/**
* Initialize the auth system.
*
* This function is automatically called at the end of init.php
*
* This used to be the main() of the auth.php
*
* @todo backend loading maybe should be handled by the class autoloader
* @todo maybe split into multiple functions at the XXX marked positions
* @triggers AUTH_LOGIN_CHECK
* @return bool
*/
function auth_setup()
{
global $conf;
/* @var auth_basic $auth */
global $auth;
/* @var Input $INPUT */
global $INPUT;
global $AUTH_ACL;
global $lang;
$AUTH_ACL = array();
if (!$conf['useacl']) {
return false;
}
// load the the backend auth functions and instantiate the auth object XXX
if (@file_exists(DOKU_INC . 'inc/auth/' . $conf['authtype'] . '.class.php')) {
require_once DOKU_INC . 'inc/auth/basic.class.php';
require_once DOKU_INC . 'inc/auth/' . $conf['authtype'] . '.class.php';
$auth_class = "auth_" . $conf['authtype'];
if (class_exists($auth_class)) {
$auth = new $auth_class();
if ($auth->success == false) {
// degrade to unauthenticated user
unset($auth);
auth_logoff();
msg($lang['authtempfail'], -1);
}
} else {
nice_die($lang['authmodfailed']);
}
} else {
nice_die($lang['authmodfailed']);
}
if (!isset($auth) || !$auth) {
return false;
}
// do the login either by cookie or provided credentials XXX
$INPUT->set('http_credentials', false);
if (!$conf['rememberme']) {
$INPUT->set('r', false);
}
// handle renamed HTTP_AUTHORIZATION variable (can happen when a fix like
// the one presented at
// http://www.besthostratings.com/articles/http-auth-php-cgi.html is used
// for enabling HTTP authentication with CGI/SuExec)
if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
}
// streamline HTTP auth credentials (IIS/rewrite -> mod_php)
if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
}
// if no credentials were given try to use HTTP auth (for SSO)
if (!$INPUT->str('u') && empty($_COOKIE[DOKU_COOKIE]) && !empty($_SERVER['PHP_AUTH_USER'])) {
$INPUT->set('u', $_SERVER['PHP_AUTH_USER']);
$INPUT->set('p', $_SERVER['PHP_AUTH_PW']);
$INPUT->set('http_credentials', true);
}
// apply cleaning
$INPUT->set('u', $auth->cleanUser($INPUT->str('u')));
if ($INPUT->str('authtok')) {
// when an authentication token is given, trust the session
auth_validateToken($INPUT->str('authtok'));
} elseif (!is_null($auth) && $auth->canDo('external')) {
// external trust mechanism in place
$auth->trustExternal($INPUT->str('u'), $INPUT->str('p'), $INPUT->bool('r'));
} else {
$evdata = array('user' => $INPUT->str('u'), 'password' => $INPUT->str('p'), 'sticky' => $INPUT->bool('r'), 'silent' => $INPUT->bool('http_credentials'));
trigger_event('AUTH_LOGIN_CHECK', $evdata, 'auth_login_wrapper');
}
//load ACL into a global array XXX
$AUTH_ACL = auth_loadACL();
return true;
}
}
// streamline HTTP auth credentials (IIS/rewrite -> mod_php)
if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
}
// if no credentials were given try to use HTTP auth (for SSO)
if (empty($_REQUEST['u']) && empty($_COOKIE[DOKU_COOKIE]) && !empty($_SERVER['PHP_AUTH_USER'])) {
$_REQUEST['u'] = $_SERVER['PHP_AUTH_USER'];
$_REQUEST['p'] = $_SERVER['PHP_AUTH_PW'];
$_REQUEST['http_credentials'] = true;
}
// apply cleaning
$_REQUEST['u'] = $auth->cleanUser($_REQUEST['u']);
if (isset($_REQUEST['authtok'])) {
// when an authentication token is given, trust the session
auth_validateToken($_REQUEST['authtok']);
} elseif (!is_null($auth) && $auth->canDo('external')) {
// external trust mechanism in place
$auth->trustExternal($_REQUEST['u'], $_REQUEST['p'], $_REQUEST['r']);
} else {
$evdata = array('user' => $_REQUEST['u'], 'password' => $_REQUEST['p'], 'sticky' => $_REQUEST['r'], 'silent' => $_REQUEST['http_credentials']);
$evt = new Doku_Event('AUTH_LOGIN_CHECK', $evdata);
if ($evt->advise_before()) {
auth_login($evdata['user'], $evdata['password'], $evdata['sticky'], $evdata['silent']);
}
}
}
//load ACL into a global array
global $AUTH_ACL;
if (is_readable(DOKU_CONF . 'acl.auth.php')) {
$AUTH_ACL = file(DOKU_CONF . 'acl.auth.php');
/**
* Initialize the auth system.
*
* This function is automatically called at the end of init.php
*
* This used to be the main() of the auth.php
*
* @todo backend loading maybe should be handled by the class autoloader
* @todo maybe split into multiple functions at the XXX marked positions
* @triggers AUTH_LOGIN_CHECK
* @return bool
*/
function auth_setup()
{
global $conf;
/* @var DokuWiki_Auth_Plugin $auth */
global $auth;
/* @var Input $INPUT */
global $INPUT;
global $AUTH_ACL;
global $lang;
/* @var Doku_Plugin_Controller $plugin_controller */
global $plugin_controller;
$AUTH_ACL = array();
if (!$conf['useacl']) {
return false;
}
// try to load auth backend from plugins
foreach ($plugin_controller->getList('auth') as $plugin) {
if ($conf['authtype'] === $plugin) {
$auth = $plugin_controller->load('auth', $plugin);
break;
} elseif ('auth' . $conf['authtype'] === $plugin) {
// matches old auth backends (pre-Weatherwax)
$auth = $plugin_controller->load('auth', $plugin);
msg('Your authtype setting is deprecated. You must set $conf[\'authtype\'] = "auth' . $conf['authtype'] . '"' . ' in your configuration (see <a href="https://www.dokuwiki.org/auth">Authentication Backends</a>)', -1, '', '', MSG_ADMINS_ONLY);
}
}
if (!isset($auth) || !$auth) {
msg($lang['authtempfail'], -1);
return false;
}
if ($auth->success == false) {
// degrade to unauthenticated user
unset($auth);
auth_logoff();
msg($lang['authtempfail'], -1);
return false;
}
// do the login either by cookie or provided credentials XXX
$INPUT->set('http_credentials', false);
if (!$conf['rememberme']) {
$INPUT->set('r', false);
}
// handle renamed HTTP_AUTHORIZATION variable (can happen when a fix like
// the one presented at
// http://www.besthostratings.com/articles/http-auth-php-cgi.html is used
// for enabling HTTP authentication with CGI/SuExec)
if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
}
// streamline HTTP auth credentials (IIS/rewrite -> mod_php)
if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
}
// if no credentials were given try to use HTTP auth (for SSO)
if (!$INPUT->str('u') && empty($_COOKIE[DOKU_COOKIE]) && !empty($_SERVER['PHP_AUTH_USER'])) {
$INPUT->set('u', $_SERVER['PHP_AUTH_USER']);
$INPUT->set('p', $_SERVER['PHP_AUTH_PW']);
$INPUT->set('http_credentials', true);
}
// apply cleaning (auth specific user names, remove control chars)
if (true === $auth->success) {
$INPUT->set('u', $auth->cleanUser(stripctl($INPUT->str('u'))));
$INPUT->set('p', stripctl($INPUT->str('p')));
}
if ($INPUT->str('authtok')) {
// when an authentication token is given, trust the session
auth_validateToken($INPUT->str('authtok'));
} elseif (!is_null($auth) && $auth->canDo('external')) {
// external trust mechanism in place
$auth->trustExternal($INPUT->str('u'), $INPUT->str('p'), $INPUT->bool('r'));
} else {
$evdata = array('user' => $INPUT->str('u'), 'password' => $INPUT->str('p'), 'sticky' => $INPUT->bool('r'), 'silent' => $INPUT->bool('http_credentials'));
trigger_event('AUTH_LOGIN_CHECK', $evdata, 'auth_login_wrapper');
}
//load ACL into a global array XXX
$AUTH_ACL = auth_loadACL();
return true;
}
/**
* Initialize the auth system.
*
* This function is automatically called at the end of init.php
*
* This used to be the main() of the auth.php
*
* @todo backend loading maybe should be handled by the class autoloader
* @todo maybe split into multiple functions at the XXX marked positions
*/
function auth_setup()
{
global $conf;
global $auth;
global $AUTH_ACL;
global $lang;
global $config_cascade;
$AUTH_ACL = array();
if (!$conf['useacl']) {
return false;
}
// load the the backend auth functions and instantiate the auth object XXX
if (@file_exists(DOKU_INC . 'inc/auth/' . $conf['authtype'] . '.class.php')) {
require_once DOKU_INC . 'inc/auth/basic.class.php';
require_once DOKU_INC . 'inc/auth/' . $conf['authtype'] . '.class.php';
$auth_class = "auth_" . $conf['authtype'];
if (class_exists($auth_class)) {
$auth = new $auth_class();
if ($auth->success == false) {
// degrade to unauthenticated user
unset($auth);
auth_logoff();
msg($lang['authtempfail'], -1);
}
} else {
nice_die($lang['authmodfailed']);
}
} else {
nice_die($lang['authmodfailed']);
}
if (!$auth) {
return;
}
// do the login either by cookie or provided credentials XXX
if (!isset($_REQUEST['u'])) {
$_REQUEST['u'] = '';
}
if (!isset($_REQUEST['p'])) {
$_REQUEST['p'] = '';
}
if (!isset($_REQUEST['r'])) {
$_REQUEST['r'] = '';
}
$_REQUEST['http_credentials'] = false;
if (!$conf['rememberme']) {
$_REQUEST['r'] = false;
}
// streamline HTTP auth credentials (IIS/rewrite -> mod_php)
if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
}
// if no credentials were given try to use HTTP auth (for SSO)
if (empty($_REQUEST['u']) && empty($_COOKIE[DOKU_COOKIE]) && !empty($_SERVER['PHP_AUTH_USER'])) {
$_REQUEST['u'] = $_SERVER['PHP_AUTH_USER'];
$_REQUEST['p'] = $_SERVER['PHP_AUTH_PW'];
$_REQUEST['http_credentials'] = true;
}
// apply cleaning
$_REQUEST['u'] = $auth->cleanUser($_REQUEST['u']);
if (isset($_REQUEST['authtok'])) {
// when an authentication token is given, trust the session
auth_validateToken($_REQUEST['authtok']);
} elseif (!is_null($auth) && $auth->canDo('external')) {
// external trust mechanism in place
$auth->trustExternal($_REQUEST['u'], $_REQUEST['p'], $_REQUEST['r']);
} else {
$evdata = array('user' => $_REQUEST['u'], 'password' => $_REQUEST['p'], 'sticky' => $_REQUEST['r'], 'silent' => $_REQUEST['http_credentials']);
trigger_event('AUTH_LOGIN_CHECK', $evdata, 'auth_login_wrapper');
}
//load ACL into a global array XXX
$AUTH_ACL = auth_loadACL();
}
