1
rlankford
Xoops 2.0.18.1 - class/auth/auth_provisioning.php
  • 2008/5/15 17:28

  • rlankford

  • Not too shy to talk

  • Posts: 158

  • Since: 2004/8/27


I have a question about some code in the core. This may have been changed in more recent versions. It might not have either. Here goes...

In the change function, your basically setting up the XOOPS User account with data pulled from somewhere else. In my case, it's from a LDAP. My problem is the email field. Sometimes, an e-mail address isn't present in the LDAP for a given user account. When this happens, the change function tries to load in the e-mail (which is an empty string) and gets an error. This is because the XoopsUser object is defines e-mail as a required field.

So there seems to be a slight disconnect here. Now, I could update the core very easily and literally "create" the e-mail address in real time since our company's e-mail addresses are name@company.com ... and we have the name they logged in with. So, I can solve this problem for myself. The general XOOPS community, however, might have a bit of a problem. There should be some error handling in this function to account for required XoopsUser fields that are not present in the $datas variable. It errors out right now. That's OK, I suppose. But the result is that some subset of your users simply won't be able to log on if there is something wrong with their LDAP account. Compounding this is the fact that they won't know it's their LDAP account that's the problem and may never need to bother with even trying to tell you (the webmaster) about the problem.

It would probably be better if the "Xoops-Auth server fields mapping" parameter in the "Authentication Options" screen would allow you to not only define field mappings, but also designate default values for those fields if they are missing (or maybe if they are missing *and* required).

Bonus points if you can specify certain variables so that you can create default values on the fly. For instance instead of this value:

Quote:

name=cn|email=mail


maybe you could expand it into something like this:

Quote:

name=cn|email=mail;{name}@company.com


The above would mean that the name variable in XoopsUser gets the cn field in the LDAP database. The email variable in XoopsUser gets the mail field in the LDAP database. But if that value is missing, it gets the name of the user plus "@company.com" as the value instead. The {name} means use the name variable that's already defined and the rest is just a literal string.

Does anyone else think this is a good idea. My vesion is a little old now, maybe this has already been worked on. I wish I had a little more time or I'd implement it myself and provide the code. Wait long enough and I just might do that! :)

2
rlankford
Re: Xoops 2.0.18.1 - class/auth/auth_provisioning.php
  • 2008/5/15 17:37

  • rlankford

  • Not too shy to talk

  • Posts: 158

  • Since: 2004/8/27


For what it's worth, here's my simple hack to the core that gets around my immediate problem:

original code:

/**
     *  Modify user information
     *
     * @return bool
     */        
    
function change(&$xoopsUser$datas$uname$pwd null) {    
        
$ret false;
        
$member_handler =& xoops_gethandler('member');
        
$xoopsUser->setVar('pass'md5(stripslashes($pwd)));
        
$tab_mapping explode('|'$this->ldap_field_mapping);
        foreach (
$tab_mapping as $mapping) {
            
$fields explode('='trim($mapping));
            if (
$fields[0] && $fields[1])
                
$xoopsUser->setVar(trim($fields[0]), utf8_decode($datas[trim($fields[1])][0]));
        }
        if (
$member_handler->insertUser($xoopsUser)) {
            return 
$xoopsUser;
        } else 
redirect_header(XOOPS_URL.'/user.php'5$xoopsUser->getHtmlErrors());         
        return 
$ret;
    }


new code (NOT THE IDEAL SOLUTION!!):

/**
     *  Modify user information
     *
     * @return bool
     */        
    
function change(&$xoopsUser$datas$uname$pwd null) {    
        
$ret false;
        
$member_handler =& xoops_gethandler('member');
        
$xoopsUser->setVar('pass'md5(stripslashes($pwd)));
    
$tab_mapping explode('|'$this->ldap_field_mapping);
    foreach (
$tab_mapping as $mapping) {
            
$fields explode('='trim($mapping));
            if (
$fields[0] && $fields[1]) {
                
$var_name trim($fields[0]);
                
$var_value utf8_decode($datas[trim($fields[1])][0]);
                
$required $xoopsUser->vars[$var_name]['required'];
            if ((
$required) && ($var_value == ""))  {
                    if (
$var_name == "email") {
                        
$var_value $uname "@company.com";
                    } else {
                        
$var_value "0";    
                }
            } 
                
$xoopsUser->setVar($var_name$var_value);
            }
    }
        if (
$member_handler->insertUser($xoopsUser)) {
            return 
$xoopsUser;
        } else 
redirect_header(XOOPS_URL.'/user.php'5$xoopsUser->getHtmlErrors());         
        return 
$ret;
    }

Login

Who's Online

233 user(s) are online (192 user(s) are browsing Support Forums)


Members: 0


Guests: 233


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits