/** * new user, create him - making sure the login is unique by adding a number if needed * * @param array $uinfo user info received from the oAuth service * @param string $servicename * * @return bool */ protected function addUser(&$uinfo, $servicename) { global $conf; $user = $uinfo['user']; $count = ''; while ($this->getUserData($user . $count)) { if ($count) { $count++; } else { $count = 1; } } $user = $user . $count; $uinfo['user'] = $user; $groups_on_creation = array(); $groups_on_creation[] = $conf['defaultgroup']; $groups_on_creation[] = $this->cleanGroup($servicename); // add service as group $uinfo['grps'] = array_merge((array) $uinfo['grps'], $groups_on_creation); $ok = $this->triggerUserMod('create', array($user, auth_pwgen($user), $uinfo['name'], $uinfo['mail'], $groups_on_creation)); if (!$ok) { return false; } // send notification about the new user $subscription = new Subscription(); $subscription->send_register($user, $uinfo['name'], $uinfo['mail']); return true; }
/** * Register a new user * * This registers a new user - Data is read directly from $_POST * * @author Andreas Gohr <*****@*****.**> * @return bool true on success, false on any error */ function register() { global $lang; global $conf; /* @var DokuWiki_Auth_Plugin $auth */ global $auth; global $INPUT; if (!$INPUT->post->bool('save')) { return false; } if (!actionOK('register')) { return false; } // gather input $login = trim($auth->cleanUser($INPUT->post->str('login'))); $fullname = trim(preg_replace('/[\\x00-\\x1f:<>&%,;]+/', '', $INPUT->post->str('fullname'))); $email = trim(preg_replace('/[\\x00-\\x1f:<>&%,;]+/', '', $INPUT->post->str('email'))); $pass = $INPUT->post->str('pass'); $passchk = $INPUT->post->str('passchk'); if (empty($login) || empty($fullname) || empty($email)) { msg($lang['regmissing'], -1); return false; } if ($conf['autopasswd']) { $pass = auth_pwgen($login); // automatically generate password } elseif (empty($pass) || empty($passchk)) { msg($lang['regmissing'], -1); // complain about missing passwords return false; } elseif ($pass != $passchk) { msg($lang['regbadpass'], -1); // complain about misspelled passwords return false; } //check mail if (!mail_isvalid($email)) { msg($lang['regbadmail'], -1); return false; } //okay try to create the user if (!$auth->triggerUserMod('create', array($login, $pass, $fullname, $email))) { msg($lang['reguexists'], -1); return false; } // send notification about the new user $subscription = new Subscription(); $subscription->send_register($login, $fullname, $email); // are we done? if (!$conf['autopasswd']) { msg($lang['regsuccess2'], 1); return true; } // autogenerated password? then send password to user if (auth_sendPassword($login, $pass)) { msg($lang['regsuccess'], 1); return true; } else { msg($lang['regmailfail'], -1); return false; } }
/** * Handle the login * * This either trusts the session data (if any), processes the second oAuth step or simply * executes a normal plugin against local users. * * @param string $user * @param string $pass * @param bool $sticky * @return bool */ function trustExternal($user, $pass, $sticky = false) { global $conf; global $USERINFO; // are we in login progress? if (isset($_SESSION[DOKU_COOKIE]['oauth-inprogress'])) { $servicename = $_SESSION[DOKU_COOKIE]['oauth-inprogress']['service']; $page = $_SESSION[DOKU_COOKIE]['oauth-inprogress']['id']; unset($_SESSION[DOKU_COOKIE]['oauth-inprogress']); } // check session for existing oAuth login data $session = $_SESSION[DOKU_COOKIE]['auth']; if (!isset($servicename) && isset($session['oauth'])) { $servicename = $session['oauth']; // check if session data is still considered valid if ($session['time'] >= time() - $conf['auth_security_timeout'] && $session['buid'] == auth_browseruid()) { $_SERVER['REMOTE_USER'] = $session['user']; $USERINFO = $session['info']; return true; } } // either we're in oauth login or a previous log needs to be rechecked if (isset($servicename)) { /** @var helper_plugin_oauth $hlp */ $hlp = plugin_load('helper', 'oauth'); $service = $hlp->loadService($servicename); if (is_null($service)) { return false; } if ($service->checkToken()) { $uinfo = $service->getUser(); $uinfo['user'] = $this->cleanUser((string) $uinfo['user']); if (!$uinfo['name']) { $uinfo['name'] = $uinfo['user']; } if (!$uinfo['user'] || !$uinfo['mail']) { msg("{$servicename} did not provide the needed user info. Can't log you in", -1); return false; } // see if the user is known already $user = $this->getUserByEmail($uinfo['mail']); if ($user) { $sinfo = $this->getUserData($user); // check if the user allowed access via this service if (!in_array($this->cleanGroup($servicename), $sinfo['grps'])) { msg(sprintf($this->getLang('authnotenabled'), $servicename), -1); return false; } $uinfo['user'] = $user; $uinfo['name'] = $sinfo['name']; $uinfo['grps'] = array_merge((array) $uinfo['grps'], $sinfo['grps']); } else { // new user, create him - making sure the login is unique by adding a number if needed $user = $uinfo['user']; $count = ''; while ($this->getUserData($user . $count)) { if ($count) { $count++; } else { $count = 1; } } $user = $user . $count; $uinfo['user'] = $user; $groups_on_creation = array(); $groups_on_creation[] = $conf['defaultgroup']; $groups_on_creation[] = $this->cleanGroup($servicename); // add service as group $uinfo['grps'] = array_merge((array) $uinfo['grps'], $groups_on_creation); $ok = $this->triggerUserMod('create', array($user, auth_pwgen($user), $uinfo['name'], $uinfo['mail'], $groups_on_creation)); if (!$ok) { msg('something went wrong creating your user account. please try again later.', -1); return false; } // send notification about the new user $subscription = new Subscription(); $subscription->send_register($user, $uinfo['name'], $uinfo['mail']); } // set user session $this->setUserSession($uinfo, $servicename); $cookie = base64_encode($user) . '|' . (int) $sticky . '|' . base64_encode('oauth') . '|' . base64_encode($servicename); $cookieDir = empty($conf['cookiedir']) ? DOKU_REL : $conf['cookiedir']; $time = $sticky ? time() + 60 * 60 * 24 * 365 : 0; setcookie(DOKU_COOKIE, $cookie, $time, $cookieDir, '', $conf['securecookie'] && is_ssl(), true); if (isset($page)) { send_redirect(wl($page)); } return true; } else { $this->relogin($servicename); } unset($_SESSION[DOKU_COOKIE]['auth']); return false; // something went wrong during oAuth login } elseif (isset($_COOKIE[DOKU_COOKIE])) { global $INPUT; //try cookie list($cookieuser, $cookiesticky, $auth, $servicename) = explode('|', $_COOKIE[DOKU_COOKIE]); $cookieuser = base64_decode($cookieuser, true); $auth = base64_decode($auth, true); $servicename = base64_decode($servicename, true); if ($auth === 'oauth') { $this->relogin($servicename); } } // do the "normal" plain auth login via form return auth_login($user, $pass, $sticky); }