diff --git a/e107_plugins/alt_auth/alt_auth_adminmenu.php b/e107_plugins/alt_auth/alt_auth_adminmenu.php index 8af1de827..483925c47 100755 --- a/e107_plugins/alt_auth/alt_auth_adminmenu.php +++ b/e107_plugins/alt_auth/alt_auth_adminmenu.php @@ -2,7 +2,7 @@ /* * e107 website system * - * Copyright (C) 2008-2012 e107 Inc (e107.org) + * Copyright (C) 2008-2013 e107 Inc (e107.org) * Released under the terms and conditions of the * GNU General Public License (http://www.gnu.org/licenses/gpl.txt) * @@ -31,11 +31,6 @@ TODO: if (!defined('e107_INIT')) { exit; } -if (!is_object(vartrue($euf))) -{ - require_once(e_HANDLER.'user_extended_class.php'); - $euf = new e107_user_extended; -} define('AUTH_SUCCESS', -1); @@ -46,476 +41,469 @@ if (!is_object(vartrue($euf))) define('AUTH_NOT_AVAILABLE', 5); +require_once(e_HANDLER.'user_extended_class.php'); +require_once(e_PLUGIN.'alt_auth/alt_auth_login_class.php'); // Has base methods class -/** - * Get list of supported authentication methods - * Searches for files *_auth.php in the plugin directory - * - * @param boolean $incE107 - if TRUE, 'e107' is included as an authentication method. - * - * @return array of authentication methods in value fields - */ -function alt_auth_get_authlist($incE107 = TRUE) + + +class alt_auth_admin extends alt_auth_base { - $authlist = $incE107 ? array('e107') : array(); - $handle = opendir(e_PLUGIN.'alt_auth'); - while ($file = readdir($handle)) + private $euf = FALSE; + + public function __construct() { - if(preg_match("/^(.*)_auth\.php/", $file, $match)) + $this->euf = new e107_user_extended; + } + + + + /** + * Get list of supported authentication methods + * Searches for files *_auth.php in the plugin directory + * + * @param boolean $incE107 - if TRUE, 'e107' is included as an authentication method. + * + * @return array of authentication methods in value fields + */ + public function alt_auth_get_authlist($incE107 = TRUE) + { + $authlist = $incE107 ? array('e107') : array(); + $handle = opendir(e_PLUGIN.'alt_auth'); + while ($file = readdir($handle)) { - $authlist[] = $match[1]; + if(preg_match("/^(.+)_auth\.php/", $file, $match)) + { + $authlist[] = $match[1]; + } } + closedir($handle); + return $authlist; } - closedir($handle); - return $authlist; -} -/** - * Return HTML for selector for authentication method - * - * @param string $name - the name of the selector - * @param string $curval - current value (if any) - * @param string $optlist - comma-separated list of options to be included as choices - */ -function alt_auth_get_dropdown($name, $curval = '', $options = '') -{ - $optList = explode(',', $options); - $authList = array_merge($optList, alt_auth_get_authlist(FALSE)); - $ret = "\n"; - return $ret; -} - - - -/** - * All user fields which might, just possibly, be transferred. The array key is the corresponding field in the E107 user database; code prefixes it - * with 'xf_' to get the parameter - * 'default' may be a single value to set the same for all connect methods, or an array to set different defaults. - */ -$alt_auth_user_fields = array( - 'user_email' => array('prompt' => LAN_ALT_12, 'default' => 'user_email', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => TRUE, 'ldap_field' => 'mail'), - 'user_hideemail' => array('prompt' => LAN_ALT_13, 'default' => 'user_hideemail', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => TRUE, 'ldap_field' => '', method => 'bool1'), - 'user_name' => array('prompt' => LAN_ALT_14, 'default' => 'user_name', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => TRUE, 'ldap_field' => ''), - 'user_login' => array('prompt' => LAN_ALT_15, 'default' => 'user_login', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => TRUE, 'ldap_field' => 'sn'), - 'user_customtitle'=> array('prompt' => LAN_ALT_16, 'default' => 'user_customtitle', 'optional' => TRUE, 'otherdb' => FALSE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => FALSE), - 'user_signature' => array('prompt' => LAN_ALT_17, 'default' => 'user_signature', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => FALSE), - 'user_image' => array('prompt' => LAN_ALT_18, 'default' => 'user_image', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => FALSE), - 'user_sess' => array('prompt' => LAN_ALT_19, 'default' => 'user_sess', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => FALSE), - 'user_join' => array('prompt' => LAN_ALT_20, 'default' => 'user_join', 'optional' => TRUE, 'otherdb' => FALSE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => TRUE, 'ldap_field' => ''), - 'user_ban' => array('prompt' => LAN_ALT_21, 'default' => 'user_ban', 'optional' => TRUE, 'otherdb' => FALSE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => FALSE), - 'user_class' => array('prompt' => LAN_ALT_22, 'default' => 'user_class', 'optional' => TRUE, 'otherdb' => FALSE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => FALSE) -); - - - -/** - * Returns a block of table rows with user DB fields and either checkboxes or entry boxes - * - * @param string $tableType is the prefix used, without the following underscore - * @param $frm is the form object to use to create the text - * @param array $parm is the array of options for the current auth type as read from the DB - */ -function alt_auth_get_field_list($tableType, $frm, $parm, $asCheckboxes = FALSE) -{ - global $alt_auth_user_fields; - $ret = ''; - foreach ($alt_auth_user_fields as $f => $v) - { - if (varsettrue($v['showAll']) || varsettrue($v[$tableType])) + $optList = explode(',', $options); + $authList = array_merge($optList, $this->alt_auth_get_authlist(FALSE)); + $ret = "\n"; + return $ret; + } + + + + /** + * All user fields which might, just possibly, be transferred. The array key is the corresponding field in the E107 user database; code prefixes it + * with 'xf_' to get the parameter + * 'default' may be a single value to set the same for all connect methods, or an array to set different defaults. + */ + private $alt_auth_user_fields = array( + 'user_email' => array('prompt' => LAN_ALT_12, 'default' => 'user_email', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => TRUE, 'ldap_field' => 'mail'), + 'user_hideemail' => array('prompt' => LAN_ALT_13, 'default' => 'user_hideemail', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => TRUE, 'ldap_field' => '', method => 'bool1'), + 'user_name' => array('prompt' => LAN_ALT_14, 'default' => 'user_name', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => TRUE, 'ldap_field' => ''), + 'user_login' => array('prompt' => LAN_ALT_15, 'default' => 'user_login', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => TRUE, 'ldap_field' => 'sn'), + 'user_customtitle'=> array('prompt' => LAN_ALT_16, 'default' => 'user_customtitle', 'optional' => TRUE, 'otherdb' => FALSE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => FALSE), + 'user_signature' => array('prompt' => LAN_ALT_17, 'default' => 'user_signature', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => FALSE), + 'user_image' => array('prompt' => LAN_ALT_18, 'default' => 'user_image', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => FALSE), + 'user_sess' => array('prompt' => LAN_ALT_19, 'default' => 'user_sess', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => FALSE), + 'user_join' => array('prompt' => LAN_ALT_20, 'default' => 'user_join', 'optional' => TRUE, 'otherdb' => FALSE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => TRUE, 'ldap_field' => ''), + 'user_ban' => array('prompt' => LAN_ALT_21, 'default' => 'user_ban', 'optional' => TRUE, 'otherdb' => FALSE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => FALSE), + 'user_class' => array('prompt' => LAN_ALT_22, 'default' => 'user_class', 'optional' => TRUE, 'otherdb' => FALSE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => FALSE) + ); + + + + /** + * Returns a block of table rows with user DB fields and either checkboxes or entry boxes + * + * @param string $tableType is the prefix used, without the following underscore + * @param $frm is the form object to use to create the text + * @param array $parm is the array of options for the current auth type as read from the DB + */ + public function alt_auth_get_field_list($tableType, $frm, $parm, $asCheckboxes = FALSE) + { + $ret = ''; + foreach ($this->alt_auth_user_fields as $f => $v) + { + if (varsettrue($v['showAll']) || varsettrue($v[$tableType])) { - $ret .= "
".$v['help'].""; - } - $ret .= ""; -// $fieldname = $tableType.'_'.$v['optname']; - $fieldname = $tableType.'_xf_'.$f; // Name of the input box - $value = varset($v['default'],''); - if (is_array($value)) - { - $value = varset($value[$tableType],''); - } - if (isset($v[$tableType.'_field'])) $value = $v[$tableType.'_field']; - if (isset($parm[$fieldname])) $value = $parm[$fieldname]; -// echo "Field: {$fieldname} => {$value}
"; - if ($asCheckboxes) - { - $ret .= $frm -> form_checkbox($fieldname, 1, $value); - } - else - { - $ret .= $frm -> form_text($fieldname, 35, $value, 120); - if (isset($v['method']) && $v['method']) + $ret .= ""; + if ($v['optional'] == FALSE) $ret .= '* '; + $ret .= $v['prompt'].':'; + if (isset($v['help'])) { - $fieldMethod = $tableType.'_pm_'.$f; // Processing method ID code - $method = varset($parm[$fieldMethod],''); - $ret .= '  '.alt_auth_processing($fieldMethod,$v['method'], $method); + $ret .= "
".$v['help'].""; + } + $ret .= ""; + // $fieldname = $tableType.'_'.$v['optname']; + $fieldname = $tableType.'_xf_'.$f; // Name of the input box + $value = varset($v['default'],''); + if (is_array($value)) + { + $value = varset($value[$tableType],''); + } + if (isset($v[$tableType.'_field'])) $value = $v[$tableType.'_field']; + if (isset($parm[$fieldname])) $value = $parm[$fieldname]; + // echo "Field: {$fieldname} => {$value}
"; + if ($asCheckboxes) + { + $ret .= $frm -> form_checkbox($fieldname, 1, $value); + } + else + { + $ret .= $frm -> form_text($fieldname, 35, $value, 120); + if (isset($v['method']) && $v['method']) + { + $fieldMethod = $tableType.'_pm_'.$f; // Processing method ID code + $method = varset($parm[$fieldMethod],''); + $ret .= '  '.$this->alt_auth_processing($fieldMethod,$v['method'], $method); + } + } + $ret .= "\n"; + } + } + return $ret; + } + + + + /** + * Returns a list of all the user-related fields allowed as an array, whhere the key is the field name + * + * @param string $tableType is the prefix used, without the following underscore + * + * @return array + */ + public function alt_auth_get_allowed_fields($tableType) + { + $ret = array(); + foreach ($this->alt_auth_user_fields as $f => $v) + { + if (varsettrue($v['showAll']) || varsettrue($v[$tableType])) + { + // $fieldname = $tableType.'_'.$v['optname']; + $fieldname = $tableType.'_xf_'.$f; // Name of the input box + $ret[$fieldname] = '1'; + } + } + return $ret; + } + + + + /** + * Routine adds the extended user fields which may be involved into the table of field definitions, so that they're displayed + */ + public function add_extended_fields() + { + global $pref; + + if (!isset($pref['auth_extended'])) return; + if (!$pref['auth_extended']) return; + + static $fieldsAdded = FALSE; + + if ($fieldsAdded) return; + $xFields = $this->euf->user_extended_get_fieldList('','user_extended_struct_name'); + // print_a($xFields); + $fields = explode(',',$pref['auth_extended']); + foreach ($fields as $f) + { + if (isset($xFields[$f])) + { + $this->alt_auth_user_fields['x_'.$f] = array('prompt' => varset($xFields[$f]['user_extended_struct_text'],'').' ('.$f.')', + 'default' => varset($xFields[$f]['default'],''), + 'optional' => TRUE, + 'showAll' => TRUE, // Show for all methods - in principle, its likely to be wanted for all + 'method' => '*' // Specify all convert methods - have little idea what may be around + ); + } + } + $fieldsAdded = TRUE; + } + + + + /** + * List of the standard fields which may be displayed for any method. + */ + private $common_fields = array( + 'server' => array('fieldname' => 'server', 'size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_32, 'help' => ''), + 'uname' => array('fieldname' => 'username', 'size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_33, 'help' => ''), + 'pwd' => array('fieldname' => 'password', 'size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_34, 'help' => ''), + 'db' => array('fieldname' => 'database', 'size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_35, 'help' => ''), + 'table' => array('fieldname' => 'table', 'size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_36, 'help' => ''), + 'prefix' => array('fieldname' => 'prefix', 'size' => 35, 'max_size' => 35, 'prompt' => LAN_ALT_39, 'help' => ''), + 'ufield' => array('fieldname' => 'user_field','size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_37, 'help' => ''), + 'pwfield'=> array('fieldname' => 'password_field','size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_38, 'help' => ''), + 'salt' => array('fieldname' => 'password_salt','size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_24, 'help' => LAN_ALT_25), + 'classfilt' => array('fieldname' => 'filter_class', 'size' => 10, 'max_size' => 8, 'prompt' => LAN_ALT_76, 'help' => LAN_ALT_77) + ); + + + + /** + * Return the HTML for all server-related fields required for configuration of a particular method. + * Each is a row of a table having two columns (no ...
etc added, so can be embedded in a larger table + * + * @param string $prefix is the prefix used, without the following underscore + * @param $frm is the form object to use + * @param array $parm is an array of the current values of each item + * @param string $fields is a list of the fields to display, separated by '|'. The names are the key values from $common_fields table + * + */ + public function alt_auth_get_db_fields($prefix, $frm, $parm, $fields = 'server|uname|pwd|db|table|ufield|pwfield') + { + $opts = explode('|',$fields); + $ret = ''; + foreach ($this->common_fields as $fn => $cf) + { + if (in_array($fn,$opts)) + { + $ret .= "".$cf['prompt']; + + $ret .= ""; + $ret .= $frm -> form_text($prefix.'_'.$cf['fieldname'], $cf['size'], $parm[$prefix.'_'.$cf['fieldname']], $cf['max_size']); + if ($cf['help']) $ret .= "
".$cf['help'].""; + $ret .= "\n"; + } + } + return $ret; + } + + + + /** + * Write all the options for a particular authentication type to the DB + * + * @var string $prefix - the prefix string representing the authentication type (currently importdb|e107db|otherdb|ldap|radius). Must NOT have a trailing underscore + */ + public function alt_auth_post_options($prefix) + { + $sql = e107::getDb(); + $lprefix = $prefix.'_'; + + $user_fields = $this->alt_auth_get_allowed_fields($prefix); // Need this list in case checkboxes for parameters + foreach ($user_fields as $k => $v) + { + if (!isset($_POST[$k])) + { + $_POST[$k] = '0'; + } + } + + + // Now we can post everything + foreach($_POST as $k => $v) + { + if (strpos($k,$lprefix) === 0) + { + $v = base64_encode(base64_encode($v)); + if($sql -> db_Select('alt_auth', '*', "auth_type='{$prefix}' AND auth_parmname='{$k}' ")) + { + $sql -> db_Update('alt_auth', "auth_parmval='{$v}' WHERE auth_type='{$prefix}' AND auth_parmname='{$k}' "); + } + else + { + $sql -> db_Insert('alt_auth', "'{$prefix}','{$k}','{$v}' "); } } - $ret .= "\n"; - } - } - return $ret; -} - - - -/** - * Returns a list of all the user-related fields allowed as an array, whhere the key is the field name - * - * @param string $tableType is the prefix used, without the following underscore - * - * @return array - */ -function alt_auth_get_allowed_fields($tableType) -{ - global $alt_auth_user_fields; - $ret = array(); - foreach ($alt_auth_user_fields as $f => $v) - { - if (varsettrue($v['showAll']) || varsettrue($v[$tableType])) - { -// $fieldname = $tableType.'_'.$v['optname']; - $fieldname = $tableType.'_xf_'.$f; // Name of the input box - $ret[$fieldname] = '1'; - } - } - return $ret; -} - - - -/** - * Routine adds the extended user fields which may be involved into the table of field definitions, so that they're displayed - */ -function add_extended_fields() -{ - global $alt_auth_user_fields, $euf, $pref; - - if (!isset($pref['auth_extended'])) return; - if (!$pref['auth_extended']) return; - - static $fieldsAdded = FALSE; - - if ($fieldsAdded) return; - $xFields = $euf->user_extended_get_fieldList('','user_extended_struct_name'); -// print_a($xFields); - $fields = explode(',',$pref['auth_extended']); - foreach ($fields as $f) - { - if (isset($xFields[$f])) - { - $alt_auth_user_fields['x_'.$f] = array('prompt' => varset($xFields[$f]['user_extended_struct_text'],'').' ('.$f.')', - 'default' => varset($xFields[$f]['default'],''), - 'optional' => TRUE, - 'showAll' => TRUE, // Show for all methods - in principle, its likely to be wanted for all - 'method' => '*' // Specify all convert methods - have little idea what may be around - ); - } - } - $fieldsAdded = TRUE; -} - - - -/** - * List of the standard fields which may be displayed for any method. - */ -$common_fields = array( - 'server' => array('fieldname' => 'server', 'size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_32, 'help' => ''), - 'uname' => array('fieldname' => 'username', 'size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_33, 'help' => ''), - 'pwd' => array('fieldname' => 'password', 'size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_34, 'help' => ''), - 'db' => array('fieldname' => 'database', 'size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_35, 'help' => ''), - 'table' => array('fieldname' => 'table', 'size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_36, 'help' => ''), - 'prefix' => array('fieldname' => 'prefix', 'size' => 35, 'max_size' => 35, 'prompt' => LAN_ALT_39, 'help' => ''), - 'ufield' => array('fieldname' => 'user_field','size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_37, 'help' => ''), - 'pwfield'=> array('fieldname' => 'password_field','size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_38, 'help' => ''), - 'salt' => array('fieldname' => 'password_salt','size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_24, 'help' => LAN_ALT_25), - 'classfilt' => array('fieldname' => 'filter_class', 'size' => 10, 'max_size' => 8, 'prompt' => LAN_ALT_76, 'help' => LAN_ALT_77) -); - - - -/** - * Return the HTML for all server-related fields required for configuration of a particular method. - * Each is a row of a table having two columns (no ...
etc added, so can be embedded in a larger table - * - * @param string $prefix is the prefix used, without the following underscore - * @param $frm is the form object to use - * @param array $parm is an array of the current values of each item - * @param string $fields is a list of the fields to display, separated by '|'. The names are the key values from $common_fields table - * - */ -function alt_auth_get_db_fields($prefix, $frm, $parm, $fields = 'server|uname|pwd|db|table|ufield|pwfield') -{ - global $common_fields; - - $opts = explode('|',$fields); - $ret = ''; - foreach ($common_fields as $fn => $cf) - { - if (in_array($fn,$opts)) - { - $ret .= "".$cf['prompt']; - - $ret .= ""; - $ret .= $frm -> form_text($prefix.'_'.$cf['fieldname'], $cf['size'], $parm[$prefix.'_'.$cf['fieldname']], $cf['max_size']); - if ($cf['help']) $ret .= "
".$cf['help'].""; - $ret .= "\n"; - } - } - return $ret; -} - - - -/** - * Write all the options for a particular authentication type to the DB - * - * @var string $prefix - the prefix string representing the authentication type (currently importdb|e107db|otherdb|ldap|radius). Must NOT have a trailing underscore - */ -function alt_auth_post_options($prefix) -{ - global $common_fields, $sql, $admin_log; - $lprefix = $prefix.'_'; - - $user_fields = alt_auth_get_allowed_fields($prefix); // Need this list in case checkboxes for parameters - foreach ($user_fields as $k => $v) - { - if (!isset($_POST[$k])) - { - $_POST[$k] = '0'; } + e107::getAdminLog()->log_event('AUTH_03',$prefix,E_LOG_INFORMATIVE,''); + return LAN_ALT_UPDATED; } - // Now we can post everything - foreach($_POST as $k => $v) + + /** + * Get the HTML for a password type selector. + * + * @param string $name - name to be used for selector + * @param $frm - form object to use + * @param string $currentSelection - current value (if any) + * @param boolean $getExtended - return all supported password types if TRUE, 'core' password types if FALSE + */ + public function altAuthGetPasswordSelector($name, $frm, $currentSelection = '', $getExtended = FALSE) { - if (strpos($k,$lprefix) === 0) + $password_methods = ExtendedPasswordHandler::GetPasswordTypes($getExtended); + $text = ""; + $text .= $frm->form_select_open($name); + foreach($password_methods as $k => $v) { - $v = base64_encode(base64_encode($v)); - if($sql -> db_Select('alt_auth', '*', "auth_type='{$prefix}' AND auth_parmname='{$k}' ")) - { - $sql -> db_Update('alt_auth', "auth_parmval='{$v}' WHERE auth_type='{$prefix}' AND auth_parmname='{$k}' "); + $sel = ($currentSelection == $k) ? " Selected='selected'" : ''; + $text .= $frm -> form_option($v, $sel, $k); + } + $text .= $frm->form_select_close(); + return $text; + } + + + + + /** + * Return the HTML needed to display the test form. + * + * @param string $prefix - the type of connection being tested + * @param $frm - the form object to use + * + * if $_POST['testauth'] is set, attempts to validate the connection, and displays any returned values + */ + public function alt_auth_test_form($prefix, $frm) + { + $text = $frm -> form_open('post', e_SELF, 'testform'); + $text .= " + "; + + if (isset($_POST['testauth'])) + { + // Try and connect to DB/server, and maybe validate user name + require_once(e_PLUGIN.'alt_auth/'.$prefix.'_auth.php'); + $_login = new auth_login; + $log_result = AUTH_UNKNOWN; + $pass_vars = array(); + $val_name = trim(varset($_POST['nametovalidate'],'')); + + if(isset($_login->Available) && ($_login->Available === FALSE)) + { // Relevant auth method not available (e.g. PHP extension not loaded) + $log_result = AUTH_NOT_AVAILABLE; } else { - $sql -> db_Insert('alt_auth', "'{$prefix}','{$k}','{$v}' "); + $log_result = $_login->login($val_name, $_POST['passtovalidate'], $pass_vars, ($val_name == '')); } + + $text .= "".LAN_ALT_48; + if ($val_name) + { + $text .= "
".LAN_ALT_49.$val_name.'
'.LAN_ALT_50; + if (varset($_POST['passtovalidate'],'')) $text .= str_repeat('*',strlen($_POST['passtovalidate'])); else $text .= LAN_ALT_51; + } + $text .= ""; } + + $text .= ""; + + $text .= ""; + + $text .= ""; + + $text .= "
".LAN_ALT_42."
"; + switch ($log_result) + { + case AUTH_SUCCESS : + $text .= LAN_ALT_58; + if (count($pass_vars)) + { + $text .= '
'.LAN_ALT_59; + foreach ($pass_vars as $k => $v) + { + $text .= '
  '.$k.'=>'.$v; + } + } + break; + case AUTH_NOUSER : + $text .= LAN_ALT_52.LAN_ALT_55; + break; + case AUTH_BADPASSWORD : + $text .= LAN_ALT_52.LAN_ALT_56; + break; + case AUTH_NOCONNECT : + $text .= LAN_ALT_52.LAN_ALT_54; + break; + case AUTH_UNKNOWN : + $text .= LAN_ALT_52.LAN_ALT_53; + break; + case AUTH_NOT_AVAILABLE : + $text .= LAN_ALT_52.LAN_ALT_57; + break; + default : + $text .= "Coding error"; + } + if (isset($_login ->ErrorText)) $text .= '
'.$_login ->ErrorText; + $text .= "
".LAN_ALT_33.""; + $text .= $frm->form_text('nametovalidate', 35, '', 120); + $text .= "
".LAN_ALT_34.""; + $text .= $frm->form_password('passtovalidate', 35, '', 120); + $text .= "
"; + // $text .= $frm->form_button("submit", 'testauth', LAN_ALT_47); + $text .= e107::getForm()->admin_button('testauth', LAN_ALT_47,'other'); + $text .= "
"; + $text .= $frm->form_close(); + return $text; } - $admin_log->log_event('AUTH_03',$prefix,E_LOG_INFORMATIVE,''); - return LAN_ALT_UPDATED; -} -/** - * Get the HTML for a password type selector. - * - * @param string $name - name to be used for selector - * @param $frm - form object to use - * @param string $currentSelection - current value (if any) - * @param boolean $getExtended - return all supported password types if TRUE, 'core' password types if FALSE - */ -function altAuthGetPasswordSelector($name, $frm, $currentSelection = '', $getExtended = FALSE) -{ - $password_methods = ExtendedPasswordHandler::GetPasswordTypes($getExtended); - $text = ""; - $text .= $frm->form_select_open($name); - foreach($password_methods as $k => $v) + //----------------------------------------------- + // VALUE COPY METHOD SELECTION + //----------------------------------------------- + + private $procListOpts = array( + 'none' => LAN_ALT_70, + 'bool1' => LAN_ALT_71, + 'ucase' => LAN_ALT_72, + 'lcase' => LAN_ALT_73, + 'ucfirst' => LAN_ALT_74, + 'ucwords' => LAN_ALT_75 + ); + + /** + * Return a 'select' box for available processing methods + */ + public function alt_auth_processing($selName, $allowed='*', $curVal='') { - $sel = ($currentSelection == $k) ? " Selected='selected'" : ''; - $text .= $frm -> form_option($v, $sel, $k); - } - $text .= $frm->form_select_close(); - return $text; -} - - - -/** - * Get configuration parameters for an authentication method - * - * @param string $prefix - the method - * - * @return array - */ -function altAuthGetParams($prefix) -{ - $sql = e107::getDB(); - - $sql->db_Select('alt_auth', '*', "auth_type = '".$prefix."' "); - $parm = array(); - while($row = $sql->db_Fetch()) - { - $parm[$row['auth_parmname']] = base64_decode(base64_decode($row['auth_parmval'])); - } - return $parm; -} - - -/** - * Return the HTML needed to display the test form. - * - * @param string $prefix - the type of connection being tested - * @param $frm - the form object to use - * - * if $_POST['testauth'] is set, attempts to validate the connection, and displays any returned values - */ -function alt_auth_test_form($prefix, $frm) -{ - $text = $frm -> form_open('post', e_SELF, 'testform'); - $text .= " - "; - - if (isset($_POST['testauth'])) - { - // Try and connect to DB/server, and maybe validate user name - require_once(e_PLUGIN.'alt_auth/'.$prefix.'_auth.php'); - $_login = new auth_login; - $log_result = AUTH_UNKNOWN; - $pass_vars = array(); - $val_name = trim(varset($_POST['nametovalidate'],'')); - - if(isset($_login->Available) && ($_login->Available === FALSE)) - { // Relevant auth method not available (e.g. PHP extension not loaded) - $log_result = AUTH_NOT_AVAILABLE; + if (($allowed == 'none') || ($allowed == '')) return ''; + if ($allowed == '*') + { + $valid = $this->procListOpts; // We just want all the array keys to exist! } else { - $log_result = $_login->login($val_name, $_POST['passtovalidate'], $pass_vars, ($val_name == '')); + $valid = array_flip(explode(',', $allowed)); + $valid['none'] = '1'; // Make sure this key exists - value doesn't matter } - - $text .= "".LAN_ALT_48; - if ($val_name) + $ret = ""; + $ret .= "\n"; + // $ret .= $selName.':'.$curVal; + return $ret; } - $text .= ""; - - $text .= ""; - - $text .= ""; - - $text .= "
".LAN_ALT_42."
"; - switch ($log_result) - { - case AUTH_SUCCESS : - $text .= LAN_ALT_58; - if (count($pass_vars)) - { - $text .= '
'.LAN_ALT_59; - foreach ($pass_vars as $k => $v) - { - $text .= '
  '.$k.'=>'.$v; - } - } - break; - case AUTH_NOUSER : - $text .= LAN_ALT_52.LAN_ALT_55; - break; - case AUTH_BADPASSWORD : - $text .= LAN_ALT_52.LAN_ALT_56; - break; - case AUTH_NOCONNECT : - $text .= LAN_ALT_52.LAN_ALT_54; - break; - case AUTH_UNKNOWN : - $text .= LAN_ALT_52.LAN_ALT_53; - break; - case AUTH_NOT_AVAILABLE : - $text .= LAN_ALT_52.LAN_ALT_57; - break; - default : - $text .= "Coding error"; - } - if (isset($_login ->ErrorText)) $text .= '
'.$_login ->ErrorText; - $text .= "
".LAN_ALT_33.""; - $text .= $frm->form_text('nametovalidate', 35, '', 120); - $text .= "
".LAN_ALT_34.""; - $text .= $frm->form_password('passtovalidate', 35, '', 120); - $text .= "
"; -// $text .= $frm->form_button("submit", 'testauth', LAN_ALT_47); - $text .= e107::getForm()->admin_button('testauth', LAN_ALT_47,'other'); - $text .= "
"; - $text .= $frm->form_close(); - return $text; -} - - - -//----------------------------------------------- -// VALUE COPY METHOD SELECTION -//----------------------------------------------- - -$procListOpts = array( - 'none' => LAN_ALT_70, - 'bool1' => LAN_ALT_71, - 'ucase' => LAN_ALT_72, - 'lcase' => LAN_ALT_73, - 'ucfirst' => LAN_ALT_74, - 'ucwords' => LAN_ALT_75 - ); - -// Return a 'select' box for available processing methods -function alt_auth_processing($selName, $allowed='*', $curVal='') -{ - global $procListOpts; - if (($allowed == 'none') || ($allowed == '')) return ''; - if ($allowed == '*') - { - $valid = $procListOpts; // We just want all the array keys to exist! - } - else - { - $valid = array_flip(explode(',',$allowed)); - $valid['none'] = '1'; // Make sure this key exists - value doesn't matter - } - $ret = "\n"; -// $ret .= $selName.':'.$curVal; - return $ret; } function alt_auth_adminmenu() { - global $authlist; - echo " "; + echo ' '; if(!is_array($authlist)) { - $authlist = alt_auth_get_authlist(); + $authlist = alt_auth_admin::alt_auth_get_authlist(); } - define("ALT_AUTH_ACTION", "main"); + define('ALT_AUTH_ACTION', 'main'); $var['main']['text'] = LAN_ALT_31; - $var['main']['link'] = e_PLUGIN."alt_auth/alt_auth_conf.php"; - show_admin_menu("alt auth", ALT_AUTH_ACTION, $var); + $var['main']['link'] = e_PLUGIN.'alt_auth/alt_auth_conf.php'; + show_admin_menu('alt auth', ALT_AUTH_ACTION, $var); $var = array(); foreach($authlist as $a) { diff --git a/e107_plugins/alt_auth/alt_auth_conf.php b/e107_plugins/alt_auth/alt_auth_conf.php index fc03fcf0f..f9eef1bd6 100755 --- a/e107_plugins/alt_auth/alt_auth_conf.php +++ b/e107_plugins/alt_auth/alt_auth_conf.php @@ -1,226 +1,232 @@ -toDB($_POST['auth_method']); - $temp['auth_noconn'] = intval($_POST['auth_noconn']); - $temp['auth_method2'] = $tp->toDB($_POST['auth_method2']); - $temp['auth_badpassword'] = intval($_POST['auth_badpassword']); - if ($admin_log->logArrayDiffs($temp, $pref, 'AUTH_01')) - { - save_prefs(); // Only save if changes - header('location:'.e_SELF); - exit; - } -} - - -if(isset($_POST['updateeufs'])) -{ - $authExtended = array(); - foreach ($_POST['auth_euf_include'] as $au) - { - $authExtended[] = trim($tp->toDB($au)); - } - $au = implode(',',$authExtended); - if ($au != $pref['auth_extended']) - { - $pref['auth_extended'] = $au; - save_prefs(); - $admin_log->log_event('AUTH_02',$au,''); - } -} - -// Avoid need for lots of checks later -if (!isset($pref['auth_badpassword'])) $pref['auth_badpassword'] = 0; -if (!isset($pref['auth_noconn'])) $pref['auth_noconn'] = 0; - -// Convert prefs -if (isset($pref['auth_nouser'])) -{ - $pref['auth_method2'] = 'none'; // Default to no fallback - if ($pref['auth_nouser']) - { - $pref['auth_method2'] = 'e107'; - } - unset($pref['auth_nouser']); - if (!isset($pref['auth_badpassword'])) $pref['auth_badpassword'] = 0; - save_prefs(); -} - - -$authlist = alt_auth_get_authlist(); -if (isset($pref['auth_extended'])) -{ - $authExtended = explode(',',$pref['auth_extended']); -} -else -{ - $pref['auth_extended'] = ''; - $authExtended = array(); -} - - -if(isset($message)) -{ - e107::getRender()->tablerender('', "
".$message."
"); -} - -$text = " -
-
- - - - - - - - - - - - - - - - - - - - - - - - -
".LAN_ALT_1.": ". -alt_auth_get_dropdown('auth_method', $pref['auth_method'], 'e107')." -
".LAN_ALT_78.":
 -
".LAN_ALT_79."
-
".LAN_ALT_6.":
 -
".LAN_ALT_7."
-
".LAN_ALT_8.":
- -		".alt_auth_get_dropdown('auth_method2', $pref['auth_method2'], 'none')." -
".LAN_ALT_9."
-
- -
". -$frm->admin_button('updateprefs',LAN_UPDATE,'update')." -
-
-
"; -$ns = e107::getRender(); - -$ns->tablerender(LAN_ALT_3, $text); - - -if ($euf->userCount) -{ - include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/lan_user_extended.php'); - $fl = &$euf->fieldDefinitions; - $text = "
-
- - - - - - - \n"; - - $text .= " - - - - - - - "; - foreach ($fl as $f) - { - $checked = (in_array($f['user_extended_struct_name'], $authExtended) ? " checked='checked'" : ''); - $text .= " - - - - \n"; - } - $text .= " -
".LAN_ALT_61."".LAN_ALT_62."".LAN_ALT_63."".LAN_ALT_64."
{$f['user_extended_struct_name']}".$tp->toHTML($f['user_extended_struct_text'],FALSE,'TITLE')."{$euf->user_extended_types[$f['user_extended_struct_type']]}
-".$frm->admin_button('updateeufs',LAN_UPDATE,'update')." - -
- -
-
"; -e107::getRender()->tablerender(LAN_ALT_60, $text); - - -} - - -require_once(e_ADMIN.'footer.php'); - -function alt_auth_conf_adminmenu() -{ - alt_auth_adminmenu(); -} - - +toDB($_POST['auth_method']); + $temp['auth_noconn'] = intval($_POST['auth_noconn']); + $temp['auth_method2'] = $tp->toDB($_POST['auth_method2']); + $temp['auth_badpassword'] = intval($_POST['auth_badpassword']); + if ($admin_log->logArrayDiffs($temp, $pref, 'AUTH_01')) + { + save_prefs(); // Only save if changes @TODO: + header('location:'.e_SELF); + exit; + } +} + + +if(isset($_POST['updateeufs'])) +{ + $authExtended = array(); + foreach ($_POST['auth_euf_include'] as $au) + { + $authExtended[] = trim($tp->toDB($au)); + } + $au = implode(',',$authExtended); + if ($au != $pref['auth_extended']) + { + $pref['auth_extended'] = $au; // @TODO: + save_prefs(); + $admin_log->log_event('AUTH_02',$au,''); + } +} + +// Avoid need for lots of checks later +if (!isset($pref['auth_badpassword'])) $pref['auth_badpassword'] = 0; +if (!isset($pref['auth_noconn'])) $pref['auth_noconn'] = 0; + +// Convert prefs +if (isset($pref['auth_nouser'])) +{ + $pref['auth_method2'] = 'none'; // Default to no fallback + if ($pref['auth_nouser']) + { + $pref['auth_method2'] = 'e107'; + } + unset($pref['auth_nouser']); + if (!isset($pref['auth_badpassword'])) $pref['auth_badpassword'] = 0; + save_prefs(); // @TODO +} + + +$authlist = alt_auth_admin::alt_auth_get_authlist(); +if (isset($pref['auth_extended'])) +{ + $authExtended = explode(',',$pref['auth_extended']); +} +else +{ + $pref['auth_extended'] = ''; + $authExtended = array(); +} + + +if(isset($message)) +{ + e107::getRender()->tablerender('', "
".$message."
"); +} + + +$altAuthAdmin = new alt_auth_admin(); + + +$text = " +
+
+ + + + + + + + + + + + + + + + + + + + + + + + +
".LAN_ALT_1.": ". +$altAuthAdmin->alt_auth_get_dropdown('auth_method', $pref['auth_method'], 'e107')." +
".LAN_ALT_78.":
 +
".LAN_ALT_79."
+
".LAN_ALT_6.":
 +
".LAN_ALT_7."
+
".LAN_ALT_8.":
+ +		".$altAuthAdmin->alt_auth_get_dropdown('auth_method2', $pref['auth_method2'], 'none')." +
".LAN_ALT_9."
+
+ +
". +$frm->admin_button('updateprefs',LAN_UPDATE,'update')." +
+
+
"; +$ns = e107::getRender(); + +$ns->tablerender(LAN_ALT_3, $text); + + +if ($euf->userCount) +{ + include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/lan_user_extended.php'); + $fl = &$euf->fieldDefinitions; + $text = "
+
+ + + + + + + \n"; + + $text .= " + + + + + + + "; + foreach ($fl as $f) + { + $checked = (in_array($f['user_extended_struct_name'], $authExtended) ? " checked='checked'" : ''); + $text .= " + + + + \n"; + } + $text .= " +
".LAN_ALT_61."".LAN_ALT_62."".LAN_ALT_63."".LAN_ALT_64."
{$f['user_extended_struct_name']}".$tp->toHTML($f['user_extended_struct_text'],FALSE,'TITLE')."{$euf->user_extended_types[$f['user_extended_struct_type']]}
+".$frm->admin_button('updateeufs',LAN_UPDATE,'update')." + +
+ +
+
"; +e107::getRender()->tablerender(LAN_ALT_60, $text); + + +} + + +require_once(e_ADMIN.'footer.php'); + +function alt_auth_conf_adminmenu() +{ + alt_auth_adminmenu(); +} + + ?> \ No newline at end of file diff --git a/e107_plugins/alt_auth/alt_auth_login_class.php b/e107_plugins/alt_auth/alt_auth_login_class.php index e96f59634..4d9eb00bc 100755 --- a/e107_plugins/alt_auth/alt_auth_login_class.php +++ b/e107_plugins/alt_auth/alt_auth_login_class.php @@ -1,258 +1,293 @@ -e107 = e107::getInstance(); - $newvals=array(); - - if ($method == 'none') - { - $this->loginResult = AUTH_NOCONNECT; - return; - } - - require_once(e_PLUGIN.'alt_auth/'.$method.'_auth.php'); - $_login = new auth_login; - - if(isset($_login->Available) && ($_login->Available === FALSE)) - { // Relevant auth method not available (e.g. PHP extension not loaded) - $this->loginResult = AUTH_NOT_AVAILABLE; - return; - } - - $login_result = $_login->login($username, $userpass, $newvals, FALSE); - - if($login_result === AUTH_SUCCESS ) - { - require_once (e_HANDLER.'user_handler.php'); - require_once(e_HANDLER.'validator_class.php'); - - if (MAGIC_QUOTES_GPC == FALSE) - { - $username = mysql_real_escape_string($username); - } - $username = preg_replace("/\sOR\s|\=|\#/", "", $username); - $username = substr($username, 0, e107::getPref('loginname_maxlength')); - - $aa_sql = e107::getDb('aa'); - $userMethods = new UserHandler; - $db_vals = array('user_password' => $aa_sql->escape($userMethods->HashPassword($userpass,$username))); - $xFields = array(); // Possible extended user fields - - // See if any of the fields need processing before save - if (isset($_login->copyMethods) && count($_login->copyMethods)) - { - foreach ($newvals as $k => $v) - { - if (isset($_login->copyMethods[$k])) - { - $newvals[$k] = $this->translate($_login->copyMethods[$k], $v); - if (AA_DEBUG1) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth convert",$k.': '.$v.'=>'.$newvals[$k],FALSE,LOG_TO_ROLLING); - } - } - } - foreach ($newvals as $k => $v) - { - if (strpos($k,'x_') === 0) - { // Extended field - $k = substr($k,2); - $xFields['user_'.$k] = $v; - } - else - { // Normal user table - if (strpos($k,'user_' !== 0)) $k = 'user_'.$k; // translate the field names (but latest handlers don't need translation) - $db_vals[$k] = $v; - } - } - $ulogin = new userlogin(); - if (count($xFields)) - { // We're going to have to do something with extended fields as well - make sure there's an object - require_once (e_HANDLER.'user_extended_class.php'); - $ue = new e107_user_extended; - $q = - $qry = "SELECT u.user_id,u.".implode(',u.',array_keys($db_vals)).", ue.user_extended_id, ue.".implode(',ue.',array_keys($xFields))." FROM `#user` AS u - LEFT JOIN `#user_extended` AS ue ON ue.user_extended_id = u.user_id - WHERE ".$ulogin->getLookupQuery($username, FALSE, 'u.'); - if (AA_DEBUG) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth login","Query: {$qry}[!br!]".print_r($xFields,TRUE),FALSE,LOG_TO_ROLLING); - } - else - { - $qry = "SELECT * FROM `#user` WHERE ".$ulogin->getLookupQuery($username, FALSE); - } - if($aa_sql -> db_Select_gen($qry)) - { // Existing user - get current data, see if any changes - $row = $aa_sql->db_Fetch(MYSQL_ASSOC); - foreach ($db_vals as $k => $v) - { - if ($row[$k] == $v) unset($db_vals[$k]); - } - if (count($db_vals)) - { - $newUser = array(); - $newUser['data'] = $db_vals; - validatorClass::addFieldTypes($userMethods->userVettingInfo,$newUser); - $newUser['WHERE'] = '`user_id`='.$row['user_id']; - $aa_sql->db_Update('user',$newUser); - if (AA_DEBUG1) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth login","User data update: ".print_r($newUser,TRUE),FALSE,LOG_TO_ROLLING); - } - foreach ($xFields as $k => $v) - { - if ($row[$k] == $v) unset($xFields[$k]); - } - if (AA_DEBUG1) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth login","User data read: ".print_r($row,TRUE)."[!br!]".print_r($xFields,TRUE),FALSE,LOG_TO_ROLLING); - if (AA_DEBUG) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth login","User xtnd read: ".print_r($xFields,TRUE),FALSE,LOG_TO_ROLLING); - if (count($xFields)) - { - $xArray = array(); - $xArray['data'] = $xFields; - if ($row['user_extended_id']) - { - $ue->addFieldTypes($xArray); // Add in the data types for storage - $xArray['WHERE'] = '`user_extended_id`='.intval($row['user_id']); - if (AA_DEBUG) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth login","User xtnd update: ".print_r($xFields,TRUE),FALSE,LOG_TO_ROLLING); - $aa_sql->db_Update('user_extended',$xArray ); - } - else - { // Never been an extended user fields record for this user - $xArray['data']['user_extended_id'] = $row['user_id']; - $ue->addDefaultFields($xArray); // Add in the data types for storage, plus any default values - if (AA_DEBUG) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth login","Write new extended record".print_r($xFields,TRUE),FALSE,LOG_TO_ROLLING); - $aa_sql->db_Insert('user_extended',$xArray); - } - } - } - else - { // Just add a new user - - if (AA_DEBUG) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth login","Add new user: ".print_r($db_vals,TRUE)."[!br!]".print_r($xFields,TRUE),FALSE,LOG_TO_ROLLING); - if (!isset($db_vals['user_name'])) $db_vals['user_name'] = $username; - if (!isset($db_vals['user_loginname'])) $db_vals['user_loginname'] = $username; - if (!isset($db_vals['user_join'])) $db_vals['user_join'] = time(); - $db_vals['user_class'] = e107::getPref('initial_user_classes'); - if (!isset($db_vals['user_signature'])) $db_vals['user_signature'] = ''; - if (!isset($db_vals['user_prefs'])) $db_vals['user_prefs'] = ''; - if (!isset($db_vals['user_perms'])) $db_vals['user_perms'] = ''; - $userMethods->userClassUpdate($db_vals, 'userall'); - $newUser = array(); - $newUser['data'] = $db_vals; - $userMethods->addNonDefaulted($newUser); - validatorClass::addFieldTypes($userMethods->userVettingInfo,$newUser); - $newID = $aa_sql->db_Insert('user',$newUser); - if ($newID !== FALSE) - { - if (count($xFields)) - { - $xFields['user_extended_id'] = $newID; - $xArray = array(); - $xArray['data'] = $xFields; - $ue->addDefaultFields($xArray); // Add in the data types for storage, plus any default values - $result = $aa_sql->db_Insert('user_extended',$xArray); - if (AA_DEBUG) $this->e107->admin_log->e_log_event(10,debug_backtrace(),'DEBUG','Alt auth login',"Add extended: UID={$newID} result={$result}",FALSE,LOG_TO_ROLLING); - } - } - else - { // Error adding user to database - possibly a conflict on unique fields - $this->e107->admin_log->e_log_event(10,__FILE__.'|'.__FUNCTION__.'@'.__LINE__,'ALT_AUTH','Alt auth login','Add user fail: DB Error '.$aa_sql->getLastErrorText()."[!br!]".print_r($db_vals,TRUE),FALSE,LOG_TO_ROLLING); - $this->loginResult = LOGIN_DB_ERROR; - return; - } - } - $this->loginResult = LOGIN_CONTINUE; - return; - } - else - { // Failure modes - switch($login_result) - { - case AUTH_NOCONNECT: - if(varset(e107::getPref('auth_noconn'), TRUE)) - { - $this->loginResult = LOGIN_TRY_OTHER; - return; - } - $username=md5('xx_noconn_xx'); - $this->loginResult = LOGIN_ABORT; - return; - case AUTH_BADPASSWORD: - if(varset(e107::getPref('auth_badpassword'), TRUE)) - { - $this->loginResult = LOGIN_TRY_OTHER; - return; - } - $userpass=md5('xx_badpassword_xx'); - $this->loginResult = LOGIN_ABORT; // Not going to magically be able to log in! - return; - } - } - $this->loginResult = LOGIN_ABORT; // catch-all just in case - return; - } - - - // Function to implement copy methods - public function translate($method, $word) - { - $tp = e107::getParser(); - switch ($method) - { - case 'bool1' : - switch ($tp->ustrtoupper($word)) - { - case 'TRUE' : return TRUE; - case 'FALSE' : return FALSE; - } - return $word; - case 'ucase' : - return $tp->ustrtoupper($word); - case 'lcase' : - return $tp->ustrtolower($word); - case 'ucfirst' : - return ucfirst($word); // TODO: Needs changing to utf-8 function - case 'ucwords' : - return ucwords($word); // TODO: Needs changing to utf-8 function - case 'none' : - return $word; - } - } - -} +db_Select('alt_auth', '*', "auth_type = '".$prefix."' "); + $parm = array(); + while($row = $sql->db_Fetch()) + { + $parm[$row['auth_parmname']] = base64_decode(base64_decode($row['auth_parmval'])); + } + return $parm; + } +} + + +class alt_login +{ + protected $e107; + public $loginResult = false; + + public function __construct($method, &$username, &$userpass) + { + $this->e107 = e107::getInstance(); + $newvals=array(); + + if ($method == 'none') + { + $this->loginResult = AUTH_NOCONNECT; + return; + } + + require_once(e_PLUGIN.'alt_auth/'.$method.'_auth.php'); + $_login = new auth_login; + + if(isset($_login->Available) && ($_login->Available === FALSE)) + { // Relevant auth method not available (e.g. PHP extension not loaded) + $this->loginResult = AUTH_NOT_AVAILABLE; + return; + } + + $login_result = $_login->login($username, $userpass, $newvals, FALSE); + + if($login_result === AUTH_SUCCESS ) + { + require_once (e_HANDLER.'user_handler.php'); + require_once(e_HANDLER.'validator_class.php'); + + if (MAGIC_QUOTES_GPC == FALSE) + { + $username = mysql_real_escape_string($username); + } + $username = preg_replace("/\sOR\s|\=|\#/", "", $username); + $username = substr($username, 0, e107::getPref('loginname_maxlength')); + + $aa_sql = e107::getDb('aa'); + $userMethods = new UserHandler; + $db_vals = array('user_password' => $aa_sql->escape($userMethods->HashPassword($userpass,$username))); + $xFields = array(); // Possible extended user fields + + // See if any of the fields need processing before save + if (isset($_login->copyMethods) && count($_login->copyMethods)) + { + foreach ($newvals as $k => $v) + { + if (isset($_login->copyMethods[$k])) + { + $newvals[$k] = $this->translate($_login->copyMethods[$k], $v); + if (AA_DEBUG1) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth convert",$k.': '.$v.'=>'.$newvals[$k],FALSE,LOG_TO_ROLLING); + } + } + } + foreach ($newvals as $k => $v) + { + if (strpos($k,'x_') === 0) + { // Extended field + $k = substr($k,2); + $xFields['user_'.$k] = $v; + } + else + { // Normal user table + if (strpos($k,'user_' !== 0)) $k = 'user_'.$k; // translate the field names (but latest handlers don't need translation) + $db_vals[$k] = $v; + } + } + $ulogin = new userlogin(); + if (count($xFields)) + { // We're going to have to do something with extended fields as well - make sure there's an object + require_once (e_HANDLER.'user_extended_class.php'); + $ue = new e107_user_extended; + $q = + $qry = "SELECT u.user_id,u.".implode(',u.',array_keys($db_vals)).", ue.user_extended_id, ue.".implode(',ue.',array_keys($xFields))." FROM `#user` AS u + LEFT JOIN `#user_extended` AS ue ON ue.user_extended_id = u.user_id + WHERE ".$ulogin->getLookupQuery($username, FALSE, 'u.'); + if (AA_DEBUG) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth login","Query: {$qry}[!br!]".print_r($xFields,TRUE),FALSE,LOG_TO_ROLLING); + } + else + { + $qry = "SELECT * FROM `#user` WHERE ".$ulogin->getLookupQuery($username, FALSE); + } + if($aa_sql -> db_Select_gen($qry)) + { // Existing user - get current data, see if any changes + $row = $aa_sql->db_Fetch(MYSQL_ASSOC); + foreach ($db_vals as $k => $v) + { + if ($row[$k] == $v) unset($db_vals[$k]); + } + if (count($db_vals)) + { + $newUser = array(); + $newUser['data'] = $db_vals; + validatorClass::addFieldTypes($userMethods->userVettingInfo,$newUser); + $newUser['WHERE'] = '`user_id`='.$row['user_id']; + $aa_sql->db_Update('user',$newUser); + if (AA_DEBUG1) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth login","User data update: ".print_r($newUser,TRUE),FALSE,LOG_TO_ROLLING); + } + foreach ($xFields as $k => $v) + { + if ($row[$k] == $v) unset($xFields[$k]); + } + if (AA_DEBUG1) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth login","User data read: ".print_r($row,TRUE)."[!br!]".print_r($xFields,TRUE),FALSE,LOG_TO_ROLLING); + if (AA_DEBUG) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth login","User xtnd read: ".print_r($xFields,TRUE),FALSE,LOG_TO_ROLLING); + if (count($xFields)) + { + $xArray = array(); + $xArray['data'] = $xFields; + if ($row['user_extended_id']) + { + $ue->addFieldTypes($xArray); // Add in the data types for storage + $xArray['WHERE'] = '`user_extended_id`='.intval($row['user_id']); + if (AA_DEBUG) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth login","User xtnd update: ".print_r($xFields,TRUE),FALSE,LOG_TO_ROLLING); + $aa_sql->db_Update('user_extended',$xArray ); + } + else + { // Never been an extended user fields record for this user + $xArray['data']['user_extended_id'] = $row['user_id']; + $ue->addDefaultFields($xArray); // Add in the data types for storage, plus any default values + if (AA_DEBUG) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth login","Write new extended record".print_r($xFields,TRUE),FALSE,LOG_TO_ROLLING); + $aa_sql->db_Insert('user_extended',$xArray); + } + } + } + else + { // Just add a new user + + if (AA_DEBUG) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth login","Add new user: ".print_r($db_vals,TRUE)."[!br!]".print_r($xFields,TRUE),FALSE,LOG_TO_ROLLING); + if (!isset($db_vals['user_name'])) $db_vals['user_name'] = $username; + if (!isset($db_vals['user_loginname'])) $db_vals['user_loginname'] = $username; + if (!isset($db_vals['user_join'])) $db_vals['user_join'] = time(); + $db_vals['user_class'] = e107::getPref('initial_user_classes'); + if (!isset($db_vals['user_signature'])) $db_vals['user_signature'] = ''; + if (!isset($db_vals['user_prefs'])) $db_vals['user_prefs'] = ''; + if (!isset($db_vals['user_perms'])) $db_vals['user_perms'] = ''; + $userMethods->userClassUpdate($db_vals, 'userall'); + $newUser = array(); + $newUser['data'] = $db_vals; + $userMethods->addNonDefaulted($newUser); + validatorClass::addFieldTypes($userMethods->userVettingInfo,$newUser); + $newID = $aa_sql->db_Insert('user',$newUser); + if ($newID !== FALSE) + { + if (count($xFields)) + { + $xFields['user_extended_id'] = $newID; + $xArray = array(); + $xArray['data'] = $xFields; + $ue->addDefaultFields($xArray); // Add in the data types for storage, plus any default values + $result = $aa_sql->db_Insert('user_extended',$xArray); + if (AA_DEBUG) $this->e107->admin_log->e_log_event(10,debug_backtrace(),'DEBUG','Alt auth login',"Add extended: UID={$newID} result={$result}",FALSE,LOG_TO_ROLLING); + } + } + else + { // Error adding user to database - possibly a conflict on unique fields + $this->e107->admin_log->e_log_event(10,__FILE__.'|'.__FUNCTION__.'@'.__LINE__,'ALT_AUTH','Alt auth login','Add user fail: DB Error '.$aa_sql->getLastErrorText()."[!br!]".print_r($db_vals,TRUE),FALSE,LOG_TO_ROLLING); + $this->loginResult = LOGIN_DB_ERROR; + return; + } + } + $this->loginResult = LOGIN_CONTINUE; + return; + } + else + { // Failure modes + switch($login_result) + { + case AUTH_NOCONNECT: + if(varset(e107::getPref('auth_noconn'), TRUE)) + { + $this->loginResult = LOGIN_TRY_OTHER; + return; + } + $username=md5('xx_noconn_xx'); + $this->loginResult = LOGIN_ABORT; + return; + case AUTH_BADPASSWORD: + if(varset(e107::getPref('auth_badpassword'), TRUE)) + { + $this->loginResult = LOGIN_TRY_OTHER; + return; + } + $userpass=md5('xx_badpassword_xx'); + $this->loginResult = LOGIN_ABORT; // Not going to magically be able to log in! + return; + } + } + $this->loginResult = LOGIN_ABORT; // catch-all just in case + return; + } + + + // Function to implement copy methods + public function translate($method, $word) + { + $tp = e107::getParser(); + switch ($method) + { + case 'bool1' : + switch ($tp->ustrtoupper($word)) + { + case 'TRUE' : return TRUE; + case 'FALSE' : return FALSE; + } + return $word; + case 'ucase' : + return $tp->ustrtoupper($word); + case 'lcase' : + return $tp->ustrtolower($word); + case 'ucfirst' : + return ucfirst($word); // TODO: Needs changing to utf-8 function + case 'ucwords' : + return ucwords($word); // TODO: Needs changing to utf-8 function + case 'none' : + return $word; + } + } + +} ?> \ No newline at end of file diff --git a/e107_plugins/alt_auth/e107db_auth.php b/e107_plugins/alt_auth/e107db_auth.php index df852b10b..91037dd0f 100644 --- a/e107_plugins/alt_auth/e107db_auth.php +++ b/e107_plugins/alt_auth/e107db_auth.php @@ -1,181 +1,181 @@ -ErrorText = ''; - $this->conf = altAuthGetParams('e107db'); - $this->Available = TRUE; - } - - - - /** - * Retrieve and construct error strings - * - * @todo - test whether reconnect to DB is required (shouldn't be) - */ - private function makeErrorText($extra = '') - { - $this->ErrorText = $extra; - //global $mySQLserver, $mySQLuser, $mySQLpassword, $mySQLdefaultdb, $sql; - //$sql->db_Connect($mySQLserver, $mySQLuser, $mySQLpassword, $mySQLdefaultdb); - } - - - /** - * Validate login credentials - * - * @param string $uname - The user name requesting access - * @param string $pass - Password to use (usually plain text) - * @param pointer &$newvals - pointer to array to accept other data read from database - * @param boolean $connect_only - TRUE to simply connect to the database - * - * @return integer result (AUTH_xxxx) - * - * On a successful login, &$newvals array is filled with the requested data from the server - */ - public function login($uname, $pword, &$newvals, $connect_only = FALSE) - { - //Attempt to open connection to sql database - if(!$res = mysql_connect($this->conf['e107db_server'], $this->conf['e107db_username'], $this->conf['e107db_password'])) - { - $this->makeErrorText('Cannot connect to remote server'); - return AUTH_NOCONNECT; - } - //Select correct db - - if(!mysql_select_db($this->conf['e107db_database'], $res)) - { - mysql_close($res); - $this->makeErrorText('Cannot connect to remote DB'); - return AUTH_NOCONNECT; - } - if ($connect_only) return AUTH_SUCCESS; // Test mode may just want to connect to the DB - - $sel_fields = array(); - // Make an array of the fields we want from the source DB - foreach($this->conf as $k => $v) - { - if ($v && (strpos($k,'e107db_xf_') === 0)) - { - $sel_fields[] = substr($k,strlen('e107db_xf_')); - } - } - - $filterClass = intval(varset($this->conf['e107db_filter_class'], e_UC_PUBLIC)); - if (($filterClass != e_UC_PUBLIC) && (!in_array('user_class',$sel_fields))) - { - $sel_fields[] = 'user_class'; - } - - $sel_fields[] = 'user_password'; - $user_field = 'user_loginname'; - - - //Get record containing supplied login name - $qry = 'SELECT '.implode(',',$sel_fields)." FROM ".$this->conf['e107db_prefix']."user WHERE {$user_field} = '{$uname}' AND `user_ban` = 0"; -// echo "Query: {$qry}
"; - if(!$r1 = mysql_query($qry)) - { - mysql_close($res); - $this->makeErrorText('Lookup query failed'); - return AUTH_NOCONNECT; - } - if (!$row = mysql_fetch_array($r1)) - { - mysql_close($res); - $this->makeErrorText('User not found'); - return AUTH_NOUSER; - } - - mysql_close($res); // Finished with 'foreign' DB now - - // Got something from the DB - see whether password valid - require_once(e_PLUGIN.'alt_auth/extended_password_handler.php'); // This auto-loads the 'standard' password handler as well - $pass_check = new ExtendedPasswordHandler(); - - $passMethod = $pass_check->passwordMapping($this->conf['e107db_password_method']); - if ($passMethod === FALSE) - { - $this->makeErrorText('Password error - invalid method'); - return AUTH_BADPASSWORD; - } - - $pwFromDB = $row['user_password']; // Password stored in DB - - if ($pass_check->checkPassword($pword, $uname, $pwFromDB, $passMethod) !== PASSWORD_VALID) - { - $this->makeErrorText('Password incorrect'); - return AUTH_BADPASSWORD; - } - - // Valid user - check he's in an appropriate class - if ($filterClass != e_UC_PUBLIC) - { - $tmp = explode(',', $row['user_class']); - if (!in_array($filterClass, $tmp)) - { - $this->makeErrorText('Userc not found'); - return AUTH_NOUSER; // Treat as non-existent user - } - unset($tmp); - } - - // Now copy across any values we have selected - foreach($this->conf as $k => $v) - { - if ($v && (strpos($k,'e107db_xf_') === 0)) - { - $f = substr($k,strlen('e107db_xf_')); - if (isset($row[$f])) $newvals[$f] = $row[$f]; - } - } - $this->makeErrorText(''); // Success - just reconnect to E107 DB if needed - return AUTH_SUCCESS; - } -} - +ErrorText = ''; + $this->conf = $this->altAuthGetParams('e107db'); + $this->Available = TRUE; + } + + + + /** + * Retrieve and construct error strings + * + * @todo - test whether reconnect to DB is required (shouldn't be) + */ + private function makeErrorText($extra = '') + { + $this->ErrorText = $extra; + //global $mySQLserver, $mySQLuser, $mySQLpassword, $mySQLdefaultdb, $sql; + //$sql->db_Connect($mySQLserver, $mySQLuser, $mySQLpassword, $mySQLdefaultdb); + } + + + /** + * Validate login credentials + * + * @param string $uname - The user name requesting access + * @param string $pass - Password to use (usually plain text) + * @param pointer &$newvals - pointer to array to accept other data read from database + * @param boolean $connect_only - TRUE to simply connect to the database + * + * @return integer result (AUTH_xxxx) + * + * On a successful login, &$newvals array is filled with the requested data from the server + */ + public function login($uname, $pword, &$newvals, $connect_only = FALSE) + { + //Attempt to open connection to sql database + if(!$res = mysql_connect($this->conf['e107db_server'], $this->conf['e107db_username'], $this->conf['e107db_password'])) + { + $this->makeErrorText('Cannot connect to remote server'); + return AUTH_NOCONNECT; + } + //Select correct db + + if(!mysql_select_db($this->conf['e107db_database'], $res)) + { + mysql_close($res); + $this->makeErrorText('Cannot connect to remote DB'); + return AUTH_NOCONNECT; + } + if ($connect_only) return AUTH_SUCCESS; // Test mode may just want to connect to the DB + + $sel_fields = array(); + // Make an array of the fields we want from the source DB + foreach($this->conf as $k => $v) + { + if ($v && (strpos($k,'e107db_xf_') === 0)) + { + $sel_fields[] = substr($k,strlen('e107db_xf_')); + } + } + + $filterClass = intval(varset($this->conf['e107db_filter_class'], e_UC_PUBLIC)); + if (($filterClass != e_UC_PUBLIC) && (!in_array('user_class',$sel_fields))) + { + $sel_fields[] = 'user_class'; + } + + $sel_fields[] = 'user_password'; + $user_field = 'user_loginname'; + + + //Get record containing supplied login name + $qry = 'SELECT '.implode(',',$sel_fields)." FROM ".$this->conf['e107db_prefix']."user WHERE {$user_field} = '{$uname}' AND `user_ban` = 0"; +// echo "Query: {$qry}
"; + if(!$r1 = mysql_query($qry)) + { + mysql_close($res); + $this->makeErrorText('Lookup query failed'); + return AUTH_NOCONNECT; + } + if (!$row = mysql_fetch_array($r1)) + { + mysql_close($res); + $this->makeErrorText('User not found'); + return AUTH_NOUSER; + } + + mysql_close($res); // Finished with 'foreign' DB now + + // Got something from the DB - see whether password valid + require_once(e_PLUGIN.'alt_auth/extended_password_handler.php'); // This auto-loads the 'standard' password handler as well + $pass_check = new ExtendedPasswordHandler(); + + $passMethod = $pass_check->passwordMapping($this->conf['e107db_password_method']); + if ($passMethod === FALSE) + { + $this->makeErrorText('Password error - invalid method'); + return AUTH_BADPASSWORD; + } + + $pwFromDB = $row['user_password']; // Password stored in DB + + if ($pass_check->checkPassword($pword, $uname, $pwFromDB, $passMethod) !== PASSWORD_VALID) + { + $this->makeErrorText('Password incorrect'); + return AUTH_BADPASSWORD; + } + + // Valid user - check he's in an appropriate class + if ($filterClass != e_UC_PUBLIC) + { + $tmp = explode(',', $row['user_class']); + if (!in_array($filterClass, $tmp)) + { + $this->makeErrorText('Userc not found'); + return AUTH_NOUSER; // Treat as non-existent user + } + unset($tmp); + } + + // Now copy across any values we have selected + foreach($this->conf as $k => $v) + { + if ($v && (strpos($k,'e107db_xf_') === 0)) + { + $f = substr($k,strlen('e107db_xf_')); + if (isset($row[$f])) $newvals[$f] = $row[$f]; + } + } + $this->makeErrorText(''); // Success - just reconnect to E107 DB if needed + return AUTH_SUCCESS; + } +} + ?> \ No newline at end of file diff --git a/e107_plugins/alt_auth/e107db_conf.php b/e107_plugins/alt_auth/e107db_conf.php index de9d554a5..12462d581 100644 --- a/e107_plugins/alt_auth/e107db_conf.php +++ b/e107_plugins/alt_auth/e107db_conf.php @@ -30,9 +30,64 @@ require_once(e_PLUGIN.'alt_auth/alt_auth_adminmenu.php'); require_once(e_PLUGIN.'alt_auth/extended_password_handler.php'); + + + +class alt_auth_e107db extends alt_auth_admin +{ + + public function __construct() + { + } + + + public function showForm() + { + $ns = e107::getRender(); + + $parm = $this->altAuthGetParams('e107db'); + + $frm = new form; + $text = $frm -> form_open('post', e_SELF); + $text .= " + + + + "; + + $text .= ""; + + $text .= $this->alt_auth_get_db_fields('e107db', $frm, $parm, 'server|uname|pwd|db|prefix|classfilt'); + + $text .= ""; + + $text .= ""; + + $text .= $this->alt_auth_get_field_list('e107db',$frm, $parm, TRUE); + + $text .= "
".LAN_ALT_26.""; + $text .= E107DB_LAN_1; + $text .= "
".E107DB_LAN_9.""; + $text .= $this->altAuthGetPasswordSelector('e107db_password_method', $frm, $parm['e107db_password_method'], FALSE); + + $text .= "

".E107DB_LAN_11."
"; + $text .= e107::getForm()->admin_button("update", LAN_UPDATE,'update'); + // $text .= $frm -> form_button("submit", "update", LAN_ALT_UPDATESET); + $text .= '
'; + $text .= $frm -> form_close(); + + $ns->tablerender(E107DB_LAN_10, $text); + + $ns->tablerender(LAN_ALT_40.LAN_ALT_41,$this->alt_auth_test_form('e107db',$frm)); + } +} + + +$e107dbAdmin = new alt_auth_e107db(); + if(vartrue($_POST['update'])) { - $message = alt_auth_post_options('e107db'); + $message = $e107dbAdmin->alt_auth_post_options('e107db'); } @@ -41,51 +96,9 @@ if(vartrue($message)) e107::getRender()->tablerender('',"
".$message.'
'); } +$e107dbAdmin->showForm(); -show_e107db_form(); - - -function show_e107db_form() -{ - $ns = e107::getRender(); - - $parm = altAuthGetParams('e107db'); - - $frm = new form; - $text = $frm -> form_open('post', e_SELF); - $text .= " - - - - "; - - $text .= ""; - - $text .= alt_auth_get_db_fields('e107db', $frm, $parm, 'server|uname|pwd|db|prefix|classfilt'); - - $text .= ""; - - $text .= ""; - - $text .= alt_auth_get_field_list('e107db',$frm, $parm, TRUE); - - $text .= "
".LAN_ALT_26.""; - $text .= E107DB_LAN_1; - $text .= "
".E107DB_LAN_9.""; - $text .= altAuthGetPasswordSelector('e107db_password_method', $frm, $parm['e107db_password_method'], FALSE); - - $text .= "

".E107DB_LAN_11."
"; - $text .= e107::getForm()->admin_button("update", LAN_UPDATE,'update'); -// $text .= $frm -> form_button("submit", "update", LAN_ALT_UPDATESET); - $text .= '
'; - $text .= $frm -> form_close(); - - $ns->tablerender(E107DB_LAN_10, $text); - - $ns->tablerender(LAN_ALT_40.LAN_ALT_41,alt_auth_test_form('e107db',$frm)); -} - require_once(e_ADMIN.'footer.php'); diff --git a/e107_plugins/alt_auth/extended_password_handler.php b/e107_plugins/alt_auth/extended_password_handler.php index 231078e7c..000d3b422 100644 --- a/e107_plugins/alt_auth/extended_password_handler.php +++ b/e107_plugins/alt_auth/extended_password_handler.php @@ -1,332 +1,332 @@ -random_state = md5($this->random_state.microtime().mt_rand(0,10000)); // This will 'auto seed' - - $output = ''; - for ($i = 0; $i < $count; $i += 16) - { // Only do this loop once unless we need more than 16 bytes - $this->random_state = md5(microtime() . $this->random_state); - $output .= pack('H*', md5($this->random_state)); // Becomes an array of 16 bytes - } - $output = substr($output, 0, $count); - - return $output; - } - - - /** - * Encode to base64 (each block of three 8-bit chars becomes 4 printable chars) - * Use first $count characters of $input string - */ - private function encode64($input, $count) - { - return base64_encode(substr($input, 0, $count)); // @todo - check this works OK - /* - $output = ''; - $i = 0; - do - { - $value = ord($input[$i++]); - $output .= $this->itoa64[$value & 0x3f]; - if ($i < $count) $value |= ord($input[$i]) << 8; - $output .= $this->itoa64[($value >> 6) & 0x3f]; - if ($i++ >= $count) break; - if ($i < $count) $value |= ord($input[$i]) << 16; - $output .= $this->itoa64[($value >> 12) & 0x3f]; - if ($i++ >= $count) break; - $output .= $this->itoa64[($value >> 18) & 0x3f]; - } while ($i < $count); - - return $output; - */ - } - - - - /** - * Method for PHPBB3-style salted passwords, which begin '$H$', and WordPress-style salted passwords, which begin '$P$' - * Given a plaintext password and the complete password/hash function (which includes any salt), calculate hash - * Returns FALSE on error - */ - private function crypt_private($password, $stored_password, $password_type = PASSWORD_PHPBB_SALT) - { - $output = '*0'; - if (substr($stored_password, 0, 2) == $output) - { - $output = '*1'; - } - - $prefix = ''; - switch ($password_type) - { - case PASSWORD_PHPBB_SALT : - $prefix = PASSWORD_PHPBB_ID; - break; - case PASSWORD_WORDPRESS_SALT : - $prefix = PASSWORD_WORDPRESS_ID; - break; - default : - $prefix = ''; - } - - if ($prefix != substr($stored_password, 0, 3)) - { - return $output; - } - - $count_log2 = strpos($this->itoa64, $stored_password[3]); // 4th character indicates hash depth count - if ($count_log2 < 7 || $count_log2 > 30) - { - return $output; - } - - $count = 1 << $count_log2; - - $salt = substr($stored_password, 4, 8); // Salt is characters 5..12 - if (strlen($salt) != 8) - { - return $output; - } - - # We're kind of forced to use MD5 here since it's the only - # cryptographic primitive available in all versions of PHP - # currently in use. To implement our own low-level crypto - # in PHP would result in much worse performance and - # consequently in lower iteration counts and hashes that are - # quicker to crack (by non-PHP code). - // Get raw binary output (always 16 bytes) - we assume PHP5 here - $hash = md5($salt.$password, TRUE); - do - { - $hash = md5($hash.$password, TRUE); - } while (--$count); - - $output = substr($setting, 0, 12); // Identifier, shift count and salt - total 12 chars - $output .= $this->encode64($hash, 16); // Returns 22-character string - - return $output; - } - - - /** - * Return array of supported password types - key is used internally, text is displayed - */ - public function getPasswordTypes($includeExtended = TRUE) - { - $vals = array(); - $vals = array('md5' => IMPORTDB_LAN_7,'e107_salt' => IMPORTDB_LAN_8); // Methods supported in core - if ($includeExtended) - { - $vals = array_merge($vals,array( - 'plaintext' => IMPORTDB_LAN_2, - 'joomla_salt' => IMPORTDB_LAN_3, - 'mambo_salt' => IMPORTDB_LAN_4, - 'smf_sha1' => IMPORTDB_LAN_5, - 'sha1' => IMPORTDB_LAN_6, - 'phpbb3_salt' => IMPORTDB_LAN_12, - 'wordpress_salt' => IMPORTDB_LAN_13, - 'magento_salt' => IMPORTDB_LAN_14, - )); - } - return $vals; - } - - - /** - * Return password type which relates to a specific foreign system - */ - public function passwordMapping($ptype) - { - $maps = array( - 'plaintext' => PASSWORD_PLAINTEXT, - 'joomla_salt' => PASSWORD_JOOMLA_SALT, - 'mambo_salt' => PASSWORD_MAMBO_SALT, - 'smf_sha1' => PASSWORD_GENERAL_SHA1, - 'sha1' => PASSWORD_GENERAL_SHA1, - 'mambo' => PASSWORD_GENERAL_MD5, - 'phpbb2' => PASSWORD_GENERAL_MD5, - 'e107' => PASSWORD_GENERAL_MD5, - 'md5' => PASSWORD_GENERAL_MD5, - 'e107_salt' => PASSWORD_E107_SALT, - 'phpbb2_salt' => PASSWORD_PHPBB_SALT, - 'phpbb3_salt' => PASSWORD_PHPBB_SALT, - 'wordpress_salt' => PASSWORD_WORDPRESS_SALT, - 'magento_salt' => PASSWORD_MAGENTO_SALT, - ); - if (isset($maps[$ptype])) return $maps[$ptype]; - return FALSE; - } - - - /** - * Extension of password validation to handle more types - * - * @param string $pword - plaintext password as entered by user - * @param string $login_name - string used to log in (could actually be email address) - * @param string $stored_hash - required value for password to match - * @param integer $password_type - constant specifying the type of password to check against - * - * @return PASSWORD_INVALID|PASSWORD_VALID|string - * PASSWORD_INVALID if no match - * PASSWORD_VALID if valid password - * Return a new hash to store if valid password but non-preferred encoding - */ - public function CheckPassword($pword, $login_name, $stored_hash, $password_type = PASSWORD_DEFAULT_TYPE) - { - switch ($password_type) - { - case PASSWORD_GENERAL_MD5 : - case PASSWORD_E107_MD5 : - $pwHash = md5($pword); - break; - - case PASSWORD_GENERAL_SHA1 : - if (strlen($stored_hash) != 40) return PASSWORD_INVALID; - $pwHash = sha1($pword); - break; - - case PASSWORD_JOOMLA_SALT : - case PASSWORD_MAMBO_SALT : - if ((strpos($stored_hash, ':') === false) || (strlen($stored_hash) < 40)) - { - return PASSWORD_INVALID; - } - // Mambo/Joomla salted hash - should be 32-character md5 hash, ':', 16-character salt (but could be 8-char salt, maybe) - list($hash, $salt) = explode(':', $stored_hash); - $pwHash = md5($pword.$salt); - $stored_hash = $hash; - break; - - - case PASSWORD_MAGENTO_SALT : - $hash = $salt = ''; - if ((strpos($stored_hash, ':') !== false)) - { - list($hash, $salt) = explode(':', $stored_hash); - } - // Magento salted hash - should be 32-character md5 hash, ':', 2-character salt, but could be also only md5 hash - else - { - $hash = $stored_hash; - } - if(strlen($hash) !== 32) - { - //return PASSWORD_INVALID; - } - - $pwHash = $salt ? md5($salt.$pword) : md5($pword); - $stored_hash = $hash; - break; - - case PASSWORD_E107_SALT : - //return e107::getUserSession()->CheckPassword($password, $login_name, $stored_hash); - return parent::CheckPassword($password, $login_name, $stored_hash); - break; - - case PASSWORD_PHPBB_SALT : - case PASSWORD_WORDPRESS_SALT : - if (strlen($stored_hash) != 34) return PASSWORD_INVALID; - $pwHash = $this->crypt_private($pword, $stored_hash, $password_type); - if ($pwHash[0] == '*') - { - return PASSWORD_INVALID; - } - $stored_hash = substr($stored_hash,12); - break; - - case PASSWORD_PLAINTEXT : - $pwHash = $pword; - break; - - default : - return PASSWORD_INVALID; - } - if ($stored_hash != $pwHash) return PASSWORD_INVALID; - return PASSWORD_VALID; - } - -} - - +random_state = md5($this->random_state.microtime().mt_rand(0,10000)); // This will 'auto seed' + + $output = ''; + for ($i = 0; $i < $count; $i += 16) + { // Only do this loop once unless we need more than 16 bytes + $this->random_state = md5(microtime() . $this->random_state); + $output .= pack('H*', md5($this->random_state)); // Becomes an array of 16 bytes + } + $output = substr($output, 0, $count); + + return $output; + } + + + /** + * Encode to base64 (each block of three 8-bit chars becomes 4 printable chars) + * Use first $count characters of $input string + */ + private function encode64($input, $count) + { + return base64_encode(substr($input, 0, $count)); // @todo - check this works OK + /* + $output = ''; + $i = 0; + do + { + $value = ord($input[$i++]); + $output .= $this->itoa64[$value & 0x3f]; + if ($i < $count) $value |= ord($input[$i]) << 8; + $output .= $this->itoa64[($value >> 6) & 0x3f]; + if ($i++ >= $count) break; + if ($i < $count) $value |= ord($input[$i]) << 16; + $output .= $this->itoa64[($value >> 12) & 0x3f]; + if ($i++ >= $count) break; + $output .= $this->itoa64[($value >> 18) & 0x3f]; + } while ($i < $count); + + return $output; + */ + } + + + + /** + * Method for PHPBB3-style salted passwords, which begin '$H$', and WordPress-style salted passwords, which begin '$P$' + * Given a plaintext password and the complete password/hash function (which includes any salt), calculate hash + * Returns FALSE on error + */ + private function crypt_private($password, $stored_password, $password_type = PASSWORD_PHPBB_SALT) + { + $output = '*0'; + if (substr($stored_password, 0, 2) == $output) + { + $output = '*1'; + } + + $prefix = ''; + switch ($password_type) + { + case PASSWORD_PHPBB_SALT : + $prefix = PASSWORD_PHPBB_ID; + break; + case PASSWORD_WORDPRESS_SALT : + $prefix = PASSWORD_WORDPRESS_ID; + break; + default : + $prefix = ''; + } + + if ($prefix != substr($stored_password, 0, 3)) + { + return $output; + } + + $count_log2 = strpos($this->itoa64, $stored_password[3]); // 4th character indicates hash depth count + if ($count_log2 < 7 || $count_log2 > 30) + { + return $output; + } + + $count = 1 << $count_log2; + + $salt = substr($stored_password, 4, 8); // Salt is characters 5..12 + if (strlen($salt) != 8) + { + return $output; + } + + # We're kind of forced to use MD5 here since it's the only + # cryptographic primitive available in all versions of PHP + # currently in use. To implement our own low-level crypto + # in PHP would result in much worse performance and + # consequently in lower iteration counts and hashes that are + # quicker to crack (by non-PHP code). + // Get raw binary output (always 16 bytes) - we assume PHP5 here + $hash = md5($salt.$password, TRUE); + do + { + $hash = md5($hash.$password, TRUE); + } while (--$count); + + $output = substr($setting, 0, 12); // Identifier, shift count and salt - total 12 chars + $output .= $this->encode64($hash, 16); // Returns 22-character string + + return $output; + } + + + /** + * Return array of supported password types - key is used internally, text is displayed + */ + public function getPasswordTypes($includeExtended = TRUE) + { + $vals = array(); + $vals = array('md5' => IMPORTDB_LAN_7,'e107_salt' => IMPORTDB_LAN_8); // Methods supported in core + if ($includeExtended) + { + $vals = array_merge($vals,array( + 'plaintext' => IMPORTDB_LAN_2, + 'joomla_salt' => IMPORTDB_LAN_3, + 'mambo_salt' => IMPORTDB_LAN_4, + 'smf_sha1' => IMPORTDB_LAN_5, + 'sha1' => IMPORTDB_LAN_6, + 'phpbb3_salt' => IMPORTDB_LAN_12, + 'wordpress_salt' => IMPORTDB_LAN_13, + 'magento_salt' => IMPORTDB_LAN_14, + )); + } + return $vals; + } + + + /** + * Return password type which relates to a specific foreign system + */ + public function passwordMapping($ptype) + { + $maps = array( + 'plaintext' => PASSWORD_PLAINTEXT, + 'joomla_salt' => PASSWORD_JOOMLA_SALT, + 'mambo_salt' => PASSWORD_MAMBO_SALT, + 'smf_sha1' => PASSWORD_GENERAL_SHA1, + 'sha1' => PASSWORD_GENERAL_SHA1, + 'mambo' => PASSWORD_GENERAL_MD5, + 'phpbb2' => PASSWORD_GENERAL_MD5, + 'e107' => PASSWORD_GENERAL_MD5, + 'md5' => PASSWORD_GENERAL_MD5, + 'e107_salt' => PASSWORD_E107_SALT, + 'phpbb2_salt' => PASSWORD_PHPBB_SALT, + 'phpbb3_salt' => PASSWORD_PHPBB_SALT, + 'wordpress_salt' => PASSWORD_WORDPRESS_SALT, + 'magento_salt' => PASSWORD_MAGENTO_SALT, + ); + if (isset($maps[$ptype])) return $maps[$ptype]; + return FALSE; + } + + + /** + * Extension of password validation to handle more types + * + * @param string $pword - plaintext password as entered by user + * @param string $login_name - string used to log in (could actually be email address) + * @param string $stored_hash - required value for password to match + * @param integer $password_type - constant specifying the type of password to check against + * + * @return PASSWORD_INVALID|PASSWORD_VALID|string + * PASSWORD_INVALID if no match + * PASSWORD_VALID if valid password + * Return a new hash to store if valid password but non-preferred encoding + */ + public function CheckPassword($pword, $login_name, $stored_hash, $password_type = PASSWORD_DEFAULT_TYPE) + { + switch ($password_type) + { + case PASSWORD_GENERAL_MD5 : + case PASSWORD_E107_MD5 : + $pwHash = md5($pword); + break; + + case PASSWORD_GENERAL_SHA1 : + if (strlen($stored_hash) != 40) return PASSWORD_INVALID; + $pwHash = sha1($pword); + break; + + case PASSWORD_JOOMLA_SALT : + case PASSWORD_MAMBO_SALT : + if ((strpos($stored_hash, ':') === false) || (strlen($stored_hash) < 40)) + { + return PASSWORD_INVALID; + } + // Mambo/Joomla salted hash - should be 32-character md5 hash, ':', 16-character salt (but could be 8-char salt, maybe) + list($hash, $salt) = explode(':', $stored_hash); + $pwHash = md5($pword.$salt); + $stored_hash = $hash; + break; + + + case PASSWORD_MAGENTO_SALT : + $hash = $salt = ''; + if ((strpos($stored_hash, ':') !== false)) + { + list($hash, $salt) = explode(':', $stored_hash); + } + // Magento salted hash - should be 32-character md5 hash, ':', 2-character salt, but could be also only md5 hash + else + { + $hash = $stored_hash; + } + if(strlen($hash) !== 32) + { + //return PASSWORD_INVALID; + } + + $pwHash = $salt ? md5($salt.$pword) : md5($pword); + $stored_hash = $hash; + break; + + case PASSWORD_E107_SALT : + //return e107::getUserSession()->CheckPassword($password, $login_name, $stored_hash); + return parent::CheckPassword($password, $login_name, $stored_hash); + break; + + case PASSWORD_PHPBB_SALT : + case PASSWORD_WORDPRESS_SALT : + if (strlen($stored_hash) != 34) return PASSWORD_INVALID; + $pwHash = $this->crypt_private($pword, $stored_hash, $password_type); + if ($pwHash[0] == '*') + { + return PASSWORD_INVALID; + } + $stored_hash = substr($stored_hash,12); + break; + + case PASSWORD_PLAINTEXT : + $pwHash = $pword; + break; + + default : + return PASSWORD_INVALID; + } + if ($stored_hash != $pwHash) return PASSWORD_INVALID; + return PASSWORD_VALID; + } + +} + + ?> \ No newline at end of file diff --git a/e107_plugins/alt_auth/importdb_auth.php b/e107_plugins/alt_auth/importdb_auth.php index f34e69ba8..9f8a7fe4c 100644 --- a/e107_plugins/alt_auth/importdb_auth.php +++ b/e107_plugins/alt_auth/importdb_auth.php @@ -1,113 +1,113 @@ -ErrorText = ''; - $this->conf = altAuthGetParams('importdb'); - $this->Available = TRUE; - } - - - private function makeErrorText($extra = '') - { - $this->ErrorText = $extra; - } - - - /** - * Validate login credentials - * - * @param string $uname - The user name requesting access - * @param string $pass - Password to use (usually plain text) - * @param pointer &$newvals - pointer to array to accept other data read from database - * @param boolean $connect_only - TRUE to simply connect to the database - * - * @return integer result (AUTH_xxxx) - * - * On a successful login, &$newvals array is filled with the requested data from the server - */ - public function login($uname, $pword, &$newvals, $connect_only = FALSE) - { - if ($connect_only) return AUTH_SUCCESS; // Big problem if can't connect to our own DB! - - // See if the user's in the E107 database - otherwise they can go away - global $sql, $tp; - if (!$sql->db_Select('user', 'user_loginname, user_password', "user_loginname = '".$tp -> toDB($uname)."'")) - { // Invalid user - $this->makeErrorText('User not found'); - return AUTH_NOUSER; - } - - // Now look at their password - we always need to verify it, even if its a core E107 format. - // Higher levels will always convert an authorised password to E107 format and save it for us. - if (!$row = $sql->db_Fetch()) - { - $this->makeErrorText('Error reading DB'); - return AUTH_NOCONNECT; // Debateable return code - really a DB error. But consistent with other handler - } - - require_once(e_PLUGIN.'alt_auth/extended_password_handler.php'); // This auto-loads the 'standard' password handler as well - $pass_check = new ExtendedPasswordHandler(); - - $passMethod = $pass_check->passwordMapping($this->conf['importdb_password_method']); - if ($passMethod === FALSE) - { - $this->makeErrorText('Password error - invalid method'); - return AUTH_BADPASSWORD; - } - - $pwFromDB = $row['user_password']; // Password stored in DB - if ($pass_check->checkPassword($pword, $uname, $pwFromDB, $passMethod) !== PASSWORD_VALID) - { - $this->makeErrorText('Password incorrect'); - return LOGIN_CONTINUE; // Could have already changed password to E107 format - } - $this->makeErrorText(''); - return AUTH_SUCCESS; - } -} - +ErrorText = ''; + $this->conf = $this->altAuthGetParams('importdb'); + $this->Available = TRUE; + } + + + private function makeErrorText($extra = '') + { + $this->ErrorText = $extra; + } + + + /** + * Validate login credentials + * + * @param string $uname - The user name requesting access + * @param string $pass - Password to use (usually plain text) + * @param pointer &$newvals - pointer to array to accept other data read from database + * @param boolean $connect_only - TRUE to simply connect to the database + * + * @return integer result (AUTH_xxxx) + * + * On a successful login, &$newvals array is filled with the requested data from the server + */ + public function login($uname, $pword, &$newvals, $connect_only = FALSE) + { + if ($connect_only) return AUTH_SUCCESS; // Big problem if can't connect to our own DB! + + // See if the user's in the E107 database - otherwise they can go away + global $sql, $tp; + if (!$sql->db_Select('user', 'user_loginname, user_password', "user_loginname = '".$tp -> toDB($uname)."'")) + { // Invalid user + $this->makeErrorText('User not found'); + return AUTH_NOUSER; + } + + // Now look at their password - we always need to verify it, even if its a core E107 format. + // Higher levels will always convert an authorised password to E107 format and save it for us. + if (!$row = $sql->db_Fetch()) + { + $this->makeErrorText('Error reading DB'); + return AUTH_NOCONNECT; // Debateable return code - really a DB error. But consistent with other handler + } + + require_once(e_PLUGIN.'alt_auth/extended_password_handler.php'); // This auto-loads the 'standard' password handler as well + $pass_check = new ExtendedPasswordHandler(); + + $passMethod = $pass_check->passwordMapping($this->conf['importdb_password_method']); + if ($passMethod === FALSE) + { + $this->makeErrorText('Password error - invalid method'); + return AUTH_BADPASSWORD; + } + + $pwFromDB = $row['user_password']; // Password stored in DB + if ($pass_check->checkPassword($pword, $uname, $pwFromDB, $passMethod) !== PASSWORD_VALID) + { + $this->makeErrorText('Password incorrect'); + return LOGIN_CONTINUE; // Could have already changed password to E107 format + } + $this->makeErrorText(''); + return AUTH_SUCCESS; + } +} + ?> \ No newline at end of file diff --git a/e107_plugins/alt_auth/importdb_conf.php b/e107_plugins/alt_auth/importdb_conf.php index 629f64c27..c4c7a7c2e 100644 --- a/e107_plugins/alt_auth/importdb_conf.php +++ b/e107_plugins/alt_auth/importdb_conf.php @@ -32,10 +32,57 @@ require_once(e_PLUGIN.'alt_auth/alt_auth_adminmenu.php'); require_once(e_PLUGIN.'alt_auth/extended_password_handler.php'); + + +class alt_auth_otherdb extends alt_auth_admin +{ + + public function __construct() + { + } + + + public function showForm() + { + $ns = e107::getRender(); + + $parm = $this->altAuthGetParams('importdb'); + + $frm = new form; + $text = $frm -> form_open('post', e_SELF); + $text .= " + + + + "; + + + $text .= ""; + $text .= ""; + + $text .= "
".IMPORTDB_LAN_11."
".IMPORTDB_LAN_9.""; + + $text .= $this->altAuthGetPasswordSelector('importdb_password_method', $frm, $parm['importdb_password_method'], TRUE); + + $text .= "
"; + $text .= e107::getForm()->admin_button("update", LAN_UPDATE,'update'); + $text .= "
"; + $text .= $frm -> form_close(); + + $ns -> tablerender(IMPORTDB_LAN_10, $text); + + $ns->tablerender(LAN_ALT_40.LAN_ALT_41, $this->alt_auth_test_form('importdb',$frm)); + + } +} + + +$otherDbAdmin = new alt_auth_otherdb(); + if(vartrue($_POST['update'])) { // $message = update_importdb_prefs(); - $message = alt_auth_post_options('importdb'); + $message = $otherDbAdmin->alt_auth_post_options('importdb'); } if(vartrue($message)) @@ -44,41 +91,8 @@ if(vartrue($message)) } -show_importdb_form(); +$otherDbAdmin->showForm(); -function show_importdb_form() -{ - $ns = e107::getRender(); - - - $parm = altAuthGetParams('importdb'); - - $frm = new form; - $text = $frm -> form_open('post', e_SELF); - $text .= " - - - - "; - - - $text .= ""; - $text .= ""; - - $text .= "
".IMPORTDB_LAN_11."
".IMPORTDB_LAN_9.""; - - $text .= altAuthGetPasswordSelector('importdb_password_method', $frm, $parm['importdb_password_method'], TRUE); - - $text .= "
"; - $text .= e107::getForm()->admin_button("update", LAN_UPDATE,'update'); - $text .= "
"; - $text .= $frm -> form_close(); - - $ns -> tablerender(IMPORTDB_LAN_10, $text); - - $ns->tablerender(LAN_ALT_40.LAN_ALT_41,alt_auth_test_form('importdb',$frm)); - -} require_once(e_ADMIN.'footer.php'); diff --git a/e107_plugins/alt_auth/ldap_auth.php b/e107_plugins/alt_auth/ldap_auth.php index 99f92c047..8105d54ef 100755 --- a/e107_plugins/alt_auth/ldap_auth.php +++ b/e107_plugins/alt_auth/ldap_auth.php @@ -1,311 +1,309 @@ -copyAttribs = array(); - $this->copyMethods = array(); - $sql = e107::getDB('altAuth'); - $sql->db_Select('alt_auth', '*', "auth_type = 'ldap' "); - while ($row = $sql->db_Fetch()) - { - $ldap[$row['auth_parmname']] = base64_decode(base64_decode($row['auth_parmval'])); - if ((strpos($row['auth_parmname'], 'ldap_xf_') === 0) && $ldap[$row['auth_parmname']]) // Attribute to copy on successful login - { - $this->copyAttribs[substr($row['auth_parmname'], strlen('ldap_xf_'))] = $ldap[$row['auth_parmname']]; // Key = LDAP attribute. Value = e107 field name - } - elseif ((strpos($row['auth_parmname'], 'ldap_pm_') === 0) && $ldap[$row['auth_parmname']] && ($ldap[$row['auth_parmname']] != 'none')) // Method to use to copy parameter - { // Any fields with non-null 'copy' methods - $this->copyMethods[substr($row['auth_parmname'], strlen('ldap_pm_'))] = $ldap[$row['auth_parmname']]; // Key = e107 field name. Value = copy method - } - unset($row['auth_parmname']); - } - $this->server = explode(',', $ldap['ldap_server']); - $this->serverType = $ldap['ldap_servertype']; - $this->dn = $ldap['ldap_basedn']; - $this->ou = $ldap['ldap_ou']; - $this->usr = $ldap['ldap_user']; - $this->pwd = $ldap['ldap_passwd']; - $this->ldapVersion = $ldap['ldap_version']; - $this->filter = (isset($ldap['ldap_edirfilter']) ? $ldap['ldap_edirfilter'] : ""); - - if (!function_exists('ldap_connect')) - { - return AUTH_NORESOURCE; - } - - if (!$this->connect()) - { - return AUTH_NOCONNECT; - } - $this->Available = TRUE; - return AUTH_SUCCESS; - } - - - /** - * Retrieve and construct error strings - */ - private function makeErrorText($extra = '') - { - $this->ldapErrorCode = ldap_errno($this->connection); - $this->ldapErrorText = ldap_error($this->connection); - $this->ErrorText = $extra . ' ' . $this->ldapErrorCode . ': ' . $this->ldapErrorText; - } - - - /** - * Connect to the LDAP server - * - * @return boolean TRUE for success, FALSE for failure - */ - public function connect() - { - foreach ($this->server as $key => $host) - { - $this->connection = ldap_connect($host); - if ($this->connection) - { - if ($this->ldapVersion == 3 || $this->serverType == "ActiveDirectory") - { - @ldap_set_option($this->connection, LDAP_OPT_PROTOCOL_VERSION, 3); - } - return true; - } - } - - $this->ldapErrorCode = -1; - $this->ldapErrorText = "Unable to connect to any server"; - $this->ErrorText = $this->ldapErrorCode . ': ' . $this->ldapErrorText; - return false; - } - - - /** - * Close the connection to the LDAP server - */ - public function close() - { - if (!@ldap_close($this->connection)) - { - $this->makeErrorText(); // Read the error code and explanatory string - return false; - } - else - { - return true; - } - } - - - /** - * Validate login credentials - * - * @param string $uname - The user name requesting access - * @param string $pass - Password to use (usually plain text) - * @param pointer &$newvals - pointer to array to accept other data read from database - * @param boolean $connect_only - TRUE to simply connect to the server - * - * @return integer result (AUTH_xxxx) - * - * On a successful login, &$newvals array is filled with the requested data from the server - */ - function login($uname, $pass, &$newvals, $connect_only = false) - { - /* Construct the full DN, eg:- - ** "uid=username, ou=People, dc=orgname,dc=com" - */ - // echo "Login to server type: {$this->serverType}
"; - $current_filter = ""; - if ($this->serverType == "ActiveDirectory") - { - $checkDn = $uname . '@' . $this->dn; - // added by Father Barry Keal - // $current_filter = "(sAMAccountName={$uname})"; for pre windows 2000 - $current_filter = "(userprincipalname={$uname}@{$this->dn})"; // for 2000 + - // end add by Father Barry Keal - } - else - { - if ($this->usr != '' && $this->pwd != '') - { - $this->result = ldap_bind($this->connection, $this->usr, $this->pwd); - } - else - { - $this->result = ldap_bind($this->connection); - } - if ($this->result === false) - { - // echo "LDAP bind failed
"; - $this->makeErrorText(); // Read the error code and explanatory string - return AUTH_NOCONNECT; - } - // In ldap_auth.php, should look like this instead for eDirectory - // $query = ldap_search($this -> connection, $this -> dn, "cn=".$uname); - if ($this->serverType == "eDirectory") - { - $current_filter = "(&(cn={$uname})" . $this->filter . ")"; - } - else - { - $current_filter = "uid=" . $uname; - } - // echo "LDAP search: {$this->dn}, {$current_filter}
"; - $query = ldap_search($this->connection, $this->dn, $current_filter); - - if ($query === false) - { - // Could not perform query to LDAP directory - echo "LDAP - search for user failed
"; - $this->makeErrorText(); // Read the error code and explanatory string - return AUTH_NOCONNECT; - } - else - { - $query_result = ldap_get_entries($this->connection, $query); - - if ($query_result["count"] != 1) - { - if ($connect_only) return AUTH_SUCCESS; - else return AUTH_NOUSER; - } - else - { - $checkDn = $query_result[0]["dn"]; - $this->close(); - $this->connect(); - } - } - } - // Try and connect... - $this->result = ldap_bind($this->connection, $checkDn, $pass); - if ($this->result) - { - // Connected OK - login credentials are fine! - // But bind can return success even if no password! Does reject an invalid password, however - if ($connect_only) return AUTH_SUCCESS; - if (trim($pass) == '') return AUTH_BADPASSWORD; // Pick up a blank password - if (count($this->copyAttribs) == 0) return AUTH_SUCCESS; // No attributes required - we're done - $ldap_attributes = array_values(array_unique($this->copyAttribs)); - if ($this->serverType == "ActiveDirectory") - { // If we are using AD then build up the full string from the fqdn - $altauth_tmp = explode('.', $this->dn); - $checkDn=''; - foreach($altauth_tmp as $$altauth_dc) - { - $checkDn .= ",DC={$altauth_dc}"; - } - // prefix with the OU - $checkDn = $this->ou . $checkDn; - } - $this->result = ldap_search($this->connection, $checkDn, $current_filter, $ldap_attributes); - if ($this->result) - { - $entries = ldap_get_entries($this->connection, $this->result); - if (count($entries) == 2) // All OK - { - for ($j = 0; $j < $entries[0]['count']; $j++) - { - $k = $entries[0][$j]; // LDAP attribute name - $tlv = $entries[0][$k]; // Array of LDAP data - if (is_array($tlv) && count($tempKeys = array_keys($this->copyAttribs,$k))) // This bit executed if we've successfully got some data. Key is the attribute name, then array of data - { - foreach ($tempKeys as $tk) // Single LDAP attribute may be mapped to several fields - { -// $newvals[$tk] = $this->translate($tlv[0]); // Just grab the first value - $newvals[$tk] = $tlv[0]; // Just grab the first value - } - } - else - { - // echo " Unexpected non-array value - Key: {$k} Value: {$tlv}
"; - $this->makeErrorText(); // Read the error code and explanatory string - return AUTH_NOCONNECT; // Not really a suitable return code for this - its an error - } - } - } - else - { - // echo "Got wrong number of entries
"; - $this->makeErrorText(); // Read the error code and explanatory string - return AUTH_NOUSER; // Bit debateable what to return if this happens - } - } - else // Probably a bit strange if we don't get any info back - but possible - { - // echo "No results!
"; - } - - return AUTH_SUCCESS; - } - else - { - /* Login failed. Return error code. - ** The common error codes and reasons are listed below : - ** (for iPlanet, other servers may differ) - ** 19 - Account locked out (too many invalid login attempts) - ** 32 - User does not exist - ** 49 - Wrong password - ** 53 - Account inactive (manually locked out by administrator) - */ - $this->makeErrorText(); // Read the error code and explanatory string - - switch ($this->ldapErrorCode) - { - case 32 : - return AUTH_NOUSER; - case 49 : - return AUTH_BADPASSWORD; - } - // return error code as if it never connected, maybe change that in the future - return AUTH_NOCONNECT; - } - } -} - -?> +copyAttribs = array(); + $this->copyMethods = array(); + $ldap = $this->altAuthGetParams('ldap'); + + foreach ($ldap as $row) + { + if ((strpos($row['auth_parmname'], 'ldap_xf_') === 0) && $ldap[$row['auth_parmname']]) // Attribute to copy on successful login + { + $this->copyAttribs[substr($row['auth_parmname'], strlen('ldap_xf_'))] = $ldap[$row['auth_parmname']]; // Key = LDAP attribute. Value = e107 field name + } + elseif ((strpos($row['auth_parmname'], 'ldap_pm_') === 0) && $ldap[$row['auth_parmname']] && ($ldap[$row['auth_parmname']] != 'none')) // Method to use to copy parameter + { // Any fields with non-null 'copy' methods + $this->copyMethods[substr($row['auth_parmname'], strlen('ldap_pm_'))] = $ldap[$row['auth_parmname']]; // Key = e107 field name. Value = copy method + } + } + $this->server = explode(',', $ldap['ldap_server']); + $this->serverType = $ldap['ldap_servertype']; + $this->dn = $ldap['ldap_basedn']; + $this->ou = $ldap['ldap_ou']; + $this->usr = $ldap['ldap_user']; + $this->pwd = $ldap['ldap_passwd']; + $this->ldapVersion = $ldap['ldap_version']; + $this->filter = (isset($ldap['ldap_edirfilter']) ? $ldap['ldap_edirfilter'] : ""); + + if (!function_exists('ldap_connect')) + { + return AUTH_NORESOURCE; + } + + if (!$this->connect()) + { + return AUTH_NOCONNECT; + } + $this->Available = TRUE; + return AUTH_SUCCESS; + } + + + /** + * Retrieve and construct error strings + */ + private function makeErrorText($extra = '') + { + $this->ldapErrorCode = ldap_errno($this->connection); + $this->ldapErrorText = ldap_error($this->connection); + $this->ErrorText = $extra . ' ' . $this->ldapErrorCode . ': ' . $this->ldapErrorText; + } + + + /** + * Connect to the LDAP server + * + * @return boolean TRUE for success, FALSE for failure + */ + public function connect() + { + foreach ($this->server as $key => $host) + { + $this->connection = ldap_connect($host); + if ($this->connection) + { + if ($this->ldapVersion == 3 || $this->serverType == "ActiveDirectory") + { + @ldap_set_option($this->connection, LDAP_OPT_PROTOCOL_VERSION, 3); + } + return true; + } + } + + $this->ldapErrorCode = -1; + $this->ldapErrorText = "Unable to connect to any server"; + $this->ErrorText = $this->ldapErrorCode . ': ' . $this->ldapErrorText; + return false; + } + + + /** + * Close the connection to the LDAP server + */ + public function close() + { + if (!@ldap_close($this->connection)) + { + $this->makeErrorText(); // Read the error code and explanatory string + return false; + } + else + { + return true; + } + } + + + /** + * Validate login credentials + * + * @param string $uname - The user name requesting access + * @param string $pass - Password to use (usually plain text) + * @param pointer &$newvals - pointer to array to accept other data read from database + * @param boolean $connect_only - TRUE to simply connect to the server + * + * @return integer result (AUTH_xxxx) + * + * On a successful login, &$newvals array is filled with the requested data from the server + */ + function login($uname, $pass, &$newvals, $connect_only = false) + { + /* Construct the full DN, eg:- + ** "uid=username, ou=People, dc=orgname,dc=com" + */ + // echo "Login to server type: {$this->serverType}
"; + $current_filter = ""; + if ($this->serverType == "ActiveDirectory") + { + $checkDn = $uname . '@' . $this->dn; + // added by Father Barry Keal + // $current_filter = "(sAMAccountName={$uname})"; for pre windows 2000 + $current_filter = "(userprincipalname={$uname}@{$this->dn})"; // for 2000 + + // end add by Father Barry Keal + } + else + { + if ($this->usr != '' && $this->pwd != '') + { + $this->result = ldap_bind($this->connection, $this->usr, $this->pwd); + } + else + { + $this->result = ldap_bind($this->connection); + } + if ($this->result === false) + { + // echo "LDAP bind failed
"; + $this->makeErrorText(); // Read the error code and explanatory string + return AUTH_NOCONNECT; + } + // In ldap_auth.php, should look like this instead for eDirectory + // $query = ldap_search($this -> connection, $this -> dn, "cn=".$uname); + if ($this->serverType == "eDirectory") + { + $current_filter = "(&(cn={$uname})" . $this->filter . ")"; + } + else + { + $current_filter = "uid=" . $uname; + } + // echo "LDAP search: {$this->dn}, {$current_filter}
"; + $query = ldap_search($this->connection, $this->dn, $current_filter); + + if ($query === false) + { + // Could not perform query to LDAP directory + echo "LDAP - search for user failed
"; + $this->makeErrorText(); // Read the error code and explanatory string + return AUTH_NOCONNECT; + } + else + { + $query_result = ldap_get_entries($this->connection, $query); + + if ($query_result["count"] != 1) + { + if ($connect_only) return AUTH_SUCCESS; + else return AUTH_NOUSER; + } + else + { + $checkDn = $query_result[0]["dn"]; + $this->close(); + $this->connect(); + } + } + } + // Try and connect... + $this->result = ldap_bind($this->connection, $checkDn, $pass); + if ($this->result) + { + // Connected OK - login credentials are fine! + // But bind can return success even if no password! Does reject an invalid password, however + if ($connect_only) return AUTH_SUCCESS; + if (trim($pass) == '') return AUTH_BADPASSWORD; // Pick up a blank password + if (count($this->copyAttribs) == 0) return AUTH_SUCCESS; // No attributes required - we're done + $ldap_attributes = array_values(array_unique($this->copyAttribs)); + if ($this->serverType == "ActiveDirectory") + { // If we are using AD then build up the full string from the fqdn + $altauth_tmp = explode('.', $this->dn); + $checkDn=''; + foreach($altauth_tmp as $$altauth_dc) + { + $checkDn .= ",DC={$altauth_dc}"; + } + // prefix with the OU + $checkDn = $this->ou . $checkDn; + } + $this->result = ldap_search($this->connection, $checkDn, $current_filter, $ldap_attributes); + if ($this->result) + { + $entries = ldap_get_entries($this->connection, $this->result); + if (count($entries) == 2) // All OK + { + for ($j = 0; $j < $entries[0]['count']; $j++) + { + $k = $entries[0][$j]; // LDAP attribute name + $tlv = $entries[0][$k]; // Array of LDAP data + if (is_array($tlv) && count($tempKeys = array_keys($this->copyAttribs,$k))) // This bit executed if we've successfully got some data. Key is the attribute name, then array of data + { + foreach ($tempKeys as $tk) // Single LDAP attribute may be mapped to several fields + { +// $newvals[$tk] = $this->translate($tlv[0]); // Just grab the first value + $newvals[$tk] = $tlv[0]; // Just grab the first value + } + } + else + { + // echo " Unexpected non-array value - Key: {$k} Value: {$tlv}
"; + $this->makeErrorText(); // Read the error code and explanatory string + return AUTH_NOCONNECT; // Not really a suitable return code for this - its an error + } + } + } + else + { + // echo "Got wrong number of entries
"; + $this->makeErrorText(); // Read the error code and explanatory string + return AUTH_NOUSER; // Bit debateable what to return if this happens + } + } + else // Probably a bit strange if we don't get any info back - but possible + { + // echo "No results!
"; + } + + return AUTH_SUCCESS; + } + else + { + /* Login failed. Return error code. + ** The common error codes and reasons are listed below : + ** (for iPlanet, other servers may differ) + ** 19 - Account locked out (too many invalid login attempts) + ** 32 - User does not exist + ** 49 - Wrong password + ** 53 - Account inactive (manually locked out by administrator) + */ + $this->makeErrorText(); // Read the error code and explanatory string + + switch ($this->ldapErrorCode) + { + case 32 : + return AUTH_NOUSER; + case 49 : + return AUTH_BADPASSWORD; + } + // return error code as if it never connected, maybe change that in the future + return AUTH_NOCONNECT; + } + } +} + +?> diff --git a/e107_plugins/alt_auth/ldap_conf.php b/e107_plugins/alt_auth/ldap_conf.php index 849dfe566..2dbd4dd63 100755 --- a/e107_plugins/alt_auth/ldap_conf.php +++ b/e107_plugins/alt_auth/ldap_conf.php @@ -31,17 +31,104 @@ require_once(e_PLUGIN.'alt_auth/alt_auth_adminmenu.php'); $mes = e107::getMessage(); -$server_types[1] = 'LDAP'; -$server_types[2] = 'ActiveDirectory'; -$server_types[3] = 'eDirectory'; -$ldap_ver[1]='2'; -$ldap_ver[2]='3'; +class alt_auth_ldap extends alt_auth_admin +{ + + public function __construct() + { + } + + + public function showForm($mes) + { + $server_types[1] = 'LDAP'; + $server_types[2] = 'ActiveDirectory'; + $server_types[3] = 'eDirectory'; + + $ldap_ver[1]='2'; + $ldap_ver[2]='3'; + + + $ldap = $this->altAuthGetParams('ldap'); + if (!isset($ldap['ldap_edirfilter'])) $ldap['ldap_edirfilter'] == ''; + //print_a($ldap); + + $current_filter = "(&(cn=[USERNAME]){$ldap['ldap_edirfilter']})"; + + $frm = new form; + $text = $frm -> form_open('post',e_SELF); + $text .= ""; + $text .= ""; + + $text .= ""; + $text .= ""; + $text .= ""; + + $text .= ""; + + $text .= ""; + + $text .= ""; + + $text .= ""; + + $text .= ""; + + $this->add_extended_fields(); + $text .= $this->alt_auth_get_field_list('ldap',$frm, $ldap, FALSE); + + $text .= ""; + + $text .= "
".LDAPLAN_12.""; + $text .= $frm -> form_select_open("ldap_servertype"); + foreach($server_types as $v) + { + $sel = (vartrue($ldap['ldap_servertype']) == $v) ? " Selected='selected'" : ''; + $text .= $frm -> form_option($v, $sel, $v); + } + $text .= $frm -> form_select_close(); + $text .= "
".LDAPLAN_1.""; + $text .= $frm -> form_text("ldap_server", 35, vartrue($ldap['ldap_server']), 120); + $text .= "
".LDAPLAN_2.""; + $text .= $frm -> form_text("ldap_basedn", 35, vartrue($ldap['ldap_basedn']), 120); + $text .= "
".LDAPLAN_14.""; + $text .= $frm -> form_text("ldap_ou", 35, vartrue($ldap['ldap_ou']), 60); + $text .= "
".LDAPLAN_3.""; + $text .= $frm -> form_text("ldap_user", 35, vartrue($ldap['ldap_user']), 120); + $text .= "
".LDAPLAN_4.""; + $text .= $frm -> form_text("ldap_passwd", 35, vartrue($ldap['ldap_passwd']), 120); + $text .= "
".LDAPLAN_5.""; + $text .= $frm -> form_select_open("ldap_version"); + + foreach($ldap_ver as $v) + { + $sel = ($ldap['ldap_version'] == $v) ? " Selected='selected'" : ""; + $text .= $frm -> form_option($v, $sel, $v); + } + + $text .= $frm -> form_select_close(); + $text .= "
".LDAPLAN_7."
".LDAPLAN_8."		"; + $text .= $frm -> form_text('ldap_edirfilter', 35, $ldap['ldap_edirfilter'], 120); + $text .= "
".LDAPLAN_9."
".htmlentities($current_filter)."
".LAN_ALT_27."
"; + + $text .= e107::getForm()->admin_button("update", LAN_UPDATE,'update'); + //$text .= $frm -> form_button('submit', 'update', LDAPLAN_13); + $text .= "
\n"; + $text .= $frm -> form_close(); + + e107::getRender()->tablerender(LDAPLAN_6, $mes->render(). $text); + e107::getRender()->tablerender(LAN_ALT_40.LAN_ALT_41, $this->alt_auth_test_form('ldap',$frm)); + } +} + + +$ldapAdmin = new alt_auth_ldap(); $message = ''; if(vartrue($_POST['update'])) { - $message .= alt_auth_post_options('ldap'); + $message .= $ldapAdmin->alt_auth_post_options('ldap'); } @@ -57,76 +144,8 @@ if($message) e107::getRender()->tablerender('',"
".$message.'
'); } +$ldapAdmin->showForm($mes); -$ldap = altAuthGetParams('ldap'); -if (!isset($ldap['ldap_edirfilter'])) $ldap['ldap_edirfilter'] == ''; -//print_a($ldap); - -$current_filter = "(&(cn=[USERNAME]){$ldap['ldap_edirfilter']})"; - -$frm = new form; -$text = $frm -> form_open('post',e_SELF); -$text .= ""; -$text .= ""; - -$text .= ""; -$text .= ""; -$text .= ""; - -$text .= ""; - -$text .= ""; - -$text .= ""; - -$text .= ""; - - $text .= ""; - - add_extended_fields(); - $text .= alt_auth_get_field_list('ldap',$frm, $ldap, FALSE); - -$text .= ""; - -$text .= "
".LDAPLAN_12.""; -$text .= $frm -> form_select_open("ldap_servertype"); -foreach($server_types as $v) -{ - $sel = (vartrue($ldap['ldap_servertype']) == $v) ? " Selected='selected'" : ''; - $text .= $frm -> form_option($v, $sel, $v); -} -$text .= $frm -> form_select_close(); -$text .= "
".LDAPLAN_1.""; -$text .= $frm -> form_text("ldap_server", 35, vartrue($ldap['ldap_server']), 120); -$text .= "
".LDAPLAN_2.""; -$text .= $frm -> form_text("ldap_basedn", 35, vartrue($ldap['ldap_basedn']), 120); -$text .= "
".LDAPLAN_14.""; -$text .= $frm -> form_text("ldap_ou", 35, vartrue($ldap['ldap_ou']), 60); -$text .= "
".LDAPLAN_3.""; -$text .= $frm -> form_text("ldap_user", 35, vartrue($ldap['ldap_user']), 120); -$text .= "
".LDAPLAN_4.""; -$text .= $frm -> form_text("ldap_passwd", 35, vartrue($ldap['ldap_passwd']), 120); -$text .= "
".LDAPLAN_5.""; -$text .= $frm -> form_select_open("ldap_version"); - -foreach($ldap_ver as $v) -{ - $sel = ($ldap['ldap_version'] == $v) ? " Selected='selected'" : ""; - $text .= $frm -> form_option($v, $sel, $v); -} - -$text .= $frm -> form_select_close(); -$text .= "
".LDAPLAN_7."
".LDAPLAN_8."		"; -$text .= $frm -> form_text('ldap_edirfilter', 35, $ldap['ldap_edirfilter'], 120); -$text .= "
".LDAPLAN_9."
".htmlentities($current_filter)."
".LAN_ALT_27."
"; - -$text .= e107::getForm()->admin_button("update", LAN_UPDATE,'update'); -//$text .= $frm -> form_button('submit', 'update', LDAPLAN_13); -$text .= "
\n"; -$text .= $frm -> form_close(); - -e107::getRender()->tablerender(LDAPLAN_6, $mes->render(). $text); -e107::getRender()->tablerender(LAN_ALT_40.LAN_ALT_41,alt_auth_test_form('ldap',$frm)); require_once(e_ADMIN.'footer.php'); diff --git a/e107_plugins/alt_auth/otherdb_auth.php b/e107_plugins/alt_auth/otherdb_auth.php index c91563cea..344b6c83d 100644 --- a/e107_plugins/alt_auth/otherdb_auth.php +++ b/e107_plugins/alt_auth/otherdb_auth.php @@ -1,166 +1,166 @@ -ErrorText = ''; - $this->conf = altAuthGetParams('otherdb'); - $this->Available = TRUE; - } - - - - /** - * Retrieve and construct error strings - * - * @todo - test whether reconnect to DB is required (shouldn't be) - */ - private function makeErrorText($extra = '') - { - $this->ErrorText = $extra; - //global $mySQLserver, $mySQLuser, $mySQLpassword, $mySQLdefaultdb, $sql; - //$sql->db_Connect($mySQLserver, $mySQLuser, $mySQLpassword, $mySQLdefaultdb); - } - - - - /** - * Validate login credentials - * - * @param string $uname - The user name requesting access - * @param string $pass - Password to use (usually plain text) - * @param pointer &$newvals - pointer to array to accept other data read from database - * @param boolean $connect_only - TRUE to simply connect to the database - * - * @return integer result (AUTH_xxxx) - * - * On a successful login, &$newvals array is filled with the requested data from the server - */ - public function login($uname, $pword, &$newvals, $connect_only = FALSE) - { - //Attempt to open connection to sql database - if(!$res = mysql_connect($this->conf['otherdb_server'], $this->conf['otherdb_username'], $this->conf['otherdb_password'])) - { - $this->makeErrorText('Cannot connect to remote server'); - return AUTH_NOCONNECT; - } - //Select correct db - if(!mysql_select_db($this->conf['otherdb_database'], $res)) - { - mysql_close($res); - $this->makeErrorText('Cannot connect to remote DB'); - return AUTH_NOCONNECT; - } - if ($connect_only) return AUTH_SUCCESS; // Test mode may just want to connect to the DB - $sel_fields = array(); - // Make an array of the fields we want from the source DB - foreach($this->conf as $k => $v) - { - if ($v && (strpos($k,'otherdb_xf_') === 0)) - { - $sel_fields[] = $v; - } - } - $sel_fields[] = $this->conf['otherdb_password_field']; - $user_field = $this->conf['otherdb_user_field']; - if (isset($this->conf['otherdb_salt_field'])) - { - $sel_fields[] = $this->conf['otherdb_salt_field']; - } - - - //Get record containing supplied login name - $qry = "SELECT ".implode(',',$sel_fields)." FROM {$this->conf['otherdb_table']} WHERE {$user_field} = '{$uname}'"; -// echo "Query: {$qry}
"; - if(!$r1 = mysql_query($qry)) - { - mysql_close($res); - $this->makeErrorText('Lookup query failed'); - return AUTH_NOCONNECT; - } - if(!$row = mysql_fetch_array($r1)) - { - mysql_close($res); - $this->makeErrorText('User not found'); - return AUTH_NOUSER; - } - - mysql_close($res); // Finished with 'foreign' DB now - - // Got something from the DB - see whether password valid - require_once(e_PLUGIN.'alt_auth/extended_password_handler.php'); // This auto-loads the 'standard' password handler as well - $pass_check = new ExtendedPasswordHandler(); - - $passMethod = $pass_check->passwordMapping($this->conf['otherdb_password_method']); - if ($passMethod === FALSE) - { - $this->makeErrorText('Password error - invalid method'); - return AUTH_BADPASSWORD; - } - - $pwFromDB = $row[$this->conf['otherdb_password_field']]; // Password stored in DB - if ($salt_field) $pwFromDB .= ':'.$row[$salt_field]; - - if ($pass_check->checkPassword($pword, $uname, $pwFromDB, $passMethod) !== PASSWORD_VALID) - { - $this->makeErrorText('Password incorrect'); - return AUTH_BADPASSWORD; - } - // Now copy across any values we have selected - foreach($this->conf as $k => $v) - { - if ($v && (strpos($k,'otherdb_xf_') === 0) && isset($row[$v])) - { - $newvals[substr($k,strlen('otherdb_xf_'))] = $row[$v]; - } - } - - $this->makeErrorText(''); // Success - just reconnect to E107 DB if needed - return AUTH_SUCCESS; - } -} - +ErrorText = ''; + $this->conf = $this->altAuthGetParams('otherdb'); + $this->Available = TRUE; + } + + + + /** + * Retrieve and construct error strings + * + * @todo - test whether reconnect to DB is required (shouldn't be) + */ + private function makeErrorText($extra = '') + { + $this->ErrorText = $extra; + //global $mySQLserver, $mySQLuser, $mySQLpassword, $mySQLdefaultdb, $sql; + //$sql->db_Connect($mySQLserver, $mySQLuser, $mySQLpassword, $mySQLdefaultdb); + } + + + + /** + * Validate login credentials + * + * @param string $uname - The user name requesting access + * @param string $pass - Password to use (usually plain text) + * @param pointer &$newvals - pointer to array to accept other data read from database + * @param boolean $connect_only - TRUE to simply connect to the database + * + * @return integer result (AUTH_xxxx) + * + * On a successful login, &$newvals array is filled with the requested data from the server + */ + public function login($uname, $pword, &$newvals, $connect_only = FALSE) + { + //Attempt to open connection to sql database + if(!$res = mysql_connect($this->conf['otherdb_server'], $this->conf['otherdb_username'], $this->conf['otherdb_password'])) + { + $this->makeErrorText('Cannot connect to remote server'); + return AUTH_NOCONNECT; + } + //Select correct db + if(!mysql_select_db($this->conf['otherdb_database'], $res)) + { + mysql_close($res); + $this->makeErrorText('Cannot connect to remote DB'); + return AUTH_NOCONNECT; + } + if ($connect_only) return AUTH_SUCCESS; // Test mode may just want to connect to the DB + $sel_fields = array(); + // Make an array of the fields we want from the source DB + foreach($this->conf as $k => $v) + { + if ($v && (strpos($k,'otherdb_xf_') === 0)) + { + $sel_fields[] = $v; + } + } + $sel_fields[] = $this->conf['otherdb_password_field']; + $user_field = $this->conf['otherdb_user_field']; + if (isset($this->conf['otherdb_salt_field'])) + { + $sel_fields[] = $this->conf['otherdb_salt_field']; + } + + + //Get record containing supplied login name + $qry = "SELECT ".implode(',',$sel_fields)." FROM {$this->conf['otherdb_table']} WHERE {$user_field} = '{$uname}'"; +// echo "Query: {$qry}
"; + if(!$r1 = mysql_query($qry)) + { + mysql_close($res); + $this->makeErrorText('Lookup query failed'); + return AUTH_NOCONNECT; + } + if(!$row = mysql_fetch_array($r1)) + { + mysql_close($res); + $this->makeErrorText('User not found'); + return AUTH_NOUSER; + } + + mysql_close($res); // Finished with 'foreign' DB now + + // Got something from the DB - see whether password valid + require_once(e_PLUGIN.'alt_auth/extended_password_handler.php'); // This auto-loads the 'standard' password handler as well + $pass_check = new ExtendedPasswordHandler(); + + $passMethod = $pass_check->passwordMapping($this->conf['otherdb_password_method']); + if ($passMethod === FALSE) + { + $this->makeErrorText('Password error - invalid method'); + return AUTH_BADPASSWORD; + } + + $pwFromDB = $row[$this->conf['otherdb_password_field']]; // Password stored in DB + if ($salt_field) $pwFromDB .= ':'.$row[$salt_field]; + + if ($pass_check->checkPassword($pword, $uname, $pwFromDB, $passMethod) !== PASSWORD_VALID) + { + $this->makeErrorText('Password incorrect'); + return AUTH_BADPASSWORD; + } + // Now copy across any values we have selected + foreach($this->conf as $k => $v) + { + if ($v && (strpos($k,'otherdb_xf_') === 0) && isset($row[$v])) + { + $newvals[substr($k,strlen('otherdb_xf_'))] = $row[$v]; + } + } + + $this->makeErrorText(''); // Success - just reconnect to E107 DB if needed + return AUTH_SUCCESS; + } +} + ?> \ No newline at end of file diff --git a/e107_plugins/alt_auth/otherdb_conf.php b/e107_plugins/alt_auth/otherdb_conf.php index c51a17931..50738ee38 100644 --- a/e107_plugins/alt_auth/otherdb_conf.php +++ b/e107_plugins/alt_auth/otherdb_conf.php @@ -31,9 +31,62 @@ require_once(e_PLUGIN.'alt_auth/alt_auth_adminmenu.php'); require_once(e_PLUGIN.'alt_auth/extended_password_handler.php'); + + +class alt_auth_otherdb extends alt_auth_admin +{ + + public function __construct() + { + } + + + + + public function showForm() + { + $ns = e107::getRender(); + + $parm = $this->altAuthGetParams('otherdb'); + + $frm = new form; + $text = $frm -> form_open("post", e_SELF); + $text .= ""; + + $text .= ""; + + $text .= $this->alt_auth_get_db_fields('otherdb', $frm, $parm, 'server|uname|pwd|db|table|ufield|pwfield|salt'); + $text .= ""; + + $text .= ""; + + $text .= $this->alt_auth_get_field_list('otherdb',$frm, $parm, FALSE); + + $text .= "'; + + $text .= '
".LAN_ALT_26.""; + $text .= OTHERDB_LAN_15; + $text .= "
".OTHERDB_LAN_9.""; + + $text .= $this->altAuthGetPasswordSelector('otherdb_password_method', $frm, $parm['otherdb_password_method'], TRUE); + + $text .= "
".LAN_ALT_27."
"; + $text .= e107::getForm()->admin_button("update", LAN_UPDATE,'update'); + $text .= '
'; + $text .= $frm -> form_close(); + + $ns -> tablerender(OTHERDB_LAN_10, $text); + + $ns->tablerender(LAN_ALT_40.LAN_ALT_41, $this->alt_auth_test_form('otherdb',$frm)); + } +} + + +$otherdbAdmin = new alt_auth_otherdb(); + if(vartrue($_POST['update'])) { - $message = alt_auth_post_options('otherdb'); + $message = $otherdbAdmin->alt_auth_post_options('otherdb'); } @@ -43,45 +96,8 @@ if(vartrue($message)) } +$otherdbAdmin->showForm($mes); -show_otherdb_form(); - -function show_otherdb_form() -{ - $ns = e107::getRender(); - - $parm = altAuthGetParams('otherdb'); - - $frm = new form; - $text = $frm -> form_open("post", e_SELF); - $text .= ""; - - $text .= ""; - - $text .= alt_auth_get_db_fields('otherdb', $frm, $parm, 'server|uname|pwd|db|table|ufield|pwfield|salt'); - $text .= ""; - - $text .= ""; - - $text .= alt_auth_get_field_list('otherdb',$frm, $parm, FALSE); - - $text .= "'; - - $text .= '
".LAN_ALT_26.""; - $text .= OTHERDB_LAN_15; - $text .= "
".OTHERDB_LAN_9.""; - - $text .= altAuthGetPasswordSelector('otherdb_password_method', $frm, $parm['otherdb_password_method'], TRUE); - - $text .= "
".LAN_ALT_27."
"; - $text .= e107::getForm()->admin_button("update", LAN_UPDATE,'update'); - $text .= '
'; - $text .= $frm -> form_close(); - - $ns -> tablerender(OTHERDB_LAN_10, $text); - - $ns->tablerender(LAN_ALT_40.LAN_ALT_41,alt_auth_test_form('otherdb',$frm)); -} require_once(e_ADMIN.'footer.php'); diff --git a/e107_plugins/alt_auth/radius_auth.php b/e107_plugins/alt_auth/radius_auth.php index 5a1cf0ce5..21623eb25 100644 --- a/e107_plugins/alt_auth/radius_auth.php +++ b/e107_plugins/alt_auth/radius_auth.php @@ -1,250 +1,250 @@ -copyAttribs = array(); - $radius = altAuthGetParams('radius'); - - $this->server = explode(',',$radius['radius_server']); - $this->port = 1812; // Assume fixed port number for now - 1812 (UDP) is listed for servers, 1645 for authentification. (1646, 1813 for accounting) - // (A Microsoft app note says 1812 is the RFC2026-compliant port number. (http://support.microsoft.com/kb/230786) -// $this->port = 1645; - $this->secret = explode(',',$radius['radius_secret']); - if ((count($this->server) > 1) && (count($this->secret) == 1)) - { - $this->secret = array(); - foreach ($this->server as $k => $v) - { - $this->secret[$k] = $radius['radius_secret']; // Same secret for all servers, if only one entered - } - } - $this->ErrorText = ''; - if(!function_exists('radius_auth_open')) - { - return AUTH_NORESOURCE; - } - - if(!$this -> connect()) - { - return AUTH_NOCONNECT; - } - $this->Available = TRUE; - return AUTH_SUCCESS; - } - - - - /** - * Retrieve and construct error strings - */ - function makeErrorText($extra = '') - { - $this->ErrorText = $extra.radius_strerror($this->connection) ; - if (!RADIUS_DEBUG) return; - $text = "
Server: {$this->server} Stored secret: ".radius_server_secret($this->connection)." Port: {$this->port}"; - $this->ErrorText .= $text; - } - - - - /** - * Try to connect to a radius server - * - * @return boolean TRUE for success, FALSE for failure - */ - function connect() - { - if (!($this->connection = radius_auth_open())) - { - $this->makeErrorText('RADIUS open failed: ') ; - return FALSE; - } - foreach ($this->server as $k => $s) - { - if (!radius_add_server($this->connection, $s, $this->port, $this->secret[$k], 15, 1)) // fixed 15 second timeout, one try ATM - { - $this->makeErrorText('RADIUS add server failed: ') ; - return FALSE; - } - } - return TRUE; - } - - - - /** - * Close the connection to the Radius server - */ - function close() - { - if ( !radius_close( $this->connection)) // (Not strictly necessary, but tidy) - { - $this->makeErrorText('RADIUS close error: ') ; - return false; - } - else - { - return true; - } - } - - - - /** - * Validate login credentials - * - * @param string $uname - The user name requesting access - * @param string $pass - Password to use (usually plain text) - * @param pointer &$newvals - pointer to array to accept other data read from database - * @param boolean $connect_only - TRUE to simply connect to the server - * - * @return integer result (AUTH_xxxx) - * - * On a successful login, &$newvals array is filled with the requested data from the server - */ - function login($uname, $pass, &$newvals, $connect_only = FALSE) - { - // Create authentification request - if (!radius_create_request($this->connection,RADIUS_ACCESS_REQUEST)) - { - $this->makeErrorText('RADIUS failed authentification request: ') ; - return AUTH_NOCONNECT; - } - - if (trim($pass) == '') return AUTH_BADPASSWORD; // Pick up a blank password - always expect one - - // Attach username and password - if (!radius_put_attr($this->connection,RADIUS_USER_NAME,$uname) - || !radius_put_attr($this->connection,RADIUS_USER_PASSWORD,$pass)) - { - $this->makeErrorText('RADIUS could not attach username/password: ') ; - return AUTH_NOCONNECT; - } - - // Finally, send request to server - switch (radius_send_request($this->connection)) - { - case RADIUS_ACCESS_ACCEPT : // Valid username/password - break; - case RADIUS_ACCESS_CHALLENGE : // CHAP response required - not currently implemented - $this->makeErrorText('CHAP not supported'); - return AUTH_NOUSER; - case RADIUS_ACCESS_REJECT : // Specifically rejected - default: // Catch-all - $this->makeErrorText('RADIUS validation error: ') ; - return AUTH_NOUSER; - } - -// User accepted here. - - if ($connect_only) return AUTH_SUCCESS; - return AUTH_SUCCESS; // Not interested in any attributes returned ATM, so done. - - - - // See if we get any attributes - not really any use to us unless we implement CHAP, so disabled ATM - $attribs = array(); - while ($resa = radius_get_attr($this->connection)) - { - if (!is_array($resa)) - { - $this->makeErrorText("Error getting attribute: "); - exit; - } -// Decode attribute according to type (this isn't an exhaustive list) -// Codes: 2, 3, 4, 5, 30, 31, 32, 60, 61 should never be received by us -// Codes 17, 21 not assigned - switch ($resa['attr']) - { - case 8 : // IP address to be set (255.255.255.254 indicates 'allocate your own address') - case 9 : // Subnet mask - case 14 : // Login-IP host - $attribs[$resa['attr']] = radius_cvt_addr($resa['data']); - break; - case 6 : // Service type (integer bitmap) - case 7 : // Protocol (integer bitmap) - case 10 : // Routing method (integer) - case 12 : // Framed MTU - case 13 : // Compression method - case 15 : // Login service (bitmap) - case 16 : // Login TCP port - case 23 : // Framed IPX network (0xFFFFFFFE indicates 'allocate your own') - case 27 : // Session timeout - maximum connection/login time in seconds - case 28 : // Idle timeout in seconds - case 29 : // Termination action - case 37 : // AppleTalk link number - case 38 : // AppleTalk network - case 62 : // Max ports - case 63 : // Login LAT port - $attribs[$resa['attr']] = radius_cvt_int($resa['data']); - break; - case 1 : // User name - case 11 : // Filter ID - could get several of these - case 18 : // Reply message (text, various purposes) - case 19 : // Callback number - case 20 : // Callback ID - case 22 : // Framed route - could get several of these - case 24 : // State - used in CHAP - case 25 : // Class - case 26 : // Vendor-specific - case 33 : // Proxy State - case 34 : // Login LAT service - case 35 : // Login LAT node - case 36 : // Login LAT group - case 39 : // AppleTalk zone - default : - $attribs[$resa['attr']] = radius_cvt_string($resa['data']); // Default to string type - } - printf("Got Attr: %d => %d Bytes %s\n", $resa['attr'], strlen($attribs[$resa['attr']]), $attribs[$resa['attr']]); - } - - return AUTH_SUCCESS; - } -} -?> +copyAttribs = array(); + $radius = $this->altAuthGetParams('radius'); + + $this->server = explode(',',$radius['radius_server']); + $this->port = 1812; // Assume fixed port number for now - 1812 (UDP) is listed for servers, 1645 for authentification. (1646, 1813 for accounting) + // (A Microsoft app note says 1812 is the RFC2026-compliant port number. (http://support.microsoft.com/kb/230786) +// $this->port = 1645; + $this->secret = explode(',',$radius['radius_secret']); + if ((count($this->server) > 1) && (count($this->secret) == 1)) + { + $this->secret = array(); + foreach ($this->server as $k => $v) + { + $this->secret[$k] = $radius['radius_secret']; // Same secret for all servers, if only one entered + } + } + $this->ErrorText = ''; + if(!function_exists('radius_auth_open')) + { + return AUTH_NORESOURCE; + } + + if(!$this -> connect()) + { + return AUTH_NOCONNECT; + } + $this->Available = TRUE; + return AUTH_SUCCESS; + } + + + + /** + * Retrieve and construct error strings + */ + function makeErrorText($extra = '') + { + $this->ErrorText = $extra.radius_strerror($this->connection) ; + if (!RADIUS_DEBUG) return; + $text = "
Server: {$this->server} Stored secret: ".radius_server_secret($this->connection)." Port: {$this->port}"; + $this->ErrorText .= $text; + } + + + + /** + * Try to connect to a radius server + * + * @return boolean TRUE for success, FALSE for failure + */ + function connect() + { + if (!($this->connection = radius_auth_open())) + { + $this->makeErrorText('RADIUS open failed: ') ; + return FALSE; + } + foreach ($this->server as $k => $s) + { + if (!radius_add_server($this->connection, $s, $this->port, $this->secret[$k], 15, 1)) // fixed 15 second timeout, one try ATM + { + $this->makeErrorText('RADIUS add server failed: ') ; + return FALSE; + } + } + return TRUE; + } + + + + /** + * Close the connection to the Radius server + */ + function close() + { + if ( !radius_close( $this->connection)) // (Not strictly necessary, but tidy) + { + $this->makeErrorText('RADIUS close error: ') ; + return false; + } + else + { + return true; + } + } + + + + /** + * Validate login credentials + * + * @param string $uname - The user name requesting access + * @param string $pass - Password to use (usually plain text) + * @param pointer &$newvals - pointer to array to accept other data read from database + * @param boolean $connect_only - TRUE to simply connect to the server + * + * @return integer result (AUTH_xxxx) + * + * On a successful login, &$newvals array is filled with the requested data from the server + */ + function login($uname, $pass, &$newvals, $connect_only = FALSE) + { + // Create authentification request + if (!radius_create_request($this->connection,RADIUS_ACCESS_REQUEST)) + { + $this->makeErrorText('RADIUS failed authentification request: ') ; + return AUTH_NOCONNECT; + } + + if (trim($pass) == '') return AUTH_BADPASSWORD; // Pick up a blank password - always expect one + + // Attach username and password + if (!radius_put_attr($this->connection,RADIUS_USER_NAME,$uname) + || !radius_put_attr($this->connection,RADIUS_USER_PASSWORD,$pass)) + { + $this->makeErrorText('RADIUS could not attach username/password: ') ; + return AUTH_NOCONNECT; + } + + // Finally, send request to server + switch (radius_send_request($this->connection)) + { + case RADIUS_ACCESS_ACCEPT : // Valid username/password + break; + case RADIUS_ACCESS_CHALLENGE : // CHAP response required - not currently implemented + $this->makeErrorText('CHAP not supported'); + return AUTH_NOUSER; + case RADIUS_ACCESS_REJECT : // Specifically rejected + default: // Catch-all + $this->makeErrorText('RADIUS validation error: ') ; + return AUTH_NOUSER; + } + +// User accepted here. + + if ($connect_only) return AUTH_SUCCESS; + return AUTH_SUCCESS; // Not interested in any attributes returned ATM, so done. + + + + // See if we get any attributes - not really any use to us unless we implement CHAP, so disabled ATM + $attribs = array(); + while ($resa = radius_get_attr($this->connection)) + { + if (!is_array($resa)) + { + $this->makeErrorText("Error getting attribute: "); + exit; + } +// Decode attribute according to type (this isn't an exhaustive list) +// Codes: 2, 3, 4, 5, 30, 31, 32, 60, 61 should never be received by us +// Codes 17, 21 not assigned + switch ($resa['attr']) + { + case 8 : // IP address to be set (255.255.255.254 indicates 'allocate your own address') + case 9 : // Subnet mask + case 14 : // Login-IP host + $attribs[$resa['attr']] = radius_cvt_addr($resa['data']); + break; + case 6 : // Service type (integer bitmap) + case 7 : // Protocol (integer bitmap) + case 10 : // Routing method (integer) + case 12 : // Framed MTU + case 13 : // Compression method + case 15 : // Login service (bitmap) + case 16 : // Login TCP port + case 23 : // Framed IPX network (0xFFFFFFFE indicates 'allocate your own') + case 27 : // Session timeout - maximum connection/login time in seconds + case 28 : // Idle timeout in seconds + case 29 : // Termination action + case 37 : // AppleTalk link number + case 38 : // AppleTalk network + case 62 : // Max ports + case 63 : // Login LAT port + $attribs[$resa['attr']] = radius_cvt_int($resa['data']); + break; + case 1 : // User name + case 11 : // Filter ID - could get several of these + case 18 : // Reply message (text, various purposes) + case 19 : // Callback number + case 20 : // Callback ID + case 22 : // Framed route - could get several of these + case 24 : // State - used in CHAP + case 25 : // Class + case 26 : // Vendor-specific + case 33 : // Proxy State + case 34 : // Login LAT service + case 35 : // Login LAT node + case 36 : // Login LAT group + case 39 : // AppleTalk zone + default : + $attribs[$resa['attr']] = radius_cvt_string($resa['data']); // Default to string type + } + printf("Got Attr: %d => %d Bytes %s\n", $resa['attr'], strlen($attribs[$resa['attr']]), $attribs[$resa['attr']]); + } + + return AUTH_SUCCESS; + } +} +?> diff --git a/e107_plugins/alt_auth/radius_conf.php b/e107_plugins/alt_auth/radius_conf.php index abcb8b143..5cb57fabb 100644 --- a/e107_plugins/alt_auth/radius_conf.php +++ b/e107_plugins/alt_auth/radius_conf.php @@ -3,7 +3,7 @@ + ----------------------------------------------------------------------------+ | e107 website system | -| Copyright (C) 2008-2009 e107 Inc (e107.org) +| Copyright (C) 2008-2013 e107 Inc (e107.org) | http://e107.org | | @@ -26,11 +26,64 @@ define("ALT_AUTH_ACTION", "radius"); require_once(e_PLUGIN."alt_auth/alt_auth_adminmenu.php"); $mes = e107::getMessage(); + + +class alt_auth_radius extends alt_auth_admin +{ + private $radius; + + public function __construct() + { + } + + + public function readOptions() + { + $this->radius = $this->altAuthGetParams('radius'); + } + + + public function showForm($mes) + { + $ns = e107::getRender(); + $frm = new form; + $text = $frm->form_open('post',e_SELF); + $text .= ""; + $text .= "\n"; + + $text .= "\n"; + + $tmp = $this->alt_auth_get_field_list('radius', $frm, $this->radius, FALSE); + if ($tmp) + { + $text .= "\n".$tmp; + unset($tmp); + } + + $text .= "\n"; + + $text .= "
".LAN_RADIUS_01.""; + $text .= $frm->form_text('radius_server', 35, vartrue($this->radius['radius_server']), 120); + $text .= "
".LAN_RADIUS_02.""; + $text .= $frm->form_text('radius_secret', 35, vartrue($this->radius['radius_secret']), 200); + $text .= "
".LAN_ALT_27."
"; + // $text .= $frm -> form_button("submit", "update", LAN_ALT_2); + $text .= e107::getForm()->admin_button('update', LAN_UPDATE,'update'); + $text .= "
\n"; + $text .= $frm->form_close(); + $ns->tablerender(LAN_RADIUS_06, $mes->render().$text); + $ns->tablerender(LAN_ALT_40.LAN_ALT_41, $this->alt_auth_test_form('radius',$frm)); + } +} + + $message = ''; +$radiusAdmin = new alt_auth_radius(); + if(vartrue($_POST['update'])) { // $message .= alt_auth_post_options('radius'); - $mes->addSuccess(alt_auth_post_options('radius')); + $mes->addSuccess($radiusAdmin->alt_auth_post_options('radius')); } @@ -43,47 +96,15 @@ if (!extension_loaded('radius')) if($message) { - $ns->tablerender("","
".$message."
"); + $ns->tablerender('',"
".$message."
"); } - -$sql -> db_Select("alt_auth", "*", "auth_type = 'radius' "); -while($row = $sql->db_Fetch()) -{ - $radius[$row['auth_parmname']] = base64_decode(base64_decode($row['auth_parmval'])); // Encoding is new for 0.8 -} +$radiusAdmin->readOptions(); +$radiusAdmin->showForm($mes); -$frm = new form; -$text = $frm -> form_open("post",e_SELF); -$text .= ""; -$text .= ""; -$text .= ""; - -$tmp = alt_auth_get_field_list('radius',$frm, vartrue($ldap), FALSE); -if ($tmp) -{ - $text .= "".$tmp; - unset($tmp); -} - -$text .= ""; - -$text .= "
".LAN_RADIUS_01.""; -$text .= $frm -> form_text("radius_server", 35, vartrue($radius['radius_server']), 120); -$text .= "
".LAN_RADIUS_02.""; -$text .= $frm -> form_text('radius_secret', 35, vartrue($radius['radius_secret']), 200); -$text .= "
".LAN_ALT_27."
"; -// $text .= $frm -> form_button("submit", "update", LAN_ALT_2); -$text .= e107::getForm()->admin_button("update", LAN_UPDATE,'update'); -$text .= "
"; -$text .= $frm -> form_close(); - -$ns -> tablerender(LAN_RADIUS_06, $mes->render() . $text); -$ns->tablerender(LAN_ALT_40.LAN_ALT_41,alt_auth_test_form('radius',$frm)); - -require_once(e_ADMIN."footer.php"); +require_once(e_ADMIN.'footer.php'); function radius_conf_adminmenu()