diff --git a/e107_plugins/alt_auth/alt_auth_adminmenu.php b/e107_plugins/alt_auth/alt_auth_adminmenu.php
index 5773cdcd9..25296a0ad 100755
--- a/e107_plugins/alt_auth/alt_auth_adminmenu.php
+++ b/e107_plugins/alt_auth/alt_auth_adminmenu.php
@@ -1,5 +1,13 @@
array('prompt' => LAN_ALT_10, 'optname' => 'xf_user_loginname', 'default' => 'user_loginname', 'optional' => FALSE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => TRUE, 'ldap' => TRUE, 'ldap_field' => 'cn'),
+// 'user_password' => array('prompt' => LAN_ALT_11, 'optname' => 'xf_user_password', 'default' => 'user_password', 'optional' => FALSE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => TRUE, 'ldap' => TRUE, 'ldap_field' => ''),
+ 'user_email' => array('prompt' => LAN_ALT_12, 'optname' => 'xf_user_email', 'default' => 'user_email', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => TRUE, 'ldap_field' => 'mail'),
+ 'user_hideemail' => array('prompt' => LAN_ALT_13, 'optname' => 'xf_user_hideemail', 'default' => 'user_hideemail', 'optional' => TRUE, 'otherdb' => FALSE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => TRUE, 'ldap_field' => ''),
+ 'user_name' => array('prompt' => LAN_ALT_14, 'optname' => 'xf_user_name', 'default' => 'user_name', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => TRUE, 'ldap_field' => ''),
+ 'user_login' => array('prompt' => LAN_ALT_15, 'optname' => 'xf_user_login', 'default' => 'user_login', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => TRUE, 'ldap_field' => 'sn'),
+ 'user_customtitle'=> array('prompt' => LAN_ALT_16, 'optname' => 'xf_user_customtitle', 'default' => 'user_customtitle', 'optional' => TRUE, 'otherdb' => FALSE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => FALSE),
+ 'user_signature' => array('prompt' => LAN_ALT_17, 'optname' => 'xf_user_signature', 'default' => 'user_signature', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => FALSE),
+ 'user_image' => array('prompt' => LAN_ALT_18, 'optname' => 'xf_user_image', 'default' => 'user_image', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => FALSE),
+ 'user_sess' => array('prompt' => LAN_ALT_19, 'optname' => 'xf_user_sess', 'default' => 'user_sess', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => FALSE),
+ 'user_join' => array('prompt' => LAN_ALT_20, 'optname' => 'xf_user_join', 'default' => 'user_join', 'optional' => TRUE, 'otherdb' => FALSE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => TRUE, 'ldap_field' => ''),
+ 'user_ban' => array('prompt' => LAN_ALT_21, 'optname' => 'xf_user_ban', 'default' => 'user_ban', 'optional' => TRUE, 'otherdb' => FALSE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => FALSE),
+ 'user_class' => array('prompt' => LAN_ALT_22, 'optname' => 'xf_user_class', 'default' => 'user_class', 'optional' => TRUE, 'otherdb' => FALSE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => FALSE),
+ 'user_xup' => array('prompt' => LAN_ALT_23, 'optname' => 'xf_user_xup', 'default' => 'user_xup', 'optional' => TRUE, 'otherdb' => FALSE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => FALSE)
+);
+
+
+// Returns a block of table rows with user DB fields and either checkboxes or entry boxes
+// $tableType is the prefix used, without the following underscore
+function alt_auth_get_field_list($tableType, $frm, $parm, $asCheckboxes = FALSE)
+{
+ global $alt_auth_user_fields;
+ $ret = '';
+ foreach ($alt_auth_user_fields as $f => $v)
+ {
+ if ($v[$tableType] == TRUE)
+ {
+ $ret .= "|
\n";
+ }
+ }
+ return $ret;
+}
+
+
+// Returns a list of all the user-related fields allowed as an array, whhere the key is the field name
+function alt_auth_get_allowed_fields($tableType)
+{
+ global $alt_auth_user_fields;
+ $ret = array();
+ foreach ($alt_auth_user_fields as $f => $v)
+ {
+ if ($v[$tableType] == TRUE)
+ {
+ $fieldname = $tableType.'_'.$v['optname'];
+ $ret[$fieldname] = '1';
+ }
+ }
+ return $ret;
+}
+
+
+
+
+$common_fields = array(
+ 'server' => array('fieldname' => 'server', 'size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_32, 'help' => ''),
+ 'uname' => array('fieldname' => 'username', 'size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_33, 'help' => ''),
+ 'pwd' => array('fieldname' => 'password', 'size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_34, 'help' => ''),
+ 'db' => array('fieldname' => 'database', 'size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_35, 'help' => ''),
+ 'table' => array('fieldname' => 'table', 'size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_36, 'help' => ''),
+ 'ufield' => array('fieldname' => 'user_field','size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_37, 'help' => ''),
+ 'pwfield'=> array('fieldname' => 'password_field','size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_38, 'help' => ''),
+ 'salt' => array('fieldname' => 'password_salt','size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_24, 'help' => LAN_ALT_25)
+);
+
+function alt_auth_get_db_fields($prefix, $frm, $parm, $fields = 'server|uname|pwd|db|table|ufield|pwfield')
+{
+ global $common_fields;
+ $opts = explode('|',$fields);
+ $ret = '';
+ foreach ($common_fields as $fn => $cf)
+ {
+ if (in_array($fn,$opts))
+ {
+ $ret .= "|
\n";
+ }
+ }
+ return $ret;
+}
+
+
+
+// Write all the options to the DB. $prefix must NOT have trailing underscore
+function alt_auth_post_options($prefix)
+{
+ global $common_fields, $sql;
+ $lprefix = $prefix.'_';
+
+ $user_fields = alt_auth_get_allowed_fields($prefix); // Need this list in case checkboxes for parameters
+ foreach ($user_fields as $k => $v)
+ {
+ if (!isset($_POST[$k]))
+ {
+ $_POST[$k] = '0';
+ }
+ }
+
+
+ // Now we can post everything
+ foreach($_POST as $k => $v)
+ {
+ if (strpos($k,$lprefix) === 0)
+ {
+ $v = base64_encode(base64_encode($v));
+ if($sql -> db_Select("alt_auth", "*", "auth_type='{$prefix}' AND auth_parmname='{$k}' "))
+ {
+ $sql -> db_Update("alt_auth", "auth_parmval='{$v}' WHERE auth_type='{$prefix}' AND auth_parmname='{$k}' ");
+ }
+ else
+ {
+ $sql -> db_Insert("alt_auth", "'{$prefix}','{$k}','{$v}' ");
+ }
+ }
+ }
+ return LAN_ALT_UPDATED;
+}
+
+
+
+
+// Return test form
+function alt_auth_test_form($prefix,$frm)
+{
+ $text = $frm -> form_open("post", e_SELF, 'testform');
+ $text .= "
+ |
";
+
+ if (isset($_POST['testauth']))
+ {
+ // Try and connect to DB/server, and maybe validate user name
+ require_once(e_PLUGIN.'alt_auth/'.$prefix.'_auth.php');
+ $_login = new auth_login;
+ $log_result = AUTH_UNKNOWN;
+ $pass_vars = array();
+ $val_name = trim(varset($_POST['nametovalidate'],''));
+
+ if(isset($_login->Available) && ($_login->Available === FALSE))
+ { // Relevant auth method not available (e.g. PHP extension not loaded)
+ $log_result = AUTH_NOT_AVAILABLE;
+ }
+ else
+ {
+ $log_result = $_login -> login($val_name, $_POST['passtovalidate'], $pass_vars, ($val_name == ''));
+ }
+
+ $text .= "|
";
+ }
+
+ $text .= "|
";
+
+ $text .= "|
";
+
+ $text .= "|
";
+
+ $text .= "
";
+ $text .= $frm -> form_close();
+ return $text;
+}
+
+
+
function alt_auth_adminmenu()
{
global $authlist;
@@ -25,18 +266,18 @@ function alt_auth_adminmenu()
}
define("ALT_AUTH_ACTION", "main");
- $var['main']['text'] = "Main config";
+ $var['main']['text'] = LAN_ALT_31;
$var['main']['link'] = e_PLUGIN."alt_auth/alt_auth_conf.php";
show_admin_menu("alt auth", ALT_AUTH_ACTION, $var);
$var = array();
foreach($authlist as $a)
{
- if($a != 'e107')
- {
- $var[$a]['text'] = "Config {$a}";
- $var[$a]['link'] = e_PLUGIN."alt_auth/{$a}_conf.php";
- }
+ if($a != 'e107')
+ {
+ $var[$a]['text'] = LAN_ALT_30.$a;
+ $var[$a]['link'] = e_PLUGIN."alt_auth/{$a}_conf.php";
+ }
}
- show_admin_menu("Auth methods", ALT_AUTH_ACTION, $var);
+ show_admin_menu(LAN_ALT_29, ALT_AUTH_ACTION, $var);
}
?>
\ No newline at end of file
diff --git a/e107_plugins/alt_auth/alt_auth_login_class.php b/e107_plugins/alt_auth/alt_auth_login_class.php
index 1ac383db7..94c16abb3 100755
--- a/e107_plugins/alt_auth/alt_auth_login_class.php
+++ b/e107_plugins/alt_auth/alt_auth_login_class.php
@@ -11,77 +11,92 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_plugins/alt_auth/alt_auth_login_class.php,v $
-| $Revision: 1.2 $
-| $Date: 2007-01-12 02:49:56 $
-| $Author: mcfly_e107 $
+| $Revision: 1.3 $
+| $Date: 2008-07-25 19:33:02 $
+| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
class alt_login
{
function alt_login($method, &$username, &$userpass)
{
- global $pref;
- $newvals=array();
- define("AUTH_SUCCESS", -1);
- define("AUTH_NOUSER", 1);
- define("AUTH_BADPASSWORD", 2);
- define("AUTH_NOCONNECT", 3);
- require_once(e_PLUGIN."alt_auth/".$method."_auth.php");
- $_login = new auth_login;
+ global $pref;
+ $newvals=array();
+ define("AUTH_SUCCESS", -1);
+ define("AUTH_NOUSER", 1);
+ define("AUTH_BADPASSWORD", 2);
+ define("AUTH_NOCONNECT", 3);
+ require_once(e_PLUGIN."alt_auth/".$method."_auth.php");
+ $_login = new auth_login;
- if($_login->Available === FALSE)
- {
- return false;
- }
+ if(isset($_login->Available) && ($_login->Available === FALSE))
+ { // Relevant auth method not available (e.g. PHP extension not loaded)
+ return AUTH_NOCONNECT;
+ }
- $login_result = $_login -> login($username, $userpass, $newvals);
+
+ $login_result = $_login -> login($username, $userpass, $newvals, FALSE);
- if($login_result === AUTH_SUCCESS )
+ if($login_result === AUTH_SUCCESS )
+ {
+ if (MAGIC_QUOTES_GPC == FALSE)
{
- $sql = new db;
- if (MAGIC_QUOTES_GPC == FALSE)
- {
- $username = mysql_real_escape_string($username);
- }
- $username = preg_replace("/\sOR\s|\=|\#/", "", $username);
- $username = substr($username, 0, 30);
+ $username = mysql_real_escape_string($username);
+ }
+ $username = preg_replace("/\sOR\s|\=|\#/", "", $username);
+ $username = substr($username, 0, varset($pref['loginname_maxlength'],30));
- if(!$sql -> db_Select("user", "user_id", "user_loginname='{$username}' "))
- {
- // User not found in e107 database - add it now.
- $qry = "INSERT INTO #user (user_id, user_loginname, user_name, user_join) VALUES ('0','{$username}','{$username}',".time().")";
- $sql -> db_Select_gen($qry);
- }
- // Set password and any other applicable fields
- $qry="user_password='".md5($userpass)."'";
- foreach($newvals as $key => $val)
- {
- $qry .= " ,user_{$key}='{$val}' ";
- }
- $qry.=" WHERE user_loginname='{$username}' ";
- $sql -> db_Update("user", $qry);
+ $aa_sql = new db;
+ $uh = new UserHandler;
+ $db_vals = array('user_password' => $aa_sql->escape($uh->HashPassword($userpass,$username)));
+ foreach ($newvals as $k => $v)
+ {
+ if (strpos($k,'user_' !== 0)) $k = 'user_'.$k; // translate the field names (but latest handlers don't need translation)
+ $db_vals[$k] = $v;
+ }
+ if($aa_sql -> db_Select("user","*","user_loginname='{$username}' "))
+ { // Existing user - get current data, see if any changes
+ $row = $aa_sql->db_Fetch();
+ foreach ($db_vals as $k => $v)
+ {
+ if ($row[$k] == $v) unset($db_vals[$k]);
+ }
+ if (count($db_vals)) $aa_sql->db_UpdateArray('user',$db_vals," WHERE `user_id`=".$row['user_id']);
}
else
+ { // Just add a new user
+ if (!isset($db_vals['user_name'])) $db_vals['user_name'] = $username;
+ if (!isset($db_vals['user_loginname'])) $db_vals['user_loginname'] = $username;
+ if (!isset($db_vals['user_join'])) $db_vals['user_join'] = time();
+ $aa_sql->db_Insert('user',$db_vals);
+ }
+ return LOGIN_CONTINUE;
+ }
+ else
+ { // Failure modes
+ switch($login_result)
{
- switch($login_result)
+ case AUTH_NOUSER:
+ if(!varset($pref['auth_nouser'],0))
{
- case AUTH_NOUSER:
- if(!isset($pref['auth_nouser']) || !$pref['auth_nouser'])
- {
- $username=md5("xx_nouser_xx");
- }
- break;
- case AUTH_NOCONNECT:
- if(!isset($pref['auth_noconn']) || !$pref['auth_noconn'])
- {
- $username=md5("xx_noconn_xx");
- }
- break;
- case AUTH_BADPASSWORD:
- $userpass=md5("xx_badpassword_xx");
- break;
+ $username=md5("xx_nouser_xx");
+ return LOGIN_ABORT;
}
- }
+ break;
+ case AUTH_NOCONNECT:
+ if(!varset($pref['auth_noconn']))
+ {
+ $username=md5("xx_noconn_xx");
+ return LOGIN_ABORT;
+ }
+ break;
+ case AUTH_BADPASSWORD:
+ $userpass=md5("xx_badpassword_xx");
+ return LOGIN_ABORT; // Not going to magically be able to log in!
+ break;
+ }
+ }
+ return LOGIN_ABORT; // catch-all just in case
}
}
?>
\ No newline at end of file
diff --git a/e107_plugins/alt_auth/alt_auth_readme.txt b/e107_plugins/alt_auth/alt_auth_readme.txt
deleted file mode 100755
index 810d1fde2..000000000
--- a/e107_plugins/alt_auth/alt_auth_readme.txt
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
-| Copyright (C) 2003 Thom Michelbrink
-|
-| Author: Thom Michelbrink mcfly@e107.org
-|
-*/
-
-Purpose:
-
- This is a plugin for the E107 CMS system (e107.org).
- This plugin will enable Alternate authorization functionality to your site.
-
-Requirements:
-
- This plugin requires e107 Verion 0.600+
-
-############## INSTALLATION #######################
-
-1) Upload all files to your e107_plugins directory on your server, retaining directory structure.
-2) Go to the admin section of the website, go the to plugin manager and install the Alt auth.
-3) Go to the admin section of the website and configure the Alternate Authorization setting.
-
-Until this is integrated into the e107 core. the following lines need to be added to the e107_handlers\login.php file. They need to be inserted into the userlogin() function, just after the 'global $pref;' line:
-
- if($pref['auth_method'] && $pref['auth_method'] != "e107"){
- $auth_file=e_PLUGIN."alt_auth/".$pref['auth_method']."_auth.php";
- if(file_exists($auth_file)){
- require_once(e_PLUGIN."alt_auth/alt_auth_login_class.php");
- $result = new alt_login($pref['auth_method'],$username, $userpass);
- }
- }
-
-
---- AUTHORIZATION TYPES --
-This version currently supports Active Directory and LDAP authorization types. Others could easily
-be added though.
-
-The requirements to add a new auth type are:
-
-xxx_auth.php - Actual file the performs the authorization based on user input of uname / passwd.
-xxx_conf.php - The file used to edit any configuration option for your auth type.
-
-The xxx_auth.php must contain a class named auth_login(), the class must contain a function named login($uname,$passwd). The login() function must return values of:
-AUTH_SUCCESS - valid login
-AUTH_NOUSER - User not found
-AUTH_BADPASSWORD - Password is incorrect
------------------------------------------------------------------------------
-
-Version history:
-
-11/11/2003 - Initial beta release
-
diff --git a/e107_plugins/alt_auth/alt_auth_sql.php b/e107_plugins/alt_auth/alt_auth_sql.php
new file mode 100644
index 000000000..253f9bde7
--- /dev/null
+++ b/e107_plugins/alt_auth/alt_auth_sql.php
@@ -0,0 +1,5 @@
+CREATE TABLE alt_auth (
+ auth_type varchar(20) NOT NULL default '',
+ auth_parmname varchar(30) NOT NULL default '',
+ auth_parmval varchar(120) NOT NULL default ''
+) TYPE=MyISAM;
\ No newline at end of file
diff --git a/e107_plugins/alt_auth/alt_login_class.php b/e107_plugins/alt_auth/alt_login_class.php
deleted file mode 100644
index 9fc06249d..000000000
--- a/e107_plugins/alt_auth/alt_login_class.php
+++ /dev/null
@@ -1,56 +0,0 @@
- login($username,$userpass,$newvals);
-
- if($login_result === AUTH_SUCCESS ){
- $sql = new db;
- if(!$sql -> db_Select("user","*","user_loginname='{$username}' ")){
- // User not found in e107 database - add it now.
- $qry = "INSERT INTO ".MPREFIX."user (user_id, user_loginname, user_name, user_join) VALUES ('0', '{$username}', '{$username}', ".time().")";
- $sql -> db_Select_gen($qry);
- }
- // Set password and any other applicable fields
- $qry="user_password='".md5($userpass)."'";
- foreach($newvals as $key => $val){
- $qry .= " ,user_{$key}='{$val}' ";
- }
- $qry.=" WHERE user_loginname='{$username}' ";
- $sql -> db_Update("user",$qry);
- } else {
- switch($login_result){
- case AUTH_NOUSER:
- $username=md5("xx_nouser_xx");
- break;
- case AUTH_BADPASSWORD:
- $userpass=md5("xx_badpassword_xx");
- break;
- }
- }
- }
-}
-?>
\ No newline at end of file
diff --git a/e107_plugins/alt_auth/e107db_auth.php b/e107_plugins/alt_auth/e107db_auth.php
new file mode 100644
index 000000000..39b2a9cb0
--- /dev/null
+++ b/e107_plugins/alt_auth/e107db_auth.php
@@ -0,0 +1,152 @@
+ db_Select("alt_auth", "*", "auth_type = 'e107db' ");
+ while($row = $sql -> db_Fetch())
+ {
+ $e107db_conf[$row['auth_parmname']] = base64_decode(base64_decode($row['auth_parmval']));
+ }
+ $class_name = "e107db_mysql_class";
+
+ if(class_exists($class_name))
+ {
+ $this->od = new $class_name($e107db_conf);
+ $this->Available = TRUE;
+ }
+ else
+ {
+ $this->Available = FALSE;
+ return AUTH_NOCONNECT;
+ }
+ }
+
+ function login($uname, $pword, &$newvals, $connect_only = FALSE)
+ {
+ global $mySQLserver, $mySQLuser, $mySQLpassword, $mySQLdefaultdb, $sql;
+ $ret = $this->od->login($uname, $pword, $newvals, $connect_only);
+ $sql->db_Connect($mySQLserver, $mySQLuser, $mySQLpassword, $mySQLdefaultdb);
+ return $ret;
+ }
+
+}
+
+class e107db_mysql_class
+{
+
+ var $conf;
+
+ function e107db_mysql_class($otherdb_conf)
+ {
+ $this->conf = $otherdb_conf;
+// print_a($this->conf);
+ }
+
+
+
+ function login($uname, $pword, &$newvals, $connect_only = FALSE)
+ {
+ //Attempt to open connection to sql database
+ if(!$res = mysql_connect($this->conf['e107db_server'], $this->conf['e107db_username'], $this->conf['e107db_password']))
+ {
+ return AUTH_NOCONNECT;
+ }
+ //Select correct db
+ if(!mysql_select_db($this->conf['e107db_database'], $res))
+ {
+ mysql_close($res);
+ return AUTH_NOCONNECT;
+ }
+ if ($connect_only) return AUTH_SUCCESS; // Test mode may just want to connect to the DB
+
+ $sel_fields = array();
+ // Make an array of the fields we want from the source DB
+ foreach($this->conf as $k => $v)
+ {
+ if ($v && (strpos($k,'e107db_xf_') === 0))
+ {
+ $sel_fields[] = substr($k,strlen('e107db_xf_'));
+ }
+ }
+ $sel_fields[] = 'user_password';
+ $user_field = 'user_loginname';
+
+
+ //Get record containing supplied login name
+ $qry = "SELECT ".implode(',',$sel_fields)." FROM ".MPREFIX."user WHERE {$user_field} = '{$uname}'";
+// echo "Query: {$qry}
";
+ if(!$r1 = mysql_query($qry))
+ {
+ mysql_close($res);
+ return AUTH_NOCONNECT;
+ }
+ if(!$row = mysql_fetch_array($r1))
+ {
+ mysql_close($res);
+ return AUTH_NOUSER;
+ }
+
+ mysql_close($res); // Finished with 'foreign' DB now
+
+ // Got something from the DB - see whether password valid
+ require_once(e_PLUGIN.'alt_auth/extended_password_handler.php'); // This auto-loads the 'standard' password handler as well
+ $pass_check = new ExtendedPasswordHandler();
+
+ $passMethod = $pass_check->passwordMapping($this->conf['e107db_password_method']);
+ if ($passMethod === FALSE) return AUTH_BADPASSWORD;
+
+ $pwFromDB = $row['user_password']; // Password stored in DB
+
+ if ($pass_check->checkPassword($pword, $uname, $pwFromDB, $passMethod) !== PASSWORD_VALID)
+ {
+ return AUTH_BADPASSWORD;
+ }
+
+ // Now copy across any values we have selected
+ foreach($this->conf as $k => $v)
+ {
+ if ($v && (strpos($k,'e107db_xf_') === 0))
+ {
+ $f = substr($k,strlen('e107db_xf_'));
+ if (isset($row[$f])) $newvals[$f] = $row[$f];
+ }
+ }
+ return AUTH_SUCCESS;
+ }
+}
+
+?>
\ No newline at end of file
diff --git a/e107_plugins/alt_auth/e107db_conf.php b/e107_plugins/alt_auth/e107db_conf.php
new file mode 100644
index 000000000..c99e96466
--- /dev/null
+++ b/e107_plugins/alt_auth/e107db_conf.php
@@ -0,0 +1,122 @@
+tablerender("","".$message."
");
+}
+
+
+show_e107db_form();
+
+function show_e107db_form()
+{
+ global $sql, $tp, $ns;
+
+
+ $password_methods = ExtendedPasswordHandler::GetPasswordTypes('core');
+
+ $sql -> db_Select("alt_auth", "*", "auth_type = 'e107db' ");
+ $parm = array();
+ while($row = $sql->db_Fetch())
+ {
+ $parm[$row['auth_parmname']] = base64_decode(base64_decode($row['auth_parmval']));
+ }
+
+ $frm = new form;
+ $text = $frm -> form_open("post", e_SELF);
+ $text .= "";
+
+ $text .= "|
";
+
+ $text .= alt_auth_get_db_fields('e107db', $frm, $parm, 'server|uname|pwd|db');
+
+ $text .= "|
";
+
+ $text .= "|
";
+
+ $text .= alt_auth_get_field_list('e107db',$frm, $parm, TRUE);
+
+ $text .= "|
";
+
+ $text .= "
";
+ $text .= $frm -> form_close();
+
+ $ns -> tablerender(E107DB_LAN_10, $text);
+
+ $ns->tablerender(LAN_ALT_40.LAN_ALT_41,alt_auth_test_form('e107db',$frm));
+}
+
+require_once(e_ADMIN."footer.php");
+
+
+
+// Obsolete function update_e107db_prefs()
+/*
+function update_e107db_prefs()
+{
+ global $sql;
+ foreach($_POST as $k => $v)
+ {
+ $v = base64_encode(base64_encode($v));
+
+ if (substr($k,0,7) == 'e107db_')
+// if(preg_match("/e107db_/", $k))
+ {
+ if($sql -> db_Select("alt_auth", "*", "auth_type='e107db' AND auth_parmname='{$k}' "))
+ {
+ $sql -> db_Update("alt_auth", "auth_parmval='{$v}' WHERE auth_type='e107db' AND auth_parmname='{$k}' ");
+ }
+ else
+ {
+ $sql -> db_Insert("alt_auth", "'e107db','{$k}','{$v}' ");
+ }
+ }
+ }
+ return E107DB_LAN_UPDATED;
+}
+*/
+function e107db_conf_adminmenu()
+{
+ alt_auth_adminmenu();
+}
+
+?>
diff --git a/e107_plugins/alt_auth/extended_password_handler.php b/e107_plugins/alt_auth/extended_password_handler.php
new file mode 100644
index 000000000..b0cf9f23f
--- /dev/null
+++ b/e107_plugins/alt_auth/extended_password_handler.php
@@ -0,0 +1,266 @@
+itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
+ $this->UserHandler(); // Ancestor constructor
+ }
+
+
+ // Return a number of random bytes as specified by $count
+ function get_random_bytes($count)
+ {
+ $this->random_state = md5($this->random_state.microtime().mt_rand(0,10000)); // This will 'auto seed'
+
+ $output = '';
+ for ($i = 0; $i < $count; $i += 16)
+ { // Only do this loop once unless we need more than 16 bytes
+ $this->random_state = md5(microtime() . $this->random_state);
+ $output .= pack('H*', md5($this->random_state)); // Becomes an array of 16 bytes
+ }
+ $output = substr($output, 0, $count);
+
+ return $output;
+ }
+
+
+ // Encode to base64 (each block of three 8-bit chars becomes 4 printable chars)
+ // Use first $count characters of $input string
+ function encode64($input, $count)
+ {
+ $output = '';
+ $i = 0;
+ do
+ {
+ $value = ord($input[$i++]);
+ $output .= $this->itoa64[$value & 0x3f];
+ if ($i < $count) $value |= ord($input[$i]) << 8;
+ $output .= $this->itoa64[($value >> 6) & 0x3f];
+ if ($i++ >= $count) break;
+ if ($i < $count) $value |= ord($input[$i]) << 16;
+ $output .= $this->itoa64[($value >> 12) & 0x3f];
+ if ($i++ >= $count) break;
+ $output .= $this->itoa64[($value >> 18) & 0x3f];
+ } while ($i < $count);
+
+ return $output;
+ }
+
+
+
+ // Method for PHPBB3-style salted passwords, which begin '$H$'
+ // Given a plaintext password and the complete password/hash function (which includes any salt), calculate hash
+ // Returns FALSE on error
+ function crypt_private($password, $stored_password)
+ {
+ $output = '*0';
+ if (substr($stored_password, 0, 2) == $output)
+ $output = '*1';
+
+ switch (substr($stored_password, 0, 3))
+ {
+ case PASSWORD_PHPBB_ID : // PHPBB3 encoding
+ case PASSWORD_ORIG_ID : // Original algorithm's encoding
+ break;
+ default :
+ return $output;
+ }
+
+ $count_log2 = strpos($this->itoa64, $stored_password[3]); // 4th character indicates hash depth count
+ if ($count_log2 < 7 || $count_log2 > 30)
+ return $output;
+
+ $count = 1 << $count_log2;
+
+ $salt = substr($stored_password, 4, 8); // Salt is characters 5..12
+ if (strlen($salt) != 8)
+ return $output;
+
+ # We're kind of forced to use MD5 here since it's the only
+ # cryptographic primitive available in all versions of PHP
+ # currently in use. To implement our own low-level crypto
+ # in PHP would result in much worse performance and
+ # consequently in lower iteration counts and hashes that are
+ # quicker to crack (by non-PHP code).
+ if (PHP_VERSION >= '5')
+ { // Get raw binary output (always 16 bytes)
+ $hash = md5($salt . $password, TRUE);
+ do
+ {
+ $hash = md5($hash . $password, TRUE);
+ } while (--$count);
+ }
+ else
+ { // Use 'pack' to create 16 bytes from the hex string
+ $hash = pack('H*', md5($salt . $password));
+ do
+ {
+ $hash = pack('H*', md5($hash . $password));
+ } while (--$count);
+ }
+
+ $output = substr($setting, 0, 12); // Identifier, shift count and salt - total 12 chars
+ $output .= $this->encode64($hash, 16); // Returns 22-character string
+
+ return $output;
+ }
+
+
+ // Return array of supported password types - key is used internally, text is displayed
+ function getPasswordTypes($include_core = FALSE)
+ {
+ $vals = array();
+ if ($include_core)
+ {
+ $vals = array('md5' => IMPORTDB_LAN_7,'e107_salt' => IMPORTDB_LAN_8); // Methods supported in core
+ }
+ if (is_bool($include_core))
+ {
+ $vals = array_merge($vals,array(
+ 'plaintext' => IMPORTDB_LAN_2,
+ 'joomla_salt' => IMPORTDB_LAN_3,
+ 'mambo_salt' => IMPORTDB_LAN_4,
+ 'smf_sha1' => IMPORTDB_LAN_5,
+ 'sha1' => IMPORTDB_LAN_6,
+ 'phpbb3_salt' => IMPORTDB_LAN_12
+ ));
+ }
+ return $vals;
+ }
+
+
+ // Return password type which relates to a specific foreign system
+ function passwordMapping($ptype)
+ {
+ $maps = array(
+ 'plaintext' => PASSWORD_PLAINTEXT,
+ 'joomla_salt' => PASSWORD_JOOMLA_SALT,
+ 'mambo_salt' => PASSWORD_MAMBO_SALT,
+ 'smf_sha1' => PASSWORD_GENERAL_SHA1,
+ 'sha1' => PASSWORD_GENERAL_SHA1,
+ 'mambo' => PASSWORD_GENERAL_MD5,
+ 'phpbb2' => PASSWORD_GENERAL_MD5,
+ 'e107' => PASSWORD_GENERAL_MD5,
+ 'md5' => PASSWORD_GENERAL_MD5,
+ 'e107_salt' => PASSWORD_E107_SALT,
+ 'phpbb2_salt' => PASSWORD_PHPBB_SALT
+ );
+ if (isset($maps[$ptype])) return $maps[$ptype];
+ return FALSE;
+ }
+
+
+ // Extension of password validation -
+ function CheckPassword($pword, $login_name, $stored_hash, $password_type = PASSWORD_DEFAULT_TYPE)
+ {
+ switch ($password_type)
+ {
+ case PASSWORD_GENERAL_MD5 :
+ case PASSWORD_E107_MD5 :
+ $pwHash = md5($pword);
+ break;
+
+ case PASSWORD_GENERAL_SHA1 :
+ if (strlen($stored_hash) != 40) return PASSWORD_INVALID;
+ $pwHash = sha1($pword);
+ break;
+
+ case PASSWORD_JOOMLA_SALT :
+ case PASSWORD_MAMBO_SALT :
+ if ((strpos($row['user_password'], ':') === false) || (strlen($row[0]) < 40))
+ {
+ return PASSWORD_INVALID;
+ }
+ // Mambo/Joomla salted hash - should be 32-character md5 hash, ':', 16-character salt (but could be 8-char salt, maybe)
+ list($hash, $salt) = explode(':', $stored_hash);
+ $pwHash = md5($pword.$salt);
+ $stored_hash = $hash;
+ break;
+
+ case PASSWORD_E107_SALT :
+ return UserHandler::CheckPassword($password, $login_name, $stored_hash);
+ break;
+
+ case PASSWORD_PHPBB_SALT :
+ if (strlen($stored_hash) != 34) return PASSWORD_INVALID;
+ $pwHash = $this->HashPassword($pword, PASSWORD_PHPBB_SALT);
+ break;
+
+ case PASSWORD_PLAINTEXT :
+ $pwHash = $pword;
+ break;
+
+ default :
+ return PASSWORD_INVALID;
+ }
+ if ($stored_hash != $pwHash) return PASSWORD_INVALID;
+ return PASSWORD_VALID;
+ }
+
+}
+
+
+?>
\ No newline at end of file
diff --git a/e107_plugins/alt_auth/importdb_auth.php b/e107_plugins/alt_auth/importdb_auth.php
new file mode 100644
index 000000000..191a628e3
--- /dev/null
+++ b/e107_plugins/alt_auth/importdb_auth.php
@@ -0,0 +1,101 @@
+ db_Select("alt_auth", "*", "auth_type = 'importdb' ")) return AUTH_NOCONNECT; // We should get at least one value
+ while ($row = $sql -> db_Fetch())
+ {
+ $importdb_conf[$row['auth_parmname']] = base64_decode(base64_decode($row['auth_parmval']));
+ }
+ $this->Available = TRUE;
+ $this->od = new importdb_mysql_class;
+ }
+
+
+ function login($uname, $pword, &$newvals, $connect_only = FALSE)
+ {
+// global $mySQLserver, $mySQLuser, $mySQLpassword, $mySQLdefaultdb, $sql;
+ $ret = $this->od->login($uname, $pword, $newvals, $connect_only);
+// $sql->db_Connect($mySQLserver, $mySQLuser, $mySQLpassword, $mySQLdefaultdb);
+ return $ret;
+ }
+
+}
+
+class importdb_mysql_class
+{
+
+ var $conf;
+
+ function importdb_mysql_class()
+ {
+ global $importdb_conf;
+ $this->conf = $importdb_conf;
+ }
+
+ function login($uname, $pword, &$newvals, $connect_only = FALSE)
+ {
+ if ($connect_only) return AUTH_SUCCESS; // Big problem if can't connect to our own DB!
+
+ // See if the user's in the E107 database - otherwise they can go away
+ global $sql, $tp;
+ if (!$sql->db_Select("user", "user_loginname, user_password", "user_loginname = '".$tp -> toDB($uname)."'"))
+ { // Invalid user
+ return AUTH_NOUSER;
+ }
+
+ // Now look at their password - we always need to verify it, even if its a core E107 format.
+ // Higher levels will always convert an authorised password to E107 format and save it for us.
+ if (!$row = $sql->db_Fetch())
+ {
+ return AUTH_NOCONNECT; // Debateable return code - really a DB error. But consistent with other handler
+ }
+
+ require_once(e_PLUGIN.'alt_auth/extended_password_handler.php'); // This auto-loads the 'standard' password handler as well
+ $pass_check = new ExtendedPasswordHandler();
+
+ $passMethod = $pass_check->passwordMapping($this->conf['importdb_password_method']);
+ if ($passMethod === FALSE) return AUTH_BADPASSWORD;
+
+ $pwFromDB = $row['user_password']; // Password stored in DB
+ if ($pass_check->checkPassword($pword, $uname, $pwFromDB, $passMethod) !== PASSWORD_VALID)
+ {
+ return AUTH_BADPASSWORD;
+ }
+ return AUTH_SUCCESS;
+ }
+}
+
+?>
\ No newline at end of file
diff --git a/e107_plugins/alt_auth/importdb_conf.php b/e107_plugins/alt_auth/importdb_conf.php
new file mode 100644
index 000000000..a1b4319fa
--- /dev/null
+++ b/e107_plugins/alt_auth/importdb_conf.php
@@ -0,0 +1,124 @@
+tablerender("","".$message."
");
+}
+
+
+show_importdb_form();
+
+function show_importdb_form()
+{
+ global $sql, $tp, $ns;
+
+ $password_methods = ExtendedPasswordHandler::GetPasswordTypes(FALSE);
+
+
+ // Get the parameters
+ $sql -> db_Select("alt_auth", "*", "auth_type = 'importdb' ");
+ $parm = array();
+ while($row = $sql->db_Fetch())
+ {
+ $parm[$row['auth_parmname']] = base64_decode(base64_decode($row['auth_parmval']));
+ }
+
+
+ $frm = new form;
+ $text = $frm -> form_open("post", e_SELF);
+ $text .= "";
+
+
+ $text .= "|
";
+/* $text .= $frm -> form_select_open("importdb_dbtype");
+ foreach($db_types as $k => $v)
+ {
+ $sel = ($parm['importdb_dbtype'] == $k) ? " Selected" : "";
+ $text .= $frm -> form_option($v, $sel, $k);
+ }
+ $text .= $frm -> form_select_close();
+ $text .= "";
+*/
+ $text .= "|
";
+
+ $text .= "|
";
+
+ $text .= "
";
+ $text .= $frm -> form_close();
+
+ $ns -> tablerender(IMPORTDB_LAN_10, $text);
+
+ $ns->tablerender(LAN_ALT_40.LAN_ALT_41,alt_auth_test_form('importdb',$frm));
+
+}
+
+require_once(e_ADMIN."footer.php");
+
+/*
+function update_importdb_prefs()
+{
+ global $sql;
+ foreach($_POST as $k => $v)
+ {
+ $v = base64_encode(base64_encode($v));
+
+ if(preg_match("/importdb_/", $k))
+ {
+ if($sql -> db_Select("alt_auth", "*", "auth_type='importdb' AND auth_parmname='{$k}' "))
+ {
+ $sql -> db_Update("alt_auth", "auth_parmval='{$v}' WHERE auth_type='importdb' AND auth_parmname='{$k}' ");
+ }
+ else
+ {
+ $sql -> db_Insert("alt_auth", "'importdb','{$k}','{$v}' ");
+ }
+ }
+ }
+ return "Settings Updated";
+}
+*/
+
+function importdb_conf_adminmenu()
+{
+ alt_auth_adminmenu();
+}
+
+?>
diff --git a/e107_plugins/alt_auth/languages/English/lan_alt_auth_conf.php b/e107_plugins/alt_auth/languages/English/lan_alt_auth_conf.php
index a38a6fbcf..badc4684a 100755
--- a/e107_plugins/alt_auth/languages/English/lan_alt_auth_conf.php
+++ b/e107_plugins/alt_auth/languages/English/lan_alt_auth_conf.php
@@ -1,15 +1,68 @@
diff --git a/e107_plugins/alt_auth/languages/English/lan_e107db_auth.php b/e107_plugins/alt_auth/languages/English/lan_e107db_auth.php
new file mode 100644
index 000000000..a0f94b264
--- /dev/null
+++ b/e107_plugins/alt_auth/languages/English/lan_e107db_auth.php
@@ -0,0 +1,16 @@
+
diff --git a/e107_plugins/alt_auth/languages/English/lan_importdb_auth.php b/e107_plugins/alt_auth/languages/English/lan_importdb_auth.php
new file mode 100644
index 000000000..4003889a4
--- /dev/null
+++ b/e107_plugins/alt_auth/languages/English/lan_importdb_auth.php
@@ -0,0 +1,19 @@
+
diff --git a/e107_plugins/alt_auth/languages/English/lan_ldap_auth.php b/e107_plugins/alt_auth/languages/English/lan_ldap_auth.php
index 89b96b931..f946fe7c5 100755
--- a/e107_plugins/alt_auth/languages/English/lan_ldap_auth.php
+++ b/e107_plugins/alt_auth/languages/English/lan_ldap_auth.php
@@ -9,7 +9,11 @@ define("LDAPLAN_7", "eDirectory search filter:");
define("LDAPLAN_8", "This will be used to ensure the username is in the correct tree,
ie '(objectclass=inetOrgPerson)'");
define("LDAPLAN_9", "Current search filter will be:");
define("LDAPLAN_10", "Settings Updated");
-define("LDAPLAN_11", "WARNING: It appears as if the ldap module is not currently available, setting your auth method to LDAP will probably not work!");
+define("LDAPLAN_11", "WARNING: It appears as if the ldap module is not currently available; setting your auth method to LDAP will probably not work!");
define("LDAPLAN_12", "Server Type");
define("LDAPLAN_13", "Update settings");
+define("LDAPLAN_14", "To transfer a field (attribute) value into the local database, specify its name in the corresponding box below. Fields marked with
+ an asterisk (*) are mandatory.
+
Leave the box blank for it not to be transferred at all");
+
?>
diff --git a/e107_plugins/alt_auth/languages/English/lan_otherdb_auth.php b/e107_plugins/alt_auth/languages/English/lan_otherdb_auth.php
index 8a381ed3a..29536b445 100644
--- a/e107_plugins/alt_auth/languages/English/lan_otherdb_auth.php
+++ b/e107_plugins/alt_auth/languages/English/lan_otherdb_auth.php
@@ -9,6 +9,20 @@ define("OTHERDB_LAN_7", "Username Field:");
define("OTHERDB_LAN_8", "Password Field:");
define("OTHERDB_LAN_9", "Password Method:");
define("OTHERDB_LAN_10", "Configure otherdb auth");
-define("OTHERDB_LAN_11", "** The following fields are not required if using an e107 database");
+define("OTHERDB_LAN_11", "To transfer a field value into the local database, specify the field name in the corresponding box below. Fields marked with
+ an asterisk (*) are mandatory.
Leave the field blank for it not to be transferred at all");
+define('OTHERDB_LAN_12', 'Password Salt Field:');
+define('OTHERDB_LAN_13', '(Leave blank if not used)');
+define('OTHERDB_LAN_14', 'Email address Field:');
+define('OTHERDB_LAN_15', 'MySQL - generic database');
+
+define("IMPORTDB_LAN_2", 'Plain Text');
+define("IMPORTDB_LAN_3", 'Joomla salted');
+define("IMPORTDB_LAN_4", 'Mambo salted');
+define("IMPORTDB_LAN_5", 'SMF (SHA1)');
+define("IMPORTDB_LAN_6", 'Generic SHA1');
+define("IMPORTDB_LAN_7", 'MD5 (E107 original)');
+define("IMPORTDB_LAN_8", 'E107 salted (option 0.8 on)');
+define("IMPORTDB_LAN_12", 'PHPBB2/PHPBB3 salted');
?>
diff --git a/e107_plugins/alt_auth/ldap_auth.php b/e107_plugins/alt_auth/ldap_auth.php
index 649631219..bc6043a41 100755
--- a/e107_plugins/alt_auth/ldap_auth.php
+++ b/e107_plugins/alt_auth/ldap_auth.php
@@ -11,9 +11,12 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_plugins/alt_auth/ldap_auth.php,v $
-| $Revision: 1.1.1.1 $
-| $Date: 2006-12-02 04:34:43 $
-| $Author: mcfly_e107 $
+| $Revision: 1.2 $
+| $Date: 2008-07-25 19:33:02 $
+| $Author: e107steved $
+
+To do:
+ 1. Sort out a method of just checking the connection on login (needed for test)
+----------------------------------------------------------------------------+
*/
@@ -32,16 +35,22 @@ class auth_login
var $ldapVersion;
var $Available;
var $filter;
+ var $copyAttribs; // Any attributes which are to be copied on successful login
function auth_login()
{
+ $this->copyAttribs = array();
$sql = new db;
$sql -> db_Select("alt_auth", "*", "auth_type = 'ldap' ");
while($row = $sql -> db_Fetch())
{
- $ldap[$row['auth_parmname']]=$row['auth_parmval'];
+ $ldap[$row['auth_parmname']] = base64_decode(base64_decode($row['auth_parmval']));
+ if ((strpos($row['auth_parmname'],'ldap_xf_') === 0) && $ldap[$row['auth_parmname']])
+ { // Attribute to copy on successful login
+ $this->copyAttribs[$ldap[$row['auth_parmname']]] = substr($row['auth_parmname'],strlen('ldap_xf_')); // Key = LDAP attribute. Value = e107 field name
+ unset($row['auth_parmname']);
+ }
}
-
$this->server = explode(",", $ldap['ldap_server']);
$this->serverType = $ldap['ldap_servertype'];
$this->dn = $ldap['ldap_basedn'];
@@ -62,6 +71,8 @@ class auth_login
}
}
+
+
function connect()
{
foreach ($this->server as $key => $host)
@@ -81,6 +92,8 @@ class auth_login
return false;
}
+
+
function close()
{
if ( !@ldap_close( $this->connection))
@@ -95,67 +108,121 @@ class auth_login
}
}
- function login($uname, $pass)
+
+
+ function login($uname, $pass, &$newvals, $connect_only = FALSE)
{
/* Construct the full DN, eg:-
** "uid=username, ou=People, dc=orgname,dc=com"
*/
+// echo "Login to server type: {$this->serverType}
";
+ $current_filter = "";
if ($this->serverType == "ActiveDirectory")
{
- $checkDn = "$uname@$this->dn";
+ $checkDn = $uname.'@'.$this->dn;
}
else
{
- if ($this -> usr != '' && $this -> pwd != '')
- {
- $this -> result = ldap_bind($this -> connection, $this -> usr, $this -> pwd);
- }
- else
- {
- $this -> result = ldap_bind($this -> connection);
- }
+ if ($this -> usr != '' && $this -> pwd != '')
+ {
+ $this -> result = ldap_bind($this -> connection, $this -> usr, $this -> pwd);
+ }
+ else
+ {
+ $this -> result = ldap_bind($this -> connection);
+ }
+ if ($this->result === FALSE)
+ {
+// echo "LDAP bind failed
";
+ return AUTH_NOCONNECT;
+ }
// In ldap_auth.php, should look like this instead for eDirectory
// $query = ldap_search($this -> connection, $this -> dn, "cn=".$uname);
- if($this->serverType == "eDirectory")
- {
- $_filter = (isset($ldap['ldap_edirfilter']) ? $ldap['ldap_edirfilter'] : "");
- $current_filter = "(&(cn={$uname})".$this->filter.")";
- $query = ldap_search($this->connection, $this->dn, $current_filter);
- }
- else
- {
- $query = ldap_search($this->connection, $this->dn, "uid=".$uname);
- }
+ if($this->serverType == "eDirectory")
+ {
+ $current_filter = "(&(cn={$uname})".$this->filter.")";
+ }
+ else
+ {
+ $current_filter = "uid=".$uname;
+ }
+// echo "LDAP search: {$this->dn}, {$current_filter}
";
+ $query = ldap_search($this->connection, $this->dn, $current_filter);
- if ($query == false)
- {
+ if ($query === false)
+ {
// Could not perform query to LDAP directory
- return AUTH_NOCONNECT;
+ echo "LDAP - search for user failed
";
+ return AUTH_NOCONNECT;
+ }
+ else
+ {
+ $query_result = ldap_get_entries($this -> connection, $query);
+
+ if ($query_result["count"] != 1)
+ {
+ if ($connect_only) return AUTH_SUCCESS; else return AUTH_NOUSER;
}
else
{
- $query_result = ldap_get_entries($this -> connection, $query);
-
- if ($query_result["count"] != 1)
- {
- return AUTH_NOUSER;
- }
- else
- {
- $checkDn = $query_result[0]["dn"];
- $this -> close();
- $this -> connect();
- }
+ $checkDn = $query_result[0]["dn"];
+ $this -> close();
+ $this -> connect();
}
+ }
}
+
// Try and connect...
$this->result = ldap_bind($this -> connection, $checkDn, $pass);
if ( $this->result)
{
- // Connected OK - login credentials are fine!
- return AUTH_SUCCESS;
+ // Connected OK - login credentials are fine!
+ // But bind can return success even if no password! Does reject an invalid password, however
+ if ($connect_only) return AUTH_SUCCESS;
+ if (trim($pass) == '') return AUTH_BADPASSWORD; // Pick up a blank password
+ if (count($this->copyAttribs) == 0) return AUTH_SUCCESS; // No attributes required - we're done
+ $ldap_attributes = array_keys($this->copyAttribs);
+// echo "Validation search: {$checkDn}, {$current_filter},"; print_a($ldap_attributes); echo "
";
+ $this->result = ldap_search($this -> connection, $checkDn, $current_filter, $ldap_attributes);
+
+ if ($this->result)
+ {
+ $entries = ldap_get_entries($this->connection, $this->result);
+// print_a($entries);
+ if (count($entries) == 2)
+ { // All OK
+ for ($j = 0; $j < $entries[0]['count']; $j++)
+ {
+ $k = $entries[0][$j];
+ $tlv = $entries[0][$k];
+ if (is_array($tlv) && isset($this->copyAttribs[$k]))
+ { // This bit executed if we've successfully got some data. Key is the attribute name, then array of data
+ $newvals[$this->copyAttribs[$k]] = $tlv[0]; // Just grab the first value
+// echo $j.":Key: {$k} (Values: {$tlv['count']})";
+// for ($i = 0; $i < $tlv['count']; $i++) { echo ' '.$tlv[$i]; }
+// echo "
";
+ }
+ else
+ {
+// echo " Unexpected non-array value - Key: {$k} Value: {$tlv}
";
+ return AUTH_NOCONNECT; // Not really a suitable return code for this - its an error
+ }
+ }
+ }
+ else
+ {
+// echo "Got wrong number of entries
";
+ return AUTH_NOUSER; // Bit debateable what to return if this happens
+ }
+ }
+ else
+ { // Probably a bit strange if we don't get any info back - but possible
+// echo "No results!
";
+ }
+
+ return AUTH_SUCCESS;
}
else
{
@@ -170,12 +237,11 @@ class auth_login
$this->ldapErrorCode = ldap_errno( $this->connection);
$this->ldapErrorText = ldap_error( $this->connection);
- if($this -> ldapErrorCode == 32)
+ switch ($this -> ldapErrorCode)
{
+ case 32 :
return AUTH_NOUSER;
- }
- if($this -> ldapErrorCode == 49)
- {
+ case 49 :
return AUTH_BADPASSWORD;
}
// return error code as if it never connected, maybe change that in the future
diff --git a/e107_plugins/alt_auth/ldap_conf.php b/e107_plugins/alt_auth/ldap_conf.php
index ab98ea0d5..a3959a5e3 100755
--- a/e107_plugins/alt_auth/ldap_conf.php
+++ b/e107_plugins/alt_auth/ldap_conf.php
@@ -11,9 +11,9 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_plugins/alt_auth/ldap_conf.php,v $
-| $Revision: 1.1.1.1 $
-| $Date: 2006-12-02 04:34:43 $
-| $Author: mcfly_e107 $
+| $Revision: 1.2 $
+| $Date: 2008-07-25 19:33:02 $
+| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
$eplug_admin = true;
@@ -21,6 +21,7 @@ require_once("../../class2.php");
require_once(e_ADMIN."auth.php");
require_once(e_HANDLER."form_handler.php");
include_lan("languages/".e_LANGUAGE."/lan_ldap_auth.php");
+include_lan("languages/".e_LANGUAGE."/lan_alt_auth_conf.php");
define("ALT_AUTH_ACTION", "ldap");
require_once(e_PLUGIN."alt_auth/alt_auth_adminmenu.php");
@@ -32,46 +33,36 @@ $server_types[3]="eDirectory";
$ldap_ver[1]="2";
$ldap_ver[2]="3";
+$message = '';
if($_POST['update'])
{
- foreach($_POST as $k => $v)
- {
- if(preg_match("/ldap_/", $k))
- {
- if($sql -> db_Select("alt_auth", "*", "auth_type='ldap' AND auth_parmname='{$k}' "))
- {
- $sql -> db_Update("alt_auth", "auth_parmval='{$v}' WHERE auth_type='ldap' AND auth_parmname='{$k}' ");
- }
- else
- {
- $sql -> db_Insert("alt_auth", "'ldap','{$k}','{$v}' ");
- }
- }
- }
- $message = LDAPLAN_10;
+ $message .= alt_auth_post_options('ldap');
}
+
if(!function_exists('ldap_connect'))
{
- $message = "".LDAPLAN_11."
";
+ $message .= "
".LDAPLAN_11."
";
}
+
if($message)
{
- $ns->tablerender("","".$message."
");
+ $ns->tablerender("","".$message."
");
}
+
$ldap['ldap_edirfilter'] == "";
$sql -> db_Select("alt_auth", "*", "auth_type = 'ldap' ");
while($row = $sql->db_Fetch())
{
- $ldap[$row['auth_parmname']] = $row['auth_parmval'];
+ $ldap[$row['auth_parmname']] = base64_decode(base64_decode($row['auth_parmval'])); // Encoding is new for 0.8
}
$current_filter = "(&(cn=[USERNAME]){$ldap['ldap_edirfilter']})";
$frm = new form;
-$text = $frm -> form_open("POST",e_SELF);
+$text = $frm -> form_open("post",e_SELF);
$text .= "";
$text .= "|
";
$text .= "|
";
+$text .= "
".LDAPLAN_9."
".htmlentities($current_filter)."";
+
+ $text .= "|
";
+
+ $text .= alt_auth_get_field_list('ldap',$frm, $ldap, FALSE);
$text .= "|
";
$text .= $frm -> form_close();
$ns -> tablerender(LDAPLAN_6,$text);
+$ns->tablerender(LAN_ALT_40.LAN_ALT_41,alt_auth_test_form('ldap',$frm));
+
require_once(e_ADMIN."footer.php");
function ldap_conf_adminmenu()
diff --git a/e107_plugins/alt_auth/otherdb_auth.php b/e107_plugins/alt_auth/otherdb_auth.php
index 8ba070507..02e13be3c 100644
--- a/e107_plugins/alt_auth/otherdb_auth.php
+++ b/e107_plugins/alt_auth/otherdb_auth.php
@@ -11,55 +11,54 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_plugins/alt_auth/otherdb_auth.php,v $
-| $Revision: 1.1.1.1 $
-| $Date: 2006-12-02 04:34:43 $
-| $Author: mcfly_e107 $
+| $Revision: 1.2 $
+| $Date: 2008-07-25 19:33:02 $
+| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
/*
return values
AUTH_NOCONNECT = unable to connect to db
- AUTH_NOUSER = user not found
+ AUTH_NOUSER = user not found
AUTH_BADPASSWORD = supplied password incorrect
- AUTH_SUCCESS = valid login
+ AUTH_SUCCESS = valid login
*/
class auth_login
{
var $od;
+ var $Available;
function auth_login()
{
- global $otherdb_conf, $sql;
+// global $otherdb_conf, $sql;
+ global $sql;
$sql -> db_Select("alt_auth", "*", "auth_type = 'otherdb' ");
while($row = $sql -> db_Fetch())
{
$otherdb_conf[$row['auth_parmname']] = base64_decode(base64_decode($row['auth_parmval']));
}
- $class_name = "otherdb_".$otherdb_conf['otherdb_dbtype']."_class";
+ $class_name = "otherdb_mysql_class";
- if($otherdb_conf['otherdb_dbtype'] == 'e107')
- {
- $class_name = "otherdb_mysql_class";
- }
-
if(class_exists($class_name))
{
- $this->od = new $class_name;
+ $this->od = new $class_name($otherdb_conf);
+ $this->Available = TRUE;
}
else
{
- return AUTH_NOCONNECT;
+ $this->Available = FALSE;
+ return AUTH_NOCONNECT;
}
}
- function login($uname, $pword, &$newvals)
+ function login($uname, $pword, &$newvals, $connect_only = FALSE)
{
global $mySQLserver, $mySQLuser, $mySQLpassword, $mySQLdefaultdb, $sql;
- $ret = $this->od->login($uname, $pword, $newvals);
+ $ret = $this->od->login($uname, $pword, $newvals, $connect_only);
$sql->db_Connect($mySQLserver, $mySQLuser, $mySQLpassword, $mySQLdefaultdb);
return $ret;
}
@@ -71,76 +70,85 @@ class otherdb_mysql_class
var $conf;
- function otherdb_mysql_class()
+ function otherdb_mysql_class($otherdb_conf)
{
- global $otherdb_conf;
+// global $otherdb_conf;
$this->conf = $otherdb_conf;
}
- function login($uname, $pword, &$newvals)
+
+
+ function login($uname, $pword, &$newvals, $connect_only = FALSE)
{
-
- //Attempt to open connection to sql database
- if(!$res = mysql_connect($this->conf['otherdb_server'], $this->conf['otherdb_username'], $this->conf['otherdb_password']))
- {
- return AUTH_NOCONNECT;
- }
-
- //Select correct db
- if(!mysql_select_db($this->conf['otherdb_database'], $res))
- {
- mysql_close($res);
- return AUTH_NOCONNECT;
- }
-
- if($this->conf['otherdb_dbtype'] == 'mysql')
- {
- $sel_fields = $this->conf['otherdb_password_field'];
- $user_field = $this->conf['otherdb_user_field'];
- }
- else
- {
- $sel_fields = 'user_password, user_email, user_join';
- $user_field = "user_loginname";
- }
-
-
- //Get record containing supplied login name
- $qry = "SELECT {$sel_fields} FROM {$this->conf['otherdb_table']} WHERE {$user_field} = '{$uname}'";
- if(!$r1 = mysql_query($qry))
- {
- mysql_close($res);
- return AUTH_NOCONNECT;
- }
- if(!$row = mysql_fetch_array($r1))
- {
- mysql_close($res);
- return AUTH_NOUSER;
- }
-
- //Compare password in db to supplied password
- if($this->conf['otherdb_password_method'] == 'md5' || $this->conf['otherdb_dbtype'] == 'e107')
- {
- $goodpw = md5($pword) == $row[0];
- }
- else
- {
- $goodpw = $pword == $row[0];
- }
- if($goodpw)
- {
- //Close newly opened mysql connection
- mysql_close($res);
- if($this->conf['otherdb_dbtype'] == 'e107')
- {
- $newvals['email'] = $row[1];
- $newvals['join'] = $row[2];
- }
- return AUTH_SUCCESS;
- }
-
+ //Attempt to open connection to sql database
+ if(!$res = mysql_connect($this->conf['otherdb_server'], $this->conf['otherdb_username'], $this->conf['otherdb_password']))
+ {
+ return AUTH_NOCONNECT;
+ }
+ //Select correct db
+ if(!mysql_select_db($this->conf['otherdb_database'], $res))
+ {
mysql_close($res);
+ return AUTH_NOCONNECT;
+ }
+ if ($connect_only) return AUTH_SUCCESS; // Test mode may just want to connect to the DB
+ $sel_fields = array();
+ // Make an array of the fields we want from the source DB
+ foreach($this->conf as $k => $v)
+ {
+ if ($v && (strpos($k,'otherdb_xf_') === 0))
+ {
+ $sel_fields[] = $v;
+ }
+ }
+ $sel_fields[] = $this->conf['otherdb_password_field'];
+ $user_field = $this->conf['otherdb_user_field'];
+ if (isset($this->conf['otherdb_salt_field']))
+ {
+ $sel_fields[] = $this->conf['otherdb_salt_field'];
+ }
+
+
+ //Get record containing supplied login name
+ $qry = "SELECT ".implode(',',$sel_fields)." FROM {$this->conf['otherdb_table']} WHERE {$user_field} = '{$uname}'";
+// echo "Query: {$qry}
";
+ if(!$r1 = mysql_query($qry))
+ {
+ mysql_close($res);
+ return AUTH_NOCONNECT;
+ }
+ if(!$row = mysql_fetch_array($r1))
+ {
+ mysql_close($res);
+ return AUTH_NOUSER;
+ }
+
+ mysql_close($res); // Finished with 'foreign' DB now
+
+ // Got something from the DB - see whether password valid
+ require_once(e_PLUGIN.'alt_auth/extended_password_handler.php'); // This auto-loads the 'standard' password handler as well
+ $pass_check = new ExtendedPasswordHandler();
+
+ $passMethod = $pass_check->passwordMapping($this->conf['otherdb_password_method']);
+ if ($passMethod === FALSE) return AUTH_BADPASSWORD;
+
+ $pwFromDB = $row[$this->conf['otherdb_password_field']]; // Password stored in DB
+ if ($salt_field) $pwFromDB .= ':'.$row[$salt_field];
+
+ if ($pass_check->checkPassword($pword, $uname, $pwFromDB, $passMethod) !== PASSWORD_VALID)
+ {
return AUTH_BADPASSWORD;
+ }
+ // Now copy across any values we have selected
+ foreach($this->conf as $k => $v)
+ {
+ if ($v && (strpos($k,'otherdb_xf_') === 0) && isset($row[$v]))
+ {
+ $newvals[substr($k,strlen('otherdb_xf_'))] = $row[$v];
+ }
+ }
+
+ return AUTH_SUCCESS;
}
}
diff --git a/e107_plugins/alt_auth/otherdb_conf.php b/e107_plugins/alt_auth/otherdb_conf.php
index b1ea52094..b9655cc44 100644
--- a/e107_plugins/alt_auth/otherdb_conf.php
+++ b/e107_plugins/alt_auth/otherdb_conf.php
@@ -16,12 +16,15 @@ require_once("../../class2.php");
require_once(e_ADMIN."auth.php");
require_once(e_HANDLER."form_handler.php");
include_lan("languages/".e_LANGUAGE."/lan_otherdb_auth.php");
+include_lan("languages/".e_LANGUAGE."/lan_alt_auth_conf.php");
define("ALT_AUTH_ACTION", "otherdb");
require_once(e_PLUGIN."alt_auth/alt_auth_adminmenu.php");
+require_once(e_PLUGIN."alt_auth/extended_password_handler.php");
if($_POST['update'])
{
- $message = update_otherdb_prefs();
+// $message = update_otherdb_prefs();
+ $message = alt_auth_post_options('otherdb');
}
if($message)
@@ -36,8 +39,9 @@ function show_otherdb_form()
{
global $sql, $tp, $ns;
- $password_methods = array("md5", "plaintext");
- $db_types = array("e107" => "mysql - e107 database", "mysql" => "mysql - generic database");
+
+ $password_methods = ExtendedPasswordHandler::GetPasswordTypes(TRUE);
+// $db_types = array("e107" => "mysql - e107 database", "mysql" => "mysql - generic database");
$sql -> db_Select("alt_auth", "*", "auth_type = 'otherdb' ");
$parm = array();
@@ -47,72 +51,43 @@ function show_otherdb_form()
}
$frm = new form;
- $text = $frm -> form_open("POST", e_SELF);
+ $text = $frm -> form_open("post", e_SELF);
$text .= "";
- $text .= "|
|
";
+
+ $text .= alt_auth_get_db_fields('otherdb', $frm, $parm, 'server|uname|pwd|db|table|ufield|pwfield|salt');
+ $text .= "|
";
- $text .= "|
";
-
- $text .= "|
";
-
- $text .= "|
";
-
- $text .= "|
";
-
- $text .= "|
";
-
$text .= "|
";
- $text .= "|
";
-
- $text .= "|
";
-
- $text .= "|
";
+ $text .= alt_auth_get_field_list('otherdb',$frm, $parm, FALSE);
$text .= "|
";
$text .= "
";
$text .= $frm -> form_close();
$ns -> tablerender(OTHERDB_LAN_10, $text);
+
+ $ns->tablerender(LAN_ALT_40.LAN_ALT_41,alt_auth_test_form('otherdb',$frm));
}
require_once(e_ADMIN."footer.php");
-
+/*
function update_otherdb_prefs()
{
global $sql;
@@ -134,7 +109,7 @@ function update_otherdb_prefs()
}
return "Settings Updated";
}
-
+*/
function otherdb_conf_adminmenu()
{
alt_auth_adminmenu();
diff --git a/e107_plugins/alt_auth/plugin.php b/e107_plugins/alt_auth/plugin.php
index baae5399a..e39bcdd9f 100755
--- a/e107_plugins/alt_auth/plugin.php
+++ b/e107_plugins/alt_auth/plugin.php
@@ -11,16 +11,16 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_plugins/alt_auth/plugin.php,v $
-| $Revision: 1.1.1.1 $
-| $Date: 2006-12-02 04:34:44 $
-| $Author: mcfly_e107 $
+| $Revision: 1.2 $
+| $Date: 2008-07-25 19:33:03 $
+| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
// Plugin info -------------------------------------------------------------------------------------------------------
$eplug_name = "Alternate Authentication";
-$eplug_version = "0.3";
+$eplug_version = "0.4";
$eplug_author = "McFly";
$eplug_logo = "/images/icon_ldap.png";
$eplug_url = "";