From 26f223333ffa46dba1bab363315eed69d12a8ae5 Mon Sep 17 00:00:00 2001 From: Bret McMillan Date: Mon, 8 Sep 2008 12:29:28 -0400 Subject: initial hacky checkin, need to clean this up once i get in contact w/ Simon & Daniel --- http-authentication.php | 273 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 273 insertions(+) create mode 100644 http-authentication.php diff --git a/http-authentication.php b/http-authentication.php new file mode 100644 index 0000000..4d8fd38 --- /dev/null +++ b/http-authentication.php @@ -0,0 +1,273 @@ +REMOTE_USER). This plugin assumes users are externally authenticated, as with GatorLink. +Author: Daniel Westermann-Clark (patched for Wordpress MU by Simon Wilkinson, further patched by Bret McMillan) +Author URI: http://dev.webadmin.ufl.edu/~dwc/ +*/ + + + +if (! class_exists('HTTPAuthenticationPlugin')) { + + + + /* + * Create a new WordPress account for the specified username. + */ + function create_remote_user($username, $password) { + $email_domain = get_site_option('http_authentication_auto_create_email_domain'); + + require_once( ABSPATH . WPINC . '/registration.php'); + + if (strpos($username, '@') !== FALSE) { + $email = $username; + } else { + $email = $username . '@' . $email_domain; + } + + $userid = wpmu_create_user($username, $password, $email); + if ( ! $userid ) + die("Error create WPMU user; username or email address may already be in use"); + + do_action('wpmu_new_user', $userid); + do_action('wpmu_activate_user', $userid, $password); + + return new WP_User($userid); + } + + + + // override this so that we're paying attention to REMOTE_USER, not the cookie + function get_currentuserinfo () { + global $current_user; + + if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST ) + return false; + + if ( ! empty($current_user) ) + return; + + if (empty($_SERVER['REMOTE_USER'])) { + return false; + } + + $user = get_userdatabylogin($_SERVER['REMOTE_USER']); + + if ( ! $user ) { + $user = create_remote_user($_SERVER['REMOTE_USER'], substr(md5(uniqid(microtime())), 0, 10)); // lazy, refactor this + } + + wp_set_current_user($user->ID); + } + + // just die here since w/ generalized http auth, not really a "login page" + function auth_redirect() { + + $user = wp_get_current_user(); + + if ( ! $user) { + die('HTTP Authentication failure in auth_redirect'); + } + } + + + class HTTPAuthenticationPlugin { + function HTTPAuthenticationPlugin() { + if (isset($_GET['activate']) and $_GET['activate'] == 'true') { + add_action('init', array(&$this, 'init')); + } + add_action('admin_menu', array(&$this, 'admin_menu')); + add_action('wp_authenticate', array(&$this, 'authenticate'), 10, 2); + add_action('wp_logout', array(&$this, 'logout')); + add_action('lost_password', array(&$this, 'disable_function')); + add_action('retrieve_password', array(&$this, 'disable_function')); + add_action('password_reset', array(&$this, 'disable_function')); + add_action('check_passwords', array(&$this, 'check_passwords'), 10, 3); + add_filter('show_password_fields', array(&$this, 'show_password_fields')); + } + + + /************************************************************* + * Plugin hooks + *************************************************************/ + + /* + * Add options for this plugin to the database. + */ + function init() { + if (current_user_can('manage_options')) { + add_site_option('http_authentication_logout_uri', get_option('home'), 'The URI to which the user is redirected when she chooses "Logout".'); + add_site_option('http_authentication_auto_create_user', false, 'Should a new user be created automatically if not already in the WordPress database?'); + add_site_option('http_authentication_auto_create_email_domain', '', 'The domain to use for the email address of an automatically created user.'); + } + } + + /* + * Add an options pane for this plugin. + */ + function admin_menu() { + $objCurrUser = wp_get_current_user(); + $objUser = wp_cache_get($objCurrUser->id, 'users'); + if (function_exists('add_submenu_page') && + is_site_admin($objUser->user_login)) { + add_submenu_page('wpmu-admin.php', 'HTTP Authentication', 'HTTP Authentication', 9, basename(__FILE__), array(&$this, 'display_options_page')); + } + } + + /* + * If the REMOTE_USER evironment is set, use it as the username. + * This assumes that you have externally authenticated the user. + */ + function authenticate($username, $password) { + global $using_cookie; + + // Reset values from input ($_POST and $_COOKIE) + $username = $password = ''; + + if (! empty($_SERVER['REMOTE_USER'])) { + if (function_exists('get_userdatabylogin')) { + $username = $_SERVER['REMOTE_USER']; + $user = get_userdatabylogin($username); + + if (! $user or $username != $user->user_login) { + if ((bool) get_site_option('http_authentication_auto_create_user')) { + // Create user and re-read from database for login (next step) + create_remote_user($username, $this->get_password()); + $user = get_userdatabylogin($username); + # If we were to create a new blog, we'd do so here... + } + else { + // User is not in the WordPress database, and thus not authorized + die("User $username does not exist in the WordPress database"); + } + } + + // Login the user by feeding WordPress a double-MD5 hash + $password = md5($user->user_pass); + + // User is now authorized; force WordPress to use the generated password + $using_cookie = true; + wp_setcookie($user->user_login, $password, $using_cookie); + } + else { + die("Could not load user data"); + } + } + else { + die("No REMOTE_USER found; please check your external authentication configuration"); + } + } + + /* + * Logout the user by redirecting them to the logout URI. + */ + function logout() { + header('Location: ' . get_site_option('http_authentication_logout_uri')); + exit(); + } + + /* + * Generate a password for the user. This plugin does not + * require the user to enter this value, but we want to set it + * to something nonobvious. + */ + function check_passwords($username, $password1, $password2) { + $password1 = $password2 = $this->get_password(); + } + + /* + * Used to disable certain display elements, e.g. password + * fields on profile screen. + */ + function show_password_fields($show_password_fields) { + return false; + } + + /* + * Used to disable certain login functions, e.g. retrieving a + * user's password. + */ + function disable_function() { + die('Disabled'); + } + + + /************************************************************* + * Functions + *************************************************************/ + + /* + * Generate a random password. + */ + function get_password($length = 10) { + return substr(md5(uniqid(microtime())), 0, $length); + } + + /* + * Display the options for this plugin. + */ + function display_options_page() { + if( is_site_admin() == false ) { + wp_die( __('

You do not have permission to access this page.

') ); + } + + if ($_POST['httpOptionsSave']) { + update_site_option('http_authentication_logout_uri', $_POST['http_authentication_logout_uri']); + update_site_option('http_authentication_auto_create_user', $_POST['http_authentication_auto_create_user']); + update_site_option('http_authentication_auto_create_email_domain', $_POST['http_authentication_auto_create_email_domain']); + ?> +

+
+

HTTP Authentication Options

+
+ + + + +
+ + + + + + + + + + + + + +
+
+ Default is ; override to e.g. remove a cookie. +
+ value="1" />
+ Should a new user be created automatically if not already in the WordPress database?
+ Created users will obtain the role defined under "New User Default Role" on the General Options page. +
+
+ When a new user logs in, this domain is used for the initial email address on their account. The user can change his or her email address by editing their profile. +
+
+

+ +

+
+
+ -- cgit