/** A BogoLoginUser requires no password at all
* But if there's one stored, we override it with the PersonalPagePassUser instead
*/
function checkPass($submitted_password)
{
if ($this->_prefs->get('passwd')) {
if (isset($this->_prefs->_method) and $this->_prefs->_method == 'HomePage') {
$user = new _PersonalPagePassUser($this->_userid, $this->_prefs);
if ($user->checkPass($submitted_password)) {
if (!check_php_version(5)) {
eval("\$this = \$user;");
}
// /*PHP5 patch*/$this = $user;
$user = UpgradeUser($this, $user);
$this->_level = WIKIAUTH_USER;
return $this->_level;
} else {
$this->_level = WIKIAUTH_ANON;
return $this->_level;
}
} else {
$stored_password = $this->_prefs->get('passwd');
if ($this->_checkPass($submitted_password, $stored_password)) {
$this->_level = WIKIAUTH_USER;
return $this->_level;
} elseif (USER_AUTH_POLICY === 'strict') {
$this->_level = WIKIAUTH_FORBIDDEN;
return $this->_level;
} else {
return $this->_tryNextPass($submitted_password);
}
}
}
if (isWikiWord($this->_userid)) {
$this->_level = WIKIAUTH_BOGO;
} else {
$this->_level = WIKIAUTH_ANON;
}
return $this->_level;
}
function _tryNextUser()
{
if (DEBUG & _DEBUG_LOGIN) {
$class = strtolower(get_class($this));
if (substr($class, -10) == "dbpassuser") {
$class = "_dbpassuser";
}
$GLOBALS['USER_AUTH_ERROR'][$class] = 'nosuchuser';
}
if (USER_AUTH_POLICY === 'strict' or USER_AUTH_POLICY === 'stacked') {
$class = $this->nextClass();
while ($user = new $class($this->_userid, $this->_prefs)) {
if (!check_php_version(5)) {
eval("\$this = \$user;");
}
$user = UpgradeUser($this, $user);
if ($user->userExists()) {
$user = UpgradeUser($this, $user);
return true;
}
if ($class == "_ForbiddenPassUser") {
return false;
}
$class = $this->nextClass();
}
}
return false;
}
function WikiRequest()
{
$this->_dbi = WikiDB::open($GLOBALS['DBParams']);
// first mysql request costs [958ms]! [670ms] is mysql_connect()
if (in_array('File', $this->_dbi->getAuthParam('USER_AUTH_ORDER'))) {
// force our local copy, until the pear version is fixed.
include_once dirname(__FILE__) . "/pear/File_Passwd.php";
}
if (ENABLE_USER_NEW) {
// Preload all necessary userclasses. Otherwise session => __PHP_Incomplete_Class_Name
// There's no way to demand-load it later. This way it's much slower, but needs slightly
// less memory than loading all.
if (ALLOW_BOGO_LOGIN) {
include_once "lib/WikiUser/BogoLogin.php";
}
// UserPreferences POST Update doesn't reach this.
foreach ($GLOBALS['USER_AUTH_ORDER'] as $method) {
include_once "lib/WikiUser/{$method}.php";
if ($method == 'Db') {
switch (DATABASE_TYPE) {
case 'SQL':
include_once "lib/WikiUser/PearDb.php";
break;
case 'ADODB':
include_once "lib/WikiUser/AdoDb.php";
break;
case 'PDO':
include_once "lib/WikiUser/PdoDb.php";
break;
}
}
}
unset($method);
}
if (USE_DB_SESSION) {
include_once 'lib/DbSession.php';
$dbi =& $this->_dbi;
$this->_dbsession = new DbSession($dbi, $dbi->getParam('prefix') . $dbi->getParam('db_session_table'));
}
// Fixme: Does pear reset the error mask to 1? We have to find the culprit
//$x = error_reporting();
$this->version = phpwiki_version();
$this->Request();
// [90ms]
// Normalize args...
$this->setArg('pagename', $this->_deducePagename());
$this->setArg('action', $this->_deduceAction());
if (DEBUG & _DEBUG_SQL or DATABASE_OPTIMISE_FREQUENCY > 0 and time() % DATABASE_OPTIMISE_FREQUENCY == 0) {
if ($this->_dbi->_backend->optimize()) {
trigger_error(_("Optimizing database"), E_USER_NOTICE);
}
}
// Restore auth state. This doesn't check for proper authorization!
$userid = $this->_deduceUsername();
if (ENABLE_USER_NEW) {
if (isset($this->_user) and !empty($this->_user->_authhow) and $this->_user->_authhow == 'session') {
// users might switch in a session between the two objects.
// restore old auth level here or in updateAuthAndPrefs?
//$user = $this->getSessionVar('wiki_user');
// revive db handle, because these don't survive sessions
if (isset($this->_user) and (!isa($this->_user, WikiUserClassname()) or strtolower(get_class($this->_user)) == '_passuser')) {
$this->_user = WikiUser($userid, $this->_user->_prefs);
}
// revive other db handle
if (isset($this->_user->_prefs->_method) and ($this->_user->_prefs->_method == 'SQL' or $this->_user->_prefs->_method == 'ADODB' or $this->_user->_prefs->_method == 'PDO' or $this->_user->_prefs->_method == 'HomePage')) {
$this->_user->_HomePagehandle = $this->getPage($userid);
}
// need to update the lockfile filehandle
if (isa($this->_user, '_FilePassUser') and $this->_user->_file->lockfile and !$this->_user->_file->fplock) {
//$level = $this->_user->_level;
$this->_user = UpgradeUser($this->_user, new _FilePassUser($userid, $this->_user->_prefs, $this->_user->_file->filename));
//$this->_user->_level = $level;
}
$this->_prefs =& $this->_user->_prefs;
} else {
$user = WikiUser($userid);
$this->_user =& $user;
$this->_prefs =& $this->_user->_prefs;
}
} else {
$this->_user = new WikiUser($this, $userid);
$this->_prefs = $this->_user->getPreferences();
}
}
function userExists()
{
//if ($this->_HomePagehandle) return true;
$class = $this->nextClass();
while ($user = new $class($this->_userid, $this->_prefs)) {
if (!check_php_version(5)) {
eval("\$this = \$user;");
}
// /*PHP5 patch*/$this = $user;
UpgradeUser($this, $user);
if ($user->userExists()) {
return true;
}
// prevent endless loop. does this work on all PHP's?
// it just has to set the classname, what it correctly does.
$class = $user->nextClass();
if ($class == "_ForbiddenPassUser") {
return false;
}
}
return false;
}
function userExists()
{
$this->_userid = trim($this->_userid);
$userid = $this->_userid;
if (strstr($userid, '*')) {
trigger_error(fmt("Invalid username '%s' for LDAP Auth", $userid), E_USER_WARNING);
return false;
}
if ($ldap = $this->_init()) {
// Need to set the right root search information. see ../index.php
$st_search = $this->_searchparam($userid);
if (!($this->_sr = ldap_search($ldap, LDAP_BASE_DN, $st_search))) {
$this->_free();
return $this->_tryNextUser();
}
$info = ldap_get_entries($ldap, $this->_sr);
if ($info["count"] > 0) {
$this->_free();
UpgradeUser($GLOBALS['ForbiddenUser'], $this);
return true;
}
}
$this->_free();
return $this->_tryNextUser();
}