xref: /dokuwiki/lib/plugins/authplain/auth.php (revision 253d4b48ec708eb42033862dc15c8576f44a48ed) 
1f4476bd9SJan Schumann<?php
2f4476bd9SJan Schumann// must be run within Dokuwiki
3f4476bd9SJan Schumannif(!defined('DOKU_INC')) die();
4f4476bd9SJan Schumann
5f4476bd9SJan Schumann/**
6f4476bd9SJan Schumann * Plaintext authentication backend
7f4476bd9SJan Schumann *
8f4476bd9SJan Schumann * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
9f4476bd9SJan Schumann * @author     Andreas Gohr <andi@splitbrain.org>
10f4476bd9SJan Schumann * @author     Chris Smith <chris@jalakai.co.uk>
11f4476bd9SJan Schumann * @author     Jan Schumann <js@schumann-it.com>
12f4476bd9SJan Schumann */
1393a7873eSAndreas Gohrclass auth_plugin_authplain extends DokuWiki_Auth_Plugin {
14311f4603SAndreas Gohr    /** @var array user cache */
15311f4603SAndreas Gohr    protected $users = null;
16311f4603SAndreas Gohr
17311f4603SAndreas Gohr    /** @var array filter pattern */
18311f4603SAndreas Gohr    protected $_pattern = array();
19f4476bd9SJan Schumann
20f4476bd9SJan Schumann    /**
21f4476bd9SJan Schumann     * Constructor
22f4476bd9SJan Schumann     *
23f4476bd9SJan Schumann     * Carry out sanity checks to ensure the object is
24f4476bd9SJan Schumann     * able to operate. Set capabilities.
25f4476bd9SJan Schumann     *
26f4476bd9SJan Schumann     * @author  Christopher Smith <chris@jalakai.co.uk>
27f4476bd9SJan Schumann     */
28311f4603SAndreas Gohr    public function __construct() {
29454d868bSAndreas Gohr        parent::__construct();
30f4476bd9SJan Schumann        global $config_cascade;
31f4476bd9SJan Schumann
32f4476bd9SJan Schumann        if(!@is_readable($config_cascade['plainauth.users']['default'])) {
33f4476bd9SJan Schumann            $this->success = false;
34f4476bd9SJan Schumann        } else {
35f4476bd9SJan Schumann            if(@is_writable($config_cascade['plainauth.users']['default'])) {
36f4476bd9SJan Schumann                $this->cando['addUser']   = true;
37f4476bd9SJan Schumann                $this->cando['delUser']   = true;
38f4476bd9SJan Schumann                $this->cando['modLogin']  = true;
39f4476bd9SJan Schumann                $this->cando['modPass']   = true;
40f4476bd9SJan Schumann                $this->cando['modName']   = true;
41f4476bd9SJan Schumann                $this->cando['modMail']   = true;
42f4476bd9SJan Schumann                $this->cando['modGroups'] = true;
43f4476bd9SJan Schumann            }
44f4476bd9SJan Schumann            $this->cando['getUsers']     = true;
45f4476bd9SJan Schumann            $this->cando['getUserCount'] = true;
46f4476bd9SJan Schumann        }
47f4476bd9SJan Schumann    }
48f4476bd9SJan Schumann
49f4476bd9SJan Schumann    /**
50311f4603SAndreas Gohr     * Check user+password
51f4476bd9SJan Schumann     *
52f4476bd9SJan Schumann     * Checks if the given user exists and the given
53f4476bd9SJan Schumann     * plaintext password is correct
54f4476bd9SJan Schumann     *
55f4476bd9SJan Schumann     * @author  Andreas Gohr <andi@splitbrain.org>
56311f4603SAndreas Gohr     * @param string $user
57311f4603SAndreas Gohr     * @param string $pass
58f4476bd9SJan Schumann     * @return  bool
59f4476bd9SJan Schumann     */
60311f4603SAndreas Gohr    public function checkPass($user, $pass) {
61f4476bd9SJan Schumann        $userinfo = $this->getUserData($user);
62f4476bd9SJan Schumann        if($userinfo === false) return false;
63f4476bd9SJan Schumann
64f4476bd9SJan Schumann        return auth_verifyPassword($pass, $this->users[$user]['pass']);
65f4476bd9SJan Schumann    }
66f4476bd9SJan Schumann
67f4476bd9SJan Schumann    /**
68f4476bd9SJan Schumann     * Return user info
69f4476bd9SJan Schumann     *
70f4476bd9SJan Schumann     * Returns info about the given user needs to contain
71f4476bd9SJan Schumann     * at least these fields:
72f4476bd9SJan Schumann     *
73f4476bd9SJan Schumann     * name string  full name of the user
74f4476bd9SJan Schumann     * mail string  email addres of the user
75f4476bd9SJan Schumann     * grps array   list of groups the user is in
76f4476bd9SJan Schumann     *
77f4476bd9SJan Schumann     * @author  Andreas Gohr <andi@splitbrain.org>
78311f4603SAndreas Gohr     * @param string $user
792046a654SChristopher Smith     * @param bool $requireGroups  (optional) ignored by this plugin, grps info always supplied
80*253d4b48SGerrit Uitslag     * @return array|false
81f4476bd9SJan Schumann     */
822046a654SChristopher Smith    public function getUserData($user, $requireGroups=true) {
83f4476bd9SJan Schumann        if($this->users === null) $this->_loadUserData();
84f4476bd9SJan Schumann        return isset($this->users[$user]) ? $this->users[$user] : false;
85f4476bd9SJan Schumann    }
86f4476bd9SJan Schumann
87f4476bd9SJan Schumann    /**
88f95ecbbfSAngus Gratton     * Creates a string suitable for saving as a line
89f95ecbbfSAngus Gratton     * in the file database
90f95ecbbfSAngus Gratton     * (delimiters escaped, etc.)
91f95ecbbfSAngus Gratton     *
92f95ecbbfSAngus Gratton     * @param string $user
93f95ecbbfSAngus Gratton     * @param string $pass
94f95ecbbfSAngus Gratton     * @param string $name
95f95ecbbfSAngus Gratton     * @param string $mail
96f95ecbbfSAngus Gratton     * @param array  $grps list of groups the user is in
97f95ecbbfSAngus Gratton     * @return string
98f95ecbbfSAngus Gratton     */
99f95ecbbfSAngus Gratton    protected function _createUserLine($user, $pass, $name, $mail, $grps) {
100f95ecbbfSAngus Gratton        $groups   = join(',', $grps);
101f95ecbbfSAngus Gratton        $userline = array($user, $pass, $name, $mail, $groups);
102f95ecbbfSAngus Gratton        $userline = str_replace('\\', '\\\\', $userline); // escape \ as \\
103f95ecbbfSAngus Gratton        $userline = str_replace(':', '\\:', $userline); // escape : as \:
104f95ecbbfSAngus Gratton        $userline = join(':', $userline)."\n";
105f95ecbbfSAngus Gratton        return $userline;
106f95ecbbfSAngus Gratton    }
107f95ecbbfSAngus Gratton
108f95ecbbfSAngus Gratton    /**
109f4476bd9SJan Schumann     * Create a new User
110f4476bd9SJan Schumann     *
111f4476bd9SJan Schumann     * Returns false if the user already exists, null when an error
112f4476bd9SJan Schumann     * occurred and true if everything went well.
113f4476bd9SJan Schumann     *
114f4476bd9SJan Schumann     * The new user will be added to the default group by this
115f4476bd9SJan Schumann     * function if grps are not specified (default behaviour).
116f4476bd9SJan Schumann     *
117f4476bd9SJan Schumann     * @author  Andreas Gohr <andi@splitbrain.org>
118f4476bd9SJan Schumann     * @author  Chris Smith <chris@jalakai.co.uk>
119311f4603SAndreas Gohr     *
120311f4603SAndreas Gohr     * @param string $user
121311f4603SAndreas Gohr     * @param string $pwd
122311f4603SAndreas Gohr     * @param string $name
123311f4603SAndreas Gohr     * @param string $mail
124311f4603SAndreas Gohr     * @param array  $grps
125311f4603SAndreas Gohr     * @return bool|null|string
126f4476bd9SJan Schumann     */
127311f4603SAndreas Gohr    public function createUser($user, $pwd, $name, $mail, $grps = null) {
128f4476bd9SJan Schumann        global $conf;
129f4476bd9SJan Schumann        global $config_cascade;
130f4476bd9SJan Schumann
131f4476bd9SJan Schumann        // user mustn't already exist
132f4476bd9SJan Schumann        if($this->getUserData($user) !== false) return false;
133f4476bd9SJan Schumann
134f4476bd9SJan Schumann        $pass = auth_cryptPassword($pwd);
135f4476bd9SJan Schumann
136f4476bd9SJan Schumann        // set default group if no groups specified
137f4476bd9SJan Schumann        if(!is_array($grps)) $grps = array($conf['defaultgroup']);
138f4476bd9SJan Schumann
139f4476bd9SJan Schumann        // prepare user line
140f95ecbbfSAngus Gratton        $userline = $this->_createUserLine($user, $pass, $name, $mail, $grps);
141f4476bd9SJan Schumann
142f4476bd9SJan Schumann        if(io_saveFile($config_cascade['plainauth.users']['default'], $userline, true)) {
143f4476bd9SJan Schumann            $this->users[$user] = compact('pass', 'name', 'mail', 'grps');
144f4476bd9SJan Schumann            return $pwd;
145f4476bd9SJan Schumann        }
146f4476bd9SJan Schumann
147311f4603SAndreas Gohr        msg(
148311f4603SAndreas Gohr            'The '.$config_cascade['plainauth.users']['default'].
149311f4603SAndreas Gohr                ' file is not writable. Please inform the Wiki-Admin', -1
150311f4603SAndreas Gohr        );
151f4476bd9SJan Schumann        return null;
152f4476bd9SJan Schumann    }
153f4476bd9SJan Schumann
154f4476bd9SJan Schumann    /**
155f4476bd9SJan Schumann     * Modify user data
156f4476bd9SJan Schumann     *
157f4476bd9SJan Schumann     * @author  Chris Smith <chris@jalakai.co.uk>
158311f4603SAndreas Gohr     * @param   string $user      nick of the user to be changed
159311f4603SAndreas Gohr     * @param   array  $changes   array of field/value pairs to be changed (password will be clear text)
160f4476bd9SJan Schumann     * @return  bool
161f4476bd9SJan Schumann     */
162311f4603SAndreas Gohr    public function modifyUser($user, $changes) {
163f4476bd9SJan Schumann        global $ACT;
164f4476bd9SJan Schumann        global $config_cascade;
165f4476bd9SJan Schumann
166f4476bd9SJan Schumann        // sanity checks, user must already exist and there must be something to change
167f4476bd9SJan Schumann        if(($userinfo = $this->getUserData($user)) === false) return false;
168f4476bd9SJan Schumann        if(!is_array($changes) || !count($changes)) return true;
169f4476bd9SJan Schumann
170f4476bd9SJan Schumann        // update userinfo with new data, remembering to encrypt any password
171f4476bd9SJan Schumann        $newuser = $user;
172f4476bd9SJan Schumann        foreach($changes as $field => $value) {
173f4476bd9SJan Schumann            if($field == 'user') {
174f4476bd9SJan Schumann                $newuser = $value;
175f4476bd9SJan Schumann                continue;
176f4476bd9SJan Schumann            }
177f4476bd9SJan Schumann            if($field == 'pass') $value = auth_cryptPassword($value);
178f4476bd9SJan Schumann            $userinfo[$field] = $value;
179f4476bd9SJan Schumann        }
180f4476bd9SJan Schumann
181f95ecbbfSAngus Gratton        $userline = $this->_createUserLine($newuser, $userinfo['pass'], $userinfo['name'], $userinfo['mail'], $userinfo['grps']);
182f4476bd9SJan Schumann
183f4476bd9SJan Schumann        if(!$this->deleteUsers(array($user))) {
184f4476bd9SJan Schumann            msg('Unable to modify user data. Please inform the Wiki-Admin', -1);
185f4476bd9SJan Schumann            return false;
186f4476bd9SJan Schumann        }
187f4476bd9SJan Schumann
188f4476bd9SJan Schumann        if(!io_saveFile($config_cascade['plainauth.users']['default'], $userline, true)) {
189f4476bd9SJan Schumann            msg('There was an error modifying your user data. You should register again.', -1);
190f4476bd9SJan Schumann            // FIXME, user has been deleted but not recreated, should force a logout and redirect to login page
191311f4603SAndreas Gohr            $ACT = 'register';
192f4476bd9SJan Schumann            return false;
193f4476bd9SJan Schumann        }
194f4476bd9SJan Schumann
195f4476bd9SJan Schumann        $this->users[$newuser] = $userinfo;
196f4476bd9SJan Schumann        return true;
197f4476bd9SJan Schumann    }
198f4476bd9SJan Schumann
199f4476bd9SJan Schumann    /**
200f4476bd9SJan Schumann     * Remove one or more users from the list of registered users
201f4476bd9SJan Schumann     *
202f4476bd9SJan Schumann     * @author  Christopher Smith <chris@jalakai.co.uk>
203f4476bd9SJan Schumann     * @param   array  $users   array of users to be deleted
204f4476bd9SJan Schumann     * @return  int             the number of users deleted
205f4476bd9SJan Schumann     */
206311f4603SAndreas Gohr    public function deleteUsers($users) {
207f4476bd9SJan Schumann        global $config_cascade;
208f4476bd9SJan Schumann
209f4476bd9SJan Schumann        if(!is_array($users) || empty($users)) return 0;
210f4476bd9SJan Schumann
211f4476bd9SJan Schumann        if($this->users === null) $this->_loadUserData();
212f4476bd9SJan Schumann
213f4476bd9SJan Schumann        $deleted = array();
214f4476bd9SJan Schumann        foreach($users as $user) {
215f4476bd9SJan Schumann            if(isset($this->users[$user])) $deleted[] = preg_quote($user, '/');
216f4476bd9SJan Schumann        }
217f4476bd9SJan Schumann
218f4476bd9SJan Schumann        if(empty($deleted)) return 0;
219f4476bd9SJan Schumann
220f4476bd9SJan Schumann        $pattern = '/^('.join('|', $deleted).'):/';
2219d24536dSAndreas Gohr        io_deleteFromFile($config_cascade['plainauth.users']['default'], $pattern, true);
222f4476bd9SJan Schumann
2239d24536dSAndreas Gohr        // reload the user list and count the difference
224f4476bd9SJan Schumann        $count = count($this->users);
225f4476bd9SJan Schumann        $this->_loadUserData();
226f4476bd9SJan Schumann        $count -= count($this->users);
227f4476bd9SJan Schumann        return $count;
228f4476bd9SJan Schumann    }
229f4476bd9SJan Schumann
230f4476bd9SJan Schumann    /**
231f4476bd9SJan Schumann     * Return a count of the number of user which meet $filter criteria
232f4476bd9SJan Schumann     *
233f4476bd9SJan Schumann     * @author  Chris Smith <chris@jalakai.co.uk>
234311f4603SAndreas Gohr     *
235311f4603SAndreas Gohr     * @param array $filter
236311f4603SAndreas Gohr     * @return int
237f4476bd9SJan Schumann     */
238311f4603SAndreas Gohr    public function getUserCount($filter = array()) {
239f4476bd9SJan Schumann
240f4476bd9SJan Schumann        if($this->users === null) $this->_loadUserData();
241f4476bd9SJan Schumann
242f4476bd9SJan Schumann        if(!count($filter)) return count($this->users);
243f4476bd9SJan Schumann
244f4476bd9SJan Schumann        $count = 0;
245f4476bd9SJan Schumann        $this->_constructPattern($filter);
246f4476bd9SJan Schumann
247f4476bd9SJan Schumann        foreach($this->users as $user => $info) {
248f4476bd9SJan Schumann            $count += $this->_filter($user, $info);
249f4476bd9SJan Schumann        }
250f4476bd9SJan Schumann
251f4476bd9SJan Schumann        return $count;
252f4476bd9SJan Schumann    }
253f4476bd9SJan Schumann
254f4476bd9SJan Schumann    /**
255f4476bd9SJan Schumann     * Bulk retrieval of user data
256f4476bd9SJan Schumann     *
257f4476bd9SJan Schumann     * @author  Chris Smith <chris@jalakai.co.uk>
258311f4603SAndreas Gohr     *
259311f4603SAndreas Gohr     * @param   int   $start index of first user to be returned
260311f4603SAndreas Gohr     * @param   int   $limit max number of users to be returned
261311f4603SAndreas Gohr     * @param   array $filter array of field/pattern pairs
262311f4603SAndreas Gohr     * @return  array userinfo (refer getUserData for internal userinfo details)
263f4476bd9SJan Schumann     */
264311f4603SAndreas Gohr    public function retrieveUsers($start = 0, $limit = 0, $filter = array()) {
265f4476bd9SJan Schumann
266f4476bd9SJan Schumann        if($this->users === null) $this->_loadUserData();
267f4476bd9SJan Schumann
268f4476bd9SJan Schumann        ksort($this->users);
269f4476bd9SJan Schumann
270f4476bd9SJan Schumann        $i     = 0;
271f4476bd9SJan Schumann        $count = 0;
272f4476bd9SJan Schumann        $out   = array();
273f4476bd9SJan Schumann        $this->_constructPattern($filter);
274f4476bd9SJan Schumann
275f4476bd9SJan Schumann        foreach($this->users as $user => $info) {
276f4476bd9SJan Schumann            if($this->_filter($user, $info)) {
277f4476bd9SJan Schumann                if($i >= $start) {
278f4476bd9SJan Schumann                    $out[$user] = $info;
279f4476bd9SJan Schumann                    $count++;
280f4476bd9SJan Schumann                    if(($limit > 0) && ($count >= $limit)) break;
281f4476bd9SJan Schumann                }
282f4476bd9SJan Schumann                $i++;
283f4476bd9SJan Schumann            }
284f4476bd9SJan Schumann        }
285f4476bd9SJan Schumann
286f4476bd9SJan Schumann        return $out;
287f4476bd9SJan Schumann    }
288f4476bd9SJan Schumann
289f4476bd9SJan Schumann    /**
290f4476bd9SJan Schumann     * Only valid pageid's (no namespaces) for usernames
291311f4603SAndreas Gohr     *
292311f4603SAndreas Gohr     * @param string $user
293311f4603SAndreas Gohr     * @return string
294f4476bd9SJan Schumann     */
295311f4603SAndreas Gohr    public function cleanUser($user) {
296f4476bd9SJan Schumann        global $conf;
297f4476bd9SJan Schumann        return cleanID(str_replace(':', $conf['sepchar'], $user));
298f4476bd9SJan Schumann    }
299f4476bd9SJan Schumann
300f4476bd9SJan Schumann    /**
301f4476bd9SJan Schumann     * Only valid pageid's (no namespaces) for groupnames
302311f4603SAndreas Gohr     *
303311f4603SAndreas Gohr     * @param string $group
304311f4603SAndreas Gohr     * @return string
305f4476bd9SJan Schumann     */
306311f4603SAndreas Gohr    public function cleanGroup($group) {
307f4476bd9SJan Schumann        global $conf;
308f4476bd9SJan Schumann        return cleanID(str_replace(':', $conf['sepchar'], $group));
309f4476bd9SJan Schumann    }
310f4476bd9SJan Schumann
311f4476bd9SJan Schumann    /**
312f4476bd9SJan Schumann     * Load all user data
313f4476bd9SJan Schumann     *
314f4476bd9SJan Schumann     * loads the user file into a datastructure
315f4476bd9SJan Schumann     *
316f4476bd9SJan Schumann     * @author  Andreas Gohr <andi@splitbrain.org>
317f4476bd9SJan Schumann     */
318311f4603SAndreas Gohr    protected function _loadUserData() {
319f4476bd9SJan Schumann        global $config_cascade;
320f4476bd9SJan Schumann
321f4476bd9SJan Schumann        $this->users = array();
322f4476bd9SJan Schumann
323f4476bd9SJan Schumann        if(!@file_exists($config_cascade['plainauth.users']['default'])) return;
324f4476bd9SJan Schumann
325f4476bd9SJan Schumann        $lines = file($config_cascade['plainauth.users']['default']);
326f4476bd9SJan Schumann        foreach($lines as $line) {
327f4476bd9SJan Schumann            $line = preg_replace('/#.*$/', '', $line); //ignore comments
328f4476bd9SJan Schumann            $line = trim($line);
329f4476bd9SJan Schumann            if(empty($line)) continue;
330f4476bd9SJan Schumann
331f95ecbbfSAngus Gratton            /* NB: preg_split can be deprecated/replaced with str_getcsv once dokuwiki is min php 5.3 */
332f95ecbbfSAngus Gratton            $row = preg_split('/(?<![^\\\\]\\\\)\:/', $line, 5); // allow for : escaped as \:
333f95ecbbfSAngus Gratton            $row = str_replace('\\:', ':', $row);
334f95ecbbfSAngus Gratton            $row = str_replace('\\\\', '\\', $row);
335f95ecbbfSAngus Gratton
336f4476bd9SJan Schumann            $groups = array_values(array_filter(explode(",", $row[4])));
337f4476bd9SJan Schumann
338f4476bd9SJan Schumann            $this->users[$row[0]]['pass'] = $row[1];
339f4476bd9SJan Schumann            $this->users[$row[0]]['name'] = urldecode($row[2]);
340f4476bd9SJan Schumann            $this->users[$row[0]]['mail'] = $row[3];
341f4476bd9SJan Schumann            $this->users[$row[0]]['grps'] = $groups;
342f4476bd9SJan Schumann        }
343f4476bd9SJan Schumann    }
344f4476bd9SJan Schumann
345f4476bd9SJan Schumann    /**
346311f4603SAndreas Gohr     * return true if $user + $info match $filter criteria, false otherwise
347f4476bd9SJan Schumann     *
348f4476bd9SJan Schumann     * @author   Chris Smith <chris@jalakai.co.uk>
349311f4603SAndreas Gohr     *
350311f4603SAndreas Gohr     * @param string $user User login
351311f4603SAndreas Gohr     * @param array  $info User's userinfo array
352311f4603SAndreas Gohr     * @return bool
353f4476bd9SJan Schumann     */
354311f4603SAndreas Gohr    protected function _filter($user, $info) {
355f4476bd9SJan Schumann        foreach($this->_pattern as $item => $pattern) {
356f4476bd9SJan Schumann            if($item == 'user') {
357311f4603SAndreas Gohr                if(!preg_match($pattern, $user)) return false;
358f4476bd9SJan Schumann            } else if($item == 'grps') {
359311f4603SAndreas Gohr                if(!count(preg_grep($pattern, $info['grps']))) return false;
360f4476bd9SJan Schumann            } else {
361311f4603SAndreas Gohr                if(!preg_match($pattern, $info[$item])) return false;
362f4476bd9SJan Schumann            }
363f4476bd9SJan Schumann        }
364311f4603SAndreas Gohr        return true;
365f4476bd9SJan Schumann    }
366f4476bd9SJan Schumann
367311f4603SAndreas Gohr    /**
368311f4603SAndreas Gohr     * construct a filter pattern
369311f4603SAndreas Gohr     *
370311f4603SAndreas Gohr     * @param array $filter
371311f4603SAndreas Gohr     */
372311f4603SAndreas Gohr    protected function _constructPattern($filter) {
373f4476bd9SJan Schumann        $this->_pattern = array();
374f4476bd9SJan Schumann        foreach($filter as $item => $pattern) {
375f4476bd9SJan Schumann            $this->_pattern[$item] = '/'.str_replace('/', '\/', $pattern).'/i'; // allow regex characters
376f4476bd9SJan Schumann        }
377f4476bd9SJan Schumann    }
378f4476bd9SJan Schumann}