diff options
Diffstat (limited to 'wiki/lib/plugins/authpdo/auth.php')
-rw-r--r-- | wiki/lib/plugins/authpdo/auth.php | 781 |
1 files changed, 0 insertions, 781 deletions
diff --git a/wiki/lib/plugins/authpdo/auth.php b/wiki/lib/plugins/authpdo/auth.php deleted file mode 100644 index dfe1254..0000000 --- a/wiki/lib/plugins/authpdo/auth.php +++ /dev/null @@ -1,781 +0,0 @@ -<?php -/** - * DokuWiki Plugin authpdo (Auth Component) - * - * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html - * @author Andreas Gohr <andi@splitbrain.org> - */ - -// must be run within Dokuwiki -if(!defined('DOKU_INC')) die(); - -/** - * Class auth_plugin_authpdo - */ -class auth_plugin_authpdo extends DokuWiki_Auth_Plugin { - - /** @var PDO */ - protected $pdo; - - /** @var null|array The list of all groups */ - protected $groupcache = null; - - /** - * Constructor. - */ - public function __construct() { - parent::__construct(); // for compatibility - - if(!class_exists('PDO')) { - $this->_debug('PDO extension for PHP not found.', -1, __LINE__); - $this->success = false; - return; - } - - if(!$this->getConf('dsn')) { - $this->_debug('No DSN specified', -1, __LINE__); - $this->success = false; - return; - } - - try { - $this->pdo = new PDO( - $this->getConf('dsn'), - $this->getConf('user'), - conf_decodeString($this->getConf('pass')), - array( - PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, // always fetch as array - PDO::ATTR_EMULATE_PREPARES => true, // emulating prepares allows us to reuse param names - PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, // we want exceptions, not error codes - ) - ); - } catch(PDOException $e) { - $this->_debug($e); - msg($this->getLang('connectfail'), -1); - $this->success = false; - return; - } - - // can Users be created? - $this->cando['addUser'] = $this->_chkcnf( - array( - 'select-user', - 'select-user-groups', - 'select-groups', - 'insert-user', - 'insert-group', - 'join-group' - ) - ); - - // can Users be deleted? - $this->cando['delUser'] = $this->_chkcnf( - array( - 'select-user', - 'select-user-groups', - 'select-groups', - 'leave-group', - 'delete-user' - ) - ); - - // can login names be changed? - $this->cando['modLogin'] = $this->_chkcnf( - array( - 'select-user', - 'select-user-groups', - 'update-user-login' - ) - ); - - // can passwords be changed? - $this->cando['modPass'] = $this->_chkcnf( - array( - 'select-user', - 'select-user-groups', - 'update-user-pass' - ) - ); - - // can real names be changed? - $this->cando['modName'] = $this->_chkcnf( - array( - 'select-user', - 'select-user-groups', - 'update-user-info:name' - ) - ); - - // can real email be changed? - $this->cando['modMail'] = $this->_chkcnf( - array( - 'select-user', - 'select-user-groups', - 'update-user-info:mail' - ) - ); - - // can groups be changed? - $this->cando['modGroups'] = $this->_chkcnf( - array( - 'select-user', - 'select-user-groups', - 'select-groups', - 'leave-group', - 'join-group', - 'insert-group' - ) - ); - - // can a filtered list of users be retrieved? - $this->cando['getUsers'] = $this->_chkcnf( - array( - 'list-users' - ) - ); - - // can the number of users be retrieved? - $this->cando['getUserCount'] = $this->_chkcnf( - array( - 'count-users' - ) - ); - - // can a list of available groups be retrieved? - $this->cando['getGroups'] = $this->_chkcnf( - array( - 'select-groups' - ) - ); - - $this->success = true; - } - - /** - * Check user+password - * - * @param string $user the user name - * @param string $pass the clear text password - * @return bool - */ - public function checkPass($user, $pass) { - - $userdata = $this->_selectUser($user); - if($userdata == false) return false; - - // password checking done in SQL? - if($this->_chkcnf(array('check-pass'))) { - $userdata['clear'] = $pass; - $userdata['hash'] = auth_cryptPassword($pass); - $result = $this->_query($this->getConf('check-pass'), $userdata); - if($result === false) return false; - return (count($result) == 1); - } - - // we do password checking on our own - if(isset($userdata['hash'])) { - // hashed password - $passhash = new PassHash(); - return $passhash->verify_hash($pass, $userdata['hash']); - } else { - // clear text password in the database O_o - return ($pass === $userdata['clear']); - } - } - - /** - * Return user info - * - * Returns info about the given user needs to contain - * at least these fields: - * - * name string full name of the user - * mail string email addres of the user - * grps array list of groups the user is in - * - * @param string $user the user name - * @param bool $requireGroups whether or not the returned data must include groups - * @return array|bool containing user data or false - */ - public function getUserData($user, $requireGroups = true) { - $data = $this->_selectUser($user); - if($data == false) return false; - - if(isset($data['hash'])) unset($data['hash']); - if(isset($data['clean'])) unset($data['clean']); - - if($requireGroups) { - $data['grps'] = $this->_selectUserGroups($data); - if($data['grps'] === false) return false; - } - - return $data; - } - - /** - * Create a new User [implement only where required/possible] - * - * Returns false if the user already exists, null when an error - * occurred and true if everything went well. - * - * The new user HAS TO be added to the default group by this - * function! - * - * Set addUser capability when implemented - * - * @param string $user - * @param string $clear - * @param string $name - * @param string $mail - * @param null|array $grps - * @return bool|null - */ - public function createUser($user, $clear, $name, $mail, $grps = null) { - global $conf; - - if(($info = $this->getUserData($user, false)) !== false) { - msg($this->getLang('userexists'), -1); - return false; // user already exists - } - - // prepare data - if($grps == null) $grps = array(); - array_unshift($grps, $conf['defaultgroup']); - $grps = array_unique($grps); - $hash = auth_cryptPassword($clear); - $userdata = compact('user', 'clear', 'hash', 'name', 'mail'); - - // action protected by transaction - $this->pdo->beginTransaction(); - { - // insert the user - $ok = $this->_query($this->getConf('insert-user'), $userdata); - if($ok === false) goto FAIL; - $userdata = $this->getUserData($user, false); - if($userdata === false) goto FAIL; - - // create all groups that do not exist, the refetch the groups - $allgroups = $this->_selectGroups(); - foreach($grps as $group) { - if(!isset($allgroups[$group])) { - $ok = $this->addGroup($group); - if($ok === false) goto FAIL; - } - } - $allgroups = $this->_selectGroups(); - - // add user to the groups - foreach($grps as $group) { - $ok = $this->_joinGroup($userdata, $allgroups[$group]); - if($ok === false) goto FAIL; - } - } - $this->pdo->commit(); - return true; - - // something went wrong, rollback - FAIL: - $this->pdo->rollBack(); - $this->_debug('Transaction rolled back', 0, __LINE__); - msg($this->getLang('writefail'), -1); - return null; // return error - } - - /** - * Modify user data - * - * @param string $user nick of the user to be changed - * @param array $changes array of field/value pairs to be changed (password will be clear text) - * @return bool - */ - public function modifyUser($user, $changes) { - // secure everything in transaction - $this->pdo->beginTransaction(); - { - $olddata = $this->getUserData($user); - $oldgroups = $olddata['grps']; - unset($olddata['grps']); - - // changing the user name? - if(isset($changes['user'])) { - if($this->getUserData($changes['user'], false)) goto FAIL; - $params = $olddata; - $params['newlogin'] = $changes['user']; - - $ok = $this->_query($this->getConf('update-user-login'), $params); - if($ok === false) goto FAIL; - } - - // changing the password? - if(isset($changes['pass'])) { - $params = $olddata; - $params['clear'] = $changes['pass']; - $params['hash'] = auth_cryptPassword($changes['pass']); - - $ok = $this->_query($this->getConf('update-user-pass'), $params); - if($ok === false) goto FAIL; - } - - // changing info? - if(isset($changes['mail']) || isset($changes['name'])) { - $params = $olddata; - if(isset($changes['mail'])) $params['mail'] = $changes['mail']; - if(isset($changes['name'])) $params['name'] = $changes['name']; - - $ok = $this->_query($this->getConf('update-user-info'), $params); - if($ok === false) goto FAIL; - } - - // changing groups? - if(isset($changes['grps'])) { - $allgroups = $this->_selectGroups(); - - // remove membership for previous groups - foreach($oldgroups as $group) { - if(!in_array($group, $changes['grps']) && isset($allgroups[$group])) { - $ok = $this->_leaveGroup($olddata, $allgroups[$group]); - if($ok === false) goto FAIL; - } - } - - // create all new groups that are missing - $added = 0; - foreach($changes['grps'] as $group) { - if(!isset($allgroups[$group])) { - $ok = $this->addGroup($group); - if($ok === false) goto FAIL; - $added++; - } - } - // reload group info - if($added > 0) $allgroups = $this->_selectGroups(); - - // add membership for new groups - foreach($changes['grps'] as $group) { - if(!in_array($group, $oldgroups)) { - $ok = $this->_joinGroup($olddata, $allgroups[$group]); - if($ok === false) goto FAIL; - } - } - } - - } - $this->pdo->commit(); - return true; - - // something went wrong, rollback - FAIL: - $this->pdo->rollBack(); - $this->_debug('Transaction rolled back', 0, __LINE__); - msg($this->getLang('writefail'), -1); - return false; // return error - } - - /** - * Delete one or more users - * - * Set delUser capability when implemented - * - * @param array $users - * @return int number of users deleted - */ - public function deleteUsers($users) { - $count = 0; - foreach($users as $user) { - if($this->_deleteUser($user)) $count++; - } - return $count; - } - - /** - * Bulk retrieval of user data [implement only where required/possible] - * - * Set getUsers capability when implemented - * - * @param int $start index of first user to be returned - * @param int $limit max number of users to be returned - * @param array $filter array of field/pattern pairs, null for no filter - * @return array list of userinfo (refer getUserData for internal userinfo details) - */ - public function retrieveUsers($start = 0, $limit = -1, $filter = null) { - if($limit < 0) $limit = 10000; // we don't support no limit - if(is_null($filter)) $filter = array(); - - if(isset($filter['grps'])) $filter['group'] = $filter['grps']; - foreach(array('user', 'name', 'mail', 'group') as $key) { - if(!isset($filter[$key])) { - $filter[$key] = '%'; - } else { - $filter[$key] = '%' . $filter[$key] . '%'; - } - } - $filter['start'] = (int) $start; - $filter['end'] = (int) $start + $limit; - $filter['limit'] = (int) $limit; - - $result = $this->_query($this->getConf('list-users'), $filter); - if(!$result) return array(); - $users = array(); - foreach($result as $row) { - if(!isset($row['user'])) { - $this->_debug("Statement did not return 'user' attribute", -1, __LINE__); - return array(); - } - $users[] = $this->getUserData($row['user']); - } - return $users; - } - - /** - * Return a count of the number of user which meet $filter criteria - * - * @param array $filter array of field/pattern pairs, empty array for no filter - * @return int - */ - public function getUserCount($filter = array()) { - if(is_null($filter)) $filter = array(); - - if(isset($filter['grps'])) $filter['group'] = $filter['grps']; - foreach(array('user', 'name', 'mail', 'group') as $key) { - if(!isset($filter[$key])) { - $filter[$key] = '%'; - } else { - $filter[$key] = '%' . $filter[$key] . '%'; - } - } - - $result = $this->_query($this->getConf('count-users'), $filter); - if(!$result || !isset($result[0]['count'])) { - $this->_debug("Statement did not return 'count' attribute", -1, __LINE__); - } - return (int) $result[0]['count']; - } - - /** - * Create a new group with the given name - * - * @param string $group - * @return bool - */ - public function addGroup($group) { - $sql = $this->getConf('insert-group'); - - $result = $this->_query($sql, array(':group' => $group)); - $this->_clearGroupCache(); - if($result === false) return false; - return true; - } - - /** - * Retrieve groups - * - * Set getGroups capability when implemented - * - * @param int $start - * @param int $limit - * @return array - */ - public function retrieveGroups($start = 0, $limit = 0) { - $groups = array_keys($this->_selectGroups()); - if($groups === false) return array(); - - if(!$limit) { - return array_splice($groups, $start); - } else { - return array_splice($groups, $start, $limit); - } - } - - /** - * Select data of a specified user - * - * @param string $user the user name - * @return bool|array user data, false on error - */ - protected function _selectUser($user) { - $sql = $this->getConf('select-user'); - - $result = $this->_query($sql, array(':user' => $user)); - if(!$result) return false; - - if(count($result) > 1) { - $this->_debug('Found more than one matching user', -1, __LINE__); - return false; - } - - $data = array_shift($result); - $dataok = true; - - if(!isset($data['user'])) { - $this->_debug("Statement did not return 'user' attribute", -1, __LINE__); - $dataok = false; - } - if(!isset($data['hash']) && !isset($data['clear']) && !$this->_chkcnf(array('check-pass'))) { - $this->_debug("Statement did not return 'clear' or 'hash' attribute", -1, __LINE__); - $dataok = false; - } - if(!isset($data['name'])) { - $this->_debug("Statement did not return 'name' attribute", -1, __LINE__); - $dataok = false; - } - if(!isset($data['mail'])) { - $this->_debug("Statement did not return 'mail' attribute", -1, __LINE__); - $dataok = false; - } - - if(!$dataok) return false; - return $data; - } - - /** - * Delete a user after removing all their group memberships - * - * @param string $user - * @return bool true when the user was deleted - */ - protected function _deleteUser($user) { - $this->pdo->beginTransaction(); - { - $userdata = $this->getUserData($user); - if($userdata === false) goto FAIL; - $allgroups = $this->_selectGroups(); - - // remove group memberships (ignore errors) - foreach($userdata['grps'] as $group) { - if(isset($allgroups[$group])) { - $this->_leaveGroup($userdata, $allgroups[$group]); - } - } - - $ok = $this->_query($this->getConf('delete-user'), $userdata); - if($ok === false) goto FAIL; - } - $this->pdo->commit(); - return true; - - FAIL: - $this->pdo->rollBack(); - return false; - } - - /** - * Select all groups of a user - * - * @param array $userdata The userdata as returned by _selectUser() - * @return array|bool list of group names, false on error - */ - protected function _selectUserGroups($userdata) { - global $conf; - $sql = $this->getConf('select-user-groups'); - $result = $this->_query($sql, $userdata); - if($result === false) return false; - - $groups = array($conf['defaultgroup']); // always add default config - foreach($result as $row) { - if(!isset($row['group'])) { - $this->_debug("No 'group' field returned in select-user-groups statement"); - return false; - } - $groups[] = $row['group']; - } - - $groups = array_unique($groups); - sort($groups); - return $groups; - } - - /** - * Select all available groups - * - * @return array|bool list of all available groups and their properties - */ - protected function _selectGroups() { - if($this->groupcache) return $this->groupcache; - - $sql = $this->getConf('select-groups'); - $result = $this->_query($sql); - if($result === false) return false; - - $groups = array(); - foreach($result as $row) { - if(!isset($row['group'])) { - $this->_debug("No 'group' field returned from select-groups statement", -1, __LINE__); - return false; - } - - // relayout result with group name as key - $group = $row['group']; - $groups[$group] = $row; - } - - ksort($groups); - return $groups; - } - - /** - * Remove all entries from the group cache - */ - protected function _clearGroupCache() { - $this->groupcache = null; - } - - /** - * Adds the user to the group - * - * @param array $userdata all the user data - * @param array $groupdata all the group data - * @return bool - */ - protected function _joinGroup($userdata, $groupdata) { - $data = array_merge($userdata, $groupdata); - $sql = $this->getConf('join-group'); - $result = $this->_query($sql, $data); - if($result === false) return false; - return true; - } - - /** - * Removes the user from the group - * - * @param array $userdata all the user data - * @param array $groupdata all the group data - * @return bool - */ - protected function _leaveGroup($userdata, $groupdata) { - $data = array_merge($userdata, $groupdata); - $sql = $this->getConf('leave-group'); - $result = $this->_query($sql, $data); - if($result === false) return false; - return true; - } - - /** - * Executes a query - * - * @param string $sql The SQL statement to execute - * @param array $arguments Named parameters to be used in the statement - * @return array|int|bool The result as associative array for SELECTs, affected rows for others, false on error - */ - protected function _query($sql, $arguments = array()) { - $sql = trim($sql); - if(empty($sql)) { - $this->_debug('No SQL query given', -1, __LINE__); - return false; - } - - // execute - $params = array(); - $sth = $this->pdo->prepare($sql); - try { - // prepare parameters - we only use those that exist in the SQL - foreach($arguments as $key => $value) { - if(is_array($value)) continue; - if(is_object($value)) continue; - if($key[0] != ':') $key = ":$key"; // prefix with colon if needed - if(strpos($sql, $key) === false) continue; // skip if parameter is missing - - if(is_int($value)) { - $sth->bindValue($key, $value, PDO::PARAM_INT); - } else { - $sth->bindValue($key, $value); - } - $params[$key] = $value; //remember for debugging - } - - $sth->execute(); - if(strtolower(substr($sql, 0, 6)) == 'select') { - $result = $sth->fetchAll(); - } else { - $result = $sth->rowCount(); - } - } catch(Exception $e) { - // report the caller's line - $trace = debug_backtrace(); - $line = $trace[0]['line']; - $dsql = $this->_debugSQL($sql, $params, !defined('DOKU_UNITTEST')); - $this->_debug($e, -1, $line); - $this->_debug("SQL: <pre>$dsql</pre>", -1, $line); - $result = false; - } - $sth->closeCursor(); - $sth = null; - - return $result; - } - - /** - * Wrapper around msg() but outputs only when debug is enabled - * - * @param string|Exception $message - * @param int $err - * @param int $line - */ - protected function _debug($message, $err = 0, $line = 0) { - if(!$this->getConf('debug')) return; - if(is_a($message, 'Exception')) { - $err = -1; - $msg = $message->getMessage(); - if(!$line) $line = $message->getLine(); - } else { - $msg = $message; - } - - if(defined('DOKU_UNITTEST')) { - printf("\n%s, %s:%d\n", $msg, __FILE__, $line); - } else { - msg('authpdo: ' . $msg, $err, $line, __FILE__); - } - } - - /** - * Check if the given config strings are set - * - * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> - * - * @param string[] $keys - * @return bool - */ - protected function _chkcnf($keys) { - foreach($keys as $key) { - $params = explode(':', $key); - $key = array_shift($params); - $sql = trim($this->getConf($key)); - - // check if sql is set - if(!$sql) return false; - // check if needed params are there - foreach($params as $param) { - if(strpos($sql, ":$param") === false) return false; - } - } - - return true; - } - - /** - * create an approximation of the SQL string with parameters replaced - * - * @param string $sql - * @param array $params - * @param bool $htmlescape Should the result be escaped for output in HTML? - * @return string - */ - protected function _debugSQL($sql, $params, $htmlescape = true) { - foreach($params as $key => $val) { - if(is_int($val)) { - $val = $this->pdo->quote($val, PDO::PARAM_INT); - } elseif(is_bool($val)) { - $val = $this->pdo->quote($val, PDO::PARAM_BOOL); - } elseif(is_null($val)) { - $val = 'NULL'; - } else { - $val = $this->pdo->quote($val); - } - $sql = str_replace($key, $val, $sql); - } - if($htmlescape) $sql = hsc($sql); - return $sql; - } -} - -// vim:ts=4:sw=4:et: |