diff --git a/plugins/wordpress-mu-plugin-fasauth/fasauth.php b/plugins/wordpress-mu-plugin-fasauth/fasauth.php index 36683d9..7c10302 100644 --- a/plugins/wordpress-mu-plugin-fasauth/fasauth.php +++ b/plugins/wordpress-mu-plugin-fasauth/fasauth.php @@ -1,260 +1,124 @@ -
-

External database settings

-
- -

Connection settings

-

Caution: If you make a mistake, it will lock you out of your Wordpress installation, and you'll have to delete or rename the plugin file to regain access!

- Make sure your WP admin account exists in the external db prior to saving these settings. - - - - - - - - - - - - - - - - - - - -
External database type: -
required; If not MySQL, requires PEAR MDB2 package and relevant database driver package installation. -

- In case this isn't in some sort of include path in your PHP configuration. No trailing slash! e.g., /home/username/php 		-

required; (often localhost) 		-

Only set this if you have a non-standard port for connecting.		 -

required		 -

required; (recommend select privileges only)		 -

required		 -

required		 -
- -

Field matching settings

-

Username, password, and password hash type have to be set at the minimum. Be careful with this section! If you enter incorrect settings, you'll get locked out of your admin panel and will need to delete the plugin or change plugin settings directly in the wp_options table.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

required		 -

required		 -
Type of encryption for password:
required; (using "Other" requires you to enter PHP code below!)

Enter code here; only will run if "Other" is selected. Variable you need to set is $password2. See source code for other variable names.		 -
- -
Use this if you have certain user role ids in your external database to further restrict allowed logins. If unused, leave fields blank.		 -
-
-
-
-
-
-
-
-
-

Other

- - - - - -
Custom login message: -
Shows up in login box, e.g., to tell them where to get an account. You can use HTML in this text.
- -

- -

-
-
-'.get_option('ext_db_error_msg')); -} - -//gives warning for login - where to get "source" login -function fas_auth_warning() { - echo "

".get_option('fas_error_msg')."

"; -} - -function fas_errors() { - global $error; - global $fas_error; - if ($fas_error == "notindb") - return "ERROR: Username not found."; - else if ($fas_error == "wrongrole") - return "ERROR: You don't have permissions to log in."; - else if ($fas_error == "wrongpw") - return "ERROR: Invalid password."; - else - return $error; -} - -add_action('admin_init', 'fas_auth_init' ); -add_action('admin_menu', 'fas_auth_add_menu'); -add_action('wp_authenticate', 'fas_auth_check_login', 1, 2 ); -add_action('login_form','fas_auth_warning'); +// let's disable a few things add_action('lost_password', 'disable_function'); add_action('retrieve_password', 'disable_function'); add_action('password_reset', 'disable_function'); -add_filter('login_errors','fas_errors'); -register_activation_hook( __FILE__, 'fas_auth_activate' ); +// overriding wp_authenticate +if(!function_exists('wp_authenticate')) : + +function wp_authenticate($username, $password) { + $username = sanitize_user($username); + + if ($username == '' || $password == '') { + return new WP_Error('empty_username', __('ERROR: The username or password field is empty.')); + } + + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, 'http://publictest3.fedoraproject.org/accounts/json/person_by_username?tg_format=json'); + curl_setopt($ch, CURLOPT_POST, 1); + curl_setopt($ch, CURLOPT_USERAGENT, "Auth_FAS 0.9"); + curl_setopt($ch, CURLOPT_POSTFIELDS, "username=".$username."&user_name=".$username."&password=".$password."&login=Login"); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); + curl_setopt($ch, CURLOPT_VERBOSE, 1); + $fasuserdata = json_decode(curl_exec($ch), true); + curl_close ($ch); + + // fas login successful + if (isset($fasuserdata["success"]) && $fasuserdata['person']['status'] == 'active') { + + // check minimum group requirements + if (check_grp_req($fasuserdata) !== true) { + return new WP_Error('incorrect_password', __('Error: You do not meet minimum requirements to login.')); + } + + + //echo "Min response: ".$min_req; + + // let's check wp db for user + $user = get_userdatabylogin($username); + + // user not found, let's create db entry for it + if ( !$user || ($user->user_login != $username) ) { + $user_id = create_wp_user($username); + if (!$user_id) { + return new WP_Error('incorrect_password', __('Error: Unable to create account. Please contact the webmaster.')); + } + + return new WP_User($user_id); + } + + // all good, let go on + return new WP_User($user->ID); + + } else { + return new WP_Error('incorrect_password', __('Status: FAS Login NOT successful.')); + } +} + +// creates user in wp db +function create_wp_user($username) { + $password = ''; + $email_domain = 'fedoraproject.org'; + + require_once(WPINC . DIRECTORY_SEPARATOR . 'registration.php'); + return wpmu_create_user($username, $password, $username.'@'.$email_domain); +} + +/* +* Used to disable certain login functions, e.g. retrieving a +* user's password. +*/ +function disable_function() { + die('Feature disabled.'); + //return new WP_Error('disabled_feature', __('ERROR: This feature is disabled.')); +} + +/* +* checks minimum group requirements +*/ +function check_grp_req($user) { + + $groups = $user["person"]["approved_memberships"]; + + //echo "Group: ". print_r($groups); + + // checking other group memberships + $match = 0; + $in_cla = false; + for ($i = 0, $cnt = count($groups); $i < $cnt; $i++) { + + // user must be in cla + if ($groups[$i]["name"] == "cla_done") { + $in_cla = true; + } + + // keep count of anything non-cla + if (!preg_match('/^cla_/', $groups[$i]["name"])) { + $match++; + } + } + + // yay, more than 1 non-cla group + if ($match > 0 and $in_cla) { + return true; + } + + // if all else fails + return false; + +} + +endif; + +?>