includes/extauth/vB.php

   1 <?php
   2
   3 # Copyright (C) 2009 Aryeh Gregor
   4 #
   5 # This program is free software; you can redistribute it and/or modify
   6 # it under the terms of the GNU General Public License as published by
   7 # the Free Software Foundation; either version 2 of the License, or
   8 # (at your option) any later version.
   9 #
  10 # This program is distributed in the hope that it will be useful,
  11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13 # GNU General Public License for more details.
  14 #
  15 # You should have received a copy of the GNU General Public License along
  16 # with this program; if not, write to the Free Software Foundation, Inc.,
  17 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  18 # http://www.gnu.org/copyleft/gpl.html
  19
  20 /**
  21  * This class supports the proprietary vBulletin forum system
  22  * <http://www.vbulletin.com>, versions 3.5 and up.  It calls no functions or
  23  * code, only reads from the database.  Example lines to put in
  24  * LocalSettings.php:
  25  *
  26  *   $wgExternalAuthType = 'ExternalUser_vB';
  27  *   $wgExternalAuthConf = array(
  28  *       'server' => 'localhost',
  29  *       'username' => 'forum',
  30  *       'password' => 'udE,jSqDJ<""p=fI.K9',
  31  *       'dbname' => 'forum',
  32  *       'tableprefix' => '',
  33  *       'cookieprefix' => 'bb'
  34  *   );
  35  */
  36 class ExternalUser_vB extends ExternalUser {
  37         private $mDb, $mRow;
  38
  39         protected function initFromName( $name ) {
  40                 return $this->initFromCond( array( 'username' => $name ) );
  41         }
  42
  43         protected function initFromId( $id ) {
  44                 return $this->initFromCond( array( 'userid' => $id ) );
  45         }
  46
  47         protected function initFromCookie() {
  48                 # Try using the session table.  It will only have a row if the user has
  49                 # an active session, so it might not always work, but it's a lot easier
  50                 # than trying to convince PHP to give us vB's $_SESSION.
  51                 global $wgExternalAuthConf;
  52                 if ( !isset( $wgExternalAuthConf['cookieprefix'] ) ) {
  53                         $prefix = 'bb';
  54                 } else {
  55                         $prefix = $wgExternalAuthConf['cookieprefix'];
  56                 }
  57                 if ( !isset( $_COOKIE["{$prefix}sessionhash"] ) ) {
  58                         return false;
  59                 }
  60
  61                 $db = $this->getDb();
  62
  63                 $row = $db->selectRow(
  64                         array( 'session', 'user' ),
  65                         $this->getFields(),
  66                         array(
  67                                 'session.userid = user.userid',
  68                                 'sessionhash' => $_COOKIE["{$prefix}sessionhash"]
  69                         ),
  70                         __METHOD__
  71                 );
  72                 if ( !$row ) {
  73                         return false;
  74                 }
  75                 $this->mRow = $row;
  76
  77                 return true;
  78         }
  79
  80         private function initFromCond( $cond ) {
  81                 $db = $this->getDb();
  82
  83                 $row = $db->selectRow(
  84                         'user',
  85                         $this->getFields(),
  86                         $cond,
  87                         __METHOD__
  88                 );
  89                 if ( !$row ) {
  90                         return false;
  91                 }
  92                 $this->mRow = $row;
  93
  94                 return true;
  95         }
  96
  97         private function getDb() {
  98                 global $wgExternalAuthConf;
  99                 return new Database(
 100                         $wgExternalAuthConf['server'],
 101                         $wgExternalAuthConf['username'],
 102                         $wgExternalAuthConf['password'],
 103                         $wgExternalAuthConf['dbname'],
 104                         false, 0,
 105                         $wgExternalAuthConf['tableprefix']
 106                 );
 107         }
 108
 109         private function getFields() {
 110                 return array( 'user.userid', 'username', 'password', 'salt', 'email',
 111                         'usergroupid', 'membergroupids' );
 112         }
 113
 114         public function getId() { return $this->mRow->userid; }
 115         public function getName() { return $this->mRow->username; }
 116
 117         public function authenticate( $password ) {
 118                 # vBulletin seemingly strips whitespace from passwords
 119                 $password = trim( $password );
 120                 return $this->mRow->password == md5( md5( $password )
 121                         . $this->mRow->salt );
 122         }
 123
 124         public function getPref( $pref ) {
 125                 if ( $pref == 'emailaddress' && $this->mRow->email ) {
 126                         # TODO: only return if validated?
 127                         return $this->mRow->email;
 128                 }
 129                 return null;
 130         }
 131
 132         public function getGroups() {
 133                 $groups = array( $this->mRow->usergroupid );
 134                 $groups = array_merge( $groups, explode( ',', $this->mRow->membergroupids ) );
 135                 $groups = array_unique( $groups );
 136                 return $groups;
 137         }
 138 }