connect(); // Clean $username and force lowercase username. $username = htmlentities(strtolower($username), ENT_QUOTES, 'UTF-8'); $username = str_replace(''', '\\\'', $username); // Allow apostrophes (Escape them though) // Check MySQLVersion if ($GLOBALS['gstrMySQLVersion'] >= 4.1) { // Check Database for username and password. $fstrMySQLQuery = 'SELECT `username`, `password` FROM `' . $GLOBALS['wgDiscuz_UserTB'] . '` WHERE `username` = CONVERT( _utf8 \'' . $username . '\' USING utf8 ) LIMIT 1'; } else { // Check Database for username and password. $fstrMySQLQuery = 'SELECT `username`, `password` FROM `' . $GLOBALS['wgDiscuz_UserTB'] . '` WHERE `username` = \'' . $username . '\' LIMIT 1'; } // Query Database. $fresMySQLResult = mysql_query($fstrMySQLQuery, $fresMySQLConnection) or die($this->mySQLError('Unable to view external table_5')); while($faryMySQLResult = mysql_fetch_array($fresMySQLResult)) { // print $this->md5_hmac($password, $username) . ':' . $faryMySQLResult['passwd'] . '
'; // Debug // Check if password submited matches the Discuz password. // Also check if user is a member of the Discuz group 'wiki'. //if ($this->md5_hmac($password, $username) == //<- if (md5($password) == //<- $faryMySQLResult['password'] && $this->isMemberOfWikiGroup($username)) { return true; } } return false; } /** * Return true if the wiki should create a new local account automatically * when asked to login a user who doesn't exist locally but does in the * external auth database. * * If you don't automatically create accounts, you must still create * accounts in some way. It's not possible to authenticate without * a local account. * * This is just a question, and shouldn't perform any actions. * * NOTE: I have set this to true to allow the wiki to create accounts. * Without an accout in the wiki database a user will never be * able to login and use the wiki. I think the password does not * matter as long as authenticate() returns true. * * @return bool * @access public */ function autoCreate() { return true; } /** * Check to see if external accounts can be created. * Return true if external accounts can be created. * * NOTE: We are not allowed to add users to Discuz from the * wiki so this always returns false. * * @return bool * @access public */ function canCreateAccounts() { return false; } /** * Connect to the database. All of these settings are from the * LocalSettings.php file. This assumes that the Discuz uses the same * database/server as the wiki. * * {@source } * @return resource */ function connect() { $dbcharset = $GLOBALS['wgDiscuz_Charset']; // Check if the Discuz tables are in a different database then the Wiki. if ($GLOBALS['wgDiscuz_UseExtDatabase'] == true) { // Connect to database. I supress the error here. $fresMySQLConnection = @mysql_connect($GLOBALS['wgDiscuz_MySQL_Host'], $GLOBALS['wgDiscuz_MySQL_Username'], $GLOBALS['wgDiscuz_MySQL_Password'], true); if (mysql_get_server_info()>= 4.1) if($dbcharset) { mysql_query("SET character_set_connection=$dbcharset, character_set_results=$dbcharset, character_set_client=binary"); } // Check if we are connected to the database. if (!$fresMySQLConnection) { $this->mySQLError('There was a problem when connecting to the Discuz database.
' . 'Check your Host, Username, and Password settings.
'); } // Select Database $db_selected = mysql_select_db($GLOBALS['wgDiscuz_MySQL_Database'], $fresMySQLConnection); // Check if we were able to select the database. if (!$db_selected) { $this->mySQLError('There was a problem when connecting to the Discuz database.
' . 'The database ' . $GLOBALS['wgDiscuz_MySQL_Database'] . ' was not found.
'); } } else { // Connect to database. $fresMySQLConnection = mysql_connect($GLOBALS['wgDBserver'], $GLOBALS['wgDBuser'], $GLOBALS['wgDBpassword'], true); // Check if we are connected to the database. if (!$fresMySQLConnection) { $this->mySQLError('There was a problem when connecting to the Discuz database.
' . 'Check your Host, Username, and Password settings.
'); } // Select Database: This assumes the wiki and Discuz are in the same database. $db_selected = mysql_select_db($GLOBALS['wgDBname']); // Check if we were able to select the database. if (!$db_selected) { $this->mySQLError('There was a problem when connecting to the Discuz database.
' . 'The database ' . $GLOBALS['wgDBname'] . ' was not found.
'); } } $GLOBALS['gstrMySQLVersion'] = substr(mysql_get_server_info(), 0, 3); // Get the mysql version. return $fresMySQLConnection; } /** * If you want to munge the case of an account name before the final * check, now is your chance. */ function getCanonicalName( $username ) { // Connect to the database. $fresMySQLConnection = $this->connect(); // Clean $username and force lowercase username. $username = htmlentities(strtolower($username), ENT_QUOTES, 'UTF-8'); $username = str_replace(''', '\\\'', $username); // Allow apostrophes (Escape them though) // Check MySQLVersion if ($GLOBALS['gstrMySQLVersion'] >= 4.1) { // Check Database for username. We will return the correct casing of the name. $fstrMySQLQuery = 'SELECT `username` FROM `' . $GLOBALS['wgDiscuz_UserTB'] . '` WHERE `username` = CONVERT( _utf8 \'' . $username . '\' USING gbk ) LIMIT 1'; } else { // Check Database for username. We will return the correct casing of the name. $fstrMySQLQuery = 'SELECT `username` FROM `' . $GLOBALS['wgDiscuz_UserTB'] . '` WHERE `username` = \'' . $username . '\' LIMIT 1'; } // Query Database. $fresMySQLResult = mysql_query($fstrMySQLQuery, $fresMySQLConnection) or die($this->mySQLError('Unable to view external table_6')); while($faryMySQLResult = mysql_fetch_assoc($fresMySQLResult)) { return ucfirst($faryMySQLResult['username']); } } /** * When creating a user account, optionally fill in preferences and such. * For instance, you might pull the email address or real name from the * external user database. * * The User object is passed by reference so it can be modified; don't * forget the & on your function declaration. * * NOTE: This gets the email address from Discuz for the wiki account. * * @param User $user * @access public */ function initUser(&$user) { // Connect to the database. $fresMySQLConnection = $this->connect(); // Clean $username and force lowercase username. $username = htmlentities(strtolower($user->mName), ENT_QUOTES, 'UTF-8'); $username = str_replace(''', '\\\'', $username); // Allow apostrophes (Escape them though) // Check MySQLVersion if ($GLOBALS['gstrMySQLVersion'] >= 4.1) { // Check Database for username and email address. $fstrMySQLQuery = 'SELECT f.`uid`,`username`, `email`, `nickname` FROM `' . $GLOBALS['wgDiscuz_UserTB'] . '` m LEFT JOIN `' . $GLOBALS['wgDiscuz_UserFieldTB'] . '` f ON m.uid = f.uid WHERE `username` = CONVERT( _utf8 \'' . $username . '\' USING utf8 ) LIMIT 1'; } else { // Check Database for username and email address. $fstrMySQLQuery = 'SELECT f.`uid`,`username`, `email`, `nickname` FROM `' . $GLOBALS['wgDiscuz_UserTB'] . '` LEFT JOIN `' . $GLOBALS['wgDiscuz_UserFieldTB'] . '` f ON m.uid = f.uid WHERE `username` = \'' . $username . '\' LIMIT 1'; } // Query Database. $fresMySQLResult = mysql_query($fstrMySQLQuery, $fresMySQLConnection) or die($this->mySQLError('Unable to view external table_1')); while($faryMySQLResult = mysql_fetch_array($fresMySQLResult)) { $user->mEmail = $faryMySQLResult['email']; // Set Email Address. $user->mRealName = $faryMySQLResult['nickname']; // Set Real Name. $user->mid = $faryMySQLResult['uid']; // Set user id. } } /** * Checks if the user is a member of the Discuz group called wiki. * * @param string $username * @access public * @return bool * @todo Remove 2nd connection to database. For function isMemberOfWikiGroup() * */ function isMemberOfWikiGroup($username) { // In LocalSettings.php you can control if being // a member of a wiki is required or not. if (isset($GLOBALS['wgDiscuz_UseWikiGroup']) && $GLOBALS['wgDiscuz_UseWikiGroup'] === false) { return true; } // Connect to the database. $fresMySQLConnection = $this->connect(); // Check MySQL Version if ($GLOBALS['gstrMySQLVersion'] >= 4.1) { // Get all the groups the user is a member of. $fstrMySQLQuery = 'SELECT `adminid`, `groupid` FROM `' . $GLOBALS['wgDiscuz_UserTB'] . '` WHERE `username` = CONVERT( _utf8 \'' . $username . '\' USING utf8 ) LIMIT 1'; } else { // Get all the groups the user is a member of. $fstrMySQLQuery = 'SELECT `adminid`, `groupid` FROM `' . $GLOBALS['wgDiscuz_UserTB'] . '` WHERE `username` = \'' . $username . '\' LIMIT 1'; } // Query Database. $fresMySQLResult = mysql_query($fstrMySQLQuery, $fresMySQLConnection) or die($this->mySQLError('Unable to view external table_2')); while($faryMySQLResult = mysql_fetch_array($fresMySQLResult)) { $GroupID = $faryMySQLResult['groupid']; $AdminID = $faryMySQLResult['adminid']; } $wgDiscuz_WikiGroupIDArray=explode(',',$GLOBALS['wgDiscuz_WikiGroupID']); if (in_array($GroupID,$wgDiscuz_WikiGroupIDArray ) || $AdminID =="1") { return true; } else { return false; } } /** * This is the MD5 Encryption Discuz uses for passwords. Taken from Load.php * * @param string $data * @param string $key * @return string */ function md5_hmac($data, $key) { // Check if the user has the cfg file setup correctly. if (!isset($GLOBALS['wgDiscuz_Version'])) { die('
Error: You did not set $wgDiscuz_Version in your LocalSettings.php file.
Please read the README file that came with the Auth_Discuz plug-in for more info.
'); } if (empty($GLOBALS['wgDiscuz_Version'])) { die('
Error: You did not set $wgDiscuz_Version in your LocalSettings.php file.
Please read the README file that came with the Auth_Discuz plug-in for more info.
'); } // Check that a valid version was passed. if ($GLOBALS['wgDiscuz_Version'] != '1.0' && $GLOBALS['wgDiscuz_Version'] != '1.1') { die('
Error: Value passed in $wgDiscuz_Version is not valid.
Please read the README file that came with the Auth_Discuz plug-in for more info.
'); } if ($GLOBALS['wgDiscuz_Version'] == '1.0') { $key = strtolower($key); $key = str_pad(strlen($key) <= 64 ? $key : pack('H*', md5($key)), 64, chr(0x00)); return md5(($key ^ str_repeat(chr(0x5c), 64)) . pack('H*', md5(($key ^ str_repeat(chr(0x36), 64)). $data))); } if ($GLOBALS['wgDiscuz_Version'] == '1.1') { return sha1(strtolower($key) . $data); } // This should never happen. die('
Error: Value passed in $wgDiscuz_Version is not valid.
Please read the README file that came with the Auth_Discuz plug-in for more info.
'); } /** * Modify options in the login template. * * NOTE: Turned off some Template stuff here. Anyone who knows where * to find all the template options please let me know. I was only able * to find a few. * * @param UserLoginTemplate $template * @access public */ function modifyUITemplate( &$template ) { $template->set('usedomain', false); // We do not want a domain name. $template->set('create', false); // Remove option to create new accounts from the wiki. $template->set('useemail', false); // Disable the mail new password box. } /** * This prints an error when a MySQL error is found. * * @param string $message * @access public */ function mySQLError( $message ) { echo $message . '
'; echo 'MySQL Error Number: ' . mysql_errno() . '
'; echo 'MySQL Error Message: ' . mysql_error() . '

'; exit; } /** * Set the domain this plugin is supposed to use when authenticating. * * NOTE: We do not use this. * * @param string $domain * @access public */ function setDomain( $domain ) { $this->domain = $domain; } /** * Set the given password in the authentication database. * Return true if successful. * * NOTE: We only allow the user to change their password via phpBB. * * @param string $password * @return bool * @access public */ function setPassword( $password ) { return true; } /** * Return true to prevent logins that don't authenticate here from being * checked against the local database's password fields. * * This is just a question, and shouldn't perform any actions. * * Note: This forces a user to pass Authentication with the above * function authenticate(). So if a user changes their Discuz * password, their old one will not work to log into the wiki. * Wiki does not have a way to update it's password when Discuz * does. This however does not matter. * * @return bool * @access public */ function strict() { return true; } /** * Update user information in the external authentication database. * Return true if successful. * * @param $user User object. * @return bool * @public */ function updateExternalDB( $user ) { return true; } /** * When a user logs in, optionally fill in preferences and such. * For instance, you might pull the email address or real name from the * external user database. * * The User object is passed by reference so it can be modified; don't * forget the & on your function declaration. * * NOTE: Not useing right now. * * @param User $user * @access public */ function updateUser( &$user ) { return true; } /** * Check whether there exists a user account with the given name. * The name will be normalized to MediaWiki's requirements, so * you might need to munge it (for instance, for lowercase initial * letters). * * NOTE: MediaWiki checks its database for the username. If it has * no record of the username it then asks. "Is this really a * valid username?" If not then MediaWiki fails Authentication. * * @param string $username * @return bool * @access public * @todo write this function. */ function userExists($username) { // Connect to the database. $fresMySQLConnection = $this->connect(); // Clean $username and force lowercase username. $username = htmlentities(strtolower($username), ENT_QUOTES, 'UTF-8'); $username = str_replace(''', '\\\'', $username); // Allow apostrophes (Escape them though) // Check MySQL Version if (mysql_get_server_info() >= 4.1) { // Check Database for username. $fstrMySQLQuery = 'SELECT `username` FROM `' . $GLOBALS['wgDiscuz_UserTB'] . '` WHERE `username` = CONVERT( _utf8 \'' . $username . '\' USING utf8 ) LIMIT 1'; } else { // Check Database for username. $fstrMySQLQuery = 'SELECT `username` FROM `' . $GLOBALS['wgDiscuz_UserTB'] . '` WHERE `username` = \'' . $username . '\' LIMIT 1'; } // Query Database. $fresMySQLResult = mysql_query($fstrMySQLQuery, $fresMySQLConnection) or die($this->mySQLError('Unable to view external table_4')); while($faryMySQLResult = mysql_fetch_array($fresMySQLResult)) { // print htmlentities(strtolower($username), ENT_QUOTES, 'UTF-8') . ' : ' . htmlentities(strtolower($faryMySQLResult['username']), ENT_QUOTES, 'UTF-8'); // Debug // Double check match. if (htmlentities(strtolower($username), ENT_QUOTES, 'UTF-8') == htmlentities(strtolower($faryMySQLResult['username']), ENT_QUOTES, 'UTF-8')) { return true; // Pass } } return false; // Fail } /** * Check to see if the specific domain is a valid domain. * * @param string $domain * @return bool * @access public */ function validDomain( $domain ) { return true; } } ?>