function deduceUsername()
{
global $request, $HTTP_SERVER_VARS, $HTTP_ENV_VARS;
if (!empty($request->args['auth']) and !empty($request->args['auth']['userid'])) {
return $request->args['auth']['userid'];
}
if (!empty($HTTP_SERVER_VARS['PHP_AUTH_USER'])) {
return $HTTP_SERVER_VARS['PHP_AUTH_USER'];
}
if (!empty($HTTP_ENV_VARS['REMOTE_USER'])) {
return $HTTP_ENV_VARS['REMOTE_USER'];
}
if ($user = $request->getSessionVar('wiki_user')) {
$request->_user = $user;
$request->_user->_authhow = 'session';
return ENABLE_USER_NEW ? $user->UserName() : $request->_user;
}
if ($userid = $request->getCookieVar(getCookieName())) {
if (!empty($userid) and substr($userid, 0, 2) != 's:') {
$request->_user->authhow = 'cookie';
return $userid;
}
}
return false;
}
/** _AnonUser::setPreferences(): Save prefs in a cookie and session and update all global vars
*
* Allow for multiple wikis in same domain. Encode only the
* _prefs array of the UserPreference object. Ideally the
* prefs array should just be imploded into a single string or
* something so it is completely human readable by the end
* user. In that case stricter error checking will be needed
* when loading the cookie.
*/
function setPreferences($prefs, $id_only = false)
{
if (!is_object($prefs)) {
if (is_object($this->_prefs)) {
$updated = $this->_prefs->updatePrefs($prefs);
$prefs =& $this->_prefs;
} else {
// update the prefs values from scratch. This could leed to unnecessary
// side-effects: duplicate emailVerified, ...
$this->_prefs = new UserPreferences($prefs);
$updated = true;
}
} else {
if (!isset($this->_prefs)) {
$this->_prefs =& $prefs;
} else {
$updated = $this->_prefs->isChanged($prefs);
}
}
if ($updated) {
if ($id_only and !headers_sent()) {
global $request;
// new 1.3.8 policy: no array cookies, only plain userid string as in
// the pre 1.3.x versions.
// prefs should be stored besides the session in the homepagehandle or in a db.
$request->setCookieVar(getCookieName(), $this->_userid, COOKIE_EXPIRATION_DAYS, COOKIE_DOMAIN);
//$request->setCookieVar(WIKI_NAME, array('userid' => $prefs->get('userid')),
// COOKIE_EXPIRATION_DAYS, COOKIE_DOMAIN);
}
}
if (is_object($prefs)) {
$packed = $prefs->store();
$unpacked = $prefs->unpack($packed);
if (count($unpacked)) {
foreach (array('_method', '_select', '_update', '_insert') as $param) {
if (!empty($this->_prefs->{$param})) {
$prefs->{$param} = $this->_prefs->{$param};
}
}
$this->_prefs = $prefs;
}
}
return $updated;
}
function _deduceUsername()
{
global $HTTP_SERVER_VARS, $HTTP_ENV_VARS;
if (!empty($this->args['auth']) and !empty($this->args['auth']['userid'])) {
return $this->args['auth']['userid'];
}
// Disable session vars (seems problematic)
// if (0 && $user = $this->getSessionVar('wiki_user')) {
if (0 && ($user = $this->getSessionVar('wiki_user'))) {
// switched auth between sessions.
// Note: There's no way to demandload a missing class-definition
// afterwards! (Stupid php)
if (isa($user, WikiUserClassname())) {
$this->_user = $user;
$this->_user->_authhow = 'session';
return ENABLE_USER_NEW ? $user->UserName() : $this->_user;
}
}
// Sessions override http auth
if (!empty($HTTP_SERVER_VARS['PHP_AUTH_USER'])) {
return $HTTP_SERVER_VARS['PHP_AUTH_USER'];
}
// pubcookie et al
if (!empty($HTTP_SERVER_VARS['REMOTE_USER'])) {
return $HTTP_SERVER_VARS['REMOTE_USER'];
}
if (!empty($HTTP_ENV_VARS['REMOTE_USER'])) {
return $HTTP_ENV_VARS['REMOTE_USER'];
}
if ($userid = $this->getCookieVar(getCookieName())) {
if (!empty($userid) and substr($userid, 0, 2) != 's:') {
$this->_user->authhow = 'cookie';
return $userid;
}
}
if ($this->getArg('action') == 'xmlrpc') {
// how about SOAP?
// wiki.putPage has special otional userid/passwd arguments. check that later.
$userid = '';
if (isset($HTTP_SERVER_VARS['REMOTE_USER'])) {
$userid = $HTTP_SERVER_VARS['REMOTE_USER'];
} elseif (isset($HTTP_SERVER_VARS['REMOTE_ADDR'])) {
$userid = $HTTP_SERVER_VARS['REMOTE_ADDR'];
} elseif (isset($HTTP_ENV_VARS['REMOTE_ADDR'])) {
$userid = $HTTP_ENV_VARS['REMOTE_ADDR'];
} elseif (isset($GLOBALS['REMOTE_ADDR'])) {
$userid = $GLOBALS['REMOTE_ADDR'];
}
return $userid;
}
return false;
}
function set($key, $val, $persist_days = false, $path = false)
{
// if already defined, ignore
if (defined('MAIN_setUser') and $key = getCookieName()) {
return;
}
if (defined('WIKI_XMLRPC') and WIKI_XMLRPC) {
return;
}
$vars =& $GLOBALS['HTTP_COOKIE_VARS'];
if (is_numeric($persist_days)) {
$expires = time() + 24 * 3600 * $persist_days;
} else {
$expires = 0;
}
if (is_array($val) or is_object($val)) {
$packedval = base64_encode(serialize($val));
} else {
$packedval = urlencode($val);
}
$vars[$key] = $packedval;
@($_COOKIE[$key] = $packedval);
if ($path) {
@setcookie($key, $packedval, $expires, $path);
} else {
@setcookie($key, $packedval, $expires);
}
}
function setPreferences($prefs, $id_only = false)
{
if (!is_object($prefs)) {
$prefs = new UserPreferences($prefs);
}
// update the session and id
$this->_request->setSessionVar('wiki_prefs', $prefs);
// $this->_request->setCookieVar('WIKI_PREFS2', $this->_prefs, 365);
// simple unpacked cookie
if ($this->_userid) {
setcookie(getCookieName(), $this->_userid, 365, '/');
}
// We must ensure that any password is encrypted.
// We don't need any plaintext password.
if (!$id_only) {
if ($this->isSignedIn()) {
if ($this->isAdmin()) {
$prefs->set('passwd', '');
}
// already stored in config/config.ini, and it might be
// plaintext! well oh well
if ($homepage = $this->homePage()) {
// check for page revision 0
if (!$this->_dbi->isWikiPage($this->_userid)) {
trigger_error(_("Your home page has not been created yet so your preferences cannot not be saved."), E_USER_WARNING);
} else {
if ($this->isAdmin() || !$homepage->get('locked')) {
$homepage->set('pref', serialize($prefs->_prefs));
return sizeof($prefs->_prefs);
} else {
// An "empty" page could still be
// intentionally locked by admin to
// prevent its creation.
//
// FIXME: This permission situation should
// probably be handled by the DB backend,
// once the new WikiUser code has been
// implemented.
trigger_error(_("Your home page is locked so your preferences cannot not be saved.") . " " . _("Please contact your PhpWiki administrator for assistance."), E_USER_WARNING);
}
}
} else {
trigger_error("No homepage for user found. Creating one...", E_USER_WARNING);
$this->createHomepage($prefs);
//$homepage->set('pref', serialize($prefs->_prefs));
return sizeof($prefs->_prefs);
}
} else {
trigger_error("you must be signed in", E_USER_WARNING);
}
}
return 0;
}
function _deduceUsername()
{
global $HTTP_SERVER_VARS, $HTTP_ENV_VARS;
if (!empty($this->args['auth']) and !empty($this->args['auth']['userid'])) {
return $this->args['auth']['userid'];
}
if ($user = $this->getSessionVar('wiki_user')) {
// Switched auth between sessions.
// Note: There's no way to demandload a missing class-definition
// afterwards! Stupid php.
if (defined('FUSIONFORGE') and FUSIONFORGE) {
if (empty($HTTP_SERVER_VARS['PHP_AUTH_USER'])) {
return false;
}
} else {
if (isa($user, WikiUserClassname())) {
$this->_user = $user;
$this->_user->_authhow = 'session';
return ENABLE_USER_NEW ? $user->UserName() : $this->_user;
}
}
}
// Sessions override http auth
if (!empty($HTTP_SERVER_VARS['PHP_AUTH_USER'])) {
return $HTTP_SERVER_VARS['PHP_AUTH_USER'];
}
// pubcookie et al
if (!empty($HTTP_SERVER_VARS['REMOTE_USER'])) {
return $HTTP_SERVER_VARS['REMOTE_USER'];
}
if (!empty($HTTP_ENV_VARS['REMOTE_USER'])) {
return $HTTP_ENV_VARS['REMOTE_USER'];
}
if ($userid = $this->getCookieVar(getCookieName())) {
if (!empty($userid) and substr($userid, 0, 2) != 's:') {
$this->_user->authhow = 'cookie';
return $userid;
}
}
if ($this->getArg('action') == 'xmlrpc') {
// how about SOAP?
if (empty($GLOBALS['HTTP_RAW_POST_DATA'])) {
trigger_error("Wrong always_populate_raw_post_data = Off setting in your php.ini\nCannot use xmlrpc!", E_USER_ERROR);
}
// wiki.putPage has special otional userid/passwd arguments. check that later.
$userid = '';
if (isset($HTTP_SERVER_VARS['REMOTE_USER'])) {
$userid = $HTTP_SERVER_VARS['REMOTE_USER'];
} elseif (isset($HTTP_SERVER_VARS['REMOTE_ADDR'])) {
$userid = $HTTP_SERVER_VARS['REMOTE_ADDR'];
} elseif (isset($HTTP_ENV_VARS['REMOTE_ADDR'])) {
$userid = $HTTP_ENV_VARS['REMOTE_ADDR'];
} elseif (isset($GLOBALS['REMOTE_ADDR'])) {
$userid = $GLOBALS['REMOTE_ADDR'];
}
return $userid;
}
return false;
}
