[Fusionforge-commits] r12746 - in trunk/src: common/include common/mail plugins/authbuiltin/common plugins/authbuiltin/www plugins/ldapextauth plugins/ldapextauth/etc plugins/ldapextauth/include plugins/ldapextauth/www plugins/mediawiki/www www/account www/soap

Roland Mas lolando at fusionforge.org
Mon Mar 14 17:46:42 CET 2011


Author: lolando
Date: 2011-03-14 17:46:42 +0100 (Mon, 14 Mar 2011)
New Revision: 12746

Added:
   trunk/src/plugins/ldapextauth/www/
   trunk/src/plugins/ldapextauth/www/post-login.php
Modified:
   trunk/src/common/include/AuthPlugin.class.php
   trunk/src/common/include/session.php
   trunk/src/common/mail/MailingList.class.php
   trunk/src/plugins/authbuiltin/common/AuthBuiltinPlugin.class.php
   trunk/src/plugins/authbuiltin/www/post-login.php
   trunk/src/plugins/ldapextauth/etc/ldapextauth.ini
   trunk/src/plugins/ldapextauth/include/LdapExtAuthPlugin.class.php
   trunk/src/plugins/mediawiki/www/LocalSettings.php
   trunk/src/www/account/login.php
   trunk/src/www/soap/index.php
Log:
Fixes all over for when two auth plugins are active

Modified: trunk/src/common/include/AuthPlugin.class.php
===================================================================
--- trunk/src/common/include/AuthPlugin.class.php	2011-03-14 16:46:26 UTC (rev 12745)
+++ trunk/src/common/include/AuthPlugin.class.php	2011-03-14 16:46:42 UTC (rev 12746)
@@ -89,6 +89,7 @@
 			$this->saved_user = user_get_object($user_id);
 			if ($this->isSufficient()) {
 				$params['results'][$this->name] = FORGE_AUTH_AUTHORITATIVE_ACCEPT;
+
 			} else {
 				$params['results'][$this->name] = FORGE_AUTH_NOT_AUTHORITATIVE;
 			}
@@ -103,11 +104,17 @@
 	}
 
 	function fetchAuthUser(&$params) {
-		$params['results'] = $this->saved_user;
+		if ($this->saved_user && $this->isSufficient()) {
+			$params['results'] = $this->saved_user;
+		}
 	}
 
 	function closeAuthSession($params) {
-		$this->unsetSessionCookie();
+		if ($this->isSufficient() || $this->isRequired()) {
+			$this->unsetSessionCookie();
+		} else {
+			return true;
+		}
 	}
 
 	function getExtraRoles(&$params) {
@@ -119,10 +126,10 @@
 	}
 	
 	// Helper functions for individual plugins
-	protected $cookie_name = 'session_ser';
+	protected $cookie_name = 'forge_session';
 
 	protected function checkSessionToken($token) {
-		return session_check_session_cookie($token);
+		return session_check_session_token($token);
 	}
 
 	protected function checkSessionCookie() {
@@ -131,29 +138,25 @@
 	}
 
 	protected function setSessionCookie() {
-		$cookie = session_build_session_cookie($this->saved_user->getID());
-		session_cookie($this->cookie_name, $cookie, "", forge_get_config('session_expire'));
+		$cookie = session_build_session_token($this->saved_user->getID());
+		session_set_cookie($this->cookie_name, $cookie, "", forge_get_config('session_expire'));
 	}
 
 	function login($user) {
 		if ($this->isSufficient() || $this->isRequired()) {
 			$this->saved_user = $user;
 			$this->setSessionCookie();
+			$params = array();
+			$params['user'] = $user;
+			$params['event'] = 'login';
+			plugin_hook('sync_account_info', $params);
 		} else {
 			return true;
 		}
 	}
 
-	function logout() {
-		if ($this->isSufficient() || $this->isRequired()) {
-			$this->unsetSessionCookie();
-		} else {
-			return true;
-		}
-	}
-
 	protected function unsetSessionCookie() {
-		session_cookie($this->cookie_name, '');
+		session_set_cookie($this->cookie_name, '');
 	}
 
 	public function isRequired() {

Modified: trunk/src/common/include/session.php
===================================================================
--- trunk/src/common/include/session.php	2011-03-14 16:46:26 UTC (rev 12745)
+++ trunk/src/common/include/session.php	2011-03-14 16:46:42 UTC (rev 12746)
@@ -41,43 +41,47 @@
 $session_ser = getStringFromCookie('session_ser');
 
 /**
- *	session_build_session_cookie() - Construct session cookie for the user
+ *	session_build_session_token() - Construct session token for the user
  *
  *	@param		int		User_id of the logged in user
- *	@return cookie value
+ *	@return string token value
  */
-function session_build_session_cookie($user_id) {
+function session_build_session_token($user_id) {
+	if (!$user_id) {
+		return '';
+	}
+
 	$session_serial = $user_id.'-*-'.time().'-*-'.getStringFromServer('REMOTE_ADDR').'-*-'.getStringFromServer('HTTP_USER_AGENT');
 	$session_serial_hash = md5($session_serial.forge_get_config('session_key'));
-	$session_serial_cookie = base64_encode($session_serial).'-*-'.$session_serial_hash;
-	return $session_serial_cookie;
+	$session_serial_token = base64_encode($session_serial).'-*-'.$session_serial_hash;
+	return $session_serial_token;
 }
 
 /**
- *	session_get_session_cookie_hash() - Get hash of session cookie
+ *	session_get_hash_from_token() - Get hash of session token
  *
  *	This hash can be used as a key to identify session, e.g. in DB.
  *
- *	@param		string	Value of the session cookie
+ *	@param		string	Value of the session token
  *	@return hash
  */
-function session_get_session_cookie_hash($session_cookie) {
-	list ($junk, $hash) = explode('-*-', $session_cookie);
+function session_get_hash_from_token($session_token) {
+	list ($junk, $hash) = explode('-*-', $session_token);
 	return $hash;
 }
 
 /**
- *	session_check_session_cookie() - Check that session cookie passed from user is ok
+ *	session_check_session_token() - Check that session token passed from user is ok
  *
- *	@param		string	Value of the session cookie
- *	@return user_id if cookie is ok, false otherwise
+ *	@param		string	Value of the session token
+ *	@return user_id if token is ok, false otherwise
  */
-function session_check_session_cookie($session_cookie) {
-	if ($session_cookie == '') {
+function session_check_session_token($session_token) {
+	if ($session_token == '') {
 		return false;
 	}
 
-	list ($session_serial, $hash) = explode('-*-', $session_cookie);
+	list ($session_serial, $hash) = explode('-*-', $session_token);
 	$session_serial = base64_decode($session_serial);
 	$new_hash = md5($session_serial.forge_get_config('session_key'));
 
@@ -317,7 +321,7 @@
 }
 
 /**
- *	session_cookie() - Set a session cookie
+ *	session_set_cookie() - Set a session cookie
  *
  *	Set a cookie with default temporal scope of the current browser session
  *	and URL space of the current webserver
@@ -328,7 +332,7 @@
  *	@param		string	Expiration time in UNIX seconds (default 0)
  *	@return true/false
  */
-function session_cookie($name ,$value, $domain = '', $expiration = 0) {
+function session_set_cookie($name ,$value, $domain = '', $expiration = 0) {
 	if (php_sapi_name() != 'cli') {
 		if ( $expiration != 0){
 			setcookie($name, $value, time() + $expiration, '/', $domain, 0);
@@ -451,26 +455,19 @@
  *	@return none
  */
 function session_set_new($user_id) {
-	global $session_ser;
+	$token = session_build_session_token($user_id);
 
-	// set session cookie
-	//
-	$cookie = session_build_session_cookie($user_id);
-	session_cookie("session_ser", $cookie, "", forge_get_config('session_expire'));
-	$session_ser=$cookie;
-
-	$res = db_query_params ('SELECT count(*) as c FROM user_session WHERE session_hash =$1',
-				array (session_get_session_cookie_hash($cookie))) ;
+	$res = db_query_params ('SELECT count(*) as c FROM user_session WHERE session_hash = $1',
+				array (session_get_hash_from_token($token))) ;
 	if (!$res || db_result($res,0,'c') < 1) {
 		db_query_params ('INSERT INTO user_session (session_hash,ip_addr,time,user_id) VALUES ($1,$2,$3,$4)',
-				 array (session_get_session_cookie_hash($cookie),
+				 array (session_get_hash_from_token($token),
 					getStringFromServer('REMOTE_ADDR'),
 					time(),
 					$user_id)) ;
 	}
 
 	// check uniqueness of the session_hash in the database
-	// 
 	$res = session_getdata($user_id);
 
 	if (!$res) {
@@ -557,26 +554,18 @@
 		}
 	}
 	if ($seen_yes && !$seen_no) {
-		$id_is_good = true;
-	}
-
-	$params = array();
-	$params['results'] = NULL;
-	plugin_hook_by_reference('fetch_authenticated_user', $params);
-
-	$G_SESSION = $params['results'];
-	if ($G_SESSION) {
-		$G_SESSION->setLoggedIn(true);
-	} else {
-		$G_SESSION=false;
+		$params = array();
+		$params['results'] = NULL;
+		plugin_hook_by_reference('fetch_authenticated_user', $params);
 		
-		// if there was bad session cookie, kill it and the user cookie
-		//
-		if ($session_ser) {
-			session_logout();
+		$G_SESSION = $params['results'];
+		if ($G_SESSION) {
+			$G_SESSION->setLoggedIn(true);
+		} else {
+			$G_SESSION=false;
 		}
 	}
-
+	
 	$re = RBACEngine::getInstance();
 	$re->invalidateRoleCaches() ;
 }

Modified: trunk/src/common/mail/MailingList.class.php
===================================================================
--- trunk/src/common/mail/MailingList.class.php	2011-03-14 16:46:26 UTC (rev 12745)
+++ trunk/src/common/mail/MailingList.class.php	2011-03-14 16:46:42 UTC (rev 12746)
@@ -148,7 +148,7 @@
 			return false;
 		}
 
-		$listPassword = substr(md5($GLOBALS['session_ser'] . time() . util_randbytes()), 0, 16);
+		$listPassword = substr(md5(time() . util_randbytes()), 0, 16);
 		
 		db_begin();
 		$result = db_query_params ('INSERT INTO mail_group_list (group_id,list_name,is_public,password,list_admin,status,description) VALUES ($1,$2,$3,$4,$5,$6,$7)',

Modified: trunk/src/plugins/authbuiltin/common/AuthBuiltinPlugin.class.php
===================================================================
--- trunk/src/plugins/authbuiltin/common/AuthBuiltinPlugin.class.php	2011-03-14 16:46:26 UTC (rev 12745)
+++ trunk/src/plugins/authbuiltin/common/AuthBuiltinPlugin.class.php	2011-03-14 16:46:42 UTC (rev 12746)
@@ -37,7 +37,7 @@
 		$this->_addHook('fetch_authenticated_user');
 		$this->_addHook('display_auth_form');
 		// display_create_user_form - display a form to create a user from external auth
-		// fetch_account_info - sync identity from external source (realname, email, etc.)
+		// sync_account_info - sync identity from external source (realname, email, etc.)
 		// get_extra_roles - add new roles not necessarily stored in the database
 		// restrict_roles - filter out unwanted roles
 		$this->_addHook('close_auth_session');
@@ -52,10 +52,11 @@
 		$return_to = $params['return_to'];
 		$loginname = '';
 
-		$this->_displayAuthForm($return_to, $login_name);
-	}
+		echo '<h2>'._('Internal authentication').'</h2>';
+		echo '<p>';
+		echo _('Cookies must be enabled past this point.');
+		echo '</p>';
 
-	function _displayAuthForm($return_to, $login_name) {
 		echo '<form action="' . util_make_url('/plugins/authbuiltin/post-login.php') . '" method="post">
 <input type="hidden" name="form_key" value="' . form_generate_key() . '"/>
 <input type="hidden" name="return_to" value="' . htmlspecialchars(stripslashes($return_to)) . '" />
@@ -65,9 +66,16 @@
 		} else {
 			echo _('Login name:');
 		}
-		echo '<br /><input type="text" name="form_loginname" value="' . htmlspecialchars(stripslashes($login_name)) . '" /></p><p>' . _('Password:') . '<br /><input type="password" name="form_pw" /></p><p><input type="submit" name="login" value="' . _('Login') . '" />
+		echo '<br /><input type="text" name="form_loginname" value="' . htmlspecialchars(stripslashes($loginname)) . '" /></p><p>' . _('Password:') . '<br /><input type="password" name="form_pw" /></p><p><input type="submit" name="login" value="' . _('Login') . '" />
 </p>
 </form>' ;
+
+		echo '<p>' . util_make_link ('/plugins/authbuiltin/lostpw.php', _('[Lost your password?]')) . '</p>';
+		// hide "new account" item if restricted to admin
+		if (!forge_get_config ('user_registration_restricted')) {
+			echo '<p>' . util_make_link ('/plugins/authbuiltin/register.php', _('[New Account]')) . '</p>';
+		}
+		echo '<p>' . util_make_link ('/account/pending-resend.php', _('[Resend confirmation email to a pending account]')) . '</p>';
 	}
 }
 

Modified: trunk/src/plugins/authbuiltin/www/post-login.php
===================================================================
--- trunk/src/plugins/authbuiltin/www/post-login.php	2011-03-14 16:46:26 UTC (rev 12745)
+++ trunk/src/plugins/authbuiltin/www/post-login.php	2011-03-14 16:46:42 UTC (rev 12746)
@@ -124,42 +124,8 @@
 	html_feedback_top($feedback);
 }
 
-echo '<p>';
+plugin_hook('display_auth_form');
 
-echo _('Cookies must be enabled past this point.');
-
-?>
-</p>
-<form action="<?php echo util_make_url('/plugins/authbuiltin/post-login.php'); ?>" method="post">
-<input type="hidden" name="form_key" value="<?php echo form_generate_key(); ?>"/>
-<input type="hidden" name="return_to" value="<?php echo htmlspecialchars(stripslashes($return_to)); ?>" />
-<p>
-<?php if (forge_get_config('require_unique_email')) {
-	echo _('Login name or email address');
-} else {
-	echo _('Login name:');
-} ?>
-<br /><input type="text" name="form_loginname" value="<?php echo htmlspecialchars(stripslashes($form_loginname)); ?>" />
-</p>
-<p>
-<?php echo _('Password:'); ?>
-<br /><input type="password" name="form_pw" />
-</p>
-<p>
-<input type="submit" name="login" value="<?php echo _('Login'); ?>" />
-</p>
-</form>
-<p><a href="lostpw.php"><?php echo _('[Lost your password?]'); ?></a></p>
-<?php
-// hide "new account" item if restricted to admin
-if (!forge_get_config ('user_registration_restricted')) {
-	echo '<p><a href="register.php">'._('[New Account]').'</a></p>';
-}
-?>
-<p><a href="pending-resend.php"><?php echo _('[Resend confirmation email to a pending account]'); ?></a></p>
-
-<?php
-
 $HTML->footer(array());
 
 // Local Variables:

Modified: trunk/src/plugins/ldapextauth/etc/ldapextauth.ini
===================================================================
--- trunk/src/plugins/ldapextauth/etc/ldapextauth.ini	2011-03-14 16:46:26 UTC (rev 12745)
+++ trunk/src/plugins/ldapextauth/etc/ldapextauth.ini	2011-03-14 16:46:42 UTC (rev 12746)
@@ -5,4 +5,11 @@
 ; valid means : production ready.
 ; Any other strings means it's under work or broken and plugin 
 ; is available in installation_environment = development only.
-plugin_status = valid
\ No newline at end of file
+plugin_status = valid
+
+; By default, LDAP is enough to log in
+required = no
+sufficient = yes
+
+; Typical values: never, user-creation, login, every-page
+sync_data_on = login

Modified: trunk/src/plugins/ldapextauth/include/LdapExtAuthPlugin.class.php
===================================================================
--- trunk/src/plugins/ldapextauth/include/LdapExtAuthPlugin.class.php	2011-03-14 16:46:26 UTC (rev 12745)
+++ trunk/src/plugins/ldapextauth/include/LdapExtAuthPlugin.class.php	2011-03-14 16:46:42 UTC (rev 12746)
@@ -1,11 +1,12 @@
 <?php
 /** External authentication via LDAP for FusionForge
- * Copyright 2003 Roland Mas <lolando at debian.org>
- * Copyright 2004 Roland Mas <roland at gnurandal.com> 
- *                The Gforge Group, LLC <http://gforgegroup.com/>
- * Copyright 2004 Christian Bayle <bayle at debian.org>
- * Copyright 2009-2010 Alain Peyrat, Alcatel-Lucent
- * Copyright 2009 Chris Dalzell, OpenGameForge.org
+ * Copyright 2003, Roland Mas <lolando at debian.org>
+ * Copyright 2004, Roland Mas <roland at gnurandal.com> 
+ *                 The Gforge Group, LLC <http://gforgegroup.com/>
+ * Copyright 2004, Christian Bayle <bayle at debian.org>
+ * Copyright 2009-2010, Alain Peyrat, Alcatel-Lucent
+ * Copyright 2009, Chris Dalzell, OpenGameForge.org
+ * Copyright 2011, Roland Mas
  *
  * This file is part of FusionForge
  *
@@ -25,7 +26,7 @@
  */
 
 require_once $GLOBALS['gfcommon'].'include/User.class.php';
-require_once $GLOBALS['gfconfig'].'plugins/ldapextauth/mapping.php' ;
+// require_once $GLOBALS['gfconfig'].'plugins/ldapextauth/mapping.php' ;
 
 class LdapextauthPlugin extends AuthPlugin {
 	protected $saved_login;
@@ -37,12 +38,15 @@
 		global $gfconfig;
 		$this->Plugin() ;
 		$this->name = "ldapextauth";
-		$this->_addHook("session_before_login");
+		$this->text = "LDAP authentication";
+
+		$this->_addHook('display_auth_form');
 		$this->_addHook("check_auth_session");
-		$this->_addHook("fetch_auth_info");
+		$this->_addHook("fetch_authenticated_user");
 		$this->_addHook("sync_account_info");
 		$this->_addHook("close_auth_session");
 
+		$this->cookie_name = 'forge_session_ldapextauth';
 		
 		$this->ldap_conn = false ;
 		$this->base_dn = '';
@@ -55,7 +59,7 @@
 		$this->ldap_bind_dn = '';
 		$this->ldap_bind_pwd = '';
 		$this->ldap_skip_users = '';
-		require_once $GLOBALS['gfconfig'].'plugins/ldapextauth/config.php' ;
+		// require_once $GLOBALS['gfconfig'].'plugins/ldapextauth/config.php' ;
 		if (isset($base_dn)) {
 			$this->base_dn = $base_dn ;
 		}
@@ -102,6 +106,51 @@
 		}
 	}
 
+	function syncAccountInfo($params) {
+		if (!$this->syncDataOn($params['event'])) {
+			return true;
+		}
+		$u = $params['user'];
+		$u->setEmail('toto at tata.com');
+		$data = $this->saved_data;
+
+		if ($u) {
+			if ($u->getStatus() == 'D') {
+				debuglog("Account deleted, reactivating it.");
+				$u->setStatus('A');
+			}
+			if (!session_login_valid_dbonly ($this->saved_login, $this->saved_password, false)) {
+				$u->setPasswd ($passwd) ;
+			}
+
+		} else {
+		}		
+	}
+
+	function displayAuthForm($params) {
+		if (!$this->isRequired() && !$this->isSufficient()) {
+			return true;
+		}
+		$return_to = $params['return_to'];
+		$loginname = '';
+
+		echo '<h2>'._('LDAP authentication').'</h2>';
+		echo '<p>';
+		echo _('Cookies must be enabled past this point.');
+		echo '</p>';
+
+		echo '<form action="' . util_make_url('/plugins/ldapextauth/post-login.php') . '" method="post">
+<input type="hidden" name="form_key" value="' . form_generate_key() . '"/>
+<input type="hidden" name="return_to" value="' . htmlspecialchars(stripslashes($return_to)) . '" />
+<p>';
+		echo _('LDAP Login name:');
+		echo '<br /><input type="text" name="form_loginname" value="' . htmlspecialchars(stripslashes($loginname)) . '" /></p><p>' . _('Password:') . '<br /><input type="password" name="form_pw" /></p><p><input type="submit" name="login" value="' . _('Login') . '" />
+</p>
+</form>' ;
+	}
+
+	/// HELPERS
+
 	function checkLDAPCredentials($loginname, $passwd) {
 		if (!$this->ldap_conn) {
 			$r = $this->ConnectLdap($this->ldap_server, $this->ldap_port);
@@ -134,21 +183,49 @@
 		}
 	}
 
-	function syncAccountInfo() {
-		$u = user_get_object_by_name ($saved_login) ;
-		if ($u) {
-			if ($u->getStatus() == 'D') {
-				debuglog("Account deleted, reactivating it.");
-				$u->setStatus('A');
+	function ConnectLDAP($server, $port) {
+
+		debuglog("LDAP: ldap_connect($server,$port)");
+		if ($port) {
+			$this->ldap_conn = ldap_connect ($server, $port);
+		} else {
+			$this->ldap_conn = ldap_connect ($server);
+		}
+		debuglog("LDAP: Ldap handle: ".$this->ldap_conn);
+
+		if (forge_get_config('ldap_version')) {
+			debuglog("LDAP: ldap_set_option ($this->ldap_conn, LDAP_OPT_PROTOCOL_VERSION, forge_get_config('ldap_version'));");
+			if (!ldap_set_option ($this->ldap_conn, LDAP_OPT_PROTOCOL_VERSION, forge_get_config('ldap_version'))) {
+				debuglog("LDAP: ldap_set_option() failed: ".ldap_error($this->ldap_conn));
+				return false;
 			}
-			if (!session_login_valid_dbonly ($this->saved_login, $this->saved_password, false)) {
-				$u->setPasswd ($passwd) ;
+		}
+
+		if ($this->ldap_start_tls) {
+			debuglog("LDAP: ldap_start_tls($this->ldap_conn)");
+			if (!ldap_start_tls($this->ldap_conn)) {
+				syslog(LOG_ERR, "FusionForge: LDAP start_tls failed: ".ldap_error($this->ldap_conn));
+				debuglog("LDAP: ldap_start_tls() failed: ".ldap_error($this->ldap_conn));
+				return false;
 			}
+		}
 
-		} else {
-		}		
+		// If the ldap server does not allow anonymous bind,
+		// then authentificate with the server.
+		if ($this->ldap_bind_dn) {
+			debuglog("LDAP: ldap_bind() (application bind)");
+			if (!@ldap_bind($this->ldap_conn, $this->ldap_bind_dn, $this->ldap_bind_pwd)) {
+				debuglog("LDAP: ldap_bind() failed (application bind): ". ldap_error($this->ldap_conn));
+				syslog(LOG_ERR, "FusionForge:LDAP application bind failed, using DB login/passwd instead.");
+				return false;
+			}
+		}
+
+		return true;
 	}
 
+	/// LEGACY
+
 	function AuthUser ($loginname, $passwd) {
 		global $feedback;
 
@@ -354,46 +431,6 @@
 		}
 	}
 
-	function ConnectLDAP($server, $port) {
-
-		debuglog("LDAP: ldap_connect($server,$port)");
-		if ($port) {
-			$this->ldap_conn = ldap_connect ($server, $port);
-		} else {
-			$this->ldap_conn = ldap_connect ($server);
-		}
-		debuglog("LDAP: Ldap handle: ".$this->ldap_conn);
-
-		if (forge_get_config('ldap_version')) {
-			debuglog("LDAP: ldap_set_option ($this->ldap_conn, LDAP_OPT_PROTOCOL_VERSION, forge_get_config('ldap_version'));");
-			if (!ldap_set_option ($this->ldap_conn, LDAP_OPT_PROTOCOL_VERSION, forge_get_config('ldap_version'))) {
-				debuglog("LDAP: ldap_set_option() failed: ".ldap_error($this->ldap_conn));
-				return false;
-			}
-		}
-
-		if ($this->ldap_start_tls) {
-			debuglog("LDAP: ldap_start_tls($this->ldap_conn)");
-			if (!ldap_start_tls($this->ldap_conn)) {
-				syslog(LOG_ERR, "FusionForge: LDAP start_tls failed: ".ldap_error($this->ldap_conn));
-				debuglog("LDAP: ldap_start_tls() failed: ".ldap_error($this->ldap_conn));
-				return false;
-			}
-		}
-
-		// If the ldap server does not allow anonymous bind,
-		// then authentificate with the server.
-		if ($this->ldap_bind_dn) {
-			debuglog("LDAP: ldap_bind() (application bind)");
-			if (!@ldap_bind($this->ldap_conn, $this->ldap_bind_dn, $this->ldap_bind_pwd)) {
-				debuglog("LDAP: ldap_bind() failed (application bind): ". ldap_error($this->ldap_conn));
-				syslog(LOG_ERR, "FusionForge:LDAP application bind failed, using DB login/passwd instead.");
-				return false;
-			}
-		}
-
-		return true;
-	}
 }
 
 function debuglog($msg) {

Added: trunk/src/plugins/ldapextauth/www/post-login.php
===================================================================
--- trunk/src/plugins/ldapextauth/www/post-login.php	                        (rev 0)
+++ trunk/src/plugins/ldapextauth/www/post-login.php	2011-03-14 16:46:42 UTC (rev 12746)
@@ -0,0 +1,137 @@
+<?php
+/**
+ * FusionForge login page
+ *
+ * This is main login page. It takes care of different account states
+ * (by disallowing logging in with non-active account, with appropriate
+ * notice).
+ *
+ * Copyright 1999-2001 (c) VA Linux Systems
+ *
+ * This file is part of FusionForge.
+ *
+ * FusionForge is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * FusionForge is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with FusionForge; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+Header( "Expires: Wed, 11 Nov 1998 11:11:11 GMT"); 
+Header( "Cache-Control: no-cache"); 
+Header( "Cache-Control: must-revalidate"); 
+
+require_once('../../../www/env.inc.php');
+require_once $gfcommon.'include/pre.php';
+
+$plugin = plugin_get_object('ldapextauth');
+
+$return_to = getStringFromRequest('return_to');
+$login = getStringFromRequest('login');
+$form_loginname = getStringFromRequest('form_loginname');
+$form_pw = getStringFromRequest('form_pw');
+$feedback = htmlspecialchars(getStringFromRequest('feedback'));
+$warning_msg = htmlspecialchars(getStringFromRequest('warning_msg'));
+$error_msg = htmlspecialchars(getStringFromRequest('error_msg'));
+$triggered = getIntFromRequest('triggered');
+
+//
+//	Validate return_to
+//
+if ($return_to) {
+	$tmpreturn=explode('?',$return_to);
+	$rtpath = $tmpreturn[0] ;
+
+	if (@is_file(forge_get_config('url_root').$rtpath)
+	    || @is_dir(forge_get_config('url_root').$rtpath)
+	    || (strpos($rtpath,'/projects') == 0)
+	    || (strpos($rtpath,'/plugins/mediawiki') == 0)) {
+		$newrt = $return_to ;
+	} else {
+		$newrt = '/' ;
+	}
+	$return_to = $newrt ;
+}
+
+if (forge_get_config('use_ssl') && !session_issecure()) {
+	//force use of SSL for login
+	header('Location: https://'.getStringFromServer('HTTP_HOST').getStringFromServer('REQUEST_URI'));
+}
+
+// ###### first check for valid login, if so, redirect
+
+if ($login) {
+	if (!form_key_is_valid(getStringFromRequest('form_key'))) {
+		exit_form_double_submit();
+	}
+	$success = $plugin->checkLDAPCredentials(strtolower($form_loginname),$form_pw);
+	$success = ($form_pw == 'toto');
+	if ($success) {
+		if ($plugin->isSufficient()) {
+			$plugin->login(user_get_object_by_name($form_loginname));
+		}
+		if ($return_to) {
+			header ("Location: " . util_make_url($return_to));
+			exit;
+		} else {
+			header ("Location: " . util_make_url("/my"));
+			exit;
+		}
+	} else {
+		if ($form_loginname && $form_pw) {
+			$warning_msg = _('Invalid Password Or User Name');
+		} else {
+			$warning_msg = _('Missing Password Or Users Name');
+		}
+		
+	}
+}
+
+if (isset($session_hash)) {
+	//nuke their old session
+	session_logout();
+}
+
+$HTML->header(array('title'=>'Login'));
+
+if ($login && !$success) {
+	form_release_key(getStringFromRequest('form_key'));	
+	// Account Pending
+	if (!isset($userstatus)) {
+		if (isset ($form_loginname)) {
+			$u = user_get_object_by_name($form_loginname) || 
+				user_get_object_by_email($form_loginname) ;
+			if (!$u) {
+				$warning_msg .= '<br /><p>'. _('Your account does not exist.').'</p>';
+			}
+		}
+	} else if ($userstatus == "P") {
+		$warning_msg .= '<br />'. sprintf(_('<p>Your account is currently pending your email confirmation.		Visiting the link sent to you in this email will activate your account.		<p>If you need this email resent, please click below and a confirmation		email will be sent to the email address you provided in registration.		<p><a href="%1$s">[Resend Confirmation Email]</a>		<br><hr>		<p>'), util_make_url ("/account/pending-resend.php?form_user=".htmlspecialchars($form_loginname)));
+	} else {
+		if ($userstatus == "D") {
+			$error_msg .= '<br />'.sprintf(_('<p>Your %1$s account has been removed by %1$s staff. This may occur for two reasons, either 1) you requested that your account be removed; or 2) some action has been performed using your account which has been seen as objectionable (i.e. you have breached the terms of service for use of your account) and your account has been revoked for administrative reasons. Should you have questions or concerns regarding this matter, please log a <a href="%2$s">support request</a>.</p><p>Thank you, <br><br>%1$s Staff</p>'), forge_get_config ('forge_name'), util_make_url ("/support/?group_id=1"));
+		}
+	}
+	html_error_top($error_msg);
+	html_warning_top($warning_msg);
+	html_feedback_top($feedback);
+}
+
+plugin_hook('display_auth_form');
+
+$HTML->footer(array());
+
+// Local Variables:
+// mode: php
+// c-file-style: "bsd"
+// End:
+
+?>

Modified: trunk/src/plugins/mediawiki/www/LocalSettings.php
===================================================================
--- trunk/src/plugins/mediawiki/www/LocalSettings.php	2011-03-14 16:46:26 UTC (rev 12745)
+++ trunk/src/plugins/mediawiki/www/LocalSettings.php	2011-03-14 16:46:42 UTC (rev 12746)
@@ -159,14 +159,10 @@
 function FusionForgeMWAuth( $user, &$result ) {
 	global $fusionforgeproject, $wgGroupPermissions ;
 
-	$cookie = getStringFromCookie ('session_ser') ;
-        if ($cookie != '') {
-                $s = session_check_session_cookie ($cookie);
-        } else {
-                $s = false ;
-        }
-        if ($s) {
-                $u = user_get_object ($s);
+	session_set();
+
+        if (session_loggedin()) {
+                $u = session_get_user();
 		$g = group_get_object_by_name ($fusionforgeproject) ;
 
                 $mwname = ucfirst($u->getUnixName ()) ;

Modified: trunk/src/www/account/login.php
===================================================================
--- trunk/src/www/account/login.php	2011-03-14 16:46:26 UTC (rev 12745)
+++ trunk/src/www/account/login.php	2011-03-14 16:46:42 UTC (rev 12746)
@@ -43,28 +43,15 @@
 $HTML->header(array('title'=>'Login'));
 
 echo '<p>';
-
 if ($triggered) {
 	echo '<div class="warning">' ;
 	echo _('You\'ve been redirected to this login page because you have tried accessing a page that was not available to you as an anonymous user.');
 	echo '</div> ' ;
 }
-echo _('Cookies must be enabled past this point.');
 echo '</p>';
 
 plugin_hook('display_auth_form');
-?>
-<p><a href="lostpw.php"><?php echo _('[Lost your password?]'); ?></a></p>
-<?php
-// hide "new account" item if restricted to admin
-if (!forge_get_config ('user_registration_restricted')) {
-	echo '<p><a href="register.php">'._('[New Account]').'</a></p>';
-}
-?>
-<p><a href="pending-resend.php"><?php echo _('[Resend confirmation email to a pending account]'); ?></a></p>
 
-<?php
-
 $HTML->footer(array());
 
 // Local Variables:

Modified: trunk/src/www/soap/index.php
===================================================================
--- trunk/src/www/soap/index.php	2011-03-14 16:46:26 UTC (rev 12745)
+++ trunk/src/www/soap/index.php	2011-03-14 16:46:42 UTC (rev 12746)
@@ -156,13 +156,13 @@
 		
 	setlocale (LC_TIME, _('en_US'));
 
-	$res = session_login_valid($userid, $passwd);
+	$res = session_check_credentials_in_database($userid, $passwd);
 	
 	if (!$res) {
 		return new soap_fault('1001', 'user', "Unable to log in with userid of ".$userid, $feedback);
  	}
 	
-	return $session_ser;
+	return session_build_session_token(user_getid());
 }
 
 /**




More information about the Fusionforge-commits mailing list