'OWWLogin', 'version' => '2007/05/14', 'author' => 'Austin Che', 'url' => 'http://openwetware.org/wiki/User:Austin/Extensions/OWWLogin', 'description' => 'Allow subwikis to log in to OpenWetWare via OpenID', ); $wgHooks['SpecialPage_initList'][] = 'wfOWWLoginSpecialPages'; require_once("Auth/OpenID/FileStore.php"); if ($wgOpenWetWare) { require_once("OpenID/Server.php"); $wgOpenIDServerForceAllowTrust = array("/.*\.openwetware\.org/"); // OpenIDServerCheck() calls OpenIDGetUserURL in Consumer.php to check if user is openid user // but we don't allow openid users on the master wiki // have to define here instead of using the version in Consumer.php as that accesses the user_openid table which we don't have function OpenIDGetUserURL($user) { return null; } } else { require_once("OpenID/Consumer.php"); $wgOpenIDConsumerDenyByDefault = true; // don't allow people to login except from places we explicitly allow $wgOpenIDConsumerAllow = array("/openwetware\.org/"); } // not sure if different wikis can share the same location for the following // the consumer and server path definitely have to be different // once get memcached up, the following can be removed $wgOpenIDConsumerStoreType = 'file'; $wgOpenIDConsumerStorePath = "/tmp/openid/consumer"; $wgOpenIDServerStoreType = 'file'; $wgOpenIDServerStorePath = "/tmp/openid/server"; function getOWWUserPage($user) { $t = Title::newFromText($user, NS_USER); return "http://openwetware.org/wiki/User:" . $t->getPartialURL(); } function wfExtensionSpecialOWWLogin() { global $wgMessageCache, $wgOut, $wgRequest, $wgOpenWetWare; $wgMessageCache->addMessages(array('owwadmin' => 'Administer Accounts', 'owwpermissiondenied' => 'You are not allowed to login to this wiki.')); // from OpenID.php $wgMessageCache->addMessages(array('openidlogin' => 'Login with OpenID', 'openidfinish' => 'Finish OpenID login', 'openidserver' => 'OpenID server', 'openidconvert' => 'OpenID converter', 'openidlogininstructions' => 'Enter your OpenID identifier to log in:', 'openiderror' => 'Verification error', 'openiderrortext' => 'An error occured during verification of the OpenID URL.', 'openidconfigerror' => 'OpenID Configuration Error', 'openidconfigerrortext' => 'The OpenID storage configuration for this wiki is invalid. Please consult this site\'s administrator.', 'openidpermission' => 'OpenID permissions error', 'openidpermissiontext' => 'The OpenID you provided is not allowed to login to this server.', 'openidcancel' => 'Verification cancelled', 'openidcanceltext' => 'Verification of the OpenID URL was cancelled.', 'openidfailure' => 'Verification failed', 'openidfailuretext' => 'Verification of the OpenID URL failed.', 'openidsuccess' => 'Verification succeeded', 'openidsuccesstext' => 'Verification of the OpenID URL succeeded.', 'openidserverlogininstructions' => 'Enter your password below to log in to $3 as user $2 (user page $1).', 'openidtrustinstructions' => 'Check if you want to share data with $1.', 'openidallowtrust' => 'Allow $1 to trust this user account.', 'openidnopolicy' => 'Site has not specified a privacy policy.', 'openidpolicy' => 'Check the privacy policy for more information.', 'openidoptional' => 'Optional', 'openidrequired' => 'Required', 'openidnickname' => 'Nickname', 'openidfullname' => 'Fullname', 'openidemail' => 'Email address', 'openidlanguage' => 'Language', )); $action = $wgRequest->getText('action', 'view'); if ($action == 'view') { $title = $wgRequest->getText('title'); if (!isset($title) || strlen($title) == 0) { // If there's no title, and Cache404 is in use, check using its stuff if (defined('CACHE404_VERSION')) { if ($_SERVER['REDIRECT_STATUS'] == 404) { $url = getRedirectUrl($_SERVER); if (isset($url)) { $title = cacheUrlToTitle($url); } } } else { $title = wfMsg('mainpage'); } } $nt = Title::newFromText($title); // If the page being viewed is a user page, // generate the openid.server META tag and output // the X-XRDS-Location. See the OpenIDXRDS // special page for the XRDS output / generation // logic. if ($nt && ($nt->getNamespace() == NS_USER) && strpos($nt->getText(), '/') === false) { $user = User::newFromName($nt->getText()); if ($user && $user->isLoggedIn()) { if ($wgOpenWetWare) { $wgOut->addLink(array('rel' => 'openid.server', 'href' => OpenIDServerUrl())); $rt = Title::makeTitle(NS_SPECIAL, 'OpenIDXRDS/'.$user->getName()); $wgOut->addMeta('http:X-XRDS-Location', $rt->getFullURL()); header('X-XRDS-Location', $rt->getFullURL()); } else { $url = getOWWUserPage($user->getName()); $wgOut->setSubtitle("" . "OpenWetWare " . "$url" . ""); } } } } } function wfOWWLoginSpecialPages(&$list) { global $wgOpenWetWare; if ($wgOpenWetWare) { // Defined in OpenID extension // server $list['OpenIDServer'] = array('UnlistedSpecialPage', 'OpenIDServer'); $list['OpenIDXRDS'] = array('UnlistedSpecialPage', 'OpenIDXRDS'); } else { $list['OWWadmin'] = array('SpecialPage', 'OWWadmin', 'createaccount'); $list['Userlogin'] = array('SpecialPage', 'Userlogin', '', true, 'wfSpecialOWWLogin'); $list['OWWFinish'] = array('UnlistedSpecialPage', 'OWWFinish'); } return true; } function wfSpecialOWWFinish($par) { // mostly copied from wfSpecialOpenIDFinish but with the create account code removed // as we don't want people to be able to arbitrarily create accounts global $wgUser, $wgOut, $wgRequest, $wgOWWAllowAllUsers; if ($wgUser->isLoggedIn()) { OpenIDAlreadyLoggedIn(); if ($wgUser->isAllowed('createaccount') && !$wgOWWAllowAllUsers) $wgOut->addHTML("

To create an account, go to Special:OWWadmin"); return; } $consumer = OpenIDConsumer(); $response = $consumer->complete($_GET); if (!isset($response)) { $wgOut->errorpage('openiderror', 'openiderrortext'); return; } switch ($response->status) { case Auth_OpenID_CANCEL: // This means the authentication was cancelled. $wgOut->errorpage('openidcancel', 'openidcanceltext'); break; case Auth_OpenID_FAILURE: $wgOut->errorpage('openidfailure', 'openidfailuretext'); break; case Auth_OpenID_SUCCESS: // This means the authentication succeeded. $openid = $response->identity_url; $sreg = $response->extensionResponse('sreg'); if (!isset($openid) || !isset($sreg['nickname'])) { $wgOut->errorpage('openiderror', 'openiderrortext'); return; } $user = User::newFromName($sreg['nickname']); $userid = $user->getID(); if (!$userid && $wgOWWAllowAllUsers) { $user->addToDatabase(); $userid = User::idFromName($sreg['nickname']); } if ($userid) { OpenIDUpdateUser($user, $sreg); $wgUser = $user; $wgUser->setOption('rememberpassword', 1); // *** hack to always save login credentials $wgUser->saveSettings(); OpenIDFinishLogin($openid); } else { $wgOut->errorpage('openiderror', 'owwpermissiondenied'); } } } function wfSpecialOWWadmin($par) { global $wgRequest, $wgUser, $wgOut; $wgOut->setPagetitle("Local Wiki Access"); $username = $wgRequest->getText('username'); if (isset($username) && strlen($username) > 0) { $username = ucfirst($username); $userid = User::idFromName($username); if ($wgRequest->getBool('add')) { if ($userid) $wgOut->addWikiText("User [[User:$username|$username]] already has access!"); else { // add new user to database $user = User::newFromName($username); $user->addToDatabase(); if (!$user->getID()) $wgOut->addHTML("Error adding user $username!"); else $wgOut->addWikiText("User [[User:$username|$username]] added."); } } else if ($wgRequest->getBool('remove')) { if ($wgUser->getName() == $username) $wgOut->addHTML("You cannot remove access for yourself!"); else if (!$userid) $wgOut->addHTML("User $username does not have access!"); else { // remove user from database $dbw =& wfGetDB( DB_MASTER ); $dbw->delete('user', array('user_name' => $username)); $wgOut->addWikiText("User [[User:$username|$username]] removed."); } } else $wgOut->addHTML("

Not sure what to do with $username!"); } // display form $sk = $wgUser->getSkin(); $wgOut->addHTML("

Enter an OpenWetWare user name to permit or deny access to this wiki:

" . '
' . '' . '' . '' . '
' . "

See all users at Special:Listusers"); } function wfSpecialOWWLogin($par) { global $wgRequest, $wgUser, $wgOut; if ($wgUser->isLoggedIn()) { OpenIDAlreadyLoggedIn(); if ($wgUser->isAllowed('createaccount')) $wgOut->addHTML("

To create an account, go to Special:OWWadmin"); return; } $username = User::getCanonicalName($wgRequest->getText('wpName')); if ($username && strlen($username) > 0) { OpenIDLogin(getOWWUserPage($username), "OWWFinish"); } else { global $wgCookiePrefix; $username = $_COOKIE[$wgCookiePrefix.'UserName'] ? $_COOKIE[$wgCookiePrefix.'UserName'] : $_COOKIE['owwdbUserName']; $sk = $wgUser->getSkin(); $ok = wfMsg('login'); $wgOut->setPagetitle("OpenWetWare Login"); $wgOut->addHTML("Enter your OpenWetWare user name to log in:

" . '
' . '' . '' . '

' . 'Note: You cannot be currently logged in to OpenWetWare as a different user.
You need to be either not logged in or logged in as the above user.'); } } // from OpenID.php function getOpenIDStore($storeType, $prefix, $options) { global $wgOut; switch ($storeType) { case 'memcached': case 'memc': require_once("OpenID/MemcStore.php"); return new OpenID_MemcStore($prefix); case 'file': return new Auth_OpenID_FileStore($options['path']); default: $wgOut->errorPage('openidconfigerror', 'openidconfigerrortext'); } } ?>