includes/extauth/vB.php

   1 <?php
   2
   3 # Copyright (C) 2009 Aryeh Gregor
   4 #
   5 # This program is free software; you can redistribute it and/or modify
   6 # it under the terms of the GNU General Public License as published by
   7 # the Free Software Foundation; either version 2 of the License, or
   8 # (at your option) any later version.
   9 #
  10 # This program is distributed in the hope that it will be useful,
  11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13 # GNU General Public License for more details.
  14 #
  15 # You should have received a copy of the GNU General Public License along
  16 # with this program; if not, write to the Free Software Foundation, Inc.,
  17 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  18 # http://www.gnu.org/copyleft/gpl.html
  19
  20 /**
  21  * This class supports the proprietary vBulletin forum system
  22  * <http://www.vbulletin.com>, versions 3.5 and up.  It calls no functions or
  23  * code, only reads from the database.  Example lines to put in
  24  * LocalSettings.php:
  25  *
  26  *   $wgExternalAuthType = 'ExternalUser_vB';
  27  *   $wgExternalAuthConf = array(
  28  *       'server' => 'localhost',
  29  *       'username' => 'forum',
  30  *       'password' => 'udE,jSqDJ<""p=fI.K9',
  31  *       'dbname' => 'forum',
  32  *       'tableprefix' => '',
  33  *       'cookieprefix' => 'bb'
  34  *   );
  35  *
  36  * @ingroup ExternalUser
  37  */
  38 class ExternalUser_vB extends ExternalUser {
  39         private $mDb, $mRow;
  40
  41         protected function initFromName( $name ) {
  42                 return $this->initFromCond( array( 'username' => $name ) );
  43         }
  44
  45         protected function initFromId( $id ) {
  46                 return $this->initFromCond( array( 'userid' => $id ) );
  47         }
  48
  49         protected function initFromCookie() {
  50                 # Try using the session table.  It will only have a row if the user has
  51                 # an active session, so it might not always work, but it's a lot easier
  52                 # than trying to convince PHP to give us vB's $_SESSION.
  53                 global $wgExternalAuthConf;
  54                 if ( !isset( $wgExternalAuthConf['cookieprefix'] ) ) {
  55                         $prefix = 'bb';
  56                 } else {
  57                         $prefix = $wgExternalAuthConf['cookieprefix'];
  58                 }
  59                 if ( !isset( $_COOKIE["{$prefix}sessionhash"] ) ) {
  60                         return false;
  61                 }
  62
  63                 $db = $this->getDb();
  64
  65                 $row = $db->selectRow(
  66                         array( 'session', 'user' ),
  67                         $this->getFields(),
  68                         array(
  69                                 'session.userid = user.userid',
  70                                 'sessionhash' => $_COOKIE["{$prefix}sessionhash"]
  71                         ),
  72                         __METHOD__
  73                 );
  74                 if ( !$row ) {
  75                         return false;
  76                 }
  77                 $this->mRow = $row;
  78
  79                 return true;
  80         }
  81
  82         private function initFromCond( $cond ) {
  83                 $db = $this->getDb();
  84
  85                 $row = $db->selectRow(
  86                         'user',
  87                         $this->getFields(),
  88                         $cond,
  89                         __METHOD__
  90                 );
  91                 if ( !$row ) {
  92                         return false;
  93                 }
  94                 $this->mRow = $row;
  95
  96                 return true;
  97         }
  98
  99         private function getDb() {
 100                 global $wgExternalAuthConf;
 101                 return new Database(
 102                         $wgExternalAuthConf['server'],
 103                         $wgExternalAuthConf['username'],
 104                         $wgExternalAuthConf['password'],
 105                         $wgExternalAuthConf['dbname'],
 106                         false, 0,
 107                         $wgExternalAuthConf['tableprefix']
 108                 );
 109         }
 110
 111         private function getFields() {
 112                 return array( 'user.userid', 'username', 'password', 'salt', 'email',
 113                         'usergroupid', 'membergroupids' );
 114         }
 115
 116         public function getId() { return $this->mRow->userid; }
 117         public function getName() { return $this->mRow->username; }
 118
 119         public function authenticate( $password ) {
 120                 # vBulletin seemingly strips whitespace from passwords
 121                 $password = trim( $password );
 122                 return $this->mRow->password == md5( md5( $password )
 123                         . $this->mRow->salt );
 124         }
 125
 126         public function getPref( $pref ) {
 127                 if ( $pref == 'emailaddress' && $this->mRow->email ) {
 128                         # TODO: only return if validated?
 129                         return $this->mRow->email;
 130                 }
 131                 return null;
 132         }
 133
 134         public function getGroups() {
 135                 $groups = array( $this->mRow->usergroupid );
 136                 $groups = array_merge( $groups, explode( ',', $this->mRow->membergroupids ) );
 137                 $groups = array_unique( $groups );
 138                 return $groups;
 139         }
 140 }