about summary refs log tree commit diff stats
path: root/wiki/lib/plugins/authpdo/auth.php
diff options
context:
space:
mode:
Diffstat (limited to 'wiki/lib/plugins/authpdo/auth.php')
-rw-r--r--wiki/lib/plugins/authpdo/auth.php781
1 files changed, 0 insertions, 781 deletions
diff --git a/wiki/lib/plugins/authpdo/auth.php b/wiki/lib/plugins/authpdo/auth.php
deleted file mode 100644
index dfe1254..0000000
--- a/wiki/lib/plugins/authpdo/auth.php
+++ /dev/null
@@ -1,781 +0,0 @@
-<?php
-/**
- * DokuWiki Plugin authpdo (Auth Component)
- *
- * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html
- * @author  Andreas Gohr <andi@splitbrain.org>
- */
-
-// must be run within Dokuwiki
-if(!defined('DOKU_INC')) die();
-
-/**
- * Class auth_plugin_authpdo
- */
-class auth_plugin_authpdo extends DokuWiki_Auth_Plugin {
-
-    /** @var PDO */
-    protected $pdo;
-
-    /** @var null|array The list of all groups */
-    protected $groupcache = null;
-
-    /**
-     * Constructor.
-     */
-    public function __construct() {
-        parent::__construct(); // for compatibility
-
-        if(!class_exists('PDO')) {
-            $this->_debug('PDO extension for PHP not found.', -1, __LINE__);
-            $this->success = false;
-            return;
-        }
-
-        if(!$this->getConf('dsn')) {
-            $this->_debug('No DSN specified', -1, __LINE__);
-            $this->success = false;
-            return;
-        }
-
-        try {
-            $this->pdo = new PDO(
-                $this->getConf('dsn'),
-                $this->getConf('user'),
-                conf_decodeString($this->getConf('pass')),
-                array(
-                    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, // always fetch as array
-                    PDO::ATTR_EMULATE_PREPARES => true, // emulating prepares allows us to reuse param names
-                    PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, // we want exceptions, not error codes
-                )
-            );
-        } catch(PDOException $e) {
-            $this->_debug($e);
-            msg($this->getLang('connectfail'), -1);
-            $this->success = false;
-            return;
-        }
-
-        // can Users be created?
-        $this->cando['addUser'] = $this->_chkcnf(
-            array(
-                'select-user',
-                'select-user-groups',
-                'select-groups',
-                'insert-user',
-                'insert-group',
-                'join-group'
-            )
-        );
-
-        // can Users be deleted?
-        $this->cando['delUser'] = $this->_chkcnf(
-            array(
-                'select-user',
-                'select-user-groups',
-                'select-groups',
-                'leave-group',
-                'delete-user'
-            )
-        );
-
-        // can login names be changed?
-        $this->cando['modLogin'] = $this->_chkcnf(
-            array(
-                'select-user',
-                'select-user-groups',
-                'update-user-login'
-            )
-        );
-
-        // can passwords be changed?
-        $this->cando['modPass'] = $this->_chkcnf(
-            array(
-                'select-user',
-                'select-user-groups',
-                'update-user-pass'
-            )
-        );
-
-        // can real names be changed?
-        $this->cando['modName'] = $this->_chkcnf(
-            array(
-                'select-user',
-                'select-user-groups',
-                'update-user-info:name'
-            )
-        );
-
-        // can real email be changed?
-        $this->cando['modMail'] = $this->_chkcnf(
-            array(
-                'select-user',
-                'select-user-groups',
-                'update-user-info:mail'
-            )
-        );
-
-        // can groups be changed?
-        $this->cando['modGroups'] = $this->_chkcnf(
-            array(
-                'select-user',
-                'select-user-groups',
-                'select-groups',
-                'leave-group',
-                'join-group',
-                'insert-group'
-            )
-        );
-
-        // can a filtered list of users be retrieved?
-        $this->cando['getUsers'] = $this->_chkcnf(
-            array(
-                'list-users'
-            )
-        );
-
-        // can the number of users be retrieved?
-        $this->cando['getUserCount'] = $this->_chkcnf(
-            array(
-                'count-users'
-            )
-        );
-
-        // can a list of available groups be retrieved?
-        $this->cando['getGroups'] = $this->_chkcnf(
-            array(
-                'select-groups'
-            )
-        );
-
-        $this->success = true;
-    }
-
-    /**
-     * Check user+password
-     *
-     * @param   string $user the user name
-     * @param   string $pass the clear text password
-     * @return  bool
-     */
-    public function checkPass($user, $pass) {
-
-        $userdata = $this->_selectUser($user);
-        if($userdata == false) return false;
-
-        // password checking done in SQL?
-        if($this->_chkcnf(array('check-pass'))) {
-            $userdata['clear'] = $pass;
-            $userdata['hash'] = auth_cryptPassword($pass);
-            $result = $this->_query($this->getConf('check-pass'), $userdata);
-            if($result === false) return false;
-            return (count($result) == 1);
-        }
-
-        // we do password checking on our own
-        if(isset($userdata['hash'])) {
-            // hashed password
-            $passhash = new PassHash();
-            return $passhash->verify_hash($pass, $userdata['hash']);
-        } else {
-            // clear text password in the database O_o
-            return ($pass === $userdata['clear']);
-        }
-    }
-
-    /**
-     * Return user info
-     *
-     * Returns info about the given user needs to contain
-     * at least these fields:
-     *
-     * name string  full name of the user
-     * mail string  email addres of the user
-     * grps array   list of groups the user is in
-     *
-     * @param   string $user the user name
-     * @param   bool $requireGroups whether or not the returned data must include groups
-     * @return array|bool containing user data or false
-     */
-    public function getUserData($user, $requireGroups = true) {
-        $data = $this->_selectUser($user);
-        if($data == false) return false;
-
-        if(isset($data['hash'])) unset($data['hash']);
-        if(isset($data['clean'])) unset($data['clean']);
-
-        if($requireGroups) {
-            $data['grps'] = $this->_selectUserGroups($data);
-            if($data['grps'] === false) return false;
-        }
-
-        return $data;
-    }
-
-    /**
-     * Create a new User [implement only where required/possible]
-     *
-     * Returns false if the user already exists, null when an error
-     * occurred and true if everything went well.
-     *
-     * The new user HAS TO be added to the default group by this
-     * function!
-     *
-     * Set addUser capability when implemented
-     *
-     * @param  string $user
-     * @param  string $clear
-     * @param  string $name
-     * @param  string $mail
-     * @param  null|array $grps
-     * @return bool|null
-     */
-    public function createUser($user, $clear, $name, $mail, $grps = null) {
-        global $conf;
-
-        if(($info = $this->getUserData($user, false)) !== false) {
-            msg($this->getLang('userexists'), -1);
-            return false; // user already exists
-        }
-
-        // prepare data
-        if($grps == null) $grps = array();
-        array_unshift($grps, $conf['defaultgroup']);
-        $grps = array_unique($grps);
-        $hash = auth_cryptPassword($clear);
-        $userdata = compact('user', 'clear', 'hash', 'name', 'mail');
-
-        // action protected by transaction
-        $this->pdo->beginTransaction();
-        {
-            // insert the user
-            $ok = $this->_query($this->getConf('insert-user'), $userdata);
-            if($ok === false) goto FAIL;
-            $userdata = $this->getUserData($user, false);
-            if($userdata === false) goto FAIL;
-
-            // create all groups that do not exist, the refetch the groups
-            $allgroups = $this->_selectGroups();
-            foreach($grps as $group) {
-                if(!isset($allgroups[$group])) {
-                    $ok = $this->addGroup($group);
-                    if($ok === false) goto FAIL;
-                }
-            }
-            $allgroups = $this->_selectGroups();
-
-            // add user to the groups
-            foreach($grps as $group) {
-                $ok = $this->_joinGroup($userdata, $allgroups[$group]);
-                if($ok === false) goto FAIL;
-            }
-        }
-        $this->pdo->commit();
-        return true;
-
-        // something went wrong, rollback
-        FAIL:
-        $this->pdo->rollBack();
-        $this->_debug('Transaction rolled back', 0, __LINE__);
-        msg($this->getLang('writefail'), -1);
-        return null; // return error
-    }
-
-    /**
-     * Modify user data
-     *
-     * @param   string $user nick of the user to be changed
-     * @param   array $changes array of field/value pairs to be changed (password will be clear text)
-     * @return  bool
-     */
-    public function modifyUser($user, $changes) {
-        // secure everything in transaction
-        $this->pdo->beginTransaction();
-        {
-            $olddata = $this->getUserData($user);
-            $oldgroups = $olddata['grps'];
-            unset($olddata['grps']);
-
-            // changing the user name?
-            if(isset($changes['user'])) {
-                if($this->getUserData($changes['user'], false)) goto FAIL;
-                $params = $olddata;
-                $params['newlogin'] = $changes['user'];
-
-                $ok = $this->_query($this->getConf('update-user-login'), $params);
-                if($ok === false) goto FAIL;
-            }
-
-            // changing the password?
-            if(isset($changes['pass'])) {
-                $params = $olddata;
-                $params['clear'] = $changes['pass'];
-                $params['hash'] = auth_cryptPassword($changes['pass']);
-
-                $ok = $this->_query($this->getConf('update-user-pass'), $params);
-                if($ok === false) goto FAIL;
-            }
-
-            // changing info?
-            if(isset($changes['mail']) || isset($changes['name'])) {
-                $params = $olddata;
-                if(isset($changes['mail'])) $params['mail'] = $changes['mail'];
-                if(isset($changes['name'])) $params['name'] = $changes['name'];
-
-                $ok = $this->_query($this->getConf('update-user-info'), $params);
-                if($ok === false) goto FAIL;
-            }
-
-            // changing groups?
-            if(isset($changes['grps'])) {
-                $allgroups = $this->_selectGroups();
-
-                // remove membership for previous groups
-                foreach($oldgroups as $group) {
-                    if(!in_array($group, $changes['grps']) && isset($allgroups[$group])) {
-                        $ok = $this->_leaveGroup($olddata, $allgroups[$group]);
-                        if($ok === false) goto FAIL;
-                    }
-                }
-
-                // create all new groups that are missing
-                $added = 0;
-                foreach($changes['grps'] as $group) {
-                    if(!isset($allgroups[$group])) {
-                        $ok = $this->addGroup($group);
-                        if($ok === false) goto FAIL;
-                        $added++;
-                    }
-                }
-                // reload group info
-                if($added > 0) $allgroups = $this->_selectGroups();
-
-                // add membership for new groups
-                foreach($changes['grps'] as $group) {
-                    if(!in_array($group, $oldgroups)) {
-                        $ok = $this->_joinGroup($olddata, $allgroups[$group]);
-                        if($ok === false) goto FAIL;
-                    }
-                }
-            }
-
-        }
-        $this->pdo->commit();
-        return true;
-
-        // something went wrong, rollback
-        FAIL:
-        $this->pdo->rollBack();
-        $this->_debug('Transaction rolled back', 0, __LINE__);
-        msg($this->getLang('writefail'), -1);
-        return false; // return error
-    }
-
-    /**
-     * Delete one or more users
-     *
-     * Set delUser capability when implemented
-     *
-     * @param   array $users
-     * @return  int    number of users deleted
-     */
-    public function deleteUsers($users) {
-        $count = 0;
-        foreach($users as $user) {
-            if($this->_deleteUser($user)) $count++;
-        }
-        return $count;
-    }
-
-    /**
-     * Bulk retrieval of user data [implement only where required/possible]
-     *
-     * Set getUsers capability when implemented
-     *
-     * @param   int $start index of first user to be returned
-     * @param   int $limit max number of users to be returned
-     * @param   array $filter array of field/pattern pairs, null for no filter
-     * @return  array list of userinfo (refer getUserData for internal userinfo details)
-     */
-    public function retrieveUsers($start = 0, $limit = -1, $filter = null) {
-        if($limit < 0) $limit = 10000; // we don't support no limit
-        if(is_null($filter)) $filter = array();
-
-        if(isset($filter['grps'])) $filter['group'] = $filter['grps'];
-        foreach(array('user', 'name', 'mail', 'group') as $key) {
-            if(!isset($filter[$key])) {
-                $filter[$key] = '%';
-            } else {
-                $filter[$key] = '%' . $filter[$key] . '%';
-            }
-        }
-        $filter['start'] = (int) $start;
-        $filter['end'] = (int) $start + $limit;
-        $filter['limit'] = (int) $limit;
-
-        $result = $this->_query($this->getConf('list-users'), $filter);
-        if(!$result) return array();
-        $users = array();
-        foreach($result as $row) {
-            if(!isset($row['user'])) {
-                $this->_debug("Statement did not return 'user' attribute", -1, __LINE__);
-                return array();
-            }
-            $users[] = $this->getUserData($row['user']);
-        }
-        return $users;
-    }
-
-    /**
-     * Return a count of the number of user which meet $filter criteria
-     *
-     * @param  array $filter array of field/pattern pairs, empty array for no filter
-     * @return int
-     */
-    public function getUserCount($filter = array()) {
-        if(is_null($filter)) $filter = array();
-
-        if(isset($filter['grps'])) $filter['group'] = $filter['grps'];
-        foreach(array('user', 'name', 'mail', 'group') as $key) {
-            if(!isset($filter[$key])) {
-                $filter[$key] = '%';
-            } else {
-                $filter[$key] = '%' . $filter[$key] . '%';
-            }
-        }
-
-        $result = $this->_query($this->getConf('count-users'), $filter);
-        if(!$result || !isset($result[0]['count'])) {
-            $this->_debug("Statement did not return 'count' attribute", -1, __LINE__);
-        }
-        return (int) $result[0]['count'];
-    }
-
-    /**
-     * Create a new group with the given name
-     *
-     * @param string $group
-     * @return bool
-     */
-    public function addGroup($group) {
-        $sql = $this->getConf('insert-group');
-
-        $result = $this->_query($sql, array(':group' => $group));
-        $this->_clearGroupCache();
-        if($result === false) return false;
-        return true;
-    }
-
-    /**
-     * Retrieve groups
-     *
-     * Set getGroups capability when implemented
-     *
-     * @param   int $start
-     * @param   int $limit
-     * @return  array
-     */
-    public function retrieveGroups($start = 0, $limit = 0) {
-        $groups = array_keys($this->_selectGroups());
-        if($groups === false) return array();
-
-        if(!$limit) {
-            return array_splice($groups, $start);
-        } else {
-            return array_splice($groups, $start, $limit);
-        }
-    }
-
-    /**
-     * Select data of a specified user
-     *
-     * @param string $user the user name
-     * @return bool|array user data, false on error
-     */
-    protected function _selectUser($user) {
-        $sql = $this->getConf('select-user');
-
-        $result = $this->_query($sql, array(':user' => $user));
-        if(!$result) return false;
-
-        if(count($result) > 1) {
-            $this->_debug('Found more than one matching user', -1, __LINE__);
-            return false;
-        }
-
-        $data = array_shift($result);
-        $dataok = true;
-
-        if(!isset($data['user'])) {
-            $this->_debug("Statement did not return 'user' attribute", -1, __LINE__);
-            $dataok = false;
-        }
-        if(!isset($data['hash']) && !isset($data['clear']) && !$this->_chkcnf(array('check-pass'))) {
-            $this->_debug("Statement did not return 'clear' or 'hash' attribute", -1, __LINE__);
-            $dataok = false;
-        }
-        if(!isset($data['name'])) {
-            $this->_debug("Statement did not return 'name' attribute", -1, __LINE__);
-            $dataok = false;
-        }
-        if(!isset($data['mail'])) {
-            $this->_debug("Statement did not return 'mail' attribute", -1, __LINE__);
-            $dataok = false;
-        }
-
-        if(!$dataok) return false;
-        return $data;
-    }
-
-    /**
-     * Delete a user after removing all their group memberships
-     *
-     * @param string $user
-     * @return bool true when the user was deleted
-     */
-    protected function _deleteUser($user) {
-        $this->pdo->beginTransaction();
-        {
-            $userdata = $this->getUserData($user);
-            if($userdata === false) goto FAIL;
-            $allgroups = $this->_selectGroups();
-
-            // remove group memberships (ignore errors)
-            foreach($userdata['grps'] as $group) {
-                if(isset($allgroups[$group])) {
-                    $this->_leaveGroup($userdata, $allgroups[$group]);
-                }
-            }
-
-            $ok = $this->_query($this->getConf('delete-user'), $userdata);
-            if($ok === false) goto FAIL;
-        }
-        $this->pdo->commit();
-        return true;
-
-        FAIL:
-        $this->pdo->rollBack();
-        return false;
-    }
-
-    /**
-     * Select all groups of a user
-     *
-     * @param array $userdata The userdata as returned by _selectUser()
-     * @return array|bool list of group names, false on error
-     */
-    protected function _selectUserGroups($userdata) {
-        global $conf;
-        $sql = $this->getConf('select-user-groups');
-        $result = $this->_query($sql, $userdata);
-        if($result === false) return false;
-
-        $groups = array($conf['defaultgroup']); // always add default config
-        foreach($result as $row) {
-            if(!isset($row['group'])) {
-                $this->_debug("No 'group' field returned in select-user-groups statement");
-                return false;
-            }
-            $groups[] = $row['group'];
-        }
-
-        $groups = array_unique($groups);
-        sort($groups);
-        return $groups;
-    }
-
-    /**
-     * Select all available groups
-     *
-     * @return array|bool list of all available groups and their properties
-     */
-    protected function _selectGroups() {
-        if($this->groupcache) return $this->groupcache;
-
-        $sql = $this->getConf('select-groups');
-        $result = $this->_query($sql);
-        if($result === false) return false;
-
-        $groups = array();
-        foreach($result as $row) {
-            if(!isset($row['group'])) {
-                $this->_debug("No 'group' field returned from select-groups statement", -1, __LINE__);
-                return false;
-            }
-
-            // relayout result with group name as key
-            $group = $row['group'];
-            $groups[$group] = $row;
-        }
-
-        ksort($groups);
-        return $groups;
-    }
-
-    /**
-     * Remove all entries from the group cache
-     */
-    protected function _clearGroupCache() {
-        $this->groupcache = null;
-    }
-
-    /**
-     * Adds the user to the group
-     *
-     * @param array $userdata all the user data
-     * @param array $groupdata all the group data
-     * @return bool
-     */
-    protected function _joinGroup($userdata, $groupdata) {
-        $data = array_merge($userdata, $groupdata);
-        $sql = $this->getConf('join-group');
-        $result = $this->_query($sql, $data);
-        if($result === false) return false;
-        return true;
-    }
-
-    /**
-     * Removes the user from the group
-     *
-     * @param array $userdata all the user data
-     * @param array $groupdata all the group data
-     * @return bool
-     */
-    protected function _leaveGroup($userdata, $groupdata) {
-        $data = array_merge($userdata, $groupdata);
-        $sql = $this->getConf('leave-group');
-        $result = $this->_query($sql, $data);
-        if($result === false) return false;
-        return true;
-    }
-
-    /**
-     * Executes a query
-     *
-     * @param string $sql The SQL statement to execute
-     * @param array $arguments Named parameters to be used in the statement
-     * @return array|int|bool The result as associative array for SELECTs, affected rows for others, false on error
-     */
-    protected function _query($sql, $arguments = array()) {
-        $sql = trim($sql);
-        if(empty($sql)) {
-            $this->_debug('No SQL query given', -1, __LINE__);
-            return false;
-        }
-
-        // execute
-        $params = array();
-        $sth = $this->pdo->prepare($sql);
-        try {
-            // prepare parameters - we only use those that exist in the SQL
-            foreach($arguments as $key => $value) {
-                if(is_array($value)) continue;
-                if(is_object($value)) continue;
-                if($key[0] != ':') $key = ":$key"; // prefix with colon if needed
-                if(strpos($sql, $key) === false) continue; // skip if parameter is missing
-
-                if(is_int($value)) {
-                    $sth->bindValue($key, $value, PDO::PARAM_INT);
-                } else {
-                    $sth->bindValue($key, $value);
-                }
-                $params[$key] = $value; //remember for debugging
-            }
-
-            $sth->execute();
-            if(strtolower(substr($sql, 0, 6)) == 'select') {
-                $result = $sth->fetchAll();
-            } else {
-                $result = $sth->rowCount();
-            }
-        } catch(Exception $e) {
-            // report the caller's line
-            $trace = debug_backtrace();
-            $line = $trace[0]['line'];
-            $dsql = $this->_debugSQL($sql, $params, !defined('DOKU_UNITTEST'));
-            $this->_debug($e, -1, $line);
-            $this->_debug("SQL: <pre>$dsql</pre>", -1, $line);
-            $result = false;
-        }
-        $sth->closeCursor();
-        $sth = null;
-
-        return $result;
-    }
-
-    /**
-     * Wrapper around msg() but outputs only when debug is enabled
-     *
-     * @param string|Exception $message
-     * @param int $err
-     * @param int $line
-     */
-    protected function _debug($message, $err = 0, $line = 0) {
-        if(!$this->getConf('debug')) return;
-        if(is_a($message, 'Exception')) {
-            $err = -1;
-            $msg = $message->getMessage();
-            if(!$line) $line = $message->getLine();
-        } else {
-            $msg = $message;
-        }
-
-        if(defined('DOKU_UNITTEST')) {
-            printf("\n%s, %s:%d\n", $msg, __FILE__, $line);
-        } else {
-            msg('authpdo: ' . $msg, $err, $line, __FILE__);
-        }
-    }
-
-    /**
-     * Check if the given config strings are set
-     *
-     * @author  Matthias Grimm <matthiasgrimm@users.sourceforge.net>
-     *
-     * @param   string[] $keys
-     * @return  bool
-     */
-    protected function _chkcnf($keys) {
-        foreach($keys as $key) {
-            $params = explode(':', $key);
-            $key = array_shift($params);
-            $sql = trim($this->getConf($key));
-
-            // check if sql is set
-            if(!$sql) return false;
-            // check if needed params are there
-            foreach($params as $param) {
-                if(strpos($sql, ":$param") === false) return false;
-            }
-        }
-
-        return true;
-    }
-
-    /**
-     * create an approximation of the SQL string with parameters replaced
-     *
-     * @param string $sql
-     * @param array $params
-     * @param bool $htmlescape Should the result be escaped for output in HTML?
-     * @return string
-     */
-    protected function _debugSQL($sql, $params, $htmlescape = true) {
-        foreach($params as $key => $val) {
-            if(is_int($val)) {
-                $val = $this->pdo->quote($val, PDO::PARAM_INT);
-            } elseif(is_bool($val)) {
-                $val = $this->pdo->quote($val, PDO::PARAM_BOOL);
-            } elseif(is_null($val)) {
-                $val = 'NULL';
-            } else {
-                $val = $this->pdo->quote($val);
-            }
-            $sql = str_replace($key, $val, $sql);
-        }
-        if($htmlescape) $sql = hsc($sql);
-        return $sql;
-    }
-}
-
-// vim:ts=4:sw=4:et: