function checkCredentials(&$server, &$credentials, $access, $pagename)
{
// check the "Authorization: Basic '.base64_encode("$this->username:$this->password").'\r\n'" header
if (isset($server->header['Authorization'])) {
$line = base64_decode(str_replace("Basic ", "", trim($server->header['Authorization'])));
list($credentials['username'], $credentials['password']) = explode(':', $line);
} else {
if (!isset($_SERVER)) {
$_SERVER =& $GLOBALS['HTTP_SERVER_VARS'];
}
// TODO: where in the header is the client IP
if (!isset($credentials['username'])) {
if (isset($_SERVER['REMOTE_ADDR'])) {
$credentials['username'] = $_SERVER['REMOTE_ADDR'];
} elseif (isset($GLOBALS['REMOTE_ADDR'])) {
$credentials['username'] = $GLOBALS['REMOTE_ADDR'];
} else {
$credentials['username'] = $server->host;
}
}
}
if (!isset($credentials['password'])) {
$credentials['password'] = '';
}
global $request;
if (ENABLE_USER_NEW) {
$request->_user = WikiUser($credentials['username']);
} else {
$request->_user = new WikiUser($request, $credentials['username']);
}
$request->_user->AuthCheck(array('userid' => $credentials['username'], 'passwd' => $credentials['password']));
if (!mayAccessPage($access, $pagename)) {
$server->fault(401, '', "no permission");
}
}
/**
* Probably not needed, since we use the various user objects methods so far.
* Anyway, here it is, looping through all available objects.
*/
function UserExists($UserName)
{
global $request;
if (!($user = $request->getUser())) {
$user = WikiUser($UserName);
}
if (!$user) {
return false;
}
if ($user->userExists($UserName)) {
$request->_user = $user;
return true;
}
if (isa($user, '_BogoUser')) {
$user = new _PassUser($UserName, $user->_prefs);
}
$class = $user->nextClass();
if ($user = new $class($UserName, $user->_prefs)) {
return $user->userExists($UserName);
}
$request->_user = $GLOBALS['ForbiddenUser'];
return false;
}
function WikiRequest()
{
$this->_dbi = WikiDB::open($GLOBALS['DBParams']);
// first mysql request costs [958ms]! [670ms] is mysql_connect()
if (in_array('File', $this->_dbi->getAuthParam('USER_AUTH_ORDER'))) {
// force our local copy, until the pear version is fixed.
include_once dirname(__FILE__) . "/pear/File_Passwd.php";
}
if (ENABLE_USER_NEW) {
// Preload all necessary userclasses. Otherwise session => __PHP_Incomplete_Class_Name
// There's no way to demand-load it later. This way it's much slower, but needs slightly
// less memory than loading all.
if (ALLOW_BOGO_LOGIN) {
include_once "lib/WikiUser/BogoLogin.php";
}
// UserPreferences POST Update doesn't reach this.
foreach ($GLOBALS['USER_AUTH_ORDER'] as $method) {
include_once "lib/WikiUser/{$method}.php";
if ($method == 'Db') {
switch (DATABASE_TYPE) {
case 'SQL':
include_once "lib/WikiUser/PearDb.php";
break;
case 'ADODB':
include_once "lib/WikiUser/AdoDb.php";
break;
case 'PDO':
include_once "lib/WikiUser/PdoDb.php";
break;
}
}
}
unset($method);
}
if (USE_DB_SESSION) {
include_once 'lib/DbSession.php';
$dbi =& $this->_dbi;
$this->_dbsession = new DbSession($dbi, $dbi->getParam('prefix') . $dbi->getParam('db_session_table'));
}
// Fixme: Does pear reset the error mask to 1? We have to find the culprit
//$x = error_reporting();
$this->version = phpwiki_version();
$this->Request();
// [90ms]
// Normalize args...
$this->setArg('pagename', $this->_deducePagename());
$this->setArg('action', $this->_deduceAction());
if (DEBUG & _DEBUG_SQL or DATABASE_OPTIMISE_FREQUENCY > 0 and time() % DATABASE_OPTIMISE_FREQUENCY == 0) {
if ($this->_dbi->_backend->optimize()) {
trigger_error(_("Optimizing database"), E_USER_NOTICE);
}
}
// Restore auth state. This doesn't check for proper authorization!
$userid = $this->_deduceUsername();
if (ENABLE_USER_NEW) {
if (isset($this->_user) and !empty($this->_user->_authhow) and $this->_user->_authhow == 'session') {
// users might switch in a session between the two objects.
// restore old auth level here or in updateAuthAndPrefs?
//$user = $this->getSessionVar('wiki_user');
// revive db handle, because these don't survive sessions
if (isset($this->_user) and (!isa($this->_user, WikiUserClassname()) or strtolower(get_class($this->_user)) == '_passuser')) {
$this->_user = WikiUser($userid, $this->_user->_prefs);
}
// revive other db handle
if (isset($this->_user->_prefs->_method) and ($this->_user->_prefs->_method == 'SQL' or $this->_user->_prefs->_method == 'ADODB' or $this->_user->_prefs->_method == 'PDO' or $this->_user->_prefs->_method == 'HomePage')) {
$this->_user->_HomePagehandle = $this->getPage($userid);
}
// need to update the lockfile filehandle
if (isa($this->_user, '_FilePassUser') and $this->_user->_file->lockfile and !$this->_user->_file->fplock) {
//$level = $this->_user->_level;
$this->_user = UpgradeUser($this->_user, new _FilePassUser($userid, $this->_user->_prefs, $this->_user->_file->filename));
//$this->_user->_level = $level;
}
$this->_prefs =& $this->_user->_prefs;
} else {
$user = WikiUser($userid);
$this->_user =& $user;
$this->_prefs =& $this->_user->_prefs;
}
} else {
$this->_user = new WikiUser($this, $userid);
$this->_prefs = $this->_user->getPreferences();
}
}
function checkEmailConfirmation()
{
global $request;
$wikidb = $request->getDbh();
$data = $wikidb->get('ConfirmEmail');
$id = $request->getArg('id');
if (empty($data[$id])) {
// id not found
return HTML(HTML::h1("Confirm E-mail address"), HTML::h1("Sorry! Wrong URL"));
}
// upgrade the user
$userid = $data['userid'];
$email = $data['email'];
$u = $request->getUser();
if ($u->UserName() == $userid) {
// lucky: current user (session)
$prefs = $u->getPreferences();
$request->_user->_level = WIKIAUTH_USER;
$request->_prefs->set('emailVerified', true);
} else {
// not current user
if (ENABLE_USER_NEW) {
$u = WikiUser($userid);
$u->getPreferences();
$prefs =& $u->_prefs;
} else {
$u = new WikiUser($request, $userid);
$prefs = $u->getPreferences();
}
$u->_level = WIKIAUTH_USER;
$request->setUser($u);
$request->_prefs->set('emailVerified', true);
}
unset($data[$id]);
$wikidb->set('ConfirmEmail', $data);
return HTML(HTML::h1("Confirm E-mail address"), HTML::p("Your e-mail address has now been confirmed."));
}
function getPageChangeEmails($notify)
{
$emails = array();
$userids = array();
foreach ($notify as $page => $users) {
if (glob_match($page, $this->_pagename)) {
foreach ($users as $userid => $user) {
$um = UserManager::instance();
$dbUser = $um->getUserByUserName($userid);
$wiki = new Wiki($_REQUEST['group_id']);
$wp = new WikiPage($_REQUEST['group_id'], $_REQUEST['pagename']);
if ($dbUser && ($dbUser->isActive() || $dbUser->isRestricted()) && $wiki->isAutorized($dbUser->getId()) && $wp->isAutorized($dbUser->getId())) {
if (!$user) {
// handle the case for ModeratePage: no prefs, just userid's.
global $request;
$u = $request->getUser();
if ($u->UserName() == $userid) {
$prefs = $u->getPreferences();
} else {
// not current user
if (ENABLE_USER_NEW) {
$u = WikiUser($userid);
$u->getPreferences();
$prefs =& $u->_prefs;
} else {
$u = new WikiUser($GLOBALS['request'], $userid);
$prefs = $u->getPreferences();
}
}
$emails[] = user_getemail_from_unix($userid);
$userids[] = $userid;
} else {
if (!empty($user['verified']) and !empty($user['email'])) {
$emails[] = user_getemail_from_unix($userid);
$userids[] = $userid;
} elseif (!empty($user['email'])) {
global $request;
// do a dynamic emailVerified check update
$u = $request->getUser();
if ($u->UserName() == $userid) {
if ($request->_prefs->get('emailVerified')) {
$emails[] = user_getemail_from_unix($userid);
$userids[] = $userid;
$notify[$page][$userid]['verified'] = 1;
$request->_dbi->set('notify', $notify);
}
} else {
// not current user
if (ENABLE_USER_NEW) {
$u = WikiUser($userid);
$u->getPreferences();
$prefs =& $u->_prefs;
} else {
$u = new WikiUser($GLOBALS['request'], $userid);
$prefs = $u->getPreferences();
}
if ($prefs->get('emailVerified')) {
$emails[] = user_getemail_from_unix($userid);
$userids[] = $userid;
$notify[$page][$userid]['verified'] = 1;
$request->_dbi->set('notify', $notify);
}
}
// ignore verification
/*
if (DEBUG) {
if (!in_array($user['email'],$emails))
$emails[] = $user['email'];
}
*/
}
}
}
}
}
}
$emails = array_unique($emails);
$userids = array_unique($userids);
return array($emails, $userids);
}
function getSpecialMembersOf($group)
{
//$request = &$this->request;
$all = $this->_allUsers();
$users = array();
switch ($group) {
case GROUP_EVERY:
return $all;
case GROUP_ANONYMOUS:
return $users;
case GROUP_BOGOUSER:
foreach ($all as $u) {
if (isWikiWord($u)) {
$users[] = $u;
}
}
return $users;
case GROUP_SIGNED:
foreach ($all as $u) {
$user = WikiUser($u);
if ($user->isSignedIn()) {
$users[] = $u;
}
}
return $users;
case GROUP_AUTHENTICATED:
foreach ($all as $u) {
$user = WikiUser($u);
if ($user->isAuthenticated()) {
$users[] = $u;
}
}
return $users;
case GROUP_ADMIN:
foreach ($all as $u) {
$user = WikiUser($u);
if (isset($user->_level) and $user->_level == WIKIAUTH_ADMIN) {
$users[] = $u;
}
}
return $users;
case GROUP_OWNER:
case GROUP_CREATOR:
// this could get complex so just return an empty array
return false;
default:
trigger_error(__sprintf("Unknown special group '%s'", $group), E_USER_WARNING);
}
}
function _do_email_verification(&$request, &$args)
{
$dbi = $request->getDbh();
$pagelist = new PageList('pagename', 0, $args);
//$args['return_url'] = 'action=email-verification-verified';
$email = new _PageList_Column_email('email', _("E-Mail"), 'left');
$emailVerified = new _PageList_Column_emailVerified('emailVerified', _("Verification Status"), 'center');
$pagelist->_columns[] = $email;
$pagelist->_columns[] = $emailVerified;
//This is the best method to find all users (Db and PersonalPage)
$current_user = $request->_user;
if (empty($args['verify'])) {
$group = $request->getGroup();
$allusers = $group->_allUsers();
} else {
$allusers = array_keys($args['user']);
}
foreach ($allusers as $username) {
if (ENABLE_USER_NEW) {
$user = WikiUser($username);
} else {
$user = new WikiUser($request, $username);
}
$prefs = $user->getPreferences();
if ($prefs->get('email')) {
if (!$prefs->get('userid')) {
$prefs->set('userid', $username);
}
if (!empty($pagelist->_rows)) {
$group = (int) (count($pagelist->_rows) / $pagelist->_group_rows);
} else {
$group = 0;
}
$class = $group % 2 ? 'oddrow' : 'evenrow';
$row = HTML::tr(array('class' => $class));
$page_handle = $dbi->getPage($username);
$row->pushContent($pagelist->_columns[0]->format($pagelist, $page_handle, $page_handle));
$row->pushContent($email->format($pagelist, $prefs, $page_handle));
if (!empty($args['verify'])) {
$prefs->_prefs['email']->set('emailVerified', empty($args['verified'][$username]) ? 0 : 2);
$user->setPreferences($prefs);
}
$row->pushContent($emailVerified->format($pagelist, $prefs, $args['verify']));
$pagelist->_rows[] = $row;
}
}
$request->_user = $current_user;
if (!empty($args['verify'])) {
return HTML($pagelist->_generateTable(false));
} else {
$args['verify'] = 1;
$args['return_url'] = $request->getURLtoSelf();
return HTML::form(array('action' => $request->getPostURL(), 'method' => 'post'), HiddenInputs($args, 'wikiadminutils'), HiddenInputs(array('require_authority_for_post' => WIKIAUTH_ADMIN)), HiddenInputs($request->getArgs()), $pagelist->_generateTable(false), HTML::p(Button('submit:', _("Change Verification Status"), 'wikiadmin'), HTML::Raw(' '), Button('cancel', _("Cancel"))));
}
}
function run($dbi, $argstr, &$request, $basepage)
{
$args = $this->getArgs($argstr, $request);
if (isa($request, 'MockRequest')) {
return '';
}
$user =& $request->_user;
$post_args = $request->getArg('admin_reset');
$userid = $request->getArg('user');
$isadmin = $user->isAdmin();
if ($request->isPost()) {
if (!$userid) {
$alert = new Alert(_("Warning:"), _("You need to specify the userid!"));
$alert->show();
return $this->doForm($request);
}
@($reset = $post_args['reset']);
if ($reset and $userid and !empty($post_args['verify'])) {
if ($user->isAdmin()) {
return $this->doReset($userid);
} else {
return $this->doEmail($request, $userid);
}
} elseif ($reset and empty($post_args['verify'])) {
$buttons = HTML::p(Button('submit:admin_reset[reset]', $isadmin ? _("Yes") : _("Send email"), $isadmin ? 'wikiadmin' : 'button'), HTML::Raw(' '), Button('submit:admin_reset[cancel]', _("Cancel"), 'button'));
$header = HTML::strong("Verify");
if (!$user->isAdmin()) {
// check for email
if ($userid == $user->UserName() and $user->isAuthenticated()) {
$alert = new Alert(_("Already logged in"), HTML(fmt("Changing passwords is done at "), WikiLink(_("UserPreferences"))));
$alert->show();
return;
}
$thisuser = WikiUser($userid);
$prefs = $thisuser->getPreferences();
$email = $prefs->get('email');
if (!$email) {
$alert = new Alert(_("Error"), HTML(fmt("No email stored for user %s.", $userid), HTML::br(), fmt("You need to ask an Administrator to reset this password. See below: "), HTML::br(), WikiLink(ADMIN_USER)));
$alert->show();
return;
}
$verified = $thisuser->_prefs->_prefs['email']->getraw('emailVerified');
if (!$verified) {
$header->pushContent(HTML::br(), "Warning: This users email address is unverified!");
}
}
return $this->doForm($request, $header, HTML(HTML::hr(), fmt("Do you really want to reset the password of user %s?", $userid), $isadmin ? '' : _("An email will be sent."), HiddenInputs(array('admin_reset[verify]' => 1, 'user' => $userid)), $buttons));
} else {
return $this->doForm($request);
}
} else {
return $this->doForm($request);
}
}
function getPageChangeEmails($notify)
{
$emails = array();
$userids = array();
foreach ($notify as $page => $users) {
if (glob_match($page, $this->_pagename)) {
foreach ($users as $userid => $user) {
if (!$user) {
// handle the case for ModeratePage: no prefs, just userid's.
global $request;
$u = $request->getUser();
if ($u->UserName() == $userid) {
$prefs = $u->getPreferences();
} else {
// not current user
if (ENABLE_USER_NEW) {
$u = WikiUser($userid);
$u->getPreferences();
$prefs =& $u->_prefs;
} else {
$u = new WikiUser($GLOBALS['request'], $userid);
$prefs = $u->getPreferences();
}
}
$emails[] = $prefs->get('email');
$userids[] = $userid;
} else {
if (!empty($user['verified']) and !empty($user['email'])) {
$emails[] = $user['email'];
$userids[] = $userid;
} elseif (!empty($user['email'])) {
global $request;
// do a dynamic emailVerified check update
$u = $request->getUser();
if ($u->UserName() == $userid) {
if ($request->_prefs->get('emailVerified')) {
$emails[] = $user['email'];
$userids[] = $userid;
$notify[$page][$userid]['verified'] = 1;
$request->_dbi->set('notify', $notify);
}
} else {
// not current user
if (ENABLE_USER_NEW) {
$u = WikiUser($userid);
$u->getPreferences();
$prefs =& $u->_prefs;
} else {
$u = new WikiUser($GLOBALS['request'], $userid);
$prefs = $u->getPreferences();
}
if ($prefs->get('emailVerified')) {
$emails[] = $user['email'];
$userids[] = $userid;
$notify[$page][$userid]['verified'] = 1;
$request->_dbi->set('notify', $notify);
}
}
// ignore verification
/*
if (DEBUG) {
if (!in_array($user['email'],$emails))
$emails[] = $user['email'];
}
*/
}
}
}
}
}
$emails = array_unique($emails);
$userids = array_unique($userids);
return array($emails, $userids);
}
function run($dbi, $argstr, &$request, $basepage)
{
$args = $this->getArgs($argstr, $request);
extract($args);
if (empty($userid) or $userid == $request->_user->UserName()) {
$user =& $request->_user;
$userid = $user->UserName();
} else {
$user = WikiUser($userid);
}
if (!$user->isAdmin() and !(DEBUG && _DEBUG_LOGIN)) {
$request->_notAuthorized(WIKIAUTH_ADMIN);
$this->disabled("! user->isAdmin");
}
$html = HTML(HTML::h3(fmt("General Auth Settings")));
$table = HTML::table(array('border' => 1, 'cellpadding' => 2, 'cellspacing' => 0));
$table->pushContent($this->_showhash("AUTH DEFINES", $this->_buildConstHash(array("ENABLE_USER_NEW", "ALLOW_ANON_USER", "ALLOW_ANON_EDIT", "ALLOW_BOGO_LOGIN", "REQUIRE_SIGNIN_BEFORE_EDIT", "ALLOW_USER_PASSWORDS", "PASSWORD_LENGTH_MINIMUM", "USE_DB_SESSION"))));
if (defined('ALLOW_LDAP_LOGIN') && ALLOW_LDAP_LOGIN or in_array("LDAP", $GLOBALS['USER_AUTH_ORDER'])) {
$table->pushContent($this->_showhash("LDAP DEFINES", $this->_buildConstHash(array("LDAP_AUTH_HOST", "LDAP_BASE_DN"))));
}
if (defined('ALLOW_IMAP_LOGIN') && ALLOW_IMAP_LOGIN or in_array("IMAP", $GLOBALS['USER_AUTH_ORDER'])) {
$table->pushContent($this->_showhash("IMAP DEFINES", array("IMAP_AUTH_HOST" => IMAP_AUTH_HOST)));
}
if (defined('AUTH_USER_FILE') or in_array("File", $GLOBALS['USER_AUTH_ORDER'])) {
$table->pushContent($this->_showhash("AUTH_USER_FILE", $this->_buildConstHash(array("AUTH_USER_FILE", "AUTH_USER_FILE_STORABLE"))));
}
if (defined('GROUP_METHOD')) {
$table->pushContent($this->_showhash("GROUP_METHOD", $this->_buildConstHash(array("GROUP_METHOD", "AUTH_GROUP_FILE", "GROUP_LDAP_QUERY"))));
}
$table->pushContent($this->_showhash("\$USER_AUTH_ORDER[]", $GLOBALS['USER_AUTH_ORDER']));
$table->pushContent($this->_showhash("USER_AUTH_POLICY", array("USER_AUTH_POLICY" => USER_AUTH_POLICY)));
$DBParams = $GLOBALS['DBParams'];
$DBParams['dsn'] = class_exists('WikiDB_SQL') ? WikiDB_SQL::view_dsn($DBParams['dsn']) : '';
$table->pushContent($this->_showhash("\$DBParams[]", $DBParams));
$DBAuthParams = $GLOBALS['DBAuthParams'];
if (isset($DBAuthParams['auth_dsn']) and class_exists('WikiDB_SQL')) {
$DBAuthParams['auth_dsn'] = WikiDB_SQL::view_dsn($DBAuthParams['auth_dsn']);
} else {
$DBAuthParams['auth_dsn'] = '';
}
unset($DBAuthParams['dummy']);
$table->pushContent($this->_showhash("\$DBAuthParams[]", $DBAuthParams));
$html->pushContent($table);
$html->pushContent(HTML(HTML::h3(fmt("Personal Auth Settings for '%s'", $userid))));
if (!$user) {
$html->pushContent(HTML::p(fmt("No userid")));
} else {
$table = HTML::table(array('border' => 1, 'cellpadding' => 2, 'cellspacing' => 0));
//$table->pushContent(HTML::tr(HTML::td(array('colspan' => 2))));
$userdata = obj2hash($user, array('_dbi', '_request', 'password', 'passwd'));
$table->pushContent($this->_showhash("User: Object of " . get_class($user), $userdata));
if (ENABLE_USER_NEW) {
$group =& $request->getGroup();
$groups = $group->getAllGroupsIn();
$groupdata = obj2hash($group, array('_dbi', '_request', 'password', 'passwd'));
unset($groupdata['request']);
$table->pushContent($this->_showhash("Group: Object of " . get_class($group), $groupdata));
$groups = $group->getAllGroupsIn();
$groupdata = array('getAllGroupsIn' => $groups);
foreach ($groups as $g) {
$groupdata["getMembersOf({$g})"] = $group->getMembersOf($g);
$groupdata["isMember({$g})"] = $group->isMember($g);
}
$table->pushContent($this->_showhash("Group Methods: ", $groupdata));
}
$html->pushContent($table);
}
return $html;
}
function _getUser($userid = '')
{
global $request;
if (!$userid) {
if (!isset($_SERVER)) {
$_SERVER =& $GLOBALS['HTTP_SERVER_VARS'];
}
if (!isset($_ENV)) {
$_ENV =& $GLOBALS['HTTP_ENV_VARS'];
}
if (isset($_SERVER['REMOTE_USER'])) {
$userid = $_SERVER['REMOTE_USER'];
} elseif (isset($_ENV['REMOTE_USER'])) {
$userid = $_ENV['REMOTE_USER'];
} elseif (isset($_SERVER['REMOTE_ADDR'])) {
$userid = $_SERVER['REMOTE_ADDR'];
} elseif (isset($_ENV['REMOTE_ADDR'])) {
$userid = $_ENV['REMOTE_ADDR'];
} elseif (isset($GLOBALS['REMOTE_ADDR'])) {
$userid = $GLOBALS['REMOTE_ADDR'];
}
}
if (ENABLE_USER_NEW) {
return WikiUser($userid);
} else {
return new WikiUser($request, $userid);
}
}
