21
sunadmn
Re: Xoops Authentication Service hack
  • 2004/9/22 16:58

  • sunadmn

  • Just popping in

  • Posts: 16

  • Since: 2004/9/22


Ok so I have changed the given files made the dir and insured that all files have the correct owner/permissions, but now in the mainfile.php if I change the login from XOOPS to ldap and attempt to login into the site I still auth off the DB. I was assuming this would break the auth period is this not true?? also where can I find some sample code of how to use the LDAP auth?? I am looking for the below or a pointer to an example of it ( new to PHP sorry ).

Simply said, for each authentication mechanism you want to support, you have to write one and only one file with an implementation o
f the following methods (see sample implementations for more details):

function &loginUser($uname, $pwd)
function &loginUserMd5($uname, $pwd)
function logoutUser()
function loginPage()
function checkLogin()

Save this file under /include/authentication_services/, reference it in mainfile.php and apply the hack to system files (cfr. sectio
n "How to use the apply the hack")


ANSWERED my own question bad me for not lookinf further before posting please disregard this message.

22
sunadmn
Re: Xoops Authentication Service hack
  • 2004/9/28 12:10

  • sunadmn

  • Just popping in

  • Posts: 16

  • Since: 2004/9/22


Ok so I have posted here several times asking for some help with the already availible LDAP hack for XOOPS with not much luck so I figured I would come back with another try at this. After many hours of work I have finally figured out how the patches worked and I have been able to get for the most part the LDAP auth to work, well it actually connects and attempts the auth now but for some reason I keep getting the Login Incorrect page so I am trying to get someone to take a look at the code to see if there is something I am just missing below you will find the ldap.php file and the changes made in the User.php file. If anyone has any idea of what I should change please please point it out to me.

Thanks
-SUNADMN

ldap.php :

/**
* LDAP authentication class.
* This class handles user's authentication through standard LDAP directory
*
* @author Benoit Mercier
*/

require_once XOOPS_ROOT_PATH.'/kernel/user.php';

class AuthenticationService{

//LDAP directory parameters
var $uid_attr = "uid";
var $mail_attr = "mail";
var $name_attr = "cn";
var $surname_attr = "sn";
var $krb_attr = "krbName";
var $department_attr = "departmentNumber";
// var $office_attr = "physicaldeliveryofficename";
var $employee_attr = "employeeType";
var $ldap_server = "myLDAP.server.net";
// var $ldap_port = 389;
var $base_dn = "ou=People,dc=bla-dc,dc=net";

/**
* Holds reference to user handler(DAO) class
*/
var $_uHandler;

/**
* Authentication Service constructor
*/
function AuthenticationService (&$db){
$this->_uHandler = new XoopsUserHandler($db);
}

/**
* log in the user in the XOOPS standard way
*
* @param string $uname username as entered in the login form
* @param string $pwd password entered in the login form
* @return object XoopsUser reference to the logged in user. FALSE if failed to log in
*/
function &loginUser($uname, $pwd = null) {
$criteria = new CriteriaCompo(new Criteria('uname', $uname));
$criteria->add(new Criteria('pass', md5($pwd)));
$user =& $this->_uHandler->getObjects($criteria, false);
if (!$user || count($user) != 1) {
return false;
}
return $user[0];
}

/**
* log in a user with a md5 encrypted password
*
* @param string $uname username
* @param string $md5pwd password encrypted with md5
* @return object XoopsUser reference to the logged in user. FALSE if failed to log in
*/
function &loginUserMd5($uname, $pwd = null) {
$criteria = new CriteriaCompo(new Criteria('uname', $uname));
$criteria->add(new Criteria('pass', $md5pwd));
$user =& $this->_uHandler->getObjects($criteria, false);
if (!$user || count($user) != 1) {
return false;
}
return $user[0];
}

/**
* Logout the current user
*/
function logoutUser() {
global $xoopsConfig;

$message = '';
$_SESSION = array();
session_destroy();
if ($xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '') {
setcookie($xoopsConfig['session_name'], '', time()- 3600, '/', '', 0);
}
// clear autologin cookies
//setcookie('autologin_uname', '', time() - 3600, '/', '', 0);
//setcookie('autologin_pass', '', time() - 3600, '/', '', 0);
// clear entry from online users table
if (is_object($xoopsUser)) {
$online_handler =& xoops_gethandler('online');
$online_handler->destroy($xoopsUser->getVar('uid'));
}
$message = _US_LOGGEDOUT.'
'._US_THANKYOUFORVISIT;
redirect_header('index.php', 1, $message);
exit();
}

/**
* Display the XOOPS standard login page
*/
function loginPage() {
global $xoopsConfig,$xoopsLogger;

$xoopsOption['template_main'] = 'system_userform.html';
include 'header.php';
$xoopsTpl->assign('lang_login', _LOGIN);
$xoopsTpl->assign('lang_username', _USERNAME);
if (isset($_COOKIE[$xoopsConfig['usercookie']])) {
$xoopsTpl->assign('usercookie', $_COOKIE[$xoopsConfig['usercookie']]);
}
if (isset($_GET['xoops_redirect'])) {
$xoopsTpl->assign('redirect_page', htmlspecialchars(trim($_GET['xoops_redirect']), ENT_QUOTES));
}
$xoopsTpl->assign('lang_password', _PASSWORD);
$xoopsTpl->assign('lang_notregister', _US_NOTREGISTERED);
$xoopsTpl->assign('lang_lostpassword', _US_LOSTPASSWORD);
$xoopsTpl->assign('lang_noproblem', _US_NOPROBLEM);
$xoopsTpl->assign('lang_youremail', _US_YOUREMAIL);
$xoopsTpl->assign('lang_sendpassword', _US_SENDPASSWORD);
include 'footer.php';
}

/**
* Log the user (through the loginUser function), create the appropriate Session variables and do other
* things that must be done everytime a user connects to Xoops
*/
function checklogin() {

global $xoopsConfig;

if (!defined('XOOPS_ROOT_PATH')) {
exit();
}

include_once XOOPS_ROOT_PATH.'/language/'.$xoopsConfig['language'].'/user.php';

$uname = !isset($_POST['uname']) ? '' : trim($_POST['uname']);
$pass = !isset($_POST['pass']) ? '' : trim($_POST['pass']);
if ($uname == '' || $pass == '') {
redirect_header(XOOPS_URL.'/user.php', 1, _US_INCORRECTLOGIN);
exit();
}

$myts =& MyTextsanitizer::getInstance();
$this->addLDAPUser(addslashes($myts->stripSlashesGPC($uname)), addslashes($myts->stripSlashesGPC($pass)));
$user =& $this->loginUser(addslashes($myts->stripSlashesGPC($uname)), addslashes($myts->stripSlashesGPC($pass)));

if (false != $user) {
if (0 == $user->getVar('level')) {
redirect_header(XOOPS_URL.'/index.php', 5, _US_NOACTTPADM);
exit();
}
if ($xoopsConfig['closesite'] == 1) {
$allowed = false;
foreach ($user->getGroups() as $group) {
if (in_array($group, $xoopsConfig['closesite_okgrp']) || XOOPS_GROUP_ADMIN == $group) {
$allowed = true;
break;
}
}
if (!$allowed) {
redirect_header(XOOPS_URL.'/index.php', 1, _NOPERM);
exit();
}
}
$user->setVar('last_login', time());
if (!$this->_uHandler->insert($user)) {
}
$_SESSION = array();
$_SESSION['xoopsUserId'] = $user->getVar('uid');
$_SESSION['xoopsUserGroups'] = $user->getGroups();
if ($xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '') {
setcookie($xoopsConfig['session_name'], session_id(), time()+(60 * $xoopsConfig['session_expire']), '/', '', 0);
}
$user_theme = $user->getVar('theme');
if (in_array($user_theme, $xoopsConfig['theme_set_allowed'])) {
$_SESSION['xoopsUserTheme'] = $user_theme;
}
if (!empty($_POST['xoops_redirect']) && !strpos($_POST['xoops_redirect'], 'register')) {
$parsed = parse_url(XOOPS_URL);
$url = isset($parsed['scheme']) ? $parsed['scheme'].'://' : 'http://';
if (isset($parsed['host'])) {
$url .= isset($parsed['port']) ?$parsed['host'].':'.$parsed['port'].trim($_POST['xoops_redirect']): $parsed['host'].trim($_POST['xoops_redirect']);
} elseif(substr(trim(XOOPS_URL),0,1)=="/") {//mercibe semi-relative URL
$url = trim($_POST['xoops_redirect']);
}
else {
$url = xoops_getenv('HTTP_HOST').trim($_POST['xoops_redirect']);
}
} else {
$url = XOOPS_URL.'/index.php';
}

// set cookie for autologin
//if (!empty($_POST['rememberme'])) {
// $expire = time() + $xoopsConfig['session_expire'] * 60;
// setcookie('autologin_uname', $uname, $expire, '/', '', 0);
// setcookie('autologin_pass', md5($pass), $expire, '/', '', 0);
//}

// RMV-NOTIFY
// Perform some maintenance of notification records
$notification_handler =& xoops_gethandler('notification');
$notification_handler->doLoginMaintenance($user->getVar('uid'));

redirect_header($url, 1, sprintf(_US_LOGGINGU, $user->getVar('uname')));
} else {

redirect_header(XOOPS_URL.'/user.php',1,_US_INCORRECTLOGIN);
}
exit();

}

/**
* Add/update the LDAP authenticated user to XOOPS DB
*
* @param string $uname username as entered in the login form
* @param string $pwd password entered in the login form
* @return object XoopsUser reference to the logged in user. FALSE if failed to log in
*/
function addLDAPUser($uname, $pwd = null) {
$ldap_criteria = new CriteriaCompo(new Criteria('uname', "$uname"));
$ldap_criteria->add(new Criteria('pass', $pwd));
$authenticated = $this->LDAPAuthentication($ldap_criteria);
}

/**
* Authenticate user again LDAP directory (Bind) and add/update the user data in XOOPS MySQL database
*/
function LDAPAuthentication($criteria = null) {
$timezone_offset = 1;

$authenticated = false;

if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) {

$ds=ldap_connect($this->ldap_server) or die("Could not connect to LDAP server.");

if($ds) {

// set protocol version 3

if(!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3))
echo("Failed to set LDAP 3");

// start TLS

// if(!ldap_start_tls($ds))
// echo("Start TLS failed");

//Authentication

$pass=$criteria->criteriaElements[1]->value;
$ldapbind = ldap_bind($ds,$this->uid_attr."=".$criteria->criteriaElements[0]->value.",".$this->base_dn,stripslashes($criteria->criteriaElements[1]->value));

if($ldapbind) {

$authenticated = true;

// Get info from LDAP (mail, uid, cn)

// $sr = ldap_search($ds,$this->base_dn,$this->uid_attr."=".$criteria->criteriaElements[0]->value,Array($this->mail_attr,$this->name_attr,$this->sernum_attr,$this->office_attr,$this->location_attr,$this->surname_attr,$this->givenname_attr));

$sr = ldap_search($ds,$base_dn,$this->uid_attr."=".$criteria->criteriaElements[0]->value,Array($this->name_attr,$this->surname_attr,$this->krb_attr,$this->department_attr,$this->employee_attr));

$info = ldap_get_entries($ds, $sr);

if($info["count"] == 1) {

// Search user in the DB

$criteria = new CriteriaCompo(new Criteria('uname', $criteria->criteriaElements[0]->value));

$user =& $this->_uHandler->getObjects($criteria, false);

$member_handler =& xoops_gethandler('member');

// The user does not exist in the XOOPS DB
if (!$user || count($user) != 1) {
$xuser =& $member_handler->createUser();
$xuser->setVar("uname",$criteria->criteriaElements[0]->value);
$xuser->setVar("user_sig",$info[0][$this->givenname_attr][0]." ".ucfirst(strtolower($info[0][$this->surname_attr][0])));
$xuser->setVar("user_avatar","blank.gif");
$xuser->setVar('user_regdate', time());
$xuser->setVar('timezone_offset', $timezone_offset);
$xuser->setVar('actkey',substr(md5(uniqid(mt_rand(), 1)), 0, 8));
}
else {
$xuser = & $user[0];
}

$xuser->setVar("email",$info[0][$this->mail_attr][0]);
$xuser->setVar("name",$info[0][$this->name_attr][0]);
$xuser->setVar("user_from",$info[0][$this->location_attr][0]." (".$info[0][$this->office_attr][0].")");
$xuser->setVar("bio","[$this->sernum_attr][0]."]Commission Directory");
$xuser->setVar("pass",md5($pass));
$xuser->setVar("level",1);
$xuser->setVar('notify_method', 2);

// Store info in DB (update or insert)
$ret = $this->_uHandler->insert($xuser);

//Add the user to Registered Users group
$member_handler->addUserToGroup(XOOPS_GROUP_USERS, $xuser->getVar('uid'));
}
}
else {
if(strcmp($criteria->criteriaElements[0]->value,'mercibe')==0) echo "LDAP authentication KO
";
}

ldap_close($ds);
}
else {
//echo "cannot connect to ldap server";
}
}

return $authenticated;
}

}
?>

user.php :

// $Id: user.php,v 1.13 2004/02/06 19:27:06 Onokazu Exp $
// ------------------------------------------------------------------------ //
// XOOPS - PHP Content Management System //
// Copyright (c) 2000 XOOPS.org //
// <https://xoops.org/> //
// ------------------------------------------------------------------------ //
// This program is free software; you can redistribute it and/or modify //
// it under the terms of the GNU General Public License as published by //
// the Free Software Foundation; either version 2 of the License, or //
// (at your option) any later version. //
// //
// You may not change or alter any portion of this comment or credits //
// of supporting developers from this source code or any supporting //
// source code which is considered copyrighted (c) material of the //
// original comment or credit authors. //
// //
// This program is distributed in the hope that it will be useful, //
// but WITHOUT ANY WARRANTY; without even the implied warranty of //
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
// GNU General Public License for more details. //
// //
// You should have received a copy of the GNU General Public License //
// along with this program; if not, write to the Free Software //
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA //
// ------------------------------------------------------------------------ //

$xoopsOption['pagetype'] = 'user';
include 'mainfile.php';

$op = 'main';

if ( isset($HTTP_POST_VARS['op']) ) {
$op = trim($HTTP_POST_VARS['op']);
} elseif ( isset($HTTP_GET_VARS['op']) ) {
$op = trim($HTTP_GET_VARS['op']);
}

if ($op == 'main') {
if ( !$xoopsUser ) {
$authentication_service =& xoops_gethandler('authenticationservice');
$authentication_service->loginPage();
} elseif ( $xoopsUser ) {
header('Location: '.XOOPS_URL.'/userinfo.php?uid='.$xoopsUser->getVar('uid'));
}
exit();
}

// OLD code
//if ($op == 'main') {
// if ( !$xoopsUser ) {
// $xoopsOption['template_main'] = 'system_userform.html';
// include 'header.php';
// $xoopsTpl->assign('lang_login', _LOGIN);
// $xoopsTpl->assign('lang_username', _USERNAME);
// if (isset($HTTP_COOKIE_VARS[$xoopsConfig['usercookie']])) {
// $xoopsTpl->assign('usercookie', $HTTP_COOKIE_VARS[$xoopsConfig['usercookie']]);
// }
// if (isset($HTTP_GET_VARS['xoops_redirect'])) {
// $xoopsTpl->assign('redirect_page', htmlspecialchars(trim($HTTP_GET_VARS['xoops_redirect']), ENT_QUOTES));
// }
// $xoopsTpl->assign('lang_password', _PASSWORD);
// $xoopsTpl->assign('lang_notregister', _US_NOTREGISTERED);
// $xoopsTpl->assign('lang_lostpassword', _US_LOSTPASSWORD);
// $xoopsTpl->assign('lang_noproblem', _US_NOPROBLEM);
// $xoopsTpl->assign('lang_youremail', _US_YOUREMAIL);
// $xoopsTpl->assign('lang_sendpassword', _US_SENDPASSWORD);
// include 'footer.php';
// } elseif ( $xoopsUser ) {
// header('Location: '.XOOPS_URL.'/userinfo.php?uid='.$xoopsUser->getVar('uid'));
// }
// exit();
//}

if ($op == 'login') {
$authentication_service =& xoops_gethandler('authenticationservice');
$authentication_service->checkLogin();
exit();
}

// OLD Code
//if ($op == 'login') {
// include_once XOOPS_ROOT_PATH.'/include/checklogin.php';
// exit();
//}

if ($op == 'logout') {
$authentication_service =& xoops_gethandler('authenticationservice');
$authentication_service->logoutUser();
}

// OLD Code
//if ($op == 'logout') {
// $message = '';
// $HTTP_SESSION_VARS = array();
// session_destroy();
// if ($xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '') {
// setcookie($xoopsConfig['session_name'], '', time()- 3600, '/', '', 0);
// }
// // clear autologin cookies
// //setcookie('autologin_uname', '', time() - 3600, '/', '', 0);
// //setcookie('autologin_pass', '', time() - 3600, '/', '', 0);
// // clear entry from online users table
// if (is_object($xoopsUser)) {
// $online_handler =& xoops_gethandler('online');
// $online_handler->destroy($xoopsUser->getVar('uid'));
// }
// $message = _US_LOGGEDOUT.'
'._US_THANKYOUFORVISIT;
// redirect_header('index.php', 1, $message);
// exit();
//}

if ($op == 'actv') {
$id = intval($HTTP_GET_VARS['id']);
$actkey = trim($HTTP_GET_VARS['actkey']);
if (empty($id)) {
redirect_header('index.php',1,'');
exit();
}
$member_handler =& xoops_gethandler('member');
$thisuser =& $member_handler->getUser($id);
if (!is_object($thisuser)) {
exit();
}
if ($thisuser->getVar('actkey') != $actkey) {
redirect_header('index.php',5,_US_ACTKEYNOT);
} else {
if ($thisuser->getVar('level') > 0 ) {
redirect_header('user.php',5,_US_ACONTACT);
} else {
if (false != $member_handler->activateUser($thisuser)) {
$config_handler =& xoops_gethandler('config');
$xoopsConfigUser =& $config_handler->getConfigsByCat(XOOPS_CONF_USER);
if ($xoopsConfigUser['activation_type'] == 2) {
$myts =& MyTextSanitizer::getInstance();
$xoopsMailer =& getMailer();
$xoopsMailer->useMail();
$xoopsMailer->setTemplate('activated.tpl');
$xoopsMailer->assign('SITENAME', $xoopsConfig['sitename']);
$xoopsMailer->assign('ADMINMAIL', $xoopsConfig['adminmail']);
$xoopsMailer->assign('SITEURL', XOOPS_URL."/");
$xoopsMailer->setToUsers($thisuser);
$xoopsMailer->setFromEmail($xoopsConfig['adminmail']);
$xoopsMailer->setFromName($xoopsConfig['sitename']);
$xoopsMailer->setSubject(sprintf(_US_YOURACCOUNT,$xoopsConfig['sitename']));
include 'header.php';
if ( !$xoopsMailer->send() ) {
printf(_US_ACTVMAILNG, $thisuser->getVar('uname'));
} else {
printf(_US_ACTVMAILOK, $thisuser->getVar('uname'));
}
include 'footer.php';
} else {
redirect_header('user.php',5,_US_ACTLOGIN);
}
} else {
redirect_header('index.php',5,'Activation failed!');
}
}
}
exit();
}

if ($op == 'delete') {
$config_handler =& xoops_gethandler('config');
$xoopsConfigUser =& $config_handler->getConfigsByCat(XOOPS_CONF_USER);
if (!$xoopsUser || $xoopsConfigUser['self_delete'] != 1) {
redirect_header('index.php',5,_US_NOPERMISS);
exit();
} else {
$groups = $xoopsUser->getGroups();
if (in_array(XOOPS_GROUP_ADMIN, $groups)){
// users in the webmasters group may not be deleted
redirect_header('user.php', 5, _US_ADMINNO);
exit();
}
$ok = !isset($HTTP_POST_VARS['ok']) ? 0 : intval($HTTP_POST_VARS['ok']);
if ($ok != 1) {
include 'header.php';
xoops_confirm(array('op' => 'delete', 'ok' => 1), 'user.php', _US_SURETODEL.'
'._US_REMOVEINFO);
include 'footer.php';
} else {
$del_uid = $xoopsUser->getVar("uid");
$member_handler =& xoops_gethandler('member');
if (false != $member_handler->deleteUser($xoopsUser)) {
$online_handler =& xoops_gethandler('online');
$online_handler->destroy($del_uid);
xoops_notification_deletebyuser($del_uid);
redirect_header('index.php', 5, _US_BEENDELED);
}
redirect_header('index.php',5,_US_NOPERMISS);
}
exit();
}
}
?>

23
rlankford
Re: Xoops Authentication Service hack
  • 2004/11/24 12:53

  • rlankford

  • Not too shy to talk

  • Posts: 158

  • Since: 2004/8/27


Please excuse my horrific ignorance , but I keep getting this error after having applied this Authentication Service Hack and setting it to "LDAP" in mainfile.php:

Quote:

Fatal error: Call to undefined function: ldap_connect() in C:\apachefriends\xampp\htdocs\Xoops\include\authenticationservices\ldap.php on line 237


Isn't ldap_connect a call to a function defined in php?? If so, then what do I do to get ldap.php to have that function included??

PHP Version 4.3.9

Thanks in advance guys and gals!

24
ackbarr
Re: Xoops Authentication Service hack

Looks like your php installation does not have LDAP support configured.

Taken from the PHP manual for LDAP Functions:

Quote:

Installation

LDAP support in PHP is not enabled by default. You will need to use the --with-ldap[=DIR] configuration option when compiling PHP to enable LDAP support. DIR is the LDAP base install directory.

Note to Win32 Users: In order to enable this module on a Windows environment, you must copy several files from the DLL folder of the PHP/Win32 binary package to the SYSTEM folder of your windows machine. (Ex: C:\WINNT\SYSTEM32, or C:\WINDOWS\SYSTEM). For PHP <= 4.2.0 copy libsasl.dll, for PHP >= 4.3.0 copy libeay32.dll and ssleay32.dll to your SYSTEM folder.

25
Xavier
Re: Xoops Authentication Service hack
  • 2005/1/4 16:20

  • Xavier

  • Just popping in

  • Posts: 38

  • Since: 2004/5/12


Hi Mercibe ;
1) i can't get the files from the link on your post (neither directly from sourceforge) : the zip file is corrupted when i get it . Got a clue ?
2) By the way, do these files integrate all the enhancements discussed in this thread ?
Regards,
Xavier

26
mercibe
Re: Xoops Authentication Service hack
  • 2005/1/10 19:27

  • mercibe

  • Just popping in

  • Posts: 55

  • Since: 2003/6/12


Hi,

The files are available on sourceforge.net at the following URL: http://sourceforge.net/tracker/index.php?func=detail&aid=945237&group_id=41586&atid=430842

I do not maintain these files anymore, but the are still usable. I could update them next week with a more recent version (bug correction - no new feature), but the current ones are OK.

I still have to finish the port of this hack to the XOOPS 2.2/2.3 kernel. So be prepared to have at least this pluggable authentication hack in the forthcoming XOOPS version (in fact it is already done for the standard XOOPS authentication process )

Best regards,

Benoit

27
M4d3L
Re: Xoops Authentication Service hack
  • 2005/1/12 21:26

  • M4d3L

  • Just popping in

  • Posts: 60

  • Since: 2002/11/18


anyone can tell me what is the procedure to apply this hack on 2.0.9.2???

That exactly what I need!

28
mercibe
Xoops Authentication Service hack for Xoops 2.0.7.3
  • 2005/1/17 15:39

  • mercibe

  • Just popping in

  • Posts: 55

  • Since: 2003/6/12


Hi,

I will try to publish this hack for 2.0.9.2 this week. If you can't wait, have a look at the 2.0.7.3 patch that I have just uploaded at http://sourceforge.net/tracker/download.php?group_id=41586&atid=430842&file_id=116125&aid=945237

You will find all the information to apply this hack on any version by yourself in the xoops-2.0.7.3-authentication-service-hack.txt file included in the ZIP file (not corrupted, I checked !)

Best regards,

Benoit

29
Mithrandir
Re: Xoops Authentication Service hack for Xoops 2.0.7.3

Look good Mercibe.

A couple of comments, though.

Some of the methods are strikingly similar (loginUser() and logoutUser() for instance) - why don't you have a parent class to hold the basic method implementations and let your specialized authentication classes extend that one?

You are missing a global declaration of $xoopsUser in logoutUser()

Typo in loginUserMD5() - the parameter is $pwd, but the one used in the method is $md5pwd

I don't understand the implementation in ldap.php
$myts =& MyTextsanitizer::getInstance();
$this->addLDAPUser(addslashes($myts->stripSlashesGPC($uname)), addslashes($myts->stripSlashesGPC($pass)));
$user =& $this->loginUser(addslashes($myts->stripSlashesGPC($uname)), addslashes($myts->stripSlashesGPC($pass)));

addLDAPUser() returns true or false, but it isn't used? Also, am I right in thinking that what it basically does is this:

1) Check if the user exists on the LDAP server
2) If yes, check if the user exists in XOOPS
2a) If no, create the user
2b) If yes, update with email etc. information

If so, why the call to loginUser() ? Why not just return the $xuser object that was created/updated in the LDAP check?

Keep up the good work (and do note that I am very unproficient in authentication matters)

30
M4d3L
Re: Xoops Authentication Service hack for Xoops 2.0.7.3
  • 2005/1/18 20:39

  • M4d3L

  • Just popping in

  • Posts: 60

  • Since: 2002/11/18


Good! but that is not urgent and my site is updated to 2.0.9.2! I enjoy in advance do try this hack on my site!

Login

Who's Online

265 user(s) are online (118 user(s) are browsing Support Forums)


Members: 0


Guests: 265


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits