmail.'" is invalid.'; } elseif( !empty( $this ) && is_object( $this ) && $this->userExists( array( 'email' => $pEmail ) ) ) { $errors['email'] = 'The email address "'.$pEmail.'" has already been registered.'; @@ -435,25 +434,25 @@ class BitUser extends LibertyAttachable { // fgets function reference : http://www.php.net/manual/en/function.fgets.php // A "Real domain name required for sender address" - $Out = $this->get_SMTP_response( $Connect ); - if ( ereg ( "^220", $Out ) ) { + $Out = $this->get_SMTP_response( $Connect ); + if ( ereg ( "^220", $Out ) ) { // Inform client's reaching to server who connect. if( $gBitSystem->hasValidSenderEmail() ) { $senderEmail = $gBitSystem->getConfig( 'site_sender_email' ); fputs ( $Connect, "HELO $HTTP_HOST\r\n" ); -if ($gDebug) echo "Run : HELO $HTTP_HOST<br>"; + if ($gDebug) echo "Run : HELO $HTTP_HOST<br>"; $Out = $this->get_SMTP_response ( $Connect ); // Receive server's answering cord. // Inform sender's address to server. fputs ( $Connect, "MAIL FROM: <{$senderEmail}>\r\n" ); -if ($gDebug) echo "Run : MAIL FROM: <{$senderEmail}><br>"; + if ($gDebug) echo "Run : MAIL FROM: <{$senderEmail}><br>"; $From = $this->get_SMTP_response ( $Connect ); // Receive server's answering cord. // Inform listener's address to server. fputs ( $Connect, "RCPT TO: <{$pEmail}>\r\n" ); -if ($gDebug) echo "Run : RCPT TO: <{$pEmail}><br>"; + if ($gDebug) echo "Run : RCPT TO: <{$pEmail}><br>"; $To = $this->get_SMTP_response ( $Connect ); // Receive server's answering cord. // Finish connection. fputs ( $Connect, "QUIT\r\n"); -if ($gDebug) echo "Run : QUIT<br>"; + if ($gDebug) echo "Run : QUIT<br>"; fclose($Connect); // Server's answering cord about MAIL and TO command checks. // Server about listener's address reacts to 550 codes if there does not exist @@ -472,7 +471,7 @@ if ($gDebug) echo "Run : QUIT<br>"; } -/** + /** * register - will handle everything necessary for registering a user and sending appropriate emails, etc. * * @access public @@ -480,57 +479,71 @@ if ($gDebug) echo "Run : QUIT<br>"; * @return returnString */ function register( &$pParamHash ) { - global $notificationlib, $gBitSmarty, $gBitSystem; + global $notificationlib, $gBitSmarty, $gBitSystem, $gBitUser; $ret = FALSE; if( !empty( $_FILES['fPortraitFile'] ) && empty( $_FILES['fAvatarFile'] ) ) { $pParamHash['fAutoAvatar'] = TRUE; } - if( $this->store( $pParamHash ) ) { - require_once( KERNEL_PKG_PATH.'notification_lib.php' ); - $notificationlib->post_new_user_event( $pParamHash['login'] ); - $ret = TRUE; + if ($this->verify($pParamHash)) { + for ($i=0;$i<BaseAuth::getAuthMethodCount();$i++) { + $instance = BaseAuth::init($i); + if ($instance && $instance->canManageAuth()) { + $res = $instance->createUser($pParamHash); + $this->mErrors = array_merge($this->mErrors,$instance->mErrors); + if ($res) { + break; + } else { + return false; + } + } + } + if( $this->store( $pParamHash ) ) { + require_once( KERNEL_PKG_PATH.'notification_lib.php' ); + $notificationlib->post_new_user_event( $pParamHash['login'] ); + $ret = TRUE; - // set local time zone as default when registering - $this->storePreference( 'site_display_timezone', 'Local' ); + // set local time zone as default when registering + $this->storePreference( 'site_display_timezone', 'Local' ); - if( !empty( $_REQUEST['CUSTOM'] ) ) { - foreach( $_REQUEST['CUSTOM'] as $field=>$value ) { - $this->storePreference( $field, $value ); + if( !empty( $_REQUEST['CUSTOM'] ) ) { + foreach( $_REQUEST['CUSTOM'] as $field=>$value ) { + $this->storePreference( $field, $value ); + } } - } - // Handle optional user preferences that may be collected during registration - if( !empty( $pParamHash['prefs'] ) ) { - foreach( array_keys( $pParamHash['prefs'] ) as $key ) { - $this->storePreference( $key, $pParamHash['prefs'][$key] ); + // Handle optional user preferences that may be collected during registration + if( !empty( $pParamHash['prefs'] ) ) { + foreach( array_keys( $pParamHash['prefs'] ) as $key ) { + $this->storePreference( $key, $pParamHash['prefs'][$key] ); + } } - } - $siteName = $gBitSystem->getConfig('site_title', $_SERVER['HTTP_HOST'] ); - $gBitSmarty->assign('siteName',$_SERVER["SERVER_NAME"]); - $gBitSmarty->assign('mail_site',$_SERVER["SERVER_NAME"]); - $gBitSmarty->assign('mail_user',$pParamHash['login']); - if( $gBitSystem->isFeatureActive( 'users_validate_user' ) ) { - // $apass = addslashes(substr(md5($gBitSystem->genPass()),0,25)); - $apass = $pParamHash['user_store']['provpass']; - $foo = parse_url($_SERVER["REQUEST_URI"]); - $foo1=str_replace("register","confirm",$foo["path"]); - $machine = httpPrefix().$foo1; + $siteName = $gBitSystem->getConfig('site_title', $_SERVER['HTTP_HOST'] ); + $gBitSmarty->assign('siteName',$_SERVER["SERVER_NAME"]); + $gBitSmarty->assign('mail_site',$_SERVER["SERVER_NAME"]); + $gBitSmarty->assign('mail_user',$pParamHash['login']); + if( $gBitSystem->isFeatureActive( 'users_validate_user' ) ) { + // $apass = addslashes(substr(md5($gBitSystem->genPass()),0,25)); + $apass = $pParamHash['user_store']['provpass']; + $foo = parse_url($_SERVER["REQUEST_URI"]); + $foo1=str_replace("register","confirm",$foo["path"]); + $machine = httpPrefix().$foo1; - // Send the mail - $gBitSmarty->assign('msg',tra('You will receive an email with information to login for the first time into this site')); - $gBitSmarty->assign('mail_machine',$machine); - $gBitSmarty->assign('mail_apass',$apass); - $mail_data = $gBitSmarty->fetch('bitpackage:users/user_validation_mail.tpl'); - mail($pParamHash["email"], $siteName.' - '.tra('Your registration information'),$mail_data,"From: ".$gBitSystem->getConfig('site_sender_email')."\r\nContent-type: text/plain;charset=utf-8\r\n"); - $gBitSmarty->assign('showmsg','y'); - } - if( $gBitSystem->isFeatureActive( 'send_welcome_email' ) ) { - // Send the welcome mail - $gBitSmarty->assign( 'mailPassword',$pParamHash['password'] ); - $gBitSmarty->assign( 'mailEmail',$pParamHash['email'] ); - $mail_data = $gBitSmarty->fetch('bitpackage:users/welcome_mail.tpl'); - mail($pParamHash["email"], tra( 'Welcome to' ).' '.$siteName,$mail_data,"From: ".$gBitSystem->getConfig('site_sender_email')."\r\nContent-type: text/plain;charset=utf-8\r\n"); + // Send the mail + $gBitSmarty->assign('msg',tra('You will receive an email with information to login for the first time into this site')); + $gBitSmarty->assign('mail_machine',$machine); + $gBitSmarty->assign('mail_apass',$apass); + $mail_data = $gBitSmarty->fetch('bitpackage:users/user_validation_mail.tpl'); + mail($pParamHash["email"], $siteName.' - '.tra('Your registration information'),$mail_data,"From: ".$gBitSystem->getConfig('site_sender_email')."\r\nContent-type: text/plain;charset=utf-8\r\n"); + $gBitSmarty->assign('showmsg','y'); + } + if( $gBitSystem->isFeatureActive( 'send_welcome_email' ) ) { + // Send the welcome mail + $gBitSmarty->assign( 'mailPassword',$pParamHash['password'] ); + $gBitSmarty->assign( 'mailEmail',$pParamHash['email'] ); + $mail_data = $gBitSmarty->fetch('bitpackage:users/welcome_mail.tpl'); + mail($pParamHash["email"], tra( 'Welcome to' ).' '.$siteName,$mail_data,"From: ".$gBitSystem->getConfig('site_sender_email')."\r\nContent-type: text/plain;charset=utf-8\r\n"); + } } } return( $ret ); @@ -601,18 +614,18 @@ if ($gDebug) echo "Run : QUIT<br>"; $this->purgeImage( 'portrait' ); $this->purgeImage( 'logo' ); $userTables = array( - 'users_semaphores', - // these have to be dealt with functions in there own packages - //'stars_history', - //'tidbits_user_bookmarks_urls', - //'tidbits_user_bookmarks_folders', - //'tidbits_user_menus', - //'tidbits_user_tasks', - 'users_cnxn', - 'users_watches', - 'users_favorites_map', - 'users_users', - //'liberty_content', you can't delete a content without deleting the associated object - and it is not because a user dissapears that all his production must dissapear - other users can have work on it + 'users_semaphores', + // these have to be dealt with functions in there own packages + //'stars_history', + //'tidbits_user_bookmarks_urls', + //'tidbits_user_bookmarks_folders', + //'tidbits_user_menus', + //'tidbits_user_tasks', + 'users_cnxn', + 'users_watches', + 'users_favorites_map', + 'users_users', + //'liberty_content', you can't delete a content without deleting the associated object - and it is not because a user dissapears that all his production must dissapear - other users can have work on it ); foreach( $userTables as $table ) { $query = "DELETE FROM `".BIT_DB_PREFIX.$table."` WHERE `user_id` = ?"; @@ -655,7 +668,7 @@ if ($gDebug) echo "Run : QUIT<br>"; } function login( $pLogin, $pPassword, $pChallenge=NULL, $pResponse=NULL ) { - global $gBitSystem, $user_cookie_site,$gBitUser; + global $gBitSystem, $user_cookie_site,$gBitUser; $isvalid = false; // Make sure cookies are enabled @@ -707,7 +720,7 @@ if ($gDebug) echo "Run : QUIT<br>"; $https_mode = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on'; if ($https_mode) { $stay_in_ssl_mode = ((isset($_SERVER['HTTP_REFERER']) && (substr($_SERVER['HTTP_REFERER'], 0, 5) == 'https')) - || (isset($_REQUEST['stay_in_ssl_mode']) && $_REQUEST['stay_in_ssl_mode'] == 'on')); + || (isset($_REQUEST['stay_in_ssl_mode']) && $_REQUEST['stay_in_ssl_mode'] == 'on')); if (!$stay_in_ssl_mode) { $site_http_domain = $gBitSystem->getConfig('site_http_domain', false); $site_http_port = $gBitSystem->getConfig('site_http_port', 80); @@ -715,11 +728,11 @@ if ($gDebug) echo "Run : QUIT<br>"; if ($site_http_domain) { $prefix = 'http://' . $site_http_domain; if ($site_http_port != 80) - $prefix .= ':' . $site_http_port; + $prefix .= ':' . $site_http_port; $prefix .= $site_http_prefix; $url = $prefix . $url; if (SID) - $url .= '?' . SID; + $url .= '?' . SID; } } } @@ -729,243 +742,98 @@ if ($gDebug) echo "Run : QUIT<br>"; function validate($user, $pass, $challenge, $response) { global $gBitSystem; // these will help us keep tabs of what is going on - $userTikiValid = false; - $userTikiPresent = false; - $userAuthValid = false; - $userAuthPresent = false; - // see if we are to use PEAR::Auth - $auth_pear = ($gBitSystem->getConfig("users_auth_method", "tiki") == "auth"); - $create_tiki = ($gBitSystem->getConfig("users_auth_create_gBitDbUser", "n") == "y"); - $create_auth = ($gBitSystem->getConfig("users_auth_create_user_auth", "n") == "y"); - $skip_admin = ($gBitSystem->getConfig("users_auth_skip_admin", "n") == "y"); - // first attempt a login via the standard Tiki system - $userId = $this->validateBitUser($user, $pass, $challenge, $response); - if ($userId) { - $userTikiValid = true; - $userTikiPresent = true; - // silence mErrors check since it's not always set. - } elseif (@$this->mErrors['login'] == 'Password incorrect') { - $userTikiPresent = true; - } elseif (@$this->mErrors['login'] == 'User not found') { - } - // if we aren't using LDAP this will be quick - if ( !$auth_pear || ($user == "admin" && $skip_admin) ) { - // TODO nothing here yet, as skip_admin is broken - wolff_borg - } elseif ( $auth_pear ) { - // next see if we need to check LDAP - // check the user account - $result = $this->validateAuth($user, $pass); - switch ($result) { - case USER_VALID: - unset($this->mErrors['login']); - $userAuthValid = true; - $userAuthPresent = true; - break; - case PASSWORD_INCORRECT: - $this->mErrors['login'] = 'Password incorrect'; - $userAuthPresent = true; - break; - case USER_NOT_FOUND: - // disable this error as user may have an account in Tiki only - wolff_borg - //$this->mErrors['login'] = 'User not found'; - break; + $userId=ANONYMOUS_USER_ID; + $authValid = false; + $authPresent = false; - } - } -/* -echo "userId: $userId<br>"; -echo "auth_pear: $auth_pear<br>"; -echo "create_tiki: $create_tiki<br>"; -echo "create_auth: $create_auth<br>"; -echo "skip_admin: $skip_admin<br>"; -echo "userTikiValid: $userTikiValid<br>"; -echo "userAuthValid: $userAuthValid<br>"; -echo "userTikiPresent: $userTikiPresent<br>"; -echo "userAuthPresent: $userAuthPresent<br>"; -*/ - // start off easy - // if the user verified in Tiki and Auth, or - // was not present in either, than skip all this - if ( $auth_pear ) { -//echo "1<br>"; - // if the user was logged into Tiki but not found in Auth - // see if we can create a new account - if ( $create_auth && $userTikiPresent && !$userAuthPresent ) { -//echo "2<br>"; - // need to make this better! ********************************************************* - $result = $this->create_user_auth($user, $pass); - // if the server didn't work, do something! - if ($result == SERVER_ERROR || $result != USER_VALID) { - $this->mErrors['login'] = 'Auth server error creating user'; + $create_auth = ($gBitSystem->getConfig("users_create_user_auth", "n") == "y"); + + for ($i=0;$i<BaseAuth::getAuthMethodCount();$i++) { + $instance = BaseAuth::init($i); + if ($instance) { + $result = $instance->validate($user, $pass, $challenge, $response); + switch ($result) { + case USER_VALID: + unset($this->mErrors['login']); + $authPresent = true; + $authValid = true; + break; + case PASSWORD_INCORRECT: + //$this->mErrors['login'] = 'Password incorrect'; + $authPresent = true; + break; + case USER_NOT_FOUND: + break; } - } - // if the user was logged into Auth but not found in Tiki - // see if we can create a new account - elseif( $create_tiki && $userAuthValid && !$userTikiPresent ) { -//echo "3<br>"; -//echo "user: $user<br>"; -//echo "pass: $pass<br>"; - // need to make this better! ********************************************************* - // if it worked ok, just log in - $authUserInfo = array( 'login' => $user, 'password' => $pass, 'real_name' => $this->mTmpStore['real_name'], 'email' => $this->mTmpStore['email'] ); - // TODO somehow, mUserId gets set to -1 at this point - no idea how - // set to NULL to prevent overwriting Guest user - wolff_borg - $this->mUserId = NULL; -//echo "mUserId: ".$this->mUserId."<br>"; - if ( $this->store( $authUserInfo ) ) { - $userId = $this->mUserId; + if ($authPresent) { + if (empty($instance->mInfo['email'])) { + $instance->mInfo['email']=$user; + } + //If we're given a user_id then the user is already in the tiki list: + if(!empty($instance->mInfo['user_id'])) { + $this->mUserId = $instance->mInfo['user_id']; + //Is the user already in the tiki list: + } elseif ($this->mDb->getOne("SELECT COUNT(*) FROM `".BIT_DB_PREFIX."users_users` WHERE `login`=?", array($instance->mLogin))>0) { + // Update Details + $authUserInfo = array( 'login' => $instance->mInfo['login'], 'password' => $instance->mInfo['password'], 'real_name' => $instance->mInfo['real_name'], 'email' => $instance->mInfo['email'] ); + $userInfo = $this->getUserInfo(array('login' => $user )); + $this->mUserId = $userInfo['user_id']; + $this->store( $authUserInfo ); + # TODO: Fix this - if user is an LDAP user, with a TIKI user already created, + # storing user info causes errors. NEED TO FIX - wolff_borg + $this->mErrors = array(); + } else { + //Add the user to the tiki list: + // need to make this better! ********************************************************* + // if it worked ok, just log in + $authUserInfo = array( 'login' => $instance->mInfo['login'], 'password' => $instance->mInfo['password'], 'real_name' => $instance->mInfo['real_name'], 'email' => $instance->mInfo['email'] ); + // TODO somehow, mUserId gets set to -1 at this point - no idea how + // set to NULL to prevent overwriting Guest user - wolff_borg + $this->mUserId = NULL; + //echo "mUserId: ".$this->mUserId."<br>"; + if ( $this->store( $authUserInfo ) ) { + $userId = $this->mUserId; + } + } + if ($create_auth&&$i>0) { + // if the user was logged into this system and we should progate users down other auth methods + for ($j=$i;$i>=0;$j--) { + $prob_method_name=$gBitSystem->getConfig("users_auth_method_$j",$default); + if (! empty($prob_method_name)) { + $p_instance = BaseAuth::init($prob_method_name); + if ($p_instance && $p_instance->canManageAuth()) { + $result = $p_instance->validate($user, $pass, $challenge, $response); + if ($result == USER_VALID || $result ==PASSWORD_INCORRECT) { + // see if we can create a new account + $userattr = $instance->getUserData(); + if (empty($userattr['login'])) { + $userattr['login'] = $user; + } + if (empty($userattr['password'])) { + $userattr['password'] = $pass; + } + $p_instance->createUser($userattr); + } + } + $this->mErrors = array_merge($this->mErrors,$p_instance->mErrors); + } + } + } + $this->mAuth = $instance; + break; } } - // if the user was logged into Auth but not found in Tiki - // see if we can create a new account - elseif( $userAuthValid && $userTikiPresent ) { -//echo "4<br>"; -//echo "user: $user<br>"; - $real_name = $this->mTmpStore['real_name']; - $email = $this->mTmpStore['email']; - $userInfo = $this->getUserInfo(array('login' => $user )); -//vd($userInfo); - $this->mUserId = $userInfo['user_id']; - $authUserInfo = array( 'login' => $user, 'password' => $pass, 'real_name' => $real_name, 'email' => $email ); - $this->store( $authUserInfo ); - # TODO: Fix this - if user is an LDAP user, with a TIKI user already created, - # storing user info causes errors. NEED TO FIX - wolff_borg - $this->mErrors = array(); - } + $this->mErrors = array_merge($this->mErrors,$instance->mErrors); } - if( $userId ) { -//echo "5<br>"; + if( $authValid && $userId ) { + //echo "5<br>"; $this->update_lastlogin( $userId ); $this->mUserId = $userId; $this->load(); } -//echo "6<br>"; -//vd($this->mErrors); return( count( $this->mErrors ) == 0 ); } - // validate the user in the PEAR::Auth system - function validateAuth($user, $pass) { - global $gBitSystem; - require_once (UTIL_PKG_PATH."pear/Auth/Auth.php"); - // just make sure we're supposed to be here - if ($gBitSystem->getConfig("users_auth_method", "tiki") != "auth") - return false; - // make sure that we can actually attempt this - if (!function_exists('ldap_connect')) { - $this->mErrors['login']=tra("LDAP Authentication requested but PHP LDAP Extention not loaded."). " (".$this->mErrors['login'].")"; - return false; - } - // get all of the LDAP options from the database - $options["host"] = $gBitSystem->getConfig("users_ldap_host", "localhost"); - $options["port"] = $gBitSystem->getConfig("users_ldap_port", "389"); - $options["scope"] = $gBitSystem->getConfig("users_ldap_scope", "sub"); - $options["basedn"] = $gBitSystem->getConfig("users_ldap_basedn", ""); - $options["userdn"] = $gBitSystem->getConfig("users_ldap_userdn", ""); - $options["userattr"] = $gBitSystem->getConfig("users_ldap_userattr", "uid"); - $options["useroc"] = $gBitSystem->getConfig("users_ldap_useroc", "posixAccount"); - $options["groupdn"] = $gBitSystem->getConfig("users_ldap_groupdn", ""); - $options["groupattr"] = $gBitSystem->getConfig("users_ldap_groupattr", "cn"); - $options["groupoc"] = $gBitSystem->getConfig("users_ldap_groupoc", "groupOfUniqueNames"); - $options["memberattr"] = $gBitSystem->getConfig("users_ldap_memberattr", "uniqueMember"); - $options["memberisdn"] = ($gBitSystem->getConfig("users_ldap_memberisdn", "y") == "y"); - $options["adminuser"] = $gBitSystem->getConfig("users_ldap_adminuser", ""); - $options["adminpass"] = $gBitSystem->getConfig("users_ldap_adminpass", ""); - // set the Auth options - $a = new Auth("LDAP", $options, "", false, $user, $pass); - // check if the login correct - $a->login(); - $ret = ''; - switch ($a->getStatus()) { - case AUTH_LOGIN_OK: - $ret=USER_VALID; - $ds=ldap_connect($options["host"], $options["port"]); // Connects to LDAP Server - if ($ds) { - $r=ldap_bind($ds, $options["adminuser"], $options["adminpass"]); - $attrs = array("cn", "mail"); - $sr=ldap_search($ds, $options["basedn"], "(".$options["userattr"]."=".$user.")", $attrs); // Search - $info = ldap_get_entries($ds, $sr); - $this->mTmpStore["real_name"] = $info[0]["cn"][0]; - $this->mTmpStore["email"] = $info[0]["mail"][0]; - ldap_close($ds); - } - break; - case AUTH_USER_NOT_FOUND: - $ret=USER_NOT_FOUND; - break; - case AUTH_WRONG_LOGIN: - $ret=PASSWORD_INCORRECT; - break; - default: - $ret=SERVER_ERROR; - break; - } - return $ret; - } - - // validate the user in the bitweaver database - validation is case insensitive, and we like it that way! - function validateBitUser( $pLogin, $pass, $challenge, $response ) { - global $gBitSystem; - $ret = NULL; - if( empty( $pLogin ) ) { - $this->mErrors['login'] = 'User not found'; - } elseif( empty( $pass ) ) { - $this->mErrors['login'] = 'Password incorrect'; - } else { - $loginVal = strtoupper( $pLogin ); // case insensitive login - $loginCol = ' UPPER(`'.(strpos( $pLogin, '@' ) ? 'email' : 'login').'`)'; - // first verify that the user exists - $query = "select `email`, `login`, `user_id`, `user_password` from `".BIT_DB_PREFIX."users_users` where " . $this->mDb->convert_binary(). " $loginCol = ?"; - $result = $this->mDb->query( $query, array( $loginVal ) ); - if( !$result->numRows() ) { - $this->mErrors['login'] = 'User not found'; - } else { - $res = $result->fetchRow(); - $userId = $res['user_id']; - $user = $res['login']; - // TikiWiki 1.8+ uses this bizarro conglomeration of fields to get the hash. this sucks for many reasons - $hash = md5( strtolower($user) . $pass . $res['email']); - $hash2 = md5($pass); - // next verify the password with 2 hashes methods, the old one (pass)) and the new one (login.pass;email) - // TODO - this needs cleaning up - wolff_borg - if( !$gBitSystem->isFeatureActive( 'feature_challenge' ) || empty($response) ) { - $query = "select `user_id`, `hash` from `".BIT_DB_PREFIX."users_users` where " . $this->mDb->convert_binary(). " $loginCol = ? and (`hash`=? or `hash`=?)"; - if ( $row = $this->mDb->getRow( $query, array( $loginVal, $hash, $hash2 ) ) ) { - // auto-update old hashes with simple and standard md5( password ) - $hashUpdate = ''; - if( $row['hash'] == $hash ) { - $hashUpdate = 'hash=?, '; - $bindVars[] = $hash2; - } - $bindVars[] = $gBitSystem->getUTCTime(); - $bindVars[] = $userId; - $query = "update `".BIT_DB_PREFIX."users_users` set $hashUpdate `last_login`=`current_login`, `current_login`=? where `user_id`=?"; - $result = $this->mDb->query($query, $bindVars ); - $ret = $userId; - } else { - $this->mErrors['login'] = 'Password incorrect'; - } - } else { - // Use challenge-reponse method - // Compare pass against md5(user,challenge,hash) - $hash = $this->mDb->getOne("select `hash` from `".BIT_DB_PREFIX."users_users` where " . $this->mDb->convert_binary(). " $loginCol = ?", array( $pLogin ) ); - if (!isset($_SESSION["challenge"])) { - $this->mErrors['login'] = 'Invalid challenge'; - } - //print("pass: $pass user: $user hash: $hash <br/>"); - //print("challenge: ".$_SESSION["challenge"]." challenge: $challenge<br/>"); - //print("response : $response<br/>"); - if ($response == md5( strtolower($user) . $hash . $_SESSION["challenge"]) ) { - $ret = $userId; - $this->update_lastlogin( $userId ); - } else { - $this->mErrors['login'] = 'Invalid challenge'; - } - } - } - } - return( $ret ); - } // update the lastlogin status on this user function update_lastlogin( $pUserId ) { $ret = FALSE; @@ -978,38 +846,6 @@ echo "userAuthPresent: $userAuthPresent<br>"; } return $ret; } - // create a new user in the Auth directory - function create_user_auth($user, $pass) { - global $gBitSystem; - $options = array(); - $options["host"] = $gBitSystem->getConfig("users_ldap_host", "localhost"); - $options["port"] = $gBitSystem->getConfig("users_ldap_port", "389"); - $options["scope"] = $gBitSystem->getConfig("users_ldap_scope", "sub"); - $options["basedn"] = $gBitSystem->getConfig("users_ldap_basedn", ""); - $options["userdn"] = $gBitSystem->getConfig("users_ldap_userdn", ""); - $options["userattr"] = $gBitSystem->getConfig("users_ldap_userattr", "uid"); - $options["useroc"] = $gBitSystem->getConfig("users_ldap_useroc", "posixAccount"); - $options["groupdn"] = $gBitSystem->getConfig("users_ldap_groupdn", ""); - $options["groupattr"] = $gBitSystem->getConfig("users_ldap_groupattr", "cn"); - $options["groupoc"] = $gBitSystem->getConfig("users_ldap_groupoc", "groupOfUniqueNames"); - $options["memberattr"] = $gBitSystem->getConfig("users_ldap_memberattr", "uniqueMember"); - $options["memberisdn"] = ($gBitSystem->getConfig("users_ldap_memberisdn", "y") == "y"); - $options["adminuser"] = $gBitSystem->getConfig("users_ldap_adminuser", ""); - $options["adminpass"] = $gBitSystem->getConfig("users_ldap_adminpass", ""); - // set additional attributes here - $userattr = array(); - $userattr["email"] = $this->mDb->getOne("select `email` from `".BIT_DB_PREFIX."users_users` - where `login`=?", array($user)); - // set the Auth options - $a = new Auth("LDAP", $options); - // check if the login correct - if ($a->addUser($user, $pass, $userattr) === true) - $status = USER_VALID; - // otherwise use the error status given back - else - $status = $a->getStatus(); - return $status; - } function get_users_names($offset = 0, $max_records = -1, $sort_mode = 'login_desc', $find = '') { // Return an array of users indicating name, email, last changed pages, versions, last_login @@ -1050,7 +886,7 @@ echo "userAuthPresent: $userAuthPresent<br>"; function lookupHomepage( $iHomepage ) { $ret = NULL; if ( @$this->verifyId($iHomepage)) { - // iHomepage is the user_id for the user... + // iHomepage is the user_id for the user... $key = 'user_id'; } elseif (substr($iHomepage,0,7) == 'mailto:') { // iHomepage is the email address of the user... @@ -1090,38 +926,7 @@ echo "userAuthPresent: $userAuthPresent<br>"; } return $ret; } -/* - // all of these methods have been replaced by the single getUserInfo method - function get_user_info($user, $iCaseSensitive = TRUE) { - if (!$iCaseSensitive) { - $query = "SELECT * FROM `".BIT_DB_PREFIX."users_users` where LOWER(`login`) = ?"; - } else { - $query = "select * from `".BIT_DB_PREFIX."users_users` where `login`=?"; - } - $result = $this->mDb->query($query,array($iCaseSensitive ? $user : strtolower($user))); - $res = $result->fetchRow(); - $groups = $this->getGroups( $res['user_id'] ); - $res["groups"] = $groups; - return $res; - } - function get_user_info_from_email($email) { - $query = "select * from `".BIT_DB_PREFIX."users_users` where `email`=?"; - $result = $this->mDb->query($query,array($email)); - $res = $result->fetchRow(); - return $res; - } - function get_user_password($user) { - $query = "select `user_password` from `".BIT_DB_PREFIX."users_users` where " . $this->mDb->convert_binary(). " `login`=?"; - $pass = $this->mDb->getOne($query, array($user)); - return $pass; - } - function get_user_hash($user) { - $query = "select `hash` from `".BIT_DB_PREFIX."users_users` where " . - $this->mDb->convert_binary(). " `login` = ?"; - $pass = $this->mDb->getOne($query, array($user)); - return $pass; - } -*/ + function getByHash( $hash ) { $query = "select `user_id` from `".BIT_DB_PREFIX."users_cnxn` where `cookie`=?"; return $this->mDb->getOne( $query, array($hash) ); @@ -1234,7 +1039,7 @@ echo "userAuthPresent: $userAuthPresent<br>"; // setup the hash for central storage functions $pStorageHash['upload']['max_width'] = PORTRAIT_MAX_DIM; $pStorageHash['upload']['max_height'] = PORTRAIT_MAX_DIM; -// $pStorageHash['upload']['dest_base_name'] = 'portrait'; + // $pStorageHash['upload']['dest_base_name'] = 'portrait'; $pStorageHash['upload']['dest_path'] = $this->getStorageBranch( 'self',$this->mUserId ); $pStorageHash['storage_type'] = STORAGE_IMAGE; $pStorageHash['content_type_guid'] = BITUSER_CONTENT_TYPE_GUID; @@ -1268,7 +1073,7 @@ echo "userAuthPresent: $userAuthPresent<br>"; // setup the hash for central storage functions $pStorageHash['upload']['max_width'] = AVATAR_MAX_DIM; $pStorageHash['upload']['max_height'] = AVATAR_MAX_DIM; -// $pStorageHash['upload']['dest_base_name'] = 'avatar'; + // $pStorageHash['upload']['dest_base_name'] = 'avatar'; $pStorageHash['upload']['dest_path'] = $this->getStorageBranch( 'self',$this->mUserId ); $pStorageHash['storage_type'] = STORAGE_IMAGE; $pStorageHash['content_type_guid'] = BITUSER_CONTENT_TYPE_GUID; @@ -1290,7 +1095,7 @@ echo "userAuthPresent: $userAuthPresent<br>"; function storeLogo( &$pStorageHash ) { - if( $this->isValid() && count( $pStorageHash ) ) { + if( $this->isValid() && count( $pStorageHash ) ) { // setup the hash for central storage functions $pStorageHash['upload']['max_width'] = LOGO_MAX_DIM; $pStorageHash['upload']['max_height'] = LOGO_MAX_DIM; @@ -1484,7 +1289,7 @@ echo "userAuthPresent: $userAuthPresent<br>"; return $ret; while ($res = $result->fetchRow()) { - $ret[] = $res; + $ret[] = $res; } return $ret; @@ -1510,7 +1315,7 @@ echo "userAuthPresent: $userAuthPresent<br>"; $result = $this->mDb->query($query,array()); $ret = array(); while ($res = $result->fetchRow()) { - $ret[] = $res['event']; + $ret[] = $res['event']; } return $ret; } @@ -1525,7 +1330,7 @@ echo "userAuthPresent: $userAuthPresent<br>"; $pUserName = $this->mUsername; } if( function_exists( 'override_user_url' ) ) { - $ret = override_user_url( $pUserName ); + $ret = override_user_url( $pUserName ); } else { global $gBitSystem; @@ -1567,9 +1372,9 @@ echo "userAuthPresent: $userAuthPresent<br>"; } if( !empty( $pHash ) ) { $displayName = (((!empty($pHash['real_name']) && $gBitSystem->getConfig( 'users_display_name', 'real_name' ) == 'real_name') ? $pHash['real_name'] : - (!empty($pHash['user']) ? $pHash['user'] : - (!empty($pHash['login']) ? $pHash['login'] : - (!empty($pHash['email']) ? substr($pHash['email'],0, strpos($pHash['email'],'@')) : $pHash['user_id']))))); + (!empty($pHash['user']) ? $pHash['user'] : + (!empty($pHash['login']) ? $pHash['login'] : + (!empty($pHash['email']) ? substr($pHash['email'],0, strpos($pHash['email'],'@')) : $pHash['user_id']))))); if (!empty($pHash['user'])) { $iHomepage = $pHash['user']; } elseif (!empty($pHash['login'])) { @@ -1587,14 +1392,14 @@ echo "userAuthPresent: $userAuthPresent<br>"; if( $pUseLink ) { if( $gBitUser->hasPermission( 'p_users_view_user_homepage' ) ) { $ret = '<a class="username" title="'.tra( 'Visit the userpage of' ).': '.$displayName - .'" href="'.BitUser::getDisplayUrl( $iHomepage ).'">' - . htmlspecialchars( ( ( isset( $pHash['link_label'] ) ) ? ( $pHash['link_label'] ) : ( $displayName ) ) ) - .'</a>'; + .'" href="'.BitUser::getDisplayUrl( $iHomepage ).'">' + . htmlspecialchars( ( ( isset( $pHash['link_label'] ) ) ? ( $pHash['link_label'] ) : ( $displayName ) ) ) + .'</a>'; } else { $ret = '<a class="username" title="'.tra( 'Visit the userpage of' ).': '.$displayName - .'" href="'.USERS_PKG_URL.'my.php">' - . htmlspecialchars( ( ( isset( $pHash['link_label'] ) ) ? ( $pHash['link_label'] ) : ( $displayName ) ) ) - .'</a>'; + .'" href="'.USERS_PKG_URL.'my.php">' + . htmlspecialchars( ( ( isset( $pHash['link_label'] ) ) ? ( $pHash['link_label'] ) : ( $displayName ) ) ) + .'</a>'; } } else { $ret = $displayName; @@ -1606,7 +1411,7 @@ echo "userAuthPresent: $userAuthPresent<br>"; } - /** + /** * Returns include file that will * @return the fully specified path to file to be included */ @@ -1742,7 +1547,7 @@ function scrambleEmail($email, $method='unicode') { switch ($method) { case 'strtr': $trans = array( "@" => tra(" AT "), - "." => tra(" DOT ") + "." => tra(" DOT ") ); $ret = strtr($email, $trans); break; @@ -1755,12 +1560,12 @@ function scrambleEmail($email, $method='unicode') { break; case 'unicode': case 'y':// for previous compatibility - $encoded = ''; - for ($i = 0; $i < strlen($email); $i++) { - $encoded .= '&#' . ord($email[$i]). ';'; - } - $ret = $encoded; - break; + $encoded = ''; + for ($i = 0; $i < strlen($email); $i++) { + $encoded .= '&#' . ord($email[$i]). ';'; + } + $ret = $encoded; + break; default: $ret = NULL; break; diff --git a/admin/admin_login_inc.php b/admin/admin_login_inc.php index 71e0bfa..d80e797 100644 --- a/admin/admin_login_inc.php +++ b/admin/admin_login_inc.php @@ -1,14 +1,19 @@ <?php -// $Header: /cvsroot/bitweaver/_bit_users/admin/admin_login_inc.php,v 1.17 2006/07/03 21:22:38 hash9 Exp $ +// $Header: /cvsroot/bitweaver/_bit_users/admin/admin_login_inc.php,v 1.18 2006/07/12 22:03:03 hash9 Exp $ // Copyright (c) 2002-2003, Luis Argerich, Garland Foster, Eduardo Polidor, et. al. // All Rights Reserved. See copyright.txt for details and a complete list of authors. // Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details. $loginSettings = array( + 'users_create_user_auth' => array( + 'label' => "Propgate Users", + 'type' => "checkbox", + 'note' => "Create a User in all lower Authentication Methods.<br />This won't work for methods in Method 1.", + ), 'users_allow_register' => array( 'label' => "Users can register", 'type' => "checkbox", - 'note' => "", + 'note' => "Registration is attempted for the lowest level supporting the creation of new users.", ), 'send_welcome_email' => array( 'label' => "Send registration welcome email", @@ -232,104 +237,10 @@ if( !empty( $_REQUEST["httpprefs"] ) ) { } } -$ldapSettings = array( - 'users_auth_create_gBitDbUser' => array( - 'label' => "Create user if not in bitweaver", - 'type' => "checkbox", - 'note' => "", - ), - 'users_auth_create_user_auth' => array( - 'label' => "Create user if not in Auth", - 'type' => "checkbox", - 'note' => "", - ), - 'users_auth_skip_admin' => array( - 'label' => "Just use bitweaver auth for admin", - 'type' => "checkbox", - 'note' => "", - ), - 'users_ldap_host' => array( - 'label' => "LDAP Host", - 'type' => "text", - 'note' => "", - ), - 'users_ldap_port' => array( - 'label' => "LDAP Port", - 'type' => "text", - 'note' => "", - ), - 'users_ldap_basedn' => array( - 'label' => "LDAP Base DN", - 'type' => "text", - 'note' => "", - ), - 'users_ldap_userdn' => array( - 'label' => "LDAP User DN", - 'type' => "text", - 'note' => "", - ), - 'users_ldap_userattr' => array( - 'label' => "LDAP User Attribute", - 'type' => "text", - 'note' => "", - ), - 'users_ldap_useroc' => array( - 'label' => "LDAP User OC", - 'type' => "text", - 'note' => "", - ), - 'users_ldap_groupdn' => array( - 'label' => "LDAP Group DN", - 'type' => "text", - 'note' => "", - ), - 'users_ldap_groupattr' => array( - 'label' => "LDAP Group Atribute", - 'type' => "text", - 'note' => "", - ), - 'users_ldap_groupoc' => array( - 'label' => "LDAP Group OC", - 'type' => "text", - 'note' => "", - ), - 'users_ldap_memberattr' => array( - 'label' => "LDAP Member Attribute", - 'type' => "text", - 'note' => "", - ), - 'users_ldap_memberisdn' => array( - 'label' => "LDAP Member Is DN", - 'type' => "text", - 'note' => "", - ), - 'users_ldap_adminuser' => array( - 'label' => "LDAP Admin User", - 'type' => "text", - 'note' => "", - ), - 'users_ldap_adminpass' => array( - 'label' => "LDAP Admin Pwd", - 'type' => "password", - 'note' => "", - ), -); -$gBitSmarty->assign( 'ldapSettings', $ldapSettings ); - -$ldapEnabled= function_exists('ldap_connect'); -$gBitSmarty->assign( 'ldapEnabled', $ldapEnabled ); - -if( $ldapEnabled && !empty( $_REQUEST["auth_pear"] ) ) { - foreach( array_keys( $ldapSettings ) as $feature ) { - if( $ldapSettings[$feature]['type'] == 'text' ) { - simple_set_value( $feature, USERS_PKG_NAME ); - } else { - simple_set_toggle( $feature, USERS_PKG_NAME ); - } - } -} $listHash = array(); $groupList = $gBitUser->getAllGroups($listHash); $gBitSmarty->assign_by_ref('groupList', $groupList['data']); +require_once(USERS_PKG_PATH.'auth/auth.php'); +BaseAuth::settings(); ?> diff --git a/auth/bit_auth.php b/auth/bit_auth.php new file mode 100644 index 0000000..4ea625b --- /dev/null +++ b/auth/bit_auth.php @@ -0,0 +1,97 @@ +<?php +class BitAuth extends BaseAuth { + + function BitAuth() { + parent::BaseAuth('bit'); + } + + function validate($user,$pass,$challenge,$response) { + parent::validate($user,$pass,$challenge,$response); + global $gBitSystem; + global $gBitDb; + $ret = SERVER_ERROR; + if( empty( $user ) ) { + $this->mErrors['login'] = 'User not found'; + } elseif( empty( $pass ) ) { + $this->mErrors['login'] = 'Password incorrect'; + } else { + $loginVal = strtoupper( $user ); // case insensitive login + $loginCol = ' UPPER(`'.(strpos( $user, '@' ) ? 'email' : 'login').'`)'; + // first verify that the user exists + $query = "select `email`, `login`, `user_id`, `user_password` from `".BIT_DB_PREFIX."users_users` where " . $gBitDb->convert_binary(). " $loginCol = ?"; + $result = $gBitDb->query( $query, array( $loginVal ) ); + if( !$result->numRows() ) { + $this->mErrors['login'] = 'User not found'; + } else { + $res = $result->fetchRow(); + $userId = $res['user_id']; + $user = $res['login']; + // TikiWiki 1.8+ uses this bizarro conglomeration of fields to get the hash. this sucks for many reasons + $hash = md5( strtolower($user) . $pass . $res['email']); + $hash2 = md5($pass); + // next verify the password with 2 hashes methods, the old one (pass)) and the new one (login.pass;email) + // TODO - this needs cleaning up - wolff_borg + if( !$gBitSystem->isFeatureActive( 'feature_challenge' ) || empty($response) ) { + $query = "select `user_id`, `hash` from `".BIT_DB_PREFIX."users_users` where " . $gBitDb->convert_binary(). " $loginCol = ? and (`hash`=? or `hash`=?)"; + if ( $row = $gBitDb->getRow( $query, array( $loginVal, $hash, $hash2 ) ) ) { + // auto-update old hashes with simple and standard md5( password ) + $hashUpdate = ''; + if( $row['hash'] == $hash ) { + $hashUpdate = 'hash=?, '; + $bindVars[] = $hash2; + } + $bindVars[] = $gBitSystem->getUTCTime(); + $bindVars[] = $userId; + $query = "update `".BIT_DB_PREFIX."users_users` set $hashUpdate `last_login`=`current_login`, `current_login`=? where `user_id`=?"; + $result = $gBitDb->query($query, $bindVars ); + $ret=USER_VALID; + } else { + $ret=PASSWORD_INCORRECT; + $this->mErrors[] = 'Password incorrect'; + } + } else { + // Use challenge-reponse method + // Compare pass against md5(user,challenge,hash) + $hash = $gBitDb->getOne("select `hash` from `".BIT_DB_PREFIX."users_users` where " . $gBitDb->convert_binary(). " $loginCol = ?", array( $user ) ); + if (!isset($_SESSION["challenge"])) { + $this->mErrors[] = 'Invalid challenge'; + $ret=PASSWORD_INCORRECT; + } + //print("pass: $pass user: $user hash: $hash <br/>"); + //print("challenge: ".$_SESSION["challenge"]." challenge: $challenge<br/>"); + //print("response : $response<br/>"); + if ($response == md5( strtolower($user) . $hash . $_SESSION["challenge"]) ) { + $ret = USER_VALID; + $this->update_lastlogin( $userId ); + } else { + $this->mErrors[] = 'Invalid challenge'; + $ret=PASSWORD_INCORRECT; + } + } + } + if (!empty($userId)) { + $this->mInfo['user_id']=$userId; + } + } + return( $ret ); + } + + function canManageAuth() { + return true; + } + + function isSupported() { + return true; + } + + function createUser(&$userattr) { + //$authUserInfo = array( 'login' => $instance->mInfo['login'], 'password' => $instance->mInfo['password'], 'real_name' => $instance->mInfo['real_name'], 'email' => $instance->mInfo['email'] ); + if (empty($userattr["email"])) { + $userattr["email"] = $userattr["login"]; + } + $u = new BitUser(); + $res = $u->store( $userattr ); + $this->mErrors = array_merge($this->mErrors,$u->mErrors); + return $res; + } +}
\ No newline at end of file diff --git a/auth/imap_auth.php b/auth/imap_auth.php new file mode 100644 index 0000000..951c1fa --- /dev/null +++ b/auth/imap_auth.php @@ -0,0 +1,97 @@ +<?php +class IMAPAuth extends BaseAuth { + + function IMAPAuth() { + parent::BaseAuth('imap'); + } + + function validate($user,$pass,$challenge,$response) { + parent::validate($user,$pass,$challenge,$response); + $mailbox = '{' . $this->mConfig['server']; + if ($this->mConfig["ssl"]) { + $mailbox .= "/ssl"; + if ($this->mConfig["sslvalidate"]) { + $mailbox .= "/validate-cert"; + } else { + $mailbox .= "/novalidate-cert"; + } + } + $mailbox .= ':'.$this->mConfig["port"].'}INBOX'; + + $imapauth = @imap_open($mailbox,$user , $pass); + if (!$imapauth) { + $this->mErrors['login']=imap_errors(); + $ret=USER_NOT_FOUND; + } else { + $ret=USER_VALID; + $this->mInfo["real_name"] = $user; + if(empty($this->mConfig["email"])) { + $this->mInfo["email"] = $user; + } else { + $info=array('login'=>$user); + $replace_func = create_function('$matches','$info = '.var_export($info,true).'; + $m = $matches[0]; + $m = substr($m,1,strlen($m)-2); + if(empty($info[$m])) return ""; + return strtolower($info[$m]);'); + $this->mInfo["email"] = preg_replace_callback('/%.*?%/',$replace_func,$this->mConfig["email"]); + } + imap_close($imapauth); + } + return $ret; + } + + function isSupported() { + $ret = true; + if (!function_exists('imap_open')) { + $this->mErrors['support']=tra("IMAP Authentication is not supported as PHP IMAP Extention not loaded."); + $ret = false; + } + return $ret; + } + + function createUser(&$userattr) { + $this->mErrors['create']=tra("Cannot create users in an IMAP Server."); + return false; + } + + function canManageAuth() { + $this->mErrors[]=tra("Cannot create users in an IMAP Server."); + return false; + } + + function getSettings() { + return array( + 'users_imap_server' => array( + 'label' => "IMAP Server", + 'type' => "text", + 'note' => "", + 'default' => '', + ), + 'users_imap_ssl' => array( + 'label' => "Connect Using SSL", + 'type' => "checkbox", + 'note' => "", + 'default' => 'y', + ), + 'users_imap_sslvalidate' => array( + 'label' => "Require SSL Certificate to be valid", + 'type' => "checkbox", + 'note' => "", + 'default' => 'n', + ), + 'users_imap_port' => array( + 'label' => "IMAP Port", + 'type' => "text", + 'note' => "", + 'default' => '993', + ), + 'users_imap_email' => array( + 'label' => "LDAP User E-Mail Address", + 'type' => "text", + 'note' => "If empty the login is used.<br />Otherwise all %login% is replaced with the login name, and the result used as the email address.<br />Please remember to include the @ sign", + 'default' => "%login%@redhat.com", + ), + ); + } +}
\ No newline at end of file diff --git a/auth/ldap_auth.php b/auth/ldap_auth.php new file mode 100644 index 0000000..da14bac --- /dev/null +++ b/auth/ldap_auth.php @@ -0,0 +1,215 @@ +<?php +if (file_exists(UTIL_PKG_PATH."pear/Auth/Auth.php")) { + require_once (UTIL_PKG_PATH."pear/Auth/Auth.php"); +} else { + @include_once("Auth.php"); +} + +class LDAPAuth extends BaseAuth { + function LDAPAuth() { + parent::BaseAuth('ldap'); + } + + function validate($user,$pass,$challenge,$response) { + parent::validate($user,$pass,$challenge,$response); + // set the Auth options + $a = new Auth("LDAP", $this->mConfig, "", false, $user, $pass); + // check if the login correct + $a->login(); + $ret = ''; + switch ($a->getStatus()) { + case AUTH_LOGIN_OK: + $ret=USER_VALID; + $ds=ldap_connect($this->mConfig["host"], $this->mConfig["port"]); // Connects to LDAP Server + if ($ds) { + $r=ldap_bind($ds, $this->mConfig["adminuser"], $this->mConfig["adminpass"]); + if ($r) { + $attrs = array("cn", "mail"); + $sr=ldap_search($ds, $this->mConfig["basedn"], "(".$this->mConfig["userattr"]."=".$user.")", $attrs); // Search + $info = ldap_get_entries($ds, $sr); + $this->mInfo["real_name"] = $info[0]["cn"][0]; + if(empty($this->mConfig["email"])) { + if(empty($info[0]["mail"][0])) { + $this->mInfo["email"] = $info[0][$this->mConfig["userattr"]][0]; + } else { + $this->mInfo["email"] = $info[0]["mail"][0]; + } + } else { + $replace_func = create_function('$matches','$info = '.var_export($info,true).'; + $m = $matches[0]; + $m = substr($m,1,strlen($m)-2); + if(empty($info[0][$m][0])) return ""; + return strtolower($info[0][$m][0]);'); + $this->mInfo["email"] = preg_replace_callback('/%.*?%/',$replace_func,$this->mConfig["email"]); + } + } + ldap_close($ds); + } + break; + case AUTH_USER_NOT_FOUND: + $ret=USER_NOT_FOUND; + break; + case AUTH_WRONG_LOGIN: + $ret=PASSWORD_INCORRECT; + break; + default: + $ret=SERVER_ERROR; + break; + } + return $ret; + } + + function isSupported() { + $ret = true; + if (! class_exists("Auth")) { + $this->mErrors['support']=tra("LDAP Authentication is not supported as PEAR Package Auth is not availible."); + $ret = false; + } + if (!function_exists('ldap_connect')) { + $this->mErrors['support']=tra("LDAP Authentication is not supported as PHP LDAP Extention not loaded."); + $ret = false; + } + return $ret; + } + + // create a new user in the Auth directory + function createUser(&$userattr) { + global $gBitDb; + // set additional attributes here + if (empty($userattr["email"])) { + $userattr["email"] = $gBitDb->getOne("select `email` from `".BIT_DB_PREFIX."users_users` where `login`=?", array($userattr["login"])); + } + // set the Auth options + $a = new Auth("LDAP", $this->mConfig); + // check if the login correct + if ($a->addUser($userattr["login"], $userattr["password"], $userattr) === true) { + return true; + } else { + // otherwise use the error status given back + $this->mErrors['create'] = $a->getStatus(); + return false; + } + } + + function canManageAuth() { + return true; + } + + function getSettings() { + global $gBitUser; + $listHash = array(); + $groups = $gBitUser->getAllGroups($listHash); + $groups=$groups['data']; + $groupsD =array(); + foreach ($groups as $g) { + $groupsD[$g['group_id']]= "{$g['group_name']} ( {$g['group_desc']} )"; + } + $groups = $groupsD; + return array( + 'users_ldap_host' => array( + 'label' => "LDAP Host", + 'type' => "text", + 'note' => "", + 'default' => 'localhost', + ), + 'users_ldap_port' => array( + 'label' => "LDAP Port", + 'type' => "text", + 'note' => "", + 'default' => '389', + ), + 'users_ldap_basedn' => array( + 'label' => "LDAP Base DN", + 'type' => "text", + 'note' => "", + 'default' => '', + ), + 'users_ldap_userdn' => array( + 'label' => "LDAP User DN", + 'type' => "text", + 'note' => "", + 'default' => '', + ), + 'users_ldap_userattr' => array( + 'label' => "LDAP User Attribute", + 'type' => "text", + 'note' => "", + 'default' => 'uid', + ), + 'users_ldap_email' => array( + 'label' => "LDAP User E-Mail Address", + 'type' => "text", + 'note' => "If empty the attribute \"mail\" is used, if it not set for a user, <em>LDAP User Attribute</em> is used instead.<br />Otherwise all %<em>feilds</em>% are replaced with the first value from the ldap attribute of the same name, and the result used as the email address.<br />Please remember to include the @ sign", + 'default' => '', + ), + 'users_ldap_useroc' => array( + 'label' => "LDAP User OC", + 'type' => "text", + 'note' => "", + 'default' => 'inetOrgPerson', + ), + 'users_ldap_groupdn' => array( + 'label' => "LDAP Group DN", + 'type' => "text", + 'note' => "", + 'default' => '', + ), + 'users_ldap_groupattr' => array( + 'label' => "LDAP Group Atribute", + 'type' => "text", + 'note' => "", + 'default' => 'cn', + ), + 'users_ldap_groupoc' => array( + 'label' => "LDAP Group OC", + 'type' => "text", + 'note' => "", + 'default' => 'groupOfUniqueNames', + ), + 'users_ldap_memberattr' => array( + 'label' => "LDAP Member Attribute", + 'type' => "text", + 'note' => "", + 'default' => 'uniqueMember', + ), + 'users_ldap_memberisdn' => array( + 'label' => "LDAP Member Is DN", + 'type' => "text", + 'note' => "", + 'default' => '', + ), + 'users_ldap_adminuser' => array( + 'label' => "LDAP Admin User", + 'type' => "text", + 'note' => "", + 'default' => '', + ), + 'users_ldap_adminpass' => array( + 'label' => "LDAP Admin Pwd", + 'type' => "password", + 'note' => "", + 'default' => '', + ), + 'users_ldap_scope' => array( + 'label' => "LDAP Scope", + 'type' => "option", + 'note' => "", + 'default' => 'sub', + 'options' => array( + 'sub' => "Sub", + 'one' => "One", + 'base' => "Base", + ), + ), + 'users_ldap_group' => array( + 'label' => "LDAP Group", + 'type' => "option", + 'note' => "", + 'default' => '3', + 'options' => $groups, + ), + ); + } +} + +?>
\ No newline at end of file diff --git a/bit_setup_inc.php b/bit_setup_inc.php index 38d8c78..27db7af 100644 --- a/bit_setup_inc.php +++ b/bit_setup_inc.php @@ -64,7 +64,7 @@ if( !defined( 'LOGO_MAX_DIM' ) ) { umask(0007); } session_start(); - // just use a simple COOKIE (unique random string) that is linked to the users_cnxn table. + // just use a simple COOKIE (unique random string) that is linked to the users_cnxn table. // This way, nuking rows in the users_cnxn table can log people out and is much more reliable than SESSIONS $cookie_site = strtolower( ereg_replace("[^a-zA-Z0-9]", "", $gBitSystem->getConfig('site_title', 'bitweaver')) ); global $user_cookie_site; @@ -124,51 +124,6 @@ if( !defined( 'LOGO_MAX_DIM' ) ) { $site_https_login_required = $gBitSystem->getConfig('site_https_login_required', 'n'); $users_change_language = $gBitSystem->getConfig("users_change_language", 'y'); -/* - - All of this stuff should now be converted to gBitSystem->isFeatureActive or ->getConfig - - $gBitSmarty->assign('users_allow_register', $users_allow_register); - $gBitSmarty->assign('site_url_index', $site_url_index); - $gBitSmarty->assign('site_use_proxy', $site_use_proxy); - $gBitSmarty->assign('site_proxy_host', $site_proxy_host); - $gBitSmarty->assign('site_proxy_port', $site_proxy_port); - $gBitSmarty->assign('users_change_language', $users_change_language); - $gBitSmarty->assign('users_eponymous_groups', $users_eponymous_groups); - - $site_user_assigned_modules = 'n'; - $gBitSmarty->assign('users_remember_time', $users_remember_time); - $gBitSmarty->assign('users_webserverauth', 'n'); - $gBitSmarty->assign('users_uf_use_db', 'y'); - $gBitSmarty->assign('uf_use_dir', ''); - $gBitSmarty->assign('users_userfiles_quota', 30); - $gBitSmarty->assign('users_register_passcode', $users_register_passcode); - $gBitSmarty->assign('users_register_passcode', $users_register_passcode); - $gBitSmarty->assign('users_min_pass_length', 1); - $gBitSmarty->assign('users_pass_chr_num', 'n'); - $gBitSmarty->assign('users_pass_due', 999); - $gBitSmarty->assign('users_random_number_reg', 'n'); - // PEAR::Auth support - $gBitSmarty->assign('users_auth_method', "tiki"); - $gBitSmarty->assign('auth_pear', "tiki"); - $gBitSmarty->assign('users_auth_create_gBitDbUser', 'n'); - $gBitSmarty->assign('users_auth_create_user_auth', 'n'); - $gBitSmarty->assign('users_auth_skip_admin', 'y'); - $gBitSmarty->assign('users_ldap_host', 'localhost'); - $gBitSmarty->assign('users_ldap_port', '389'); - $gBitSmarty->assign('users_ldap_scope', 'sub'); - $gBitSmarty->assign('users_ldap_basedn', ''); - $gBitSmarty->assign('users_ldap_userdn', ''); - $gBitSmarty->assign('users_ldap_userattr', 'uid'); - $gBitSmarty->assign('users_ldap_useroc', 'inetOrgPerson'); - $gBitSmarty->assign('users_ldap_groupdn', ''); - $gBitSmarty->assign('users_ldap_groupattr', 'cn'); - $gBitSmarty->assign('users_ldap_groupoc', 'groupOfUniqueNames'); - $gBitSmarty->assign('users_ldap_memberattr', 'uniqueMember'); - $gBitSmarty->assign('users_ldap_memberisdn', 'y'); - $gBitSmarty->assign('users_ldap_adminuser', ''); - $gBitSmarty->assign('users_ldap_adminpass', ''); -*/ // Permissions // Get group permissions here @@ -210,4 +165,25 @@ if( !defined( 'LOGO_MAX_DIM' ) ) { $displayTitle = !empty( $site_menu_title ) ? $site_menu_title : $gBitSystem->getConfig( 'site_title', 'Site' ); $gBitSystem->registerAppMenu( USERS_PKG_NAME, 'My '.$displayTitle, ($gBitSystem->getConfig('users_preferences') == 'y' ? USERS_PKG_URL.'my.php':''), 'bitpackage:users/menu_users.tpl' ); } + +require_once(USERS_PKG_PATH.'BaseAuth.php'); + +BaseAuth::register('imap',array( + 'name' => 'IMAP Auth', + 'file' => USERS_PKG_PATH.'auth/imap_auth.php', + 'class' => 'IMAPAuth', +)); + +BaseAuth::register('ldap',array( + 'name' => 'LDAP Auth', + 'file' => USERS_PKG_PATH.'auth/ldap_auth.php', + 'class' => 'LDAPAuth', +)); + +BaseAuth::register('bit',array( + 'name' => 'Bitweaver Auth', + 'file' => USERS_PKG_PATH.'auth/bit_auth.php', + 'class' => 'BitAuth', +)); + ?> diff --git a/register.php b/register.php index 01b510c..255f482 100644 --- a/register.php +++ b/register.php @@ -1,6 +1,6 @@ <?php /** - * $Header: /cvsroot/bitweaver/_bit_users/register.php,v 1.20 2006/06/05 03:13:32 spiderr Exp $ + * $Header: /cvsroot/bitweaver/_bit_users/register.php,v 1.21 2006/07/12 22:03:03 hash9 Exp $ * * Copyright (c) 2004 bitweaver.org * Copyright (c) 2003 tikwiki.org @@ -8,7 +8,7 @@ * All Rights Reserved. See copyright.txt for details and a complete list of authors. * Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details * - * $Id: register.php,v 1.20 2006/06/05 03:13:32 spiderr Exp $ + * $Id: register.php,v 1.21 2006/07/12 22:03:03 hash9 Exp $ * @package users * @subpackage functions */ @@ -39,7 +39,7 @@ if( isset( $_REQUEST["register"] ) ) { // novalidation is set to yes if a user confirms his email is correct after tiki fails to validate it if( $gBitSystem->isFeatureActive( 'users_random_number_reg' ) ) { if( (empty( $reg['novalidation'] ) || $reg['novalidation'] != 'yes') - && (!isset( $_SESSION['random_number'] ) || $_SESSION['random_number']!=$reg['regcode'])) { + && (!isset( $_SESSION['random_number'] ) || $_SESSION['random_number']!=$reg['regcode'])) { $errors['users_random_number_reg'] = "Wrong registration code"; } } @@ -50,7 +50,6 @@ if( isset( $_REQUEST["register"] ) ) { $errors['passcode'] = 'Wrong passcode! You need to know the passcode to register at this site'; } } - if( empty( $errors ) ) { $newUser = new BitPermUser(); if( $newUser->register( $reg ) ) { @@ -101,6 +100,17 @@ if( isset( $_REQUEST["register"] ) ) { trim_array( $fields ); $gBitSmarty->assign('customFields', $fields); } + for ($i=0;$i<BaseAuth::getAuthMethodCount();$i++) { + $instance = BaseAuth::init($i); + if ($instance && $instance->canManageAuth()) { + $auth_reg_fields = $instance->getRegistrationFields(); + foreach (array_keys($auth_reg_fields) as $auth_field) { + $auth_reg_fields[$auth_field]['value'] = $auth_reg_fields[$auth_field]['default']; + } + $gBitSmarty->assign('auth_reg_fields', $auth_reg_fields); + break; + } + } } $languages = array(); diff --git a/templates/admin_login.tpl b/templates/admin_login.tpl index 256d52d..7ad4863 100644 --- a/templates/admin_login.tpl +++ b/templates/admin_login.tpl @@ -4,17 +4,29 @@ <input type="hidden" name="page" value="{$page}" /> <div class="row"> - {if ! $ldapEnabled} - {formfeedback error="PHP LDAP Extention not loaded; LDAP Authentication not available."} - {/if} + {foreach from=$authSettings.err item='auth_error' key='auth_type'} + {formfeedback error=$auth_error} + {/foreach} {formlabel label="Authentication method" for="users_auth_method"} {forminput} + {foreach from=$authSettings.avail_method item='auth_method' key='iter'} + <label>Method {$iter+1}</label> + <select name="users_auth_method_{$iter}"> + <option value="" disabled {if $auth_method.value eq ''} selected="selected"{/if}>-</option> + {foreach from=$authSettings.avail item='method' key='meth_name'} + <option value="{$meth_name}" {if $auth_method.value eq $meth_name} selected="selected"{/if}>{$method.name}</option> + {/foreach} + </select><br /> + {/foreach} + {* + {if $gBitSystem->getConfig("users_auth_method_`$smarty.section.auth_select_outer.iteration-1`") eq 'tiki'} selected="selected"{/if} <select name="users_auth_method" id="users_auth_method"> <option value="tiki" {if $gBitSystem->getConfig('users_auth_method') eq 'tiki'} selected="selected"{/if}>{tr}Just bitweaver{/tr}</option> <option value="ws" {if $gBitSystem->getConfig('users_auth_method') eq 'ws'} selected="selected"{/if}>{tr}Web Server{/tr}</option> {if $ldapEnabled}<option value="auth" {if $gBitSystem->getConfig('users_auth_method') eq 'auth'} selected="selected"{/if}>{tr}bitweaver and PEAR::Auth{/tr}</option>{/if} </select> - {formhelp note=""} + *} + {*formhelp note="Registration requrires that Bitweaver Auth be in the Method List"*} {/forminput} </div> @@ -64,7 +76,7 @@ <select name="registration_group_choice[]" multiple="multiple" size="5"> <option value=""> </option> {foreach key=g item=gr from=$groupList} - {if $gr.group_id ne -1} + {if $gr.group_id ne -1} <option value="{$gr.group_id}" {if $gr.is_public eq 'y'} selected="selected"{/if}>{$gr.group_name|truncate:"52":" ..."}</option> {/if} {/foreach} @@ -128,42 +140,36 @@ </div> {/form} {/jstab} - - {if $ldapEnabled} - {jstab title="PEAR::Auth"} - {form legend="PEAR::Auth"} - <input type="hidden" name="page" value="{$page}" /> - - {foreach from=$ldapSettings key=feature item=output} - <div class="row"> - {formlabel label=`$output.label` for=$feature} - {forminput} - {if $output.type == 'text'} - <input type="text" size="50" name="{$feature}" id="{$feature}" value="{$gBitSystem->getConfig($feature)|escape}" /> - {else} - {html_checkboxes name="$feature" values="y" checked=$gBitSystem->getConfig($feature) labels=false id=$feature} - {/if} - {formhelp note=`$output.note` page=`$output.page` link=`$output.link`} - {/forminput} + {foreach from=$authSettings.avail item='method' key='meth_name'} + {if count($method.options)>0} + {jstab title=$method.name} + {form legend=$method.name} + <input type="hidden" name="page" value="{$page}" /> + {foreach from=$method.options item='output' key='op_id'} + <div class="row"> + {formlabel label=$output.label for=$op_id} + {forminput} + {if $output.type == 'checkbox'} + {html_checkboxes name="$op_id" values="y" selected=$output.value labels=false id=$op_id} + {elseif $output.type == 'option'} + <select name="{$op_id}" id="{$op_id}"> + {foreach from=$output.options item='op_text' key='op_value'} + <option value="{$op_value}" {if $output.value eq $op_value} selected="selected"{/if}>{$op_text}</option> + {/foreach} + </select> + {else} + <input type="text" size="50" name="{$op_id}" id="{$op_id}" value="{$output.value|escape}" /> + {/if} + {formhelp note=`$output.note` page=`$output.page` link=`$output.link`} + {/forminput} + </div> + {/foreach} + <div class="row submit"> + <input type="submit" name="auth_{$meth_name}" value="{tr}Change {$method.name} preferences{/tr}" /> </div> - {/foreach} + {/form} + {/jstab} + {/if} + {/foreach} - <div class="row"> - {formlabel label="LDAP Scope" for="users_ldap_scope"} - {forminput} - <select name="users_ldap_scope" id="users_ldap_scope"> - <option value="sub" {if $gBitSystem->getConfig('users_ldap_scope') eq "sub"} selected="selected"{/if}>sub</option> - <option value="one" {if $gBitSystem->getConfig('users_ldap_scope') eq "one"} selected="selected"{/if}>one</option> - <option value="base" {if $gBitSystem->getConfig('users_ldap_scope') eq "base"} selected="selected"{/if}>base</option> - </select> - {formhelp note=""} - {/forminput} - </div> - - <div class="row submit"> - <input type="submit" name="auth_pear" value="{tr}Change preferences{/tr}" /> - </div> - {/form} - {/jstab} - {/if} {/jstabs} diff --git a/templates/register.tpl b/templates/register.tpl index 1cfe5ba..7afa631 100644 --- a/templates/register.tpl +++ b/templates/register.tpl @@ -9,6 +9,13 @@ <div class="body"> <p>{tr}If you are already registered, please{/tr} <a href="{$smarty.const.USERS_PKG_URL}login.php">{tr}login{/tr}</a></p> {form enctype="multipart/form-data" legend="Please fill in the following details"} + {foreach from=$reg.CUSTOM item='custom' key='custom_name'} + <input type="hidden" name="CUSTOM[{$custom_name}]" value="{$custom}"/> + {/foreach} + {foreach from=$reg.auth item='auth' key='auth_name'} + <input type="hidden" name="auth[{$auth_name}]" value="{$auth}"/> + {/foreach} + {formfeedback error=$errors.create} {if $notrecognized eq 'y'} <input type="hidden" name="login" value="{$reg.login}"/> <input type="hidden" name="password" value="{$reg.password}"/> @@ -159,6 +166,27 @@ </div> {/section} + {foreach from=$auth_reg_fields item='output' key='op_id'} + {assign var=op_name value="auth[$op_id]"} + <div class="row"> + {formlabel label=$output.label for=$op_id} + {forminput} + {if $output.type == 'checkbox'} + {html_checkboxes name="$op_name" values="y" selected=$output.value labels=false id=$op_id} + {elseif $output.type == 'option'} + <select name="{$op_name}" id="{$op_id}"> + {foreach from=$output.options item='op_text' key='op_value'} + <option value="{$op_value}" {if $output.value eq $op_value} selected="selected"{/if}>{$op_text}</option> + {/foreach} + </select> + {else} + <input type="text" size="50" name="{$op_name}" id="{$op_id}" value="{$output.value|escape}" /> + {/if} + {formhelp note=`$output.note` page=`$output.page` link=`$output.link`} + {/forminput} + </div> + {/foreach} + {if $gBitSystem->isFeatureActive('users_random_number_reg')} <hr /> |
