1 <?php rcs_id('$Id: userauth.php,v 1.9 2001-08-14 21:41:10 dairiki Exp $');
3 // It is anticipated that when userid support is added to phpwiki,
4 // this object will hold much more information (e-mail, home(wiki)page,
5 // etc.) about the user.
7 // There seems to be no clean way to "log out" a user when using
8 // HTTP authentication.
9 // So we'll hack around this by storing the currently logged
10 // in username and other state information in a cookie.
14 // default: Anonymous users okay.
15 // 'ANON_OK': Anonymous access is fine.
16 // 'REQUIRE_AUTH': User must be authenticated.
17 // 'LOGOUT': Force logout.
18 // 'LOGIN': Force authenticated login.
19 function WikiUser ($auth_mode = '') {
20 // Restore from cookie.
21 global $WIKI_AUTH, $REMOTE_HOST, $REMOTE_ADDR;
22 if (empty($WIKI_AUTH))
25 $this->state = 'login';
26 $this->realm = 'PhpWiki0000';
29 $this = unserialize(fix_magic_quotes_gpc($WIKI_AUTH));
31 if ($this->state == 'authorized' && $auth_mode == 'LOGIN')
35 $this->state = 'loggedout';
38 if ($auth_mode != 'LOGOUT')
40 $user = $this->_get_authenticated_userid();
42 if (!$user && $auth_mode != 'ANON_OK')
43 $warning = $this->_demand_http_authentication(); //NORETURN
48 // Authentication failed
49 if ($this->state == 'authorized')
51 $this->state = 'loggedout';
52 $this->userid = empty($REMOTE_HOST) ? $REMOTE_ADDR : $REMOTE_HOST;
56 // Successful authentication
57 $this->state = 'authorized';
58 $this->userid = $user;
61 // Save state to cookie.
62 setcookie('WIKI_AUTH', serialize($this), 0, '/');
71 function is_authenticated () {
72 return $this->state == 'authorized';
75 function is_admin () {
76 return $this->is_authenticated() && $this->userid == ADMIN_USER;
79 function must_be_admin ($action = "") {
80 if (! $this->is_admin())
83 $to_what = sprintf(gettext("to perform action '%s'"), $action);
85 $to_what = gettext("to do that");
86 ExitWiki(gettext("You must be logged in as an administrator")
91 // This is a bit of a hack:
92 function setPreferences ($prefs) {
94 $WIKI_PREFS = serialize($prefs);
95 $expires = time() + 365 * 24 * 3600; // expire in a year
96 setcookie('WIKI_PREFS', $WIKI_PREFS, $expires, '/');
99 function getPreferences () {
100 $prefs = array('edit_area.width' => 80,
101 'edit_area.height' => 22);
103 global $HTTP_COOKIE_VARS;
104 if (isset($HTTP_COOKIE_VARS['WIKI_PREFS'])) {
105 $prefcookie = $HTTP_COOKIE_VARS['WIKI_PREFS'];
106 if (is_string($prefcookie)) {
107 $prefcookie = unserialize(fix_magic_quotes_gpc($prefcookie));
108 if (is_array($prefcookie)) {
109 while (list($k, $v) = each($prefs))
110 if (!empty($prefcookie[$k]))
111 $prefs[$k] = $prefcookie[$k];
116 // Some sanity checks. (FIXME: should move somewhere else)
117 if (!($prefs['edit_area.width'] >= 30 && $prefs['edit_area.width'] <= 150))
118 $prefs['edit_area.width'] = 80;
119 if (!($prefs['edit_area.height'] >= 5 && $prefs['edit_area.height'] <= 80))
120 $prefs['edit_area.height'] = 22;
124 function _get_authenticated_userid () {
125 if ( ! ($user = $this->_get_http_authenticated_userid()) )
128 switch ($this->state) {
130 // Either we just asked for a password, or cookies are not enabled.
131 // In either case, proceed with successful login.
134 // We're logged out. Ignore http authed user.
137 // Else, as long as the user hasn't changed, fine.
138 if ($user && $user != $this->userid)
144 function _get_http_authenticated_userid () {
145 global $PHP_AUTH_USER, $PHP_AUTH_PW;
146 global $WikiNameRegexp;
148 if (empty($PHP_AUTH_USER))
151 if ($PHP_AUTH_USER == ADMIN_USER) {
152 if (empty($PHP_AUTH_PW) || $PHP_AUTH_PW != ADMIN_PASSWD)
155 else if (! ALLOW_BOGO_LOGIN) {
158 else if (! preg_match('/\A' . $WikiNameRegexp . '\z/', $PHP_AUTH_USER)) {
162 return $PHP_AUTH_USER;
165 function _demand_http_authentication () {
166 if (!defined('ADMIN_USER') || !defined('ADMIN_PASSWD')
167 || ADMIN_USER == '' || ADMIN_PASSWD =='') {
170 . gettext("You must set the administrator account and password before you can log in.")
176 $this->state = 'login';
177 setcookie('WIKI_AUTH', serialize($this), 0, '/');
178 header('WWW-Authenticate: Basic realm="' . $this->realm . '"');
179 header("HTTP/1.0 401 Unauthorized");
181 $LogEntry->status = 401;
182 echo "<p>" . gettext ("You entered an invalid login or password.") . "\n";
183 if (ALLOW_BOGO_LOGIN) {
185 echo gettext ("You can log in using any valid WikiWord as a user ID.") . "\n";
186 echo gettext ("(Any password will work, except, of course for the admin user.)") . "\n";
196 // c-file-style: "ellemtel"