1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/dotclear2_ynh.git synced 2024-09-03 18:26:29 +02:00
This commit is contained in:
Kayou 2019-03-01 22:48:44 +01:00
parent 45f92cbd06
commit bf2cf589d6
No known key found for this signature in database
GPG key ID: 823A2CBE071D3126

View file

@ -1,65 +1,59 @@
<?php <?php
class myDcAuth extends dcAuth class myDcAuth extends dcAuth
{ {
# L'utilisateur n'a pas le droit de changer son mot de passe # The user can't change his password
protected $allow_pass_change = false; protected $allow_pass_change = false;
# La méthode de vérification du mot de passe
public function checkUser($user_id, $pwd=null, $user_key=null, $check_blog=true) public function checkUser($user_id, $pwd=null, $user_key=null, $check_blog=true)
{ {
# Pas de mot de passe, on appelle la méthode parente.
if ($pwd == '') { if ($pwd == '') {
return parent::checkUser($user_id, null, $user_key, $check_blog); return parent::checkUser($user_id, null, $user_key, $check_blog);
} }
# On démarre une transaction et on ouvre un curseur sur la
# table utilisateur de Dotclear pour créer ou modifier
# l'utilisateur.
$this->con->begin(); $this->con->begin();
$cur = $this->con->openCursor($this->user_table); $cur = $this->con->openCursor($this->user_table);
# parmetre de configuration pour l'interface PHP pour administrer # LDAP parameter
# notre annuaire LDAP
$server = "localhost"; $server = "localhost";
$port = "389"; $port = "389";
$racine = "dc=yunohost,dc=org"; $racine = "dc=yunohost,dc=org";
#connection au serveur ldap # LDAP connection
$ds=ldap_connect($server); $ds=ldap_connect($server);
ldap_set_option ($ds, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option ($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
if (ldap_bind($ds,"uid=".$user_id.",ou=users,dc=yunohost,dc=org",$pwd)) if (ldap_bind($ds,"uid=".$user_id.",ou=users,dc=yunohost,dc=org",$pwd))
{ {
# On définit le mot de passe, il est inséré dans tous les cas. # Store the password
$cur->user_pwd = $pwd; $cur->user_pwd = $pwd;
# Si l'utilisateur existe, nous allons uniquement mettre à jour # If the user exist, then we just update his password.
# son mot de passe dans la table utilisateur de Dotclear.
if ($this->core->userExists($user_id)) if ($this->core->userExists($user_id))
{ {
$this->sudo(array($this->core,'updUser'),$user_id,$cur); $this->sudo(array($this->core,'updUser'),$user_id,$cur);
$this->con->commit(); $this->con->commit();
} }
# Si l'utilisateur n'existe pas, nous allons le créer. # If not, we create him.
# Afin qu'il puisse se connecter, il est nécessaire de lui donner # In order for him to connect,
# au moins une permission "usage" sur le blog "default". # it is necessary to give him at least
# a permission "usage" on the blog "default".
else else
{ {
#on recherche l'utilisateur dans le ldap pour recuperer toutes les informations # search the user in ldap, and get infos
$sr=ldap_search($ds,$racine,"uid=$user_id",array( "dn", "cn", "sn", "mail", "givenName")); $sr=ldap_search($ds,$racine,"uid=$user_id",array( "dn", "cn", "sn", "mail", "givenname")); # /!\ fields have to be in lowercase
$info = ldap_get_entries($ds, $sr); $info = ldap_get_entries($ds, $sr);
#si le ldap ne ramene qu'un seul utilisateur
if ($info["count"] ==1) if ($info["count"] ==1)
{ {
$cur->user_id = $user_id; $cur->user_id = $user_id;
$cur->user_email = $info[0]['mail'][0]; $cur->user_email = $info[0]['mail'][0];
$cur->user_name = $info[0]['givenName'][0]; $cur->user_name = $info[0]['givenname'][0];
$cur->user_firstname = $info[0]['sn'][0]; $cur->user_firstname = $info[0]['sn'][0];
$cur->user_lang = 'fr'; $cur->user_lang = 'fr'; # Can change this, PR are welcome
$cur->user_tz = 'Europe/Paris'; $cur->user_tz = 'Europe/Paris'; # Can change this, PR are welcome
$cur->user_default_blog = 'default'; $cur->user_default_blog = 'default'; # Can change this, PR are welcome
$this->sudo(array($this->core,'addUser'),$cur); $this->sudo(array($this->core,'addUser'),$cur);
# Possible roles:
#admin "administrator" #admin "administrator"
#usage "manage their own entries and comments" #usage "manage their own entries and comments"
#publish "publish entries and comments" #publish "publish entries and comments"
@ -70,17 +64,16 @@ class myDcAuth extends dcAuth
#media_admin "manage all media items" #media_admin "manage all media items"
#pages "manage pages" #pages "manage pages"
#blogroll "manage blogroll" #blogroll "manage blogroll"
$this->sudo(array($this->core,'setUserBlogPermissions'),$user_id,'default',array('admin'=>true)); $this->sudo(array($this->core,'setUserBlogPermissions'),$user_id,'default',array('usage'=>true)); # Can change this, PR are welcome
$this->con->commit(); $this->con->commit();
} }
} }
# Les opérations précédentes se sont déroulées sans erreur, nous # The previous operations proceeded without error,
# pouvons maintenant appeler la méthode parente afin d'initialiser # we can now call the parent method
# l'utilisateur dans l'object $core->auth
return parent::checkUser($user_id, $pwd, $user_key, $check_blog); return parent::checkUser($user_id, $pwd, $user_key, $check_blog);
} }
# En cas d'erreur on annule la transaction et on renvoie "false" # In case of error we cancel and return "false"
$this->con->rollback(); $this->con->rollback();
return false; return false;
} }