00001 <?php 00002 00003 # Copyright (C) 2009 Aryeh Gregor 00004 # 00005 # This program is free software; you can redistribute it and/or modify 00006 # it under the terms of the GNU General Public License as published by 00007 # the Free Software Foundation; either version 2 of the License, or 00008 # (at your option) any later version. 00009 # 00010 # This program is distributed in the hope that it will be useful, 00011 # but WITHOUT ANY WARRANTY; without even the implied warranty of 00012 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00013 # GNU General Public License for more details. 00014 # 00015 # You should have received a copy of the GNU General Public License along 00016 # with this program; if not, write to the Free Software Foundation, Inc., 00017 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 00018 # http://www.gnu.org/copyleft/gpl.html 00019 00038 class ExternalUser_vB extends ExternalUser { 00039 private $mDb, $mRow; 00040 00041 protected function initFromName( $name ) { 00042 return $this->initFromCond( array( 'username' => $name ) ); 00043 } 00044 00045 protected function initFromId( $id ) { 00046 return $this->initFromCond( array( 'userid' => $id ) ); 00047 } 00048 00049 protected function initFromCookie() { 00050 # Try using the session table. It will only have a row if the user has 00051 # an active session, so it might not always work, but it's a lot easier 00052 # than trying to convince PHP to give us vB's $_SESSION. 00053 global $wgExternalAuthConf; 00054 if ( !isset( $wgExternalAuthConf['cookieprefix'] ) ) { 00055 $prefix = 'bb'; 00056 } else { 00057 $prefix = $wgExternalAuthConf['cookieprefix']; 00058 } 00059 if ( !isset( $_COOKIE["{$prefix}sessionhash"] ) ) { 00060 return false; 00061 } 00062 00063 $db = $this->getDb(); 00064 00065 $row = $db->selectRow( 00066 array( 'session', 'user' ), 00067 $this->getFields(), 00068 array( 00069 'session.userid = user.userid', 00070 'sessionhash' => $_COOKIE["{$prefix}sessionhash"] 00071 ), 00072 __METHOD__ 00073 ); 00074 if ( !$row ) { 00075 return false; 00076 } 00077 $this->mRow = $row; 00078 00079 return true; 00080 } 00081 00082 private function initFromCond( $cond ) { 00083 $db = $this->getDb(); 00084 00085 $row = $db->selectRow( 00086 'user', 00087 $this->getFields(), 00088 $cond, 00089 __METHOD__ 00090 ); 00091 if ( !$row ) { 00092 return false; 00093 } 00094 $this->mRow = $row; 00095 00096 return true; 00097 } 00098 00099 private function getDb() { 00100 global $wgExternalAuthConf; 00101 return new Database( 00102 $wgExternalAuthConf['server'], 00103 $wgExternalAuthConf['username'], 00104 $wgExternalAuthConf['password'], 00105 $wgExternalAuthConf['dbname'], 00106 false, 0, 00107 $wgExternalAuthConf['tableprefix'] 00108 ); 00109 } 00110 00111 private function getFields() { 00112 return array( 'user.userid', 'username', 'password', 'salt', 'email', 00113 'usergroupid', 'membergroupids' ); 00114 } 00115 00116 public function getId() { return $this->mRow->userid; } 00117 public function getName() { return $this->mRow->username; } 00118 00119 public function authenticate( $password ) { 00120 # vBulletin seemingly strips whitespace from passwords 00121 $password = trim( $password ); 00122 return $this->mRow->password == md5( md5( $password ) 00123 . $this->mRow->salt ); 00124 } 00125 00126 public function getPref( $pref ) { 00127 if ( $pref == 'emailaddress' && $this->mRow->email ) { 00128 # TODO: only return if validated? 00129 return $this->mRow->email; 00130 } 00131 return null; 00132 } 00133 00134 public function getGroups() { 00135 $groups = array( $this->mRow->usergroupid ); 00136 $groups = array_merge( $groups, explode( ',', $this->mRow->membergroupids ) ); 00137 $groups = array_unique( $groups ); 00138 return $groups; 00139 } 00140 }