diff options
author | Bret McMillan <bretm@redhat.com> | 2008-09-08 12:29:28 -0400 |
---|---|---|
committer | Bret McMillan <bretm@redhat.com> | 2008-09-08 12:29:28 -0400 |
commit | 26f223333ffa46dba1bab363315eed69d12a8ae5 (patch) | |
tree | 5a847cab11ad80f498142105632c1f1b06f34dd6 /http-authentication.php | |
download | wordpress-mu-http-auth-26f223333ffa46dba1bab363315eed69d12a8ae5.tar.gz wordpress-mu-http-auth-26f223333ffa46dba1bab363315eed69d12a8ae5.tar.xz wordpress-mu-http-auth-26f223333ffa46dba1bab363315eed69d12a8ae5.zip |
initial hacky checkin, need to clean this up once i get in contact w/ Simon & Daniel
Diffstat (limited to 'http-authentication.php')
-rw-r--r-- | http-authentication.php | 273 |
1 files changed, 273 insertions, 0 deletions
diff --git a/http-authentication.php b/http-authentication.php new file mode 100644 index 0000000..4d8fd38 --- /dev/null +++ b/http-authentication.php @@ -0,0 +1,273 @@ +<?php +/* +Plugin Name: HTTP Authentication +Version: 1.8 +Plugin URI: http://dev.webadmin.ufl.edu/~dwc/2005/03/10/http-authentication-plugin/ +Description: Authenticate users using basic HTTP authentication (<code>REMOTE_USER</code>). This plugin assumes users are externally authenticated, as with <a href="http://www.gatorlink.ufl.edu/">GatorLink</a>. +Author: Daniel Westermann-Clark (patched for Wordpress MU by Simon Wilkinson, further patched by Bret McMillan) +Author URI: http://dev.webadmin.ufl.edu/~dwc/ +*/ + + + +if (! class_exists('HTTPAuthenticationPlugin')) { + + + + /* + * Create a new WordPress account for the specified username. + */ + function create_remote_user($username, $password) { + $email_domain = get_site_option('http_authentication_auto_create_email_domain'); + + require_once( ABSPATH . WPINC . '/registration.php'); + + if (strpos($username, '@') !== FALSE) { + $email = $username; + } else { + $email = $username . '@' . $email_domain; + } + + $userid = wpmu_create_user($username, $password, $email); + if ( ! $userid ) + die("Error create WPMU user; username or email address may already be in use"); + + do_action('wpmu_new_user', $userid); + do_action('wpmu_activate_user', $userid, $password); + + return new WP_User($userid); + } + + + + // override this so that we're paying attention to REMOTE_USER, not the cookie + function get_currentuserinfo () { + global $current_user; + + if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST ) + return false; + + if ( ! empty($current_user) ) + return; + + if (empty($_SERVER['REMOTE_USER'])) { + return false; + } + + $user = get_userdatabylogin($_SERVER['REMOTE_USER']); + + if ( ! $user ) { + $user = create_remote_user($_SERVER['REMOTE_USER'], substr(md5(uniqid(microtime())), 0, 10)); // lazy, refactor this + } + + wp_set_current_user($user->ID); + } + + // just die here since w/ generalized http auth, not really a "login page" + function auth_redirect() { + + $user = wp_get_current_user(); + + if ( ! $user) { + die('HTTP Authentication failure in auth_redirect'); + } + } + + + class HTTPAuthenticationPlugin { + function HTTPAuthenticationPlugin() { + if (isset($_GET['activate']) and $_GET['activate'] == 'true') { + add_action('init', array(&$this, 'init')); + } + add_action('admin_menu', array(&$this, 'admin_menu')); + add_action('wp_authenticate', array(&$this, 'authenticate'), 10, 2); + add_action('wp_logout', array(&$this, 'logout')); + add_action('lost_password', array(&$this, 'disable_function')); + add_action('retrieve_password', array(&$this, 'disable_function')); + add_action('password_reset', array(&$this, 'disable_function')); + add_action('check_passwords', array(&$this, 'check_passwords'), 10, 3); + add_filter('show_password_fields', array(&$this, 'show_password_fields')); + } + + + /************************************************************* + * Plugin hooks + *************************************************************/ + + /* + * Add options for this plugin to the database. + */ + function init() { + if (current_user_can('manage_options')) { + add_site_option('http_authentication_logout_uri', get_option('home'), 'The URI to which the user is redirected when she chooses "Logout".'); + add_site_option('http_authentication_auto_create_user', false, 'Should a new user be created automatically if not already in the WordPress database?'); + add_site_option('http_authentication_auto_create_email_domain', '', 'The domain to use for the email address of an automatically created user.'); + } + } + + /* + * Add an options pane for this plugin. + */ + function admin_menu() { + $objCurrUser = wp_get_current_user(); + $objUser = wp_cache_get($objCurrUser->id, 'users'); + if (function_exists('add_submenu_page') && + is_site_admin($objUser->user_login)) { + add_submenu_page('wpmu-admin.php', 'HTTP Authentication', 'HTTP Authentication', 9, basename(__FILE__), array(&$this, 'display_options_page')); + } + } + + /* + * If the REMOTE_USER evironment is set, use it as the username. + * This assumes that you have externally authenticated the user. + */ + function authenticate($username, $password) { + global $using_cookie; + + // Reset values from input ($_POST and $_COOKIE) + $username = $password = ''; + + if (! empty($_SERVER['REMOTE_USER'])) { + if (function_exists('get_userdatabylogin')) { + $username = $_SERVER['REMOTE_USER']; + $user = get_userdatabylogin($username); + + if (! $user or $username != $user->user_login) { + if ((bool) get_site_option('http_authentication_auto_create_user')) { + // Create user and re-read from database for login (next step) + create_remote_user($username, $this->get_password()); + $user = get_userdatabylogin($username); + # If we were to create a new blog, we'd do so here... + } + else { + // User is not in the WordPress database, and thus not authorized + die("User $username does not exist in the WordPress database"); + } + } + + // Login the user by feeding WordPress a double-MD5 hash + $password = md5($user->user_pass); + + // User is now authorized; force WordPress to use the generated password + $using_cookie = true; + wp_setcookie($user->user_login, $password, $using_cookie); + } + else { + die("Could not load user data"); + } + } + else { + die("No REMOTE_USER found; please check your external authentication configuration"); + } + } + + /* + * Logout the user by redirecting them to the logout URI. + */ + function logout() { + header('Location: ' . get_site_option('http_authentication_logout_uri')); + exit(); + } + + /* + * Generate a password for the user. This plugin does not + * require the user to enter this value, but we want to set it + * to something nonobvious. + */ + function check_passwords($username, $password1, $password2) { + $password1 = $password2 = $this->get_password(); + } + + /* + * Used to disable certain display elements, e.g. password + * fields on profile screen. + */ + function show_password_fields($show_password_fields) { + return false; + } + + /* + * Used to disable certain login functions, e.g. retrieving a + * user's password. + */ + function disable_function() { + die('Disabled'); + } + + + /************************************************************* + * Functions + *************************************************************/ + + /* + * Generate a random password. + */ + function get_password($length = 10) { + return substr(md5(uniqid(microtime())), 0, $length); + } + + /* + * Display the options for this plugin. + */ + function display_options_page() { + if( is_site_admin() == false ) { + wp_die( __('<p>You do not have permission to access this page.</p>') ); + } + + if ($_POST['httpOptionsSave']) { + update_site_option('http_authentication_logout_uri', $_POST['http_authentication_logout_uri']); + update_site_option('http_authentication_auto_create_user', $_POST['http_authentication_auto_create_user']); + update_site_option('http_authentication_auto_create_email_domain', $_POST['http_authentication_auto_create_email_domain']); + ?> + <div id="message" class="updated fade"><p><?php _e('Options saved!'); ?></p></div><?php + } + $logout_uri = get_site_option('http_authentication_logout_uri'); + $auto_create_user = (bool) get_site_option('http_authentication_auto_create_user'); + $auto_create_email_domain = get_site_option('http_authentication_auto_create_email_domain'); +?> +<div class="wrap"> + <h2>HTTP Authentication Options</h2> + <form method="post"> + <input type="hidden" name="action" value="update" /> + <input type="hidden" name="page_options" value="http_authentication_logout_uri,http_authentication_auto_create_user,http_authentication_auto_create_email_domain" /> + <?php if (function_exists('wp_nonce_field')): wp_nonce_field('update-options'); endif; ?> + + <fieldset class="options"> + <table class="editform optiontable"> + <tr valign="top"> + <th scope="row"><label for="http_authentication_logout_uri">Logout URI</label></th> + <td> + <input type="text" name="http_authentication_logout_uri" id="http_authentication_logout_uri" value="<?php echo htmlspecialchars($logout_uri) ?>" size="50" /><br /> + Default is <code><?php echo htmlspecialchars(get_settings('home')); ?></code>; override to e.g. remove a cookie. + </td> + </tr> + <tr valign="top"> + <th scope="row"><label for="http_authentication_auto_create_user">Automatically create accounts?</label></th> + <td> + <input type="checkbox" name="http_authentication_auto_create_user" id="http_authentication_auto_create_user"<?php if ($auto_create_user) echo ' checked="checked"' ?> value="1" /><br /> + Should a new user be created automatically if not already in the WordPress database?<br /> + Created users will obtain the role defined under "New User Default Role" on the <a href="options-general.php">General Options</a> page. + </td> + </tr> + <tr valign="top"> + <th scope="row"><label for="http_authentication_auto_create_email_domain">Email address domain</label></th> + <td> + <input type="text" name="http_authentication_auto_create_email_domain" id="http_authentication_auto_create_email_domain" value="<?php echo htmlspecialchars($auto_create_email_domain) ?>" size="50" /><br /> + When a new user logs in, this domain is used for the initial email address on their account. The user can change his or her email address by editing their profile. + </td> + </tr> + </table> + </fieldset> + <p class="submit"> + <input type="submit" name="httpOptionsSave" value="Update Options »" /> + </p> + </form> +</div> +<?php + } + } +} + +// Load the plugin hooks, etc. +$http_authentication_plugin = new HTTPAuthenticationPlugin(); +?> |