includes/extauth/vB.php

   1 <?php
   2 /**
   3  * External authentication with a vBulletin database.
   4  *
   5  * Copyright © 2009 Aryeh Gregor
   6  *
   7  * This program is free software; you can redistribute it and/or modify
   8  * it under the terms of the GNU General Public License as published by
   9  * the Free Software Foundation; either version 2 of the License, or
  10  * (at your option) any later version.
  11  *
  12  * This program is distributed in the hope that it will be useful,
  13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15  * GNU General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU General Public License along
  18  * with this program; if not, write to the Free Software Foundation, Inc.,
  19  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  20  * http://www.gnu.org/copyleft/gpl.html
  21  *
  22  * @file
  23  */
  24
  25 /**
  26  * This class supports the proprietary vBulletin forum system
  27  * <http://www.vbulletin.com>, versions 3.5 and up.  It calls no functions or
  28  * code, only reads from the database.  Example lines to put in
  29  * LocalSettings.php:
  30  *
  31  *   $wgExternalAuthType = 'ExternalUser_vB';
  32  *   $wgExternalAuthConf = array(
  33  *       'server' => 'localhost',
  34  *       'username' => 'forum',
  35  *       'password' => 'udE,jSqDJ<""p=fI.K9',
  36  *       'dbname' => 'forum',
  37  *       'tableprefix' => '',
  38  *       'cookieprefix' => 'bb'
  39  *   );
  40  *
  41  * @ingroup ExternalUser
  42  */
  43 class ExternalUser_vB extends ExternalUser {
  44         private $mRow;
  45
  46         protected function initFromName( $name ) {
  47                 return $this->initFromCond( array( 'username' => $name ) );
  48         }
  49
  50         protected function initFromId( $id ) {
  51                 return $this->initFromCond( array( 'userid' => $id ) );
  52         }
  53
  54         protected function initFromCookie() {
  55                 # Try using the session table.  It will only have a row if the user has
  56                 # an active session, so it might not always work, but it's a lot easier
  57                 # than trying to convince PHP to give us vB's $_SESSION.
  58                 global $wgExternalAuthConf, $wgRequest;
  59                 if ( !isset( $wgExternalAuthConf['cookieprefix'] ) ) {
  60                         $prefix = 'bb';
  61                 } else {
  62                         $prefix = $wgExternalAuthConf['cookieprefix'];
  63                 }
  64                 if ( $wgRequest->getCookie( 'sessionhash', $prefix ) === null ) {
  65                         return false;
  66                 }
  67
  68                 $db = $this->getDb();
  69
  70                 $row = $db->selectRow(
  71                         array( 'session', 'user' ),
  72                         $this->getFields(),
  73                         array(
  74                                 'session.userid = user.userid',
  75                                 'sessionhash' => $wgRequest->getCookie( 'sessionhash', $prefix ),
  76                         ),
  77                         __METHOD__
  78                 );
  79                 if ( !$row ) {
  80                         return false;
  81                 }
  82                 $this->mRow = $row;
  83
  84                 return true;
  85         }
  86
  87         private function initFromCond( $cond ) {
  88                 $db = $this->getDb();
  89
  90                 $row = $db->selectRow(
  91                         'user',
  92                         $this->getFields(),
  93                         $cond,
  94                         __METHOD__
  95                 );
  96                 if ( !$row ) {
  97                         return false;
  98                 }
  99                 $this->mRow = $row;
 100
 101                 return true;
 102         }
 103
 104         private function getDb() {
 105                 global $wgExternalAuthConf;
 106                 return new Database(
 107                         $wgExternalAuthConf['server'],
 108                         $wgExternalAuthConf['username'],
 109                         $wgExternalAuthConf['password'],
 110                         $wgExternalAuthConf['dbname'],
 111                         false, 0,
 112                         $wgExternalAuthConf['tableprefix']
 113                 );
 114         }
 115
 116         private function getFields() {
 117                 return array( 'user.userid', 'username', 'password', 'salt', 'email',
 118                         'usergroupid', 'membergroupids' );
 119         }
 120
 121         public function getId() { return $this->mRow->userid; }
 122         public function getName() { return $this->mRow->username; }
 123
 124         public function authenticate( $password ) {
 125                 # vBulletin seemingly strips whitespace from passwords
 126                 $password = trim( $password );
 127                 return $this->mRow->password == md5( md5( $password )
 128                         . $this->mRow->salt );
 129         }
 130
 131         public function getPref( $pref ) {
 132                 if ( $pref == 'emailaddress' && $this->mRow->email ) {
 133                         # TODO: only return if validated?
 134                         return $this->mRow->email;
 135                 }
 136                 return null;
 137         }
 138
 139         public function getGroups() {
 140                 $groups = array( $this->mRow->usergroupid );
 141                 $groups = array_merge( $groups, explode( ',', $this->mRow->membergroupids ) );
 142                 $groups = array_unique( $groups );
 143                 return $groups;
 144         }
 145 }