From: Platonides Date: Tue, 18 Sep 2018 22:07:04 +0000 (+0200) Subject: Rename class X-Git-Url: http://gitweb.wikimedia.es/?a=commitdiff_plain;h=e5b1819fa250c2a7adff46133b057193c446cbc1;p=limesurvey%2FAuthWMESbyDB Rename class --- diff --git a/AuthWMESbyDB.php b/AuthWMESbyDB.php new file mode 100644 index 0000000..ba14421 --- /dev/null +++ b/AuthWMESbyDB.php @@ -0,0 +1,301 @@ + + * @copyright 2014 Denis Chenu + * @copyright 2014 Bruce Mahillet de Komet + * @license GPL v3 + * @version 1.1 + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +class AuthWMESbyDB extends \ls\pluginmanager\AuthPluginBase +{ + protected $storage = 'DbStorage'; + + static protected $description = 'A plugin to authenticate user via WordPress DB (v1.1)'; + static protected $name = 'AuthWMESbyDB'; + + protected $settings = array( + 'authwp_dir' => array( + 'type' => 'string', + 'label' => 'The directory where WP is (If found : no need to configure DB, example if you put limesurvey in a sub directory : ../).', + 'default' => ''// Don't set default : preferred methode : same DB than LS with prefix to wp_ + ), + 'authwp_dbhost' => array( + 'type' => 'string', + 'label' => 'WordPress DB Host (default to LimeSurvey DB Host)' + ), + 'authwp_dbport' => array( + 'type' => 'string', + 'label' => 'WordPress DB Port (default to LimeSurvey DB Port or 3306 id name or host is define)' + ), + 'authwp_dbname' => array( + 'type' => 'string', + 'label' => 'WordPress DB Name (default to LimeSurvey DB Name)' + ), + 'authwp_dbuser' => array( + 'type' => 'string', + 'label' => 'WordPress DB User (default to LimeSurvey DB User)' + ), + 'authwp_dbpassword' => array( + 'type' => 'string', + 'label' => 'WordPress DB User password (default to LimeSurvey DB User)' + ), + 'authwp_dbprefix' => array( + 'type' => 'string', + 'label' => 'WordPress DB prefix', + 'default' => 'wp_' + ), + 'authwp_default' => array( + 'type' => 'checkbox', + 'label' => 'Check to make default authentication method' + ), + 'authwp_autocreate' => array( + 'type' => 'checkbox', + 'label' => 'Auto create user.', + 'default' => true + ), + ); + + protected $sWpLoad = false; + + public function init() { + $this->subscribe('beforeLogin'); + $this->subscribe('newLoginForm'); + $this->subscribe('newUserSession'); + $this->subscribe('afterLoginFormSubmit'); + $this->subscribe('beforeActivate'); + } + + public function beforeActivate() + { + $oEvent = $this->getEvent(); + // Get configuration settings: + if($this->addWpDb()) + { + $oEvent->set('success', true); + }else{ + $oEvent->set('success', false); + $oEvent->set('message',"Unable to conect to WordPress DB, please verify the connection parameters"); + } + } + + public function beforeLogin() + { + $oEvent = $this->getEvent(); + if ($this->addWpDb() && $this->get('authwp_default')) + { + $this->getEvent()->set('default', get_class($this)); + } + } + + public function newLoginForm() + { + if(floatval(App()->getConfig("versionnumber")) >= 2.5){ + $tag="div"; + }else{ + $tag="li"; + } + if($this->addWpDb()){ + $this->getEvent()->getContent($this) + ->addContent(CHtml::tag($tag, array(), "")) + ->addContent(CHtml::tag($tag, array(), "")); + }else{// No login form if unable to access to Wp DB + + } + } + + public function afterLoginFormSubmit() + { + // Allways (trying to reset password if user exist in DB ????) + $request = $this->api->getRequest(); + if ($request->getIsPostRequest()) { + $this->setUsername( $request->getPost('user')); + $this->setPassword($request->getPost('password')); + } + } + + public function newUserSession() + { + $identity = $this->getEvent()->get('identity'); + if ($identity->plugin != 'AuthWPbyDB') + { + return; + } + $sUserName = $this->getUserName(); + $sUserPass = $this->getPassword(); + + $aWpUser=$this->getWpDbUser($sUserName,$sUserPass); + if(!$aWpUser){ + $this->setAuthFailure(self::ERROR_USERNAME_INVALID); + return; + } + $oUser = $this->api->getUserByName($sUserName); + if (is_null($oUser) && $this->get('authwp_autocreate')) + { + $oUser=new User; + $oUser->users_name=$aWpUser['user_login']; + $oUser->full_name=$aWpUser['display_name']; + $oUser->password=substr(md5(rand()),0,20);; + $oUser->parent_id=1; + $oUser->lang='auto'; + $oUser->email=$aWpUser['user_email']; + if ($oUser->save()) + { + // TODO by plugin settings + if((int)$aWpUser['user_level']>=9){ + $aPermission=Array( + 'superadmin' => array('read'=>true), + ); + }else{ + $aPermission=Array( + 'surveys' => array('create'=>true,'import'=>true,'export'=>true), + 'template' => array('read'=>true), + 'labelsets' => array('read'=>true,'export'=>true), + 'participantpanel' => array('create'=>true,'read'=>true,'update'=>true,'delete'=>true), + ); + } + $permission=new Permission; + $permission->setPermissions($oUser->uid, 0, 'global', $aPermission, true); + + // read again user from newly created entry + $this->setAuthSuccess($oUser); + return; + }else{ + $this->setAuthFailure("DB error"); + return; + } + } + elseif($oUser)// Invalid user + { + $this->setAuthSuccess($oUser); + return; + } + else{ + $this->setAuthFailure(self::ERROR_USERNAME_INVALID); + return; + } + } + + /** + * Validate user by username/password from WordPress + * @param string $sUserName : the user name + * @param string $sUserPass : the user pass + * return array : User information + **/ + private function getWpDbUser($sUserName,$sUserPass) + { + if($this->addWpDb()) + { + $aUser = Yii::app()->wpdb->createCommand() + ->select('user_login,user_pass,user_nicename,user_email,display_name,ul.meta_value as user_level') + ->from('{{users}}') + ->leftJoin('{{usermeta}} ul', 'ID = ul.user_id AND ul.meta_key="wp_user_level"') + ->andWhere("user_login = :user_login") + ->bindParam(':user_login',$sUserName) + ->queryRow(); + if(!$aUser) + return; + //Yii::import('plugins.AuthWPbyAPI.third_party.phpass.PasswordHash'); + require_once dirname(__FILE__).'/third_party/phpass/PasswordHash.php';// DIRECTORY_SEPARATOR not needed + $oHasher = new PasswordHash(8, TRUE); + $bCheck = $oHasher->CheckPassword($sUserPass, $aUser['user_pass']); + if($bCheck) + return $aUser; + else + return; + } + else + { + return; // Invalid settings + } + } + /** + * Add the db from plugin configuration in new Yii db + **/ + private function addWpDb() + { + static $bValid=NULL; + if(!is_null($bValid)) + return $bValid; + + $bWpFileConfig=false; + // Start by loading wp-config if we can + $sWPdirectory = $this->get('authwp_dir'); + if(is_file($sWPdirectory."wp-config.php") && is_readable($sWPdirectory."wp-config.php")){ + $bWpFileConfig=true; + }elseif(is_file(Yii::app()->getConfig('rootdir').DIRECTORY_SEPARATOR.$sWPdirectory."wp-config.php") && is_readable(Yii::app()->getConfig('rootdir').DIRECTORY_SEPARATOR.$sWPdirectory."wp-config.php")){ + $sWPdirectory=Yii::app()->getConfig('rootdir').DIRECTORY_SEPARATOR.$sWPdirectory; + $bWpFileConfig=true; + } + if($bWpFileConfig){ + define('ABSPATH',dirname(__FILE__) . '/'); // Define absolute path to remove inclusion of wp-settings.php + require_once $sWPdirectory."wp-config.php"; + $sWpDbHost = DB_HOST; + $sWpDbPort = "3306"; // TODO : fix specific port @link http://codex.wordpress.org/Editing_wp-config.php#MySQL_Alternate_Port + $sWpDbName = DB_NAME; + $sWpDbUser = DB_USER; + $sWpDbPassword = DB_PASSWORD; + $sWpDbPrefix = $table_prefix; + $sWpDbCharset = DB_CHARSET; + $sConnectionString="mysql:host={$sWpDbHost};port={$sWpDbPort};dbname={$sWpDbName}"; + }else{ + $sWpDbHost = $this->get('authwp_dbhost'); + $sWpDbPort = $this->get('authwp_dbport'); + $sWpDbName = $this->get('authwp_dbname'); + $sWpDbUser = $this->get('authwp_dbuser'); + $sWpDbPassword = $this->get('authwp_dbpassword'); + $sWpDbPrefix = $this->get('authwp_dbprefix'); + if(is_null($sWpDbPrefix)){ + $sWpDbPrefix='wp_'; + } + $sWpDbCharset = "utf8"; + if($sWpDbHost || $sWpDbPort || $sWpDbName){ + if(!$sWpDbPort) + $sWpDbPort="3306"; + $sConnectionString="mysql:host={$sWpDbHost};port={$sWpDbPort};dbname={$sWpDbName}"; + }else{ + $sConnectionString=Yii::app()->db->connectionString; + } + if(!$sWpDbUser) + $sWpDbUser=Yii::app()->db->username; + if(!$sWpDbPassword) + $sWpDbPassword=Yii::app()->db->password; + } + // Test if we have a connexion and if this have users and usermeta table. + $oConnection=new CDbConnection($sConnectionString,$sWpDbUser,$sWpDbPassword); + try { + $wpdb = Yii::createComponent(array( + 'class' => 'CDbConnection', + 'connectionString'=>$sConnectionString, + 'username'=>$sWpDbUser, + 'password'=> $sWpDbPassword, + 'charset'=>$sWpDbCharset, + 'emulatePrepare' => true, + 'tablePrefix' => $sWpDbPrefix, + )); + Yii::app()->setComponent('wpdb', $wpdb); + if(in_array($sWpDbPrefix.'users',Yii::app()->wpdb->schema->getTableNames()) && in_array($sWpDbPrefix.'usermeta',Yii::app()->wpdb->schema->getTableNames()) ){ + $bValid=true; + }else{ + $bValid=false; + } + } catch(CDbException $e) { + $bValid=false; + } + // Maybe deactivate if false ? + return $bValid; + } + +} diff --git a/AuthWPbyDB.php b/AuthWPbyDB.php deleted file mode 100644 index f9a27e0..0000000 --- a/AuthWPbyDB.php +++ /dev/null @@ -1,301 +0,0 @@ - - * @copyright 2014 Denis Chenu - * @copyright 2014 Bruce Mahillet de Komet - * @license GPL v3 - * @version 1.1 - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - */ - -class AuthWPbyDB extends \ls\pluginmanager\AuthPluginBase -{ - protected $storage = 'DbStorage'; - - static protected $description = 'A plugin to authenticate user via WordPress DB (v1.1)'; - static protected $name = 'AuthWPbyDB'; - - protected $settings = array( - 'authwp_dir' => array( - 'type' => 'string', - 'label' => 'The directory where WP is (If found : no need to configure DB, example if you put limesurvey in a sub directory : ../).', - 'default' => ''// Don't set default : preferred methode : same DB than LS with prefix to wp_ - ), - 'authwp_dbhost' => array( - 'type' => 'string', - 'label' => 'WordPress DB Host (default to LimeSurvey DB Host)' - ), - 'authwp_dbport' => array( - 'type' => 'string', - 'label' => 'WordPress DB Port (default to LimeSurvey DB Port or 3306 id name or host is define)' - ), - 'authwp_dbname' => array( - 'type' => 'string', - 'label' => 'WordPress DB Name (default to LimeSurvey DB Name)' - ), - 'authwp_dbuser' => array( - 'type' => 'string', - 'label' => 'WordPress DB User (default to LimeSurvey DB User)' - ), - 'authwp_dbpassword' => array( - 'type' => 'string', - 'label' => 'WordPress DB User password (default to LimeSurvey DB User)' - ), - 'authwp_dbprefix' => array( - 'type' => 'string', - 'label' => 'WordPress DB prefix', - 'default' => 'wp_' - ), - 'authwp_default' => array( - 'type' => 'checkbox', - 'label' => 'Check to make default authentication method' - ), - 'authwp_autocreate' => array( - 'type' => 'checkbox', - 'label' => 'Auto create user.', - 'default' => true - ), - ); - - protected $sWpLoad = false; - - public function init() { - $this->subscribe('beforeLogin'); - $this->subscribe('newLoginForm'); - $this->subscribe('newUserSession'); - $this->subscribe('afterLoginFormSubmit'); - $this->subscribe('beforeActivate'); - } - - public function beforeActivate() - { - $oEvent = $this->getEvent(); - // Get configuration settings: - if($this->addWpDb()) - { - $oEvent->set('success', true); - }else{ - $oEvent->set('success', false); - $oEvent->set('message',"Unable to conect to WordPress DB, please verify the connection parameters"); - } - } - - public function beforeLogin() - { - $oEvent = $this->getEvent(); - if ($this->addWpDb() && $this->get('authwp_default')) - { - $this->getEvent()->set('default', get_class($this)); - } - } - - public function newLoginForm() - { - if(floatval(App()->getConfig("versionnumber")) >= 2.5){ - $tag="div"; - }else{ - $tag="li"; - } - if($this->addWpDb()){ - $this->getEvent()->getContent($this) - ->addContent(CHtml::tag($tag, array(), "")) - ->addContent(CHtml::tag($tag, array(), "")); - }else{// No login form if unable to access to Wp DB - - } - } - - public function afterLoginFormSubmit() - { - // Allways (trying to reset password if user exist in DB ????) - $request = $this->api->getRequest(); - if ($request->getIsPostRequest()) { - $this->setUsername( $request->getPost('user')); - $this->setPassword($request->getPost('password')); - } - } - - public function newUserSession() - { - $identity = $this->getEvent()->get('identity'); - if ($identity->plugin != 'AuthWPbyDB') - { - return; - } - $sUserName = $this->getUserName(); - $sUserPass = $this->getPassword(); - - $aWpUser=$this->getWpDbUser($sUserName,$sUserPass); - if(!$aWpUser){ - $this->setAuthFailure(self::ERROR_USERNAME_INVALID); - return; - } - $oUser = $this->api->getUserByName($sUserName); - if (is_null($oUser) && $this->get('authwp_autocreate')) - { - $oUser=new User; - $oUser->users_name=$aWpUser['user_login']; - $oUser->full_name=$aWpUser['display_name']; - $oUser->password=substr(md5(rand()),0,20);; - $oUser->parent_id=1; - $oUser->lang='auto'; - $oUser->email=$aWpUser['user_email']; - if ($oUser->save()) - { - // TODO by plugin settings - if((int)$aWpUser['user_level']>=9){ - $aPermission=Array( - 'superadmin' => array('read'=>true), - ); - }else{ - $aPermission=Array( - 'surveys' => array('create'=>true,'import'=>true,'export'=>true), - 'template' => array('read'=>true), - 'labelsets' => array('read'=>true,'export'=>true), - 'participantpanel' => array('create'=>true,'read'=>true,'update'=>true,'delete'=>true), - ); - } - $permission=new Permission; - $permission->setPermissions($oUser->uid, 0, 'global', $aPermission, true); - - // read again user from newly created entry - $this->setAuthSuccess($oUser); - return; - }else{ - $this->setAuthFailure("DB error"); - return; - } - } - elseif($oUser)// Invalid user - { - $this->setAuthSuccess($oUser); - return; - } - else{ - $this->setAuthFailure(self::ERROR_USERNAME_INVALID); - return; - } - } - - /** - * Validate user by username/password from WordPress - * @param string $sUserName : the user name - * @param string $sUserPass : the user pass - * return array : User information - **/ - private function getWpDbUser($sUserName,$sUserPass) - { - if($this->addWpDb()) - { - $aUser = Yii::app()->wpdb->createCommand() - ->select('user_login,user_pass,user_nicename,user_email,display_name,ul.meta_value as user_level') - ->from('{{users}}') - ->leftJoin('{{usermeta}} ul', 'ID = ul.user_id AND ul.meta_key="wp_user_level"') - ->andWhere("user_login = :user_login") - ->bindParam(':user_login',$sUserName) - ->queryRow(); - if(!$aUser) - return; - //Yii::import('plugins.AuthWPbyAPI.third_party.phpass.PasswordHash'); - require_once dirname(__FILE__).'/third_party/phpass/PasswordHash.php';// DIRECTORY_SEPARATOR not needed - $oHasher = new PasswordHash(8, TRUE); - $bCheck = $oHasher->CheckPassword($sUserPass, $aUser['user_pass']); - if($bCheck) - return $aUser; - else - return; - } - else - { - return; // Invalid settings - } - } - /** - * Add the db from plugin configuration in new Yii db - **/ - private function addWpDb() - { - static $bValid=NULL; - if(!is_null($bValid)) - return $bValid; - - $bWpFileConfig=false; - // Start by loading wp-config if we can - $sWPdirectory = $this->get('authwp_dir'); - if(is_file($sWPdirectory."wp-config.php") && is_readable($sWPdirectory."wp-config.php")){ - $bWpFileConfig=true; - }elseif(is_file(Yii::app()->getConfig('rootdir').DIRECTORY_SEPARATOR.$sWPdirectory."wp-config.php") && is_readable(Yii::app()->getConfig('rootdir').DIRECTORY_SEPARATOR.$sWPdirectory."wp-config.php")){ - $sWPdirectory=Yii::app()->getConfig('rootdir').DIRECTORY_SEPARATOR.$sWPdirectory; - $bWpFileConfig=true; - } - if($bWpFileConfig){ - define('ABSPATH',dirname(__FILE__) . '/'); // Define absolute path to remove inclusion of wp-settings.php - require_once $sWPdirectory."wp-config.php"; - $sWpDbHost = DB_HOST; - $sWpDbPort = "3306"; // TODO : fix specific port @link http://codex.wordpress.org/Editing_wp-config.php#MySQL_Alternate_Port - $sWpDbName = DB_NAME; - $sWpDbUser = DB_USER; - $sWpDbPassword = DB_PASSWORD; - $sWpDbPrefix = $table_prefix; - $sWpDbCharset = DB_CHARSET; - $sConnectionString="mysql:host={$sWpDbHost};port={$sWpDbPort};dbname={$sWpDbName}"; - }else{ - $sWpDbHost = $this->get('authwp_dbhost'); - $sWpDbPort = $this->get('authwp_dbport'); - $sWpDbName = $this->get('authwp_dbname'); - $sWpDbUser = $this->get('authwp_dbuser'); - $sWpDbPassword = $this->get('authwp_dbpassword'); - $sWpDbPrefix = $this->get('authwp_dbprefix'); - if(is_null($sWpDbPrefix)){ - $sWpDbPrefix='wp_'; - } - $sWpDbCharset = "utf8"; - if($sWpDbHost || $sWpDbPort || $sWpDbName){ - if(!$sWpDbPort) - $sWpDbPort="3306"; - $sConnectionString="mysql:host={$sWpDbHost};port={$sWpDbPort};dbname={$sWpDbName}"; - }else{ - $sConnectionString=Yii::app()->db->connectionString; - } - if(!$sWpDbUser) - $sWpDbUser=Yii::app()->db->username; - if(!$sWpDbPassword) - $sWpDbPassword=Yii::app()->db->password; - } - // Test if we have a connexion and if this have users and usermeta table. - $oConnection=new CDbConnection($sConnectionString,$sWpDbUser,$sWpDbPassword); - try { - $wpdb = Yii::createComponent(array( - 'class' => 'CDbConnection', - 'connectionString'=>$sConnectionString, - 'username'=>$sWpDbUser, - 'password'=> $sWpDbPassword, - 'charset'=>$sWpDbCharset, - 'emulatePrepare' => true, - 'tablePrefix' => $sWpDbPrefix, - )); - Yii::app()->setComponent('wpdb', $wpdb); - if(in_array($sWpDbPrefix.'users',Yii::app()->wpdb->schema->getTableNames()) && in_array($sWpDbPrefix.'usermeta',Yii::app()->wpdb->schema->getTableNames()) ){ - $bValid=true; - }else{ - $bValid=false; - } - } catch(CDbException $e) { - $bValid=false; - } - // Maybe deactivate if false ? - return $bValid; - } - -}