<?php
#
# Copyright Michael Orlitzky
#
# http://michael.orlitzky.com/
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# http://www.fsf.org/licensing/licenses/gpl.html
#

require_once('./includes/AuthPlugin.php');

class ThirdPartyDbAuth extends AuthPlugin {

  /* A connection to the database that lasts as long
   * as this object is around.
   */
  private $connection = null;


  /* The query used to determine whether
   or not the user is authorized. */
  private $authentication_query = null;

  
  /* Used to determine whether or not a
   username is present in the database. */
  private $user_exists_query = null;


  /* True if the supplied query returns one or more rows
   * when executed against our database connection */
  private function query_returns_rows($query) {
    $result = mysql_query($query, $this->connection);
    $row_count = mysql_num_rows($result);
    mysql_free_result($result);
    
    if ($row_count > 0) {
      return true;
    }
    else {
      return false;
    }
  }


  
  public function set_authentication_query($query) {
    $this->authentication_query = $query;
  }

  

  public function set_user_exists_query($query) {
    $this->user_exists_query = $query;
  }

  
  
  /* The constructor creates a connection to the database
   * which is kept open for the lifetime of the object
   */  
  public function __construct($database_hostname,
			      $database_name,
			      $database_username,
			      $database_password) {

    $this->connection = mysql_connect($database_hostname,
				      $database_username,
				      $database_password)
      or die(mysql_error());

    mysql_select_db($database_name, $this->connection)
      or die("Couldn't select database {$this->database_name}. Error: " . mysql_error());
  }


  
  /* The destructor just closes the database connection
   * that was opened in the constructor.
   */
  public function __destruct() {
    mysql_close($this->connection);
  }

  
  
  /*
   * Attempt to authenticate the user. We consider them authenticated
   * if there are any records returned from our authentication query.
   */
  function authenticate($username, $password) {
    if ($this->authentication_query == null) {
      return false;
    }
    
    $escaped_username = mysql_real_escape_string($username);
    $escaped_password = mysql_real_escape_string($password);    

    // Substitute for the username and password template variables.
    $query = str_replace('%u', $escaped_username, $this->authentication_query);
    $query = str_replace('%p', $escaped_password, $query);
    
    return $this->query_returns_rows($query);
  }



  /* Check to see if a username exists in our data source.
   */
  function userExists($username) {
    if ($this->user_exists_query == null) {
      return false;
    }
    
    $escaped_username = mysql_real_escape_string($username);

    // Substitute for the username template variable.
    $query = str_replace('%u', $escaped_username, $this->user_exists_query);
    
    return $this->query_returns_rows($query);
  }


  
  /* Most of the functions below this point are just overridden
   * to return constant values. Generally, we don't want to allow
   * users to touch our third-party database, so for example, we
   * return false immediately from any attempts to add a user.
   */
   
  
  /* We don't add users to our data source, so always return false. */
  function addUser($user, $password) {
    return false;
  }

  
  /* This needs to be true.
   * Check the superclass source code for an explanation. 
   */
  function autoCreate() {
    return true;
  }


  
  function canCreateAccounts() {
    return false;
  }


  
  /*
   * If you want to munge the case of an account name before the final
   * check, now is your chance.
   */
  function getCanonicalName($username) {
    return $username;
  }


	
  /* Disable some user interface options that don't make
   * sense in our context.
   */
  function modifyUITemplate(&$template) {
    $template->set('usedomain', false); // We do not want a domain name.
    $template->set('create', false); // Remove option to create new accounts from the wiki.
    $template->set('useemail', false); // Disable the mail new password box.
  }


	
  function setDomain($domain) {}



  function allowPasswordChange() {
    return false;
  }

	

  function setPassword($password) {
    return false;
  }

  

  function strict() {
    return true;
  }


  
  function strictUserAuth($username) {
    return true;
  }

	

  /* This might actually be useful, but we don't use it. */
  function updateUser( &$user ) {
    return false;
  }



  function updateExternalDB($user) {
    return false;
  }


  
  /* We don't use domains, so they're never valid.
   */
  function validDomain($domain) {
    return false;
  } 

}


$wgExtensionCredits['other'][] = array(
	'name' => 'Third-party Database Authentication',
	'author' => 'Michael Orlitzky',
	'description' => 'Allow Mediawiki to authenticate to a third-party (MySQL) database.',
	'url' => 'http://michael.orlitzky.com/'
);

?>