3 files changed, 360 insertions, 0 deletions
diff --git a/includes/extauth/Hardcoded.php b/includes/extauth/Hardcoded.php
new file mode 100644
index 00000000..a9a60bea
--- /dev/null
+++ b/includes/extauth/Hardcoded.php
@@ -0,0 +1,79 @@
+<?php
+
+# Copyright (C) 2009 Aryeh Gregor
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+# http://www.gnu.org/copyleft/gpl.html
+
+/**
+ * This class supports external authentication from a literal array dumped in
+ * LocalSettings.php.  It's mostly useful for testing.  Example configuration:
+ *
+ *   $wgExternalAuthType = 'ExternalUser_Hardcoded';
+ *   $wgExternalAuthConf = array(
+ *       'Bob Smith' => array(
+ *           'password' => 'literal string',
+ *           'emailaddress' => 'bob@example.com',
+ *       ),
+ *   );
+ *
+ * Multiple names may be provided.  The keys of the inner arrays can be either
+ * 'password', or the name of any preference.
+ *
+ * @ingroup ExternalUser
+ */
+class ExternalUser_Hardcoded extends ExternalUser {
+	private $mName;
+
+	protected function initFromName( $name ) {
+		global $wgExternalAuthConf;
+
+		if ( isset( $wgExternalAuthConf[$name] ) ) {
+			$this->mName = $name;
+			return true;
+		}
+		return false;
+	}
+
+	protected function initFromId( $id ) {
+		return $this->initFromName( $id );
+	}
+
+	public function getId() {
+		return $this->mName;
+	}
+
+	public function getName() {
+		return $this->mName;
+	}
+
+	public function authenticate( $password ) {
+		global $wgExternalAuthConf;
+
+		return isset( $wgExternalAuthConf[$this->mName]['password'] )
+			&& $wgExternalAuthConf[$this->mName]['password'] == $password;
+	}
+
+	public function getPref( $pref ) {
+		global $wgExternalAuthConf;
+
+		if ( isset( $wgExternalAuthConf[$this->mName][$pref] ) ) {
+			return $wgExternalAuthConf[$this->mName][$pref];
+		}
+		return null;
+	}
+
+	# TODO: Implement setPref() via regex on LocalSettings.  (Just kidding.)
+}
diff --git a/includes/extauth/MediaWiki.php b/includes/extauth/MediaWiki.php
new file mode 100644
index 00000000..7d6a3c71
--- /dev/null
+++ b/includes/extauth/MediaWiki.php
@@ -0,0 +1,141 @@
+<?php
+
+# Copyright (C) 2009 Aryeh Gregor
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+# http://www.gnu.org/copyleft/gpl.html
+
+/**
+ * This class supports authentication against an external MediaWiki database,
+ * probably any version back to 1.5 or something.  Example configuration:
+ *
+ *   $wgExternalAuthType = 'ExternalUser_MediaWiki';
+ *   $wgExternalAuthConf = array(
+ *       'DBtype' => 'mysql',
+ *       'DBserver' => 'localhost',
+ *       'DBname' => 'wikidb',
+ *       'DBuser' => 'quasit',
+ *       'DBpassword' => 'a5Cr:yf9u-6[{`g',
+ *       'DBprefix' => '',
+ *   );
+ *
+ * All fields must be present.  These mean the same things as $wgDBtype, 
+ * $wgDBserver, etc.  This implementation is quite crude; it could easily 
+ * support multiple database servers, for instance, and memcached, and it 
+ * probably has bugs.  Kind of hard to reuse code when things might rely on who 
+ * knows what configuration globals.
+ *
+ * If either wiki uses the UserComparePasswords hook, password authentication 
+ * might fail unexpectedly unless they both do the exact same validation.  
+ * There may be other corner cases like this where this will fail, but it 
+ * should be unlikely.
+ *
+ * @ingroup ExternalUser
+ */
+class ExternalUser_MediaWiki extends ExternalUser {
+	private $mRow, $mDb;
+
+	protected function initFromName( $name ) {
+		# We might not need the 'usable' bit, but let's be safe.  Theoretically 
+		# this might return wrong results for old versions, but it's probably 
+		# good enough.
+		$name = User::getCanonicalName( $name, 'usable' );
+
+		if ( !is_string( $name ) ) {
+			return false;
+		}
+
+		return $this->initFromCond( array( 'user_name' => $name ) );
+	}
+
+	protected function initFromId( $id ) {
+		return $this->initFromCond( array( 'user_id' => $id ) );
+	}
+
+	private function initFromCond( $cond ) {
+		global $wgExternalAuthConf;
+
+		$class = 'Database' . $wgExternalAuthConf['DBtype'];
+		$this->mDb = new $class(
+			$wgExternalAuthConf['DBserver'],
+			$wgExternalAuthConf['DBuser'],
+			$wgExternalAuthConf['DBpassword'],
+			$wgExternalAuthConf['DBname'],
+			false,
+			0,
+			$wgExternalAuthConf['DBprefix']
+		);
+
+		$row = $this->mDb->selectRow(
+			'user',
+			array(
+				'user_name', 'user_id', 'user_password', 'user_email',
+				'user_email_authenticated'
+			),
+			$cond,
+			__METHOD__
+		);
+		if ( !$row ) {
+			return false;
+		}
+		$this->mRow = $row;
+
+		return true;
+	}
+
+	# TODO: Implement initFromCookie().
+
+	public function getId() {
+		return $this->mRow->user_id;
+	}
+
+	public function getName() {
+		return $this->mRow->user_name;
+	}
+
+	public function authenticate( $password ) {
+		# This might be wrong if anyone actually uses the UserComparePasswords hook 
+		# (on either end), so don't use this if you those are incompatible.
+		return User::comparePasswords( $this->mRow->user_password, $password,
+			$this->mRow->user_id );	
+	}
+
+	public function getPref( $pref ) {
+		# FIXME: Return other prefs too.  Lots of global-riddled code that does 
+		# this normally.
+		if ( $pref === 'emailaddress'
+		&& $this->row->user_email_authenticated !== null ) {
+			return $this->mRow->user_email;
+		}
+		return null;
+	}
+
+	public function getGroups() {
+		# FIXME: Untested.
+		$groups = array();
+		$res = $this->mDb->select(
+			'user_groups',
+			'ug_group',
+			array( 'ug_user' => $this->mRow->user_id ),
+			__METHOD__
+		);
+		foreach ( $res as $row ) {
+			$groups[] = $row->ug_group;
+		}
+		return $groups;
+	}
+
+	# TODO: Implement setPref().
+}
diff --git a/includes/extauth/vB.php b/includes/extauth/vB.php
new file mode 100644
index 00000000..23523665
--- /dev/null
+++ b/includes/extauth/vB.php
@@ -0,0 +1,140 @@
+<?php
+
+# Copyright (C) 2009 Aryeh Gregor
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+# http://www.gnu.org/copyleft/gpl.html
+
+/**
+ * This class supports the proprietary vBulletin forum system
+ * <http://www.vbulletin.com>, versions 3.5 and up.  It calls no functions or
+ * code, only reads from the database.  Example lines to put in
+ * LocalSettings.php:
+ *
+ *   $wgExternalAuthType = 'ExternalUser_vB';
+ *   $wgExternalAuthConf = array(
+ *       'server' => 'localhost',
+ *       'username' => 'forum',
+ *       'password' => 'udE,jSqDJ<""p=fI.K9',
+ *       'dbname' => 'forum',
+ *       'tableprefix' => '',
+ *       'cookieprefix' => 'bb'
+ *   );
+ *
+ * @ingroup ExternalUser
+ */
+class ExternalUser_vB extends ExternalUser {
+	private $mDb, $mRow;
+
+	protected function initFromName( $name ) {
+		return $this->initFromCond( array( 'username' => $name ) );
+	}
+
+	protected function initFromId( $id ) {
+		return $this->initFromCond( array( 'userid' => $id ) );
+	}
+
+	protected function initFromCookie() {
+		# Try using the session table.  It will only have a row if the user has
+		# an active session, so it might not always work, but it's a lot easier
+		# than trying to convince PHP to give us vB's $_SESSION.
+		global $wgExternalAuthConf;
+		if ( !isset( $wgExternalAuthConf['cookieprefix'] ) ) {
+			$prefix = 'bb';
+		} else {
+			$prefix = $wgExternalAuthConf['cookieprefix'];
+		}
+		if ( !isset( $_COOKIE["{$prefix}sessionhash"] ) ) {
+			return false;
+		}
+
+		$db = $this->getDb();
+
+		$row = $db->selectRow(
+			array( 'session', 'user' ),
+			$this->getFields(),
+			array(
+				'session.userid = user.userid',
+				'sessionhash' => $_COOKIE["{$prefix}sessionhash"]
+			),
+			__METHOD__
+		);
+		if ( !$row ) {
+			return false;
+		}
+		$this->mRow = $row;
+
+		return true;
+	}
+
+	private function initFromCond( $cond ) {
+		$db = $this->getDb();
+
+		$row = $db->selectRow(
+			'user',
+			$this->getFields(),
+			$cond,
+			__METHOD__
+		);
+		if ( !$row ) {
+			return false;
+		}
+		$this->mRow = $row;
+
+		return true;
+	}
+
+	private function getDb() {
+		global $wgExternalAuthConf;
+		return new Database(
+			$wgExternalAuthConf['server'],
+			$wgExternalAuthConf['username'],
+			$wgExternalAuthConf['password'],
+			$wgExternalAuthConf['dbname'],
+			false, 0,
+			$wgExternalAuthConf['tableprefix']
+		);
+	}
+
+	private function getFields() {
+		return array( 'user.userid', 'username', 'password', 'salt', 'email',
+			'usergroupid', 'membergroupids' );
+	}
+
+	public function getId() { return $this->mRow->userid; }
+	public function getName() { return $this->mRow->username; }
+
+	public function authenticate( $password ) {
+		# vBulletin seemingly strips whitespace from passwords
+		$password = trim( $password );
+		return $this->mRow->password == md5( md5( $password )
+			. $this->mRow->salt );
+	}
+
+	public function getPref( $pref ) {
+		if ( $pref == 'emailaddress' && $this->mRow->email ) {
+			# TODO: only return if validated?
+			return $this->mRow->email;
+		}
+		return null;
+	}
+
+	public function getGroups() {
+		$groups = array( $this->mRow->usergroupid );
+		$groups = array_merge( $groups, explode( ',', $this->mRow->membergroupids ) );
+		$groups = array_unique( $groups );
+		return $groups;
+	}
+}