Example #1
0
function session_login_valid_dbonly($loginname, $passwd, $allowpending)
{
    global $feedback, $userstatus;
    //  Try to get the users from the database using user_id and (MD5) user_pw
    $res = db_query("\n\t\tSELECT user_id,status,unix_pw\n\t\tFROM users\n\t\tWHERE user_name='{$loginname}' \n\t\tAND user_pw='" . md5($passwd) . "'\n\t");
    if (!$res || db_numrows($res) < 1) {
        // No user whose MD5 passwd matches the MD5 of the provided passwd
        // Selecting by user_name only
        $res = db_query("SELECT user_id,status,unix_pw\n\t\t\t\t\tFROM users\n\t\t\t\t\tWHERE user_name='{$loginname}'");
        if (!$res || db_numrows($res) < 1) {
            // No user by that name
            $feedback = _('Invalid Password Or User Name');
            return false;
        } else {
            // There is a user with the provided user_name, but the MD5 passwds do not match
            // We'll have to try checking the (crypt) unix_pw
            $usr = db_fetch_array($res);
            if (crypt($passwd, $usr['unix_pw']) != $usr['unix_pw']) {
                // Even the (crypt) unix_pw does not patch
                // This one has clearly typed a bad passwd
                $feedback = _('Invalid Password Or User Name');
                return false;
            }
            // User exists, (crypt) unix_pw matches
            // Update the (MD5) user_pw and retry authentication
            // It should work, except for status errors
            $res = db_query("UPDATE users\n\t\t\t\tSET user_pw='" . md5($passwd) . "'\n\t\t\t\tWHERE user_id='" . $usr['user_id'] . "'");
            return session_login_valid_dbonly($loginname, $passwd, $allowpending);
        }
    } else {
        // If we're here, then the user has typed a password matching the (MD5) user_pw
        // Let's check whether it also matches the (crypt) unix_pw
        $usr = db_fetch_array($res);
        /*
        		if (crypt ($passwd, $usr['unix_pw']) != $usr['unix_pw']) {
        			// The (crypt) unix_pw does not match
        			if ($usr['unix_pw'] == '') {
        				// Empty unix_pw, we'll take the MD5 as authoritative
        				// Update the (crypt) unix_pw and retry authentication
        				// It should work, except for status errors
        				$res = db_query ("UPDATE users
        					SET unix_pw='" . account_genunixpw($passwd) . "'
        					WHERE user_id='".$usr['user_id']."'");
        				return session_login_valid_dbonly($loginname, $passwd, $allowpending) ;
        			} else {
        				// Invalidate (MD5) user_pw, refuse authentication
        				$res = db_query ("UPDATE users
        					SET user_pw='OUT OF DATE'
        					WHERE user_id='".$usr['user_id']."'");
        				$feedback=_('Invalid Password Or User Name');
        				return false;
        			}
        		}
        */
        // Yay.  The provided password matches both fields in the database.
        // Let's check the status of this user
        // if allowpending (for verify.php) then allow
        $userstatus = $usr['status'];
        if ($allowpending && $usr['status'] == 'P') {
            //1;
        } else {
            if ($usr['status'] == 'S') {
                //acount suspended
                $feedback = _('Account Suspended');
                return false;
            }
            if ($usr['status'] == 'P') {
                //account pending
                $feedback = _('Account Pending');
                return false;
            }
            if ($usr['status'] == 'D') {
                //account deleted
                $feedback = _('Account Deleted');
                return false;
            }
            if ($usr['status'] != 'A') {
                //unacceptable account flag
                $feedback = _('Account Not Active');
                return false;
            }
        }
        //create a new session
        session_set_new(db_result($res, 0, 'user_id'));
        return true;
    }
}
 function AuthUser($loginname, $passwd)
 {
     global $feedback;
     if (!function_exists("ldap_connect")) {
         return false;
     }
     if (!$this->ldap_conn) {
         $this->ldap_conn = ldap_connect($this->ldap_server, $this->ldap_port);
     }
     if ($GLOBALS['sys_ldap_version']) {
         ldap_set_option($this->ldap_conn, LDAP_OPT_PROTOCOL_VERSION, $GLOBALS['sys_ldap_version']);
     }
     $dn = plugin_ldapextauth_getdn($this, $loginname);
     if (empty($dn)) {
         $GLOBALS['ldap_auth_failed'] = true;
         return false;
     }
     $u = user_get_object_by_name($loginname);
     if ($u) {
         // User exists in DB
         if (@ldap_bind($this->ldap_conn, $dn, $passwd)) {
             // Password from form is valid in LDAP
             if (session_login_valid_dbonly($loginname, $passwd, false)) {
                 // Also according to DB
                 $GLOBALS['ldap_auth_failed'] = false;
                 return true;
             } else {
                 // Passwords mismatch, update DB's
                 $u->setPasswd($passwd);
                 $GLOBALS['ldap_auth_failed'] = false;
                 return true;
             }
         } else {
             // Wrong password according to LDAP
             $feedback = _('Invalid Password Or User Name');
             $GLOBALS['ldap_auth_failed'] = true;
             return false;
         }
     } else {
         // User doesn't exist in DB yet
         if (@ldap_bind($this->ldap_conn, $dn, $passwd)) {
             // User authenticated
             // Now get her info
             if ($this->ldap_kind == "AD") {
                 $res = ldap_search($this->ldap_conn, $this->base_dn, "sAMAccountName=" . $loginname);
             } else {
                 $res = ldap_read($this->ldap_conn, $dn, "objectclass=*");
             }
             $info = ldap_get_entries($this->ldap_conn, $res);
             $ldapentry = $info[0];
             $mappedinfo = plugin_ldapextauth_mapping($ldapentry);
             // Insert into DB
             $u = new User();
             $unix_name = $loginname;
             $firstname = '';
             $lastname = '';
             $password1 = $passwd;
             $password2 = $passwd;
             $email = '';
             $mail_site = 1;
             $mail_va = 0;
             $language_id = 1;
             $timezone = 'GMT';
             $jabber_address = '';
             $jabber_only = 0;
             $theme_id = 1;
             $unix_box = '';
             $address = '';
             $address2 = '';
             $phone = '';
             $fax = '';
             $title = '';
             $ccode = 'US';
             $send_mail = false;
             if ($mappedinfo['firstname']) {
                 $firstname = $mappedinfo['firstname'];
             }
             if ($mappedinfo['lastname']) {
                 $lastname = $mappedinfo['lastname'];
             }
             if ($mappedinfo['email']) {
                 $email = $mappedinfo['email'];
             }
             if ($mappedinfo['language_id']) {
                 $language_id = $mappedinfo['language_id'];
             }
             if ($mappedinfo['timezone']) {
                 $timezone = $mappedinfo['timezone'];
             }
             if ($mappedinfo['jabber_address']) {
                 $jabber_address = $mappedinfo['jabber_address'];
             }
             if ($mappedinfo['address']) {
                 $address = $mappedinfo['address'];
             }
             if ($mappedinfo['address2']) {
                 $address2 = $mappedinfo['address2'];
             }
             if ($mappedinfo['phone']) {
                 $phone = $mappedinfo['phone'];
             }
             if ($mappedinfo['fax']) {
                 $fax = $mappedinfo['fax'];
             }
             if ($mappedinfo['title']) {
                 $title = $mappedinfo['title'];
             }
             if ($mappedinfo['ccode']) {
                 $ccode = $mappedinfo['ccode'];
             }
             if ($mappedinfo['themeid']) {
                 $theme_id = $mappedinfo['themeid'];
             }
             if (!$u->create($unix_name, $firstname, $lastname, $password1, $password2, $email, $mail_site, $mail_va, $language_id, $timezone, $jabber_address, $jabber_only, $theme_id, $unix_box, $address, $address2, $phone, $fax, $title, $ccode, $send_mail)) {
                 $GLOBALS['ldap_auth_failed'] = true;
                 $feedback = "<br>Error Creating User: "******"<br>Error Activating User: " . $u->getErrorMessage();
                 return false;
             }
             $GLOBALS['ldap_auth_failed'] = false;
             $GLOBALS['ldap_first_login'] = true;
             return true;
         } else {
             $GLOBALS['ldap_auth_failed'] = true;
             $feedback = _('Invalid Password Or User Name');
             return false;
             // Probably ignored, but just in case
         }
     }
 }
 function CallHook($hookname, $params)
 {
     global $use_mediawikiplugin, $G_SESSION, $HTML;
     if (isset($params['group_id'])) {
         $group_id = $params['group_id'];
     } elseif (isset($params['group'])) {
         $group_id = $params['group'];
     } else {
         $group_id = null;
     }
     if ($hookname == "outermenu") {
         $params['TITLES'][] = 'MediaWiki';
         $params['DIRS'][] = '/mediawiki';
     } elseif ($hookname == "usermenu") {
         $text = $this->text;
         // this is what shows in the tab
         if ($G_SESSION->usesPlugin("mediawiki")) {
             echo ' | ' . $HTML->PrintSubMenu(array($text), array('/mediawiki/index.php?title=User:'******'TITLES'][] = $this->text;
             $params['DIRS'][] = '/plugins/mediawiki/index.php?group_id=' . $project->getID();
         }
         $params['toptab'] == $this->name ? $params['selected'] = count($params['TITLES']) - 1 : '';
     } elseif ($hookname == "groupisactivecheckbox") {
         //Check if the group is active
         // this code creates the checkbox in the project edit public info page to activate/deactivate the plugin
         $group =& group_get_object($group_id);
         echo "<tr>";
         echo "<td>";
         echo ' <input type="CHECKBOX" name="use_mediawikiplugin" value="1" ';
         // CHECKED OR UNCHECKED?
         if ($group->usesPlugin($this->name)) {
             echo "CHECKED";
         }
         echo "><br/>";
         echo "</td>";
         echo "<td>";
         echo "<strong>Use " . $this->text . " Plugin</strong>";
         echo "</td>";
         echo "</tr>";
     } elseif ($hookname == "groupisactivecheckboxpost") {
         // this code actually activates/deactivates the plugin after the form was submitted in the project edit public info page
         $group =& group_get_object($group_id);
         $use_mediawikiplugin = getStringFromRequest('use_mediawikiplugin');
         if ($use_mediawikiplugin == 1) {
             $group->setPluginUse($this->name);
         } else {
             $group->setPluginUse($this->name, false);
         }
     } elseif ($hookname == "userisactivecheckbox") {
         //check if user is active
         // this code creates the checkbox in the user account manteinance page to activate/deactivate the plugin
         $user = $params['user'];
         echo "<tr>";
         echo "<td>";
         echo ' <input type="CHECKBOX" name="use_mediawikiplugin" value="1" ';
         // CHECKED OR UNCHECKED?
         if ($user->usesPlugin($this->name)) {
             echo "CHECKED";
         }
         echo ">    Use " . $this->text . " Plugin";
         echo "</td>";
         echo "</tr>";
     } elseif ($hookname == "userisactivecheckboxpost") {
         // this code actually activates/deactivates the plugin after the form was submitted in the user account manteinance page
         $user = $params['user'];
         $use_mediawikiplugin = getStringFromRequest('use_mediawikiplugin');
         if ($use_mediawikiplugin == 1) {
             $user->setPluginUse($this->name);
         } else {
             $user->setPluginUse($this->name, false);
         }
         echo "<tr>";
         echo "<td>";
         echo ' <input type="CHECKBOX" name="use_mediawikiplugin" value="1" ';
         // CHECKED OR UNCHECKED?
         if ($user->usesPlugin($this->name)) {
             echo "CHECKED";
         }
         echo ">    Use " . $this->text . " Plugin";
         echo "</td>";
         echo "</tr>";
     } elseif ($hookname == "user_personal_links") {
         // this displays the link in the user's profile page to it's personal MediaWiki (if you want other sto access it, youll have to change the permissions in the index.php
         $userid = $params['user_id'];
         $user = user_get_object($userid);
         $text = $params['text'];
         //check if the user has the plugin activated
         if ($user->usesPlugin($this->name)) {
             echo '	<p>';
             echo util_make_link("/plugins/helloworld/index.php?id={$userid}&type=user&pluginname=" . $this->name, _('View Personal MediaWiki'));
             echo '</p>';
         }
     } elseif ($hookname == "project_admin_plugins") {
         // this displays the link in the project admin options page to it's  MediaWiki administration
         $group_id = $params['group_id'];
         $group =& group_get_object($group_id);
         if ($group->usesPlugin($this->name)) {
             echo util_make_link("/plugins/projects_hierarchy/index.php?id=" . $group->getID() . '&type=admin&pluginname=' . $this->name, _('View the MediaWiki Administration'));
             echo '</p>';
         }
     } elseif ($hookname == "session_before_login") {
         $loginname = $params['loginname'];
         $passwd = $params['passwd'];
         if (!session_login_valid_dbonly($loginname, $passwd, false)) {
             return;
         }
         $u = user_get_object_by_name($loginname);
         define('MEDIAWIKI', true);
         if (is_file('/var/lib/mediawiki/LocalSettings.php')) {
             require_once '/var/lib/mediawiki/LocalSettings.php';
         } elseif (is_file('/var/lib/mediawiki1.10/LocalSettings.php')) {
             require_once '/var/lib/mediawiki1.10/LocalSettings.php';
         } else {
             return 1;
         }
         if (is_dir('/usr/share/mediawiki')) {
             $mw_share_path = "/usr/share/mediawiki";
         } elseif (is_dir('/usr/share/mediawiki1.10')) {
             $mw_share_path = "/usr/share/mediawiki1.10";
         } else {
             return 1;
         }
         require_once $mw_share_path . '/includes/Defines.php';
         require_once $mw_share_path . '/includes/Exception.php';
         require_once $mw_share_path . '/includes/GlobalFunctions.php';
         require_once $mw_share_path . '/StartProfiler.php';
         require_once $mw_share_path . '/includes/Database.php';
         $mwdb = new Database();
         $mwdb->open($wgDBserver, $wgDBuser, $wgDBpassword, $wgDBname);
         $sql = "select count(*) from user where user_name=?";
         $res = $mwdb->safeQuery($sql, ucfirst($loginname));
         $row = $mwdb->fetchRow($res);
         if ($row[0] == 1) {
             $sql = "update user set user_password=?, user_email=?, user_real_name=? where user_name=?";
             $res = $mwdb->safeQuery($sql, md5($passwd), $u->getEmail(), $u->getRealName(), array(ucfirst($loginname)));
         } else {
             $sql = "insert into user (user_name, user_real_name, user_password, user_email, user_options) values (?, ?, ?, ?, ?)";
             $res = $mwdb->safeQuery($sql, array(ucfirst($loginname), $u->getRealName(), md5($passwd), $u->getEmail(), "skin=gforge\ncols=80\nrows=25"));
         }
     } elseif ($hookname == "blahblahblah") {
         // ...
     }
 }