xref: /dokuwiki/lib/plugins/authplain/auth.php (revision f95ecbbf8b1de8bc1270d3cf91dfdf055ea5c78c) 
1f4476bd9SJan Schumann<?php
2f4476bd9SJan Schumann// must be run within Dokuwiki
3f4476bd9SJan Schumannif(!defined('DOKU_INC')) die();
4f4476bd9SJan Schumann
5f4476bd9SJan Schumann/**
6f4476bd9SJan Schumann * Plaintext authentication backend
7f4476bd9SJan Schumann *
8f4476bd9SJan Schumann * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
9f4476bd9SJan Schumann * @author     Andreas Gohr <andi@splitbrain.org>
10f4476bd9SJan Schumann * @author     Chris Smith <chris@jalakai.co.uk>
11f4476bd9SJan Schumann * @author     Jan Schumann <js@schumann-it.com>
12f4476bd9SJan Schumann */
1393a7873eSAndreas Gohrclass auth_plugin_authplain extends DokuWiki_Auth_Plugin {
14311f4603SAndreas Gohr    /** @var array user cache */
15311f4603SAndreas Gohr    protected $users = null;
16311f4603SAndreas Gohr
17311f4603SAndreas Gohr    /** @var array filter pattern */
18311f4603SAndreas Gohr    protected $_pattern = array();
19f4476bd9SJan Schumann
20f4476bd9SJan Schumann    /**
21f4476bd9SJan Schumann     * Constructor
22f4476bd9SJan Schumann     *
23f4476bd9SJan Schumann     * Carry out sanity checks to ensure the object is
24f4476bd9SJan Schumann     * able to operate. Set capabilities.
25f4476bd9SJan Schumann     *
26f4476bd9SJan Schumann     * @author  Christopher Smith <chris@jalakai.co.uk>
27f4476bd9SJan Schumann     */
28311f4603SAndreas Gohr    public function __construct() {
29454d868bSAndreas Gohr        parent::__construct();
30f4476bd9SJan Schumann        global $config_cascade;
31f4476bd9SJan Schumann
32f4476bd9SJan Schumann        if(!@is_readable($config_cascade['plainauth.users']['default'])) {
33f4476bd9SJan Schumann            $this->success = false;
34f4476bd9SJan Schumann        } else {
35f4476bd9SJan Schumann            if(@is_writable($config_cascade['plainauth.users']['default'])) {
36f4476bd9SJan Schumann                $this->cando['addUser']   = true;
37f4476bd9SJan Schumann                $this->cando['delUser']   = true;
38f4476bd9SJan Schumann                $this->cando['modLogin']  = true;
39f4476bd9SJan Schumann                $this->cando['modPass']   = true;
40f4476bd9SJan Schumann                $this->cando['modName']   = true;
41f4476bd9SJan Schumann                $this->cando['modMail']   = true;
42f4476bd9SJan Schumann                $this->cando['modGroups'] = true;
43f4476bd9SJan Schumann            }
44f4476bd9SJan Schumann            $this->cando['getUsers']     = true;
45f4476bd9SJan Schumann            $this->cando['getUserCount'] = true;
46f4476bd9SJan Schumann        }
47f4476bd9SJan Schumann    }
48f4476bd9SJan Schumann
49f4476bd9SJan Schumann    /**
50311f4603SAndreas Gohr     * Check user+password
51f4476bd9SJan Schumann     *
52f4476bd9SJan Schumann     * Checks if the given user exists and the given
53f4476bd9SJan Schumann     * plaintext password is correct
54f4476bd9SJan Schumann     *
55f4476bd9SJan Schumann     * @author  Andreas Gohr <andi@splitbrain.org>
56311f4603SAndreas Gohr     * @param string $user
57311f4603SAndreas Gohr     * @param string $pass
58f4476bd9SJan Schumann     * @return  bool
59f4476bd9SJan Schumann     */
60311f4603SAndreas Gohr    public function checkPass($user, $pass) {
61f4476bd9SJan Schumann        $userinfo = $this->getUserData($user);
62f4476bd9SJan Schumann        if($userinfo === false) return false;
63f4476bd9SJan Schumann
64f4476bd9SJan Schumann        return auth_verifyPassword($pass, $this->users[$user]['pass']);
65f4476bd9SJan Schumann    }
66f4476bd9SJan Schumann
67f4476bd9SJan Schumann    /**
68f4476bd9SJan Schumann     * Return user info
69f4476bd9SJan Schumann     *
70f4476bd9SJan Schumann     * Returns info about the given user needs to contain
71f4476bd9SJan Schumann     * at least these fields:
72f4476bd9SJan Schumann     *
73f4476bd9SJan Schumann     * name string  full name of the user
74f4476bd9SJan Schumann     * mail string  email addres of the user
75f4476bd9SJan Schumann     * grps array   list of groups the user is in
76f4476bd9SJan Schumann     *
77f4476bd9SJan Schumann     * @author  Andreas Gohr <andi@splitbrain.org>
78311f4603SAndreas Gohr     * @param string $user
79311f4603SAndreas Gohr     * @return array|bool
80f4476bd9SJan Schumann     */
81311f4603SAndreas Gohr    public function getUserData($user) {
82f4476bd9SJan Schumann        if($this->users === null) $this->_loadUserData();
83f4476bd9SJan Schumann        return isset($this->users[$user]) ? $this->users[$user] : false;
84f4476bd9SJan Schumann    }
85f4476bd9SJan Schumann
86f4476bd9SJan Schumann    /**
87*f95ecbbfSAngus Gratton     * Creates a string suitable for saving as a line
88*f95ecbbfSAngus Gratton     * in the file database
89*f95ecbbfSAngus Gratton     * (delimiters escaped, etc.)
90*f95ecbbfSAngus Gratton     *
91*f95ecbbfSAngus Gratton     * @param string $user
92*f95ecbbfSAngus Gratton     * @param string $pass
93*f95ecbbfSAngus Gratton     * @param string $name
94*f95ecbbfSAngus Gratton     * @param string $mail
95*f95ecbbfSAngus Gratton     * @param array  $grps list of groups the user is in
96*f95ecbbfSAngus Gratton     * @return string
97*f95ecbbfSAngus Gratton     */
98*f95ecbbfSAngus Gratton    protected function _createUserLine($user, $pass, $name, $mail, $grps) {
99*f95ecbbfSAngus Gratton        $groups   = join(',', $grps);
100*f95ecbbfSAngus Gratton        $userline = array($user, $pass, $name, $mail, $groups);
101*f95ecbbfSAngus Gratton        $userline = str_replace('\\', '\\\\', $userline); // escape \ as \\
102*f95ecbbfSAngus Gratton        $userline = str_replace(':', '\\:', $userline); // escape : as \:
103*f95ecbbfSAngus Gratton        $userline = join(':', $userline)."\n";
104*f95ecbbfSAngus Gratton        return $userline;
105*f95ecbbfSAngus Gratton    }
106*f95ecbbfSAngus Gratton
107*f95ecbbfSAngus Gratton    /**
108f4476bd9SJan Schumann     * Create a new User
109f4476bd9SJan Schumann     *
110f4476bd9SJan Schumann     * Returns false if the user already exists, null when an error
111f4476bd9SJan Schumann     * occurred and true if everything went well.
112f4476bd9SJan Schumann     *
113f4476bd9SJan Schumann     * The new user will be added to the default group by this
114f4476bd9SJan Schumann     * function if grps are not specified (default behaviour).
115f4476bd9SJan Schumann     *
116f4476bd9SJan Schumann     * @author  Andreas Gohr <andi@splitbrain.org>
117f4476bd9SJan Schumann     * @author  Chris Smith <chris@jalakai.co.uk>
118311f4603SAndreas Gohr     *
119311f4603SAndreas Gohr     * @param string $user
120311f4603SAndreas Gohr     * @param string $pwd
121311f4603SAndreas Gohr     * @param string $name
122311f4603SAndreas Gohr     * @param string $mail
123311f4603SAndreas Gohr     * @param array  $grps
124311f4603SAndreas Gohr     * @return bool|null|string
125f4476bd9SJan Schumann     */
126311f4603SAndreas Gohr    public function createUser($user, $pwd, $name, $mail, $grps = null) {
127f4476bd9SJan Schumann        global $conf;
128f4476bd9SJan Schumann        global $config_cascade;
129f4476bd9SJan Schumann
130f4476bd9SJan Schumann        // user mustn't already exist
131f4476bd9SJan Schumann        if($this->getUserData($user) !== false) return false;
132f4476bd9SJan Schumann
133f4476bd9SJan Schumann        $pass = auth_cryptPassword($pwd);
134f4476bd9SJan Schumann
135f4476bd9SJan Schumann        // set default group if no groups specified
136f4476bd9SJan Schumann        if(!is_array($grps)) $grps = array($conf['defaultgroup']);
137f4476bd9SJan Schumann
138f4476bd9SJan Schumann        // prepare user line
139*f95ecbbfSAngus Gratton        $userline = $this->_createUserLine($user, $pass, $name, $mail, $grps);
140f4476bd9SJan Schumann
141f4476bd9SJan Schumann        if(io_saveFile($config_cascade['plainauth.users']['default'], $userline, true)) {
142f4476bd9SJan Schumann            $this->users[$user] = compact('pass', 'name', 'mail', 'grps');
143f4476bd9SJan Schumann            return $pwd;
144f4476bd9SJan Schumann        }
145f4476bd9SJan Schumann
146311f4603SAndreas Gohr        msg(
147311f4603SAndreas Gohr            'The '.$config_cascade['plainauth.users']['default'].
148311f4603SAndreas Gohr                ' file is not writable. Please inform the Wiki-Admin', -1
149311f4603SAndreas Gohr        );
150f4476bd9SJan Schumann        return null;
151f4476bd9SJan Schumann    }
152f4476bd9SJan Schumann
153f4476bd9SJan Schumann    /**
154f4476bd9SJan Schumann     * Modify user data
155f4476bd9SJan Schumann     *
156f4476bd9SJan Schumann     * @author  Chris Smith <chris@jalakai.co.uk>
157311f4603SAndreas Gohr     * @param   string $user      nick of the user to be changed
158311f4603SAndreas Gohr     * @param   array  $changes   array of field/value pairs to be changed (password will be clear text)
159f4476bd9SJan Schumann     * @return  bool
160f4476bd9SJan Schumann     */
161311f4603SAndreas Gohr    public function modifyUser($user, $changes) {
162f4476bd9SJan Schumann        global $ACT;
163f4476bd9SJan Schumann        global $config_cascade;
164f4476bd9SJan Schumann
165f4476bd9SJan Schumann        // sanity checks, user must already exist and there must be something to change
166f4476bd9SJan Schumann        if(($userinfo = $this->getUserData($user)) === false) return false;
167f4476bd9SJan Schumann        if(!is_array($changes) || !count($changes)) return true;
168f4476bd9SJan Schumann
169f4476bd9SJan Schumann        // update userinfo with new data, remembering to encrypt any password
170f4476bd9SJan Schumann        $newuser = $user;
171f4476bd9SJan Schumann        foreach($changes as $field => $value) {
172f4476bd9SJan Schumann            if($field == 'user') {
173f4476bd9SJan Schumann                $newuser = $value;
174f4476bd9SJan Schumann                continue;
175f4476bd9SJan Schumann            }
176f4476bd9SJan Schumann            if($field == 'pass') $value = auth_cryptPassword($value);
177f4476bd9SJan Schumann            $userinfo[$field] = $value;
178f4476bd9SJan Schumann        }
179f4476bd9SJan Schumann
180*f95ecbbfSAngus Gratton        $userline = $this->_createUserLine($newuser, $userinfo['pass'], $userinfo['name'], $userinfo['mail'], $userinfo['grps']);
181f4476bd9SJan Schumann
182f4476bd9SJan Schumann        if(!$this->deleteUsers(array($user))) {
183f4476bd9SJan Schumann            msg('Unable to modify user data. Please inform the Wiki-Admin', -1);
184f4476bd9SJan Schumann            return false;
185f4476bd9SJan Schumann        }
186f4476bd9SJan Schumann
187f4476bd9SJan Schumann        if(!io_saveFile($config_cascade['plainauth.users']['default'], $userline, true)) {
188f4476bd9SJan Schumann            msg('There was an error modifying your user data. You should register again.', -1);
189f4476bd9SJan Schumann            // FIXME, user has been deleted but not recreated, should force a logout and redirect to login page
190311f4603SAndreas Gohr            $ACT = 'register';
191f4476bd9SJan Schumann            return false;
192f4476bd9SJan Schumann        }
193f4476bd9SJan Schumann
194f4476bd9SJan Schumann        $this->users[$newuser] = $userinfo;
195f4476bd9SJan Schumann        return true;
196f4476bd9SJan Schumann    }
197f4476bd9SJan Schumann
198f4476bd9SJan Schumann    /**
199f4476bd9SJan Schumann     * Remove one or more users from the list of registered users
200f4476bd9SJan Schumann     *
201f4476bd9SJan Schumann     * @author  Christopher Smith <chris@jalakai.co.uk>
202f4476bd9SJan Schumann     * @param   array  $users   array of users to be deleted
203f4476bd9SJan Schumann     * @return  int             the number of users deleted
204f4476bd9SJan Schumann     */
205311f4603SAndreas Gohr    public function deleteUsers($users) {
206f4476bd9SJan Schumann        global $config_cascade;
207f4476bd9SJan Schumann
208f4476bd9SJan Schumann        if(!is_array($users) || empty($users)) return 0;
209f4476bd9SJan Schumann
210f4476bd9SJan Schumann        if($this->users === null) $this->_loadUserData();
211f4476bd9SJan Schumann
212f4476bd9SJan Schumann        $deleted = array();
213f4476bd9SJan Schumann        foreach($users as $user) {
214f4476bd9SJan Schumann            if(isset($this->users[$user])) $deleted[] = preg_quote($user, '/');
215f4476bd9SJan Schumann        }
216f4476bd9SJan Schumann
217f4476bd9SJan Schumann        if(empty($deleted)) return 0;
218f4476bd9SJan Schumann
219f4476bd9SJan Schumann        $pattern = '/^('.join('|', $deleted).'):/';
2209d24536dSAndreas Gohr        io_deleteFromFile($config_cascade['plainauth.users']['default'], $pattern, true);
221f4476bd9SJan Schumann
2229d24536dSAndreas Gohr        // reload the user list and count the difference
223f4476bd9SJan Schumann        $count = count($this->users);
224f4476bd9SJan Schumann        $this->_loadUserData();
225f4476bd9SJan Schumann        $count -= count($this->users);
226f4476bd9SJan Schumann        return $count;
227f4476bd9SJan Schumann    }
228f4476bd9SJan Schumann
229f4476bd9SJan Schumann    /**
230f4476bd9SJan Schumann     * Return a count of the number of user which meet $filter criteria
231f4476bd9SJan Schumann     *
232f4476bd9SJan Schumann     * @author  Chris Smith <chris@jalakai.co.uk>
233311f4603SAndreas Gohr     *
234311f4603SAndreas Gohr     * @param array $filter
235311f4603SAndreas Gohr     * @return int
236f4476bd9SJan Schumann     */
237311f4603SAndreas Gohr    public function getUserCount($filter = array()) {
238f4476bd9SJan Schumann
239f4476bd9SJan Schumann        if($this->users === null) $this->_loadUserData();
240f4476bd9SJan Schumann
241f4476bd9SJan Schumann        if(!count($filter)) return count($this->users);
242f4476bd9SJan Schumann
243f4476bd9SJan Schumann        $count = 0;
244f4476bd9SJan Schumann        $this->_constructPattern($filter);
245f4476bd9SJan Schumann
246f4476bd9SJan Schumann        foreach($this->users as $user => $info) {
247f4476bd9SJan Schumann            $count += $this->_filter($user, $info);
248f4476bd9SJan Schumann        }
249f4476bd9SJan Schumann
250f4476bd9SJan Schumann        return $count;
251f4476bd9SJan Schumann    }
252f4476bd9SJan Schumann
253f4476bd9SJan Schumann    /**
254f4476bd9SJan Schumann     * Bulk retrieval of user data
255f4476bd9SJan Schumann     *
256f4476bd9SJan Schumann     * @author  Chris Smith <chris@jalakai.co.uk>
257311f4603SAndreas Gohr     *
258311f4603SAndreas Gohr     * @param   int   $start index of first user to be returned
259311f4603SAndreas Gohr     * @param   int   $limit max number of users to be returned
260311f4603SAndreas Gohr     * @param   array $filter array of field/pattern pairs
261311f4603SAndreas Gohr     * @return  array userinfo (refer getUserData for internal userinfo details)
262f4476bd9SJan Schumann     */
263311f4603SAndreas Gohr    public function retrieveUsers($start = 0, $limit = 0, $filter = array()) {
264f4476bd9SJan Schumann
265f4476bd9SJan Schumann        if($this->users === null) $this->_loadUserData();
266f4476bd9SJan Schumann
267f4476bd9SJan Schumann        ksort($this->users);
268f4476bd9SJan Schumann
269f4476bd9SJan Schumann        $i     = 0;
270f4476bd9SJan Schumann        $count = 0;
271f4476bd9SJan Schumann        $out   = array();
272f4476bd9SJan Schumann        $this->_constructPattern($filter);
273f4476bd9SJan Schumann
274f4476bd9SJan Schumann        foreach($this->users as $user => $info) {
275f4476bd9SJan Schumann            if($this->_filter($user, $info)) {
276f4476bd9SJan Schumann                if($i >= $start) {
277f4476bd9SJan Schumann                    $out[$user] = $info;
278f4476bd9SJan Schumann                    $count++;
279f4476bd9SJan Schumann                    if(($limit > 0) && ($count >= $limit)) break;
280f4476bd9SJan Schumann                }
281f4476bd9SJan Schumann                $i++;
282f4476bd9SJan Schumann            }
283f4476bd9SJan Schumann        }
284f4476bd9SJan Schumann
285f4476bd9SJan Schumann        return $out;
286f4476bd9SJan Schumann    }
287f4476bd9SJan Schumann
288f4476bd9SJan Schumann    /**
289f4476bd9SJan Schumann     * Only valid pageid's (no namespaces) for usernames
290311f4603SAndreas Gohr     *
291311f4603SAndreas Gohr     * @param string $user
292311f4603SAndreas Gohr     * @return string
293f4476bd9SJan Schumann     */
294311f4603SAndreas Gohr    public function cleanUser($user) {
295f4476bd9SJan Schumann        global $conf;
296f4476bd9SJan Schumann        return cleanID(str_replace(':', $conf['sepchar'], $user));
297f4476bd9SJan Schumann    }
298f4476bd9SJan Schumann
299f4476bd9SJan Schumann    /**
300f4476bd9SJan Schumann     * Only valid pageid's (no namespaces) for groupnames
301311f4603SAndreas Gohr     *
302311f4603SAndreas Gohr     * @param string $group
303311f4603SAndreas Gohr     * @return string
304f4476bd9SJan Schumann     */
305311f4603SAndreas Gohr    public function cleanGroup($group) {
306f4476bd9SJan Schumann        global $conf;
307f4476bd9SJan Schumann        return cleanID(str_replace(':', $conf['sepchar'], $group));
308f4476bd9SJan Schumann    }
309f4476bd9SJan Schumann
310f4476bd9SJan Schumann    /**
311f4476bd9SJan Schumann     * Load all user data
312f4476bd9SJan Schumann     *
313f4476bd9SJan Schumann     * loads the user file into a datastructure
314f4476bd9SJan Schumann     *
315f4476bd9SJan Schumann     * @author  Andreas Gohr <andi@splitbrain.org>
316f4476bd9SJan Schumann     */
317311f4603SAndreas Gohr    protected function _loadUserData() {
318f4476bd9SJan Schumann        global $config_cascade;
319f4476bd9SJan Schumann
320f4476bd9SJan Schumann        $this->users = array();
321f4476bd9SJan Schumann
322f4476bd9SJan Schumann        if(!@file_exists($config_cascade['plainauth.users']['default'])) return;
323f4476bd9SJan Schumann
324f4476bd9SJan Schumann        $lines = file($config_cascade['plainauth.users']['default']);
325f4476bd9SJan Schumann        foreach($lines as $line) {
326f4476bd9SJan Schumann            $line = preg_replace('/#.*$/', '', $line); //ignore comments
327f4476bd9SJan Schumann            $line = trim($line);
328f4476bd9SJan Schumann            if(empty($line)) continue;
329f4476bd9SJan Schumann
330*f95ecbbfSAngus Gratton            /* NB: preg_split can be deprecated/replaced with str_getcsv once dokuwiki is min php 5.3 */
331*f95ecbbfSAngus Gratton            $row = preg_split('/(?<![^\\\\]\\\\)\:/', $line, 5); // allow for : escaped as \:
332*f95ecbbfSAngus Gratton            $row = str_replace('\\:', ':', $row);
333*f95ecbbfSAngus Gratton            $row = str_replace('\\\\', '\\', $row);
334*f95ecbbfSAngus Gratton
335f4476bd9SJan Schumann            $groups = array_values(array_filter(explode(",", $row[4])));
336f4476bd9SJan Schumann
337f4476bd9SJan Schumann            $this->users[$row[0]]['pass'] = $row[1];
338f4476bd9SJan Schumann            $this->users[$row[0]]['name'] = urldecode($row[2]);
339f4476bd9SJan Schumann            $this->users[$row[0]]['mail'] = $row[3];
340f4476bd9SJan Schumann            $this->users[$row[0]]['grps'] = $groups;
341f4476bd9SJan Schumann        }
342f4476bd9SJan Schumann    }
343f4476bd9SJan Schumann
344f4476bd9SJan Schumann    /**
345311f4603SAndreas Gohr     * return true if $user + $info match $filter criteria, false otherwise
346f4476bd9SJan Schumann     *
347f4476bd9SJan Schumann     * @author   Chris Smith <chris@jalakai.co.uk>
348311f4603SAndreas Gohr     *
349311f4603SAndreas Gohr     * @param string $user User login
350311f4603SAndreas Gohr     * @param array  $info User's userinfo array
351311f4603SAndreas Gohr     * @return bool
352f4476bd9SJan Schumann     */
353311f4603SAndreas Gohr    protected function _filter($user, $info) {
354f4476bd9SJan Schumann        foreach($this->_pattern as $item => $pattern) {
355f4476bd9SJan Schumann            if($item == 'user') {
356311f4603SAndreas Gohr                if(!preg_match($pattern, $user)) return false;
357f4476bd9SJan Schumann            } else if($item == 'grps') {
358311f4603SAndreas Gohr                if(!count(preg_grep($pattern, $info['grps']))) return false;
359f4476bd9SJan Schumann            } else {
360311f4603SAndreas Gohr                if(!preg_match($pattern, $info[$item])) return false;
361f4476bd9SJan Schumann            }
362f4476bd9SJan Schumann        }
363311f4603SAndreas Gohr        return true;
364f4476bd9SJan Schumann    }
365f4476bd9SJan Schumann
366311f4603SAndreas Gohr    /**
367311f4603SAndreas Gohr     * construct a filter pattern
368311f4603SAndreas Gohr     *
369311f4603SAndreas Gohr     * @param array $filter
370311f4603SAndreas Gohr     */
371311f4603SAndreas Gohr    protected function _constructPattern($filter) {
372f4476bd9SJan Schumann        $this->_pattern = array();
373f4476bd9SJan Schumann        foreach($filter as $item => $pattern) {
374f4476bd9SJan Schumann            $this->_pattern[$item] = '/'.str_replace('/', '\/', $pattern).'/i'; // allow regex characters
375f4476bd9SJan Schumann        }
376f4476bd9SJan Schumann    }
377f4476bd9SJan Schumann}