/**
* Initialize the auth system.
*
* This function is automatically called at the end of init.php
*
* This used to be the main() of the auth.php
*
* @todo backend loading maybe should be handled by the class autoloader
* @todo maybe split into multiple functions at the XXX marked positions
* @triggers AUTH_LOGIN_CHECK
* @return bool
*/
function auth_setup()
{
global $conf;
/* @var DokuWiki_Auth_Plugin $auth */
global $auth;
/* @var Input $INPUT */
global $INPUT;
global $AUTH_ACL;
global $lang;
/* @var Doku_Plugin_Controller $plugin_controller */
global $plugin_controller;
$AUTH_ACL = array();
if (!$conf['useacl']) {
return false;
}
// try to load auth backend from plugins
foreach ($plugin_controller->getList('auth') as $plugin) {
if ($conf['authtype'] === $plugin) {
$auth = $plugin_controller->load('auth', $plugin);
break;
} elseif ('auth' . $conf['authtype'] === $plugin) {
// matches old auth backends (pre-Weatherwax)
$auth = $plugin_controller->load('auth', $plugin);
msg('Your authtype setting is deprecated. You must set $conf[\'authtype\'] = "auth' . $conf['authtype'] . '"' . ' in your configuration (see <a href="https://www.dokuwiki.org/auth">Authentication Backends</a>)', -1, '', '', MSG_ADMINS_ONLY);
}
}
if (!isset($auth) || !$auth) {
msg($lang['authtempfail'], -1);
return false;
}
if ($auth->success == false) {
// degrade to unauthenticated user
unset($auth);
auth_logoff();
msg($lang['authtempfail'], -1);
return false;
}
// do the login either by cookie or provided credentials XXX
$INPUT->set('http_credentials', false);
if (!$conf['rememberme']) {
$INPUT->set('r', false);
}
// handle renamed HTTP_AUTHORIZATION variable (can happen when a fix like
// the one presented at
// http://www.besthostratings.com/articles/http-auth-php-cgi.html is used
// for enabling HTTP authentication with CGI/SuExec)
if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
}
// streamline HTTP auth credentials (IIS/rewrite -> mod_php)
if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
}
// if no credentials were given try to use HTTP auth (for SSO)
if (!$INPUT->str('u') && empty($_COOKIE[DOKU_COOKIE]) && !empty($_SERVER['PHP_AUTH_USER'])) {
$INPUT->set('u', $_SERVER['PHP_AUTH_USER']);
$INPUT->set('p', $_SERVER['PHP_AUTH_PW']);
$INPUT->set('http_credentials', true);
}
// apply cleaning (auth specific user names, remove control chars)
if (true === $auth->success) {
$INPUT->set('u', $auth->cleanUser(stripctl($INPUT->str('u'))));
$INPUT->set('p', stripctl($INPUT->str('p')));
}
if ($INPUT->str('authtok')) {
// when an authentication token is given, trust the session
auth_validateToken($INPUT->str('authtok'));
} elseif (!is_null($auth) && $auth->canDo('external')) {
// external trust mechanism in place
$auth->trustExternal($INPUT->str('u'), $INPUT->str('p'), $INPUT->bool('r'));
} else {
$evdata = array('user' => $INPUT->str('u'), 'password' => $INPUT->str('p'), 'sticky' => $INPUT->bool('r'), 'silent' => $INPUT->bool('http_credentials'));
trigger_event('AUTH_LOGIN_CHECK', $evdata, 'auth_login_wrapper');
}
//load ACL into a global array XXX
$AUTH_ACL = auth_loadACL();
return true;
}
/**
* Send a HTTP redirect to the browser
*
* Works arround Microsoft IIS cookie sending bug. Exits the script.
*
* @link http://support.microsoft.com/kb/q176113/
* @author Andreas Gohr <*****@*****.**>
*
* @param string $url url being directed to
*/
function send_redirect($url)
{
$url = stripctl($url);
// defend against HTTP Response Splitting
/* @var Input $INPUT */
global $INPUT;
//are there any undisplayed messages? keep them in session for display
global $MSG;
if (isset($MSG) && count($MSG) && !defined('NOSESSION')) {
//reopen session, store data and close session again
@session_start();
$_SESSION[DOKU_COOKIE]['msg'] = $MSG;
}
// always close the session
session_write_close();
// check if running on IIS < 6 with CGI-PHP
if ($INPUT->server->has('SERVER_SOFTWARE') && $INPUT->server->has('GATEWAY_INTERFACE') && strpos($INPUT->server->str('GATEWAY_INTERFACE'), 'CGI') !== false && preg_match('|^Microsoft-IIS/(\\d)\\.\\d$|', trim($INPUT->server->str('SERVER_SOFTWARE')), $matches) && $matches[1] < 6) {
header('Refresh: 0;url=' . $url);
} else {
header('Location: ' . $url);
}
if (defined('DOKU_UNITTEST')) {
return;
}
// no exits during unit tests
exit;
}
/**
* DokuWiki media passthrough file
*
* @license GPL 2 (http://www.gnu.org/licenses/gpl.html)
* @author Andreas Gohr <*****@*****.**>
*/
if (!defined('DOKU_INC')) {
define('DOKU_INC', dirname(__FILE__) . '/../../');
}
define('DOKU_DISABLE_GZIP_OUTPUT', 1);
require_once DOKU_INC . 'inc/init.php';
//close session
session_write_close();
$mimetypes = getMimeTypes();
//get input
$MEDIA = stripctl(getID('media', false));
// no cleaning except control chars - maybe external
$CACHE = calc_cache($_REQUEST['cache']);
$WIDTH = (int) $_REQUEST['w'];
$HEIGHT = (int) $_REQUEST['h'];
list($EXT, $MIME, $DL) = mimetype($MEDIA, false);
if ($EXT === false) {
$EXT = 'unknown';
$MIME = 'application/octet-stream';
$DL = true;
}
// check for permissions, preconditions and cache external files
list($STATUS, $STATUSMESSAGE) = checkFileStatus($MEDIA, $FILE);
// prepare data for plugin events
$data = array('media' => $MEDIA, 'file' => $FILE, 'orig' => $FILE, 'mime' => $MIME, 'download' => $DL, 'cache' => $CACHE, 'ext' => $EXT, 'width' => $WIDTH, 'height' => $HEIGHT, 'status' => $STATUS, 'statusmessage' => $STATUSMESSAGE);
// handle the file status
/**
* This is an extension hook provided by BB2, we use it to do our
* own logging.
*/
function bb2_banned_callback($settings, $package, $key)
{
global $conf;
$data = array();
$data[] = time();
$data[] = stripctl($package['ip']);
$data[] = stripctl($package['request_method']);
$data[] = stripctl($package['request_uri']);
$data[] = stripctl($package['server_protocol']);
$data[] = stripctl($package['user_agent']);
$data[] = stripctl($key);
io_saveFile($conf['cachedir'] . '/badbehaviour.log', join("\t", $data) . "\n", true);
}
