/** * Initialize the auth system. * * This function is automatically called at the end of init.php * * This used to be the main() of the auth.php * * @todo backend loading maybe should be handled by the class autoloader * @todo maybe split into multiple functions at the XXX marked positions * @triggers AUTH_LOGIN_CHECK * @return bool */ function auth_setup() { global $conf; /* @var auth_basic $auth */ global $auth; /* @var Input $INPUT */ global $INPUT; global $AUTH_ACL; global $lang; $AUTH_ACL = array(); if (!$conf['useacl']) { return false; } // load the the backend auth functions and instantiate the auth object XXX if (@file_exists(DOKU_INC . 'inc/auth/' . $conf['authtype'] . '.class.php')) { require_once DOKU_INC . 'inc/auth/basic.class.php'; require_once DOKU_INC . 'inc/auth/' . $conf['authtype'] . '.class.php'; $auth_class = "auth_" . $conf['authtype']; if (class_exists($auth_class)) { $auth = new $auth_class(); if ($auth->success == false) { // degrade to unauthenticated user unset($auth); auth_logoff(); msg($lang['authtempfail'], -1); } } else { nice_die($lang['authmodfailed']); } } else { nice_die($lang['authmodfailed']); } if (!isset($auth) || !$auth) { return false; } // do the login either by cookie or provided credentials XXX $INPUT->set('http_credentials', false); if (!$conf['rememberme']) { $INPUT->set('r', false); } // handle renamed HTTP_AUTHORIZATION variable (can happen when a fix like // the one presented at // http://www.besthostratings.com/articles/http-auth-php-cgi.html is used // for enabling HTTP authentication with CGI/SuExec) if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) { $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['REDIRECT_HTTP_AUTHORIZATION']; } // streamline HTTP auth credentials (IIS/rewrite -> mod_php) if (isset($_SERVER['HTTP_AUTHORIZATION'])) { list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6))); } // if no credentials were given try to use HTTP auth (for SSO) if (!$INPUT->str('u') && empty($_COOKIE[DOKU_COOKIE]) && !empty($_SERVER['PHP_AUTH_USER'])) { $INPUT->set('u', $_SERVER['PHP_AUTH_USER']); $INPUT->set('p', $_SERVER['PHP_AUTH_PW']); $INPUT->set('http_credentials', true); } // apply cleaning $INPUT->set('u', $auth->cleanUser($INPUT->str('u'))); if ($INPUT->str('authtok')) { // when an authentication token is given, trust the session auth_validateToken($INPUT->str('authtok')); } elseif (!is_null($auth) && $auth->canDo('external')) { // external trust mechanism in place $auth->trustExternal($INPUT->str('u'), $INPUT->str('p'), $INPUT->bool('r')); } else { $evdata = array('user' => $INPUT->str('u'), 'password' => $INPUT->str('p'), 'sticky' => $INPUT->bool('r'), 'silent' => $INPUT->bool('http_credentials')); trigger_event('AUTH_LOGIN_CHECK', $evdata, 'auth_login_wrapper'); } //load ACL into a global array XXX $AUTH_ACL = auth_loadACL(); return true; }
} // streamline HTTP auth credentials (IIS/rewrite -> mod_php) if (isset($_SERVER['HTTP_AUTHORIZATION'])) { list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6))); } // if no credentials were given try to use HTTP auth (for SSO) if (empty($_REQUEST['u']) && empty($_COOKIE[DOKU_COOKIE]) && !empty($_SERVER['PHP_AUTH_USER'])) { $_REQUEST['u'] = $_SERVER['PHP_AUTH_USER']; $_REQUEST['p'] = $_SERVER['PHP_AUTH_PW']; $_REQUEST['http_credentials'] = true; } // apply cleaning $_REQUEST['u'] = $auth->cleanUser($_REQUEST['u']); if (isset($_REQUEST['authtok'])) { // when an authentication token is given, trust the session auth_validateToken($_REQUEST['authtok']); } elseif (!is_null($auth) && $auth->canDo('external')) { // external trust mechanism in place $auth->trustExternal($_REQUEST['u'], $_REQUEST['p'], $_REQUEST['r']); } else { $evdata = array('user' => $_REQUEST['u'], 'password' => $_REQUEST['p'], 'sticky' => $_REQUEST['r'], 'silent' => $_REQUEST['http_credentials']); $evt = new Doku_Event('AUTH_LOGIN_CHECK', $evdata); if ($evt->advise_before()) { auth_login($evdata['user'], $evdata['password'], $evdata['sticky'], $evdata['silent']); } } } //load ACL into a global array global $AUTH_ACL; if (is_readable(DOKU_CONF . 'acl.auth.php')) { $AUTH_ACL = file(DOKU_CONF . 'acl.auth.php');
/** * Initialize the auth system. * * This function is automatically called at the end of init.php * * This used to be the main() of the auth.php * * @todo backend loading maybe should be handled by the class autoloader * @todo maybe split into multiple functions at the XXX marked positions * @triggers AUTH_LOGIN_CHECK * @return bool */ function auth_setup() { global $conf; /* @var DokuWiki_Auth_Plugin $auth */ global $auth; /* @var Input $INPUT */ global $INPUT; global $AUTH_ACL; global $lang; /* @var Doku_Plugin_Controller $plugin_controller */ global $plugin_controller; $AUTH_ACL = array(); if (!$conf['useacl']) { return false; } // try to load auth backend from plugins foreach ($plugin_controller->getList('auth') as $plugin) { if ($conf['authtype'] === $plugin) { $auth = $plugin_controller->load('auth', $plugin); break; } elseif ('auth' . $conf['authtype'] === $plugin) { // matches old auth backends (pre-Weatherwax) $auth = $plugin_controller->load('auth', $plugin); msg('Your authtype setting is deprecated. You must set $conf[\'authtype\'] = "auth' . $conf['authtype'] . '"' . ' in your configuration (see <a href="https://www.dokuwiki.org/auth">Authentication Backends</a>)', -1, '', '', MSG_ADMINS_ONLY); } } if (!isset($auth) || !$auth) { msg($lang['authtempfail'], -1); return false; } if ($auth->success == false) { // degrade to unauthenticated user unset($auth); auth_logoff(); msg($lang['authtempfail'], -1); return false; } // do the login either by cookie or provided credentials XXX $INPUT->set('http_credentials', false); if (!$conf['rememberme']) { $INPUT->set('r', false); } // handle renamed HTTP_AUTHORIZATION variable (can happen when a fix like // the one presented at // http://www.besthostratings.com/articles/http-auth-php-cgi.html is used // for enabling HTTP authentication with CGI/SuExec) if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) { $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['REDIRECT_HTTP_AUTHORIZATION']; } // streamline HTTP auth credentials (IIS/rewrite -> mod_php) if (isset($_SERVER['HTTP_AUTHORIZATION'])) { list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6))); } // if no credentials were given try to use HTTP auth (for SSO) if (!$INPUT->str('u') && empty($_COOKIE[DOKU_COOKIE]) && !empty($_SERVER['PHP_AUTH_USER'])) { $INPUT->set('u', $_SERVER['PHP_AUTH_USER']); $INPUT->set('p', $_SERVER['PHP_AUTH_PW']); $INPUT->set('http_credentials', true); } // apply cleaning (auth specific user names, remove control chars) if (true === $auth->success) { $INPUT->set('u', $auth->cleanUser(stripctl($INPUT->str('u')))); $INPUT->set('p', stripctl($INPUT->str('p'))); } if ($INPUT->str('authtok')) { // when an authentication token is given, trust the session auth_validateToken($INPUT->str('authtok')); } elseif (!is_null($auth) && $auth->canDo('external')) { // external trust mechanism in place $auth->trustExternal($INPUT->str('u'), $INPUT->str('p'), $INPUT->bool('r')); } else { $evdata = array('user' => $INPUT->str('u'), 'password' => $INPUT->str('p'), 'sticky' => $INPUT->bool('r'), 'silent' => $INPUT->bool('http_credentials')); trigger_event('AUTH_LOGIN_CHECK', $evdata, 'auth_login_wrapper'); } //load ACL into a global array XXX $AUTH_ACL = auth_loadACL(); return true; }
/** * Initialize the auth system. * * This function is automatically called at the end of init.php * * This used to be the main() of the auth.php * * @todo backend loading maybe should be handled by the class autoloader * @todo maybe split into multiple functions at the XXX marked positions */ function auth_setup() { global $conf; global $auth; global $AUTH_ACL; global $lang; global $config_cascade; $AUTH_ACL = array(); if (!$conf['useacl']) { return false; } // load the the backend auth functions and instantiate the auth object XXX if (@file_exists(DOKU_INC . 'inc/auth/' . $conf['authtype'] . '.class.php')) { require_once DOKU_INC . 'inc/auth/basic.class.php'; require_once DOKU_INC . 'inc/auth/' . $conf['authtype'] . '.class.php'; $auth_class = "auth_" . $conf['authtype']; if (class_exists($auth_class)) { $auth = new $auth_class(); if ($auth->success == false) { // degrade to unauthenticated user unset($auth); auth_logoff(); msg($lang['authtempfail'], -1); } } else { nice_die($lang['authmodfailed']); } } else { nice_die($lang['authmodfailed']); } if (!$auth) { return; } // do the login either by cookie or provided credentials XXX if (!isset($_REQUEST['u'])) { $_REQUEST['u'] = ''; } if (!isset($_REQUEST['p'])) { $_REQUEST['p'] = ''; } if (!isset($_REQUEST['r'])) { $_REQUEST['r'] = ''; } $_REQUEST['http_credentials'] = false; if (!$conf['rememberme']) { $_REQUEST['r'] = false; } // streamline HTTP auth credentials (IIS/rewrite -> mod_php) if (isset($_SERVER['HTTP_AUTHORIZATION'])) { list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6))); } // if no credentials were given try to use HTTP auth (for SSO) if (empty($_REQUEST['u']) && empty($_COOKIE[DOKU_COOKIE]) && !empty($_SERVER['PHP_AUTH_USER'])) { $_REQUEST['u'] = $_SERVER['PHP_AUTH_USER']; $_REQUEST['p'] = $_SERVER['PHP_AUTH_PW']; $_REQUEST['http_credentials'] = true; } // apply cleaning $_REQUEST['u'] = $auth->cleanUser($_REQUEST['u']); if (isset($_REQUEST['authtok'])) { // when an authentication token is given, trust the session auth_validateToken($_REQUEST['authtok']); } elseif (!is_null($auth) && $auth->canDo('external')) { // external trust mechanism in place $auth->trustExternal($_REQUEST['u'], $_REQUEST['p'], $_REQUEST['r']); } else { $evdata = array('user' => $_REQUEST['u'], 'password' => $_REQUEST['p'], 'sticky' => $_REQUEST['r'], 'silent' => $_REQUEST['http_credentials']); trigger_event('AUTH_LOGIN_CHECK', $evdata, 'auth_login_wrapper'); } //load ACL into a global array XXX $AUTH_ACL = auth_loadACL(); }