From 692acc9eaff27fa5c2c08134f89892b4574a1e4a Mon Sep 17 00:00:00 2001
From: Ricky Zhou <ricky@fedoraproject.org>
Date: Fri, 14 Aug 2009 21:57:35 -0400
Subject: [PATCH] Add and commented out SSL options, fix trailing whitespace.

---
 .../wordpress-mu-plugin-fasauth/fasauth.php   | 22 ++++++++++++-------
 scripts/Auth_FAS_MediaWiki/Auth_FAS.php       |  7 +++---
 2 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/plugins/wordpress-mu-plugin-fasauth/fasauth.php b/plugins/wordpress-mu-plugin-fasauth/fasauth.php
index 74d6cb8..f4e264f 100644
--- a/plugins/wordpress-mu-plugin-fasauth/fasauth.php
+++ b/plugins/wordpress-mu-plugin-fasauth/fasauth.php
@@ -31,7 +31,7 @@ if (!function_exists('wp_authenticate')) {
 
     /*
      * FAS Authentication
-     */ 
+     */
     function wp_authenticate($username, $password) {
 
         $config = fasauth_config();
@@ -42,13 +42,19 @@ if (!function_exists('wp_authenticate')) {
         curl_setopt($ch, CURLOPT_URL, $config['fas_json_url']);
         curl_setopt($ch, CURLOPT_POST, 1);
         curl_setopt($ch, CURLOPT_USERAGENT, "Wordpress MU FAS Auth 0.1");
-        curl_setopt($ch, CURLOPT_POSTFIELDS, "username=".urlencode($username)."&user_name=".urlencode($username)."&password=".urlencode($password)."&login=Login");                            
+        curl_setopt($ch, CURLOPT_POSTFIELDS, "username=".urlencode($username)."&user_name=".urlencode($username)."&password=".urlencode($password)."&login=Login");
         curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
 
         # WARNING: Never leave this on in production, as it will cause
         # plaintext passwords to show up in error logs.
         curl_setopt($ch, CURLOPT_VERBOSE, 0);
 
+        # The following two lines need to be uncommented when using a test FAS
+        # with an invalid cert.  Otherwise they should be commented (or set to
+        # True) for security.
+        #curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
+        #curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
+
         $fasuserdata = json_decode(curl_exec($ch), true);
         curl_close ($ch);
 
@@ -58,17 +64,17 @@ if (!function_exists('wp_authenticate')) {
             // check minimum requirements
             if (check_login_requirement($fasuserdata) !== true) {
                 error_log("FAS auth failed for $username: insufficient group membership", 0);
-                return new WP_Error('fasauth_min_requirement', __('<strong>Error</strong>: You do not meet minimum requirements to login.'));		
+                return new WP_Error('fasauth_min_requirement', __('<strong>Error</strong>: You do not meet minimum requirements to login.'));
             }
 
             // let's check wp db for user
             $user = get_userdatabylogin($username);
 
             // user not found, let's create db entry for it
-            if ( !$user || ($user->user_login != $username) ) {			
+            if ( !$user || ($user->user_login != $username) ) {
                 $user_id = create_wp_user($username);
                 if (!$user_id) {
-                    return new WP_Error('fasauth_create_wp_user', __('<strong>Error</strong>: Unable to create account. Please contact the webmaster.'));		
+                    return new WP_Error('fasauth_create_wp_user', __('<strong>Error</strong>: Unable to create account. Please contact the webmaster.'));
                 }
 
                 error_log("FAS auth succeeded for $username", 0);
@@ -87,7 +93,7 @@ if (!function_exists('wp_authenticate')) {
 
     /*
      * Creates user in wp db
-     */ 
+     */
     function create_wp_user($username) {
 
         $config = fasauth_config();
@@ -104,7 +110,7 @@ if (!function_exists('wp_authenticate')) {
     function disable_function() {
         die('Feature disabled.');
     }
-	
+
     /*
      * Used to redirect all lost password request to FAS.
      */
@@ -112,7 +118,7 @@ if (!function_exists('wp_authenticate')) {
 		$config = fasauth_config();
         wp_redirect($config['fas_pass_reset_url'], 302);
     }
-	
+
 
     /*
      *  checks minimum login requirements
diff --git a/scripts/Auth_FAS_MediaWiki/Auth_FAS.php b/scripts/Auth_FAS_MediaWiki/Auth_FAS.php
index 7ece0bb..0a25a5d 100644
--- a/scripts/Auth_FAS_MediaWiki/Auth_FAS.php
+++ b/scripts/Auth_FAS_MediaWiki/Auth_FAS.php
@@ -19,11 +19,12 @@ class Auth_FAS extends AuthPlugin {
         # plaintext passwords to show up in error logs.
         curl_setopt($ch, CURLOPT_VERBOSE, 0);
 
-        # The following two lines need to be enabled when using a test FAS
-        # with an invalid cert.  Otherwise they should be commented (or
-        # set to True) for security.
+        # The following two lines need to be uncommented when using a test FAS
+        # with an invalid cert.  Otherwise they should be commented (or set to
+        # True) for security.
         #curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
         #curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
+
         $response = json_decode(curl_exec($ch), true);
         curl_close ($ch);