mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-04-27 07:53:17 +02:00
Code Issues Releases Wiki Activity

Tidy up alt_auth; first cut of radius support (thanks to Cameron K for testing)

Browse Source
This commit is contained in:
e107steved 2008-09-02 19:39:13 +00:00
parent 61ec94fa25
commit 231e2c055f
19 changed files with 512 additions and 146 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
e107_plugins/alt_auth/alt_auth_adminmenu.php
View File

@ -107,6 +107,7 @@ $common_fields = array(
'pwd' => array('fieldname' => 'password', 'size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_34, 'help' => ''),
'db' => array('fieldname' => 'database', 'size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_35, 'help' => ''),
'table' => array('fieldname' => 'table', 'size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_36, 'help' => ''),
'prefix' => array('fieldname' => 'prefix', 'size' => 35, 'max_size' => 35, 'prompt' => LAN_ALT_39, 'help' => ''),
'ufield' => array('fieldname' => 'user_field','size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_37, 'help' => ''),
'pwfield'=> array('fieldname' => 'password_field','size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_38, 'help' => ''),
'salt' => array('fieldname' => 'password_salt','size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_24, 'help' => LAN_ALT_25)
@ -234,6 +235,7 @@ function alt_auth_test_form($prefix,$frm)
default :
$text .= "Coding error";
}
if (isset($_login ->ErrorText)) $text .= '<br />'.$_login ->ErrorText;
$text .= "</td></tr>";
}

61
e107_plugins/alt_auth/e107db_auth.php
View File

@ -11,8 +11,8 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_plugins/alt_auth/e107db_auth.php,v $
| $Revision: 1.1 $
| $Date: 2008-07-25 19:33:03 $
| $Revision: 1.2 $
| $Date: 2008-09-02 19:39:12 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
@ -29,66 +29,47 @@
class auth_login
{
var $od;
var $Available;
var $ErrorText;
var $conf; // Configuration parameters
function auth_login()
{
// global $otherdb_conf, $sql;
global $sql;
$this->conf = array();
$this->ErrorText = '';
$sql -> db_Select("alt_auth", "*", "auth_type = 'e107db' ");
while($row = $sql -> db_Fetch())
{
$e107db_conf[$row['auth_parmname']] = base64_decode(base64_decode($row['auth_parmval']));
}
$class_name = "e107db_mysql_class";
if(class_exists($class_name))
{
$this->od = new $class_name($e107db_conf);
$this->Available = TRUE;
}
else
{
$this->Available = FALSE;
return AUTH_NOCONNECT;
$this->conf[$row['auth_parmname']] = base64_decode(base64_decode($row['auth_parmval']));
}
$this->Available = TRUE;
}
function login($uname, $pword, &$newvals, $connect_only = FALSE)
// Add the reconnect function in here - might be needed
function makeErrorText($extra = '')
{
$this->ErrorText = $extra;
global $mySQLserver, $mySQLuser, $mySQLpassword, $mySQLdefaultdb, $sql;
$ret = $this->od->login($uname, $pword, $newvals, $connect_only);
$sql->db_Connect($mySQLserver, $mySQLuser, $mySQLpassword, $mySQLdefaultdb);
return $ret;
}
}
class e107db_mysql_class
{
var $conf;
function e107db_mysql_class($otherdb_conf)
{
$this->conf = $otherdb_conf;
// print_a($this->conf);
}
function login($uname, $pword, &$newvals, $connect_only = FALSE)
{
//Attempt to open connection to sql database
if(!$res = mysql_connect($this->conf['e107db_server'], $this->conf['e107db_username'], $this->conf['e107db_password']))
{
$this->makeErrorText('Cannot connect to remote server');
return AUTH_NOCONNECT;
}
//Select correct db
if(!mysql_select_db($this->conf['e107db_database'], $res))
{
mysql_close($res);
$this->makeErrorText('Cannot connect to remote DB');
return AUTH_NOCONNECT;
}
if ($connect_only) return AUTH_SUCCESS; // Test mode may just want to connect to the DB
@ -107,16 +88,18 @@ class e107db_mysql_class
//Get record containing supplied login name
$qry = "SELECT ".implode(',',$sel_fields)." FROM ".MPREFIX."user WHERE {$user_field} = '{$uname}'";
$qry = "SELECT ".implode(',',$sel_fields)." FROM ".$this->conf['e107db_prefix']."user WHERE {$user_field} = '{$uname}'";
// echo "Query: {$qry}<br />";
if(!$r1 = mysql_query($qry))
{
mysql_close($res);
$this->makeErrorText('Lookup query failed');
return AUTH_NOCONNECT;
}
if(!$row = mysql_fetch_array($r1))
{
mysql_close($res);
$this->makeErrorText('User not found');
return AUTH_NOUSER;
}
@ -127,12 +110,17 @@ class e107db_mysql_class
$pass_check = new ExtendedPasswordHandler();
$passMethod = $pass_check->passwordMapping($this->conf['e107db_password_method']);
if ($passMethod === FALSE) return AUTH_BADPASSWORD;
if ($passMethod === FALSE)
{
$this->makeErrorText('Password error - invalid method');
return AUTH_BADPASSWORD;
}
$pwFromDB = $row['user_password']; // Password stored in DB
if ($pass_check->checkPassword($pword, $uname, $pwFromDB, $passMethod) !== PASSWORD_VALID)
{
$this->makeErrorText('Password incorrect');
return AUTH_BADPASSWORD;
}
@ -145,6 +133,7 @@ class e107db_mysql_class
if (isset($row[$f])) $newvals[$f] = $row[$f];
}
}
$this->makeErrorText(''); // Success - just reconnect to E107 DB if needed
return AUTH_SUCCESS;
}
}

4
e107_plugins/alt_auth/e107db_conf.php
View File

@ -15,7 +15,7 @@ $eplug_admin = true;
require_once("../../class2.php");
require_once(e_ADMIN."auth.php");
require_once(e_HANDLER."form_handler.php");
include_lan("languages/".e_LANGUAGE."/lan_e107db_auth.php");
include_lan("languages/".e_LANGUAGE."/lan_e107db_conf.php");
include_lan("languages/".e_LANGUAGE."/lan_alt_auth_conf.php");
define("ALT_AUTH_ACTION", "e107db");
require_once(e_PLUGIN."alt_auth/alt_auth_adminmenu.php");
@ -57,7 +57,7 @@ function show_e107db_form()
$text .= E107DB_LAN_1;
$text .= "</td></tr>";
$text .= alt_auth_get_db_fields('e107db', $frm, $parm, 'server|uname|pwd|db');
$text .= alt_auth_get_db_fields('e107db', $frm, $parm, 'server|uname|pwd|db|prefix');
$text .= "<tr><td class='forumheader3'>".E107DB_LAN_9."</td><td class='forumheader3'>";
$text .= $frm -> form_select_open("e107db_password_method");

35
e107_plugins/alt_auth/e_help.php Normal file
View File

@ -0,0 +1,35 @@
<?php
/*
+ ----------------------------------------------------------------------------+
| e107 website system
|
| ©Steve Dunstan 2001-2002
| http://e107.org
| jalist@e107.org
|
| Released under the terms and conditions of the
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_plugins/alt_auth/e_help.php,v $
| $Revision: 1.1 $
| $Date: 2008-09-02 19:39:12 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
if (!defined('e107_INIT')) { exit; }
define('ALT_AUTH_PATH', e_PLUGIN.'alt_auth/');
if (!include_lan(ALT_AUTH_PATH.'languages/'.e_LANGUAGE.'/lan_'.e_PAGE)) return 'No help!';
if (e_PAGE == 'alt_auth_conf.php')
{
$ns -> tablerender('help',LAN_ALT_AUTH_HELP);
}
else
{
if (!defined('LAN_ALT_VALIDATE_HELP')) include_lan(ALT_AUTH_PATH.'languages/'.e_LANGUAGE.'/lan_alt_auth_conf.php');
$ns -> tablerender('help',LAN_AUTHENTICATE_HELP.'<br /><br />'.LAN_ALT_VALIDATE_HELP);
}
?>

57
e107_plugins/alt_auth/importdb_auth.php
View File

@ -11,8 +11,8 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_plugins/alt_auth/importdb_auth.php,v $
| $Revision: 1.1 $
| $Date: 2008-07-25 19:33:03 $
| $Revision: 1.2 $
| $Date: 2008-09-02 19:39:12 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
@ -29,42 +29,29 @@
class auth_login
{
var $od;
var $conf;
var $ErrorText;
function auth_login()
{
global $importdb_conf, $sql;
if (!$sql -> db_Select("alt_auth", "*", "auth_type = 'importdb' ")) return AUTH_NOCONNECT; // We should get at least one value
while ($row = $sql -> db_Fetch())
{
$importdb_conf[$row['auth_parmname']] = base64_decode(base64_decode($row['auth_parmval']));
}
$this->Available = TRUE;
$this->od = new importdb_mysql_class;
global $sql;
$this->ErrorText = '';
$this->conf = array();
if (!$sql -> db_Select("alt_auth", "*", "auth_type = 'importdb' ")) return AUTH_NOCONNECT; // We should get at least one value
while ($row = $sql -> db_Fetch())
{
$this->conf[$row['auth_parmname']] = base64_decode(base64_decode($row['auth_parmval']));
}
$this->Available = TRUE;
}
function login($uname, $pword, &$newvals, $connect_only = FALSE)
function makeErrorText($extra = '')
{
// global $mySQLserver, $mySQLuser, $mySQLpassword, $mySQLdefaultdb, $sql;
$ret = $this->od->login($uname, $pword, $newvals, $connect_only);
// $sql->db_Connect($mySQLserver, $mySQLuser, $mySQLpassword, $mySQLdefaultdb);
return $ret;
$this->ErrorText = $extra;
}
}
class importdb_mysql_class
{
var $conf;
function importdb_mysql_class()
{
global $importdb_conf;
$this->conf = $importdb_conf;
}
function login($uname, $pword, &$newvals, $connect_only = FALSE)
{
if ($connect_only) return AUTH_SUCCESS; // Big problem if can't connect to our own DB!
@ -73,6 +60,7 @@ class importdb_mysql_class
global $sql, $tp;
if (!$sql->db_Select("user", "user_loginname, user_password", "user_loginname = '".$tp -> toDB($uname)."'"))
{ // Invalid user
$this->makeErrorText('User not found');
return AUTH_NOUSER;
}
@ -80,6 +68,7 @@ class importdb_mysql_class
// Higher levels will always convert an authorised password to E107 format and save it for us.
if (!$row = $sql->db_Fetch())
{
$this->makeErrorText('Error reading DB');
return AUTH_NOCONNECT; // Debateable return code - really a DB error. But consistent with other handler
}
@ -87,13 +76,19 @@ class importdb_mysql_class
$pass_check = new ExtendedPasswordHandler();
$passMethod = $pass_check->passwordMapping($this->conf['importdb_password_method']);
if ($passMethod === FALSE) return AUTH_BADPASSWORD;
if ($passMethod === FALSE)
{
$this->makeErrorText('Password error - invalid method');
return AUTH_BADPASSWORD;
}
$pwFromDB = $row['user_password']; // Password stored in DB
if ($pass_check->checkPassword($pword, $uname, $pwFromDB, $passMethod) !== PASSWORD_VALID)
{
$this->makeErrorText('Password incorrect');
return AUTH_BADPASSWORD;
}
$this->makeErrorText('');
return AUTH_SUCCESS;
}
}

2
e107_plugins/alt_auth/importdb_conf.php
View File

@ -15,7 +15,7 @@ $eplug_admin = true;
require_once("../../class2.php");
require_once(e_ADMIN."auth.php");
require_once(e_HANDLER."form_handler.php");
include_lan("languages/".e_LANGUAGE."/lan_importdb_auth.php");
include_lan("languages/".e_LANGUAGE."/lan_importdb_conf.php");
include_lan("languages/".e_LANGUAGE."/lan_alt_auth_conf.php");
define("ALT_AUTH_ACTION", "importdb");
require_once(e_PLUGIN."alt_auth/alt_auth_adminmenu.php");

13
e107_plugins/alt_auth/languages/English/lan_alt_auth_conf.php
View File

@ -26,6 +26,8 @@ define('LAN_ALT_23', 'XUP file field');
define('LAN_ALT_24', 'Password salt field');
define('LAN_ALT_25', '(sometimes combined with password for added security)');
define('LAN_ALT_26', 'Database type:');
define('LAN_ALT_27', 'To transfer a field value into the local database, specify the field name in the corresponding box below. (Username and password are always transferred)
<br />Leave the field blank for it not to be transferred at all');
define('LAN_ALT_29', 'Auth methods');
define('LAN_ALT_30', 'Configure ');
@ -37,6 +39,7 @@ define("LAN_ALT_35", "Database:");
define("LAN_ALT_36", "Table:");
define("LAN_ALT_37", "Username Field:");
define("LAN_ALT_38", "Password Field:");
define('LAN_ALT_39', 'Table Prefix:');
define('LAN_ALT_40', 'Test database access');
define('LAN_ALT_41', ' (using above credentials)');
@ -60,9 +63,13 @@ define('LAN_ALT_58', 'Authentification successful');
define('LAN_ALT_59', 'Retrieved parameters:');
define('LAN_ALT_60', '');
define("LAN_ALT_FALLBACK", "Use e107 user table");
define("LAN_ALT_FAIL", "Failed login");
define('LAN_ALT_UPDATESET', "Update settings");
define('LAN_ALT_FALLBACK', 'Use e107 user table');
define('LAN_ALT_FAIL', 'Failed login');
define('LAN_ALT_UPDATESET', 'Update settings');
define('LAN_ALT_UPDATED','Settings updated');
define('LAN_ALT_AUTH_HELP', 'These are the settings common to all authentication methods, and determine the actions to be taken');
define('LAN_ALT_VALIDATE_HELP', 'You can check the settings by using the \'Test Database Access\' section to try and validate a user - this uses exactly
the same process as when a user tries to log in, and confirms whether your settings are correct');
?>

16
e107_plugins/alt_auth/languages/English/lan_e107db_auth.php
View File

@ -1,16 +0,0 @@
<?php
define('E107DB_LAN_1', 'E107 format database');
//define("E107DB_LAN_2", "Server:");
//define("E107DB_LAN_3", "Username:");
//define("E107DB_LAN_4", "Password:");
//define("E107DB_LAN_5", "Database");
define("E107DB_LAN_9", "Password Method:");
define("E107DB_LAN_10", "Configure E107 db auth");
define("E107DB_LAN_11", "Check the box against any field you wish to be transferred to the local database:");
define("IMPORTDB_LAN_7", 'MD5 (E107 original)');
define("IMPORTDB_LAN_8", 'E107 salted (option 0.8 on)');
?>

17
e107_plugins/alt_auth/languages/English/lan_e107db_conf.php Normal file
View File

@ -0,0 +1,17 @@
<?php
define('E107DB_LAN_1', 'E107 format database');
define('E107DB_LAN_9', 'Password Method:');
define('E107DB_LAN_10', 'Configure E107 db auth');
define('E107DB_LAN_11', 'Check the box against any field you wish to be transferred to the local database:');
define('IMPORTDB_LAN_7', 'MD5 (E107 original)');
define('IMPORTDB_LAN_8', 'E107 salted (option 0.8 on)');
define('LAN_AUTHENTICATE_HELP','This authentication method is to be used with a second E107 database, which may use a different password format to this system. The
original password is read from the local database, and validated against the storage format of the original system. If it verifies, its converted to the current E107-compatible format and
stored in the database.');
?>

10
e107_plugins/alt_auth/languages/English/lan_importdb_auth.php → e107_plugins/alt_auth/languages/English/lan_importdb_conf.php
View File

@ -7,13 +7,15 @@ define("IMPORTDB_LAN_5", 'SMF (SHA1)');
define("IMPORTDB_LAN_6", 'Generic SHA1');
define("IMPORTDB_LAN_7", 'MD5 (E107 original)');
define("IMPORTDB_LAN_8", 'E107 salted (option 0.8 on)');
define("IMPORTDB_LAN_9", "Password Method:");
define("IMPORTDB_LAN_10", "Configure imported database password type");
define("IMPORTDB_LAN_9", 'Password Method:');
define("IMPORTDB_LAN_10", 'Configure imported database password type');
define("IMPORTDB_LAN_11", 'This option is to be used when you have imported some other user-based system into E107.
It allows you to accept passwords encoded in the selected non-standard format.
Each user\'s password is converted to E107 format when they log in.');
define("IMPORTDB_LAN_12", 'PHPBB2/PHPBB3 salted');
define("IMPORTDB_LAN_13", '');
define("IMPORTDB_LAN_14", '');
define('LAN_AUTHENTICATE_HELP','This authentication method is to be used <i>only</i> when you have imported a user database into E107, and the password is in an incompatible format. The
original password is read from the local database, and validated against the storage format of the original system. If it verifies, its converted to the current E107-compatible format and
stored in the database. After a while you can usually disable the alt-auth plugin, since active users will all have their passwords stored in a compatible format.');
?>

7
e107_plugins/alt_auth/languages/English/lan_ldap_auth.php → e107_plugins/alt_auth/languages/English/lan_ldap_conf.php Executable file → Normal file
View File

@ -12,8 +12,9 @@ define("LDAPLAN_10", "Settings Updated");
define("LDAPLAN_11", "WARNING: It appears as if the ldap module is not currently available; setting your auth method to LDAP will probably not work!");
define("LDAPLAN_12", "Server Type");
define("LDAPLAN_13", "Update settings");
define("LDAPLAN_14", "To transfer a field (attribute) value into the local database, specify its name in the corresponding box below. Fields marked with
an asterisk (*) are mandatory.
<br />Leave the box blank for it not to be transferred at all");
define('LAN_AUTHENTICATE_HELP','This method can be used to authenticate against most LDAP servers, including Novell\'s eDirectory and Microsoft\'s Active Directory. Refer to the wiki for further information.');
?>

8
e107_plugins/alt_auth/languages/English/lan_otherdb_auth.php → e107_plugins/alt_auth/languages/English/lan_otherdb_conf.php
View File

@ -9,8 +9,8 @@ define("OTHERDB_LAN_7", "Username Field:");
define("OTHERDB_LAN_8", "Password Field:");
define("OTHERDB_LAN_9", "Password Method:");
define("OTHERDB_LAN_10", "Configure otherdb auth");
define("OTHERDB_LAN_11", "To transfer a field value into the local database, specify the field name in the corresponding box below. Fields marked with
an asterisk (*) are mandatory.<br />Leave the field blank for it not to be transferred at all");
//define("OTHERDB_LAN_11", "To transfer a field value into the local database, specify the field name in the corresponding box below. Fields marked with
// an asterisk (*) are mandatory.<br />Leave the field blank for it not to be transferred at all");
define('OTHERDB_LAN_12', 'Password Salt Field:');
define('OTHERDB_LAN_13', '(Leave blank if not used)');
define('OTHERDB_LAN_14', 'Email address Field:');
@ -25,4 +25,8 @@ define("IMPORTDB_LAN_7", 'MD5 (E107 original)');
define("IMPORTDB_LAN_8", 'E107 salted (option 0.8 on)');
define("IMPORTDB_LAN_12", 'PHPBB2/PHPBB3 salted');
define('LAN_AUTHENTICATE_HELP','This authentication method is used to validate against a non-E107 database. The password must be stored in one of the supported formats.');
?>

14
e107_plugins/alt_auth/languages/English/lan_radius_conf.php Normal file
View File

@ -0,0 +1,14 @@
<?php
define('LAN_RADIUS_01', 'Server address');
define('LAN_RADIUS_02', 'Shared secret');
define('LAN_RADIUS_03', 'Server user');
define('LAN_RADIUS_04', 'Server password');
define('LAN_RADIUS_06', 'Configure RADIUS auth');
define('LAN_RADIUS_11', 'WARNING: It appears that the RADIUS module is not currently available; setting your auth method to RADIUS will probably not work!');
define('LAN_AUTHENTICATE_HELP','This authentication method is used with an external RADIUS server. It requres that PHP\'s RADIUS extension is enabled. <br />
Note that the RADIUS server may only allow access from a specific range of IP addresses');
?>

27
e107_plugins/alt_auth/ldap_auth.php
View File

@ -11,8 +11,8 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_plugins/alt_auth/ldap_auth.php,v $
| $Revision: 1.2 $
| $Date: 2008-07-25 19:33:02 $
| $Revision: 1.3 $
| $Date: 2008-09-02 19:39:12 $
| $Author: e107steved $
To do:
@ -30,6 +30,7 @@ class auth_login
var $serverType;
var $ldapErrorCode;
var $ldapErrorText;
var $ErrorText;
var $connection;
var $result;
var $ldapVersion;
@ -72,6 +73,13 @@ class auth_login
}
function makeErrorText($extra = '')
{
$this->ldapErrorCode = ldap_errno( $this->connection);
$this->ldapErrorText = ldap_error( $this->connection);
$this->ErrorText = $extra.' '.$this->ldapErrorCode.': '.$this->ldapErrorText;
}
function connect()
{
@ -89,6 +97,7 @@ class auth_login
$this->ldapErrorCode = -1;
$this->ldapErrorText = "Unable to connect to any server";
$this->ErrorText = $this->ldapErrorCode.': '.$this->ldapErrorText;
return false;
}
@ -98,8 +107,7 @@ class auth_login
{
if ( !@ldap_close( $this->connection))
{
$this->ldapErrorCode = ldap_errno( $this->connection);
$this->ldapErrorText = ldap_error( $this->connection);
$this->makeErrorText(); // Read the error code and explanatory string
return false;
}
else
@ -134,6 +142,7 @@ class auth_login
if ($this->result === FALSE)
{
// echo "LDAP bind failed<br />";
$this->makeErrorText(); // Read the error code and explanatory string
return AUTH_NOCONNECT;
}
@ -155,6 +164,7 @@ class auth_login
{
// Could not perform query to LDAP directory
echo "LDAP - search for user failed<br />";
$this->makeErrorText(); // Read the error code and explanatory string
return AUTH_NOCONNECT;
}
else
@ -207,14 +217,16 @@ class auth_login
else
{
// echo " Unexpected non-array value - Key: {$k} Value: {$tlv}<br />";
return AUTH_NOCONNECT; // Not really a suitable return code for this - its an error
$this->makeErrorText(); // Read the error code and explanatory string
return AUTH_NOCONNECT; // Not really a suitable return code for this - its an error
}
}
}
else
{
// echo "Got wrong number of entries<br />";
return AUTH_NOUSER; // Bit debateable what to return if this happens
$this->makeErrorText(); // Read the error code and explanatory string
return AUTH_NOUSER; // Bit debateable what to return if this happens
}
}
else
@ -234,8 +246,7 @@ class auth_login
** 49 - Wrong password
** 53 - Account inactive (manually locked out by administrator)
*/
$this->ldapErrorCode = ldap_errno( $this->connection);
$this->ldapErrorText = ldap_error( $this->connection);
$this->makeErrorText(); // Read the error code and explanatory string
switch ($this -> ldapErrorCode)
{

8
e107_plugins/alt_auth/ldap_conf.php
View File

@ -11,8 +11,8 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_plugins/alt_auth/ldap_conf.php,v $
| $Revision: 1.2 $
| $Date: 2008-07-25 19:33:02 $
| $Revision: 1.3 $
| $Date: 2008-09-02 19:39:12 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
@ -20,7 +20,7 @@ $eplug_admin = true;
require_once("../../class2.php");
require_once(e_ADMIN."auth.php");
require_once(e_HANDLER."form_handler.php");
include_lan("languages/".e_LANGUAGE."/lan_ldap_auth.php");
include_lan("languages/".e_LANGUAGE."/lan_ldap_conf.php");
include_lan("languages/".e_LANGUAGE."/lan_alt_auth_conf.php");
define("ALT_AUTH_ACTION", "ldap");
require_once(e_PLUGIN."alt_auth/alt_auth_adminmenu.php");
@ -106,7 +106,7 @@ $text .= "<tr><td class='forumheader3'>".LDAPLAN_7."<br /><span class='smalltext
$text .= $frm -> form_text("ldap_edirfilter", 35, $ldap['ldap_edirfilter'], 120);
$text .= "<br /><span class='smalltext'>".LDAPLAN_9."<br />".htmlentities($current_filter)."</span></td></tr>";
$text .= "<tr><td class='forumheader2' colspan='2'>".LDAPLAN_14."</td></tr>";
$text .= "<tr><td class='forumheader2' colspan='2'>".LAN_ALT_27."</td></tr>";
$text .= alt_auth_get_field_list('ldap',$frm, $ldap, FALSE);

57
e107_plugins/alt_auth/otherdb_auth.php
View File

@ -11,8 +11,8 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_plugins/alt_auth/otherdb_auth.php,v $
| $Revision: 1.2 $
| $Date: 2008-07-25 19:33:02 $
| $Revision: 1.3 $
| $Date: 2008-09-02 19:39:12 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
@ -29,53 +29,32 @@
class auth_login
{
var $od;
var $Available;
var $ErrorText;
var $conf; // Configuration parameters
function auth_login()
{
// global $otherdb_conf, $sql;
global $sql;
$this->conf = array();
$this->ErrorText = '';
$sql -> db_Select("alt_auth", "*", "auth_type = 'otherdb' ");
while($row = $sql -> db_Fetch())
{
$otherdb_conf[$row['auth_parmname']] = base64_decode(base64_decode($row['auth_parmval']));
}
$class_name = "otherdb_mysql_class";
if(class_exists($class_name))
{
$this->od = new $class_name($otherdb_conf);
$this->Available = TRUE;
}
else
{
$this->Available = FALSE;
return AUTH_NOCONNECT;
$this->conf[$row['auth_parmname']] = base64_decode(base64_decode($row['auth_parmval']));
}
$this->Available = TRUE;
}
function login($uname, $pword, &$newvals, $connect_only = FALSE)
// Add the reconnect function in here - might be needed
function makeErrorText($extra = '')
{
$this->ErrorText = $extra;
global $mySQLserver, $mySQLuser, $mySQLpassword, $mySQLdefaultdb, $sql;
$ret = $this->od->login($uname, $pword, $newvals, $connect_only);
$sql->db_Connect($mySQLserver, $mySQLuser, $mySQLpassword, $mySQLdefaultdb);
return $ret;
}
}
class otherdb_mysql_class
{
var $conf;
function otherdb_mysql_class($otherdb_conf)
{
// global $otherdb_conf;
$this->conf = $otherdb_conf;
}
function login($uname, $pword, &$newvals, $connect_only = FALSE)
@ -83,12 +62,14 @@ class otherdb_mysql_class
//Attempt to open connection to sql database
if(!$res = mysql_connect($this->conf['otherdb_server'], $this->conf['otherdb_username'], $this->conf['otherdb_password']))
{
$this->makeErrorText('Cannot connect to remote server');
return AUTH_NOCONNECT;
}
//Select correct db
if(!mysql_select_db($this->conf['otherdb_database'], $res))
{
mysql_close($res);
$this->makeErrorText('Cannot connect to remote DB');
return AUTH_NOCONNECT;
}
if ($connect_only) return AUTH_SUCCESS; // Test mode may just want to connect to the DB
@ -115,11 +96,13 @@ class otherdb_mysql_class
if(!$r1 = mysql_query($qry))
{
mysql_close($res);
$this->makeErrorText('Lookup query failed');
return AUTH_NOCONNECT;
}
if(!$row = mysql_fetch_array($r1))
{
mysql_close($res);
$this->makeErrorText('User not found');
return AUTH_NOUSER;
}
@ -130,13 +113,18 @@ class otherdb_mysql_class
$pass_check = new ExtendedPasswordHandler();
$passMethod = $pass_check->passwordMapping($this->conf['otherdb_password_method']);
if ($passMethod === FALSE) return AUTH_BADPASSWORD;
if ($passMethod === FALSE)
{
$this->makeErrorText('Password error - invalid method');
return AUTH_BADPASSWORD;
}
$pwFromDB = $row[$this->conf['otherdb_password_field']]; // Password stored in DB
if ($salt_field) $pwFromDB .= ':'.$row[$salt_field];
if ($pass_check->checkPassword($pword, $uname, $pwFromDB, $passMethod) !== PASSWORD_VALID)
{
$this->makeErrorText('Password incorrect');
return AUTH_BADPASSWORD;
}
// Now copy across any values we have selected
@ -148,6 +136,7 @@ class otherdb_mysql_class
}
}
$this->makeErrorText(''); // Success - just reconnect to E107 DB if needed
return AUTH_SUCCESS;
}
}

4
e107_plugins/alt_auth/otherdb_conf.php
View File

@ -15,7 +15,7 @@ $eplug_admin = true;
require_once("../../class2.php");
require_once(e_ADMIN."auth.php");
require_once(e_HANDLER."form_handler.php");
include_lan("languages/".e_LANGUAGE."/lan_otherdb_auth.php");
include_lan("languages/".e_LANGUAGE."/lan_otherdb_conf.php");
include_lan("languages/".e_LANGUAGE."/lan_alt_auth_conf.php");
define("ALT_AUTH_ACTION", "otherdb");
require_once(e_PLUGIN."alt_auth/alt_auth_adminmenu.php");
@ -69,7 +69,7 @@ function show_otherdb_form()
$text .= $frm -> form_select_close();
$text .= "</td></tr>";
$text .= "<tr><td class='forumheader2' colspan='2'>".OTHERDB_LAN_11."</td></tr>";
$text .= "<tr><td class='forumheader2' colspan='2'>".LAN_ALT_27."</td></tr>";
$text .= alt_auth_get_field_list('otherdb',$frm, $parm, FALSE);

226
e107_plugins/alt_auth/radius_auth.php Normal file
View File

@ -0,0 +1,226 @@
<?php
/*
+ ----------------------------------------------------------------------------+
| e107 website system
|
| Steve Dunstan 2001-2002
| http://e107.org
| jalist@e107.org
|
| Released under the terms and conditions of the
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_plugins/alt_auth/radius_auth.php,v $
| $Revision: 1.1 $
| $Date: 2008-09-02 19:39:12 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
RFC2865 is the main RADIUS standard - http://www.faqs.org/rfcs/rfc2865
Potential enhancements:
- Multiple servers (done, but not tested)
- Configurable port (probably not necessary)
- Configurable timeout
- Configurable retries
Error recfrom: 10054 - winsock error for 'connection reset'
*/
define('RADIUS_DEBUG',TRUE);
class auth_login
{
var $server;
var $secret;
var $port;
var $usr;
var $pwd;
var $ErrorText;
var $connection; // Handle to use on successful creation
var $result;
var $Available;
function auth_login()
{
$this->copyAttribs = array();
$sql = new db;
$sql -> db_Select("alt_auth", "*", "auth_type = 'radius' ");
while($row = $sql -> db_Fetch())
{
$radius[$row['auth_parmname']] = base64_decode(base64_decode($row['auth_parmval']));
}
$this->server = explode(',',$radius['radius_server']);
$this->port = 1812; // Assume fixed port number for now - 1812 (UDP) is listed for servers, 1645 for authentification. (1646, 1813 for accounting)
// (A Microsoft app note says 1812 is the RFC2026-compliant port number. (http://support.microsoft.com/kb/230786)
// $this->port = 1645;
$this->secret = explode(',',$radius['radius_secret']);
if ((count($this->server) > 1) && (count($this->secret) == 1))
{
$this->secret = array();
foreach ($this->server as $k => $v)
{
$this->secret[$k] = $radius['radius_secret']; // Same secret for all servers, if only one entered
}
}
$this->ErrorText = '';
if(!function_exists('radius_auth_open'))
{
$this->Available = FALSE;
return false;
}
if(!$this -> connect())
{
return AUTH_NOCONNECT;
}
}
function makeErrorText($extra = '')
{
$this->ErrorText = $extra.radius_strerror($this->connection) ;
if (!RADIUS_DEBUG) return;
$text = "<br />Server: {$this->server} Stored secret: ".radius_server_secret($this->connection)." Port: {$this->port}";
$this->ErrorText .= $text;
}
function connect()
{
// Try to connect to a radius server
if (!($this->connection = radius_auth_open()))
{
$this->makeErrorText('RADIUS open failed: ') ;
return FALSE;
}
foreach ($this->server as $k => $s)
{
if (!radius_add_server($this->connection, $s, $this->port, $this->secret[$k], 15, 1)) // fixed 15 second timeout, one try ATM
{
$this->makeErrorText('RADIUS add server failed: ') ;
return FALSE;
}
}
return TRUE;
}
function close()
{
if ( !radius_close( $this->connection)) // (Not strictly necessary, but tidy)
{
$this->makeErrorText('RADIUS close error: ') ;
return false;
}
else
{
return true;
}
}
function login($uname, $pass, &$newvals, $connect_only = FALSE)
{
// Create authentification request
if (!radius_create_request($this->connection,RADIUS_ACCESS_REQUEST))
{
$this->makeErrorText('RADIUS failed authentification request: ') ;
return AUTH_NOCONNECT;
}
if (trim($pass) == '') return AUTH_BADPASSWORD; // Pick up a blank password - always expect one
// Attach username and password
if (!radius_put_attr($this->connection,RADIUS_USER_NAME,$uname)
|| !radius_put_attr($this->connection,RADIUS_USER_PASSWORD,$pass))
{
$this->makeErrorText('RADIUS could not attach username/password: ') ;
return AUTH_NOCONNECT;
}
// Finally, send request to server
switch (radius_send_request($this->connection))
{
case RADIUS_ACCESS_ACCEPT : // Valid username/password
break;
case RADIUS_ACCESS_CHALLENGE : // CHAP response required - not currently implemented
$this->makeErrorText('CHAP not supported');
return AUTH_NOUSER;
case RADIUS_ACCESS_REJECT : // Specifically rejected
default: // Catch-all
$this->makeErrorText('RADIUS validation error: ') ;
return AUTH_NOUSER;
}
// User accepted here.
if ($connect_only) return AUTH_SUCCESS;
return AUTH_SUCCESS; // Not interested in any attributes returned ATM, so done.
// See if we get any attributes - not really any use to us unless we implement CHAP, so disabled ATM
$attribs = array();
while ($resa = radius_get_attr($this->connection))
{
if (!is_array($resa))
{
$this->makeErrorText("Error getting attribute: ");
exit;
}
// Decode attribute according to type (this isn't an exhaustive list)
// Codes: 2, 3, 4, 5, 30, 31, 32, 60, 61 should never be received by us
// Codes 17, 21 not assigned
switch ($resa['attr'])
{
case 8 : // IP address to be set (255.255.255.254 indicates 'allocate your own address')
case 9 : // Subnet mask
case 14 : // Login-IP host
$attribs[$resa['attr']] = radius_cvt_addr($resa['data']);
break;
case 6 : // Service type (integer bitmap)
case 7 : // Protocol (integer bitmap)
case 10 : // Routing method (integer)
case 12 : // Framed MTU
case 13 : // Compression method
case 15 : // Login service (bitmap)
case 16 : // Login TCP port
case 23 : // Framed IPX network (0xFFFFFFFE indicates 'allocate your own')
case 27 : // Session timeout - maximum connection/login time in seconds
case 28 : // Idle timeout in seconds
case 29 : // Termination action
case 37 : // AppleTalk link number
case 38 : // AppleTalk network
case 62 : // Max ports
case 63 : // Login LAT port
$attribs[$resa['attr']] = radius_cvt_int($resa['data']);
break;
case 1 : // User name
case 11 : // Filter ID - could get several of these
case 18 : // Reply message (text, various purposes)
case 19 : // Callback number
case 20 : // Callback ID
case 22 : // Framed route - could get several of these
case 24 : // State - used in CHAP
case 25 : // Class
case 26 : // Vendor-specific
case 33 : // Proxy State
case 34 : // Login LAT service
case 35 : // Login LAT node
case 36 : // Login LAT group
case 39 : // AppleTalk zone
default :
$attribs[$resa['attr']] = radius_cvt_string($resa['data']); // Default to string type
}
printf("Got Attr: %d => %d Bytes %s\n", $resa['attr'], strlen($attribs[$resa['attr']]), $attribs[$resa['attr']]);
}
return AUTH_SUCCESS;
}
}
?>

90
e107_plugins/alt_auth/radius_conf.php Normal file
View File

@ -0,0 +1,90 @@
<?php
/*
+ ----------------------------------------------------------------------------+
| e107 website system
|
| Steve Dunstan 2001-2002
| http://e107.org
| jalist@e107.org
|
| Released under the terms and conditions of the
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_plugins/alt_auth/radius_conf.php,v $
| $Revision: 1.1 $
| $Date: 2008-09-02 19:39:12 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
$eplug_admin = true;
require_once("../../class2.php");
require_once(e_ADMIN."auth.php");
require_once(e_HANDLER."form_handler.php");
include_lan("languages/".e_LANGUAGE."/lan_radius_conf.php");
include_lan("languages/".e_LANGUAGE."/lan_alt_auth_conf.php");
define("ALT_AUTH_ACTION", "radius");
require_once(e_PLUGIN."alt_auth/alt_auth_adminmenu.php");
$message = '';
if($_POST['update'])
{
$message .= alt_auth_post_options('radius');
}
if (!extension_loaded('radius'))
{
$message .= "<br /><br /><div style='color:#f00; font-weight:bold'>".LAN_RADIUS_11."</div><br />";
}
if($message)
{
$ns->tablerender("","<div style='text-align:center;'>".$message."</div>");
}
$sql -> db_Select("alt_auth", "*", "auth_type = 'radius' ");
while($row = $sql->db_Fetch())
{
$radius[$row['auth_parmname']] = base64_decode(base64_decode($row['auth_parmval'])); // Encoding is new for 0.8
}
$frm = new form;
$text = $frm -> form_open("post",e_SELF);
$text .= "<table style='width:96%'>";
$text .= "<tr><td class='forumheader3'>".LAN_RADIUS_01."</td><td class='forumheader3'>";
$text .= $frm -> form_text("radius_server", 35, $radius['radius_server'], 120);
$text .= "</td></tr>";
$text .= "<tr><td class='forumheader3'>".LAN_RADIUS_02."</td><td class='forumheader3'>";
$text .= $frm -> form_text('radius_secret', 35, $radius['radius_secret'], 200);
$text .= "</td></tr>";
$tmp = alt_auth_get_field_list('radius',$frm, $ldap, FALSE);
if ($tmp)
{
$text .= "<tr><td class='forumheader2' colspan='2'>".LAN_ALT_27."</td></tr>".$tmp;
unset($tmp);
}
$text .= "<tr><td class='forumheader' colspan='2' style='text-align:center;'>";
$text .= $frm -> form_button("submit", "update", LAN_ALT_2);
$text .= "</td></tr>";
$text .= "</table>";
$text .= $frm -> form_close();
$ns -> tablerender(LAN_RADIUS_06,$text);
$ns->tablerender(LAN_ALT_40.LAN_ALT_41,alt_auth_test_form('radius',$frm));
require_once(e_ADMIN."footer.php");
function radius_conf_adminmenu()
{
alt_auth_adminmenu();
}
?>