| [ Index ] |
|
Code source de DokuWiki 2006-11-06 |
1 <?php 2 /** 3 * auth/basic.class.php 4 * 5 * foundation authorisation class 6 * all auth classes should inherit from this class 7 * 8 * @author Chris Smith <chris@jalakai.co.uk> 9 */ 10 11 class auth_basic { 12 13 var $success = true; 14 15 16 /** 17 * Posible things an auth backend module may be able to 18 * do. The things a backend can do need to be set to true 19 * in the constructor. 20 */ 21 var $cando = array ( 22 'addUser' => false, // can Users be created? 23 'delUser' => false, // can Users be deleted? 24 'modLogin' => false, // can login names be changed? 25 'modPass' => false, // can passwords be changed? 26 'modName' => false, // can real names be changed? 27 'modMail' => false, // can emails be changed? 28 'modGroups' => false, // can groups be changed? 29 'getUsers' => false, // can a (filtered) list of users be retrieved? 30 'getUserCount'=> false, // can the number of users be retrieved? 31 'getGroups' => false, // can a list of available groups be retrieved? 32 'external' => false, // does the module do external auth checking? 33 'logoff' => false, // has the module some special logoff method? 34 ); 35 36 37 /** 38 * Constructor. 39 * 40 * Carry out sanity checks to ensure the object is 41 * able to operate. Set capabilities in $this->cando 42 * array here 43 * 44 * Set $this->success to false if checks fail 45 * 46 * @author Christopher Smith <chris@jalakai.co.uk> 47 */ 48 function auth_basic() { 49 // the base class constructor does nothing, derived class 50 // constructors do the real work 51 } 52 53 /** 54 * Capability check. [ DO NOT OVERRIDE ] 55 * 56 * Checks the capabilities set in the $this->cando array and 57 * some pseudo capabilities (shortcutting access to multiple 58 * ones) 59 * 60 * ususal capabilities start with lowercase letter 61 * shortcut capabilities start with uppercase letter 62 * 63 * @author Andreas Gohr <andi@splitbrain.org> 64 * @return bool 65 */ 66 function canDo($cap) { 67 switch($cap){ 68 case 'Profile': 69 // can at least one of the user's properties be changed? 70 return ( $this->cando['modPass'] || 71 $this->cando['modName'] || 72 $this->cando['modMail'] ); 73 break; 74 case 'UserMod': 75 // can at least anything be changed? 76 return ( $this->cando['modPass'] || 77 $this->cando['modName'] || 78 $this->cando['modMail'] || 79 $this->cando['modLogin'] || 80 $this->cando['modGroups'] || 81 $this->cando['modMail'] ); 82 break; 83 default: 84 // print a helping message for developers 85 if(!isset($this->cando[$cap])){ 86 msg("Check for unknown capability '$cap' - Do you use an outdated Plugin?",-1); 87 } 88 return $this->cando[$cap]; 89 } 90 } 91 92 /** 93 * Log off the current user [ OPTIONAL ] 94 * 95 * Is run in addition to the ususal logoff method. Should 96 * only be needed when trustExternal is implemented. 97 * 98 * @see auth_logoff() 99 * @author Andreas Gohr 100 */ 101 function logOff(){ 102 } 103 104 /** 105 * Do all authentication [ OPTIONAL ] 106 * 107 * Set $this->cando['external'] = true when implemented 108 * 109 * If this function is implemented it will be used to 110 * authenticate a user - all other DokuWiki internals 111 * will not be used for authenticating, thus 112 * implementing the functions below becomes optional. 113 * 114 * The function can be used to authenticate against third 115 * party cookies or Apache auth mechanisms and replaces 116 * the auth_login() function 117 * 118 * The function will be called with or without a set 119 * username. If the Username is given it was called 120 * from the login form and the given credentials might 121 * need to be checked. If no username was given it 122 * the function needs to check if the user is logged in 123 * by other means (cookie, environment). 124 * 125 * The function needs to set some globals needed by 126 * DokuWiki like auth_login() does. 127 * 128 * @see auth_login() 129 * @author Andreas Gohr <andi@splitbrain.org> 130 * 131 * @param string $user Username 132 * @param string $pass Cleartext Password 133 * @param bool $sticky Cookie should not expire 134 * @return bool true on successful auth 135 */ 136 function trustExternal($user,$pass,$sticky=false){ 137 # // some example: 138 # 139 # global $USERINFO; 140 # global $conf; 141 # $sticky ? $sticky = true : $sticky = false; //sanity check 142 # 143 # // do the checking here 144 # 145 # // set the globals if authed 146 # $USERINFO['name'] = 'FIXME'; 147 # $USERINFO['mail'] = 'FIXME'; 148 # $USERINFO['grps'] = array('FIXME'); 149 # $_SERVER['REMOTE_USER'] = $user; 150 # $_SESSION[DOKU_COOKIE]['auth']['user'] = $user; 151 # $_SESSION[DOKU_COOKIE]['auth']['pass'] = $pass; 152 # $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO; 153 # return true; 154 } 155 156 /** 157 * Check user+password [ MUST BE OVERRIDDEN ] 158 * 159 * Checks if the given user exists and the given 160 * plaintext password is correct 161 * 162 * @author Andreas Gohr <andi@splitbrain.org> 163 * @return bool 164 */ 165 function checkPass($user,$pass){ 166 msg("no valid authorisation system in use", -1); 167 return false; 168 } 169 170 /** 171 * Return user info [ MUST BE OVERRIDDEN ] 172 * 173 * Returns info about the given user needs to contain 174 * at least these fields: 175 * 176 * name string full name of the user 177 * mail string email addres of the user 178 * grps array list of groups the user is in 179 * 180 * @author Andreas Gohr <andi@splitbrain.org> 181 * @return array containing user data or false 182 */ 183 function getUserData($user) { 184 msg("no valid authorisation system in use", -1); 185 return false; 186 } 187 188 /** 189 * Create a new User [implement only where required/possible] 190 * 191 * Returns false if the user already exists, null when an error 192 * occured and true if everything went well. 193 * 194 * The new user HAS TO be added to the default group by this 195 * function! 196 * 197 * Set addUser capability when implemented 198 * 199 * @author Andreas Gohr <andi@splitbrain.org> 200 */ 201 function createUser($user,$pass,$name,$mail,$grps=null){ 202 msg("authorisation method does not allow creation of new users", -1); 203 return null; 204 } 205 206 /** 207 * Modify user data [implement only where required/possible] 208 * 209 * Set the mod* capabilities according to the implemented features 210 * 211 * @author Chris Smith <chris@jalakai.co.uk> 212 * @param $user nick of the user to be changed 213 * @param $changes array of field/value pairs to be changed (password will be clear text) 214 * @return bool 215 */ 216 function modifyUser($user, $changes) { 217 msg("authorisation method does not allow modifying of user data", -1); 218 return false; 219 } 220 221 /** 222 * Delete one or more users [implement only where required/possible] 223 * 224 * Set delUser capability when implemented 225 * 226 * @author Chris Smith <chris@jalakai.co.uk> 227 * @param array $users 228 * @return int number of users deleted 229 */ 230 function deleteUsers($users) { 231 msg("authorisation method does not allow deleting of users", -1); 232 return false; 233 } 234 235 /** 236 * Return a count of the number of user which meet $filter criteria 237 * [should be implemented whenever retrieveUsers is implemented] 238 * 239 * Set getUserCount capability when implemented 240 * 241 * @author Chris Smith <chris@jalakai.co.uk> 242 */ 243 function getUserCount($filter=array()) { 244 msg("authorisation method does not provide user counts", -1); 245 return 0; 246 } 247 248 /** 249 * Bulk retrieval of user data [implement only where required/possible] 250 * 251 * Set getUsers capability when implemented 252 * 253 * @author Chris Smith <chris@jalakai.co.uk> 254 * @param start index of first user to be returned 255 * @param limit max number of users to be returned 256 * @param filter array of field/pattern pairs, null for no filter 257 * @return array of userinfo (refer getUserData for internal userinfo details) 258 */ 259 function retrieveUsers($start=0,$limit=-1,$filter=null) { 260 msg("authorisation method does not support mass retrieval of user data", -1); 261 return array(); 262 } 263 264 /** 265 * Define a group [implement only where required/possible] 266 * 267 * Set addGroup capability when implemented 268 * 269 * @author Chris Smith <chris@jalakai.co.uk> 270 * @return bool 271 */ 272 function addGroup($group) { 273 msg("authorisation method does not support independent group creation", -1); 274 return false; 275 } 276 277 /** 278 * Retrieve groups [implement only where required/possible] 279 * 280 * Set getGroups capability when implemented 281 * 282 * @author Chris Smith <chris@jalakai.co.uk> 283 * @return array 284 */ 285 function retrieveGroups($start=0,$limit=0) { 286 msg("authorisation method does not support group list retrieval", -1); 287 return array(); 288 } 289 290 } 291 //Setup VIM: ex: et ts=2 enc=utf-8 :
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Tue Apr 3 20:47:31 2007 | par Balluche grâce à PHPXref 0.7 |