1<?php
2/**
3 * DokuWiki HTTP authentication plugin
4 * https://www.dokuwiki.org/plugin:authhttp
5 *
6 * This plugin basically replaces DokuWiki's own authentication features
7 * with the HTTP authentication configured in the Webserver. As only login name and
8 * password are known:
9 * - the user's real name is set to his login name
10 * - a possibly non-working email address is constructed with the "emaildomain"
11 *   config setting
12 * - all users are part of the DokuWiki group configured with DokuWiki's
13 *   "defaultgroup" config setting
14 * - users that are specified in the list configured with "specialusers" will
15 *   also be member of the group configured with "specialgroup" (default: "admin")
16 *
17 * These restrictions may not suit your setup, in which case you should check out
18 * the "authsplit" plugin at https://www.dokuwiki.org/plugin:authhttp.
19 *
20 * This plugin in based on the ideas in the "ggauth" auth backend by Grant Gardner
21 * <grant@lastweekend.com.au>, https://www.dokuwiki.org/auth:ggauth.
22 *
23 * @license GPL 3 http://www.gnu.org/licenses/gpl-3.0.html
24 * @author  Pieter Hollants <pieter@hollants.com>
25 */
26
27// must be run within Dokuwiki
28if(!defined('DOKU_INC')) die();
29
30/* We have to distinguish between the plugin being loaded and the plugin
31   actually being used for authentication. */
32$active = (
33    $conf['authtype'] == 'authhttp' ||
34    (
35        $conf['authtype'] == 'authsplit' &&
36        $conf['plugin']['authsplit']['primary_authplugin'] == 'authhttp'
37    )
38);
39
40class auth_plugin_authhttp extends DokuWiki_Auth_Plugin {
41    protected $usernameregex;
42    protected $emaildomain;
43    protected $specialusers;
44    protected $specialgroup;
45
46    /**
47     * Constructor.
48     */
49    public function __construct() {
50        global $conf;
51
52        parent::__construct();
53
54        /* Make sure that HTTP authentication has been enabled in the Web
55           server. Note that does not seem to work with PHP >= 4.3.0 and safe
56           mode enabled! */
57        if ($_SERVER['PHP_AUTH_USER'] == "") {
58            msg($this->getLang('nocreds'), -1);
59            $this->success = false;
60            return;
61        }
62
63        /* Load the config */
64        $this->loadConfig();
65
66        /* Set the config values */
67        foreach (array("usernameregex", "emaildomain", "specialusers", "specialgroup") as $cfgvar) {
68            $this->$cfgvar = $this->getConf("$cfgvar");
69            if (!$this->$cfgvar) {
70                 msg("Config error: \"$cfgvar\" not set!", -1);
71                 $this->success = false;
72                 return;
73            }
74        }
75        if (preg_match('/^\/.*\/$/m', $this->usernameregex) == 0) {
76            $this->usernameregex = '/'.$this->usernameregex.'/';
77        }
78        $this->specialusers = explode(" ", $this->specialusers);
79
80        if ($active) {
81            /* No support for logout in this auth plugin. */
82            $this->cando['logout'] = false;
83        }
84    }
85
86    /**
87     * Check user+password
88     *
89     * @param   string $user the user name
90     * @param   string $pass the clear text password
91     * @return  bool
92     */
93    public function checkPass($user, $pass) {
94        return ($user == $this->cleanUser($_SERVER['PHP_AUTH_USER']) && $pass == $_SERVER['PHP_AUTH_PW']);
95    }
96
97    /**
98     * Return user info
99     *
100     * Returned info about the given user needs to contain
101     * at least these fields:
102     *
103     * name string  full name of the user
104     * mail string  email address of the user
105     * grps array   list of groups the user is in
106     *
107     * @param   string $user the user name
108     * @param   bool $requireGroups ignored, this plugin always returns groups
109     * @return  array containing user data or false
110     */
111    public function getUserData($user, $requireGroups = true) {
112        global $conf;
113
114        $info['name'] = $user;
115        $info['mail'] = $user."@".$this->emaildomain;
116        $info['grps'] = array($conf['defaultgroup']);
117        if (in_array($user, $this->specialusers)) {
118            $info['grps'][] = $this->specialgroup;
119        }
120
121        return $info;
122    }
123
124    /**
125     * Sanitize a given user name
126     *
127     * This function is applied to any user name that is given to
128     * the backend.
129     *
130     * @param  string $user user name
131     * @return string the cleaned user name
132     */
133    public function cleanUser($user) {
134        if (preg_match($this->usernameregex, $user, $results)) {
135            return $results[0];
136        } else {
137            return $user;
138        }
139    }
140}
141
142// vim:ts=4:sw=4:et:
143