if(($ACT == 'edit' || $ACT == 'preview') && $INFO['editable']){ ?> } else { ?> } ?>
URL: http://foolab.org/node/785
Dokwiki code to support a Drupal authentication backend for DokuWiki.
<?php /** * Drupal authentication backend * * Use drupal as an authentication backend. * * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) * @author Mohammed Sameer <msameer@foolab.org> */ // TODO: Currently, Each time we have to connct to the db twice, one to auth the // user and the 2nd to get the info ?? // Groups with spaces'll screw us. // ChangeLog: // 2005-12-23: Use header(); instead of redirect(); // 2006-07-23: Ported to the new DokuWiki auth code. // use mysql_real_escape_string() // We now get the groups using a join instead of multiple queries. // 2006-08-24: in getUserData(): Check that we have results when we try to get // the user details from the database (Thanks Matthew Robinson of fone-me.com) // 2006-08-30: Check that the user isn't blocked. Thanks alienbrain of EGLUG for the note. // 2007-01-29: urldecode the username, password, hostname and path (Thanks Walter G). // 2007-06-29: $db_url for drupal can be an array, we now account for this. class auth_drupal extends auth_basic { var $url = array(); // Constructor. function auth_drupal() { global $conf; // This is a hack because drupal is using ini_set in the $drupal_file // and php'll complain $ini = ini_get("error_reporting"); ini_set("error_reporting", 0); $drupal_file = $conf['auth']['drupal']['file']; include ($drupal_file); ini_set("error_reporting", $ini); // http://drupal.org/node/18429 $this->url = parse_url(is_array($db_url) ? $db_url['default'] : $db_url); $this->url['path'] = substr($this->url['path'], 1); $this->url['db_prefix'] = $db_prefix; //Adapted from the Drupal database.mysql.inc code //Decode url-encoded information in the db connection string $this->url['user'] = urldecode($this->url['user']); // Test if database url has a password. if(isset($this->url['pass'])) { $this->url['pass'] = urldecode($this->url['pass']); } else { $this->url['pass'] = ''; } $this->url['host'] = urldecode($this->url['host']); $this->url['path'] = urldecode($this->url['path']); // Establish the connection. $this->url['link'] = mysql_connect($this->url['host'], $this->url['user'], $this->url['pass']); if (!$this->url['link']) { msg('Could not connect: ' . mysql_error()); $this->success = false; return; } if (!mysql_select_db($this->url['path'], $this->url['link'])) { msg('Can\'t select the database: ' . mysql_error()); $this->success = false; return; } // Note: No capabilities. We only handle authentication. // Fuck php4. No Destructor. register_shutdown_function("auth_drupal_disconnect", $this); } /** * Check user+password [required auth function] * * Checks if the given user exists and the given * plaintext password is correct * * @author Mohammed Sameer <msameer@foolab.org> * @return bool */ function checkPass($user,$pass) { $user = mysql_real_escape_string($user, $this->url['link']); $password = mysql_real_escape_string(md5($pass), $this->url['link']); $result = mysql_query("SELECT uid FROM ".$url['db_prefix']."users WHERE name = \"$user\" AND pass = \"$password\" AND status=1"); if (!$result) { msg('Invalid query: ' . mysql_error()); $this->disconnect(); return false; } $num = mysql_num_rows($result); //$this->disconnect(); return ($num == 0 ? false : true); } /** * Return user info [required auth function] * at least these fields: * * name string full name of the user * mail string email addres of the user * grps array list of groups the user is in * * @author Mohammed Sameer <msameer@foolab.org> */ function getUserData($user) { $info['name'] = $user; $result = mysql_query("SELECT uid, mail FROM ".$url['db_prefix']."users WHERE name = \"".mysql_real_escape_string($user, $this->url['link'])."\""); if (!$result) { msg('Invalid query: ' . mysql_error()); $this->disconnect(); return false; } // This shouldn't fail but who knows ? $tmp = mysql_fetch_row($result); if (!$tmp) return false; $uid = $tmp[0]; // FILL THE EMAIL. $info['mail'] = $tmp[1]; // Now let's get the groups of the user. $result = mysql_query("select r.name from role r inner join users_roles u on u.rid=r.rid and u.uid=$uid"); if (!$result) { msg('Invalid query: ' . mysql_error()); $this->disconnect(); return false; } while($tmp = mysql_fetch_row($result)) $info['grps'][] = $tmp[0]; // $this->disconnect(); return $info; } } /** * Disconnect from the database. * @author Mohammed Sameer <msameer@foolab.org> */ function auth_drupal_disconnect($obj) { mysql_close($obj->url['link']); } ?>