From 915e184c392a52271d84d4212cb7813cc6c0b2e1 Mon Sep 17 00:00:00 2001
From: mjo <mjo@mjo.(none)>
Date: Wed, 10 Sep 2008 15:03:52 -0400
Subject: [PATCH] Initial commit.

---
 LocalSettings.third_party_db_auth.php |  28 +++
 README                                |   9 +
 third_party_db_auth.class.php         | 241 ++++++++++++++++++++++++++
 3 files changed, 278 insertions(+)
 create mode 100644 LocalSettings.third_party_db_auth.php
 create mode 100644 README
 create mode 100644 third_party_db_auth.class.php

diff --git a/LocalSettings.third_party_db_auth.php b/LocalSettings.third_party_db_auth.php
new file mode 100644
index 0000000..c52c236
--- /dev/null
+++ b/LocalSettings.third_party_db_auth.php
@@ -0,0 +1,28 @@
+<?php
+// First, require the plugin.
+require_once './extensions/third_party_db_auth.class.php';
+
+// Now create the plugin object.
+$wgAuth = new ThirdPartyDbAuth('localhost',
+			       'db_name',
+			       'db_username',
+			       'db_password');
+
+/* Here, you have to set the two queries that the class will
+ * use to determine:
+ *
+ * a) whether or not a given username/password combination is valid
+ * b) whether or not a given user exists in the database
+ *
+ * These defaults (below) should give you some idea of how this works.
+ * There are two variables allowed in the quereis, %u and %p
+ * which will be expanded to the supplied username and password
+ * respectively.
+ *
+ * The authentication or existence check will succeed (return true)
+ * if the query returns any rows. Note that this implementation
+ * makes the username/password case-insensitve.
+ */
+$wgAuth->set_authentication_query("SELECT * FROM users WHERE username='%u' AND password='%p'");
+$wgAuth->set_user_exists_query("SELECT * FROM users WHERE username='%u'");
+?>
diff --git a/README b/README
new file mode 100644
index 0000000..81bb3d9
--- /dev/null
+++ b/README
@@ -0,0 +1,9 @@
+This class is an authorization plugin for Mediawiki. It performs the
+authorization and user existence queries to an arbitrary MySQL
+database. An example of its use is included in the
+LocalSettings.third_party_db_auth.php file.
+
+To use the plugin, you could either 'require' the
+LocalSettings.third_party_db_auth.php file in your LocalSettings.php,
+or copy-and-paste its contents into LocalSettings.php, somewhere near
+the bottom (after DefaultSettings.php is included).
diff --git a/third_party_db_auth.class.php b/third_party_db_auth.class.php
new file mode 100644
index 0000000..11d255b
--- /dev/null
+++ b/third_party_db_auth.class.php
@@ -0,0 +1,241 @@
+<?php
+#
+# Copyright Michael Orlitzky
+#
+# http://michael.orlitzky.com/
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# http://www.fsf.org/licensing/licenses/gpl.html
+#
+
+require_once('./includes/AuthPlugin.php');
+
+class ThirdPartyDbAuth extends AuthPlugin {
+
+  /* A connection to the database that lasts as long
+   * as this object is around.
+   */
+  private $connection = null;
+
+
+  /* The query used to determine whether
+   or not the user is authorized. */
+  private $authentication_query = null;
+
+  
+  /* Used to determine whether or not a
+   username is present in the database. */
+  private $user_exists_query = null;
+
+
+  /* True if the supplied query returns one or more rows
+   * when executed against our database connection */
+  private function query_returns_rows($query) {
+    $result = mysql_query($query, $this->connection);
+    $row_count = mysql_num_rows($result);
+    mysql_free_result($result);
+    
+    if ($row_count > 0) {
+      return true;
+    }
+    else {
+      return false;
+    }
+  }
+
+
+  
+  public function set_authentication_query($query) {
+    $this->authentication_query = $query;
+  }
+
+  
+
+  public function set_user_exists_query($query) {
+    $this->user_exists_query = $query;
+  }
+
+  
+  
+  /* The constructor creates a connection to the database
+   * which is kept open for the lifetime of the object
+   */  
+  public function __construct($database_hostname,
+			      $database_name,
+			      $database_username,
+			      $database_password) {
+
+    $this->connection = mysql_connect($database_hostname,
+				      $database_username,
+				      $database_password)
+      or die(mysql_error());
+
+    mysql_select_db($database_name, $this->connection)
+      or die("Couldn't select database {$this->database_name}. Error: " . mysql_error());
+  }
+
+
+  
+  /* The destructor just closes the database connection
+   * that was opened in the constructor.
+   */
+  public function __destruct() {
+    mysql_close($this->connection);
+  }
+
+  
+  
+  /*
+   * Attempt to authenticate the user. We consider them authenticated
+   * if there are any records returned from our authentication query.
+   */
+  function authenticate($username, $password) {
+    if ($this->authentication_query == null) {
+      return false;
+    }
+    
+    $escaped_username = mysql_real_escape_string($username);
+    $escaped_password = mysql_real_escape_string($password);    
+
+    // Substitute for the username and password template variables.
+    $query = str_replace('%u', $escaped_username, $this->authentication_query);
+    $query = str_replace('%p', $escaped_password, $query);
+    
+    return $this->query_returns_rows($query);
+  }
+
+
+
+  /* Check to see if a username exists in our data source.
+   */
+  function userExists($username) {
+    if ($this->user_exists_query == null) {
+      return false;
+    }
+    
+    $escaped_username = mysql_real_escape_string($username);
+
+    // Substitute for the username template variable.
+    $query = str_replace('%u', $escaped_username, $this->user_exists_query);
+    
+    return $this->query_returns_rows($query);
+  }
+
+
+  
+  /* Most of the functions below this point are just overridden
+   * to return constant values. Generally, we don't want to allow
+   * users to touch our third-party database, so for example, we
+   * return false immediately from any attempts to add a user.
+   */
+   
+  
+  /* We don't add users to our data source, so always return false. */
+  function addUser($user, $password) {
+    return false;
+  }
+
+  
+  /* This needs to be true.
+   * Check the superclass source code for an explanation. 
+   */
+  function autoCreate() {
+    return true;
+  }
+
+
+  
+  function canCreateAccounts() {
+    return false;
+  }
+
+
+  
+  /*
+   * If you want to munge the case of an account name before the final
+   * check, now is your chance.
+   */
+  function getCanonicalName($username) {
+    return $username;
+  }
+
+
+	
+  /* Disable some user interface options that don't make
+   * sense in our context.
+   */
+  function modifyUITemplate(&$template) {
+    $template->set('usedomain', false); // We do not want a domain name.
+    $template->set('create', false); // Remove option to create new accounts from the wiki.
+    $template->set('useemail', false); // Disable the mail new password box.
+  }
+
+
+	
+  function setDomain($domain) {}
+
+
+
+  function allowPasswordChange() {
+    return false;
+  }
+
+	
+
+  function setPassword($password) {
+    return false;
+  }
+
+  
+
+  function strict() {
+    return true;
+  }
+
+
+  
+  function strictUserAuth($username) {
+    return true;
+  }
+
+	
+
+  /* This might actually be useful, but we don't use it. */
+  function updateUser( &$user ) {
+    return false;
+  }
+
+
+
+  function updateExternalDB($user) {
+    return false;
+  }
+
+
+  
+  /* We don't use domains, so they're never valid.
+   */
+  function validDomain($domain) {
+    return false;
+  } 
+
+}
+
+
+$wgExtensionCredits['other'][] = array(
+	'name' => 'Third-party Database Authentication',
+	'author' => 'Michael Orlitzky',
+	'description' => 'Allow Mediawiki to authenticate to a third-party (MySQL) database.',
+	'url' => 'http://michael.orlitzky.com/'
+);
+
+?>
-- 
2.43.2