MaharaAuthPlugin.php 8.53 KB
Newer Older
Brett Wilkins's avatar
Brett Wilkins committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
<?php
/**
 */
# Copyright (C) 2004 Brion Vibber <brion@pobox.com>
# http://www.mediawiki.org/
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# http://www.gnu.org/copyleft/gpl.html

/**
 * Authentication plugin interface. Instantiate a subclass of AuthPlugin
 * and set $wgAuth to it to authenticate against some external tool.
 *
 * The default behavior is not to do anything, and use the local user
 * database for all authentication. A subclass can require that all
 * accounts authenticate externally, or use it only as a fallback; also
 * you can transparently create internal wiki accounts the first time
 * someone logs in who can be authenticated externally.
 */
32
class MaharaAuthPlugin extends AuthPlugin {
Brett Wilkins's avatar
Brett Wilkins committed
33 34 35
	/**
	 * Check whether there exists a user account with the given name.
	 * The name will be normalized to MediaWiki's requirements, so
36
     * you might need to munge it (for instance, for lowercase initial
Brett Wilkins's avatar
Brett Wilkins committed
37 38 39 40 41 42
	 * letters).
	 *
	 * @param $username String: username.
	 * @return bool
	 */

43 44 45 46 47 48
	var $dbname;
	var $host;
	var $prefix;
	var $dbtype;
	var $dbuser;
	var $dbpass;
Brett Wilkins's avatar
Brett Wilkins committed
49

50
    public function __construct($dbname, $host='localhost',$dbtype='', $user='', $password='', $prefix='') {
Brett Wilkins's avatar
Brett Wilkins committed
51 52 53
        $this->dbname = $dbname;
        $this->host = $host;
        $this->prefix = $prefix;
54
	    $this->dbtype = $dbtype;
Brett Wilkins's avatar
Brett Wilkins committed
55 56 57 58 59
        $this->dbuser = $user;
        $this->dbpass = $password;
    }

	public function userExists( $username ) {
60 61
	$username = strtolower($username);
        $db = $this->getDatabase();
62
	$sql = "SELECT username FROM ".$this->prefix."usr where LOWER(username) = '".$username."'";
Brett Wilkins's avatar
Brett Wilkins committed
63
        $res = $db->query($sql);
64
        $val = $db->fetchObject($res);
Brett Wilkins's avatar
Brett Wilkins committed
65
        $db->close();
66
        if (!empty($val)) {
Brett Wilkins's avatar
Brett Wilkins committed
67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82
            return true;
        }
		return false;
	}

	/**
	 * Check if a username+password pair is a valid login.
	 * The name will be normalized to MediaWiki's requirements, so
	 * you might need to munge it (for instance, for lowercase initial
	 * letters).
	 *
	 * @param $username String: username.
	 * @param $password String: user password.
	 * @return bool
	 */
	public function authenticate( $username, $password ) {
83 84
	$username = strtolower($username);
        $db = $this->getDatabase();
85
	$sql = "SELECT username, password, salt FROM ".$this->prefix."usr where LOWER(username) = '".$username."'";
86
        $res = $db->query($sql);
87
        $val = $db->fetchObject($res);
88
        $db->close();
89
        if (!empty($val)) {
90 91 92 93 94
            $passcheck = sha1($val->salt . $password);
            if ($passcheck == $val->password) {
                return true;
            }
        }
Brett Wilkins's avatar
Brett Wilkins committed
95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138
		return false;
	}

	/**
	 * Modify options in the login template.
	 *
	 * @param $template UserLoginTemplate object.
	 */
	public function modifyUITemplate( &$template ) {
		# Override this!
		$template->set( 'usedomain', false );
	}

	/**
	 * Set the domain this plugin is supposed to use when authenticating.
	 *
	 * @param $domain String: authentication domain.
	 */
	public function setDomain( $domain ) {
		$this->domain = $domain;
	}

	/**
	 * Check to see if the specific domain is a valid domain.
	 *
	 * @param $domain String: authentication domain.
	 * @return bool
	 */
	public function validDomain( $domain ) {
		# Override this!
		return true;
	}

	/**
	 * When a user logs in, optionally fill in preferences and such.
	 * For instance, you might pull the email address or real name from the
	 * external user database.
	 *
	 * The User object is passed by reference so it can be modified; don't
	 * forget the & on your function declaration.
	 *
	 * @param User $user
	 */
	public function updateUser( &$user ) {
139
        
140
        $db = $this->getDatabase();
141
	    $sql = "SELECT * FROM ".$this->prefix."usr where LOWER(username) = LOWER('".$user->username."')";
142 143 144 145
        $res = $db->query($sql);
        $val = $db->fetchRow($res);
        $db->close();
		$user->setOption('nickname',$val->username);
146 147
		$user->setEmail($val->email);
		$user->setRealName($val->firstname.' '.$val->lastname);
Brett Wilkins's avatar
Brett Wilkins committed
148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165
		return true;
	}


	/**
	 * Return true if the wiki should create a new local account automatically
	 * when asked to login a user who doesn't exist locally but does in the
	 * external auth database.
	 *
	 * If you don't automatically create accounts, you must still create
	 * accounts in some way. It's not possible to authenticate without
	 * a local account.
	 *
	 * This is just a question, and shouldn't perform any actions.
	 *
	 * @return bool
	 */
	public function autoCreate() {
166
		return true;
Brett Wilkins's avatar
Brett Wilkins committed
167 168 169 170 171 172 173 174
	}

	/**
	 * Can users change their passwords?
	 *
	 * @return bool
	 */
	public function allowPasswordChange() {
175
		return false;
Brett Wilkins's avatar
Brett Wilkins committed
176 177 178 179 180 181 182 183 184 185 186 187 188 189 190
	}

	/**
	 * Set the given password in the authentication database.
	 * As a special case, the password may be set to null to request
	 * locking the password to an unusable value, with the expectation
	 * that it will be set later through a mail reset or other method.
	 *
	 * Return true if successful.
	 *
	 * @param $user User object.
	 * @param $password String: password.
	 * @return bool
	 */
	public function setPassword( $user, $password ) {
191
		return false;
Brett Wilkins's avatar
Brett Wilkins committed
192 193 194 195 196 197 198 199 200 201
	}

	/**
	 * Update user information in the external authentication database.
	 * Return true if successful.
	 *
	 * @param $user User object.
	 * @return bool
	 */
	public function updateExternalDB( $user ) {
202
		return false;
Brett Wilkins's avatar
Brett Wilkins committed
203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224
	}

	/**
	 * Check to see if external accounts can be created.
	 * Return true if external accounts can be created.
	 * @return bool
	 */
	public function canCreateAccounts() {
		return false;
	}

	/**
	 * Add a user to the external authentication database.
	 * Return true if successful.
	 *
	 * @param User $user - only the name should be assumed valid at this point
	 * @param string $password
	 * @param string $email
	 * @param string $realname
	 * @return bool
	 */
	public function addUser( $user, $password, $email='', $realname='' ) {
225
		return false;
Brett Wilkins's avatar
Brett Wilkins committed
226 227 228 229 230 231 232 233 234 235 236 237
	}


	/**
	 * Return true to prevent logins that don't authenticate here from being
	 * checked against the local database's password fields.
	 *
	 * This is just a question, and shouldn't perform any actions.
	 *
	 * @return bool
	 */
	public function strict() {
238
		return true;
Brett Wilkins's avatar
Brett Wilkins committed
239 240 241 242 243 244 245 246 247 248
	}

	/**
	 * Check if a user should authenticate locally if the global authentication fails.
	 * If either this or strict() returns true, local authentication is not used.
	 *
	 * @param $username String: username.
	 * @return bool
	 */
	public function strictUserAuth( $username ) {
249
		return true;
Brett Wilkins's avatar
Brett Wilkins committed
250 251 252 253 254 255 256 257 258 259 260 261 262 263
	}

	/**
	 * When creating a user account, optionally fill in preferences and such.
	 * For instance, you might pull the email address or real name from the
	 * external user database.
	 *
	 * The User object is passed by reference so it can be modified; don't
	 * forget the & on your function declaration.
	 *
	 * @param $user User object.
	 * @param $autocreate bool True if user is being autocreated on login
	 */
	public function initUser( &$user, $autocreate=false ) {
264
        $username = strtolower($username);
265
        $db = $this->getDatabase();
266
	    $sql = "SELECT * FROM ".$this->prefix."usr where LOWER(username) = '".$username."'";
267 268 269 270 271 272
        $res = $db->query($sql);
        $val = $db->fetchRow($res);
        $db->close();
		$user->setOption('nickname',$val->username);
		$user->setEmail($this->email);
		$user->setRealName($this->firstname.' '.$this->lastname);
Brett Wilkins's avatar
Brett Wilkins committed
273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291
	}

	/**
	 * If you want to munge the case of an account name before the final
	 * check, now is your chance.
	 */
	public function getCanonicalName( $username ) {
		return $username;
	}
	
	/**
	 * Get an instance of a User object
	 *
	 * @param $user User
	 * @public
	 */
	public function getUserInstance( User &$user ) {
		return new AuthPluginUser( $user );
	}
292 293 294 295 296 297 298 299 300 301 302 303 304 305

	private function getDatabase() {
		if (empty($this->dbtype)) {
			return false;
		}
		switch ($this->dbtype) {
			case 'mysql':
				return new DatabaseMysql($this->host,$this->dbuser,$this->dbpass,$this->dbname);
			case 'postgres':
			default:
				return new DatabasePostgres($this->host,$this->dbuser,$this->dbpass,$this->dbname);
		}
		return false;
	}
Brett Wilkins's avatar
Brett Wilkins committed
306
}