BugTrack2/375 AUTH_TYPE_FORM auth_type - save auth info on session

Implement Log in and Log out for Form auth

diff --git a/en.lng.php b/en.lng.php
index 3f1607d..828d6ee 100644 (file)
--- a/en.lng.php
+++ b/en.lng.php
@@ -115,6 +115,8 @@ $_LANG['skin']['search']    = 'Search';
 $_LANG['skin']['top']       = 'Front page';    // Top page
 $_LANG['skin']['unfreeze']  = 'Unfreeze';
 $_LANG['skin']['upload']    = 'Upload';        // Attach a file
+$_LANG['skin']['login']     = 'Log in';
+$_LANG['skin']['logout']    = 'Log out';
 
 ///////////////////////////////////////
 // Plug-in message

diff --git a/ja.lng.php b/ja.lng.php
index e1ad7dc..beda9bc 100644 (file)
--- a/ja.lng.php
+++ b/ja.lng.php
@@ -117,6 +117,8 @@ $_LANG['skin']['search']    = '単語検索';
 $_LANG['skin']['top']       = 'トップ';     // Top page
 $_LANG['skin']['unfreeze']  = '凍結解除';
 $_LANG['skin']['upload']    = '添付';        // Attach a file
+$_LANG['skin']['login']     = 'ログイン';
+$_LANG['skin']['logout']    = 'ログアウト';
 
 ///////////////////////////////////////
 // Plug-in message

diff --git a/lib/auth.php b/lib/auth.php
index 1f80b72..64b8951 100644 (file)
--- a/lib/auth.php
+++ b/lib/auth.php
@@ -14,6 +14,7 @@ define('PKWK_PASSPHRASE_LIMIT_LENGTH', 512);
 define('AUTH_TYPE_NONE', 0);
 define('AUTH_TYPE_BASIC', 1);
 define('AUTH_TYPE_EXTERNAL', 2);
+define('AUTH_TYPE_FORM', 3);
 
 define('AUTH_TYPE_EXTERNAL_REMOTE_USER', 4);
 define('AUTH_TYPE_EXTERNAL_X_FORWARDED_USER', 5);
@@ -180,7 +181,7 @@ function read_auth($page, $auth_flag = TRUE, $exit_flag = TRUE)
 function basic_auth($page, $auth_flag, $exit_flag, $auth_pages, $title_cannot)
 {
        global $auth_method_type, $auth_users, $_msg_auth, $auth_user, $auth_groups;
-       global $auth_user_groups;
+       global $auth_user_groups, $auth_type, $g_query_string;
        // Checked by:
        $target_str = '';
        if ($auth_method_type == 'pagename') {
@@ -203,9 +204,18 @@ function basic_auth($page, $auth_flag, $exit_flag, $auth_pages, $title_cannot)
        {
                // Auth failed
                pkwk_common_headers();
-               if ($auth_flag && $auth_user === '') {
-                       header('WWW-Authenticate: Basic realm="' . $_msg_auth . '"');
-                       header('HTTP/1.0 401 Unauthorized');
+               if ($auth_flag && !$auth_user) {
+                       if (AUTH_TYPE_BASIC === $auth_type) {
+                               header('WWW-Authenticate: Basic realm="' . $_msg_auth . '"');
+                               header('HTTP/1.0 401 Unauthorized');
+                       } elseif (AUTH_TYPE_FORM === $auth_type) {
+                               $url_after_login = get_script_uri() . '?' . $g_query_string;
+                               $loginurl = get_script_uri() . '?plugin=loginform'
+                                       . '&page=' . rawurlencode($page)
+                                       . '&url_after_login=' . rawurlencode($url_after_login);
+                               header('HTTP/1.0 302 Found');
+                               header('Location: ' . $loginurl);
+                       }
                }
                if ($exit_flag) {
                        $body = $title = str_replace('$1',
@@ -250,12 +260,26 @@ function ensure_valid_auth_user()
                        $auth_user_groups = get_groups_from_username($user);
                        return true; // no auth input
                }
+               case AUTH_TYPE_FORM:
+               {
+                       session_start();
+                       // session_regenerate_id(true);
+                       $user = '';
+                       if (isset($_SESSION['authenticated_user'])) {
+                               $user = $_SESSION['authenticated_user'];
+                       }
+                       $auth_user = $user;
+                       break;
+               }
                case AUTH_TYPE_EXTERNAL_REMOTE_USER:
                        $auth_user = $_SERVER['REMOTE_USER'];
+                       break;
                case AUTH_TYPE_EXTERNAL_X_FORWARDED_USER:
                        $auth_user =  $_SERVER['HTTP_X_FORWARDED_USER'];
+                       break;
                default: // AUTH_TYPE_NONE
                        $auth_user = '';
+                       break;
        }
        $auth_user_groups = get_groups_from_username($auth_user);
        return true; // is not basic auth
@@ -303,3 +327,42 @@ function get_auth_user()
        global $auth_user;
        return $auth_user;
 }
+
+/**
+ * Sign in with username and password
+ *
+ * @param String username
+ * @param String password
+ * @return true is sign in is OK
+ */
+function form_auth($username, $password)
+{
+       global $auth_users;
+       $user = $username;
+       if (in_array($user, array_keys($auth_users))) {
+               if (pkwk_hash_compute(
+                       $password,
+                       $auth_users[$user]) === $auth_users[$user]) {
+                       $_SESSION['authenticated_user'] = $user;
+                       return true;
+               }
+       }
+       return false;
+}
+
+/**
+ * Redirect after login. Need to assing location or page
+ *
+ * @param type $location
+ * @param type $page
+ */
+function form_auth_redirect($location, $page)
+{
+       header('HTTP/1.0 302 Found');
+       if ($location) {
+               header('Location: ' . $location);
+       } else {
+               $url = get_script_uri() . '?' . $page;
+               header('Location: ' . $url);
+       }
+}

diff --git a/lib/html.php b/lib/html.php
index f41e97a..139bccb 100644 (file)
--- a/lib/html.php
+++ b/lib/html.php
@@ -16,6 +16,7 @@ function catbody($title, $page, $body)
        global $search_word_color, $_msg_word, $foot_explain, $note_hr, $head_tags;
        global $javascript, $nofollow;
        global $_LANG, $_LINK, $_IMAGE;
+       global $auth_type, $auth_user;
 
        global $pkwk_dtd;     // XHTML 1.1, XHTML1.0, HTML 4.01 Transitional...
        global $page_title;   // Title of this site
@@ -23,6 +24,19 @@ function catbody($title, $page, $body)
        global $modifier;     // Site administrator's  web page
        global $modifierlink; // Site administrator's name
 
+       $enable_login = false;
+       $enable_logout = false;
+       if (AUTH_TYPE_FORM === $auth_type) {
+               if ($auth_user) {
+                       $enable_logout = true;
+               } else {
+                       $enable_login = true;
+               }
+       } else if (AUTH_TYPE_BASIC === $auth_type) {
+               if ($auth_user) {
+                       $enable_logout = true;
+               }
+       }
        if (! file_exists(SKIN_FILE) || ! is_readable(SKIN_FILE))
                die_message('SKIN_FILE is not found');
 
@@ -56,6 +70,8 @@ function catbody($title, $page, $body)
        $_LINK['top']      = "$script?" . pagename_urlencode($defaultpage);
        $_LINK['unfreeze'] = "$script?cmd=unfreeze&page=$r_page";
        $_LINK['upload']   = "$script?plugin=attach&pcmd=upload&page=$r_page";
+       $_LINK['login']    = "$script?plugin=loginform&pcmd=login&page=$r_page";
+       $_LINK['logout']   = "$script?plugin=loginform&pcmd=logout&page=$r_page";
 
        // Compat: Skins for 1.4.4 and before
        $link_add       = & $_LINK['add'];

diff --git a/lib/init.php b/lib/init.php
index 4224b0f..5c94295 100644 (file)
--- a/lib/init.php
+++ b/lib/init.php
@@ -267,6 +267,8 @@ if (isset($_GET['encode_hint']) && $_GET['encode_hint'] != '')
 // ページ名かInterWikiNameであるとみなす
 $arg = '';
 if (isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] != '') {
+       global $g_query_string;
+       $g_query_string = $_SERVER['QUERY_STRING'];
        $arg = & $_SERVER['QUERY_STRING'];
 } else if (isset($_SERVER['argv']) && ! empty($_SERVER['argv'])) {
        $arg = & $_SERVER['argv'][0];

diff --git a/plugin/loginform.inc.php b/plugin/loginform.inc.php
new file mode 100644 (file)
index 0000000..f6fb213
--- /dev/null
+++ b/plugin/loginform.inc.php
@@ -0,0 +1,73 @@
+<?php
+
+// PukiWiki - Yet another WikiWikiWeb clone
+// Copyright (C) 2015 PukiWiki Development Team
+// License: GPL v2 or (at your option) any later version
+//
+// "Login form" plugin
+
+function plugin_loginform_inline()
+{
+       $logout_param = '?plugin=basicauthlogout';
+       return '<a href="' . htmlsc(get_script_uri() . $logout_param) . '">Log out</a>';
+}
+
+function plugin_loginform_convert()
+{
+       return '<div>' . plugin_basicauthlogout_inline() . '</div>';
+}
+
+function plugin_loginform_action()
+{
+       global $auth_user, $auth_type;
+       $page_r = $_GET['page'];
+       $page = rawurldecode($page_r);
+       $pcmd = $_GET['pcmd'];
+       $url_after_login_r = $_GET['url_after_login'];
+       $url_after_login = rawurldecode($url_after_login_r);
+       $page_after_login_r = '';
+       if (!$url_after_login_r) $page_after_login_r = $page_r;
+       $action_url = get_script_uri() . '?plugin=loginform'
+               . '&page=' . $page_r
+               . ($url_after_login_r ? '&url_after_login=' . $url_after_login_r : '')
+               . ($page_after_login_r ? '&page_after_login=' . $page_after_login_r : '');
+       $username = $_POST['username'];
+       $password = $_POST['password'];
+       if (form_auth($username, $password)) {
+               form_auth_redirect($url_after_login, $page_after_login_r);
+               return;
+       }
+       if ($pcmd === 'logout') {
+               // logout
+               switch ($auth_type) {
+                       case AUTH_TYPE_BASIC:
+                               header('WWW-Authenticate: Basic realm="Please cancel to log out"');
+                               header('HTTP/1.0 401 Unauthorized');
+                               break;
+                       case AUTH_TYPE_FORM:
+                       case AUTH_TYPE_EXTERNAL:
+                       default:
+                               session_destroy();
+                               break;
+               }
+               $auth_user = '';
+               return array(
+                       'msg' => 'Log out',
+                       'body' => 'Logged out completely<br>'
+                               . '<a href="'. get_script_uri() . '?' . $page_r . '">'
+                               . $page . '</a>'
+               );
+       } else {
+               // login
+               return array(
+                       'msg' => 'Login',
+                       'body' => 'Please input username and password:'
+                       . '<form action="' . htmlsc($action_url) . '" method="post">'
+                       . 'Username: <input type="text" name="username"><br>'
+                       . 'Password: <input type="password" name="password"><br>'
+                       . '<input type="submit" value="Login">'
+                       . '</form>'
+                       . "<br>\n"
+                       );
+       }
+}

diff --git a/skin/pukiwiki.skin.php b/skin/pukiwiki.skin.php
index cc302a3..5609cc9 100644 (file)
--- a/skin/pukiwiki.skin.php
+++ b/skin/pukiwiki.skin.php
@@ -153,6 +153,12 @@ function _navigator($key, $value = '', $javascript = ''){
  | <?php _navigator('search') ?>
  | <?php _navigator('recent') ?>
  | <?php _navigator('help')   ?>
+ <?php if ($enable_login) { ?>
+ | <?php _navigator('login') ?>
+ <?php } ?>
+ <?php if ($enable_logout) { ?>
+ | <?php _navigator('logout') ?>
+ <?php } ?>
  ]
 <?php } // PKWK_SKIN_SHOW_NAVBAR ?>
 </div>