MaharaAuthPlugin.php 7.82 KB
Newer Older
Brett Wilkins's avatar
Brett Wilkins committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
<?php
/**
 */
# Copyright (C) 2004 Brion Vibber <brion@pobox.com>
# http://www.mediawiki.org/
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# http://www.gnu.org/copyleft/gpl.html

/**
 * Authentication plugin interface. Instantiate a subclass of AuthPlugin
 * and set $wgAuth to it to authenticate against some external tool.
 *
 * The default behavior is not to do anything, and use the local user
 * database for all authentication. A subclass can require that all
 * accounts authenticate externally, or use it only as a fallback; also
 * you can transparently create internal wiki accounts the first time
 * someone logs in who can be authenticated externally.
 */
32
class MaharaAuthPlugin extends AuthPlugin {
Brett Wilkins's avatar
Brett Wilkins committed
33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59
	/**
	 * Check whether there exists a user account with the given name.
	 * The name will be normalized to MediaWiki's requirements, so
	 * you might need to munge it (for instance, for lowercase initial
	 * letters).
	 *
	 * @param $username String: username.
	 * @return bool
	 */

    $dbname;
    $host;
    $dbname;
    $prefix;
    $dbuser;
    $dbpass;

    public __construct($dbname, $host='localhost', $prefix='', $user='', $password='') {
        $this->dbname = $dbname;
        $this->host = $host;
        $this->prefix = $prefix;
        $this->dbuser = $user;
        $this->dbpass = $password;
    }

	public function userExists( $username ) {
        $db = new Database($this->dbhost,$this->dbuser,$this->dbpass,$this->dbname);
60
		$sql = "SELECT username FROM ".$this->prefix."usr where username = '".$username."';";
Brett Wilkins's avatar
Brett Wilkins committed
61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80
        $res = $db->query($sql);
        $val = $db->fetchRow($res);
        $db->close();
        if (!empty($val) && $val > 0) {
            return true;
        }
		return false;
	}

	/**
	 * Check if a username+password pair is a valid login.
	 * The name will be normalized to MediaWiki's requirements, so
	 * you might need to munge it (for instance, for lowercase initial
	 * letters).
	 *
	 * @param $username String: username.
	 * @param $password String: user password.
	 * @return bool
	 */
	public function authenticate( $username, $password ) {
81 82 83 84 85 86 87 88 89 90 91
        $db = new Database($this->dbhost,$this->dbuser,$this->dbpass,$this->dbname);
		$sql = "SELECT username, password, salt FROM ".$this->prefix."usr where username = '".$username"';"
        $res = $db->query($sql);
        $val = $db->fetchRow($res);
        $db->close();
        if (!empty($val) && $val > 0) {
            $passcheck = sha1($val->salt . $password);
            if ($passcheck == $val->password) {
                return true;
            }
        }
Brett Wilkins's avatar
Brett Wilkins committed
92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154
		return false;
	}

	/**
	 * Modify options in the login template.
	 *
	 * @param $template UserLoginTemplate object.
	 */
	public function modifyUITemplate( &$template ) {
		# Override this!
		$template->set( 'usedomain', false );
	}

	/**
	 * Set the domain this plugin is supposed to use when authenticating.
	 *
	 * @param $domain String: authentication domain.
	 */
	public function setDomain( $domain ) {
		$this->domain = $domain;
	}

	/**
	 * Check to see if the specific domain is a valid domain.
	 *
	 * @param $domain String: authentication domain.
	 * @return bool
	 */
	public function validDomain( $domain ) {
		# Override this!
		return true;
	}

	/**
	 * When a user logs in, optionally fill in preferences and such.
	 * For instance, you might pull the email address or real name from the
	 * external user database.
	 *
	 * The User object is passed by reference so it can be modified; don't
	 * forget the & on your function declaration.
	 *
	 * @param User $user
	 */
	public function updateUser( &$user ) {
		# Override this and do something
		return true;
	}


	/**
	 * Return true if the wiki should create a new local account automatically
	 * when asked to login a user who doesn't exist locally but does in the
	 * external auth database.
	 *
	 * If you don't automatically create accounts, you must still create
	 * accounts in some way. It's not possible to authenticate without
	 * a local account.
	 *
	 * This is just a question, and shouldn't perform any actions.
	 *
	 * @return bool
	 */
	public function autoCreate() {
155
		return true;
Brett Wilkins's avatar
Brett Wilkins committed
156 157 158 159 160 161 162 163
	}

	/**
	 * Can users change their passwords?
	 *
	 * @return bool
	 */
	public function allowPasswordChange() {
164
		return false;
Brett Wilkins's avatar
Brett Wilkins committed
165 166 167 168 169 170 171 172 173 174 175 176 177 178 179
	}

	/**
	 * Set the given password in the authentication database.
	 * As a special case, the password may be set to null to request
	 * locking the password to an unusable value, with the expectation
	 * that it will be set later through a mail reset or other method.
	 *
	 * Return true if successful.
	 *
	 * @param $user User object.
	 * @param $password String: password.
	 * @return bool
	 */
	public function setPassword( $user, $password ) {
180
		return false;
Brett Wilkins's avatar
Brett Wilkins committed
181 182 183 184 185 186 187 188 189 190
	}

	/**
	 * Update user information in the external authentication database.
	 * Return true if successful.
	 *
	 * @param $user User object.
	 * @return bool
	 */
	public function updateExternalDB( $user ) {
191
		return false;
Brett Wilkins's avatar
Brett Wilkins committed
192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213
	}

	/**
	 * Check to see if external accounts can be created.
	 * Return true if external accounts can be created.
	 * @return bool
	 */
	public function canCreateAccounts() {
		return false;
	}

	/**
	 * Add a user to the external authentication database.
	 * Return true if successful.
	 *
	 * @param User $user - only the name should be assumed valid at this point
	 * @param string $password
	 * @param string $email
	 * @param string $realname
	 * @return bool
	 */
	public function addUser( $user, $password, $email='', $realname='' ) {
214
		return false;
Brett Wilkins's avatar
Brett Wilkins committed
215 216 217 218 219 220 221 222 223 224 225 226
	}


	/**
	 * Return true to prevent logins that don't authenticate here from being
	 * checked against the local database's password fields.
	 *
	 * This is just a question, and shouldn't perform any actions.
	 *
	 * @return bool
	 */
	public function strict() {
227
		return true;
Brett Wilkins's avatar
Brett Wilkins committed
228 229 230 231 232 233 234 235 236 237
	}

	/**
	 * Check if a user should authenticate locally if the global authentication fails.
	 * If either this or strict() returns true, local authentication is not used.
	 *
	 * @param $username String: username.
	 * @return bool
	 */
	public function strictUserAuth( $username ) {
238
		return true;
Brett Wilkins's avatar
Brett Wilkins committed
239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274
	}

	/**
	 * When creating a user account, optionally fill in preferences and such.
	 * For instance, you might pull the email address or real name from the
	 * external user database.
	 *
	 * The User object is passed by reference so it can be modified; don't
	 * forget the & on your function declaration.
	 *
	 * @param $user User object.
	 * @param $autocreate bool True if user is being autocreated on login
	 */
	public function initUser( &$user, $autocreate=false ) {
		# Override this to do something.
	}

	/**
	 * If you want to munge the case of an account name before the final
	 * check, now is your chance.
	 */
	public function getCanonicalName( $username ) {
		return $username;
	}
	
	/**
	 * Get an instance of a User object
	 *
	 * @param $user User
	 * @public
	 */
	public function getUserInstance( User &$user ) {
		return new AuthPluginUser( $user );
	}
}

275
/*
Brett Wilkins's avatar
Brett Wilkins committed
276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299
class AuthPluginUser {
	function __construct( $user ) {
		# Override this!
	}
	
	public function getId() {
		# Override this!
		return -1;
	}
	
	public function isLocked() {
		# Override this!
		return false;
	}
	
	public function isHidden() {
		# Override this!
		return false;
	}
	
	public function resetAuthToken() {
		# Override this!
		return true;
	}
300
}*/