Drupal authentication backend for dokuwiki.

Body

This authentication backend'll enable your DokuWiki to authenticate using the drupal database.

<?php
/**
 * Drupal authentication backend
 *
 * Use drupal as an authentication backend.
 *
 * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
 * @author     Mohammed Sameer <msameer@foolab.org>
 */

// TODO: Currently, Each time we have to connct to the db twice, one to auth the
// user and the 2nd to get the info ??
// Groups with spaces'll screw us.

// ChangeLog:
// 2005-12-23: Use header(); instead of redirect();
// 2006-07-23: Ported to the new dokuwiki auth code.
//             use mysql_real_escape_string()
//             We now get the groups using a join instead of multiple queries.
// 2006-08-24: in getUserData(): Check that we have results when we try to get
//             the user details from the database (Thanks Matthew Robinson of fone-me.com)
// 2006-08-30: Check that the user isn't blocked. Thanks alienbrain of EGLUG for the note.
// 2007-01-29: urldecode the username, password, hostname and path (Thanks Walter G).
// 2007-06-29: $db_url for drupal can be an array, we now account for this.

class auth_drupal extends auth_basic {
  var
$url = array();

 

// Constructor.
 
function auth_drupal() {
    global
$conf;

   

// This is a hack because drupal is using ini_set in the $drupal_file
    // and php'll complain
   
$ini = ini_get("error_reporting");
   
ini_set("error_reporting", 0);
   
$drupal_file = $conf['auth']['drupal']['file'];
    include (
$drupal_file);
   
ini_set("error_reporting", $ini);

   

// http://drupal.org/node/18429
   
$this->url = parse_url(is_array($db_url) ? $db_url['default'] : $db_url);
   
$this->url['path'] = substr($this->url['path'], 1);
   
$this->url['db_prefix'] = $db_prefix;

   

//Adapted from the Drupal database.mysql.inc code
    //Decode url-encoded information in the db connection string
   
$this->url['user'] = urldecode($this->url['user']);
   
// Test if database url has a password.
   
if(isset($this->url['pass'])) {
     
$this->url['pass'] = urldecode($this->url['pass']);
    } else {
     
$this->url['pass'] = '';
    }

   

$this->url['host'] = urldecode($this->url['host']);
   
$this->url['path'] = urldecode($this->url['path']);

   

// Establish the connection.
   
$this->url['link'] = mysql_connect($this->url['host'], $this->url['user'], $this->url['pass']);
    if (!
$this->url['link']) {
     
msg('Could not connect: ' . mysql_error());
     
$this->success = false;
      return;
    }

    if (!

mysql_select_db($this->url['path'], $this->url['link'])) {
     
msg('Can\'t select the database: ' . mysql_error());
     
$this->success = false;
      return;
    }

   

// Note: No capabilities. We only handle authentication.

    // Fuck php4. No Destructor.
   

register_shutdown_function("auth_drupal_disconnect", $this);
  }

 

/**
   * Check user+password [required auth function]
   *
   * Checks if the given user exists and the given
   * plaintext password is correct
   *
   * @author  Mohammed Sameer <msameer@foolab.org>
   * @return  bool
   */
 
function checkPass($user,$pass)
  {
   
$user = mysql_real_escape_string($user, $this->url['link']);
   
$password = mysql_real_escape_string(md5($pass), $this->url['link']);

   

$result = mysql_query("SELECT uid FROM ".$url['db_prefix']."users WHERE name = "$user" AND pass = "$password" AND status=1");
    if (!
$result)
      {
   
msg('Invalid query: ' . mysql_error());
   
$this->disconnect();
    return
false;
      }
   
$num = mysql_num_rows($result);
   
//$this->disconnect();
   
return ($num == 0 ? false : true);
  }

 

/**
   * Return user info [required auth function]
   * at least these fields:
   *
   * name string  full name of the user
   * mail string  email addres of the user
   * grps array   list of groups the user is in
   *
   * @author  Mohammed Sameer <msameer@foolab.org>
   */
 
function getUserData($user) {
   
$info['name'] = $user;

   

$result = mysql_query("SELECT uid, mail FROM ".$url['db_prefix']."users WHERE name = "".mysql_real_escape_string($user, $this->url['link']).""");
  if (!
$result)
    {
     
msg('Invalid query: ' . mysql_error());
     
$this->disconnect();
      return
false;
    }

 

// This shouldn't fail but who knows ?
 
$tmp = mysql_fetch_row($result);
  if (!
$tmp)
    return
false;

 

$uid = $tmp[0];

 

// FILL THE EMAIL.
 
$info['mail'] = $tmp[1];

 

// Now let's get the groups of the user.
 
$result = mysql_query("select r.name from role r inner join users_roles u on  u.rid=r.rid and u.uid=$uid");

  if (!

$result)
    {
     
msg('Invalid query: ' . mysql_error());
     
$this->disconnect();
      return
false;
    }
  while(
$tmp = mysql_fetch_row($result))
   
$info['grps'][] = $tmp[0];

 

//  $this->disconnect();

 

return $info;
  }
}

/**
 * Disconnect from the database.
 * @author  Mohammed Sameer <msameer@foolab.org>
 */
function auth_drupal_disconnect($obj) {
 
mysql_close($obj->url['link']);
}

?>

Add new comment

The content of this field is kept private and will not be shown publicly.