Extension:IlchAuth

From MediaWiki.org
Jump to navigation Jump to search

MediaWiki extensions manual
OOjs UI icon advanced.svg
IlchAuth
Release status: beta
Implementation User identity
Description IlchClan and Ilch-Community Authentication
Author(s) Janni K. (numma_cwaytalk)
Latest version 1.1
License GPL
Download see text
(Change Log)
Translate the IlchAuth extension if it is available at translatewiki.net
Check usage and version matrix.

This is an authentication extension to use with IlchClan and Ilch-Community.

The IlchClan CMS is very popular in Germany, Austria and Switzerland.

This extension is based on the IPBAuth extension. It might contain some unused code of it.

Installation[edit]

$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['createaccount'] = false;

require_once("extensions/AuthPlugin_Ilch.php");
$wgAuth = new AuthPlugin_Ilch();
  • Create the file extensions/AuthPlugin_Ilch.php with this content:
<?php
# http://www.mediawiki.org/
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# http://www.gnu.org/copyleft/gpl.html
 
/**
 * Authentication plugin interface. Instantiate a subclass of AuthPlugin
 * and set $wgAuth to it to authenticate against some external tool.
 *
 * The default behavior is not to do anything, and use the local user
 * database for all authentication. A subclass can require that all
 * accounts authenticate externally, or use it only as a fallback; also
 * you can transparently create internal wiki accounts the first time
 * someone logs in who can be authenticated externally.
 *
 * This interface is new, and might change a bit before 1.4.0 final is
 * done...
 *
 * @package MediaWiki
 */
 
/**
 * Authenticate with Ilch Login - V. 1.1
 * by Janni "numma_cway" K.
 *
 * based on IPBAuth by quekky
 *
 *
 * Version 1.1 - 15 September 2008
 * - added variables
 * - renamed class
 *
 * Version 1.0 - 15 September 2008
 * - added ability to revoke admin rights
 * - added support for non-ASCII ISO-8859-1 usernames and passwords
 * - fixed a bug that prevented Ilch highest rank admins from being given
 *   bureaucrat rights on their first login
 *
 * Version 0.2 - 31 May 2008
 * - added ability to give admin rights
 *     - the highest rank is given bureaucrat rights
 *     - the three highest ranks are given sysop rights
 *
 * Version 0.1 - 30 May 2008
 * - initial release
 *
 *
 * Known issues
 * - missing support for non-ISO-8859-1 CP1252 passwords
 *
 */
 
require_once("AuthPlugin.php");

class AuthPlugin_Ilch extends AuthPlugin{
 
        // Create a persistent DB connection
        var $ic_database;
 
        var $passwordchange;
 
        /**
         * Init
         */
        function AuthPlugin_Ilch() {
                global $wgDBserver, $wgDBuser, $wgDBpassword, $wgDBname;
 
                /*
                 * set your settings here
                 */
                $dbhost = $wgDBserver; //$wgDBserver
                $dbusername = $wgDBuser; //$wgDBuser
                $dbpassword = $wgDBpassword; //$wgDBpassword
                $dbname = $wgDBname; //$wgDBname
                $this->ic_prefix = 'ic1_'; // Fill in your table prefix here
                // set the usergroups for the administrators
                $this->admin_usergroups = Array(4);
                $this->user_rights = Array("sysop");
                /*
                 * end user settings
                 */
 
                $this->passwordchange = false;
                $this->ic_database = mysql_pconnect($dbhost, $dbusername, $dbpassword);
                mysql_select_db($dbname, $this->ic_database);
        }
 
        /**
         * Check whether there exists a user account with the given name.
         * The name will be normalized to MediaWiki's requirements, so
         * you might need to munge it (for instance, for lowercase initial
         * letters).
         *
         * @param $username String: username.
         * @return bool
         * @public
         */
        function userExists( $username ) {
                $username = addslashes($username);
                $ic_find_user_query = 'SELECT * FROM '.$this->ic_prefix.'user WHERE name = "'.utf8_decode($username).'"';
                $ic_find_result = mysql_query($ic_find_user_query, $this->ic_database);
                if (mysql_num_rows($ic_find_result) == 1) {
                        mysql_free_result($ic_find_result);
                        return true;
                }
                return false;
        }
 
        /**
         * Check if a username+password pair is a valid login.
         * The name will be normalized to MediaWiki's requirements, so
         * you might need to munge it (for instance, for lowercase initial
         * letters).
         *
         * @param $username String: username.
         * @param $password String: user password.
         * @return bool
         * @public
         */
        function authenticate( $username, $password ) {
                $username = addslashes($username);
                //$password = addslashes($password);
                $ic_find_user_query = 'SELECT * FROM '.$this->ic_prefix.'user WHERE name = "'.utf8_decode($username).'" AND pass = "'.MD5(utf8_decode($password)).'"';
                $ic_find_result = mysql_query($ic_find_user_query, $this->ic_database);
                if (mysql_num_rows($ic_find_result) == 1) {
                        mysql_free_result($ic_find_result);
                        return true;
                }
                return false;
        }
 
 
        /**
         * When a user logs in, optionally fill in preferences and such.
         * For instance, you might pull the email address or real name from the
         * external user database.
         *
         * The User object is passed by reference so it can be modified; don't
         * forget the & on your function declaration.
         *
         * @param User $user
         * @public
         */
        function updateUser( &$user ) {
                $username = addslashes($user->getName());
                $ic_find_user_query = 'SELECT * FROM '.$this->ic_prefix.'user WHERE name = "'.$username.'"';
                $ic_find_result = mysql_query($ic_find_user_query, $this->ic_database);
                // make sure that there is only one person with the username
                if (mysql_num_rows($ic_find_result) == 1) {
                        $ic_userinfo = mysql_fetch_assoc($ic_find_result);
                        mysql_free_result($ic_find_result);
                        $user->setEmail($ic_userinfo['email']);
                        $user->confirmEmail();
                        $admin_secondary = FALSE;

                        if (in_array($ic_userinfo['recht'], array(-9,-8,-7)) || $admin_secondary === TRUE) {
                                // if a user is not a sysop, make them a sysop
                                if (!in_array("sysop", $user->getEffectiveGroups())) {
                                        $user->addGroup('sysop');
                                        $user->saveSettings();
                                }
                        } else {
				if (in_array("sysop", $user->getEffectiveGroups())) {
					$user->removeGroup('sysop');
                                        $user->saveSettings();
				}
			}

                        if (in_array($ic_userinfo['recht'], array(-9)) || $admin_secondary === TRUE) {
                                // if a user is not a sysop, make them a sysop
                                if (!in_array("bureaucrat", $user->getEffectiveGroups())) {
                                        $user->addGroup('bureaucrat');
                                        $user->saveSettings();
                                }
                        } else {
				if (in_array("bureaucrat", $user->getEffectiveGroups())) {
					$user->removeGroup('bureaucrat');
                                        $user->saveSettings();
				}
			}

                        $user->saveSettings();
                        return true;
                }
        }

 
 
        /**
         * Return true if the wiki should create a new local account automatically
         * when asked to login a user who doesn't exist locally but does in the
         * external auth database.
         *
         * If you don't automatically create accounts, you must still create
         * accounts in some way. It's not possible to authenticate without
         * a local account.
         *
         * This is just a question, and shouldn't perform any actions.
         *
         * @return bool
         * @public
         */
        function autoCreate() {
                return true;
        }
 
        /**
         * Can users change their passwords?
         *
         * @return bool
         */
        function allowPasswordChange() {
                return $this->passwordchange;
        }
 
        /**
         * Set the given password in the authentication database.
         * As a special case, the password may be set to null to request
         * locking the password to an unusable value, with the expectation
         * that it will be set later through a mail reset or other method.
         *
         * Return true if successful.
         *
         * @param $user User object.
         * @param $password String: password.
         * @return bool
         * @public
         */
        function setPassword( $user, $password ) {
                return true;
        }
 
        /**
         * Update user information in the external authentication database.
         * Return true if successful.
         *
         * @param $user User object.
         * @return bool
         * @public
         */
        function updateExternalDB( $user ) {
                return false;
        }
 
        /**
         * Check to see if external accounts can be created.
         * Return true if external accounts can be created.
         * @return bool
         * @public
         */
        function canCreateAccounts() {
                return false;
        }
 
        /**
         * Add a user to the external authentication database.
         * Return true if successful.
         *
         * @param User $user
         * @param string $password
         * @return bool
         * @public
         */
        function addUser( $user, $password ) {
                return false;
        }
 
 
        /**
         * Return true to prevent logins that don't authenticate here from being
         * checked against the local database's password fields.
         *
         * This is just a question, and shouldn't perform any actions.
         *
         * @return bool
         * @public
         */
        function strict() {
                return true;
        }
 
        /**
         * When creating a user account, optionally fill in preferences and such.
         * For instance, you might pull the email address or real name from the
         * external user database.
         *
         * The User object is passed by reference so it can be modified; don't
         * forget the & on your function declaration.
         *
         * @param $user User object.
         * @public
         */
 
        /**
         * If you want to munge the case of an account name before the final
         * check, now is your chance.
         */
        function getCanonicalName( $username ) {
                return $username;
        }
}
 
?>
  • Optionally, edit includes/templates/Userlogin.php and under
<p id="userloginlink"><?php $this->html('link') ?></p>

add this line

<p id="userloginlink">Please login with your <a href="/">main page</a> user name, or <a href="/index.php?user-regist">register an account</a>.</p>

Change Log[edit]

Version 1.1 - 15 September 2008[edit]

  • added variables
  • renamed class

Version 1.0 - 15 September 2008[edit]

  • added ability to revoke admin rights
  • added support for non-ASCII ISO-8859-1 usernames and passwords
  • fixed a bug that prevented Ilch highest rank admins from being given bureaucrat rights on their first login

Version 0.2 - 31 May 2008[edit]

  • added ability to give admin rights
    • the highest rank is given bureaucrat rights
    • the three highest ranks are given sysop rights

Version 0.1 - 30 May 2008[edit]

  • initial release

Known issues[edit]

  • missing support for non-ISO-8859-1 CP1252 usernames and passwords