REMOTE_USER). This plugin assumes users are externally authenticated, as with GatorLink.
Author: Daniel Westermann-Clark
Author URI: http://dev.webadmin.ufl.edu/~dwc/
*/
if (! class_exists('HTTPAuthenticationPlugin')) {
class HTTPAuthenticationPlugin {
function HTTPAuthenticationPlugin() {
if (isset($_GET['activate']) and $_GET['activate'] == 'true') {
add_action('init', array(&$this, 'init'));
}
add_action('admin_menu', array(&$this, 'admin_menu'));
if (get_option('http_authentication_siteprotected')) {
add_action('init', array(&$this, 'get_currentuserinfo'));
add_action('wp_authenticate', array(&$this, 'maybe_bypass'), 10, 2);
// where should we put the su link?
// possibilities: profile_personal_options, activity_box_end, admin_footer, show_user_profile
add_action('show_user_profile', array(&$this, 'su_link'));
}
else {
add_action('wp_authenticate', array(&$this, 'authenticate'), 10, 2);
}
add_action('wp_logout', array(&$this, 'logout'));
add_action('lost_password', array(&$this, 'disable_function'));
add_action('retrieve_password', array(&$this, 'disable_function'));
add_action('password_reset', array(&$this, 'disable_function'));
add_action('check_passwords', array(&$this, 'check_passwords'), 10, 3);
add_filter('show_password_fields', array(&$this, 'show_password_fields'));
}
/*************************************************************
* Plugin hooks
*************************************************************/
/*
* Add options for this plugin to the database.
*/
function init() {
if (current_user_can('manage_options')) {
add_option('http_authentication_logout_uri', get_option('home'), 'The URI to which the user is redirected when she chooses "Logout".');
add_option('http_authentication_siteprotected', 0, 'If your authentication protects the whole site, then this removes the requirement to login (and allows logging into special wordpress accounts, like "admin")');
add_option('http_authentication_autoregister', 0, 'When enabled, if the account does not exist, they will be auto-registered. Make sure Email Domain is set, if this is enabled.');
add_option('http_authentication_autoreg_emaildomain', "example.com", 'Email domain for the user email setting. If they login as "foo" and this is set to "example.com" then their email will be foo@example.com. This only matters if Auto-Register is enabled.');
}
}
/*
* Add an options pane for this plugin.
*/
function admin_menu() {
if (function_exists('add_options_page')) {
add_options_page('HTTP Authentication', 'HTTP Authentication', 9, __FILE__, array(&$this, 'display_options_page'));
}
}
function su_link() {
echo ' su as another user';
}
/*
* Whether to bypass login page or not
*/
function maybe_bypass($username, $password) {
if ( isset( $_REQUEST['redirect_to'] ) ) {
if (! empty($_SERVER['REMOTE_USER'])
&& ( empty($_COOKIE[USER_COOKIE]) || $_SERVER['REMOTE_USER']==$_COOKIE[USER_COOKIE] )
&& (!$_POST) )
{
/* User is trying to get into admin.
* Make sure they're not logging in
* Only override current auth if the
* cookie is not for a non-remoteuser account
*/
$this->authenticate(&$username, &$password);
return;
}
elseif ( $_POST ) {
/* user is in the process of logging in
* so don't blank the password
*/
return;
}
}
// show the user the login page
$username = $password = '';
}
/*
* If the REMOTE_USER evironment is set, use it as the username.
* This assumes that you have externally authenticated the user.
*/
function authenticate($username, $password) {
global $using_cookie;
// Reset values from input ($_POST and $_COOKIE)
$username = $password = '';
if (! empty($_SERVER['REMOTE_USER'])) {
if (function_exists('get_userdatabylogin')) {
$username = $_SERVER['REMOTE_USER'];
$user = get_userdatabylogin($username);
if ($user and $username == $user->user_login) {
// Feed WordPress a double-MD5 hash (MD5 of value generated in check_passwords)
$password = md5($user->user_pass);
}
elseif (get_option('http_authentication_autoregister')) {
//auto register
$this->autoregister( $username );
$user=get_userdatabylogin($username);
}
else {
// User is not in the WordPress database, and thus not authorized
die("User $username does not exist in the WordPress database");
}
// User is now authorized; force WordPress to use the generated password
$using_cookie = true;
wp_setcookie($user->user_login, $password, $using_cookie);
}
else {
die("Could not load user data");
}
}
else {
die("No REMOTE_USER found; please check your external authentication configuration");
}
}
/*
* autoregister user for login
*/
function autoregister($username) {
require_once(ABSPATH . WPINC . '/registration-functions.php');
$password = "fake password"; //md5 won't have spaces, so this will always fail
$user_id = wp_create_user( $username , $password, $username."@".get_option('http_authentication_autoreg_emaildomain') );
return $user_id;
}
/*
* current user setting
*/
function get_currentuserinfo() {
global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user;
//echo 'sky function';
if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST )
return false;
if (! empty($_COOKIE['USER_COOKIE']) && ! empty($_COOKIE['PASS_COOKIE'])) {
$user_login = $_COOKIE[USER_COOKIE];
}
else if (! empty($_SERVER['REMOTE_USER'])) {
$user_login = $_SERVER['REMOTE_USER'];
//echo $user_login;
}
else if ( empty($_COOKIE[USER_COOKIE]) || empty($_COOKIE[PASS_COOKIE]) ||
!wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true) ) {
$current_user = new WP_User(0);
return false;
}
$userdata = get_userdatabylogin($user_login);
if (!$userdata && get_option('http_authentication_autoregister')) {
$this->autoregister( $user_login );
$userdata=get_userdatabylogin($user_login);
}
$user_level = $userdata->user_level;
$user_ID = $userdata->ID;
$user_email = $userdata->user_email;
$user_url = $userdata->user_url;
$user_pass_md5 = md5($userdata->user_pass);
$user_identity = $userdata->display_name;
if ( empty($current_user) )
$current_user = new WP_User($user_ID);
}
/*
* Logout the user by redirecting them to the logout URI.
*/
function logout() {
header('Location: ' . get_option('http_authentication_logout_uri'));
exit();
}
/*
* Generate a password for the user. This plugin does not
* require the user to enter this value, but we want to set it
* to something nonobvious.
*/
function check_passwords($username, $password1, $password2) {
$password1 = $password2 = substr(md5(uniqid(microtime())), 0, 10);
}
/*
* Used to disable certain display elements, e.g. password
* fields on profile screen.
*/
function show_password_fields($show_password_fields) {
return false;
}
/*
* Used to disable certain login functions, e.g. retrieving a
* user's password.
*/
function disable_function() {
die('Disabled');
}
/*************************************************************
* Functions
*************************************************************/
/*
* Display the options for this plugin.
*/
function display_options_page() {
$logout_uri = get_option('http_authentication_logout_uri');
$siteprotected = get_option('http_authentication_siteprotected');
$autoregister = get_option('http_authentication_autoregister');
$autoreg_emaildomain = get_option('http_authentication_autoreg_emaildomain');
?>