Include an auth_module to authenticate users through apache

10 years ago · a0fd9e48e3
parent 4061411cfa
commit a0fd9e48e3
2 changed files with 165 additions and 1 deletions
--- a/root/etc/e-smith/templates/etc/phplist/config.php/35Login
+++ b/root/etc/e-smith/templates/etc/phplist/config.php/35Login
@ -1,4 +1,5 @@
-$require_login = {(($phplist{'Authentication'} || 'http') eq 'internal') ? '1':'0'};
+$require_login = 1;
+$admin_auth_module = {(($phplist{'Authentication'} || 'http') eq 'internal') ? 'phplist_auth.inc':'external_auth.inc'};
 define("REGISTER",0);
 define("MANUALLY_PROCESS_QUEUE",0);
 define('MAILQUEUE_THROTTLE',0.5);
--- a/root/usr/share/phplist/www/admin/auth/external_auth.inc
+++ b/root/usr/share/phplist/www/admin/auth/external_auth.inc
@ -0,0 +1,163 @@
+<?php
+
+require_once dirname(__FILE__).'/../accesscheck.php';
+
+$_REQUEST["login"] = $_SERVER["REMOTE_USER"];
+$_REQUEST["password"] = $_SERVER["REMOTE_USER"];
+
+class admin_auth {
+
+  function validateLogin($login,$password) {
+    if (isset($_SERVER["REMOTE_USER"]) && $_SERVER["REMOTE_USER"] !== ""){
+      $query = ' select password, disabled, id' .
+               ' from %s' .
+               ' where loginname = ?';
+      $query = sprintf($query, $GLOBALS['tables']['admin']);
+      $req = Sql_Query_Params($query, array($login));
+      $admindata = Sql_Fetch_Assoc($req);
+      // Nothing in the database yet ? Reject login
+      if (!$admindata['id']){
+        return array(0,s("Login failed"));
+      }
+      elseif ($admindata["disabled"]) {
+        return array(0,s("your account has been disabled"));
+      }
+      else{
+        return array($admindata['id'],"OK");
+      }
+    }
+    else{
+      return array(0,s("Login failed"));
+    }
+  }
+
+  function getPassword($email) {
+    $email = preg_replace("/[;,\"\']/","",$email);
+    $query = sprintf('select email, password, loginname from %s where email = ?', $GLOBALS['tables']['admin']);
+    $req = Sql_Query_Params($query, array($email));
+    if (Sql_Num_Rows($req)) {
+      $row = Sql_Fetch_Row($req);
+      return $row[1];
+    }
+  }
+
+  function validateAccount($id) {
+        /* can only do this after upgrade, which means
+     * that the first login will always fail
+    $query
+    = ' select id, disabled,password,privileges'
+    . ' from %s'
+    . ' where id = ?';
+    */
+
+    $query
+    = ' select id, disabled,password'
+    . ' from %s'
+    . ' where id = ?';
+
+    $query = sprintf($query, $GLOBALS['tables']['admin']);
+    $req = Sql_Query_Params($query, array($id));
+    $data = Sql_Fetch_Row($req);
+    if (!$data[0]) {
+      return array(0,s("No such account"));
+    } elseif ($data[1]) {
+      return array(0,s("your account has been disabled"));
+    }
+
+    ## do this seperately from above, to avoid lock out when the DB hasn't been upgraded.
+    ## so, ignore the error
+    $query
+    = ' select privileges'
+    . ' from %s'
+    . ' where id = ?';
+
+    $query = sprintf($query, $GLOBALS['tables']['admin']);
+    $req = Sql_Query_Params($query, array($id),1);
+    if ($req) {
+      $data = Sql_Fetch_Row($req);
+    } else {
+      $data = array();
+    }
+
+    if (!empty($data[0])) {
+      $_SESSION['privileges'] = unserialize($data[0]);
+    }
+    return array(1,"OK");
+  }
+
+  function validateAccount($id) {
+        /* can only do this after upgrade, which means
+     * that the first login will always fail
+    $query
+    = ' select id, disabled,password,privileges'
+    . ' from %s'
+    . ' where id = ?';
+    */
+
+    $query
+    = ' select id, disabled,password'
+    . ' from %s'
+    . ' where id = ?';
+
+    $query = sprintf($query, $GLOBALS['tables']['admin']);
+    $req = Sql_Query_Params($query, array($id));
+    $data = Sql_Fetch_Row($req);
+    if (!$data[0]) {
+      return array(0,s("No such account"));
+    } elseif ($data[1]) {
+      return array(0,s("your account has been disabled"));
+    }
+
+    ## do this seperately from above, to avoid lock out when the DB hasn't been upgraded.
+    ## so, ignore the error
+    $query
+    = ' select privileges'
+    . ' from %s'
+    . ' where id = ?';
+
+    $query = sprintf($query, $GLOBALS['tables']['admin']);
+    $req = Sql_Query_Params($query, array($id),1);
+    if ($req) {
+      $data = Sql_Fetch_Row($req);
+    } else {
+      $data = array();
+    }
+
+    if (!empty($data[0])) {
+      $_SESSION['privileges'] = unserialize($data[0]);
+    }
+    return array(1,"OK");
+  }
+
+  function adminName($id) {
+    $req = Sql_Fetch_Row_Query(sprintf('select loginname from %s where id = %d',$GLOBALS["tables"]["admin"],$id));
+    return $req[0] ? $req[0] : s("Nobody");
+  }
+
+  function adminEmail($id) {
+    $req = Sql_Fetch_Row_Query(sprintf('select email from %s where id = %d',$GLOBALS["tables"]["admin"],$id));
+    return $req[0] ? $req[0] : "";
+  }
+
+  function adminIdForEmail($email) { #Obtain admin Id from a given email address.
+    $req = Sql_Fetch_Row_Query(sprintf('select id from %s where email = "%s"',$GLOBALS["tables"]["admin"],sql_escape($email)));
+    return $req[0] ? $req[0] : "";
+  }
+
+  function isSuperUser($id) {
+    $req = Sql_Fetch_Row_Query(sprintf('select superuser from %s where id = %d',$GLOBALS["tables"]["admin"],$id));
+    return $req[0];
+  }
+
+  function listAdmins() {
+    $result = array();
+    $req = Sql_Query("select id,loginname from {$GLOBALS["tables"]["admin"]} order by loginname");
+    while ($row = Sql_Fetch_Array($req)) {
+      $result[$row["id"]] = $row["loginname"];
+    }
+    return $result;
+  }
+
+}
+
+?>