From e67702099c180d6ba26493023f96bd7d00828dd7 Mon Sep 17 00:00:00 2001 From: e107steved Date: Sat, 31 Dec 2011 17:42:56 +0000 Subject: [PATCH] Tidy up alt_auth plugin - mostly documentation, some code rationalisation, conversion to the 2.0 way, etc --- e107_plugins/alt_auth/alt_auth_adminmenu.php | 925 ++++++++++-------- e107_plugins/alt_auth/alt_auth_conf.php | 32 +- .../alt_auth/alt_auth_login_class.php | 39 +- e107_plugins/alt_auth/e107db_auth.php | 151 +-- e107_plugins/alt_auth/e107db_conf.php | 196 ++-- e107_plugins/alt_auth/e_help.php | 12 +- .../alt_auth/extended_password_handler.php | 247 ++--- e107_plugins/alt_auth/importdb_auth.php | 73 +- e107_plugins/alt_auth/importdb_conf.php | 217 ++-- .../languages/English/English_log.php | 8 + .../languages/English/admin_alt_auth.php | 25 +- .../languages/English/admin_e107db_conf.php | 56 +- .../languages/English/admin_importdb_conf.php | 34 +- .../languages/English/admin_ldap_conf.php | 67 +- .../languages/English/admin_otherdb_conf.php | 54 +- .../languages/English/admin_radius_conf.php | 51 +- e107_plugins/alt_auth/ldap_auth.php | 123 ++- e107_plugins/alt_auth/ldap_conf.php | 83 +- e107_plugins/alt_auth/otherdb_auth.php | 226 +++-- e107_plugins/alt_auth/otherdb_conf.php | 192 ++-- e107_plugins/alt_auth/radius_auth.php | 62 +- 21 files changed, 1628 insertions(+), 1245 deletions(-) diff --git a/e107_plugins/alt_auth/alt_auth_adminmenu.php b/e107_plugins/alt_auth/alt_auth_adminmenu.php index 810aa105a..e4d367141 100755 --- a/e107_plugins/alt_auth/alt_auth_adminmenu.php +++ b/e107_plugins/alt_auth/alt_auth_adminmenu.php @@ -1,398 +1,527 @@ -\n"; - foreach ($authList as $v) - { - $sel = ($curval == $v ? " selected = 'selected' " : ''); - $ret .= "\n"; - } - $ret .= "\n"; - return $ret; -} - - -// All user fields which might, just possibly, be transferred. The array key is the corresponding field in the E107 user database; code prefixes it with 'xf_' to get the parameter -// 'default' may be a single value to set the same for all connect methods, or an array to set different defaults. -$alt_auth_user_fields = array( - 'user_email' => array('prompt' => LAN_ALT_12, 'default' => 'user_email', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => TRUE, 'ldap_field' => 'mail'), - 'user_hideemail' => array('prompt' => LAN_ALT_13, 'default' => 'user_hideemail', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => TRUE, 'ldap_field' => '', method => 'bool1'), - 'user_name' => array('prompt' => LAN_ALT_14, 'default' => 'user_name', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => TRUE, 'ldap_field' => ''), - 'user_login' => array('prompt' => LAN_ALT_15, 'default' => 'user_login', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => TRUE, 'ldap_field' => 'sn'), - 'user_customtitle'=> array('prompt' => LAN_ALT_16, 'default' => 'user_customtitle', 'optional' => TRUE, 'otherdb' => FALSE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => FALSE), - 'user_signature' => array('prompt' => LAN_ALT_17, 'default' => 'user_signature', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => FALSE), - 'user_image' => array('prompt' => LAN_ALT_18, 'default' => 'user_image', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => FALSE), - 'user_sess' => array('prompt' => LAN_ALT_19, 'default' => 'user_sess', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => FALSE), - 'user_join' => array('prompt' => LAN_ALT_20, 'default' => 'user_join', 'optional' => TRUE, 'otherdb' => FALSE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => TRUE, 'ldap_field' => ''), - 'user_ban' => array('prompt' => LAN_ALT_21, 'default' => 'user_ban', 'optional' => TRUE, 'otherdb' => FALSE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => FALSE), - 'user_class' => array('prompt' => LAN_ALT_22, 'default' => 'user_class', 'optional' => TRUE, 'otherdb' => FALSE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => FALSE), - 'user_xup' => array('prompt' => LAN_ALT_23, 'default' => 'user_xup', 'optional' => TRUE, 'otherdb' => FALSE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => FALSE) -); - - -// Returns a block of table rows with user DB fields and either checkboxes or entry boxes -// $tableType is the prefix used, without the following underscore -// $frm is the form object to use to create the text -// $parm is the array of options for the current auth type as read from the DB -function alt_auth_get_field_list($tableType, $frm, $parm, $asCheckboxes = FALSE) -{ - global $alt_auth_user_fields; - $ret = ''; - foreach ($alt_auth_user_fields as $f => $v) - { - if (varsettrue($v['showAll']) || varsettrue($v[$tableType])) - { - $ret .= ""; - if ($v['optional'] == FALSE) $ret .= '* '; - $ret .= $v['prompt'].':'; - if (isset($v['help'])) - { - $ret .= "
".$v['help'].""; - } - $ret .= ""; -// $fieldname = $tableType.'_'.$v['optname']; - $fieldname = $tableType.'_xf_'.$f; // Name of the input box - $value = varset($v['default'],''); - if (is_array($value)) - { - $value = varset($value[$tableType],''); - } - if (isset($v[$tableType.'_field'])) $value = $v[$tableType.'_field']; - if (isset($parm[$fieldname])) $value = $parm[$fieldname]; -// echo "Field: {$fieldname} => {$value}
"; - if ($asCheckboxes) - { - $ret .= $frm -> form_checkbox($fieldname, 1, $value); - } - else - { - $ret .= $frm -> form_text($fieldname, 35, $value, 120); - if (isset($v['method']) && $v['method']) - { - $fieldMethod = $tableType.'_pm_'.$f; // Processing method ID code - $method = varset($parm[$fieldMethod],''); - $ret .= '  '.alt_auth_processing($fieldMethod,$v['method'], $method); - } - } - $ret .= "\n"; - } - } - return $ret; -} - - -// Returns a list of all the user-related fields allowed as an array, whhere the key is the field name -function alt_auth_get_allowed_fields($tableType) -{ - global $alt_auth_user_fields; - $ret = array(); - foreach ($alt_auth_user_fields as $f => $v) - { - if (varsettrue($v['showAll']) || varsettrue($v[$tableType])) - { -// $fieldname = $tableType.'_'.$v['optname']; - $fieldname = $tableType.'_xf_'.$f; // Name of the input box - $ret[$fieldname] = '1'; - } - } - return $ret; -} - - -// Routine adds the extended user fields which may be involved into the table of field definitions, so that they're displayed -function add_extended_fields() -{ - global $alt_auth_user_fields, $euf, $pref; - if (!isset($pref['auth_extended'])) return; - if (!$pref['auth_extended']) return; - static $fieldsAdded = FALSE; - if ($fieldsAdded) return; - $xFields = $euf->user_extended_get_fieldList('','user_extended_struct_name'); -// print_a($xFields); - $fields = explode(',',$pref['auth_extended']); - foreach ($fields as $f) - { - if (isset($xFields[$f])) - { - $alt_auth_user_fields['x_'.$f] = array('prompt' => varset($xFields[$f]['user_extended_struct_text'],'').' ('.$f.')', - 'default' => varset($xFields[$f]['default'],''), - 'optional' => TRUE, - 'showAll' => TRUE, // Show for all methods - in principle, its likely to be wanted for all - 'method' => '*' // Specify all convert methods - have little idea what may be around - ); - } - } - $fieldsAdded = TRUE; -} - - -$common_fields = array( - 'server' => array('fieldname' => 'server', 'size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_32, 'help' => ''), - 'uname' => array('fieldname' => 'username', 'size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_33, 'help' => ''), - 'pwd' => array('fieldname' => 'password', 'size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_34, 'help' => ''), - 'db' => array('fieldname' => 'database', 'size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_35, 'help' => ''), - 'table' => array('fieldname' => 'table', 'size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_36, 'help' => ''), - 'prefix' => array('fieldname' => 'prefix', 'size' => 35, 'max_size' => 35, 'prompt' => LAN_ALT_39, 'help' => ''), - 'ufield' => array('fieldname' => 'user_field','size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_37, 'help' => ''), - 'pwfield'=> array('fieldname' => 'password_field','size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_38, 'help' => ''), - 'salt' => array('fieldname' => 'password_salt','size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_24, 'help' => LAN_ALT_25), - 'classfilt' => array('fieldname' => 'filter_class', 'size' => 10, 'max_size' => 8, 'prompt' => LAN_ALT_76, 'help' => LAN_ALT_77) -); - - -function alt_auth_get_db_fields($prefix, $frm, $parm, $fields = 'server|uname|pwd|db|table|ufield|pwfield') -{ - global $common_fields; - $opts = explode('|',$fields); - $ret = ''; - foreach ($common_fields as $fn => $cf) - { - if (in_array($fn,$opts)) - { - $ret .= "".$cf['prompt']; - if ($cf['help']) $ret .= "
".$cf['help'].""; - $ret .= ""; - $ret .= $frm -> form_text($prefix.'_'.$cf['fieldname'], $cf['size'], $parm[$prefix.'_'.$cf['fieldname']], $cf['max_size']); - $ret .= "\n"; - } - } - return $ret; -} - - - -// Write all the options to the DB. $prefix must NOT have trailing underscore -function alt_auth_post_options($prefix) -{ - global $common_fields, $sql, $admin_log; - $lprefix = $prefix.'_'; - - $user_fields = alt_auth_get_allowed_fields($prefix); // Need this list in case checkboxes for parameters - foreach ($user_fields as $k => $v) - { - if (!isset($_POST[$k])) - { - $_POST[$k] = '0'; - } - } - - - // Now we can post everything - foreach($_POST as $k => $v) - { - if (strpos($k,$lprefix) === 0) - { - $v = base64_encode(base64_encode($v)); - if($sql -> db_Select("alt_auth", "*", "auth_type='{$prefix}' AND auth_parmname='{$k}' ")) - { - $sql -> db_Update("alt_auth", "auth_parmval='{$v}' WHERE auth_type='{$prefix}' AND auth_parmname='{$k}' "); - } - else - { - $sql -> db_Insert("alt_auth", "'{$prefix}','{$k}','{$v}' "); - } - } - } - $admin_log->log_event('AUTH_03',$prefix,E_LOG_INFORMATIVE,''); - return LAN_ALT_UPDATED; -} - - - - -// Return test form -function alt_auth_test_form($prefix,$frm) -{ - $text = $frm -> form_open("post", e_SELF, 'testform'); - $text .= " - "; - - if (isset($_POST['testauth'])) - { - // Try and connect to DB/server, and maybe validate user name - require_once(e_PLUGIN.'alt_auth/'.$prefix.'_auth.php'); - $_login = new auth_login; - $log_result = AUTH_UNKNOWN; - $pass_vars = array(); - $val_name = trim(varset($_POST['nametovalidate'],'')); - - if(isset($_login->Available) && ($_login->Available === FALSE)) - { // Relevant auth method not available (e.g. PHP extension not loaded) - $log_result = AUTH_NOT_AVAILABLE; - } - else - { - $log_result = $_login -> login($val_name, $_POST['passtovalidate'], $pass_vars, ($val_name == '')); - } - - $text .= ""; - } - - $text .= ""; - - $text .= ""; - - $text .= ""; - - $text .= "
".LAN_ALT_42."
".LAN_ALT_48; - if ($val_name) - { - $text .= "
".LAN_ALT_49.$val_name.'
'.LAN_ALT_50; - if (varset($_POST['passtovalidate'],'')) $text .= str_repeat('*',strlen($_POST['passtovalidate'])); else $text .= LAN_ALT_51; - } - $text .= "		"; - switch ($log_result) - { - case AUTH_SUCCESS : - $text .= LAN_ALT_58; - if (count($pass_vars)) - { - $text .= '
'.LAN_ALT_59; - foreach ($pass_vars as $k => $v) - { - $text .= '
  '.$k.'=>'.$v; - } - } - break; - case AUTH_NOUSER : - $text .= LAN_ALT_52.LAN_ALT_55; - break; - case AUTH_BADPASSWORD : - $text .= LAN_ALT_52.LAN_ALT_56; - break; - case AUTH_NOCONNECT : - $text .= LAN_ALT_52.LAN_ALT_54; - break; - case AUTH_UNKNOWN : - $text .= LAN_ALT_52.LAN_ALT_53; - break; - case AUTH_NOT_AVAILABLE : - $text .= LAN_ALT_52.LAN_ALT_57; - break; - default : - $text .= "Coding error"; - } - if (isset($_login ->ErrorText)) $text .= '
'.$_login ->ErrorText; - $text .= "
".LAN_ALT_33.""; - $text .= $frm -> form_text('nametovalidate', 35, '', 120); - $text .= "
".LAN_ALT_34.""; - $text .= $frm -> form_password('passtovalidate', 35, '', 120); - $text .= "
"; - $text .= $frm -> form_button("submit", 'testauth', LAN_ALT_47); - $text .= "
"; - $text .= $frm -> form_close(); - return $text; -} - - - -//----------------------------------------------- -// VALUE COPY METHOD SELECTION -//----------------------------------------------- - -$procListOpts = array( - 'none' => LAN_ALT_70, - 'bool1' => LAN_ALT_71, - 'ucase' => LAN_ALT_72, - 'lcase' => LAN_ALT_73, - 'ucfirst' => LAN_ALT_74, - 'ucwords' => LAN_ALT_75 - ); - -// Return a 'select' box for available processing methods -function alt_auth_processing($selName, $allowed='*', $curVal='') -{ - global $procListOpts; - if (($allowed == 'none') || ($allowed == '')) return ''; - if ($allowed == '*') - { - $valid = $procListOpts; // We just want all the array keys to exist! - } - else - { - $valid = array_flip(explode(',',$allowed)); - $valid['none'] = '1'; // Make sure this key exists - value doesn't matter - } - $ret = "\n"; -// $ret .= $selName.':'.$curVal; - return $ret; -} - - -function alt_auth_adminmenu() -{ - global $authlist; - echo " "; - if(!is_array($authlist)) - { - $authlist = alt_auth_get_authlist(); - } - define("ALT_AUTH_ACTION", "main"); - - $var['main']['text'] = LAN_ALT_31; - $var['main']['link'] = e_PLUGIN."alt_auth/alt_auth_conf.php"; - show_admin_menu("alt auth", ALT_AUTH_ACTION, $var); - $var = array(); - foreach($authlist as $a) - { - if($a != 'e107') - { - $var[$a]['text'] = LAN_ALT_30.$a; - $var[$a]['link'] = e_PLUGIN."alt_auth/{$a}_conf.php"; - } - } - show_admin_menu(LAN_ALT_29, ALT_AUTH_ACTION, $var); -} -?> +\n"; + foreach ($authList as $v) + { + $sel = ($curval == $v ? " selected = 'selected' " : ''); + $ret .= "\n"; + } + $ret .= "\n"; + return $ret; +} + + + +/** + * All user fields which might, just possibly, be transferred. The array key is the corresponding field in the E107 user database; code prefixes it + * with 'xf_' to get the parameter + * 'default' may be a single value to set the same for all connect methods, or an array to set different defaults. + */ +$alt_auth_user_fields = array( + 'user_email' => array('prompt' => LAN_ALT_12, 'default' => 'user_email', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => TRUE, 'ldap_field' => 'mail'), + 'user_hideemail' => array('prompt' => LAN_ALT_13, 'default' => 'user_hideemail', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => TRUE, 'ldap_field' => '', method => 'bool1'), + 'user_name' => array('prompt' => LAN_ALT_14, 'default' => 'user_name', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => TRUE, 'ldap_field' => ''), + 'user_login' => array('prompt' => LAN_ALT_15, 'default' => 'user_login', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => TRUE, 'ldap_field' => 'sn'), + 'user_customtitle'=> array('prompt' => LAN_ALT_16, 'default' => 'user_customtitle', 'optional' => TRUE, 'otherdb' => FALSE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => FALSE), + 'user_signature' => array('prompt' => LAN_ALT_17, 'default' => 'user_signature', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => FALSE), + 'user_image' => array('prompt' => LAN_ALT_18, 'default' => 'user_image', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => FALSE), + 'user_sess' => array('prompt' => LAN_ALT_19, 'default' => 'user_sess', 'optional' => TRUE, 'otherdb' => TRUE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => FALSE), + 'user_join' => array('prompt' => LAN_ALT_20, 'default' => 'user_join', 'optional' => TRUE, 'otherdb' => FALSE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => TRUE, 'ldap_field' => ''), + 'user_ban' => array('prompt' => LAN_ALT_21, 'default' => 'user_ban', 'optional' => TRUE, 'otherdb' => FALSE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => FALSE), + 'user_class' => array('prompt' => LAN_ALT_22, 'default' => 'user_class', 'optional' => TRUE, 'otherdb' => FALSE, 'e107db' => TRUE, 'importdb' => FALSE, 'ldap' => FALSE) +); + + + +/** + * Returns a block of table rows with user DB fields and either checkboxes or entry boxes + * + * @param string $tableType is the prefix used, without the following underscore + * @param $frm is the form object to use to create the text + * @param array $parm is the array of options for the current auth type as read from the DB + */ +function alt_auth_get_field_list($tableType, $frm, $parm, $asCheckboxes = FALSE) +{ + global $alt_auth_user_fields; + $ret = ''; + foreach ($alt_auth_user_fields as $f => $v) + { + if (varsettrue($v['showAll']) || varsettrue($v[$tableType])) + { + $ret .= ""; + if ($v['optional'] == FALSE) $ret .= '* '; + $ret .= $v['prompt'].':'; + if (isset($v['help'])) + { + $ret .= "
".$v['help'].""; + } + $ret .= ""; +// $fieldname = $tableType.'_'.$v['optname']; + $fieldname = $tableType.'_xf_'.$f; // Name of the input box + $value = varset($v['default'],''); + if (is_array($value)) + { + $value = varset($value[$tableType],''); + } + if (isset($v[$tableType.'_field'])) $value = $v[$tableType.'_field']; + if (isset($parm[$fieldname])) $value = $parm[$fieldname]; +// echo "Field: {$fieldname} => {$value}
"; + if ($asCheckboxes) + { + $ret .= $frm -> form_checkbox($fieldname, 1, $value); + } + else + { + $ret .= $frm -> form_text($fieldname, 35, $value, 120); + if (isset($v['method']) && $v['method']) + { + $fieldMethod = $tableType.'_pm_'.$f; // Processing method ID code + $method = varset($parm[$fieldMethod],''); + $ret .= '  '.alt_auth_processing($fieldMethod,$v['method'], $method); + } + } + $ret .= "\n"; + } + } + return $ret; +} + + + +/** + * Returns a list of all the user-related fields allowed as an array, whhere the key is the field name + * + * @param string $tableType is the prefix used, without the following underscore + * + * @return array + */ +function alt_auth_get_allowed_fields($tableType) +{ + global $alt_auth_user_fields; + $ret = array(); + foreach ($alt_auth_user_fields as $f => $v) + { + if (varsettrue($v['showAll']) || varsettrue($v[$tableType])) + { +// $fieldname = $tableType.'_'.$v['optname']; + $fieldname = $tableType.'_xf_'.$f; // Name of the input box + $ret[$fieldname] = '1'; + } + } + return $ret; +} + + + +/** + * Routine adds the extended user fields which may be involved into the table of field definitions, so that they're displayed + */ +function add_extended_fields() +{ + global $alt_auth_user_fields, $euf, $pref; + + if (!isset($pref['auth_extended'])) return; + if (!$pref['auth_extended']) return; + + static $fieldsAdded = FALSE; + + if ($fieldsAdded) return; + $xFields = $euf->user_extended_get_fieldList('','user_extended_struct_name'); +// print_a($xFields); + $fields = explode(',',$pref['auth_extended']); + foreach ($fields as $f) + { + if (isset($xFields[$f])) + { + $alt_auth_user_fields['x_'.$f] = array('prompt' => varset($xFields[$f]['user_extended_struct_text'],'').' ('.$f.')', + 'default' => varset($xFields[$f]['default'],''), + 'optional' => TRUE, + 'showAll' => TRUE, // Show for all methods - in principle, its likely to be wanted for all + 'method' => '*' // Specify all convert methods - have little idea what may be around + ); + } + } + $fieldsAdded = TRUE; +} + + + +/** + * List of the standard fields which may be displayed for any method. + */ +$common_fields = array( + 'server' => array('fieldname' => 'server', 'size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_32, 'help' => ''), + 'uname' => array('fieldname' => 'username', 'size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_33, 'help' => ''), + 'pwd' => array('fieldname' => 'password', 'size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_34, 'help' => ''), + 'db' => array('fieldname' => 'database', 'size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_35, 'help' => ''), + 'table' => array('fieldname' => 'table', 'size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_36, 'help' => ''), + 'prefix' => array('fieldname' => 'prefix', 'size' => 35, 'max_size' => 35, 'prompt' => LAN_ALT_39, 'help' => ''), + 'ufield' => array('fieldname' => 'user_field','size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_37, 'help' => ''), + 'pwfield'=> array('fieldname' => 'password_field','size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_38, 'help' => ''), + 'salt' => array('fieldname' => 'password_salt','size' => 35, 'max_size' => 120, 'prompt' => LAN_ALT_24, 'help' => LAN_ALT_25), + 'classfilt' => array('fieldname' => 'filter_class', 'size' => 10, 'max_size' => 8, 'prompt' => LAN_ALT_76, 'help' => LAN_ALT_77) +); + + + +/** + * Return the HTML for all server-related fields required for configuration of a particular method. + * Each is a row of a table having two columns (no ...
etc added, so can be embedded in a larger table + * + * @param string $prefix is the prefix used, without the following underscore + * @param $frm is the form object to use + * @param array $parm is an array of the current values of each item + * @param string $fields is a list of the fields to display, separated by '|'. The names are the key values from $common_fields table + * + */ +function alt_auth_get_db_fields($prefix, $frm, $parm, $fields = 'server|uname|pwd|db|table|ufield|pwfield') +{ + global $common_fields; + + $opts = explode('|',$fields); + $ret = ''; + foreach ($common_fields as $fn => $cf) + { + if (in_array($fn,$opts)) + { + $ret .= "".$cf['prompt']; + if ($cf['help']) $ret .= "
".$cf['help'].""; + $ret .= ""; + $ret .= $frm -> form_text($prefix.'_'.$cf['fieldname'], $cf['size'], $parm[$prefix.'_'.$cf['fieldname']], $cf['max_size']); + $ret .= "\n"; + } + } + return $ret; +} + + + +/** + * Write all the options for a particular authentication type to the DB + * + * @var string $prefix - the prefix string representing the authentication type (currently importdb|e107db|otherdb|ldap|radius). Must NOT have a trailing underscore + */ +function alt_auth_post_options($prefix) +{ + global $common_fields, $sql, $admin_log; + $lprefix = $prefix.'_'; + + $user_fields = alt_auth_get_allowed_fields($prefix); // Need this list in case checkboxes for parameters + foreach ($user_fields as $k => $v) + { + if (!isset($_POST[$k])) + { + $_POST[$k] = '0'; + } + } + + + // Now we can post everything + foreach($_POST as $k => $v) + { + if (strpos($k,$lprefix) === 0) + { + $v = base64_encode(base64_encode($v)); + if($sql -> db_Select('alt_auth', '*', "auth_type='{$prefix}' AND auth_parmname='{$k}' ")) + { + $sql -> db_Update('alt_auth', "auth_parmval='{$v}' WHERE auth_type='{$prefix}' AND auth_parmname='{$k}' "); + } + else + { + $sql -> db_Insert('alt_auth', "'{$prefix}','{$k}','{$v}' "); + } + } + } + $admin_log->log_event('AUTH_03',$prefix,E_LOG_INFORMATIVE,''); + return LAN_ALT_UPDATED; +} + + + +/** + * Get the HTML for a password type selector. + * + * @param string $name - name to be used for selector + * @param $frm - form object to use + * @param string $currentSelection - current value (if any) + * @param boolean $getExtended - return all supported password types if TRUE, 'core' password types if FALSE + */ +function altAuthGetPasswordSelector($name, $frm, $currentSelection = '', $getExtended = FALSE) +{ + $password_methods = ExtendedPasswordHandler::GetPasswordTypes($getExtended); + $text .= $frm->form_select_open($name); + foreach($password_methods as $k => $v) + { + $sel = ($currentSelection == $k) ? " Selected='selected'" : ''; + $text .= $frm -> form_option($v, $sel, $k); + } + $text .= $frm->form_select_close(); + return $text; +} + + + +/** + * Get configuration parameters for an authentication method + * + * @param string $prefix - the method + * + * @return array + */ +function altAuthGetParams($prefix) +{ + $sql = e107::getDB(); + + $sql->db_Select('alt_auth', '*', "auth_type = '".$prefix."' "); + $parm = array(); + while($row = $sql->db_Fetch()) + { + $parm[$row['auth_parmname']] = base64_decode(base64_decode($row['auth_parmval'])); + } + return $parm; +} + + +/** + * Return the HTML needed to display the test form. + * + * @param string $prefix - the type of connection being tested + * @param $frm - the form object to use + * + * if $_POST['testauth'] is set, attempts to validate the connection, and displays any returned values + */ +function alt_auth_test_form($prefix, $frm) +{ + $text = $frm -> form_open('post', e_SELF, 'testform'); + $text .= " + "; + + if (isset($_POST['testauth'])) + { + // Try and connect to DB/server, and maybe validate user name + require_once(e_PLUGIN.'alt_auth/'.$prefix.'_auth.php'); + $_login = new auth_login; + $log_result = AUTH_UNKNOWN; + $pass_vars = array(); + $val_name = trim(varset($_POST['nametovalidate'],'')); + + if(isset($_login->Available) && ($_login->Available === FALSE)) + { // Relevant auth method not available (e.g. PHP extension not loaded) + $log_result = AUTH_NOT_AVAILABLE; + } + else + { + $log_result = $_login->login($val_name, $_POST['passtovalidate'], $pass_vars, ($val_name == '')); + } + + $text .= ""; + } + + $text .= ""; + + $text .= ""; + + $text .= ""; + + $text .= "
".LAN_ALT_42."
".LAN_ALT_48; + if ($val_name) + { + $text .= "
".LAN_ALT_49.$val_name.'
'.LAN_ALT_50; + if (varset($_POST['passtovalidate'],'')) $text .= str_repeat('*',strlen($_POST['passtovalidate'])); else $text .= LAN_ALT_51; + } + $text .= "		"; + switch ($log_result) + { + case AUTH_SUCCESS : + $text .= LAN_ALT_58; + if (count($pass_vars)) + { + $text .= '
'.LAN_ALT_59; + foreach ($pass_vars as $k => $v) + { + $text .= '
  '.$k.'=>'.$v; + } + } + break; + case AUTH_NOUSER : + $text .= LAN_ALT_52.LAN_ALT_55; + break; + case AUTH_BADPASSWORD : + $text .= LAN_ALT_52.LAN_ALT_56; + break; + case AUTH_NOCONNECT : + $text .= LAN_ALT_52.LAN_ALT_54; + break; + case AUTH_UNKNOWN : + $text .= LAN_ALT_52.LAN_ALT_53; + break; + case AUTH_NOT_AVAILABLE : + $text .= LAN_ALT_52.LAN_ALT_57; + break; + default : + $text .= "Coding error"; + } + if (isset($_login ->ErrorText)) $text .= '
'.$_login ->ErrorText; + $text .= "
".LAN_ALT_33.""; + $text .= $frm->form_text('nametovalidate', 35, '', 120); + $text .= "
".LAN_ALT_34.""; + $text .= $frm->form_password('passtovalidate', 35, '', 120); + $text .= "
"; + $text .= $frm->form_button("submit", 'testauth', LAN_ALT_47); + $text .= "
"; + $text .= $frm->form_close(); + return $text; +} + + + +//----------------------------------------------- +// VALUE COPY METHOD SELECTION +//----------------------------------------------- + +$procListOpts = array( + 'none' => LAN_ALT_70, + 'bool1' => LAN_ALT_71, + 'ucase' => LAN_ALT_72, + 'lcase' => LAN_ALT_73, + 'ucfirst' => LAN_ALT_74, + 'ucwords' => LAN_ALT_75 + ); + +// Return a 'select' box for available processing methods +function alt_auth_processing($selName, $allowed='*', $curVal='') +{ + global $procListOpts; + if (($allowed == 'none') || ($allowed == '')) return ''; + if ($allowed == '*') + { + $valid = $procListOpts; // We just want all the array keys to exist! + } + else + { + $valid = array_flip(explode(',',$allowed)); + $valid['none'] = '1'; // Make sure this key exists - value doesn't matter + } + $ret = "\n"; +// $ret .= $selName.':'.$curVal; + return $ret; +} + + +function alt_auth_adminmenu() +{ + global $authlist; + echo " "; + if(!is_array($authlist)) + { + $authlist = alt_auth_get_authlist(); + } + define("ALT_AUTH_ACTION", "main"); + + $var['main']['text'] = LAN_ALT_31; + $var['main']['link'] = e_PLUGIN."alt_auth/alt_auth_conf.php"; + show_admin_menu("alt auth", ALT_AUTH_ACTION, $var); + $var = array(); + foreach($authlist as $a) + { + if($a != 'e107') + { + $var[$a]['text'] = LAN_ALT_30.$a; + $var[$a]['link'] = e_PLUGIN."alt_auth/{$a}_conf.php"; + } + } + show_admin_menu(LAN_ALT_29, ALT_AUTH_ACTION, $var); +} +?> diff --git a/e107_plugins/alt_auth/alt_auth_conf.php b/e107_plugins/alt_auth/alt_auth_conf.php index d7c5e2cb7..0e9b67649 100755 --- a/e107_plugins/alt_auth/alt_auth_conf.php +++ b/e107_plugins/alt_auth/alt_auth_conf.php @@ -6,14 +6,30 @@ * Released under the terms and conditions of the * GNU General Public License (http://www.gnu.org/licenses/gpl.txt) * + * Alt_auth plugin - general configuration + * * $URL$ * $Id$ * */ +/** + * e107 Alternate authorisation plugin + * + * @package e107_plugins + * @subpackage alt_auth + * @version $Id$; + */ + + +/* +@todo: + 1. Change prefs handling + 2. Change admin log references + */ $eplug_admin = true; require_once('../../class2.php'); -if(!getperms("P") || !plugInstalled('alt_auth')) +if(!getperms('P') || !e107::isInstalled('alt_auth')) { header('location:'.e_BASE.'index.php'); exit(); @@ -37,7 +53,7 @@ if(isset($_POST['updateprefs'])) if ($admin_log->logArrayDiffs($temp, $pref, 'AUTH_01')) { save_prefs(); // Only save if changes - header("location:".e_SELF); + header('location:'.e_SELF); exit; } } @@ -91,7 +107,7 @@ else if(isset($message)) { - $ns -> tablerender("", "
".$message."
"); + e107::getRender()->tablerender('', "
".$message."
"); } $text = " @@ -125,9 +141,9 @@ $text .= " ".LAN_ALT_6.":
".LAN_ALT_7."
@@ -149,7 +165,7 @@ $text .= " "; -$ns -> tablerender(LAN_ALT_3, $text); +e107::getRender()->tablerender(LAN_ALT_3, $text); if ($euf->userCount) @@ -190,13 +206,13 @@ if ($euf->userCount) "; -$ns -> tablerender(LAN_ALT_60, $text); +e107::getRender()->tablerender(LAN_ALT_60, $text); } -require_once(e_ADMIN."footer.php"); +require_once(e_ADMIN.'footer.php'); function alt_auth_conf_adminmenu() { diff --git a/e107_plugins/alt_auth/alt_auth_login_class.php b/e107_plugins/alt_auth/alt_auth_login_class.php index 3e1d5a174..5cfbdc800 100755 --- a/e107_plugins/alt_auth/alt_auth_login_class.php +++ b/e107_plugins/alt_auth/alt_auth_login_class.php @@ -13,15 +13,26 @@ * */ +/** + * e107 Alternate authorisation plugin + * + * @package e107_plugins + * @subpackage alt_auth + * @version $Id$; + */ + define('AA_DEBUG',FALSE); define('AA_DEBUG1',FALSE); -//TODO convert to class constants +//TODO convert to class constants (but may be more useful as globals, perhaps within a general login manager scheme) define('AUTH_SUCCESS', -1); define('AUTH_NOUSER', 1); define('AUTH_BADPASSWORD', 2); define('AUTH_NOCONNECT', 3); +define('AUTH_UNKNOWN', 4); +define('AUTH_NOT_AVAILABLE', 5); +define('AUTH_NORESOURCE', 6); // Used to indicate, for example, that a required PHP module isn't loaded class alt_login { @@ -30,7 +41,6 @@ class alt_login public function __construct($method, &$username, &$userpass) { - global $pref; $this->e107 = e107::getInstance(); $newvals=array(); @@ -45,11 +55,11 @@ class alt_login if(isset($_login->Available) && ($_login->Available === FALSE)) { // Relevant auth method not available (e.g. PHP extension not loaded) - $this->loginResult = AUTH_NOCONNECT; + $this->loginResult = AUTH_NOT_AVAILABLE; return; } - $login_result = $_login -> login($username, $userpass, $newvals, FALSE); + $login_result = $_login->login($username, $userpass, $newvals, FALSE); if($login_result === AUTH_SUCCESS ) { @@ -61,7 +71,7 @@ class alt_login $username = mysql_real_escape_string($username); } $username = preg_replace("/\sOR\s|\=|\#/", "", $username); - $username = substr($username, 0, varset($pref['loginname_maxlength'],30)); + $username = substr($username, 0, e107::getPref('loginname_maxlength'); $aa_sql = e107::getDb('aa'); $userMethods = new UserHandler; @@ -157,7 +167,7 @@ class alt_login if (!isset($db_vals['user_name'])) $db_vals['user_name'] = $username; if (!isset($db_vals['user_loginname'])) $db_vals['user_loginname'] = $username; if (!isset($db_vals['user_join'])) $db_vals['user_join'] = time(); - $db_vals['user_class'] = varset($pref['initial_user_classes'],''); + $db_vals['user_class'] = e107::getPref('initial_user_classes'); if (!isset($db_vals['user_signature'])) $db_vals['user_signature'] = ''; if (!isset($db_vals['user_prefs'])) $db_vals['user_prefs'] = ''; if (!isset($db_vals['user_perms'])) $db_vals['user_perms'] = ''; @@ -193,17 +203,8 @@ class alt_login { // Failure modes switch($login_result) { -/* - case AUTH_NOUSER: // Now handled differently - if(!varset($pref['auth_nouser'],0)) - { - $username=md5('xx_nouser_xx'); - return LOGIN_ABORT; - } - break; -*/ case AUTH_NOCONNECT: - if(varset($pref['auth_noconn'], TRUE)) + if(varset(e107::getPref('auth_noconn'), TRUE)) { $this->loginResult = LOGIN_TRY_OTHER; return; @@ -211,9 +212,8 @@ class alt_login $username=md5('xx_noconn_xx'); $this->loginResult = LOGIN_ABORT; return; - break; case AUTH_BADPASSWORD: - if(varset($pref['auth_badpassword'], TRUE)) + if(varset(e107::getPref('auth_badpassword'), TRUE)) { $this->loginResult = LOGIN_TRY_OTHER; return; @@ -221,7 +221,6 @@ class alt_login $userpass=md5('xx_badpassword_xx'); $this->loginResult = LOGIN_ABORT; // Not going to magically be able to log in! return; - break; } } $this->loginResult = LOGIN_ABORT; // catch-all just in case @@ -232,7 +231,7 @@ class alt_login // Function to implement copy methods public function translate($method, $word) { - global $tp; + $tp = e107::getParser(); switch ($method) { case 'bool1' : diff --git a/e107_plugins/alt_auth/e107db_auth.php b/e107_plugins/alt_auth/e107db_auth.php index a2af27b77..df852b10b 100644 --- a/e107_plugins/alt_auth/e107db_auth.php +++ b/e107_plugins/alt_auth/e107db_auth.php @@ -1,21 +1,26 @@ conf = array(); $this->ErrorText = ''; - $sql -> db_Select("alt_auth", "*", "auth_type = 'e107db' "); - while($row = $sql -> db_Fetch()) - { - $this->conf[$row['auth_parmname']] = base64_decode(base64_decode($row['auth_parmval'])); - } + $this->conf = altAuthGetParams('e107db'); $this->Available = TRUE; } - // Add the reconnect function in here - might be needed - function makeErrorText($extra = '') + + /** + * Retrieve and construct error strings + * + * @todo - test whether reconnect to DB is required (shouldn't be) + */ + private function makeErrorText($extra = '') { $this->ErrorText = $extra; - global $mySQLserver, $mySQLuser, $mySQLpassword, $mySQLdefaultdb, $sql; - $sql->db_Connect($mySQLserver, $mySQLuser, $mySQLpassword, $mySQLdefaultdb); + //global $mySQLserver, $mySQLuser, $mySQLpassword, $mySQLdefaultdb, $sql; + //$sql->db_Connect($mySQLserver, $mySQLuser, $mySQLpassword, $mySQLdefaultdb); } - function login($uname, $pword, &$newvals, $connect_only = FALSE) + /** + * Validate login credentials + * + * @param string $uname - The user name requesting access + * @param string $pass - Password to use (usually plain text) + * @param pointer &$newvals - pointer to array to accept other data read from database + * @param boolean $connect_only - TRUE to simply connect to the database + * + * @return integer result (AUTH_xxxx) + * + * On a successful login, &$newvals array is filled with the requested data from the server + */ + public function login($uname, $pword, &$newvals, $connect_only = FALSE) { - //Attempt to open connection to sql database - if(!$res = mysql_connect($this->conf['e107db_server'], $this->conf['e107db_username'], $this->conf['e107db_password'])) - { - $this->makeErrorText('Cannot connect to remote server'); - return AUTH_NOCONNECT; - } - //Select correct db - if(!mysql_select_db($this->conf['e107db_database'], $res)) - { - mysql_close($res); - $this->makeErrorText('Cannot connect to remote DB'); - return AUTH_NOCONNECT; - } - if ($connect_only) return AUTH_SUCCESS; // Test mode may just want to connect to the DB - - $sel_fields = array(); - // Make an array of the fields we want from the source DB - foreach($this->conf as $k => $v) - { - if ($v && (strpos($k,'e107db_xf_') === 0)) + //Attempt to open connection to sql database + if(!$res = mysql_connect($this->conf['e107db_server'], $this->conf['e107db_username'], $this->conf['e107db_password'])) { - $sel_fields[] = substr($k,strlen('e107db_xf_')); + $this->makeErrorText('Cannot connect to remote server'); + return AUTH_NOCONNECT; + } + //Select correct db + + if(!mysql_select_db($this->conf['e107db_database'], $res)) + { + mysql_close($res); + $this->makeErrorText('Cannot connect to remote DB'); + return AUTH_NOCONNECT; + } + if ($connect_only) return AUTH_SUCCESS; // Test mode may just want to connect to the DB + + $sel_fields = array(); + // Make an array of the fields we want from the source DB + foreach($this->conf as $k => $v) + { + if ($v && (strpos($k,'e107db_xf_') === 0)) + { + $sel_fields[] = substr($k,strlen('e107db_xf_')); + } } - } $filterClass = intval(varset($this->conf['e107db_filter_class'], e_UC_PUBLIC)); if (($filterClass != e_UC_PUBLIC) && (!in_array('user_class',$sel_fields))) @@ -95,7 +116,7 @@ class auth_login //Get record containing supplied login name - $qry = "SELECT ".implode(',',$sel_fields)." FROM ".$this->conf['e107db_prefix']."user WHERE {$user_field} = '{$uname}' AND `user_ban` = 0"; + $qry = 'SELECT '.implode(',',$sel_fields)." FROM ".$this->conf['e107db_prefix']."user WHERE {$user_field} = '{$uname}' AND `user_ban` = 0"; // echo "Query: {$qry}
"; if(!$r1 = mysql_query($qry)) { @@ -103,7 +124,7 @@ class auth_login $this->makeErrorText('Lookup query failed'); return AUTH_NOCONNECT; } - if(!$row = mysql_fetch_array($r1)) + if (!$row = mysql_fetch_array($r1)) { mysql_close($res); $this->makeErrorText('User not found'); @@ -143,17 +164,17 @@ class auth_login unset($tmp); } - // Now copy across any values we have selected - foreach($this->conf as $k => $v) - { - if ($v && (strpos($k,'e107db_xf_') === 0)) + // Now copy across any values we have selected + foreach($this->conf as $k => $v) { - $f = substr($k,strlen('e107db_xf_')); - if (isset($row[$f])) $newvals[$f] = $row[$f]; + if ($v && (strpos($k,'e107db_xf_') === 0)) + { + $f = substr($k,strlen('e107db_xf_')); + if (isset($row[$f])) $newvals[$f] = $row[$f]; + } } - } $this->makeErrorText(''); // Success - just reconnect to E107 DB if needed - return AUTH_SUCCESS; + return AUTH_SUCCESS; } } diff --git a/e107_plugins/alt_auth/e107db_conf.php b/e107_plugins/alt_auth/e107db_conf.php index aad8c7b5e..60db1005e 100644 --- a/e107_plugins/alt_auth/e107db_conf.php +++ b/e107_plugins/alt_auth/e107db_conf.php @@ -1,99 +1,97 @@ -tablerender("","
".$message."
"); -} - - -show_e107db_form(); - -function show_e107db_form() -{ - global $sql, $tp, $ns; - - - $password_methods = ExtendedPasswordHandler::GetPasswordTypes('core'); - - $sql -> db_Select("alt_auth", "*", "auth_type = 'e107db' "); - $parm = array(); - while($row = $sql->db_Fetch()) - { - $parm[$row['auth_parmname']] = base64_decode(base64_decode($row['auth_parmval'])); - } - - $frm = new form; - $text = $frm -> form_open("post", e_SELF); - $text .= " - - - - "; - - $text .= ""; - - $text .= alt_auth_get_db_fields('e107db', $frm, $parm, 'server|uname|pwd|db|prefix|classfilt'); - - $text .= ""; - - $text .= ""; - - $text .= alt_auth_get_field_list('e107db',$frm, $parm, TRUE); - - $text .= "
".LAN_ALT_26.""; - $text .= E107DB_LAN_1; - $text .= "
".E107DB_LAN_9.""; - $text .= $frm -> form_select_open("e107db_password_method"); - foreach($password_methods as $k => $v) - { - $sel = ($parm['e107db_password_method'] == $k) ? " Selected" : ""; - $text .= $frm -> form_option($v, $sel, $k); - } - $text .= $frm -> form_select_close(); - $text .= "
".E107DB_LAN_11."
"; - $text .= $frm -> form_button("submit", "update", LAN_ALT_UPDATESET); - $text .= "
"; - $text .= $frm -> form_close(); - - $ns -> tablerender(E107DB_LAN_10, $text); - - $ns->tablerender(LAN_ALT_40.LAN_ALT_41,alt_auth_test_form('e107db',$frm)); -} - -require_once(e_ADMIN."footer.php"); - - - -function e107db_conf_adminmenu() -{ - alt_auth_adminmenu(); -} - -?> +tablerender('',"
".$message.'
'); +} + + + +show_e107db_form(); + + +function show_e107db_form() +{ + $ns = e107::getRender(); + + $parm = altAuthGetParams('e107db'); + + $frm = new form; + $text = $frm -> form_open('post', e_SELF); + $text .= " + + + + "; + + $text .= ""; + + $text .= alt_auth_get_db_fields('e107db', $frm, $parm, 'server|uname|pwd|db|prefix|classfilt'); + + $text .= ""; + + $text .= ""; + + $text .= alt_auth_get_field_list('e107db',$frm, $parm, TRUE); + + $text .= "
".LAN_ALT_26.""; + $text .= E107DB_LAN_1; + $text .= "
".E107DB_LAN_9.""; + $text .= altAuthGetPasswordSelector('e107db_password_method', $frm, $parm['e107db_password_method'], FALSE); + + $text .= "

".E107DB_LAN_11."
"; + $text .= $frm -> form_button("submit", "update", LAN_ALT_UPDATESET); + $text .= '
'; + $text .= $frm -> form_close(); + + $ns->tablerender(E107DB_LAN_10, $text); + + $ns->tablerender(LAN_ALT_40.LAN_ALT_41,alt_auth_test_form('e107db',$frm)); +} + +require_once(e_ADMIN.'footer.php'); + + + +function e107db_conf_adminmenu() +{ + alt_auth_adminmenu(); +} + +?> diff --git a/e107_plugins/alt_auth/e_help.php b/e107_plugins/alt_auth/e_help.php index 94b90dfbc..13ad6a423 100644 --- a/e107_plugins/alt_auth/e_help.php +++ b/e107_plugins/alt_auth/e_help.php @@ -2,11 +2,11 @@ /* * e107 website system * - * Copyright (C) 2008-2009 e107 Inc (e107.org) + * Copyright (C) 2008-2012 e107 Inc (e107.org) * Released under the terms and conditions of the * GNU General Public License (http://www.gnu.org/licenses/gpl.txt) * - * + * Alt_Auth plugin - help * * $Source: /cvs_backup/e107_0.8/e107_plugins/alt_auth/e_help.php,v $ * $Revision$ @@ -14,6 +14,14 @@ * $Author$ */ +/** + * e107 Alternate authorisation plugin + * + * @package e107_plugins + * @subpackage alt_auth + * @version $Id$; + */ + if (!defined('e107_INIT')) { exit; } define('ALT_AUTH_PATH', e_PLUGIN.'alt_auth/'); diff --git a/e107_plugins/alt_auth/extended_password_handler.php b/e107_plugins/alt_auth/extended_password_handler.php index bc6694b5a..231078e7c 100644 --- a/e107_plugins/alt_auth/extended_password_handler.php +++ b/e107_plugins/alt_auth/extended_password_handler.php @@ -2,17 +2,25 @@ /* * e107 website system * - * Copyright (C) 2008-2011 e107 Inc (e107.org) + * Copyright (C) 2008-2012 e107 Inc (e107.org) * Released under the terms and conditions of the * GNU General Public License (http://www.gnu.org/licenses/gpl.txt) * - * + * Extended password handler for alt_auth plugin * * $URL$ * $Id$ */ -/* +/** + * e107 Alternate authorisation plugin + * + * @package e107_plugins + * @subpackage alt_auth + * @version $Id$; + */ + +/** EXTENDED PASSWORD HANDLER CLASS - supports many password formats used on other systems - implements checking of existing passwords only @@ -23,97 +31,105 @@ To use: or, optionally: call CheckPassword(plaintext_password,login_name, stored_value, password_type) - -To do: - +@todo: + 1. Check that public/private declarations of functions are correct */ + if (!defined('e107_INIT')) { exit; } require_once(e_HANDLER.'user_handler.php'); +// @todo make these class constants +define('PASSWORD_PHPBB_SALT',2); +define('PASSWORD_MAMBO_SALT',3); +define('PASSWORD_JOOMLA_SALT',4); +define('PASSWORD_GENERAL_MD5',5); +define('PASSWORD_PLAINTEXT',6); +define('PASSWORD_GENERAL_SHA1',7); +define('PASSWORD_WORDPRESS_SALT', 8); +define('PASSWORD_MAGENTO_SALT', 9); + +// Supported formats: +define('PASSWORD_PHPBB_ID', '$H$'); // PHPBB salted +define('PASSWORD_ORIG_ID', '$P$'); // 'Original' code +define('PASSWORD_WORDPRESS_ID', '$P$'); // WordPress 2.8 - define('PASSWORD_PHPBB_SALT',2); - define('PASSWORD_MAMBO_SALT',3); - define('PASSWORD_JOOMLA_SALT',4); - define('PASSWORD_GENERAL_MD5',5); - define('PASSWORD_PLAINTEXT',6); - define('PASSWORD_GENERAL_SHA1',7); - define('PASSWORD_WORDPRESS_SALT', 8); - define('PASSWORD_MAGENTO_SALT', 9); - // Supported formats: - define('PASSWORD_PHPBB_ID','$H$'); // PHPBB salted - define('PASSWORD_ORIG_ID','$P$'); // 'Original' code - define('PASSWORD_WORDPRESS_ID', '$P$'); // WordPress 2.8 class ExtendedPasswordHandler extends UserHandler { - var $itoa64; // Holds a string of 64 characters for base64 conversion -// var $iteration_count_log2; // Used to compute number of iterations in calculating hash - var $random_state = ''; // A (hopefully) random number + private $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; // Holds a string of 64 characters for base64 conversion + var $random_state = ''; // A (hopefully) random number - - - // Constructor - function __construct() - { - // Lookup string ready for base64 conversions - $this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; - // Ancestor constructor - parent::__construct(); - } - - - // Return a number of random bytes as specified by $count - function get_random_bytes($count) - { - $this->random_state = md5($this->random_state.microtime().mt_rand(0,10000)); // This will 'auto seed' - - $output = ''; - for ($i = 0; $i < $count; $i += 16) - { // Only do this loop once unless we need more than 16 bytes - $this->random_state = md5(microtime() . $this->random_state); - $output .= pack('H*', md5($this->random_state)); // Becomes an array of 16 bytes - } - $output = substr($output, 0, $count); - - return $output; - } - - - // Encode to base64 (each block of three 8-bit chars becomes 4 printable chars) - // Use first $count characters of $input string - function encode64($input, $count) - { - $output = ''; - $i = 0; - do + /** + * Constructor - just call parent + */ + function __construct() { - $value = ord($input[$i++]); - $output .= $this->itoa64[$value & 0x3f]; - if ($i < $count) $value |= ord($input[$i]) << 8; - $output .= $this->itoa64[($value >> 6) & 0x3f]; - if ($i++ >= $count) break; - if ($i < $count) $value |= ord($input[$i]) << 16; - $output .= $this->itoa64[($value >> 12) & 0x3f]; - if ($i++ >= $count) break; - $output .= $this->itoa64[($value >> 18) & 0x3f]; - } while ($i < $count); + // Ancestor constructor + parent::__construct(); + } - return $output; - } + + /** + * Return a number of random bytes as specified by $count + */ + private function get_random_bytes($count) + { + $this->random_state = md5($this->random_state.microtime().mt_rand(0,10000)); // This will 'auto seed' + + $output = ''; + for ($i = 0; $i < $count; $i += 16) + { // Only do this loop once unless we need more than 16 bytes + $this->random_state = md5(microtime() . $this->random_state); + $output .= pack('H*', md5($this->random_state)); // Becomes an array of 16 bytes + } + $output = substr($output, 0, $count); + + return $output; + } + + + /** + * Encode to base64 (each block of three 8-bit chars becomes 4 printable chars) + * Use first $count characters of $input string + */ + private function encode64($input, $count) + { + return base64_encode(substr($input, 0, $count)); // @todo - check this works OK + /* + $output = ''; + $i = 0; + do + { + $value = ord($input[$i++]); + $output .= $this->itoa64[$value & 0x3f]; + if ($i < $count) $value |= ord($input[$i]) << 8; + $output .= $this->itoa64[($value >> 6) & 0x3f]; + if ($i++ >= $count) break; + if ($i < $count) $value |= ord($input[$i]) << 16; + $output .= $this->itoa64[($value >> 12) & 0x3f]; + if ($i++ >= $count) break; + $output .= $this->itoa64[($value >> 18) & 0x3f]; + } while ($i < $count); + + return $output; + */ + } - // Method for PHPBB3-style salted passwords, which begin '$H$', and WordPress-style salted passwords, which begin '$P$' - // Given a plaintext password and the complete password/hash function (which includes any salt), calculate hash - // Returns FALSE on error - function crypt_private($password, $stored_password, $password_type = PASSWORD_PHPBB_SALT) + /** + * Method for PHPBB3-style salted passwords, which begin '$H$', and WordPress-style salted passwords, which begin '$P$' + * Given a plaintext password and the complete password/hash function (which includes any salt), calculate hash + * Returns FALSE on error + */ + private function crypt_private($password, $stored_password, $password_type = PASSWORD_PHPBB_SALT) { $output = '*0'; if (substr($stored_password, 0, 2) == $output) @@ -173,57 +189,70 @@ class ExtendedPasswordHandler extends UserHandler } - // Return array of supported password types - key is used internally, text is displayed - function getPasswordTypes($include_core = FALSE) + /** + * Return array of supported password types - key is used internally, text is displayed + */ + public function getPasswordTypes($includeExtended = TRUE) { $vals = array(); - if ($include_core) + $vals = array('md5' => IMPORTDB_LAN_7,'e107_salt' => IMPORTDB_LAN_8); // Methods supported in core + if ($includeExtended) { - $vals = array('md5' => IMPORTDB_LAN_7,'e107_salt' => IMPORTDB_LAN_8); // Methods supported in core - } - if (is_bool($include_core)) - { - $vals = array_merge($vals,array( - 'plaintext' => IMPORTDB_LAN_2, - 'joomla_salt' => IMPORTDB_LAN_3, - 'mambo_salt' => IMPORTDB_LAN_4, - 'smf_sha1' => IMPORTDB_LAN_5, - 'sha1' => IMPORTDB_LAN_6, - 'phpbb3_salt' => IMPORTDB_LAN_12, - 'wordpress_salt' => IMPORTDB_LAN_13, - 'wordpress_salt' => IMPORTDB_LAN_14, - )); + $vals = array_merge($vals,array( + 'plaintext' => IMPORTDB_LAN_2, + 'joomla_salt' => IMPORTDB_LAN_3, + 'mambo_salt' => IMPORTDB_LAN_4, + 'smf_sha1' => IMPORTDB_LAN_5, + 'sha1' => IMPORTDB_LAN_6, + 'phpbb3_salt' => IMPORTDB_LAN_12, + 'wordpress_salt' => IMPORTDB_LAN_13, + 'magento_salt' => IMPORTDB_LAN_14, + )); } return $vals; } - // Return password type which relates to a specific foreign system - function passwordMapping($ptype) + /** + * Return password type which relates to a specific foreign system + */ + public function passwordMapping($ptype) { $maps = array( - 'plaintext' => PASSWORD_PLAINTEXT, - 'joomla_salt' => PASSWORD_JOOMLA_SALT, - 'mambo_salt' => PASSWORD_MAMBO_SALT, - 'smf_sha1' => PASSWORD_GENERAL_SHA1, - 'sha1' => PASSWORD_GENERAL_SHA1, - 'mambo' => PASSWORD_GENERAL_MD5, - 'phpbb2' => PASSWORD_GENERAL_MD5, - 'e107' => PASSWORD_GENERAL_MD5, - 'md5' => PASSWORD_GENERAL_MD5, - 'e107_salt' => PASSWORD_E107_SALT, - 'phpbb2_salt' => PASSWORD_PHPBB_SALT, - 'phpbb3_salt' => PASSWORD_PHPBB_SALT, + 'plaintext' => PASSWORD_PLAINTEXT, + 'joomla_salt' => PASSWORD_JOOMLA_SALT, + 'mambo_salt' => PASSWORD_MAMBO_SALT, + 'smf_sha1' => PASSWORD_GENERAL_SHA1, + 'sha1' => PASSWORD_GENERAL_SHA1, + 'mambo' => PASSWORD_GENERAL_MD5, + 'phpbb2' => PASSWORD_GENERAL_MD5, + 'e107' => PASSWORD_GENERAL_MD5, + 'md5' => PASSWORD_GENERAL_MD5, + 'e107_salt' => PASSWORD_E107_SALT, + 'phpbb2_salt' => PASSWORD_PHPBB_SALT, + 'phpbb3_salt' => PASSWORD_PHPBB_SALT, 'wordpress_salt' => PASSWORD_WORDPRESS_SALT, - 'magento_salt' => PASSWORD_MAGENTO_SALT, + 'magento_salt' => PASSWORD_MAGENTO_SALT, ); if (isset($maps[$ptype])) return $maps[$ptype]; return FALSE; } - // Extension of password validation - - function CheckPassword($pword, $login_name, $stored_hash, $password_type = PASSWORD_DEFAULT_TYPE) + /** + * Extension of password validation to handle more types + * + * @param string $pword - plaintext password as entered by user + * @param string $login_name - string used to log in (could actually be email address) + * @param string $stored_hash - required value for password to match + * @param integer $password_type - constant specifying the type of password to check against + * + * @return PASSWORD_INVALID|PASSWORD_VALID|string + * PASSWORD_INVALID if no match + * PASSWORD_VALID if valid password + * Return a new hash to store if valid password but non-preferred encoding + */ + public function CheckPassword($pword, $login_name, $stored_hash, $password_type = PASSWORD_DEFAULT_TYPE) { switch ($password_type) { @@ -268,11 +297,11 @@ class ExtendedPasswordHandler extends UserHandler $pwHash = $salt ? md5($salt.$pword) : md5($pword); $stored_hash = $hash; - break; case PASSWORD_E107_SALT : - return e107::getUserSession()->CheckPassword($password, $login_name, $stored_hash); + //return e107::getUserSession()->CheckPassword($password, $login_name, $stored_hash); + return parent::CheckPassword($password, $login_name, $stored_hash); break; case PASSWORD_PHPBB_SALT : diff --git a/e107_plugins/alt_auth/importdb_auth.php b/e107_plugins/alt_auth/importdb_auth.php index 8ce2042f2..f34e69ba8 100644 --- a/e107_plugins/alt_auth/importdb_auth.php +++ b/e107_plugins/alt_auth/importdb_auth.php @@ -1,21 +1,24 @@ ErrorText = ''; - $this->conf = array(); - if (!$sql -> db_Select("alt_auth", "*", "auth_type = 'importdb' ")) return AUTH_NOCONNECT; // We should get at least one value - while ($row = $sql -> db_Fetch()) - { - $this->conf[$row['auth_parmname']] = base64_decode(base64_decode($row['auth_parmval'])); - } + $this->conf = altAuthGetParams('importdb'); $this->Available = TRUE; } - function makeErrorText($extra = '') + private function makeErrorText($extra = '') { $this->ErrorText = $extra; } - function login($uname, $pword, &$newvals, $connect_only = FALSE) + /** + * Validate login credentials + * + * @param string $uname - The user name requesting access + * @param string $pass - Password to use (usually plain text) + * @param pointer &$newvals - pointer to array to accept other data read from database + * @param boolean $connect_only - TRUE to simply connect to the database + * + * @return integer result (AUTH_xxxx) + * + * On a successful login, &$newvals array is filled with the requested data from the server + */ + public function login($uname, $pword, &$newvals, $connect_only = FALSE) { if ($connect_only) return AUTH_SUCCESS; // Big problem if can't connect to our own DB! diff --git a/e107_plugins/alt_auth/importdb_conf.php b/e107_plugins/alt_auth/importdb_conf.php index 2448996b6..2a2e1600e 100644 --- a/e107_plugins/alt_auth/importdb_conf.php +++ b/e107_plugins/alt_auth/importdb_conf.php @@ -1,126 +1,91 @@ -tablerender("","
".$message."
"); -} - - -show_importdb_form(); - -function show_importdb_form() -{ - global $sql, $tp, $ns; - - $password_methods = ExtendedPasswordHandler::GetPasswordTypes(FALSE); - - - // Get the parameters - $sql -> db_Select("alt_auth", "*", "auth_type = 'importdb' "); - $parm = array(); - while($row = $sql->db_Fetch()) - { - $parm[$row['auth_parmname']] = base64_decode(base64_decode($row['auth_parmval'])); - } - - - $frm = new form; - $text = $frm -> form_open("post", e_SELF); - $text .= " - - - - "; - - - $text .= ""; -/* $text .= $frm -> form_select_open("importdb_dbtype"); - foreach($db_types as $k => $v) - { - $sel = ($parm['importdb_dbtype'] == $k) ? " Selected" : ""; - $text .= $frm -> form_option($v, $sel, $k); - } - $text .= $frm -> form_select_close(); - $text .= ""; -*/ - $text .= ""; - - $text .= "
".IMPORTDB_LAN_11."
".IMPORTDB_LAN_9.""; - $text .= $frm -> form_select_open("importdb_password_method"); - foreach($password_methods as $k => $v) - { - $sel = ($parm['importdb_password_method'] == $k) ? " Selected" : ""; - $text .= $frm -> form_option($v, $sel, $k); - } - $text .= $frm -> form_select_close(); - $text .= "
"; - $text .= $frm -> form_button("submit", "update", LAN_ALT_UPDATESET); - $text .= "
"; - $text .= $frm -> form_close(); - - $ns -> tablerender(IMPORTDB_LAN_10, $text); - - $ns->tablerender(LAN_ALT_40.LAN_ALT_41,alt_auth_test_form('importdb',$frm)); - -} - -require_once(e_ADMIN."footer.php"); - -/* -function update_importdb_prefs() -{ - global $sql; - foreach($_POST as $k => $v) - { - $v = base64_encode(base64_encode($v)); - - if(preg_match("/importdb_/", $k)) - { - if($sql -> db_Select("alt_auth", "*", "auth_type='importdb' AND auth_parmname='{$k}' ")) - { - $sql -> db_Update("alt_auth", "auth_parmval='{$v}' WHERE auth_type='importdb' AND auth_parmname='{$k}' "); - } - else - { - $sql -> db_Insert("alt_auth", "'importdb','{$k}','{$v}' "); - } - } - } - return "Settings Updated"; -} -*/ - -function importdb_conf_adminmenu() -{ - alt_auth_adminmenu(); -} - -?> +tablerender("","
".$message."
"); +} + + +show_importdb_form(); + +function show_importdb_form() +{ + $ns = e107::getRender(); + + + $parm = altAuthGetParams('importdb'); + + $frm = new form; + $text = $frm -> form_open('post', e_SELF); + $text .= " + + + + "; + + + $text .= ""; + $text .= ""; + + $text .= "
".IMPORTDB_LAN_11."
".IMPORTDB_LAN_9.""; + + $text .= altAuthGetPasswordSelector('importdb_password_method', $frm, $parm['importdb_password_method'], TRUE); + + $text .= "
"; + $text .= $frm -> form_button("submit", "update", LAN_ALT_UPDATESET); + $text .= "
"; + $text .= $frm -> form_close(); + + $ns -> tablerender(IMPORTDB_LAN_10, $text); + + $ns->tablerender(LAN_ALT_40.LAN_ALT_41,alt_auth_test_form('importdb',$frm)); + +} + +require_once(e_ADMIN.'footer.php'); + + +function importdb_conf_adminmenu() +{ + alt_auth_adminmenu(); +} + +?> diff --git a/e107_plugins/alt_auth/languages/English/English_log.php b/e107_plugins/alt_auth/languages/English/English_log.php index da049806f..736373ffe 100644 --- a/e107_plugins/alt_auth/languages/English/English_log.php +++ b/e107_plugins/alt_auth/languages/English/English_log.php @@ -14,6 +14,14 @@ * $Author$ */ +/** + * e107 Alternate authorisation plugin + * + * @package e107_plugins + * @subpackage alt_auth + * @version $Id$; + */ + define('LAN_AL_AUTH_01','Alt auth Settings changed'); define('LAN_AL_AUTH_02','Alt auth extended user classes changed'); define('LAN_AL_AUTH_03','Alt auth method settings changed'); diff --git a/e107_plugins/alt_auth/languages/English/admin_alt_auth.php b/e107_plugins/alt_auth/languages/English/admin_alt_auth.php index 2298c3320..93f357ffd 100644 --- a/e107_plugins/alt_auth/languages/English/admin_alt_auth.php +++ b/e107_plugins/alt_auth/languages/English/admin_alt_auth.php @@ -2,7 +2,7 @@ /* * e107 website system * - * Copyright (C) 2008-2011 e107 Inc (e107.org) + * Copyright (C) 2008-2012 e107 Inc (e107.org) * Released under the terms and conditions of the * GNU General Public License (http://www.gnu.org/licenses/gpl.txt) * @@ -12,6 +12,15 @@ * $Id$ * */ + +/** + * e107 Alternate authorisation plugin + * + * @package e107_plugins + * @subpackage alt_auth + * @version $Id$; + */ + define('LAN_ALT_1', 'Primary authorisation type'); define('LAN_ALT_2', 'Update settings'); define('LAN_ALT_3', 'Choose Alternate Authorisation Type'); @@ -35,7 +44,7 @@ define('LAN_ALT_19', 'Photo field'); define('LAN_ALT_20', 'Join date field'); define('LAN_ALT_21', 'Ban status field'); define('LAN_ALT_22', 'Class membership field'); -define('LAN_ALT_23', 'XUP file field'); +//define('LAN_ALT_23', 'XUP file field'); define('LAN_ALT_24', 'Password salt field'); define('LAN_ALT_25', '(sometimes combined with password for added security)'); define('LAN_ALT_26', 'Database type:'); @@ -95,6 +104,18 @@ define('LAN_ALT_77', 'Only users in this class (on the database set above) are p define('LAN_ALT_78', 'Failed password action'); define('LAN_ALT_79', 'If user exists in primary DB, but enters an incorrect password, how should that be handled?'); +define('IMPORTDB_LAN_2', 'Plain Text'); +define('IMPORTDB_LAN_3', 'Joomla salted'); +define('IMPORTDB_LAN_4', 'Mambo salted'); +define('IMPORTDB_LAN_5', 'SMF (SHA1)'); +define('IMPORTDB_LAN_6', 'Generic SHA1'); +define('IMPORTDB_LAN_7', 'MD5 (E107 original)'); +define('IMPORTDB_LAN_8', 'E107 salted (option 2.0 on)'); +define('IMPORTDB_LAN_12', 'PHPBB2/PHPBB3 salted'); +define('IMPORTDB_LAN_13', 'WordPress salted'); +define('IMPORTDB_LAN_14', 'Magento salted'); + + define('LAN_ALT_FALLBACK', 'Use secondary authorisation'); define('LAN_ALT_FAIL', 'Failed login'); diff --git a/e107_plugins/alt_auth/languages/English/admin_e107db_conf.php b/e107_plugins/alt_auth/languages/English/admin_e107db_conf.php index 8630fea08..3b3fe355c 100644 --- a/e107_plugins/alt_auth/languages/English/admin_e107db_conf.php +++ b/e107_plugins/alt_auth/languages/English/admin_e107db_conf.php @@ -1,17 +1,39 @@ - + diff --git a/e107_plugins/alt_auth/languages/English/admin_importdb_conf.php b/e107_plugins/alt_auth/languages/English/admin_importdb_conf.php index 1f300eaba..a45f3e668 100644 --- a/e107_plugins/alt_auth/languages/English/admin_importdb_conf.php +++ b/e107_plugins/alt_auth/languages/English/admin_importdb_conf.php @@ -2,7 +2,7 @@ /* * e107 website system * - * Copyright (C) 2008-2011 e107 Inc (e107.org) + * Copyright (C) 2008-2012 e107 Inc (e107.org) * Released under the terms and conditions of the * GNU General Public License (http://www.gnu.org/licenses/gpl.txt) * @@ -12,22 +12,32 @@ * $Id$ * */ -define('IMPORTDB_LAN_1', 'Database type'); -define('IMPORTDB_LAN_2', 'Plain Text'); -define('IMPORTDB_LAN_3', 'Joomla salted'); -define('IMPORTDB_LAN_4', 'Mambo salted'); -define('IMPORTDB_LAN_5', 'SMF (SHA1)'); -define('IMPORTDB_LAN_6', 'Generic SHA1'); -define('IMPORTDB_LAN_7', 'MD5 (E107 original)'); -define('IMPORTDB_LAN_8', 'E107 salted (option 0.8 on)'); + + /** + * e107 Alternate authorisation plugin + * + * @package e107_plugins + * @subpackage alt_auth + * @version $Id$; + */ + +// Some password-related strings moved to admin_alt_auth.php for generic use +//define('IMPORTDB_LAN_1', 'Database type'); +//define('IMPORTDB_LAN_2', 'Plain Text'); +//define('IMPORTDB_LAN_3', 'Joomla salted'); +//define('IMPORTDB_LAN_4', 'Mambo salted'); +//define('IMPORTDB_LAN_5', 'SMF (SHA1)'); +//define('IMPORTDB_LAN_6', 'Generic SHA1'); +//define('IMPORTDB_LAN_7', 'MD5 (E107 original)'); +//define('IMPORTDB_LAN_8', 'E107 salted (option 2.0 on)'); define('IMPORTDB_LAN_9', 'Password Method:'); define('IMPORTDB_LAN_10', 'Configure imported database password type'); define('IMPORTDB_LAN_11', 'This option is to be used when you have imported some other user-based system into E107. It allows you to accept passwords encoded in the selected non-standard format. Each user\'s password is converted to E107 format when they log in.'); -define('IMPORTDB_LAN_12', 'PHPBB2/PHPBB3 salted'); -define('IMPORTDB_LAN_13', 'WordPress salted'); -define('IMPORTDB_LAN_14', 'Magento salted'); +//define('IMPORTDB_LAN_12', 'PHPBB2/PHPBB3 salted'); +//define('IMPORTDB_LAN_13', 'WordPress salted'); +//define('IMPORTDB_LAN_14', 'Magento salted'); define('LAN_AUTHENTICATE_HELP','This authentication method is to be used only when you have imported a user database into E107, and the password is in an incompatible format. The diff --git a/e107_plugins/alt_auth/languages/English/admin_ldap_conf.php b/e107_plugins/alt_auth/languages/English/admin_ldap_conf.php index b10b26428..946acaf13 100644 --- a/e107_plugins/alt_auth/languages/English/admin_ldap_conf.php +++ b/e107_plugins/alt_auth/languages/English/admin_ldap_conf.php @@ -1,23 +1,44 @@ -LDAP - Enter BaseDN
AD - enter the fqdn eg ad.mydomain.co.uk"); -define("LDAPLAN_3", "LDAP Browsing user
Full context of the user who is able to search the directory."); -define("LDAPLAN_4", "LDAP Browsing password
Password for the LDAP Browsing user."); -define("LDAPLAN_5", "LDAP Version"); -define("LDAPLAN_6", "Configure LDAP auth"); -define("LDAPLAN_7", "eDirectory search filter:"); -define("LDAPLAN_8", "This will be used to ensure the username is in the correct tree,
ie '(objectclass=inetOrgPerson)'"); -define("LDAPLAN_9", "Current search filter will be:"); -define("LDAPLAN_10", "Settings Updated"); -define("LDAPLAN_11", "WARNING: It appears as if the ldap module is not currently available; setting your auth method to LDAP will probably not work!"); -define("LDAPLAN_12", 'Server Type'); -define("LDAPLAN_13", 'Update settings'); -define('LDAPLAN_14', 'OU for AD (e.g. ou=itdept)'); - - -define('SHOW_COPY_HELP', TRUE); -define('SHOW_CONVERSION_HELP', TRUE); -define('LAN_AUTHENTICATE_HELP','This method can be used to authenticate against most LDAP servers, including Novell\'s eDirectory and Microsoft\'s Active Directory. Refer to the wiki for further information.'); - - -?> +LDAP - Enter BaseDN
AD - enter the fqdn eg ad.mydomain.co.uk'); +define('LDAPLAN_3', 'LDAP Browsing user
Full context of the user who is able to search the directory.'); +define('LDAPLAN_4', 'LDAP Browsing password
Password for the LDAP Browsing user.'); +define('LDAPLAN_5', 'LDAP Version'); +define('LDAPLAN_6', 'Configure LDAP auth'); +define('LDAPLAN_7', 'eDirectory search filter:'); +define('LDAPLAN_8', "This will be used to ensure the username is in the correct tree,
e.g. '(objectclass=inetOrgPerson)'"); +define('LDAPLAN_9', 'Current search filter will be:'); +define('LDAPLAN_10', 'Settings Updated'); +define('LDAPLAN_11', 'WARNING: It appears that the ldap module is not currently available; setting your auth method to LDAP will probably not work!'); +define('LDAPLAN_12', 'Server Type'); +define('LDAPLAN_13', 'Update settings'); +define('LDAPLAN_14', 'OU for AD (e.g. ou=itdept)'); + + +define('SHOW_COPY_HELP', TRUE); +define('SHOW_CONVERSION_HELP', TRUE); +define('LAN_AUTHENTICATE_HELP','This method can be used to authenticate against most LDAP servers, including Novell\'s eDirectory and Microsoft\'s Active Directory. It requires that PHP\'s LDAP extension is loaded. Refer to the wiki for further information.'); + + +?> diff --git a/e107_plugins/alt_auth/languages/English/admin_otherdb_conf.php b/e107_plugins/alt_auth/languages/English/admin_otherdb_conf.php index 42a9218e1..d649b620f 100644 --- a/e107_plugins/alt_auth/languages/English/admin_otherdb_conf.php +++ b/e107_plugins/alt_auth/languages/English/admin_otherdb_conf.php @@ -1,14 +1,38 @@ Leave the field blank for it not to be transferred at all"); define('OTHERDB_LAN_12', 'Password Salt Field:'); @@ -16,16 +40,6 @@ define('OTHERDB_LAN_13', '(Leave blank if not used)'); define('OTHERDB_LAN_14', 'Email address Field:'); define('OTHERDB_LAN_15', 'MySQL - generic database'); -define("IMPORTDB_LAN_2", 'Plain Text'); -define("IMPORTDB_LAN_3", 'Joomla salted'); -define("IMPORTDB_LAN_4", 'Mambo salted'); -define("IMPORTDB_LAN_5", 'SMF (SHA1)'); -define("IMPORTDB_LAN_6", 'Generic SHA1'); -define("IMPORTDB_LAN_7", 'MD5 (E107 original)'); -define("IMPORTDB_LAN_8", 'E107 salted (option 0.8 on)'); -define("IMPORTDB_LAN_12", 'PHPBB2/PHPBB3 salted'); -define("IMPORTDB_LAN_14", 'Magento salted'); - define('SHOW_COPY_HELP', TRUE); define('SHOW_CONVERSION_HELP', TRUE); diff --git a/e107_plugins/alt_auth/languages/English/admin_radius_conf.php b/e107_plugins/alt_auth/languages/English/admin_radius_conf.php index 5deb9bb2c..a5a272183 100644 --- a/e107_plugins/alt_auth/languages/English/admin_radius_conf.php +++ b/e107_plugins/alt_auth/languages/English/admin_radius_conf.php @@ -1,14 +1,37 @@ - - Note that the RADIUS server may only allow access from a specific range of IP addresses'); - - -?> + + Note that the RADIUS server may only allow access from a specific range of IP addresses'); + + +?> diff --git a/e107_plugins/alt_auth/ldap_auth.php b/e107_plugins/alt_auth/ldap_auth.php index c0cdbca19..99f92c047 100755 --- a/e107_plugins/alt_auth/ldap_auth.php +++ b/e107_plugins/alt_auth/ldap_auth.php @@ -1,47 +1,56 @@ copyAttribs = array(); $this->copyMethods = array(); - $sql = new db; - $sql->db_Select("alt_auth", "*", "auth_type = 'ldap' "); + $sql = e107::getDB('altAuth'); + $sql->db_Select('alt_auth', '*', "auth_type = 'ldap' "); while ($row = $sql->db_Fetch()) { $ldap[$row['auth_parmname']] = base64_decode(base64_decode($row['auth_parmval'])); @@ -55,7 +64,7 @@ class auth_login } unset($row['auth_parmname']); } - $this->server = explode(",", $ldap['ldap_server']); + $this->server = explode(',', $ldap['ldap_server']); $this->serverType = $ldap['ldap_servertype']; $this->dn = $ldap['ldap_basedn']; $this->ou = $ldap['ldap_ou']; @@ -66,24 +75,35 @@ class auth_login if (!function_exists('ldap_connect')) { - $this->Available = false; - return false; + return AUTH_NORESOURCE; } if (!$this->connect()) { return AUTH_NOCONNECT; } + $this->Available = TRUE; + return AUTH_SUCCESS; } - function makeErrorText($extra = '') + + /** + * Retrieve and construct error strings + */ + private function makeErrorText($extra = '') { $this->ldapErrorCode = ldap_errno($this->connection); $this->ldapErrorText = ldap_error($this->connection); $this->ErrorText = $extra . ' ' . $this->ldapErrorCode . ': ' . $this->ldapErrorText; } - function connect() + + /** + * Connect to the LDAP server + * + * @return boolean TRUE for success, FALSE for failure + */ + public function connect() { foreach ($this->server as $key => $host) { @@ -104,7 +124,11 @@ class auth_login return false; } - function close() + + /** + * Close the connection to the LDAP server + */ + public function close() { if (!@ldap_close($this->connection)) { @@ -117,6 +141,19 @@ class auth_login } } + + /** + * Validate login credentials + * + * @param string $uname - The user name requesting access + * @param string $pass - Password to use (usually plain text) + * @param pointer &$newvals - pointer to array to accept other data read from database + * @param boolean $connect_only - TRUE to simply connect to the server + * + * @return integer result (AUTH_xxxx) + * + * On a successful login, &$newvals array is filled with the requested data from the server + */ function login($uname, $pass, &$newvals, $connect_only = false) { /* Construct the full DN, eg:- @@ -248,8 +285,8 @@ class auth_login } else { - /* Login failed. Return false, together with the error code and text from - ** the LDAP server. The common error codes and reasons are listed below : + /* Login failed. Return error code. + ** The common error codes and reasons are listed below : ** (for iPlanet, other servers may differ) ** 19 - Account locked out (too many invalid login attempts) ** 32 - User does not exist diff --git a/e107_plugins/alt_auth/ldap_conf.php b/e107_plugins/alt_auth/ldap_conf.php index 2b0433778..5edb618db 100755 --- a/e107_plugins/alt_auth/ldap_conf.php +++ b/e107_plugins/alt_auth/ldap_conf.php @@ -1,37 +1,41 @@ tablerender("","
".$message."
"); + e107::getRender()->tablerender('',"
".$message.'
'); } -$ldap['ldap_edirfilter'] == ""; -$sql -> db_Select("alt_auth", "*", "auth_type = 'ldap' "); -while($row = $sql->db_Fetch()) -{ - $ldap[$row['auth_parmname']] = base64_decode(base64_decode($row['auth_parmval'])); // Encoding is new for 0.8 -} +$ldap = altAuthGetParams('ldap'); +if (!isset($ldap['ldap_edirfilter'])) $ldap['ldap_edirfilter'] == ''; //print_a($ldap); $current_filter = "(&(cn=[USERNAME]){$ldap['ldap_edirfilter']})"; $frm = new form; -$text = $frm -> form_open("post",e_SELF); +$text = $frm -> form_open('post',e_SELF); $text .= ""; $text .= ""; $text .= ""; $text .= ""; @@ -115,16 +115,17 @@ $text .= "
".LDAPLAN_9."
".htmlentities($curre $text .= alt_auth_get_field_list('ldap',$frm, $ldap, FALSE); $text .= ""; -$text .= "
".LDAPLAN_12.""; $text .= $frm -> form_select_open("ldap_servertype"); foreach($server_types as $v) { - $sel = ($ldap['ldap_servertype'] == $v) ? " Selected" : ""; + $sel = ($ldap['ldap_servertype'] == $v) ? " Selected='selected'" : ''; $text .= $frm -> form_option($v, $sel, $v); } $text .= $frm -> form_select_close(); @@ -98,7 +98,7 @@ $text .= $frm -> form_select_open("ldap_version"); foreach($ldap_ver as $v) { - $sel = ($ldap['ldap_version'] == $v) ? " Selected" : ""; + $sel = ($ldap['ldap_version'] == $v) ? " Selected='selected'" : ""; $text .= $frm -> form_option($v, $sel, $v); } @@ -106,7 +106,7 @@ $text .= $frm -> form_select_close(); $text .= "
".LDAPLAN_7."
".LDAPLAN_8."		"; -$text .= $frm -> form_text("ldap_edirfilter", 35, $ldap['ldap_edirfilter'], 120); +$text .= $frm -> form_text('ldap_edirfilter', 35, $ldap['ldap_edirfilter'], 120); $text .= "
".LDAPLAN_9."
".htmlentities($current_filter)."
".LAN_ALT_27."
"; -$text .= $frm -> form_button("submit", "update", LDAPLAN_13); +$text .= $frm -> form_button('submit', 'update', LDAPLAN_13); $text .= "
"; +$text .= "\n"; $text .= $frm -> form_close(); -$ns -> tablerender(LDAPLAN_6,$text); -$ns->tablerender(LAN_ALT_40.LAN_ALT_41,alt_auth_test_form('ldap',$frm)); +e107::getRender()->tablerender(LDAPLAN_6,$text); +e107::getRender()->tablerender(LAN_ALT_40.LAN_ALT_41,alt_auth_test_form('ldap',$frm)); + +require_once(e_ADMIN.'footer.php'); -require_once(e_ADMIN."footer.php"); function ldap_conf_adminmenu() { diff --git a/e107_plugins/alt_auth/otherdb_auth.php b/e107_plugins/alt_auth/otherdb_auth.php index f9c2b5b0e..c91563cea 100644 --- a/e107_plugins/alt_auth/otherdb_auth.php +++ b/e107_plugins/alt_auth/otherdb_auth.php @@ -1,21 +1,25 @@ conf = array(); $this->ErrorText = ''; - $sql -> db_Select("alt_auth", "*", "auth_type = 'otherdb' "); - while($row = $sql -> db_Fetch()) - { - $this->conf[$row['auth_parmname']] = base64_decode(base64_decode($row['auth_parmval'])); - } + $this->conf = altAuthGetParams('otherdb'); $this->Available = TRUE; } - // Add the reconnect function in here - might be needed - function makeErrorText($extra = '') + + /** + * Retrieve and construct error strings + * + * @todo - test whether reconnect to DB is required (shouldn't be) + */ + private function makeErrorText($extra = '') { $this->ErrorText = $extra; - global $mySQLserver, $mySQLuser, $mySQLpassword, $mySQLdefaultdb, $sql; - $sql->db_Connect($mySQLserver, $mySQLuser, $mySQLpassword, $mySQLdefaultdb); + //global $mySQLserver, $mySQLuser, $mySQLpassword, $mySQLdefaultdb, $sql; + //$sql->db_Connect($mySQLserver, $mySQLuser, $mySQLpassword, $mySQLdefaultdb); } - function login($uname, $pword, &$newvals, $connect_only = FALSE) + /** + * Validate login credentials + * + * @param string $uname - The user name requesting access + * @param string $pass - Password to use (usually plain text) + * @param pointer &$newvals - pointer to array to accept other data read from database + * @param boolean $connect_only - TRUE to simply connect to the database + * + * @return integer result (AUTH_xxxx) + * + * On a successful login, &$newvals array is filled with the requested data from the server + */ + public function login($uname, $pword, &$newvals, $connect_only = FALSE) { - //Attempt to open connection to sql database - if(!$res = mysql_connect($this->conf['otherdb_server'], $this->conf['otherdb_username'], $this->conf['otherdb_password'])) - { - $this->makeErrorText('Cannot connect to remote server'); - return AUTH_NOCONNECT; - } - //Select correct db - if(!mysql_select_db($this->conf['otherdb_database'], $res)) - { - mysql_close($res); - $this->makeErrorText('Cannot connect to remote DB'); - return AUTH_NOCONNECT; - } - if ($connect_only) return AUTH_SUCCESS; // Test mode may just want to connect to the DB - $sel_fields = array(); - // Make an array of the fields we want from the source DB - foreach($this->conf as $k => $v) - { - if ($v && (strpos($k,'otherdb_xf_') === 0)) + //Attempt to open connection to sql database + if(!$res = mysql_connect($this->conf['otherdb_server'], $this->conf['otherdb_username'], $this->conf['otherdb_password'])) { - $sel_fields[] = $v; + $this->makeErrorText('Cannot connect to remote server'); + return AUTH_NOCONNECT; + } + //Select correct db + if(!mysql_select_db($this->conf['otherdb_database'], $res)) + { + mysql_close($res); + $this->makeErrorText('Cannot connect to remote DB'); + return AUTH_NOCONNECT; + } + if ($connect_only) return AUTH_SUCCESS; // Test mode may just want to connect to the DB + $sel_fields = array(); + // Make an array of the fields we want from the source DB + foreach($this->conf as $k => $v) + { + if ($v && (strpos($k,'otherdb_xf_') === 0)) + { + $sel_fields[] = $v; + } + } + $sel_fields[] = $this->conf['otherdb_password_field']; + $user_field = $this->conf['otherdb_user_field']; + if (isset($this->conf['otherdb_salt_field'])) + { + $sel_fields[] = $this->conf['otherdb_salt_field']; } - } - $sel_fields[] = $this->conf['otherdb_password_field']; - $user_field = $this->conf['otherdb_user_field']; - if (isset($this->conf['otherdb_salt_field'])) - { - $sel_fields[] = $this->conf['otherdb_salt_field']; - } - //Get record containing supplied login name - $qry = "SELECT ".implode(',',$sel_fields)." FROM {$this->conf['otherdb_table']} WHERE {$user_field} = '{$uname}'"; + //Get record containing supplied login name + $qry = "SELECT ".implode(',',$sel_fields)." FROM {$this->conf['otherdb_table']} WHERE {$user_field} = '{$uname}'"; // echo "Query: {$qry}
"; - if(!$r1 = mysql_query($qry)) - { - mysql_close($res); - $this->makeErrorText('Lookup query failed'); - return AUTH_NOCONNECT; - } - if(!$row = mysql_fetch_array($r1)) - { - mysql_close($res); - $this->makeErrorText('User not found'); - return AUTH_NOUSER; - } - - mysql_close($res); // Finished with 'foreign' DB now - - // Got something from the DB - see whether password valid - require_once(e_PLUGIN.'alt_auth/extended_password_handler.php'); // This auto-loads the 'standard' password handler as well - $pass_check = new ExtendedPasswordHandler(); - - $passMethod = $pass_check->passwordMapping($this->conf['otherdb_password_method']); - if ($passMethod === FALSE) - { - $this->makeErrorText('Password error - invalid method'); - return AUTH_BADPASSWORD; - } - - $pwFromDB = $row[$this->conf['otherdb_password_field']]; // Password stored in DB - if ($salt_field) $pwFromDB .= ':'.$row[$salt_field]; - - if ($pass_check->checkPassword($pword, $uname, $pwFromDB, $passMethod) !== PASSWORD_VALID) - { - $this->makeErrorText('Password incorrect'); - return AUTH_BADPASSWORD; - } - // Now copy across any values we have selected - foreach($this->conf as $k => $v) - { - if ($v && (strpos($k,'otherdb_xf_') === 0) && isset($row[$v])) + if(!$r1 = mysql_query($qry)) { - $newvals[substr($k,strlen('otherdb_xf_'))] = $row[$v]; + mysql_close($res); + $this->makeErrorText('Lookup query failed'); + return AUTH_NOCONNECT; + } + if(!$row = mysql_fetch_array($r1)) + { + mysql_close($res); + $this->makeErrorText('User not found'); + return AUTH_NOUSER; + } + + mysql_close($res); // Finished with 'foreign' DB now + + // Got something from the DB - see whether password valid + require_once(e_PLUGIN.'alt_auth/extended_password_handler.php'); // This auto-loads the 'standard' password handler as well + $pass_check = new ExtendedPasswordHandler(); + + $passMethod = $pass_check->passwordMapping($this->conf['otherdb_password_method']); + if ($passMethod === FALSE) + { + $this->makeErrorText('Password error - invalid method'); + return AUTH_BADPASSWORD; + } + + $pwFromDB = $row[$this->conf['otherdb_password_field']]; // Password stored in DB + if ($salt_field) $pwFromDB .= ':'.$row[$salt_field]; + + if ($pass_check->checkPassword($pword, $uname, $pwFromDB, $passMethod) !== PASSWORD_VALID) + { + $this->makeErrorText('Password incorrect'); + return AUTH_BADPASSWORD; + } + // Now copy across any values we have selected + foreach($this->conf as $k => $v) + { + if ($v && (strpos($k,'otherdb_xf_') === 0) && isset($row[$v])) + { + $newvals[substr($k,strlen('otherdb_xf_'))] = $row[$v]; + } } - } $this->makeErrorText(''); // Success - just reconnect to E107 DB if needed - return AUTH_SUCCESS; + return AUTH_SUCCESS; } } diff --git a/e107_plugins/alt_auth/otherdb_conf.php b/e107_plugins/alt_auth/otherdb_conf.php index c0809e71a..37c6d62cf 100644 --- a/e107_plugins/alt_auth/otherdb_conf.php +++ b/e107_plugins/alt_auth/otherdb_conf.php @@ -1,97 +1,95 @@ -tablerender("","
".$message."
"); -} - - -show_otherdb_form(); - -function show_otherdb_form() -{ - global $sql, $tp, $ns; - - - $password_methods = ExtendedPasswordHandler::GetPasswordTypes(TRUE); -// $db_types = array("e107" => "mysql - e107 database", "mysql" => "mysql - generic database"); - - $sql -> db_Select("alt_auth", "*", "auth_type = 'otherdb' "); - $parm = array(); - while($row = $sql->db_Fetch()) - { - $parm[$row['auth_parmname']] = base64_decode(base64_decode($row['auth_parmval'])); - } - - $frm = new form; - $text = $frm -> form_open("post", e_SELF); - $text .= ""; - - $text .= ""; - - $text .= alt_auth_get_db_fields('otherdb', $frm, $parm, 'server|uname|pwd|db|table|ufield|pwfield|salt'); - $text .= ""; - - $text .= ""; - - $text .= alt_auth_get_field_list('otherdb',$frm, $parm, FALSE); - - $text .= ""; - - $text .= "
".LAN_ALT_26.""; - $text .= OTHERDB_LAN_15; - $text .= "
".OTHERDB_LAN_9.""; - $text .= $frm -> form_select_open("otherdb_password_method"); - foreach($password_methods as $k => $v) - { - $sel = ($parm['otherdb_password_method'] == $k) ? " Selected" : ""; - $text .= $frm -> form_option($v, $sel, $k); - } - $text .= $frm -> form_select_close(); - $text .= "
".LAN_ALT_27."
"; - $text .= $frm -> form_button("submit", "update", LAN_ALT_UPDATESET); - $text .= "
"; - $text .= $frm -> form_close(); - - $ns -> tablerender(OTHERDB_LAN_10, $text); - - $ns->tablerender(LAN_ALT_40.LAN_ALT_41,alt_auth_test_form('otherdb',$frm)); -} - -require_once(e_ADMIN."footer.php"); - - - -function otherdb_conf_adminmenu() -{ - alt_auth_adminmenu(); -} - -?> +tablerender('',"
".$message.'
'); +} + + + +show_otherdb_form(); + +function show_otherdb_form() +{ + $ns = e107::getRender(); + + $parm = altAuthGetParams('otherdb'); + + $frm = new form; + $text = $frm -> form_open("post", e_SELF); + $text .= ""; + + $text .= ""; + + $text .= alt_auth_get_db_fields('otherdb', $frm, $parm, 'server|uname|pwd|db|table|ufield|pwfield|salt'); + $text .= ""; + + $text .= ""; + + $text .= alt_auth_get_field_list('otherdb',$frm, $parm, FALSE); + + $text .= "'; + + $text .= '
".LAN_ALT_26.""; + $text .= OTHERDB_LAN_15; + $text .= "
".OTHERDB_LAN_9.""; + + $text .= altAuthGetPasswordSelector('otherdb_password_method', $frm, $parm['otherdb_password_method'], TRUE); + + $text .= "
".LAN_ALT_27."
"; + $text .= $frm -> form_button('submit', 'update', LAN_ALT_UPDATESET); + $text .= '
'; + $text .= $frm -> form_close(); + + $ns -> tablerender(OTHERDB_LAN_10, $text); + + $ns->tablerender(LAN_ALT_40.LAN_ALT_41,alt_auth_test_form('otherdb',$frm)); +} + +require_once(e_ADMIN.'footer.php'); + + + +function otherdb_conf_adminmenu() +{ + alt_auth_adminmenu(); +} + +?> diff --git a/e107_plugins/alt_auth/radius_auth.php b/e107_plugins/alt_auth/radius_auth.php index 7d1e4161f..5a1cf0ce5 100644 --- a/e107_plugins/alt_auth/radius_auth.php +++ b/e107_plugins/alt_auth/radius_auth.php @@ -31,25 +31,26 @@ define('RADIUS_DEBUG',TRUE); class auth_login { - var $server; - var $secret; - var $port; - var $usr; - var $pwd; - var $ErrorText; - var $connection; // Handle to use on successful creation - var $result; - var $Available; + private $server; + private $secret; + private $port; + private $usr; + private $pwd; + private $connection; // Handle to use on successful creation + public $Available = FALSE; // Flag indicates whether DB connection available + public $ErrorText; // e107 error string on exit - function auth_login() + + /** + * Read configuration, initialise connection to LDAP database + * + * @return AUTH_xxxx result code + */ + function __construct() { $this->copyAttribs = array(); - $sql = new db; - $sql -> db_Select("alt_auth", "*", "auth_type = 'radius' "); - while($row = $sql -> db_Fetch()) - { - $radius[$row['auth_parmname']] = base64_decode(base64_decode($row['auth_parmval'])); - } + $radius = altAuthGetParams('radius'); + $this->server = explode(',',$radius['radius_server']); $this->port = 1812; // Assume fixed port number for now - 1812 (UDP) is listed for servers, 1645 for authentification. (1646, 1813 for accounting) // (A Microsoft app note says 1812 is the RFC2026-compliant port number. (http://support.microsoft.com/kb/230786) @@ -66,18 +67,22 @@ class auth_login $this->ErrorText = ''; if(!function_exists('radius_auth_open')) { - $this->Available = FALSE; - return false; + return AUTH_NORESOURCE; } if(!$this -> connect()) { return AUTH_NOCONNECT; } + $this->Available = TRUE; + return AUTH_SUCCESS; } + /** + * Retrieve and construct error strings + */ function makeErrorText($extra = '') { $this->ErrorText = $extra.radius_strerror($this->connection) ; @@ -88,9 +93,13 @@ class auth_login + /** + * Try to connect to a radius server + * + * @return boolean TRUE for success, FALSE for failure + */ function connect() { - // Try to connect to a radius server if (!($this->connection = radius_auth_open())) { $this->makeErrorText('RADIUS open failed: ') ; @@ -109,6 +118,9 @@ class auth_login + /** + * Close the connection to the Radius server + */ function close() { if ( !radius_close( $this->connection)) // (Not strictly necessary, but tidy) @@ -124,6 +136,18 @@ class auth_login + /** + * Validate login credentials + * + * @param string $uname - The user name requesting access + * @param string $pass - Password to use (usually plain text) + * @param pointer &$newvals - pointer to array to accept other data read from database + * @param boolean $connect_only - TRUE to simply connect to the server + * + * @return integer result (AUTH_xxxx) + * + * On a successful login, &$newvals array is filled with the requested data from the server + */ function login($uname, $pass, &$newvals, $connect_only = FALSE) { // Create authentification request