1<?php 2/** 3 * DokuWiki Plugin authimap (Auth Component) 4 * 5 * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html 6 * @author Andreas Gohr <gohr@cosmocode.de> 7 */ 8 9// must be run within Dokuwiki 10if(!defined('DOKU_INC')) die(); 11 12class auth_plugin_authimap extends DokuWiki_Auth_Plugin { 13 14 /** 15 * Constructor. 16 */ 17 public function __construct() { 18 parent::__construct(); // for compatibility 19 20 if(!function_exists('imap_open')) { 21 msg('PHP IMAP extension not available, IMAP auth not available.', -1); 22 return; 23 } 24 25 if(!$this->getConf('server')) { 26 msg('IMAP auth is missing server configuration', -1); 27 return; 28 } 29 30 if(!$this->getConf('domain')) { 31 msg('IMAP auth is missing domain configuration', -1); 32 return; 33 } 34 35 $this->cando['addUser'] = false; // can Users be created? 36 $this->cando['delUser'] = false; // can Users be deleted? 37 $this->cando['modLogin'] = false; // can login names be changed? 38 $this->cando['modPass'] = false; // can passwords be changed? 39 $this->cando['modName'] = false; // can real names be changed? 40 $this->cando['modMail'] = false; // can emails be changed? 41 $this->cando['modGroups'] = false; // can groups be changed? 42 $this->cando['getUsers'] = false; // can a (filtered) list of users be retrieved? 43 $this->cando['getUserCount'] = false; // can the number of users be retrieved? 44 $this->cando['getGroups'] = false; // can a list of available groups be retrieved? 45 $this->cando['external'] = false; // does the module do external auth checking? 46 $this->cando['logout'] = true; // can the user logout again? (eg. not possible with HTTP auth) 47 48 // FIXME intialize your auth system and set success to true, if successful 49 $this->success = true; 50 } 51 52 /** 53 * Check user+password 54 * 55 * May be ommited if trustExternal is used. 56 * 57 * @param string $user the user name 58 * @param string $pass the clear text password 59 * @return bool 60 */ 61 public function checkPass($user, $pass) { 62 $user = $this->cleanUser($user); 63 $domain = $this->getConf('domain'); 64 $server = $this->getConf('server'); 65 66 // some servers want the local part, others want the full address as username 67 if($this->getConf('usedomain')) { 68 $login = "$user@$domain"; 69 } else { 70 $login = $user; 71 } 72 73 // check at imap server 74 $imap_login = @imap_open($server, $login, $pass, OP_READONLY); 75 if($imap_login) { 76 imap_close($imap_login); 77 return true; 78 } 79 return false; 80 } 81 82 /** 83 * Return user info 84 * 85 * Returns info about the given user needs to contain 86 * at least these fields: 87 * 88 * name string full name of the user 89 * mail string email addres of the user 90 * grps array list of groups the user is in 91 * 92 * @param string $user the user name 93 * @return array containing user data or false 94 */ 95 public function getUserData($user, $requireGroups = false) { 96 global $conf; 97 $user = $this->cleanUser($user); 98 $domain = $this->getConf('domain'); 99 100 return array( 101 'name' => utf8_ucwords(strtr($user, '_-.', ' ')), 102 'mail' => "$user@$domain", 103 'grps' => array($conf['defaultgroup']) 104 ); 105 } 106 107 /** 108 * Return case sensitivity of the backend 109 * 110 * When your backend is caseinsensitive (eg. you can login with USER and 111 * user) then you need to overwrite this method and return false 112 * 113 * @return bool 114 */ 115 public function isCaseSensitive() { 116 return false; 117 } 118 119 /** 120 * Sanitize a given username 121 * 122 * This function is applied to any user name that is given to 123 * the backend and should also be applied to any user name within 124 * the backend before returning it somewhere. 125 * 126 * This should be used to enforce username restrictions. 127 * 128 * @param string $user username 129 * @return string the cleaned username 130 */ 131 public function cleanUser($user) { 132 list($local) = explode('@', $user); // we only use the local part 133 return strtolower($local); 134 } 135 136} 137 138// vim:ts=4:sw=4:et: 139