2 # Copyright (C) 2006 Christian Bayle <bayle@debian.com>
3 # http://www.mediawiki.org/
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 2 of the License, or
8 # (at your option) any later version.
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License along
16 # with this program; if not, write to the Free Software Foundation, Inc.,
17 # 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
18 # http://www.gnu.org/copyleft/gpl.html
21 * Authentication plugin interface. Instantiate a subclass of AuthPlugin
22 * and set $wgAuth to it to authenticate against some external tool.
24 * The default behavior is not to do anything, and use the local user
25 * database for all authentication. A subclass can require that all
26 * accounts authenticate externally, or use it only as a fallback; also
27 * you can transparently create internal wiki accounts the first time
28 * someone logs in who can be authenticated externally.
30 * This interface is new, and might change a bit before 1.4.0 final is
37 # GForgeAuthentication.php
38 # Infos availible at http://bugzilla.wikipedia.org/show_bug.cgi?id=814
40 # Version 1.0f / 07.10.2005
41 # including the fixes describend in comment #50 #51 and #52
43 $wgGroupPermissions['*' ]['createaccount'] = false;
44 //$wgGroupPermissions['*' ]['read'] = false;
45 $wgGroupPermissions['*' ]['edit'] = false;
47 require_once( 'AuthPlugin.php' );
48 require_once( "includes/GForgePre.php" );
50 function GForgeAuthenticationHook() {
58 //echo $_SERVER["HTTP_REFERER"];
59 $wgCacheEpoch = 'date +%Y%m%d%H%M%S';
61 // For a few special pages, don't do anything.
62 $title = $wgRequest->getVal('title') ;
63 if ($title == 'Special:Userlogout' || $title == 'Special:Userlogin') {
66 // Do nothing if session is valid
67 $wgUser = User::loadFromSession();
68 if ($wgUser->isLoggedIn()) {
71 // Do little if user already exists
72 // (set the _REQUEST variable so that Login knows we're authenticated)
73 $username = $G_USERNAME;
74 $u = User::newFromName( $username );
76 # Invalid username or some other error -- force login, just return
80 if ($u->getId() != 0) {
81 $_REQUEST['wpName'] = $username;
82 # also return, but user is know. set Cookies, et al
83 $wgUser->setCookies();
84 $wgUser->saveSettings();
87 // Ok, now we need to create a user.
88 include 'includes/SpecialUserlogin.php';
89 $form = new LoginForm( $wgRequest );
90 $form->initUser( $wgUser );
91 $wgUser->saveSettings();
92 // if it worked: refer to login page, otherwise, exit
93 header( "Location: http" .
94 (isset($_SERVER['HTTPS'])
95 && $_SERVER['HTTPS'] == "on" ? "s" : "") .
96 "://" . $_SERVER['SERVER_NAME'] . ":" . $_SERVER['SERVER_PORT'] .
98 ( isset($_SERVER['URL']) ? $_SERVER['PATH_INFO'] .
99 ( $_SERVER['QUERY_STRING'] ? "?" . $_SERVER['QUERY_STRING'] : "" )
102 // Now redirect to referred page
108 class GForgeAuthenticationPlugin extends AuthPlugin {
109 var $email, $lang, $realname, $nickname, $SearchType;
111 function GForgeAuthenticationPlugin() {
112 //if (session_loggedin()){
113 global $wgExtensionFunctions;
114 if (!isset($wgExtensionFunctions)) {
115 $wgExtensionFunctions = array();
117 else if (!is_array($wgExtensionFunctions)) {
118 $wgExtensionFunctions = array( $wgExtensionFunctions );
120 array_push($wgExtensionFunctions, 'GForgeAuthenticationHook');
125 // disallow password change
126 function allowPasswordChange() {
131 * Check whether there exists a user account with the given name.
132 * The name will be normalized to MediaWiki's requirements, so
133 * you might need to munge it (for instance, for lowercase initial
136 * @param string $username
140 //return whether $username is a valid username
141 function userExists( $username ) {
142 // in media wiki 1.5.5 this should always be true for autocreate() to work right
147 * Check if a username+password pair is a valid login.
148 * The name will be normalized to MediaWiki's requirements, so
149 * you might need to munge it (for instance, for lowercase initial
152 * @param string $username
153 * @param string $password
157 function authenticate( $username, $password ) {
160 echo '<h1>XXXXXX'.$username.$G_USERNAME.'</h1>';
161 if (strtolower($username) != $G_USERNAME) {
164 return isset($G_USERNAME);
166 return session_login_valid(strtolower($username),$password);
170 * Modify options in the login template.
172 * @param UserLoginTemplate $template
175 function modifyUITemplate( &$template ) {
176 $template->set( 'create', false );
177 $template->set( 'usedomain', false );
178 $template->set( 'useemail', false );
180 //disable the mail new password box
181 $template->set("useemail", false);
182 //disable 'remember me' box
183 $template->set("remember", false);
184 //$template->set("create", false);
185 $template->set("domain", false);
189 * Return true if the wiki should create a new local account automatically
190 * when asked to login a user who doesn't exist locally but does in the
191 * external auth database.
193 * This is just a question, and shouldn't perform any actions.
198 //The authorization is external, so autocreate accounts as necessary
199 function autoCreate() {
204 * Set the given password in the authentication database.
205 * Return true if successful.
207 * @param string $password
211 function setPassword( $user, &$password ) {
212 //$this->printDebug("Entering setPassword",1);
217 * Update user information in the external authentication database.
218 * Return true if successful.
224 function updateExternalDB( $user ) {
225 //$this->printDebug("Entering updateExternalDB",1);
226 $this->email = $user->getEmail();
227 $this->realname = $user->getRealName();
228 $this->nickname = $user->getOption('nickname');
229 $this->language = $user->getOption('language');
233 function canCreateAccounts() {
238 * Add a user to the external authentication database.
239 * Return true if successful.
242 * @param string $password
246 function addUser( $user, $password ) {
247 //$this->printDebug("Entering addUser",1);
251 * Return true to prevent logins that don't authenticate here from being
252 * checked against the local database's password fields.
254 * This is just a question, and shouldn't perform any actions.
264 * When creating a user account, optionally fill in preferences and such.
265 * For instance, you might pull the email address or real name from the
266 * external user database.
268 * The User object is passed by reference so it can be modified; don't
269 * forget the & on your function declaration.
274 function initUser( &$user ) {
276 //unless you want the person to be nameless, you should probably populate
277 // info about this user here
278 if (isset($G_SESSION)){
279 $user->setRealName($G_SESSION->getRealName());
280 $user->setEmail($G_SESSION->getEmail());
282 $user->mEmailAuthenticated = wfTimestampNow();
285 //turn on e-mail notifications by default
286 $user->setOption('enotifwatchlistpages', 1);
287 $user->setOption('enotifusertalkpages', 1);
288 $user->setOption('enotifminoredits', 1);
289 $user->setOption('enotifrevealaddr', 1);
292 function getGForgeUserSession( &$wgUser ) {
293 $wgUser = new User();
294 if (session_loggedin()) {
295 //User::SetupSession();
296 $this->initUser(&$wgUser);