1f4476bd9SJan Schumann<?php 2f4476bd9SJan Schumann// must be run within Dokuwiki 3f4476bd9SJan Schumannif(!defined('DOKU_INC')) die(); 4f4476bd9SJan Schumann 5f4476bd9SJan Schumann/** 6f4476bd9SJan Schumann * Plaintext authentication backend 7f4476bd9SJan Schumann * 8f4476bd9SJan Schumann * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) 9f4476bd9SJan Schumann * @author Andreas Gohr <andi@splitbrain.org> 10f4476bd9SJan Schumann * @author Chris Smith <chris@jalakai.co.uk> 11f4476bd9SJan Schumann * @author Jan Schumann <js@schumann-it.com> 12f4476bd9SJan Schumann */ 1393a7873eSAndreas Gohrclass auth_plugin_authplain extends DokuWiki_Auth_Plugin { 14311f4603SAndreas Gohr /** @var array user cache */ 15311f4603SAndreas Gohr protected $users = null; 16311f4603SAndreas Gohr 17311f4603SAndreas Gohr /** @var array filter pattern */ 18311f4603SAndreas Gohr protected $_pattern = array(); 19f4476bd9SJan Schumann 20*6c8c1f46SChristopher Smith /** @var bool safe version of preg_split */ 21*6c8c1f46SChristopher Smith protected $_pregsplit_safe = false; 22*6c8c1f46SChristopher Smith 23f4476bd9SJan Schumann /** 24f4476bd9SJan Schumann * Constructor 25f4476bd9SJan Schumann * 26f4476bd9SJan Schumann * Carry out sanity checks to ensure the object is 27f4476bd9SJan Schumann * able to operate. Set capabilities. 28f4476bd9SJan Schumann * 29f4476bd9SJan Schumann * @author Christopher Smith <chris@jalakai.co.uk> 30f4476bd9SJan Schumann */ 31311f4603SAndreas Gohr public function __construct() { 32454d868bSAndreas Gohr parent::__construct(); 33f4476bd9SJan Schumann global $config_cascade; 34f4476bd9SJan Schumann 35f4476bd9SJan Schumann if(!@is_readable($config_cascade['plainauth.users']['default'])) { 36f4476bd9SJan Schumann $this->success = false; 37f4476bd9SJan Schumann } else { 38f4476bd9SJan Schumann if(@is_writable($config_cascade['plainauth.users']['default'])) { 39f4476bd9SJan Schumann $this->cando['addUser'] = true; 40f4476bd9SJan Schumann $this->cando['delUser'] = true; 41f4476bd9SJan Schumann $this->cando['modLogin'] = true; 42f4476bd9SJan Schumann $this->cando['modPass'] = true; 43f4476bd9SJan Schumann $this->cando['modName'] = true; 44f4476bd9SJan Schumann $this->cando['modMail'] = true; 45f4476bd9SJan Schumann $this->cando['modGroups'] = true; 46f4476bd9SJan Schumann } 47f4476bd9SJan Schumann $this->cando['getUsers'] = true; 48f4476bd9SJan Schumann $this->cando['getUserCount'] = true; 49f4476bd9SJan Schumann } 50*6c8c1f46SChristopher Smith 51*6c8c1f46SChristopher Smith $this->_pregsplit_safe = version_compare(PCRE_VERSION,'6.7','>='); 52f4476bd9SJan Schumann } 53f4476bd9SJan Schumann 54f4476bd9SJan Schumann /** 55311f4603SAndreas Gohr * Check user+password 56f4476bd9SJan Schumann * 57f4476bd9SJan Schumann * Checks if the given user exists and the given 58f4476bd9SJan Schumann * plaintext password is correct 59f4476bd9SJan Schumann * 60f4476bd9SJan Schumann * @author Andreas Gohr <andi@splitbrain.org> 61311f4603SAndreas Gohr * @param string $user 62311f4603SAndreas Gohr * @param string $pass 63f4476bd9SJan Schumann * @return bool 64f4476bd9SJan Schumann */ 65311f4603SAndreas Gohr public function checkPass($user, $pass) { 66f4476bd9SJan Schumann $userinfo = $this->getUserData($user); 67f4476bd9SJan Schumann if($userinfo === false) return false; 68f4476bd9SJan Schumann 69f4476bd9SJan Schumann return auth_verifyPassword($pass, $this->users[$user]['pass']); 70f4476bd9SJan Schumann } 71f4476bd9SJan Schumann 72f4476bd9SJan Schumann /** 73f4476bd9SJan Schumann * Return user info 74f4476bd9SJan Schumann * 75f4476bd9SJan Schumann * Returns info about the given user needs to contain 76f4476bd9SJan Schumann * at least these fields: 77f4476bd9SJan Schumann * 78f4476bd9SJan Schumann * name string full name of the user 79f4476bd9SJan Schumann * mail string email addres of the user 80f4476bd9SJan Schumann * grps array list of groups the user is in 81f4476bd9SJan Schumann * 82f4476bd9SJan Schumann * @author Andreas Gohr <andi@splitbrain.org> 83311f4603SAndreas Gohr * @param string $user 842046a654SChristopher Smith * @param bool $requireGroups (optional) ignored by this plugin, grps info always supplied 85311f4603SAndreas Gohr * @return array|bool 86f4476bd9SJan Schumann */ 872046a654SChristopher Smith public function getUserData($user, $requireGroups=true) { 88f4476bd9SJan Schumann if($this->users === null) $this->_loadUserData(); 89f4476bd9SJan Schumann return isset($this->users[$user]) ? $this->users[$user] : false; 90f4476bd9SJan Schumann } 91f4476bd9SJan Schumann 92f4476bd9SJan Schumann /** 93f95ecbbfSAngus Gratton * Creates a string suitable for saving as a line 94f95ecbbfSAngus Gratton * in the file database 95f95ecbbfSAngus Gratton * (delimiters escaped, etc.) 96f95ecbbfSAngus Gratton * 97f95ecbbfSAngus Gratton * @param string $user 98f95ecbbfSAngus Gratton * @param string $pass 99f95ecbbfSAngus Gratton * @param string $name 100f95ecbbfSAngus Gratton * @param string $mail 101f95ecbbfSAngus Gratton * @param array $grps list of groups the user is in 102f95ecbbfSAngus Gratton * @return string 103f95ecbbfSAngus Gratton */ 104f95ecbbfSAngus Gratton protected function _createUserLine($user, $pass, $name, $mail, $grps) { 105f95ecbbfSAngus Gratton $groups = join(',', $grps); 106f95ecbbfSAngus Gratton $userline = array($user, $pass, $name, $mail, $groups); 107f95ecbbfSAngus Gratton $userline = str_replace('\\', '\\\\', $userline); // escape \ as \\ 108f95ecbbfSAngus Gratton $userline = str_replace(':', '\\:', $userline); // escape : as \: 109f95ecbbfSAngus Gratton $userline = join(':', $userline)."\n"; 110f95ecbbfSAngus Gratton return $userline; 111f95ecbbfSAngus Gratton } 112f95ecbbfSAngus Gratton 113f95ecbbfSAngus Gratton /** 114f4476bd9SJan Schumann * Create a new User 115f4476bd9SJan Schumann * 116f4476bd9SJan Schumann * Returns false if the user already exists, null when an error 117f4476bd9SJan Schumann * occurred and true if everything went well. 118f4476bd9SJan Schumann * 119f4476bd9SJan Schumann * The new user will be added to the default group by this 120f4476bd9SJan Schumann * function if grps are not specified (default behaviour). 121f4476bd9SJan Schumann * 122f4476bd9SJan Schumann * @author Andreas Gohr <andi@splitbrain.org> 123f4476bd9SJan Schumann * @author Chris Smith <chris@jalakai.co.uk> 124311f4603SAndreas Gohr * 125311f4603SAndreas Gohr * @param string $user 126311f4603SAndreas Gohr * @param string $pwd 127311f4603SAndreas Gohr * @param string $name 128311f4603SAndreas Gohr * @param string $mail 129311f4603SAndreas Gohr * @param array $grps 130311f4603SAndreas Gohr * @return bool|null|string 131f4476bd9SJan Schumann */ 132311f4603SAndreas Gohr public function createUser($user, $pwd, $name, $mail, $grps = null) { 133f4476bd9SJan Schumann global $conf; 134f4476bd9SJan Schumann global $config_cascade; 135f4476bd9SJan Schumann 136f4476bd9SJan Schumann // user mustn't already exist 137f4476bd9SJan Schumann if($this->getUserData($user) !== false) return false; 138f4476bd9SJan Schumann 139f4476bd9SJan Schumann $pass = auth_cryptPassword($pwd); 140f4476bd9SJan Schumann 141f4476bd9SJan Schumann // set default group if no groups specified 142f4476bd9SJan Schumann if(!is_array($grps)) $grps = array($conf['defaultgroup']); 143f4476bd9SJan Schumann 144f4476bd9SJan Schumann // prepare user line 145f95ecbbfSAngus Gratton $userline = $this->_createUserLine($user, $pass, $name, $mail, $grps); 146f4476bd9SJan Schumann 147f4476bd9SJan Schumann if(io_saveFile($config_cascade['plainauth.users']['default'], $userline, true)) { 148f4476bd9SJan Schumann $this->users[$user] = compact('pass', 'name', 'mail', 'grps'); 149f4476bd9SJan Schumann return $pwd; 150f4476bd9SJan Schumann } 151f4476bd9SJan Schumann 152311f4603SAndreas Gohr msg( 153311f4603SAndreas Gohr 'The '.$config_cascade['plainauth.users']['default']. 154311f4603SAndreas Gohr ' file is not writable. Please inform the Wiki-Admin', -1 155311f4603SAndreas Gohr ); 156f4476bd9SJan Schumann return null; 157f4476bd9SJan Schumann } 158f4476bd9SJan Schumann 159f4476bd9SJan Schumann /** 160f4476bd9SJan Schumann * Modify user data 161f4476bd9SJan Schumann * 162f4476bd9SJan Schumann * @author Chris Smith <chris@jalakai.co.uk> 163311f4603SAndreas Gohr * @param string $user nick of the user to be changed 164311f4603SAndreas Gohr * @param array $changes array of field/value pairs to be changed (password will be clear text) 165f4476bd9SJan Schumann * @return bool 166f4476bd9SJan Schumann */ 167311f4603SAndreas Gohr public function modifyUser($user, $changes) { 168f4476bd9SJan Schumann global $ACT; 169f4476bd9SJan Schumann global $config_cascade; 170f4476bd9SJan Schumann 171f4476bd9SJan Schumann // sanity checks, user must already exist and there must be something to change 172f4476bd9SJan Schumann if(($userinfo = $this->getUserData($user)) === false) return false; 173f4476bd9SJan Schumann if(!is_array($changes) || !count($changes)) return true; 174f4476bd9SJan Schumann 175f4476bd9SJan Schumann // update userinfo with new data, remembering to encrypt any password 176f4476bd9SJan Schumann $newuser = $user; 177f4476bd9SJan Schumann foreach($changes as $field => $value) { 178f4476bd9SJan Schumann if($field == 'user') { 179f4476bd9SJan Schumann $newuser = $value; 180f4476bd9SJan Schumann continue; 181f4476bd9SJan Schumann } 182f4476bd9SJan Schumann if($field == 'pass') $value = auth_cryptPassword($value); 183f4476bd9SJan Schumann $userinfo[$field] = $value; 184f4476bd9SJan Schumann } 185f4476bd9SJan Schumann 186f95ecbbfSAngus Gratton $userline = $this->_createUserLine($newuser, $userinfo['pass'], $userinfo['name'], $userinfo['mail'], $userinfo['grps']); 187f4476bd9SJan Schumann 188f4476bd9SJan Schumann if(!$this->deleteUsers(array($user))) { 189f4476bd9SJan Schumann msg('Unable to modify user data. Please inform the Wiki-Admin', -1); 190f4476bd9SJan Schumann return false; 191f4476bd9SJan Schumann } 192f4476bd9SJan Schumann 193f4476bd9SJan Schumann if(!io_saveFile($config_cascade['plainauth.users']['default'], $userline, true)) { 194f4476bd9SJan Schumann msg('There was an error modifying your user data. You should register again.', -1); 195f4476bd9SJan Schumann // FIXME, user has been deleted but not recreated, should force a logout and redirect to login page 196311f4603SAndreas Gohr $ACT = 'register'; 197f4476bd9SJan Schumann return false; 198f4476bd9SJan Schumann } 199f4476bd9SJan Schumann 200f4476bd9SJan Schumann $this->users[$newuser] = $userinfo; 201f4476bd9SJan Schumann return true; 202f4476bd9SJan Schumann } 203f4476bd9SJan Schumann 204f4476bd9SJan Schumann /** 205f4476bd9SJan Schumann * Remove one or more users from the list of registered users 206f4476bd9SJan Schumann * 207f4476bd9SJan Schumann * @author Christopher Smith <chris@jalakai.co.uk> 208f4476bd9SJan Schumann * @param array $users array of users to be deleted 209f4476bd9SJan Schumann * @return int the number of users deleted 210f4476bd9SJan Schumann */ 211311f4603SAndreas Gohr public function deleteUsers($users) { 212f4476bd9SJan Schumann global $config_cascade; 213f4476bd9SJan Schumann 214f4476bd9SJan Schumann if(!is_array($users) || empty($users)) return 0; 215f4476bd9SJan Schumann 216f4476bd9SJan Schumann if($this->users === null) $this->_loadUserData(); 217f4476bd9SJan Schumann 218f4476bd9SJan Schumann $deleted = array(); 219f4476bd9SJan Schumann foreach($users as $user) { 220f4476bd9SJan Schumann if(isset($this->users[$user])) $deleted[] = preg_quote($user, '/'); 221f4476bd9SJan Schumann } 222f4476bd9SJan Schumann 223f4476bd9SJan Schumann if(empty($deleted)) return 0; 224f4476bd9SJan Schumann 225f4476bd9SJan Schumann $pattern = '/^('.join('|', $deleted).'):/'; 2269d24536dSAndreas Gohr io_deleteFromFile($config_cascade['plainauth.users']['default'], $pattern, true); 227f4476bd9SJan Schumann 2289d24536dSAndreas Gohr // reload the user list and count the difference 229f4476bd9SJan Schumann $count = count($this->users); 230f4476bd9SJan Schumann $this->_loadUserData(); 231f4476bd9SJan Schumann $count -= count($this->users); 232f4476bd9SJan Schumann return $count; 233f4476bd9SJan Schumann } 234f4476bd9SJan Schumann 235f4476bd9SJan Schumann /** 236f4476bd9SJan Schumann * Return a count of the number of user which meet $filter criteria 237f4476bd9SJan Schumann * 238f4476bd9SJan Schumann * @author Chris Smith <chris@jalakai.co.uk> 239311f4603SAndreas Gohr * 240311f4603SAndreas Gohr * @param array $filter 241311f4603SAndreas Gohr * @return int 242f4476bd9SJan Schumann */ 243311f4603SAndreas Gohr public function getUserCount($filter = array()) { 244f4476bd9SJan Schumann 245f4476bd9SJan Schumann if($this->users === null) $this->_loadUserData(); 246f4476bd9SJan Schumann 247f4476bd9SJan Schumann if(!count($filter)) return count($this->users); 248f4476bd9SJan Schumann 249f4476bd9SJan Schumann $count = 0; 250f4476bd9SJan Schumann $this->_constructPattern($filter); 251f4476bd9SJan Schumann 252f4476bd9SJan Schumann foreach($this->users as $user => $info) { 253f4476bd9SJan Schumann $count += $this->_filter($user, $info); 254f4476bd9SJan Schumann } 255f4476bd9SJan Schumann 256f4476bd9SJan Schumann return $count; 257f4476bd9SJan Schumann } 258f4476bd9SJan Schumann 259f4476bd9SJan Schumann /** 260f4476bd9SJan Schumann * Bulk retrieval of user data 261f4476bd9SJan Schumann * 262f4476bd9SJan Schumann * @author Chris Smith <chris@jalakai.co.uk> 263311f4603SAndreas Gohr * 264311f4603SAndreas Gohr * @param int $start index of first user to be returned 265311f4603SAndreas Gohr * @param int $limit max number of users to be returned 266311f4603SAndreas Gohr * @param array $filter array of field/pattern pairs 267311f4603SAndreas Gohr * @return array userinfo (refer getUserData for internal userinfo details) 268f4476bd9SJan Schumann */ 269311f4603SAndreas Gohr public function retrieveUsers($start = 0, $limit = 0, $filter = array()) { 270f4476bd9SJan Schumann 271f4476bd9SJan Schumann if($this->users === null) $this->_loadUserData(); 272f4476bd9SJan Schumann 273f4476bd9SJan Schumann ksort($this->users); 274f4476bd9SJan Schumann 275f4476bd9SJan Schumann $i = 0; 276f4476bd9SJan Schumann $count = 0; 277f4476bd9SJan Schumann $out = array(); 278f4476bd9SJan Schumann $this->_constructPattern($filter); 279f4476bd9SJan Schumann 280f4476bd9SJan Schumann foreach($this->users as $user => $info) { 281f4476bd9SJan Schumann if($this->_filter($user, $info)) { 282f4476bd9SJan Schumann if($i >= $start) { 283f4476bd9SJan Schumann $out[$user] = $info; 284f4476bd9SJan Schumann $count++; 285f4476bd9SJan Schumann if(($limit > 0) && ($count >= $limit)) break; 286f4476bd9SJan Schumann } 287f4476bd9SJan Schumann $i++; 288f4476bd9SJan Schumann } 289f4476bd9SJan Schumann } 290f4476bd9SJan Schumann 291f4476bd9SJan Schumann return $out; 292f4476bd9SJan Schumann } 293f4476bd9SJan Schumann 294f4476bd9SJan Schumann /** 295f4476bd9SJan Schumann * Only valid pageid's (no namespaces) for usernames 296311f4603SAndreas Gohr * 297311f4603SAndreas Gohr * @param string $user 298311f4603SAndreas Gohr * @return string 299f4476bd9SJan Schumann */ 300311f4603SAndreas Gohr public function cleanUser($user) { 301f4476bd9SJan Schumann global $conf; 302f4476bd9SJan Schumann return cleanID(str_replace(':', $conf['sepchar'], $user)); 303f4476bd9SJan Schumann } 304f4476bd9SJan Schumann 305f4476bd9SJan Schumann /** 306f4476bd9SJan Schumann * Only valid pageid's (no namespaces) for groupnames 307311f4603SAndreas Gohr * 308311f4603SAndreas Gohr * @param string $group 309311f4603SAndreas Gohr * @return string 310f4476bd9SJan Schumann */ 311311f4603SAndreas Gohr public function cleanGroup($group) { 312f4476bd9SJan Schumann global $conf; 313f4476bd9SJan Schumann return cleanID(str_replace(':', $conf['sepchar'], $group)); 314f4476bd9SJan Schumann } 315f4476bd9SJan Schumann 316f4476bd9SJan Schumann /** 317f4476bd9SJan Schumann * Load all user data 318f4476bd9SJan Schumann * 319f4476bd9SJan Schumann * loads the user file into a datastructure 320f4476bd9SJan Schumann * 321f4476bd9SJan Schumann * @author Andreas Gohr <andi@splitbrain.org> 322f4476bd9SJan Schumann */ 323311f4603SAndreas Gohr protected function _loadUserData() { 324f4476bd9SJan Schumann global $config_cascade; 325f4476bd9SJan Schumann 326f4476bd9SJan Schumann $this->users = array(); 327f4476bd9SJan Schumann 328f4476bd9SJan Schumann if(!@file_exists($config_cascade['plainauth.users']['default'])) return; 329f4476bd9SJan Schumann 330f4476bd9SJan Schumann $lines = file($config_cascade['plainauth.users']['default']); 331f4476bd9SJan Schumann foreach($lines as $line) { 332f4476bd9SJan Schumann $line = preg_replace('/#.*$/', '', $line); //ignore comments 333f4476bd9SJan Schumann $line = trim($line); 334f4476bd9SJan Schumann if(empty($line)) continue; 335f4476bd9SJan Schumann 336f95ecbbfSAngus Gratton /* NB: preg_split can be deprecated/replaced with str_getcsv once dokuwiki is min php 5.3 */ 337*6c8c1f46SChristopher Smith $row = $this->_splitUserData($line); 338f95ecbbfSAngus Gratton $row = str_replace('\\:', ':', $row); 339f95ecbbfSAngus Gratton $row = str_replace('\\\\', '\\', $row); 340f95ecbbfSAngus Gratton 341f4476bd9SJan Schumann $groups = array_values(array_filter(explode(",", $row[4]))); 342f4476bd9SJan Schumann 343f4476bd9SJan Schumann $this->users[$row[0]]['pass'] = $row[1]; 344f4476bd9SJan Schumann $this->users[$row[0]]['name'] = urldecode($row[2]); 345f4476bd9SJan Schumann $this->users[$row[0]]['mail'] = $row[3]; 346f4476bd9SJan Schumann $this->users[$row[0]]['grps'] = $groups; 347f4476bd9SJan Schumann } 348f4476bd9SJan Schumann } 349f4476bd9SJan Schumann 350*6c8c1f46SChristopher Smith protected function _splitUserData($line){ 351*6c8c1f46SChristopher Smith // due to a bug in PCRE 6.6, preg_split will fail with the regex we use here 352*6c8c1f46SChristopher Smith // refer github issues 877 & 885 353*6c8c1f46SChristopher Smith if ($this->_pregsplit_safe){ 354*6c8c1f46SChristopher Smith return preg_split('/(?<![^\\\\]\\\\)\:/', $line, 5); // allow for : escaped as \: 355*6c8c1f46SChristopher Smith } 356*6c8c1f46SChristopher Smith 357*6c8c1f46SChristopher Smith $row = array(); 358*6c8c1f46SChristopher Smith $piece = ''; 359*6c8c1f46SChristopher Smith for($i=0; $i<strlen($line); $i++){ 360*6c8c1f46SChristopher Smith if ($line[$i]=='\\'){ 361*6c8c1f46SChristopher Smith $i++; 362*6c8c1f46SChristopher Smith } else if ($line[$i]==':'){ 363*6c8c1f46SChristopher Smith $row[] = $piece; 364*6c8c1f46SChristopher Smith $piece = ''; 365*6c8c1f46SChristopher Smith continue; 366*6c8c1f46SChristopher Smith } 367*6c8c1f46SChristopher Smith $piece .= $line[$i]; 368*6c8c1f46SChristopher Smith } 369*6c8c1f46SChristopher Smith $row[] = $piece; 370*6c8c1f46SChristopher Smith 371*6c8c1f46SChristopher Smith return $row; 372*6c8c1f46SChristopher Smith } 373*6c8c1f46SChristopher Smith 374f4476bd9SJan Schumann /** 375311f4603SAndreas Gohr * return true if $user + $info match $filter criteria, false otherwise 376f4476bd9SJan Schumann * 377f4476bd9SJan Schumann * @author Chris Smith <chris@jalakai.co.uk> 378311f4603SAndreas Gohr * 379311f4603SAndreas Gohr * @param string $user User login 380311f4603SAndreas Gohr * @param array $info User's userinfo array 381311f4603SAndreas Gohr * @return bool 382f4476bd9SJan Schumann */ 383311f4603SAndreas Gohr protected function _filter($user, $info) { 384f4476bd9SJan Schumann foreach($this->_pattern as $item => $pattern) { 385f4476bd9SJan Schumann if($item == 'user') { 386311f4603SAndreas Gohr if(!preg_match($pattern, $user)) return false; 387f4476bd9SJan Schumann } else if($item == 'grps') { 388311f4603SAndreas Gohr if(!count(preg_grep($pattern, $info['grps']))) return false; 389f4476bd9SJan Schumann } else { 390311f4603SAndreas Gohr if(!preg_match($pattern, $info[$item])) return false; 391f4476bd9SJan Schumann } 392f4476bd9SJan Schumann } 393311f4603SAndreas Gohr return true; 394f4476bd9SJan Schumann } 395f4476bd9SJan Schumann 396311f4603SAndreas Gohr /** 397311f4603SAndreas Gohr * construct a filter pattern 398311f4603SAndreas Gohr * 399311f4603SAndreas Gohr * @param array $filter 400311f4603SAndreas Gohr */ 401311f4603SAndreas Gohr protected function _constructPattern($filter) { 402f4476bd9SJan Schumann $this->_pattern = array(); 403f4476bd9SJan Schumann foreach($filter as $item => $pattern) { 404f4476bd9SJan Schumann $this->_pattern[$item] = '/'.str_replace('/', '\/', $pattern).'/i'; // allow regex characters 405f4476bd9SJan Schumann } 406f4476bd9SJan Schumann } 407f4476bd9SJan Schumann}