xref: /dokuwiki/lib/plugins/authplain/auth.php (revision 2046a6546c8ed62b9a7b33305b6201458f2f8291) 
1f4476bd9SJan Schumann<?php
2f4476bd9SJan Schumann// must be run within Dokuwiki
3f4476bd9SJan Schumannif(!defined('DOKU_INC')) die();
4f4476bd9SJan Schumann
5f4476bd9SJan Schumann/**
6f4476bd9SJan Schumann * Plaintext authentication backend
7f4476bd9SJan Schumann *
8f4476bd9SJan Schumann * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
9f4476bd9SJan Schumann * @author     Andreas Gohr <andi@splitbrain.org>
10f4476bd9SJan Schumann * @author     Chris Smith <chris@jalakai.co.uk>
11f4476bd9SJan Schumann * @author     Jan Schumann <js@schumann-it.com>
12f4476bd9SJan Schumann */
1393a7873eSAndreas Gohrclass auth_plugin_authplain extends DokuWiki_Auth_Plugin {
14311f4603SAndreas Gohr    /** @var array user cache */
15311f4603SAndreas Gohr    protected $users = null;
16311f4603SAndreas Gohr
17311f4603SAndreas Gohr    /** @var array filter pattern */
18311f4603SAndreas Gohr    protected $_pattern = array();
19f4476bd9SJan Schumann
20f4476bd9SJan Schumann    /**
21f4476bd9SJan Schumann     * Constructor
22f4476bd9SJan Schumann     *
23f4476bd9SJan Schumann     * Carry out sanity checks to ensure the object is
24f4476bd9SJan Schumann     * able to operate. Set capabilities.
25f4476bd9SJan Schumann     *
26f4476bd9SJan Schumann     * @author  Christopher Smith <chris@jalakai.co.uk>
27f4476bd9SJan Schumann     */
28311f4603SAndreas Gohr    public function __construct() {
29454d868bSAndreas Gohr        parent::__construct();
30f4476bd9SJan Schumann        global $config_cascade;
31f4476bd9SJan Schumann
32f4476bd9SJan Schumann        if(!@is_readable($config_cascade['plainauth.users']['default'])) {
33f4476bd9SJan Schumann            $this->success = false;
34f4476bd9SJan Schumann        } else {
35f4476bd9SJan Schumann            if(@is_writable($config_cascade['plainauth.users']['default'])) {
36f4476bd9SJan Schumann                $this->cando['addUser']   = true;
37f4476bd9SJan Schumann                $this->cando['delUser']   = true;
38f4476bd9SJan Schumann                $this->cando['modLogin']  = true;
39f4476bd9SJan Schumann                $this->cando['modPass']   = true;
40f4476bd9SJan Schumann                $this->cando['modName']   = true;
41f4476bd9SJan Schumann                $this->cando['modMail']   = true;
42f4476bd9SJan Schumann                $this->cando['modGroups'] = true;
43f4476bd9SJan Schumann            }
44f4476bd9SJan Schumann            $this->cando['getUsers']     = true;
45f4476bd9SJan Schumann            $this->cando['getUserCount'] = true;
46f4476bd9SJan Schumann        }
47f4476bd9SJan Schumann    }
48f4476bd9SJan Schumann
49f4476bd9SJan Schumann    /**
50311f4603SAndreas Gohr     * Check user+password
51f4476bd9SJan Schumann     *
52f4476bd9SJan Schumann     * Checks if the given user exists and the given
53f4476bd9SJan Schumann     * plaintext password is correct
54f4476bd9SJan Schumann     *
55f4476bd9SJan Schumann     * @author  Andreas Gohr <andi@splitbrain.org>
56311f4603SAndreas Gohr     * @param string $user
57311f4603SAndreas Gohr     * @param string $pass
58f4476bd9SJan Schumann     * @return  bool
59f4476bd9SJan Schumann     */
60311f4603SAndreas Gohr    public function checkPass($user, $pass) {
61f4476bd9SJan Schumann        $userinfo = $this->getUserData($user);
62f4476bd9SJan Schumann        if($userinfo === false) return false;
63f4476bd9SJan Schumann
64f4476bd9SJan Schumann        return auth_verifyPassword($pass, $this->users[$user]['pass']);
65f4476bd9SJan Schumann    }
66f4476bd9SJan Schumann
67f4476bd9SJan Schumann    /**
68f4476bd9SJan Schumann     * Return user info
69f4476bd9SJan Schumann     *
70f4476bd9SJan Schumann     * Returns info about the given user needs to contain
71f4476bd9SJan Schumann     * at least these fields:
72f4476bd9SJan Schumann     *
73f4476bd9SJan Schumann     * name string  full name of the user
74f4476bd9SJan Schumann     * mail string  email addres of the user
75f4476bd9SJan Schumann     * grps array   list of groups the user is in
76f4476bd9SJan Schumann     *
77f4476bd9SJan Schumann     * @author  Andreas Gohr <andi@splitbrain.org>
78311f4603SAndreas Gohr     * @param string $user
79*2046a654SChristopher Smith     * @param bool $requireGroups  (optional) ignored by this plugin, grps info always supplied
80311f4603SAndreas Gohr     * @return array|bool
81f4476bd9SJan Schumann     */
82*2046a654SChristopher Smith    public function getUserData($user, $requireGroups=true) {
83f4476bd9SJan Schumann        if($this->users === null) $this->_loadUserData();
84f4476bd9SJan Schumann        return isset($this->users[$user]) ? $this->users[$user] : false;
85f4476bd9SJan Schumann    }
86f4476bd9SJan Schumann
87f4476bd9SJan Schumann    /**
88f4476bd9SJan Schumann     * Create a new User
89f4476bd9SJan Schumann     *
90f4476bd9SJan Schumann     * Returns false if the user already exists, null when an error
91f4476bd9SJan Schumann     * occurred and true if everything went well.
92f4476bd9SJan Schumann     *
93f4476bd9SJan Schumann     * The new user will be added to the default group by this
94f4476bd9SJan Schumann     * function if grps are not specified (default behaviour).
95f4476bd9SJan Schumann     *
96f4476bd9SJan Schumann     * @author  Andreas Gohr <andi@splitbrain.org>
97f4476bd9SJan Schumann     * @author  Chris Smith <chris@jalakai.co.uk>
98311f4603SAndreas Gohr     *
99311f4603SAndreas Gohr     * @param string $user
100311f4603SAndreas Gohr     * @param string $pwd
101311f4603SAndreas Gohr     * @param string $name
102311f4603SAndreas Gohr     * @param string $mail
103311f4603SAndreas Gohr     * @param array  $grps
104311f4603SAndreas Gohr     * @return bool|null|string
105f4476bd9SJan Schumann     */
106311f4603SAndreas Gohr    public function createUser($user, $pwd, $name, $mail, $grps = null) {
107f4476bd9SJan Schumann        global $conf;
108f4476bd9SJan Schumann        global $config_cascade;
109f4476bd9SJan Schumann
110f4476bd9SJan Schumann        // user mustn't already exist
111f4476bd9SJan Schumann        if($this->getUserData($user) !== false) return false;
112f4476bd9SJan Schumann
113f4476bd9SJan Schumann        $pass = auth_cryptPassword($pwd);
114f4476bd9SJan Schumann
115f4476bd9SJan Schumann        // set default group if no groups specified
116f4476bd9SJan Schumann        if(!is_array($grps)) $grps = array($conf['defaultgroup']);
117f4476bd9SJan Schumann
118f4476bd9SJan Schumann        // prepare user line
119f4476bd9SJan Schumann        $groups   = join(',', $grps);
120f4476bd9SJan Schumann        $userline = join(':', array($user, $pass, $name, $mail, $groups))."\n";
121f4476bd9SJan Schumann
122f4476bd9SJan Schumann        if(io_saveFile($config_cascade['plainauth.users']['default'], $userline, true)) {
123f4476bd9SJan Schumann            $this->users[$user] = compact('pass', 'name', 'mail', 'grps');
124f4476bd9SJan Schumann            return $pwd;
125f4476bd9SJan Schumann        }
126f4476bd9SJan Schumann
127311f4603SAndreas Gohr        msg(
128311f4603SAndreas Gohr            'The '.$config_cascade['plainauth.users']['default'].
129311f4603SAndreas Gohr                ' file is not writable. Please inform the Wiki-Admin', -1
130311f4603SAndreas Gohr        );
131f4476bd9SJan Schumann        return null;
132f4476bd9SJan Schumann    }
133f4476bd9SJan Schumann
134f4476bd9SJan Schumann    /**
135f4476bd9SJan Schumann     * Modify user data
136f4476bd9SJan Schumann     *
137f4476bd9SJan Schumann     * @author  Chris Smith <chris@jalakai.co.uk>
138311f4603SAndreas Gohr     * @param   string $user      nick of the user to be changed
139311f4603SAndreas Gohr     * @param   array  $changes   array of field/value pairs to be changed (password will be clear text)
140f4476bd9SJan Schumann     * @return  bool
141f4476bd9SJan Schumann     */
142311f4603SAndreas Gohr    public function modifyUser($user, $changes) {
143f4476bd9SJan Schumann        global $ACT;
144f4476bd9SJan Schumann        global $config_cascade;
145f4476bd9SJan Schumann
146f4476bd9SJan Schumann        // sanity checks, user must already exist and there must be something to change
147f4476bd9SJan Schumann        if(($userinfo = $this->getUserData($user)) === false) return false;
148f4476bd9SJan Schumann        if(!is_array($changes) || !count($changes)) return true;
149f4476bd9SJan Schumann
150f4476bd9SJan Schumann        // update userinfo with new data, remembering to encrypt any password
151f4476bd9SJan Schumann        $newuser = $user;
152f4476bd9SJan Schumann        foreach($changes as $field => $value) {
153f4476bd9SJan Schumann            if($field == 'user') {
154f4476bd9SJan Schumann                $newuser = $value;
155f4476bd9SJan Schumann                continue;
156f4476bd9SJan Schumann            }
157f4476bd9SJan Schumann            if($field == 'pass') $value = auth_cryptPassword($value);
158f4476bd9SJan Schumann            $userinfo[$field] = $value;
159f4476bd9SJan Schumann        }
160f4476bd9SJan Schumann
161f4476bd9SJan Schumann        $groups   = join(',', $userinfo['grps']);
162f4476bd9SJan Schumann        $userline = join(':', array($newuser, $userinfo['pass'], $userinfo['name'], $userinfo['mail'], $groups))."\n";
163f4476bd9SJan Schumann
164f4476bd9SJan Schumann        if(!$this->deleteUsers(array($user))) {
165f4476bd9SJan Schumann            msg('Unable to modify user data. Please inform the Wiki-Admin', -1);
166f4476bd9SJan Schumann            return false;
167f4476bd9SJan Schumann        }
168f4476bd9SJan Schumann
169f4476bd9SJan Schumann        if(!io_saveFile($config_cascade['plainauth.users']['default'], $userline, true)) {
170f4476bd9SJan Schumann            msg('There was an error modifying your user data. You should register again.', -1);
171f4476bd9SJan Schumann            // FIXME, user has been deleted but not recreated, should force a logout and redirect to login page
172311f4603SAndreas Gohr            $ACT = 'register';
173f4476bd9SJan Schumann            return false;
174f4476bd9SJan Schumann        }
175f4476bd9SJan Schumann
176f4476bd9SJan Schumann        $this->users[$newuser] = $userinfo;
177f4476bd9SJan Schumann        return true;
178f4476bd9SJan Schumann    }
179f4476bd9SJan Schumann
180f4476bd9SJan Schumann    /**
181f4476bd9SJan Schumann     * Remove one or more users from the list of registered users
182f4476bd9SJan Schumann     *
183f4476bd9SJan Schumann     * @author  Christopher Smith <chris@jalakai.co.uk>
184f4476bd9SJan Schumann     * @param   array  $users   array of users to be deleted
185f4476bd9SJan Schumann     * @return  int             the number of users deleted
186f4476bd9SJan Schumann     */
187311f4603SAndreas Gohr    public function deleteUsers($users) {
188f4476bd9SJan Schumann        global $config_cascade;
189f4476bd9SJan Schumann
190f4476bd9SJan Schumann        if(!is_array($users) || empty($users)) return 0;
191f4476bd9SJan Schumann
192f4476bd9SJan Schumann        if($this->users === null) $this->_loadUserData();
193f4476bd9SJan Schumann
194f4476bd9SJan Schumann        $deleted = array();
195f4476bd9SJan Schumann        foreach($users as $user) {
196f4476bd9SJan Schumann            if(isset($this->users[$user])) $deleted[] = preg_quote($user, '/');
197f4476bd9SJan Schumann        }
198f4476bd9SJan Schumann
199f4476bd9SJan Schumann        if(empty($deleted)) return 0;
200f4476bd9SJan Schumann
201f4476bd9SJan Schumann        $pattern = '/^('.join('|', $deleted).'):/';
2029d24536dSAndreas Gohr        io_deleteFromFile($config_cascade['plainauth.users']['default'], $pattern, true);
203f4476bd9SJan Schumann
2049d24536dSAndreas Gohr        // reload the user list and count the difference
205f4476bd9SJan Schumann        $count = count($this->users);
206f4476bd9SJan Schumann        $this->_loadUserData();
207f4476bd9SJan Schumann        $count -= count($this->users);
208f4476bd9SJan Schumann        return $count;
209f4476bd9SJan Schumann    }
210f4476bd9SJan Schumann
211f4476bd9SJan Schumann    /**
212f4476bd9SJan Schumann     * Return a count of the number of user which meet $filter criteria
213f4476bd9SJan Schumann     *
214f4476bd9SJan Schumann     * @author  Chris Smith <chris@jalakai.co.uk>
215311f4603SAndreas Gohr     *
216311f4603SAndreas Gohr     * @param array $filter
217311f4603SAndreas Gohr     * @return int
218f4476bd9SJan Schumann     */
219311f4603SAndreas Gohr    public function getUserCount($filter = array()) {
220f4476bd9SJan Schumann
221f4476bd9SJan Schumann        if($this->users === null) $this->_loadUserData();
222f4476bd9SJan Schumann
223f4476bd9SJan Schumann        if(!count($filter)) return count($this->users);
224f4476bd9SJan Schumann
225f4476bd9SJan Schumann        $count = 0;
226f4476bd9SJan Schumann        $this->_constructPattern($filter);
227f4476bd9SJan Schumann
228f4476bd9SJan Schumann        foreach($this->users as $user => $info) {
229f4476bd9SJan Schumann            $count += $this->_filter($user, $info);
230f4476bd9SJan Schumann        }
231f4476bd9SJan Schumann
232f4476bd9SJan Schumann        return $count;
233f4476bd9SJan Schumann    }
234f4476bd9SJan Schumann
235f4476bd9SJan Schumann    /**
236f4476bd9SJan Schumann     * Bulk retrieval of user data
237f4476bd9SJan Schumann     *
238f4476bd9SJan Schumann     * @author  Chris Smith <chris@jalakai.co.uk>
239311f4603SAndreas Gohr     *
240311f4603SAndreas Gohr     * @param   int   $start index of first user to be returned
241311f4603SAndreas Gohr     * @param   int   $limit max number of users to be returned
242311f4603SAndreas Gohr     * @param   array $filter array of field/pattern pairs
243311f4603SAndreas Gohr     * @return  array userinfo (refer getUserData for internal userinfo details)
244f4476bd9SJan Schumann     */
245311f4603SAndreas Gohr    public function retrieveUsers($start = 0, $limit = 0, $filter = array()) {
246f4476bd9SJan Schumann
247f4476bd9SJan Schumann        if($this->users === null) $this->_loadUserData();
248f4476bd9SJan Schumann
249f4476bd9SJan Schumann        ksort($this->users);
250f4476bd9SJan Schumann
251f4476bd9SJan Schumann        $i     = 0;
252f4476bd9SJan Schumann        $count = 0;
253f4476bd9SJan Schumann        $out   = array();
254f4476bd9SJan Schumann        $this->_constructPattern($filter);
255f4476bd9SJan Schumann
256f4476bd9SJan Schumann        foreach($this->users as $user => $info) {
257f4476bd9SJan Schumann            if($this->_filter($user, $info)) {
258f4476bd9SJan Schumann                if($i >= $start) {
259f4476bd9SJan Schumann                    $out[$user] = $info;
260f4476bd9SJan Schumann                    $count++;
261f4476bd9SJan Schumann                    if(($limit > 0) && ($count >= $limit)) break;
262f4476bd9SJan Schumann                }
263f4476bd9SJan Schumann                $i++;
264f4476bd9SJan Schumann            }
265f4476bd9SJan Schumann        }
266f4476bd9SJan Schumann
267f4476bd9SJan Schumann        return $out;
268f4476bd9SJan Schumann    }
269f4476bd9SJan Schumann
270f4476bd9SJan Schumann    /**
271f4476bd9SJan Schumann     * Only valid pageid's (no namespaces) for usernames
272311f4603SAndreas Gohr     *
273311f4603SAndreas Gohr     * @param string $user
274311f4603SAndreas Gohr     * @return string
275f4476bd9SJan Schumann     */
276311f4603SAndreas Gohr    public function cleanUser($user) {
277f4476bd9SJan Schumann        global $conf;
278f4476bd9SJan Schumann        return cleanID(str_replace(':', $conf['sepchar'], $user));
279f4476bd9SJan Schumann    }
280f4476bd9SJan Schumann
281f4476bd9SJan Schumann    /**
282f4476bd9SJan Schumann     * Only valid pageid's (no namespaces) for groupnames
283311f4603SAndreas Gohr     *
284311f4603SAndreas Gohr     * @param string $group
285311f4603SAndreas Gohr     * @return string
286f4476bd9SJan Schumann     */
287311f4603SAndreas Gohr    public function cleanGroup($group) {
288f4476bd9SJan Schumann        global $conf;
289f4476bd9SJan Schumann        return cleanID(str_replace(':', $conf['sepchar'], $group));
290f4476bd9SJan Schumann    }
291f4476bd9SJan Schumann
292f4476bd9SJan Schumann    /**
293f4476bd9SJan Schumann     * Load all user data
294f4476bd9SJan Schumann     *
295f4476bd9SJan Schumann     * loads the user file into a datastructure
296f4476bd9SJan Schumann     *
297f4476bd9SJan Schumann     * @author  Andreas Gohr <andi@splitbrain.org>
298f4476bd9SJan Schumann     */
299311f4603SAndreas Gohr    protected function _loadUserData() {
300f4476bd9SJan Schumann        global $config_cascade;
301f4476bd9SJan Schumann
302f4476bd9SJan Schumann        $this->users = array();
303f4476bd9SJan Schumann
304f4476bd9SJan Schumann        if(!@file_exists($config_cascade['plainauth.users']['default'])) return;
305f4476bd9SJan Schumann
306f4476bd9SJan Schumann        $lines = file($config_cascade['plainauth.users']['default']);
307f4476bd9SJan Schumann        foreach($lines as $line) {
308f4476bd9SJan Schumann            $line = preg_replace('/#.*$/', '', $line); //ignore comments
309f4476bd9SJan Schumann            $line = trim($line);
310f4476bd9SJan Schumann            if(empty($line)) continue;
311f4476bd9SJan Schumann
312f4476bd9SJan Schumann            $row    = explode(":", $line, 5);
313f4476bd9SJan Schumann            $groups = array_values(array_filter(explode(",", $row[4])));
314f4476bd9SJan Schumann
315f4476bd9SJan Schumann            $this->users[$row[0]]['pass'] = $row[1];
316f4476bd9SJan Schumann            $this->users[$row[0]]['name'] = urldecode($row[2]);
317f4476bd9SJan Schumann            $this->users[$row[0]]['mail'] = $row[3];
318f4476bd9SJan Schumann            $this->users[$row[0]]['grps'] = $groups;
319f4476bd9SJan Schumann        }
320f4476bd9SJan Schumann    }
321f4476bd9SJan Schumann
322f4476bd9SJan Schumann    /**
323311f4603SAndreas Gohr     * return true if $user + $info match $filter criteria, false otherwise
324f4476bd9SJan Schumann     *
325f4476bd9SJan Schumann     * @author   Chris Smith <chris@jalakai.co.uk>
326311f4603SAndreas Gohr     *
327311f4603SAndreas Gohr     * @param string $user User login
328311f4603SAndreas Gohr     * @param array  $info User's userinfo array
329311f4603SAndreas Gohr     * @return bool
330f4476bd9SJan Schumann     */
331311f4603SAndreas Gohr    protected function _filter($user, $info) {
332f4476bd9SJan Schumann        foreach($this->_pattern as $item => $pattern) {
333f4476bd9SJan Schumann            if($item == 'user') {
334311f4603SAndreas Gohr                if(!preg_match($pattern, $user)) return false;
335f4476bd9SJan Schumann            } else if($item == 'grps') {
336311f4603SAndreas Gohr                if(!count(preg_grep($pattern, $info['grps']))) return false;
337f4476bd9SJan Schumann            } else {
338311f4603SAndreas Gohr                if(!preg_match($pattern, $info[$item])) return false;
339f4476bd9SJan Schumann            }
340f4476bd9SJan Schumann        }
341311f4603SAndreas Gohr        return true;
342f4476bd9SJan Schumann    }
343f4476bd9SJan Schumann
344311f4603SAndreas Gohr    /**
345311f4603SAndreas Gohr     * construct a filter pattern
346311f4603SAndreas Gohr     *
347311f4603SAndreas Gohr     * @param array $filter
348311f4603SAndreas Gohr     */
349311f4603SAndreas Gohr    protected function _constructPattern($filter) {
350f4476bd9SJan Schumann        $this->_pattern = array();
351f4476bd9SJan Schumann        foreach($filter as $item => $pattern) {
352f4476bd9SJan Schumann            $this->_pattern[$item] = '/'.str_replace('/', '\/', $pattern).'/i'; // allow regex characters
353f4476bd9SJan Schumann        }
354f4476bd9SJan Schumann    }
355f4476bd9SJan Schumann}