WordPress MU: plugin d’authentification HTTP

Publié
par
Flavien
le Vendredi 4 juillet 2008
dans internet, software et sécurité
. Mots-clé :, .

Download

HTTP Authentication plugin for WordPress MU (2.92 KB)

Source

Code mélangé de Daniel Westermann-Clark et Simon Wilkinson.

Code

  1. < ?php
  2. /*
  3. Plugin Name: HTTP Authentication MU
  4. Version: 2.0.1
  5. Plugin URI: http://dev.webadmin.ufl.edu/~dwc/2008/04/16/http-authentication-20/
  6. Description: Authenticate users using basic HTTP authentication (<code>REMOTE_USER). This plugin assumes users are externally authenticated, as with <a href="http://www.gatorlink.ufl.edu/">GatorLink</a>. Patched for Wordpress MU by <a href="http://orthrus.blogspot.com/">Simon Wilkinson</a> and <a href="http://www.cyann.net/">Flavien Scheurer</a>.
  7. Author: Daniel Westermann-Clark
  8. Author URI: http://dev.webadmin.ufl.edu/~dwc/
  9. */
  10.  
  11. if (! class_exists('HTTPAuthenticationPlugin')) {
  12.  class HTTPAuthenticationPlugin {
  13.   function HTTPAuthenticationPlugin() {
  14.    if (isset($_GET['activate']) and $_GET['activate'] == 'true') {
  15.     add_action('init', array(&$this, 'initialize_options'));
  16.    }
  17.    add_action('admin_menu', array(&$this, 'add_options_page'));
  18.    add_action('wp_authenticate', array(&$this, 'authenticate'), 10, 2);
  19.    add_filter('check_password', array(&$this, 'skip_password_check'), 10, 4);
  20.    add_action('wp_logout', array(&$this, 'logout'));
  21.    add_action('lost_password', array(&$this, 'disable_function'));
  22.    add_action('retrieve_password', array(&$this, 'disable_function'));
  23.    add_action('password_reset', array(&$this, 'disable_function'));
  24.    add_action('check_passwords', array(&$this, 'generate_password'), 10, 3);
  25.    add_filter('show_password_fields', array(&$this, 'disable_password_fields'));
  26.   }
  27.  
  28.  
  29.   /*************************************************************
  30.    * Plugin hooks
  31.    *************************************************************/
  32.  
  33.   /*
  34.    * Add options for this plugin to the database.
  35.    */
  36.   function initialize_options() {
  37.    if (current_user_can('manage_options')) {
  38.     add_site_option('http_authentication_logout_uri', get_option('home'), 'The URI to which the user is redirected when she chooses "Logout".');
  39.     add_site_option('http_authentication_auto_create_user', false, 'Should a new user be created automatically if not already in the WordPress database?');
  40.     add_site_option('http_authentication_auto_create_email_domain', '', 'The domain to use for the email address of an automatically created user.');
  41.    }
  42.   }
  43.  
  44.   /*
  45.    * Add an options pane for this plugin.
  46.    */
  47.   function add_options_page() {
  48.    if (function_exists('add_options_page')) {
  49.     add_options_page('HTTP Authentication', 'HTTP Authentication', 9, __FILE__, array(&$this, '_display_options_page'));
  50.    }
  51.   }
  52.  
  53.   /*
  54.    * If the REMOTE_USER evironment is set, use it as the username.
  55.    * This assumes that you have externally authenticated the user.
  56.    */
  57.   function authenticate($username, $password) {
  58.    if (empty($_SERVER['REMOTE_USER'])) {
  59.     die('No REMOTE_USER found; please check your external authentication configuration');
  60.    }
  61.  
  62.    // Fake WordPress into authenticating by overriding the credentials
  63.    $username = strtolower($_SERVER['REMOTE_USER']);
  64.    $password = $this->_get_password();
  65.  
  66.    // Create new users automatically, if configured
  67.    $user = get_userdatabylogin($username);
  68.    if (! $user or $user->user_login != $username) {
  69.     if ((bool) get_site_option('http_authentication_auto_create_user')) {
  70.      $this->_create_user($username);
  71.     }
  72.     else {
  73.      // Bail out to avoid showing the login form
  74.      die("User $username does not exist in the WordPress database. Maybe user auto creation is not activated.");
  75.     }
  76.    }
  77.   }
  78.  
  79.   /*
  80.    * Skip the password check, since we've externally authenticated.
  81.    */
  82.   function skip_password_check($check, $password, $hash, $user_id) {
  83.    return true;
  84.   }
  85.  
  86.   /*
  87.    * Logout the user by redirecting them to the logout URI.
  88.    */
  89.   function logout() {
  90.    header('Location: ' . get_site_option('http_authentication_logout_uri'));
  91.    exit();
  92.   }
  93.  
  94.   /*
  95.    * Generate a password for the user. This plugin does not
  96.    * require the user to enter this value, but we want to set it
  97.    * to something nonobvious.
  98.    */
  99.   function generate_password($username, $password1, $password2) {
  100.    $password1 = $password2 = $this->_get_password();
  101.   }
  102.  
  103.   /*
  104.    * Used to disable certain display elements, e.g. password
  105.    * fields on profile screen.
  106.    */
  107.   function disable_password_fields($show_password_fields) {
  108.    return false;
  109.   }
  110.  
  111.   /*
  112.    * Used to disable certain login functions, e.g. retrieving a
  113.    * user's password.
  114.    */
  115.   function disable_function() {
  116.    die('Disabled');
  117.   }
  118.  
  119.  
  120.   /*************************************************************
  121.    * Functions
  122.    *************************************************************/
  123.  
  124.   /*
  125.    * Generate a random password.
  126.    */
  127.   function _get_password($length = 10) {
  128.    return substr(md5(uniqid(microtime())), 0, $length);
  129.   }
  130.  
  131.   /*
  132.    * Create a new WordPress account for the specified username.
  133.    */
  134.   function _create_user($username) {
  135.    $password = $this->_get_password();
  136.    $email_domain = get_site_option('http_authentication_auto_create_email_domain');
  137.  
  138.    require_once(ABSPATH . WPINC . DIRECTORY_SEPARATOR . 'registration.php');
  139.  
  140.    if (strpos($username, '@') !== FALSE) {
  141.     $email = $username;
  142.    } else {
  143.     $email = $username . '@' . $email_domain;
  144.    }
  145.  
  146.    // Use Apache header if defined for email.
  147.    if (!empty($_SERVER['HTTP_MAIL']))
  148.     $email = strtolower($_SERVER['HTTP_MAIL']);
  149.  
  150.    // Fill user_details array.
  151.    $user_details['user_login'] = $username;
  152.    $user_details['user_email'] = $email;
  153.    $user_details['user_pass'] = $password;
  154.    $user_details['nickname'] = $username;
  155.    // Use some Apache headers if defined for the remaining user details.
  156.    if (!empty($_SERVER['HTTP_REGISTEREDNAME']))
  157.     $user_details['display_name'] = $_SERVER['HTTP_REGISTEREDNAME'];
  158.    if (!empty($_SERVER['HTTP_GIVENNAME']))
  159.     $user_details['first_name'] = $_SERVER['HTTP_GIVENNAME'];
  160.    if (!empty($_SERVER['HTTP_SN']))
  161.     $user_details['last_name'] = $_SERVER['HTTP_SN'];
  162.  
  163.    // Create the user with all the available details.
  164.    $userid = wp_insert_user($user_details);
  165.  
  166.    do_action('wpmu_activate_user', $user_id, $password);
  167.  
  168.   }
  169.  
  170.   /*
  171.    * Display the options for this plugin.
  172.    */
  173.   function _display_options_page() {
  174.       if(is_site_admin() == false) {
  175.           wp_die( __('<p>You do not have permission to access this page.</p>') );
  176.       }
  177.  
  178.       if ($_POST['httpOptionsSave']) {
  179.    update_site_option('http_authentication_logout_uri', $_POST['http_authentication_logout_uri']);
  180.    update_site_option('http_authentication_auto_create_user', $_POST['http_authentication_auto_create_user']);
  181.    update_site_option('http_authentication_auto_create_email_domain', $_POST['http_authentication_auto_create_email_domain']);
  182.    ?>
  183.    <div id="message" class="updated fade"><p>< ?php _e('Options saved!'); ?></p></div>< ?php
  184.       }
  185.    $logout_uri = get_site_option('http_authentication_logout_uri');
  186.    $auto_create_user = (bool) get_site_option('http_authentication_auto_create_user');
  187.    $auto_create_email_domain = get_site_option('http_authentication_auto_create_email_domain');
  188.    ?>
  189. <div class="wrap">
  190.   <h2>HTTP Authentication Options</h2>
  191.   <form method="post">
  192.     <input type="hidden" name="action" value="update" />
  193.     <input type="hidden" name="page_options" value="http_authentication_logout_uri,http_authentication_auto_create_user,http_authentication_auto_create_email_domain" />
  194.     < ?php if (function_exists('wp_nonce_field')): wp_nonce_field('update-options'); endif; ?>
  195.  
  196.     <table class="form-table">
  197.       <tr valign="top">
  198.         <th scope="row"><label for="http_authentication_logout_uri">Logout URI</label></th>
  199.         <td>
  200.           <input type="text" name="http_authentication_logout_uri" id="http_authentication_logout_uri" value="<?php echo htmlspecialchars($logout_uri) ?/>" size="50" /><br />
  201.           Default is <code>< ?php echo htmlspecialchars(get_settings('home')); ?></code>; override to e.g. remove a cookie.
  202.         </td>
  203.       </tr>
  204.       <tr valign="top">
  205.         <th scope="row"><label for="http_authentication_auto_create_user">Automatically create accounts?</label></th>
  206.         <td>
  207.           <input type="checkbox" name="http_authentication_auto_create_user" id="http_authentication_auto_create_user"<?php if ($auto_create_user) echo ' checked="checked"' ?/> value="1" /><br />
  208.           Should a new user be created automatically if not already in the WordPress database?<br />
  209.           Created users will obtain the role defined under &quot;New User Default Role&quot; on the <a href="options-general.php">General Options</a> page.
  210.         </td>
  211.       </tr>
  212.       <tr valign="top">
  213.         <th scope="row"><label for="http_authentication_auto_create_email_domain">Email address domain</label></th>
  214.         <td>
  215.           <input type="text" name="http_authentication_auto_create_email_domain" id="http_authentication_auto_create_email_domain" value="<?php echo htmlspecialchars($auto_create_email_domain) ?/>" size="50" /><br />
  216.           When a new user logs in, this domain is used for the initial email address on their account. The user can change his or her email address by editing their profile.
  217.         </td>
  218.       </tr>
  219.     </table>
  220.     <p class="submit">
  221.       <input type="submit" name="httpOptionsSave" value="Save Changes" />
  222.     </p>
  223.   </form>
  224. </div>
  225. < ?php
  226.   }
  227.  }
  228. }
  229.  
  230. // Load the plugin hooks, etc.
  231. $http_authentication_plugin = new HTTPAuthenticationPlugin();
  232. ?>

0 commentaires à “WordPress MU: plugin d’authentification HTTP”

Flux RSS de cet article Adresse de trackback
  1. Aucun commentaire

Laisser un commentaire