From a9be7d8e0c7b7ee4d2c1241c421577594516cca7 Mon Sep 17 00:00:00 2001 From: vargenau Date: Thu, 4 Mar 2010 10:30:39 +0000 Subject: [PATCH] Replace tabs by spaces; remove EOL spaces git-svn-id: svn://svn.code.sf.net/p/phpwiki/code/trunk@7301 96ab9672-09ca-45d6-a79d-3d69d39ca109 --- lib/WikiUser/AdoDb.php | 70 ++++++++-------- lib/WikiUser/BogoLogin.php | 4 +- lib/WikiUser/Db.php | 14 ++-- lib/WikiUser/EMailConfirm.php | 4 +- lib/WikiUser/Facebook.php | 10 +-- lib/WikiUser/File.php | 12 +-- lib/WikiUser/Forbidden.php | 4 +- lib/WikiUser/GForge.php | 26 +++--- lib/WikiUser/HttpAuth.php | 56 ++++++------- lib/WikiUser/HttpAuthUpper.php | 64 +++++++-------- lib/WikiUser/IMAP.php | 18 ++--- lib/WikiUser/LDAP.php | 144 ++++++++++++++++----------------- lib/WikiUser/LdapUpper.php | 16 ++-- lib/WikiUser/OpenID.php | 2 +- lib/WikiUser/POP3.php | 8 +- lib/WikiUser/PdoDb.php | 18 ++--- lib/WikiUser/PearDb.php | 62 +++++++------- lib/WikiUser/PersonalPage.php | 12 +-- lib/WikiUser/Session.php | 4 +- 19 files changed, 274 insertions(+), 274 deletions(-) diff --git a/lib/WikiUser/AdoDb.php b/lib/WikiUser/AdoDb.php index e7e57aaf9..a91e222db 100644 --- a/lib/WikiUser/AdoDb.php +++ b/lib/WikiUser/AdoDb.php @@ -12,7 +12,7 @@ extends _DbPassUser * ADODB methods * Simple sprintf, no prepare. * - * Warning: Since we use FETCH_MODE_ASSOC (string hash) and not the also faster + * Warning: Since we use FETCH_MODE_ASSOC (string hash) and not the also faster * FETCH_MODE_ROW (numeric), we have to use the correct aliases in auth_* sql statements! * * TODO: Change FETCH_MODE in adodb WikiDB sublasses. @@ -78,28 +78,28 @@ extends _DbPassUser if (!$id_only and isset($this->_prefs->_update)) { $this->getAuthDbh(); $dbh = &$this->_auth_dbi; - // check if the user already exists (not needed with mysql REPLACE) - $rs = $dbh->Execute(sprintf($this->_prefs->_select, $dbh->qstr($this->_userid))); - if ($rs->EOF) { - $rs->Close(); - $prefs_blob = false; - } else { - $prefs_blob = @$rs->fields['prefs']; - $rs->Close(); - } - if ($prefs_blob) { - $db_result = $dbh->Execute(sprintf($this->_prefs->_update, - $dbh->qstr($packed), - $dbh->qstr($this->_userid))); - } else { - // Otherwise, insert a record for them and set it to the defaults. - $dbi = $request->getDbh(); - $this->_prefs->_insert = $this->prepare($dbi->getAuthParam('pref_insert'), - array("pref_blob", "userid")); - $db_result = $dbh->Execute(sprintf($this->_prefs->_insert, - $dbh->qstr($packed), - $dbh->qstr($this->_userid))); - } + // check if the user already exists (not needed with mysql REPLACE) + $rs = $dbh->Execute(sprintf($this->_prefs->_select, $dbh->qstr($this->_userid))); + if ($rs->EOF) { + $rs->Close(); + $prefs_blob = false; + } else { + $prefs_blob = @$rs->fields['prefs']; + $rs->Close(); + } + if ($prefs_blob) { + $db_result = $dbh->Execute(sprintf($this->_prefs->_update, + $dbh->qstr($packed), + $dbh->qstr($this->_userid))); + } else { + // Otherwise, insert a record for them and set it to the defaults. + $dbi = $request->getDbh(); + $this->_prefs->_insert = $this->prepare($dbi->getAuthParam('pref_insert'), + array("pref_blob", "userid")); + $db_result = $dbh->Execute(sprintf($this->_prefs->_insert, + $dbh->qstr($packed), + $dbh->qstr($this->_userid))); + } $db_result->Close(); // delete pageprefs: if ($this->_HomePagehandle and $this->_HomePagehandle->get('pref')) @@ -113,7 +113,7 @@ extends _DbPassUser } return 0; } - + function userExists() { $this->getAuthDbh(); $dbh = &$this->_auth_dbi; @@ -126,11 +126,11 @@ extends _DbPassUser $dbi =& $GLOBALS['request']->_dbi; // Prepare the configured auth statements if ($dbi->getAuthParam('auth_check') and empty($this->_authselect)) { - $this->_authselect = $this->prepare($dbi->getAuthParam('auth_check'), + $this->_authselect = $this->prepare($dbi->getAuthParam('auth_check'), array("password", "userid")); } //NOTE: for auth_crypt_method='crypt' no special auth_user_exists is needed - if ( !$dbi->getAuthParam('auth_user_exists') + if ( !$dbi->getAuthParam('auth_user_exists') and $this->_auth_crypt_method == 'crypt' and $this->_authselect) { @@ -146,7 +146,7 @@ extends _DbPassUser if (! $dbi->getAuthParam('auth_user_exists')) trigger_error(fmt("%s is missing", 'DBAUTH_AUTH_USER_EXISTS'), E_USER_WARNING); - $this->_authcheck = $this->prepare($dbi->getAuthParam('auth_user_exists'), + $this->_authcheck = $this->prepare($dbi->getAuthParam('auth_user_exists'), 'userid'); $rs = $dbh->Execute(sprintf($this->_authcheck, $dbh->qstr($this->_userid))); if (!$rs->EOF) { @@ -157,16 +157,16 @@ extends _DbPassUser } } // User does not exist yet. - // Maybe the user is allowed to create himself. Generally not wanted in - // external databases, but maybe wanted for the wiki database, for performance + // Maybe the user is allowed to create himself. Generally not wanted in + // external databases, but maybe wanted for the wiki database, for performance // reasons if (empty($this->_authcreate) and $dbi->getAuthParam('auth_create')) { $this->_authcreate = $this->prepare($dbi->getAuthParam('auth_create'), array("password", "userid")); } - if (!empty($this->_authcreate) and + if (!empty($this->_authcreate) and isset($GLOBALS['HTTP_POST_VARS']['auth']) and - isset($GLOBALS['HTTP_POST_VARS']['auth']['passwd'])) + isset($GLOBALS['HTTP_POST_VARS']['auth']['passwd'])) { $passwd = $GLOBALS['HTTP_POST_VARS']['auth']['passwd']; $dbh->Execute(sprintf($this->_authcreate, @@ -174,7 +174,7 @@ extends _DbPassUser $dbh->qstr($this->_userid))); return true; } - + return $this->_tryNextUser(); } @@ -205,8 +205,8 @@ extends _DbPassUser E_USER_WARNING); //NOTE: for auth_crypt_method='crypt' defined('ENCRYPTED_PASSWD',true) must be set if ($this->_auth_crypt_method == 'crypt') { - $rs = $dbh->Execute(sprintf($this->_authselect, - $dbh->qstr($this->_userid))); + $rs = $dbh->Execute(sprintf($this->_authselect, + $dbh->qstr($this->_userid))); if (!$rs->EOF) { $stored_password = $rs->fields['password']; $rs->Close(); @@ -233,7 +233,7 @@ extends _DbPassUser $result = !empty($okay); } - if ($result) { + if ($result) { $this->_level = WIKIAUTH_USER; return $this->_level; } elseif (USER_AUTH_POLICY === 'strict') { diff --git a/lib/WikiUser/BogoLogin.php b/lib/WikiUser/BogoLogin.php index f131d9051..7c98adf1f 100644 --- a/lib/WikiUser/BogoLogin.php +++ b/lib/WikiUser/BogoLogin.php @@ -4,13 +4,13 @@ rcs_id('$Id$'); * This file is part of PhpWiki. Terms and Conditions see LICENSE. (GPL2) */ -/** Without stored password. A _BogoLoginPassUser with password +/** Without stored password. A _BogoLoginPassUser with password * is automatically upgraded to a PersonalPagePassUser. */ class _BogoLoginPassUser extends _PassUser { var $_authmethod = 'BogoLogin'; - + function userExists() { if (isWikiWord($this->_userid)) { $this->_level = WIKIAUTH_BOGO; diff --git a/lib/WikiUser/Db.php b/lib/WikiUser/Db.php index f55b94792..f565f9ca0 100644 --- a/lib/WikiUser/Db.php +++ b/lib/WikiUser/Db.php @@ -13,15 +13,15 @@ rcs_id('$Id$'); * libnss-mysql. * * We support only the SQL and ADODB backends. - * The other WikiDB backends (flat, cvs, dba, ...) should be used for pages, - * not for auth stuff. If one would like to use e.g. dba for auth, he should - * use PearDB (SQL) with the right $DBAuthParam['auth_dsn']. - * (Not supported yet, since we require SQL. SQLite would make since when + * The other WikiDB backends (flat, cvs, dba, ...) should be used for pages, + * not for auth stuff. If one would like to use e.g. dba for auth, he should + * use PearDB (SQL) with the right $DBAuthParam['auth_dsn']. + * (Not supported yet, since we require SQL. SQLite would make since when * it will come to PHP) * * @tables: user, pref * - * Preferences are handled in the parent class _PassUser, because the + * Preferences are handled in the parent class _PassUser, because the * previous classes may also use DB pref_select and pref_update. * * Flat files auth is handled by the auth method "File". @@ -31,7 +31,7 @@ extends _PassUser { var $_authselect, $_authupdate, $_authcreate; - // This can only be called from _PassUser, because the parent class + // This can only be called from _PassUser, because the parent class // sets the auth_dbi and pref methods, before this class is initialized. function _DbPassUser($UserName='',$prefs=false) { if (!$this->_prefs) { @@ -81,7 +81,7 @@ extends _PassUser return false; } - /* Since we properly quote the username, we allow most chars here. + /* Since we properly quote the username, we allow most chars here. Just " ; and ' is forbidden, max length: 48 as defined in the schema. */ function isValidName ($userid = false) { diff --git a/lib/WikiUser/EMailConfirm.php b/lib/WikiUser/EMailConfirm.php index a17325221..cfd532dd7 100644 --- a/lib/WikiUser/EMailConfirm.php +++ b/lib/WikiUser/EMailConfirm.php @@ -7,7 +7,7 @@ rcs_id('$Id$'); class _EMailConfirmPassUser extends _PassUser /** - * Unconfirmed users have ANON access, + * Unconfirmed users have ANON access, * confirmed users are equal to passusers WIKIAUTH_USER. * * Users give their email at registration, phpwiki sends a link per email, @@ -16,7 +16,7 @@ extends _PassUser * Preferences are handled in _PassUser */ { - // This can only be called from _PassUser, because the parent class + // This can only be called from _PassUser, because the parent class // sets the pref methods, before this class is initialized. function _EMailConfirmPassUser($UserName='', $prefs=false, $file='') { if (!$this->_prefs and isa($this, "_EMailPassUser")) { diff --git a/lib/WikiUser/Facebook.php b/lib/WikiUser/Facebook.php index bd30f2523..f5aaca9ea 100644 --- a/lib/WikiUser/Facebook.php +++ b/lib/WikiUser/Facebook.php @@ -26,12 +26,12 @@ extends _PassUser { $web = new HttpClient("www.facebook.com", 80); if (DEBUG & _DEBUG_LOGIN) $web->setDebug(true); // collect cookies from http://www.facebook.com/login.php - $web->persist_cookies = true; + $web->persist_cookies = true; $web->cookie_host = 'www.facebook.com'; $firstlogin = $web->get("/login.php"); if (!$firstlogin) { if (DEBUG & (_DEBUG_LOGIN | _DEBUG_VERBOSE)) - trigger_error(sprintf(_("Facebook connect failed with %d %s"), + trigger_error(sprintf(_("Facebook connect failed with %d %s"), $web->status, $web->errormsg), E_USER_WARNING); } @@ -45,7 +45,7 @@ extends _PassUser { E_USER_WARNING); } $this->_authmethod = 'Facebook'; - if (DEBUG & _DEBUG_LOGIN) trigger_error(get_class($this)."::checkPass => $retval", + if (DEBUG & _DEBUG_LOGIN) trigger_error(get_class($this)."::checkPass => $retval", E_USER_WARNING); if ($retval) { $this->_level = WIKIAUTH_USER; @@ -62,8 +62,8 @@ extends _PassUser { E_USER_WARNING); return $this->_tryNextUser(); } - if (DEBUG & _DEBUG_LOGIN) - trigger_error(get_class($this)."::userExists => true (dummy)", E_USER_WARNING); + if (DEBUG & _DEBUG_LOGIN) + trigger_error(get_class($this)."::userExists => true (dummy)", E_USER_WARNING); return true; } } diff --git a/lib/WikiUser/File.php b/lib/WikiUser/File.php index 6d32d27eb..c845cf7a1 100644 --- a/lib/WikiUser/File.php +++ b/lib/WikiUser/File.php @@ -15,7 +15,7 @@ extends _PassUser { var $_file, $_may_change; - // This can only be called from _PassUser, because the parent class + // This can only be called from _PassUser, because the parent class // sets the pref methods, before this class is initialized. function _FilePassUser($UserName='', $prefs=false, $file='') { if (!$this->_prefs and isa($this, "_FilePassUser")) { @@ -29,7 +29,7 @@ extends _PassUser if (empty($file) and defined('AUTH_USER_FILE')) $file = AUTH_USER_FILE; // same style as in main.php - include_once(dirname(__FILE__)."/../pear/File_Passwd.php"); + include_once(dirname(__FILE__)."/../pear/File_Passwd.php"); // "__PHP_Incomplete_Class" if (!empty($file) or empty($this->_file) or !isa($this->_file, "File_Passwd")) $this->_file = new File_Passwd($file, false, $file.'.lock'); @@ -37,7 +37,7 @@ extends _PassUser return false; return $this; } - + function mayChangePass() { return $this->_may_change; } @@ -49,7 +49,7 @@ extends _PassUser $this->_authmethod = 'File'; if (isset($this->_file->users[$this->_userid])) return true; - + return $this->_tryNextUser(); } @@ -69,7 +69,7 @@ extends _PassUser $this->_level = WIKIAUTH_ADMIN; return $this->_level; } - + return $this->_tryNextPass($submitted_password); } @@ -78,7 +78,7 @@ extends _PassUser return false; } if ($this->_may_change) { - $this->_file = new File_Passwd($this->_file->filename, true, + $this->_file = new File_Passwd($this->_file->filename, true, $this->_file->filename.'.lock'); $result = $this->_file->modUser($this->_userid, $submitted_password); $this->_file->close(); diff --git a/lib/WikiUser/Forbidden.php b/lib/WikiUser/Forbidden.php index c6142bf92..9bc5a6b75 100644 --- a/lib/WikiUser/Forbidden.php +++ b/lib/WikiUser/Forbidden.php @@ -4,8 +4,8 @@ rcs_id('$Id$'); * This file is part of PhpWiki. Terms and Conditions see LICENSE. (GPL2) */ -/** - * The PassUser name gets created automatically. +/** + * The PassUser name gets created automatically. * That's why this class is empty, but must exist. */ class _ForbiddenPassUser diff --git a/lib/WikiUser/GForge.php b/lib/WikiUser/GForge.php index 2d80c2434..812f1f7b4 100644 --- a/lib/WikiUser/GForge.php +++ b/lib/WikiUser/GForge.php @@ -4,30 +4,30 @@ rcs_id('$Id$'); * This file is part of PhpWiki. Terms and Conditions see LICENSE. (GPL2) */ -/** Call the gforge functions to get the username - * +/** Call the gforge functions to get the username + * */ class _GForgePassUser extends _PassUser { var $_is_external = 0; - + function _GForgePassUser($UserName='',$prefs=false) { - if ($prefs) $this->_prefs = $prefs; + if ($prefs) $this->_prefs = $prefs; if (!isset($this->_prefs->_method)) _PassUser::_PassUser($UserName); if ($UserName) $this->_userid = $UserName; $this->_authmethod = 'GForge'; - - // Is this double check really needed? + + // Is this double check really needed? // It is not expensive so we keep it for now. if ($this->userExists()) return $this; - else + else return $GLOBALS['ForbiddenUser']; } function userExists() { - global $group_id; + global $group_id; // Mapping (phpWiki vs GForge) performed is: // ANON for non logged or non member @@ -37,7 +37,7 @@ class _GForgePassUser extends _PassUser { // Get project object (if error => ANON) $project =& group_get_object($group_id); - + if (!$project || !is_object($project)) { $this->_level = WIKIAUTH_ANON; return false; @@ -56,7 +56,7 @@ class _GForgePassUser extends _PassUser { $member = $perm->isMember(); } - if ($member) { + if ($member) { $this->_userid = $user->getRealName(); $this->_is_external = $user->getIsExternal(); if ($perm->isAdmin()) { @@ -67,12 +67,12 @@ class _GForgePassUser extends _PassUser { return $this; } } - $this->_level = WIKIAUTH_ANON; - return false; + $this->_level = WIKIAUTH_ANON; + return false; } function checkPass($submitted_password) { - return $this->userExists() + return $this->userExists() ? ($this->isAdmin() ? WIKIAUTH_ADMIN : WIKIAUTH_USER) : WIKIAUTH_ANON; } diff --git a/lib/WikiUser/HttpAuth.php b/lib/WikiUser/HttpAuth.php index 5893d9f7f..7ed64828b 100644 --- a/lib/WikiUser/HttpAuth.php +++ b/lib/WikiUser/HttpAuth.php @@ -6,12 +6,12 @@ rcs_id('$Id$'); /** * We have two possibilities here. - * 1) The webserver location is already HTTP protected. Usually Basic, but also + * 1) The webserver location is already HTTP protected. Usually Basic, but also * NTLM or Digest. Then just use this username and do nothing. * 2) The webserver location is not protected, so we enforce basic HTTP Protection * by sending a 401 error and let the client display the login dialog. * This makes only sense if HttpAuth is the last method in USER_AUTH_ORDER, - * since the other methods cannot be transparently called after this enforced + * since the other methods cannot be transparently called after this enforced * external dialog. * Try the available auth methods (most likely Bogo) and sent this header back. * header('Authorization: Basic '.base64_encode("$userid:$passwd")."\r\n"; @@ -25,8 +25,8 @@ extends _PassUser _PassUser::_PassUser($UserName); if ($UserName) $this->_userid = $UserName; $this->_authmethod = 'HttpAuth'; - - // Is this double check really needed? + + // Is this double check really needed? // It is not expensive so we keep it for now. if ($this->userExists()) { return $this; @@ -38,8 +38,8 @@ extends _PassUser // FIXME! This doesn't work yet! // Allow httpauth by other method: Admin for now only function _fake_auth($userid, $passwd) { - return false; - + return false; + header('WWW-Authenticate: Basic realm="'.WIKI_NAME.'"'); header("Authorization: Basic ".base64_encode($userid.":".$passwd)); if (!isset($_SERVER)) @@ -53,14 +53,14 @@ extends _PassUser function logout() { if (!isset($_SERVER)) $_SERVER =& $GLOBALS['HTTP_SERVER_VARS']; - // Maybe we should random the realm to really force a logout. + // Maybe we should random the realm to really force a logout. // But the next login will fail. // better_srand(); $realm = microtime().rand(); // TODO: On AUTH_TYPE=NTLM this will fail. Only Basic supported so far. header('WWW-Authenticate: Basic realm="'.WIKI_NAME.'"'); if (strstr(php_sapi_name(), 'apache')) - header('HTTP/1.0 401 Unauthorized'); - else + header('HTTP/1.0 401 Unauthorized'); + else header("Status: 401 Access Denied"); //IIS and CGI need that unset($GLOBALS['REMOTE_USER']); unset($_SERVER['PHP_AUTH_USER']); @@ -70,30 +70,30 @@ extends _PassUser function _http_username() { if (!isset($_SERVER)) $_SERVER =& $GLOBALS['HTTP_SERVER_VARS']; - if (!empty($_SERVER['PHP_AUTH_USER'])) - return $_SERVER['PHP_AUTH_USER']; - if (!empty($_SERVER['REMOTE_USER'])) - return $_SERVER['REMOTE_USER']; + if (!empty($_SERVER['PHP_AUTH_USER'])) + return $_SERVER['PHP_AUTH_USER']; + if (!empty($_SERVER['REMOTE_USER'])) + return $_SERVER['REMOTE_USER']; if (!empty($GLOBALS['HTTP_ENV_VARS']['REMOTE_USER'])) - return $GLOBALS['HTTP_ENV_VARS']['REMOTE_USER']; - if (!empty($GLOBALS['REMOTE_USER'])) - return $GLOBALS['REMOTE_USER']; - // IIS + Basic - if (!empty($_SERVER['HTTP_AUTHORIZATION'])) { - list($userid, $passwd) = explode(':', + return $GLOBALS['HTTP_ENV_VARS']['REMOTE_USER']; + if (!empty($GLOBALS['REMOTE_USER'])) + return $GLOBALS['REMOTE_USER']; + // IIS + Basic + if (!empty($_SERVER['HTTP_AUTHORIZATION'])) { + list($userid, $passwd) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6))); return $userid; - } - return ''; + } + return ''; } - + // force http auth authorization function userExists() { if (!isset($_SERVER)) $_SERVER =& $GLOBALS['HTTP_SERVER_VARS']; $username = $this->_http_username(); - if (strstr($username, "\\") - and isset($_SERVER['AUTH_TYPE']) + if (strstr($username, "\\") + and isset($_SERVER['AUTH_TYPE']) and $_SERVER['AUTH_TYPE'] == 'NTLM') { // allow domain\user, change userid to domain/user @@ -103,7 +103,7 @@ extends _PassUser } // FIXME: if AUTH_TYPE = NTLM there's a domain\\name <> domain\name mismatch if (empty($username) - or strtolower($username) != strtolower($this->_userid)) + or strtolower($username) != strtolower($this->_userid)) { $this->logout(); $user = $GLOBALS['ForbiddenUser']; @@ -113,17 +113,17 @@ extends _PassUser //exit; } $this->_userid = $username; - // we should check if he is a member of admin, + // we should check if he is a member of admin, // because HttpAuth has its own logic. $this->_level = WIKIAUTH_USER; if ($this->isAdmin()) $this->_level = WIKIAUTH_ADMIN; return $this; } - + // ignore password, this is checked by the webservers http auth. function checkPass($submitted_password) { - return $this->userExists() + return $this->userExists() ? ($this->isAdmin() ? WIKIAUTH_ADMIN : WIKIAUTH_USER) : WIKIAUTH_ANON; } diff --git a/lib/WikiUser/HttpAuthUpper.php b/lib/WikiUser/HttpAuthUpper.php index 1d630ea6e..1f69442e3 100644 --- a/lib/WikiUser/HttpAuthUpper.php +++ b/lib/WikiUser/HttpAuthUpper.php @@ -6,13 +6,13 @@ rcs_id('$Id$'); /** * We have two possibilities here: - * 1) The webserver location is already HTTP protected. - * Usually Basic by some auth module (ldap, mysql, ...), but also NTLM or Digest. + * 1) The webserver location is already HTTP protected. + * Usually Basic by some auth module (ldap, mysql, ...), but also NTLM or Digest. * Then just use this username and do nothing. * 2) The webserver location is not protected, so we enforce basic HTTP Protection * by sending a 401 error and let the client display the login dialog. * This makes only sense if HttpAuth is the last method in USER_AUTH_ORDER, - * since the other methods cannot be transparently called after this enforced + * since the other methods cannot be transparently called after this enforced * external dialog. * Try the available auth methods (most likely Bogo) and sent this header back. * header('Authorization: Basic '.base64_encode("$userid:$passwd")."\r\n"; @@ -24,11 +24,11 @@ extends _PassUser if ($prefs) $this->_prefs = $prefs; if (!isset($this->_prefs->_method)) _PassUser::_PassUser($UserName); - if ($UserName) + if ($UserName) $this->_userid = $UserName; $this->_authmethod = 'HttpAuthUpper'; - - // Is this double check really needed? + + // Is this double check really needed? // It is not expensive so we keep it for now. if ($this->userExists()) { return $this; @@ -40,8 +40,8 @@ extends _PassUser // FIXME! This doesn't work yet! // Allow httpauth by other method: Admin for now only function _fake_auth($userid, $passwd) { - return false; - + return false; + header('WWW-Authenticate: Basic realm="'.WIKI_NAME.'"'); header("Authorization: Basic ".base64_encode($userid.":".$passwd)); if (!isset($_SERVER)) @@ -55,14 +55,14 @@ extends _PassUser function logout() { if (!isset($_SERVER)) $_SERVER =& $GLOBALS['HTTP_SERVER_VARS']; - // Maybe we should random the realm to really force a logout. + // Maybe we should random the realm to really force a logout. // But the next login will fail. // better_srand(); $realm = microtime().rand(); // TODO: On AUTH_TYPE=NTLM this will fail. Only Basic supported so far. header('WWW-Authenticate: Basic realm="'.WIKI_NAME.'"'); if (strstr(php_sapi_name(), 'apache')) - header('HTTP/1.0 401 Unauthorized'); - else + header('HTTP/1.0 401 Unauthorized'); + else header("Status: 401 Access Denied"); //IIS and CGI need that unset($GLOBALS['REMOTE_USER']); unset($_SERVER['PHP_AUTH_USER']); @@ -72,38 +72,38 @@ extends _PassUser function _http_username() { if (!isset($_SERVER)) $_SERVER =& $GLOBALS['HTTP_SERVER_VARS']; - if (!empty($_SERVER['PHP_AUTH_USER'])) - return $_SERVER['PHP_AUTH_USER']; - if (!empty($_SERVER['REMOTE_USER'])) - return $_SERVER['REMOTE_USER']; + if (!empty($_SERVER['PHP_AUTH_USER'])) + return $_SERVER['PHP_AUTH_USER']; + if (!empty($_SERVER['REMOTE_USER'])) + return $_SERVER['REMOTE_USER']; if (!empty($GLOBALS['HTTP_ENV_VARS']['REMOTE_USER'])) - return $GLOBALS['HTTP_ENV_VARS']['REMOTE_USER']; - if (!empty($GLOBALS['REMOTE_USER'])) - return $GLOBALS['REMOTE_USER']; - // IIS + Basic - if (!empty($_SERVER['HTTP_AUTHORIZATION'])) { - list($userid, $passwd) = explode(':', + return $GLOBALS['HTTP_ENV_VARS']['REMOTE_USER']; + if (!empty($GLOBALS['REMOTE_USER'])) + return $GLOBALS['REMOTE_USER']; + // IIS + Basic + if (!empty($_SERVER['HTTP_AUTHORIZATION'])) { + list($userid, $passwd) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6))); return $userid; - } - return ''; + } + return ''; } // special: force upcase username function UserName() { if (!empty($this->_userid)) { - $this->_userid = strtoupper($this->_userid); + $this->_userid = strtoupper($this->_userid); return strtoupper($this->_userid); - } + } } - + // force http auth authorization function userExists() { if (!isset($_SERVER)) $_SERVER =& $GLOBALS['HTTP_SERVER_VARS']; $username = strtoupper($this->_http_username()); - if (strstr($username, "\\") - and isset($_SERVER['AUTH_TYPE']) + if (strstr($username, "\\") + and isset($_SERVER['AUTH_TYPE']) and $_SERVER['AUTH_TYPE'] == 'NTLM') { // allow domain\user, change userid to domain/user @@ -113,7 +113,7 @@ extends _PassUser } // FIXME: if AUTH_TYPE = NTLM there's a domain\\name <> domain\name mismatch if (empty($username) - or strtolower($username) != strtolower($this->_userid)) + or strtolower($username) != strtolower($this->_userid)) { $this->logout(); $user = $GLOBALS['ForbiddenUser']; @@ -123,17 +123,17 @@ extends _PassUser //exit; } $this->_userid = strtoupper($username); - // we should check if he is a member of admin, + // we should check if he is a member of admin, // because HttpAuth has its own logic. $this->_level = WIKIAUTH_USER; if ($this->isAdmin()) $this->_level = WIKIAUTH_ADMIN; return $this; } - + // ignore password, this is checked by the webservers http auth. function checkPass($submitted_password) { - return $this->userExists() + return $this->userExists() ? ($this->isAdmin() ? WIKIAUTH_ADMIN : WIKIAUTH_USER) : WIKIAUTH_ANON; } diff --git a/lib/WikiUser/IMAP.php b/lib/WikiUser/IMAP.php index 8757a3efa..5bf124db4 100644 --- a/lib/WikiUser/IMAP.php +++ b/lib/WikiUser/IMAP.php @@ -14,12 +14,12 @@ extends _PassUser { function checkPass($submitted_password) { if (!$this->isValidName()) { - if (DEBUG & _DEBUG_LOGIN) trigger_error(get_class($this)."::checkPass => failed isValidName", E_USER_WARNING); + if (DEBUG & _DEBUG_LOGIN) trigger_error(get_class($this)."::checkPass => failed isValidName", E_USER_WARNING); trigger_error(_("Invalid username."),E_USER_WARNING); return $this->_tryNextPass($submitted_password); } if (!$this->_checkPassLength($submitted_password)) { - if (DEBUG & _DEBUG_LOGIN) trigger_error(get_class($this)."::checkPass => failed checkPassLength", E_USER_WARNING); + if (DEBUG & _DEBUG_LOGIN) trigger_error(get_class($this)."::checkPass => failed checkPassLength", E_USER_WARNING); return WIKIAUTH_FORBIDDEN; } $userid = $this->_userid; @@ -28,16 +28,16 @@ extends _PassUser if ($mbox) { imap_close($mbox); $this->_authmethod = 'IMAP'; - if (DEBUG & _DEBUG_LOGIN) trigger_error(get_class($this)."::checkPass => ok", E_USER_WARNING); + if (DEBUG & _DEBUG_LOGIN) trigger_error(get_class($this)."::checkPass => ok", E_USER_WARNING); $this->_level = WIKIAUTH_USER; return $this->_level; } else { if ($submitted_password != "") { // if LENGTH 0 is allowed - trigger_error(_("Unable to connect to IMAP server "). IMAP_AUTH_HOST, + trigger_error(_("Unable to connect to IMAP server "). IMAP_AUTH_HOST, E_USER_WARNING); } } - if (DEBUG & _DEBUG_LOGIN) trigger_error(get_class($this)."::checkPass => wrong", E_USER_WARNING); + if (DEBUG & _DEBUG_LOGIN) trigger_error(get_class($this)."::checkPass => wrong", E_USER_WARNING); return $this->_tryNextPass($submitted_password); } @@ -47,15 +47,15 @@ extends _PassUser return true; if ($this->checkPass($this->_prefs->get('passwd'))) { - if (DEBUG & _DEBUG_LOGIN) trigger_error(get_class($this)."::userExists => true (pass ok)", E_USER_WARNING); + if (DEBUG & _DEBUG_LOGIN) trigger_error(get_class($this)."::userExists => true (pass ok)", E_USER_WARNING); return true; - } - if (DEBUG & _DEBUG_LOGIN) trigger_error(get_class($this)."::userExists => false (pass wrong)", E_USER_WARNING); + } + if (DEBUG & _DEBUG_LOGIN) trigger_error(get_class($this)."::userExists => false (pass wrong)", E_USER_WARNING); return $this->_tryNextUser(); } function mayChangePass() { - if (DEBUG & _DEBUG_LOGIN) trigger_error(get_class($this)."::mayChangePass => false", E_USER_WARNING); + if (DEBUG & _DEBUG_LOGIN) trigger_error(get_class($this)."::mayChangePass => false", E_USER_WARNING); return false; } } diff --git a/lib/WikiUser/LDAP.php b/lib/WikiUser/LDAP.php index a74907f06..04770b504 100644 --- a/lib/WikiUser/LDAP.php +++ b/lib/WikiUser/LDAP.php @@ -29,15 +29,15 @@ extends _PassUser if (LDAP_AUTH_USER) if (LDAP_AUTH_PASSWORD) // Windows Active Directory Server is strict - $r = ldap_bind($this->_ldap, LDAP_AUTH_USER, LDAP_AUTH_PASSWORD); + $r = ldap_bind($this->_ldap, LDAP_AUTH_USER, LDAP_AUTH_PASSWORD); else - $r = ldap_bind($this->_ldap, LDAP_AUTH_USER); + $r = ldap_bind($this->_ldap, LDAP_AUTH_USER); else $r = true; // anonymous bind allowed if (!$r) { $this->_free(); trigger_error(sprintf(_("Unable to bind LDAP server %s using %s %s"), - LDAP_AUTH_HOST, LDAP_AUTH_USER, LDAP_AUTH_PASSWORD), + LDAP_AUTH_HOST, LDAP_AUTH_USER, LDAP_AUTH_PASSWORD), E_USER_WARNING); return false; } @@ -47,7 +47,7 @@ extends _PassUser } } - /** + /** * free and close the bound ressources */ function _free() { @@ -58,7 +58,7 @@ extends _PassUser } /** - * LDAP names allow all chars but "*", "(", ")", "\", "NUL". + * LDAP names allow all chars but "*", "(", ")", "\", "NUL". * " should be quoted as \" * Quoting is done by \xx (two-digit hexcode). "*" <=> "\2a" * Non-ascii chars must be converted to utf-8. @@ -67,15 +67,15 @@ extends _PassUser * @see http://www.faqs.org/rfcs/rfc4514.html LDAP String Representation of Distinguished Names */ function _stringEscape($name) { - $name = strtr(utf8_encode($name), - array("*" => "\\2a", - "?" => "\\3f", - "(" => "\\28", - ")" => "\\29", - "\\" => "\\5c", - '"' => '\"', - "\0" => "\\00")); - return $name; + $name = strtr(utf8_encode($name), + array("*" => "\\2a", + "?" => "\\3f", + "(" => "\\28", + ")" => "\\29", + "\\" => "\\5c", + '"' => '\"', + "\0" => "\\00")); + return $name; } /** @@ -84,7 +84,7 @@ extends _PassUser */ function isValidName ($userid = false) { if (!$userid) $userid = $this->_userid; - // We are more restrictive here, but must allow explitly utf-8 + // We are more restrictive here, but must allow explitly utf-8 return preg_match("/^[\-\w_\.@ ]+$/u", $userid) and strlen($userid) < 64; } @@ -98,20 +98,20 @@ extends _PassUser * @see http://www.faqs.org/rfcs/rfc4514.html LDAP String Representation of Distinguished Names */ function _searchparam($userid) { - $euserid = $this->_stringEscape($userid); - // Need to set the right root search information. See config/config.ini - if (LDAP_SEARCH_FILTER) { - $st_search = str_replace("\$userid", $euserid, LDAP_SEARCH_FILTER); - } else { - $st_search = LDAP_SEARCH_FIELD - ? LDAP_SEARCH_FIELD."=$euserid" - : "uid=$euserid"; - } - return $st_search; + $euserid = $this->_stringEscape($userid); + // Need to set the right root search information. See config/config.ini + if (LDAP_SEARCH_FILTER) { + $st_search = str_replace("\$userid", $euserid, LDAP_SEARCH_FILTER); + } else { + $st_search = LDAP_SEARCH_FIELD + ? LDAP_SEARCH_FIELD."=$euserid" + : "uid=$euserid"; + } + return $st_search; } /** - * Passwords must not be escaped, but sent as "stringprep"'ed utf-8. + * Passwords must not be escaped, but sent as "stringprep"'ed utf-8. * * @see http://www.faqs.org/rfcs/rfc4514.html LDAP String Representation of Distinguished Names * @see http://www.faqs.org/rfcs/rfc3454.html stringprep @@ -119,7 +119,7 @@ extends _PassUser function checkPass($submitted_password) { $this->_authmethod = 'LDAP'; - $this->_userid = trim($this->_userid); + $this->_userid = trim($this->_userid); $userid = $this->_userid; if (!$this->isValidName()) { trigger_error(_("Invalid username."), E_USER_WARNING); @@ -130,32 +130,32 @@ extends _PassUser $this->_free(); return WIKIAUTH_FORBIDDEN; } - // A LDAP speciality: Empty passwords are always true for ldap_bind !!! - // So we have to disallow this regardless of PASSWORD_LENGTH_MINIMUM = 0 + // A LDAP speciality: Empty passwords are always true for ldap_bind !!! + // So we have to disallow this regardless of PASSWORD_LENGTH_MINIMUM = 0 if (strlen($submitted_password) == 0) { trigger_error(_("Empty password not allowed for LDAP"), E_USER_WARNING); $this->_free(); - return $this->_tryNextPass($submitted_password); - //return WIKIAUTH_FORBIDDEN; + return $this->_tryNextPass($submitted_password); + //return WIKIAUTH_FORBIDDEN; } /*if (strstr($userid,'*')) { // should be safely escaped now - trigger_error(fmt("Invalid username '%s' for LDAP Auth", $userid), + trigger_error(fmt("Invalid username '%s' for LDAP Auth", $userid), E_USER_WARNING); return WIKIAUTH_FORBIDDEN; - }*/ + }*/ if ($ldap = $this->_init()) { - $st_search = $this->_searchparam($userid); + $st_search = $this->_searchparam($userid); if (!$this->_sr = ldap_search($ldap, LDAP_BASE_DN, $st_search)) { - trigger_error(_("Could not search in LDAP"), E_USER_WARNING); - $this->_free(); + trigger_error(_("Could not search in LDAP"), E_USER_WARNING); + $this->_free(); return $this->_tryNextPass($submitted_password); } - $info = ldap_get_entries($ldap, $this->_sr); + $info = ldap_get_entries($ldap, $this->_sr); if (empty($info["count"])) { - if (DEBUG) - trigger_error(_("User not found in LDAP"), E_USER_WARNING); - $this->_free(); + if (DEBUG) + trigger_error(_("User not found in LDAP"), E_USER_WARNING); + $this->_free(); return $this->_tryNextPass($submitted_password); } // There may be more hits with this userid. @@ -163,69 +163,69 @@ extends _PassUser for ($i = 0; $i < $info["count"]; $i++) { $dn = $info[$i]["dn"]; // The password must be converted to utf-8, but unescaped. - // On wrong password the ldap server will return: + // On wrong password the ldap server will return: // "Unable to bind to server: Server is unwilling to perform" // The @ catches this error message. - // If CHARSET=utf-8 the form should have already converted it to utf-8. + // If CHARSET=utf-8 the form should have already converted it to utf-8. if ($r = @ldap_bind($ldap, $dn, $submitted_password)) { // ldap_bind will return TRUE if everything matches - // Optionally get the mail from LDAP - if (!empty($info[$i]["mail"][0])) { - $this->_prefs->_prefs['email']->default_value = $info[$i]["mail"][0]; - } - $this->_free(); + // Optionally get the mail from LDAP + if (!empty($info[$i]["mail"][0])) { + $this->_prefs->_prefs['email']->default_value = $info[$i]["mail"][0]; + } + $this->_free(); $this->_level = WIKIAUTH_USER; return $this->_level; } else { - // Try again, this time explicitly - if ($r = @ldap_bind($ldap, $dn, utf8_encode($submitted_password))) { - if (!empty($info[$i]["mail"][0])) { - $this->_prefs->_prefs['email']->default_value = $info[$i]["mail"][0]; - } - $this->_free(); - $this->_level = WIKIAUTH_USER; - return $this->_level; - } - } + // Try again, this time explicitly + if ($r = @ldap_bind($ldap, $dn, utf8_encode($submitted_password))) { + if (!empty($info[$i]["mail"][0])) { + $this->_prefs->_prefs['email']->default_value = $info[$i]["mail"][0]; + } + $this->_free(); + $this->_level = WIKIAUTH_USER; + return $this->_level; + } + } } - if (DEBUG) - trigger_error(_("Wrong password: ") . - str_repeat("*", strlen($submitted_password)), - E_USER_WARNING); + if (DEBUG) + trigger_error(_("Wrong password: ") . + str_repeat("*", strlen($submitted_password)), + E_USER_WARNING); $this->_free(); } else { $this->_free(); - trigger_error(fmt("Could not connect to LDAP host %s", LDAP_AUTH_HOST), E_USER_WARNING); - } + trigger_error(fmt("Could not connect to LDAP host %s", LDAP_AUTH_HOST), E_USER_WARNING); + } return $this->_tryNextPass($submitted_password); } function userExists() { - $this->_userid = trim($this->_userid); + $this->_userid = trim($this->_userid); $userid = $this->_userid; if (strstr($userid, '*')) { trigger_error(fmt("Invalid username '%s' for LDAP Auth", $userid), E_USER_WARNING); return false; - } + } if ($ldap = $this->_init()) { // Need to set the right root search information. see ../index.php - $st_search = $this->_searchparam($userid); + $st_search = $this->_searchparam($userid); if (!$this->_sr = ldap_search($ldap, LDAP_BASE_DN, $st_search)) { - $this->_free(); - return $this->_tryNextUser(); + $this->_free(); + return $this->_tryNextUser(); } - $info = ldap_get_entries($ldap, $this->_sr); + $info = ldap_get_entries($ldap, $this->_sr); if ($info["count"] > 0) { - $this->_free(); - UpgradeUser($GLOBALS['ForbiddenUser'], $this); + $this->_free(); + UpgradeUser($GLOBALS['ForbiddenUser'], $this); return true; } } - $this->_free(); + $this->_free(); return $this->_tryNextUser(); } diff --git a/lib/WikiUser/LdapUpper.php b/lib/WikiUser/LdapUpper.php index 732362be6..43904ab3a 100644 --- a/lib/WikiUser/LdapUpper.php +++ b/lib/WikiUser/LdapUpper.php @@ -16,22 +16,22 @@ extends _LDAPPassUser { function checkPass($submitted_password) { - return parent::checkPass($submitted_password); + return parent::checkPass($submitted_password); } function UserName() { if (!empty($this->_userid)) { - $this->_userid = trim(strtoupper($this->_userid)); - if (!empty($this->_HomePagehandle) and is_object($this->_HomePagehandle)) - $this->_HomePagehandle->_pagename = $this->_userid; + $this->_userid = trim(strtoupper($this->_userid)); + if (!empty($this->_HomePagehandle) and is_object($this->_HomePagehandle)) + $this->_HomePagehandle->_pagename = $this->_userid; return strtoupper($this->_userid); - } + } } function userExists() { - // lowercase check and uppercase visibility - $this->_userid = trim(strtoupper($this->_userid)); - return parent::userExists(); + // lowercase check and uppercase visibility + $this->_userid = trim(strtoupper($this->_userid)); + return parent::userExists(); } } diff --git a/lib/WikiUser/OpenID.php b/lib/WikiUser/OpenID.php index b08c49eaf..6a46abdf9 100644 --- a/lib/WikiUser/OpenID.php +++ b/lib/WikiUser/OpenID.php @@ -12,7 +12,7 @@ extends _PassUser * Preferences are handled in _PassUser */ { - // This can only be called from _PassUser, because the parent class + // This can only be called from _PassUser, because the parent class // sets the pref methods, before this class is initialized. function _OpenIDPassUser($UserName='', $prefs=false, $file='') { if (!$this->_prefs and isa($this, "_OpenIDPassUser")) { diff --git a/lib/WikiUser/POP3.php b/lib/WikiUser/POP3.php index 4f23b9072..ea02e4282 100644 --- a/lib/WikiUser/POP3.php +++ b/lib/WikiUser/POP3.php @@ -15,11 +15,11 @@ extends _IMAPPassUser { function checkPass($submitted_password) { if (!$this->isValidName()) { trigger_error(_("Invalid username."), E_USER_WARNING); - if (DEBUG & _DEBUG_LOGIN) trigger_error(get_class($this)."::checkPass => failed isValidName", E_USER_WARNING); + if (DEBUG & _DEBUG_LOGIN) trigger_error(get_class($this)."::checkPass => failed isValidName", E_USER_WARNING); return $this->_tryNextPass($submitted_password); } if (!$this->_checkPassLength($submitted_password)) { - if (DEBUG & _DEBUG_LOGIN) trigger_error(get_class($this)."::checkPass => failed checkPassLength", E_USER_WARNING); + if (DEBUG & _DEBUG_LOGIN) trigger_error(get_class($this)."::checkPass => failed checkPassLength", E_USER_WARNING); return WIKIAUTH_FORBIDDEN; } $userid = $this->_userid; @@ -62,7 +62,7 @@ extends _IMAPPassUser { E_USER_WARNING); } $this->_authmethod = 'POP3'; - if (DEBUG & _DEBUG_LOGIN) trigger_error(get_class($this)."::checkPass => $retval", E_USER_WARNING); + if (DEBUG & _DEBUG_LOGIN) trigger_error(get_class($this)."::checkPass => $retval", E_USER_WARNING); if ($retval) { $this->_level = WIKIAUTH_USER; } else { @@ -72,7 +72,7 @@ extends _IMAPPassUser { } function __userExists() { - if (DEBUG & _DEBUG_LOGIN) trigger_error(get_class($this)."::userExists => true (dummy)", E_USER_WARNING); + if (DEBUG & _DEBUG_LOGIN) trigger_error(get_class($this)."::userExists => true (dummy)", E_USER_WARNING); return true; } } diff --git a/lib/WikiUser/PdoDb.php b/lib/WikiUser/PdoDb.php index 43fb3ea3a..81b58308f 100644 --- a/lib/WikiUser/PdoDb.php +++ b/lib/WikiUser/PdoDb.php @@ -31,14 +31,14 @@ extends _DbPassUser return false; } $this->_userid = $UserName; - // make use of session data. generally we only initialize this every time, + // make use of session data. generally we only initialize this every time, // but do auth checks only once $this->_auth_crypt_method = $GLOBALS['request']->_dbi->getAuthParam('auth_crypt_method'); return $this; } function getPreferences() { - // override the generic slow method here for efficiency and not to + // override the generic slow method here for efficiency and not to // clutter the homepage metadata with prefs. _AnonUser::getPreferences(); $this->getAuthDbh(); @@ -47,7 +47,7 @@ extends _DbPassUser $db_result = $dbh->query(sprintf($this->_prefs->_select, $dbh->quote($this->_userid))); // patched by frederik@pandora.be $prefs = $db_result->fetch(PDO_FETCH_BOTH); - $prefs_blob = @$prefs["prefs"]; + $prefs_blob = @$prefs["prefs"]; if ($restored_from_db = $this->_prefs->retrieve($prefs_blob)) { $updated = $this->_prefs->updatePrefs($restored_from_db); //$this->_prefs = new UserPreferences($restored_from_db); @@ -116,7 +116,7 @@ extends _DbPassUser } } //NOTE: for auth_crypt_method='crypt' no special auth_user_exists is needed - if ( !$dbi->getAuthParam('auth_user_exists') + if ( !$dbi->getAuthParam('auth_user_exists') and $this->_auth_crypt_method == 'crypt' and $this->_authselect) { @@ -142,8 +142,8 @@ extends _DbPassUser return true; } // User does not exist yet. - // Maybe the user is allowed to create himself. Generally not wanted in - // external databases, but maybe wanted for the wiki database, for performance + // Maybe the user is allowed to create himself. Generally not wanted in + // external databases, but maybe wanted for the wiki database, for performance // reasons if (empty($this->_authcreate) and $dbi->getAuthParam('auth_create')) { try { @@ -154,9 +154,9 @@ extends _DbPassUser return false; } } - if (!empty($this->_authcreate) and + if (!empty($this->_authcreate) and isset($GLOBALS['HTTP_POST_VARS']['auth']) and - isset($GLOBALS['HTTP_POST_VARS']['auth']['passwd'])) + isset($GLOBALS['HTTP_POST_VARS']['auth']['passwd'])) { $passwd = $GLOBALS['HTTP_POST_VARS']['auth']['passwd']; try { @@ -173,7 +173,7 @@ extends _DbPassUser } return $this->_tryNextUser(); } - + function checkPass($submitted_password) { //global $DBAuthParams; $this->getAuthDbh(); diff --git a/lib/WikiUser/PearDb.php b/lib/WikiUser/PearDb.php index 25739a795..a5581bc7c 100644 --- a/lib/WikiUser/PearDb.php +++ b/lib/WikiUser/PearDb.php @@ -28,14 +28,14 @@ extends _DbPassUser return false; } $this->_userid = $UserName; - // make use of session data. generally we only initialize this every time, + // make use of session data. generally we only initialize this every time, // but do auth checks only once $this->_auth_crypt_method = $GLOBALS['request']->_dbi->getAuthParam('auth_crypt_method'); return $this; } function getPreferences() { - // override the generic slow method here for efficiency and not to + // override the generic slow method here for efficiency and not to // clutter the homepage metadata with prefs. _AnonUser::getPreferences(); $this->getAuthDbh(); @@ -44,7 +44,7 @@ extends _DbPassUser $db_result = $dbh->query(sprintf($this->_prefs->_select, $dbh->quote($this->_userid))); // patched by frederik@pandora.be $prefs = $db_result->fetchRow(); - $prefs_blob = @$prefs["prefs"]; + $prefs_blob = @$prefs["prefs"]; if ($restored_from_db = $this->_prefs->retrieve($prefs_blob)) { $updated = $this->_prefs->updatePrefs($restored_from_db); //$this->_prefs = new UserPreferences($restored_from_db); @@ -74,25 +74,25 @@ extends _DbPassUser $packed = $this->_prefs->store(); if (!$id_only and isset($this->_prefs->_update)) { $dbh = &$this->_auth_dbi; - // check if the user already exists (not needed with mysql REPLACE) - $db_result = $dbh->query(sprintf($this->_prefs->_select, - $dbh->quote($this->_userid))); - $prefs = $db_result->fetchRow(); - $prefs_blob = @$prefs["prefs"]; - // If there are prefs for the user, update them. - if($prefs_blob != "" ){ - $dbh->simpleQuery(sprintf($this->_prefs->_update, - $dbh->quote($packed), - $dbh->quote($this->_userid))); - } else { - // Otherwise, insert a record for them and set it to the defaults. - // johst@deakin.edu.au - $dbi = $GLOBALS['request']->getDbh(); - $this->_prefs->_insert = $this->prepare($dbi->getAuthParam('pref_insert'), - array("pref_blob", "userid")); - $dbh->simpleQuery(sprintf($this->_prefs->_insert, - $dbh->quote($packed), $dbh->quote($this->_userid))); - } + // check if the user already exists (not needed with mysql REPLACE) + $db_result = $dbh->query(sprintf($this->_prefs->_select, + $dbh->quote($this->_userid))); + $prefs = $db_result->fetchRow(); + $prefs_blob = @$prefs["prefs"]; + // If there are prefs for the user, update them. + if($prefs_blob != "" ){ + $dbh->simpleQuery(sprintf($this->_prefs->_update, + $dbh->quote($packed), + $dbh->quote($this->_userid))); + } else { + // Otherwise, insert a record for them and set it to the defaults. + // johst@deakin.edu.au + $dbi = $GLOBALS['request']->getDbh(); + $this->_prefs->_insert = $this->prepare($dbi->getAuthParam('pref_insert'), + array("pref_blob", "userid")); + $dbh->simpleQuery(sprintf($this->_prefs->_insert, + $dbh->quote($packed), $dbh->quote($this->_userid))); + } //delete pageprefs: if ($this->_HomePagehandle and $this->_HomePagehandle->get('pref')) $this->_HomePagehandle->set('pref', ''); @@ -120,13 +120,13 @@ extends _DbPassUser $dbi =& $GLOBALS['request']->_dbi; // Prepare the configured auth statements if ($dbi->getAuthParam('auth_check') and empty($this->_authselect)) { - $this->_authselect = $this->prepare($dbi->getAuthParam('auth_check'), + $this->_authselect = $this->prepare($dbi->getAuthParam('auth_check'), array("password", "userid")); } //NOTE: for auth_crypt_method='crypt' no special auth_user_exists is needed - if (!$dbi->getAuthParam('auth_user_exists') - and $this->_auth_crypt_method == 'crypt' - and $this->_authselect) + if (!$dbi->getAuthParam('auth_user_exists') + and $this->_auth_crypt_method == 'crypt' + and $this->_authselect) { $rs = $dbh->query(sprintf($this->_authselect, $dbh->quote($this->_userid))); if ($rs->numRows()) @@ -142,16 +142,16 @@ extends _DbPassUser return true; } // User does not exist yet. - // Maybe the user is allowed to create himself. Generally not wanted in - // external databases, but maybe wanted for the wiki database, for performance + // Maybe the user is allowed to create himself. Generally not wanted in + // external databases, but maybe wanted for the wiki database, for performance // reasons if (empty($this->_authcreate) and $dbi->getAuthParam('auth_create')) { $this->_authcreate = $this->prepare($dbi->getAuthParam('auth_create'), array("password", "userid")); } - if (!empty($this->_authcreate) and + if (!empty($this->_authcreate) and isset($GLOBALS['HTTP_POST_VARS']['auth']) and - isset($GLOBALS['HTTP_POST_VARS']['auth']['passwd'])) + isset($GLOBALS['HTTP_POST_VARS']['auth']['passwd'])) { $passwd = $GLOBALS['HTTP_POST_VARS']['auth']['passwd']; $dbh->simpleQuery(sprintf($this->_authcreate, @@ -161,7 +161,7 @@ extends _DbPassUser } return $this->_tryNextUser(); } - + function checkPass($submitted_password) { //global $DBAuthParams; $this->getAuthDbh(); diff --git a/lib/WikiUser/PersonalPage.php b/lib/WikiUser/PersonalPage.php index 7a19fa339..2addd80ee 100644 --- a/lib/WikiUser/PersonalPage.php +++ b/lib/WikiUser/PersonalPage.php @@ -13,7 +13,7 @@ extends _PassUser { var $_authmethod = 'PersonalPage'; - /* Very loose checking, since we properly quote the PageName. + /* Very loose checking, since we properly quote the PageName. Just trim spaces, ... See lib/stdlib.php */ function isValidName ($userid = false) { @@ -27,14 +27,14 @@ extends _PassUser } /** A PersonalPagePassUser requires PASSWORD_LENGTH_MINIMUM. - * BUT if the user already has a homepage with an empty password + * BUT if the user already has a homepage with an empty password * stored, allow login but warn him to change it. */ function checkPass($submitted_password) { if ($this->userExists()) { $stored_password = $this->_prefs->get('passwd'); if (empty($stored_password)) { - if (PASSWORD_LENGTH_MINIMUM > 0) { + if (PASSWORD_LENGTH_MINIMUM > 0) { trigger_error(sprintf( _("PersonalPage login method:")."\n". _("You stored an empty password in your '%s' page.")."\n". @@ -42,8 +42,8 @@ extends _PassUser _("Please set a password in UserPreferences."), $this->_userid), E_USER_WARNING); $this->_level = WIKIAUTH_BOGO; - } else { - if (!empty($submitted_password)) + } else { + if (!empty($submitted_password)) trigger_error(sprintf( _("PersonalPage login method:")."\n". _("You stored an empty password in your '%s' page.")."\n". @@ -51,7 +51,7 @@ extends _PassUser _("Please set a password in UserPreferences."), $this->_userid), E_USER_WARNING); $this->_level = WIKIAUTH_USER; - } + } return $this->_level; } if ($this->_checkPass($submitted_password, $stored_password)) diff --git a/lib/WikiUser/Session.php b/lib/WikiUser/Session.php index a5c07f0b5..79c7918e6 100644 --- a/lib/WikiUser/Session.php +++ b/lib/WikiUser/Session.php @@ -4,9 +4,9 @@ rcs_id('$Id$'); * This file is part of PhpWiki. Terms and Conditions see LICENSE. (GPL2) */ -/** +/** * Support reuse of existing user session from another application. - * You have to define which session variable holds the userid, and + * You have to define which session variable holds the userid, and * at what level is that user then. 1: BogoUser, 2: PassUser * define('AUTH_SESS_USER','userid'); * define('AUTH_SESS_LEVEL',2); -- 2.45.0