YunoHost-Apps/wordpress_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/wordpress_ynh.git synced 2024-09-03 20:36:10 +02:00
Code Issues Activity Actions

Remove plugins

Browse source
This commit is contained in:
Maniack Crudelis 2017-07-21 22:55:15 +02:00
parent cbb74263e3
commit 0ca67b17eb
9 changed files with 0 additions and 4107 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

278
sources/extra_files/wp-content/plugins/http-authentication/http-authentication.php
View file

@ -1,278 +0,0 @@
<?php
/*
Plugin Name: HTTP Authentication
Version: 4.5
Plugin URI: http://danieltwc.com/2011/http-authentication-4-0/
Description: Authenticate users using basic HTTP authentication (<code>REMOTE_USER</code>). This plugin assumes users are externally authenticated, as with <a href="http://www.gatorlink.ufl.edu/">GatorLink</a>.
Author: Daniel Westermann-Clark
Author URI: http://danieltwc.com/
*/
require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'options-page.php');
class HTTPAuthenticationPlugin {
var $db_version = 2;
var $option_name = 'http_authentication_options';
var $options;
function HTTPAuthenticationPlugin() {
$this->options = get_option($this->option_name);
if (is_admin()) {
$options_page = new HTTPAuthenticationOptionsPage($this, $this->option_name, __FILE__, $this->options);
add_action('admin_init', array($this, 'check_options'));
}
add_action('login_head', array($this, 'add_login_css'));
add_action('login_footer', array($this, 'add_login_link'));
add_action('check_passwords', array($this, 'generate_password'), 10, 3);
add_action('wp_logout', array($this, 'logout'));
add_filter('login_url', array($this, 'bypass_reauth'));
add_filter('show_password_fields', array($this, 'allow_wp_auth'));
add_filter('allow_password_reset', array($this, 'allow_wp_auth'));
add_filter('authenticate', array($this, 'authenticate'), 10, 3);
}
/*
* Check the options currently in the database and upgrade if necessary.
*/
function check_options() {
if ($this->options === false || ! isset($this->options['db_version']) || $this->options['db_version'] < $this->db_version) {
if (! is_array($this->options)) {
$this->options = array();
}
$current_db_version = isset($this->options['db_version']) ? $this->options['db_version'] : 0;
$this->upgrade($current_db_version);
$this->options['db_version'] = $this->db_version;
update_option($this->option_name, $this->options);
}
}
/*
* Upgrade options as needed depending on the current database version.
*/
function upgrade($current_db_version) {
$default_options = array(
'allow_wp_auth' => false,
'auth_label' => 'HTTP authentication',
'login_uri' => htmlspecialchars_decode(wp_login_url()),
'logout_uri' => remove_query_arg('_wpnonce', htmlspecialchars_decode(wp_logout_url())),
'additional_server_keys' => '',
'auto_create_user' => false,
'auto_create_email_domain' => '',
);
if ($current_db_version < 1) {
foreach ($default_options as $key => $value) {
// Handle migrating existing options from before we stored a db_version
if (! isset($this->options[$key])) {
$this->options[$key] = $value;
}
}
}
}
function add_login_css() {
?>
<style type="text/css">
p#http-authentication-link {
width: 100%;
height: 4em;
text-align: center;
margin-top: 2em;
}
p#http-authentication-link a {
margin: 0 auto;
float: none;
}
</style>
<?php
}
/*
* Add a link to the login form to initiate external authentication.
*/
function add_login_link() {
global $redirect_to;
$login_uri = $this->_generate_uri($this->options['login_uri'], wp_login_url($redirect_to));
$auth_label = $this->options['auth_label'];
echo "\t" . '<p id="http-authentication-link"><a class="button-primary" href="' . htmlspecialchars($login_uri) . '">Log In with ' . htmlspecialchars($auth_label) . '</a></p>' . "\n";
}
/*
* Generate a password for the user. This plugin does not require the
* administrator to enter this value, but we need to set it so that user
* creation and editing works.
*/
function generate_password($username, $password1, $password2) {
if (! $this->allow_wp_auth()) {
$password1 = $password2 = wp_generate_password();
}
}
/*
* Logout the user by redirecting them to the logout URI.
*/
function logout() {
$logout_uri = $this->_generate_uri($this->options['logout_uri'], home_url());
wp_redirect($logout_uri);
exit();
}
/*
* Remove the reauth=1 parameter from the login URL, if applicable. This allows
* us to transparently bypass the mucking about with cookies that happens in
* wp-login.php immediately after wp_signon when a user e.g. navigates directly
* to wp-admin.
*/
function bypass_reauth($login_url) {
$login_url = remove_query_arg('reauth', $login_url);
return $login_url;
}
/*
* Can we fallback to built-in WordPress authentication?
*/
function allow_wp_auth() {
return (bool) $this->options['allow_wp_auth'];
}
/*
* Authenticate the user, first using the external authentication source.
* If allowed, fall back to WordPress password authentication.
*/
function authenticate($user, $username, $password) {
$user = $this->check_remote_user();
if (! is_wp_error($user)) {
// User was authenticated via REMOTE_USER
$user = new WP_User($user->ID);
}
else {
// REMOTE_USER is invalid; now what?
if (! $this->allow_wp_auth()) {
// Bail with the WP_Error when not falling back to WordPress authentication
wp_die($user);
}
// Fallback to built-in hooks (see wp-includes/user.php)
}
return $user;
}
/*
* If the REMOTE_USER or REDIRECT_REMOTE_USER evironment variable is set, use it
* as the username. This assumes that you have externally authenticated the user.
*/
function check_remote_user() {
$username = '';
$server_keys = $this->_get_server_keys();
foreach ($server_keys as $server_key) {
if (! empty($_SERVER[$server_key])) {
$username = $_SERVER[$server_key];
}
}
if (! $username) {
return new WP_Error('empty_username', '<strong>ERROR</strong>: No user found in server variables.');
}
// Create new users automatically, if configured
$user = get_user_by('login', $username);
if (! $user) {
if ((bool) $this->options['auto_create_user']) {
$user = $this->_create_user($username);
}
else {
// Bail out to avoid showing the login form
$user = new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Invalid username or incorrect password.'));
}
}
return $user;
}
/*
* Return the list of $_SERVER keys that we will check for a username. By
* default, these are REMOTE_USER and REDIRECT_REMOTE_USER. Additional keys
* can be configured from the options page.
*/
function _get_server_keys() {
$server_keys = array('REMOTE_USER', 'REDIRECT_REMOTE_USER');
$additional_server_keys = $this->options['additional_server_keys'];
if (! empty($additional_server_keys)) {
$keys = preg_split('/,\s*/', $additional_server_keys);
$server_keys = array_merge($server_keys, $keys);
}
return $server_keys;
}
/*
* Create a new WordPress account for the specified username.
*/
function _create_user($username) {
$password = wp_generate_password();
$email_domain = $this->options['auto_create_email_domain'];
$user_id = wp_create_user($username, $password, $username . ($email_domain ? '@' . $email_domain : ''));
$user = get_user_by('id', $user_id);
return $user;
}
/*
* Fill the specified URI with the site URI and the specified return location.
*/
function _generate_uri($uri, $redirect_to) {
// Support tags for staged deployments
$base = $this->_get_base_url();
$tags = array(
'host' => $_SERVER['HTTP_HOST'],
'base' => $base,
'site' => home_url(),
'redirect' => $redirect_to,
);
foreach ($tags as $tag => $value) {
$uri = str_replace('%' . $tag . '%', $value, $uri);
$uri = str_replace('%' . $tag . '_encoded%', urlencode($value), $uri);
}
// Support previous versions with only the %s tag
if (strstr($uri, '%s') !== false) {
$uri = sprintf($uri, urlencode($redirect_to));
}
return $uri;
}
/*
* Return the base domain URL based on the WordPress home URL.
*/
function _get_base_url() {
$home = parse_url(home_url());
$base = home_url();
foreach (array('path', 'query', 'fragment') as $key) {
if (! isset($home[$key])) continue;
$base = str_replace($home[$key], '', $base);
}
return $base;
}
}
// Load the plugin hooks, etc.
$http_authentication_plugin = new HTTPAuthenticationPlugin();
?>

195
sources/extra_files/wp-content/plugins/http-authentication/options-page.php
View file

@ -1,195 +0,0 @@
<?php
class HTTPAuthenticationOptionsPage {
var $plugin;
var $group;
var $page;
var $options;
var $title;
function HTTPAuthenticationOptionsPage($plugin, $group, $page, $options, $title = 'HTTP Authentication') {
$this->plugin = $plugin;
$this->group = $group;
$this->page = $page;
$this->options = $options;
$this->title = $title;
add_action('admin_init', array($this, 'register_options'));
add_action('admin_menu', array($this, 'add_options_page'));
}
/*
* Register the options for this plugin so they can be displayed and updated below.
*/
function register_options() {
register_setting($this->group, $this->group, array($this, 'sanitize_settings'));
$section = 'http_authentication_main';
add_settings_section($section, 'Main Options', array($this, '_display_options_section'), $this->page);
add_settings_field('http_authentication_allow_wp_auth', 'Allow WordPress authentication?', array($this, '_display_option_allow_wp_auth'), $this->page, $section, array('label_for' => 'http_authentication_allow_wp_auth'));
add_settings_field('http_authentication_auth_label', 'Authentication label', array($this, '_display_option_auth_label'), $this->page, $section, array('label_for' => 'http_authentication_auth_label'));
add_settings_field('http_authentication_login_uri', 'Login URI', array($this, '_display_option_login_uri'), $this->page, $section, array('label_for' => 'http_authentication_login_uri'));
add_settings_field('http_authentication_logout_uri', 'Logout URI', array($this, '_display_option_logout_uri'), $this->page, $section, array('label_for' => 'http_authentication_logout_uri'));
add_settings_field('http_authentication_additional_server_keys', '$_SERVER variables', array($this, '_display_option_additional_server_keys'), $this->page, $section, array('label_for' => 'http_authentication_additional_server_keys'));
add_settings_field('http_authentication_auto_create_user', 'Automatically create accounts?', array($this, '_display_option_auto_create_user'), $this->page, $section, array('label_for' => 'http_authentication_auto_create_user'));
add_settings_field('http_authentication_auto_create_email_domain', 'Email address domain', array($this, '_display_option_auto_create_email_domain'), $this->page, $section, array('label_for' => 'http_authentication_auto_create_email_domain'));
}
/*
* Set the database version on saving the options.
*/
function sanitize_settings($input) {
$output = $input;
$output['db_version'] = $this->plugin->db_version;
$output['allow_wp_auth'] = isset($input['allow_wp_auth']) ? (bool) $input['allow_wp_auth'] : false;
$output['auto_create_user'] = isset($input['auto_create_user']) ? (bool) $input['auto_create_user'] : false;
return $output;
}
/*
* Add an options page for this plugin.
*/
function add_options_page() {
add_options_page($this->title, $this->title, 'manage_options', $this->page, array($this, '_display_options_page'));
}
/*
* Display the options for this plugin.
*/
function _display_options_page() {
if (! current_user_can('manage_options')) {
wp_die(__('You do not have sufficient permissions to access this page.'));
}
?>
<div class="wrap">
<h2>HTTP Authentication Options</h2>
<p>For the Login URI and Logout URI options, you can use the following variables to support your installation:</p>
<ul>
<li><code>%host%</code> - The current value of <code>$_SERVER['HTTP_HOST']</code></li>
<li><code>%base%</code> - The base domain URL (everything before the path)</li>
<li><code>%site%</code> - The WordPress home URI</li>
<li><code>%redirect%</code> - The return URI provided by WordPress</li>
</ul>
<p>You can also use <code>%host_encoded%</code>, <code>%site_encoded%</code>, and <code>%redirect_encoded%</code> for URL-encoded values.</p>
<form action="options.php" method="post">
<?php settings_errors(); ?>
<?php settings_fields($this->group); ?>
<?php do_settings_sections($this->page); ?>
<p class="submit">
<input type="submit" name="Submit" value="<?php esc_attr_e('Save Changes'); ?>" class="button-primary" />
</p>
</form>
</div>
<?php
}
/*
* Display explanatory text for the main options section.
*/
function _display_options_section() {
}
/*
* Display the WordPress authentication checkbox.
*/
function _display_option_allow_wp_auth() {
$allow_wp_auth = $this->options['allow_wp_auth'];
$this->_display_checkbox_field('allow_wp_auth', $allow_wp_auth);
?>
Should the plugin fallback to WordPress authentication if none is found from the server?
<?php
if ($allow_wp_auth && $this->options['login_uri'] == htmlspecialchars_decode(wp_login_url())) {
echo '<br /><strong>WARNING</strong>: You must set the login URI below to your external authentication system. Otherwise you will not be able to login!';
}
}
/*
* Display the authentication label field, describing the authentication system
* in use.
*/
function _display_option_auth_label() {
$auth_label = $this->options['auth_label'];
$this->_display_input_text_field('auth_label', $auth_label);
?>
Default is <code>HTTP authentication</code>; override to use the name of your single sign-on system.
<?php
}
/*
* Display the login URI field.
*/
function _display_option_login_uri() {
$login_uri = $this->options['login_uri'];
$this->_display_input_text_field('login_uri', $login_uri);
?>
Default is <code><?php echo wp_login_url(); ?></code>; override to direct users to a single sign-on system. See above for available variables.<br />
Example: <code>%base%/Shibboleth.sso/Login?target=%redirect_encoded%</code>
<?php
}
/*
* Display the logout URI field.
*/
function _display_option_logout_uri() {
$logout_uri = $this->options['logout_uri'];
$this->_display_input_text_field('logout_uri', $logout_uri);
?>
Default is <code><?php echo htmlspecialchars(remove_query_arg('_wpnonce', htmlspecialchars_decode(wp_logout_url()))); ?></code>; override to e.g. remove a cookie. See above for available variables.<br />
Example: <code>%base%/Shibboleth.sso/Logout?return=%redirect_encoded%</code>
<?php
}
/*
* Display the additional $_SERVER keys field.
*/
function _display_option_additional_server_keys() {
$additional_server_keys = $this->options['additional_server_keys'];
$this->_display_input_text_field('additional_server_keys', $additional_server_keys);
?>
<code>$_SERVER</code> variables in addition to <code>REMOTE_USER</code> and <code>REDIRECT_REMOTE_USER</code> to check for the username value, separated by a comma. Use this to e.g. support personal X.509 certificates for authentication.<br />
Example: <code>SSL_CLIENT_S_DN_CN</code>
<?php
}
/*
* Display the automatically create accounts checkbox.
*/
function _display_option_auto_create_user() {
$auto_create_user = $this->options['auto_create_user'];
$this->_display_checkbox_field('auto_create_user', $auto_create_user);
?>
Should a new user be created automatically if not already in the WordPress database?<br />
Created users will obtain the role defined under &quot;New User Default Role&quot; on the <a href="options-general.php">General Options</a> page.
<?php
}
/*
* Display the email domain field.
*/
function _display_option_auto_create_email_domain() {
$auto_create_email_domain = $this->options['auto_create_email_domain'];
$this->_display_input_text_field('auto_create_email_domain', $auto_create_email_domain);
?>
When a new user logs in, this domain is used for the initial email address on their account. The user can change his or her email address by editing their profile.
<?php
}
/*
* Display a text input field.
*/
function _display_input_text_field($name, $value, $size = 75) {
?>
<input type="text" name="<?php echo htmlspecialchars($this->group); ?>[<?php echo htmlspecialchars($name); ?>]" id="http_authentication_<?php echo htmlspecialchars($name); ?>" value="<?php echo htmlspecialchars($value) ?>" size="<?php echo htmlspecialchars($size); ?>" /><br />
<?php
}
/*
* Display a checkbox field.
*/
function _display_checkbox_field($name, $value) {
?>
<input type="checkbox" name="<?php echo htmlspecialchars($this->group); ?>[<?php echo htmlspecialchars($name); ?>]" id="http_authentication_<?php echo htmlspecialchars($name); ?>"<?php if ($value) echo ' checked="checked"' ?> value="1" /><br />
<?php
}
}
?>

202
sources/extra_files/wp-content/plugins/http-authentication/readme.txt
View file

@ -1,202 +0,0 @@
=== HTTP Authentication ===
Contributors: dwc
Tags: authentication
Requires at least: 3.1
Tested up to: 3.4
Stable tag: 4.5
Use an external authentication source in WordPress.
== Description ==
The HTTP Authentication plugin allows you to use existing means of authenticating people to WordPress. This includes Apache's basic HTTP authentication module, [Shibboleth](http://shibboleth.internet2.edu/), and many others.
To follow updates to this plugin, visit:
http://danieltwc.com/
For help with this version, visit:
http://danieltwc.com/2011/http-authentication-4-0/
== Installation ==
1. Login as an existing user, such as admin.
2. Upload the `http-authentication` folder to your plugins folder, usually `wp-content/plugins`. (Or simply via the built-in installer.)
3. Activate the plugin on the Plugins screen.
4. Add one or more users to WordPress, specifying the external username for the "Username" field. Also be sure to set the role for each user.
5. Logout.
6. Protect `wp-login.php` and `wp-admin` using your external authentication (using, for example, `.htaccess` files).
7. Try logging in as one of the users added in step 4.
Note: This version works with WordPress 3.0 and above. Use the following for older versions of WordPress:
* Wordpress 2.0: [Version 1.8](http://downloads.wordpress.org/plugin/http-authentication.1.8.zip)
* Wordpress 2.5 through 2.9.x: [Version 2.4](http://downloads.wordpress.org/plugin/http-authentication.2.4.zip)
== Frequently Asked Questions ==
= What authentication mechanisms can I use? =
Any authentication mechanism which sets the `REMOTE_USER` (or `REDIRECT_REMOTE_USER`, in the case of ScriptAlias'd PHP-as-CGI) environment variable can be used in conjunction with this plugin. Examples include Apache's `mod_auth` and `mod_auth_ldap`.
= How should I set up external authentication? =
This depends on your hosting environment and your means of authentication.
Many Apache installations allow configuration of authentication via `.htaccess` files, while some do not. Try adding the following to your blog's top-level `.htaccess` file:
`<Files wp-login.php>
AuthName "WordPress"
AuthType Basic
AuthUserFile /path/to/passwords
Require user dwc
</Files>`
(You may also want to protect your `xmlrpc.php` file, which uses separate authentication code.)
Then, create another `.htaccess` file in your `wp-admin` directory with the following contents:
`AuthName "WordPress"
AuthType Basic
AuthUserFile /path/to/passwords
Require user dwc`
In both files, be sure to set `/path/to/passwords` to the location of your password file. For more information on creating this file, see below.
= Where can I find more information on configuring Apache authentication? =
See Apache's HOWTO: [Authentication, Authorization, and Access Control](http://httpd.apache.org/docs/howto/auth.html).
= How does this plugin authenticate users? =
This plugin doesn't actually authenticate users. It simply feeds WordPress the name of a user who has successfully authenticated through Apache.
To determine the username, this plugin uses the `REMOTE_USER` or the `REDIRECT_REMOTE_USER` environment variable, which is set by many Apache authentication modules. If someone can find a way to spoof this value, this plugin is not guaranteed to be secure.
By default, this plugin generates a random password each time you create a user or edit an existing user's profile. However, since this plugin requires an external authentication mechanism, this password is not requested by WordPress. Generating a random password helps protect accounts, preventing one authorized user from pretending to be another.
= If I disable this plugin, how will I login? =
Because this plugin generates a random password when you create a new user or edit an existing user's profile, you will most likely have to reset each user's password if you disable this plugin. WordPress provides a link for requesting a new password on the login screen.
Also, you should leave the `admin` user as a fallback, i.e. create a new account to use with this plugin. As long as you don't edit the `admin` profile, WordPress will store the password set when you installed WordPress.
In the worst case scenario, you may have to use phpMyAdmin or the MySQL command line to [reset a user's password](http://codex.wordpress.org/Resetting_Your_Password).
= Can I configure the plugin to support standard WordPress logins? =
Yes. You can authenticate some users via an external, single sign-on system and other users via the built-in username and password combination. (Note: When mixed authentication is in use, this plugin does not scramble passwords as described above.)
When you configure your external authentication system, make sure that you allow users in even if they have not authenticated externally. Using [Shibboleth](http://shibboleth.internet2.edu/) as an example:
`AuthName "Shibboleth"
AuthType Shibboleth
Require Shibboleth`
This enables Shibboleth authentication in ["passive" mode](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPProtectContent).
Then, in WordPress:
1. Set the plugin to allow WordPress authentication.
2. Configure the login URI to match your Shibboleth system. For example, if your blog is hosted at `http://example.com/`, then your login URI should be `http://example.com/Shibboleth.sso/Login?target=%redirect_encoded%`.
3. Configure the logout URI to match your Shibboleth system. Following the above example, your logout URI would be `http://example.com/Shibboleth.sso/Logout?return=%redirect_encoded%`.
After saving the options, authentication will work as follows:
* If a user is already authenticated via Shibboleth, and he or she exists in the WordPress database, this plugin will log them in automatically.
* If a user is not authenticated via Shibboleth, the plugin will present the standard WordPress login form with an additional link to login via Shibboleth.
Other authentication systems (particularly those without a login or logout URI) will need to be configured differently.
= Does this plugin support multisite (WordPress MU) setups? =
Yes, you can enable this plugin across a network or on individual sites. However, options will need to be set on individual sites.
If you have suggestions on how to improve network support, please submit a comment.
= How do you handle staged deployments (dev, test, prod) with the plugin? =
If you have a WordPress site with multiple environments (e.g. `dev.example.com`, `test.example.com`, and `example.com`) you can use additional variables in the login and logout URIs:
* `%host%` - The current value of `$_SERVER['HTTP_HOST']`
* `%base%` - The base domain URL (everything before the path)
* `%site%` - The WordPress home URI
* `%redirect%` - The return URI provided by WordPress
You can also use `%host_encoded%`, `%site_encoded%`, and `%redirect_encoded%` for URL-encoded values.
For example, your login URI could be:
`https://%host%/Shibboleth.sso/Login?target=%redirect_encoded%`
This would be modified for each environment as appropriate.
== Screenshots ==
1. Plugin options, allowing WordPress authentication
2. WordPress login form with external authentication link
== Changelog ==
= 4.5 =
* Avoid some PHP notices due to saving options (William Schneider)
* Fix for redirect loop on some multisite setups (#1497)
* Add option to support additional $_SERVER variables in authentication (#1477)
* Remove use of call-time pass by reference to avoid warnings on PHP 5.3 and newer
* Fix deprecation notice in WordPress 3.3 on `get_userdatabylogin` (#1513)
* Fix deprecation notice in WordPress 3.1 and later for including wp-includes/registration.php
* Associate options page label tags with their input fields (#1514)
= 4.4 =
* Update CSS to correctly center login button on WordPress 3.3
= 4.3 =
* Update plugin URIs
= 4.2 =
* Declare support for WordPress 3.2.1
* Extend variable replacement for staged deployments
* Wrap redirect parameter on login to force us through `wp-login.php` so we can check the external authentication (thanks to Josh Larios)
= 4.1 =
* Declare support for WordPress 3.2
* Update screenshots for WordPress 3.2
= 4.0 =
* Restore (and improve) support for falling back to WordPress password authentication
* Remove migration of old options format (we'll assume enough people have upgraded)
= 3.3 =
* Update options handling to better support WordPress MU
= 3.2 =
* Restore password generation for adding and editing users
= 3.1 =
* Bump version number to make 3.0.1 the latest version on wordpress.org
= 3.0.1 =
* Handle authentication cookies more gracefully
= 3.0 =
* Add support for WordPress 3.0
* Update WordPress MU support for WordPress 3.0
= 2.4 =
* Add support for WordPress MU (Elliot Kendall)
* Allow for mixed HTTP and built-in authentication by falling back to wp-login.php (Elliot Kendall)
== Upgrade Notice ==
= 4.5 =
Avoid some PHP errors and warnings; add support for choosing $_SERVER variables
= 4.4 =
Minor CSS fix for WordPress 3.3
= 4.3 =
No code changes; updating plugin URIs
= 4.2 =
Extends support for variable replacement
= 4.1 =
Minor update for WordPress 3.2

BIN
sources/extra_files/wp-content/plugins/http-authentication/screenshot-1.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 196 KiB

BIN
sources/extra_files/wp-content/plugins/http-authentication/screenshot-2.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 70 KiB

238
sources/extra_files/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login-Admin.php
View file

@ -1,238 +0,0 @@
<?php
global $SimpleLDAPLogin;
if( isset( $_GET[ 'tab' ] ) ) {
$active_tab = $_GET[ 'tab' ];
} else {
$active_tab = 'simple';
}
?>
<div class="wrap">
<div id="icon-themes" class="icon32"></div>
<h2>Simple LDAP Login Settings</h2>
<h2 class="nav-tab-wrapper">
<a href="<?php echo add_query_arg( array('tab' => 'simple'), $_SERVER['REQUEST_URI'] ); ?>" class="nav-tab <?php echo $active_tab == 'simple' ? 'nav-tab-active' : ''; ?>">Simple</a>
<a href="<?php echo add_query_arg( array('tab' => 'advanced'), $_SERVER['REQUEST_URI'] ); ?>" class="nav-tab <?php echo $active_tab == 'advanced' ? 'nav-tab-active' : ''; ?>">Advanced</a>
<a href="<?php echo add_query_arg( array('tab' => 'user'), $_SERVER['REQUEST_URI'] ); ?>" class="nav-tab <?php echo $active_tab == 'user' ? 'nav-tab-active' : ''; ?>">User</a>
<a href="<?php echo add_query_arg( array('tab' => 'help'), $_SERVER['REQUEST_URI'] ); ?>" class="nav-tab <?php echo $active_tab == 'help' ? 'nav-tab-active' : ''; ?>">Help</a>
</h2>
<form method="post" action="<?php echo str_replace( '%7E', '~', $_SERVER['REQUEST_URI']); ?>">
<?php wp_nonce_field( 'save_sll_settings','save_the_sll' ); ?>
<?php if( $active_tab == "simple" ): ?>
<h3>Required</h3>
<p>These are the most basic settings you must configure. Without these, you won't be able to use Simple LDAP Login.</p>
<table class="form-table">
<tbody>
<tr>
<th scope="row" valign="top">Enable LDAP Authentication</th>
<td>
<input type="hidden" name="<?php echo $this->get_field_name('enabled'); ?>" value="false" />
<label><input type="checkbox" name="<?php echo $this->get_field_name('enabled'); ?>" value="true" <?php if( str_true($this->get_setting('enabled')) ) echo "checked"; ?> /> Enable LDAP login authentication for WordPress. (this one is kind of important)</label><br/>
</td>
<tr>
<tr>
<th scope="row" valign="top">Account Suffix</th>
<td>
<input type="text" name="<?php echo $this->get_field_name('account_suffix'); ?>" value="<?php echo $SimpleLDAPLogin->get_setting('account_suffix'); ?>" /><br/>
Often the suffix of your e-mail address. Example: @gmail.com
</td>
</tr>
<tr>
<th scope="row" valign="top">Base DN</th>
<td>
<input type="text" name="<?php echo $this->get_field_name('base_dn'); ?>" value="<?php echo $SimpleLDAPLogin->get_setting('base_dn'); ?>" />
<br/>
Example: For subdomain.domain.suffix, use DC=subdomain,DC=domain,DC=suffix. In most cases you should not specify an ou here.
</td>
</tr>
<tr>
<th scope="row" valign="top">Domain Controller(s)</th>
<td>
<input type="text" name="<?php echo $this->get_field_name('domain_controllers', 'array'); ?>" value="<?php echo join(';', (array)$SimpleLDAPLogin->get_setting('domain_controllers')); ?>" />
<br/>Separate with semi-colons.
</td>
</tr>
<tr>
<th scope="row" valign="top">LDAP Directory</th>
<td>
<label><input type="radio" name="<?php echo $this->get_field_name('directory'); ?>" value="ad" <?php if( $this->get_setting('directory') == "ad" ) echo "checked"; ?> /> Active Directory</label><br/>
<label><input type="radio" name="<?php echo $this->get_field_name('directory'); ?>" value="ol" <?php if( $this->get_setting('directory') == "ol" ) echo "checked"; ?> /> Open LDAP (and etc)</label>
</td>
</tr>
</tbody>
</table>
<p><input class="button-primary" type="submit" value="Save Settings" /></p>
<?php elseif ( $active_tab == "advanced" ): ?>
<h3>Typical</h3>
<p>These settings give you finer control over how logins work.</p>
<table class="form-table" style="margin-bottom: 20px;">
<tbody>
<tr>
<th scope="row" valign="top">Required Groups</th>
<td>
<input type="text" name="<?php echo $this->get_field_name('groups', 'array'); ?>" value="<?php echo join(';', (array)$SimpleLDAPLogin->get_setting('groups')); ?>" /><br/>
The groups, if any, that authenticating LDAP users must belong to. <br/>
Empty means no group required. Separate with semi-colons.
</td>
</tr>
<tr>
<th scope="row" valign="top">LDAP Exclusive</th>
<td>
<input type="hidden" name="<?php echo $this->get_field_name('high_security'); ?>" value="false" />
<label><input type="checkbox" name="<?php echo $this->get_field_name('high_security'); ?>" value="true" <?php if( str_true($this->get_setting('high_security')) ) echo "checked"; ?> /> Force all logins to authenticate against LDAP. Do NOT fallback to default authentication for existing users.<br/>Formerly known as high security mode.</label><br/>
</td>
</tr>
<tr>
<th scope="row" valign="top">User Creations</th>
<td>
<input type="hidden" name="<?php echo $this->get_field_name('create_users'); ?>" value="false" />
<label><input type="checkbox" name="<?php echo $this->get_field_name('create_users'); ?>" value="true" <?php if( str_true($this->get_setting('create_users')) ) echo "checked"; ?> /> Create WordPress user for authenticated LDAP login with appropriate roles.</label><br/>
</td>
<tr>
<th scope="row" valign="top">New User Role</th>
<td>
<select name="<?php echo $this->get_field_name('role'); ?>">
<?php wp_dropdown_roles( strtolower($this->get_setting('role')) ); ?>
</select>
</td>
</tr>
</tbody>
</table>
<hr />
<h3>Extraordinary</h3>
<p>Most users should leave these alone.</p>
<table class="form-table">
<tbody>
<tr>
<th scope="row" valign="top">Group Base DN (optional)</th>
<td>
<input type="text" name="<?php echo $this->get_field_name('group_base_dn'); ?>" value="<?php echo $SimpleLDAPLogin->get_setting('group_base_dn'); ?>" />
<br/>
If you need to specify a different Base DN for group searches. Example: For subdomain.domain.suffix, use ou=groups,DC=subdomain,DC=domain,DC=suffix.
</td>
</tr>
<tr>
<th scope="row" valign="top">LDAP Login Attribute</th>
<td>
<input type="text" name="<?php echo $this->get_field_name('ol_login'); ?>" value="<?php echo $SimpleLDAPLogin->get_setting('ol_login'); ?>" />
<br />
Default: <b>uid</b>;
</td>
</tr>
<tr>
<th scope="row" valign="top">LDAP Group Attribute</th>
<td>
<input type="text" name="<?php echo $this->get_field_name('ol_group'); ?>" value="<?php echo $SimpleLDAPLogin->get_setting('ol_group'); ?>" />
<br />
In case your installation uses something other than <b>cn</b>;
</td>
</tr>
<tr>
<th scope="row" valign="top">Use TLS</th>
<td>
<input type="hidden" name="<?php echo $this->get_field_name('use_tls'); ?>" value="false" />
<label><input type="checkbox" name="<?php echo $this->get_field_name('use_tls'); ?>" value="true" <?php if( str_true($this->get_setting('use_tls')) ) echo "checked"; ?> /> Transport Layer Security. This feature is beta, very beta.</label><br/>
</td>
</tr>
<tr>
<th scope="row" valign="top">LDAP Port</th>
<td>
<input type="text" name="<?php echo $this->get_field_name('ldap_port'); ?>" value="<?php echo $SimpleLDAPLogin->get_setting('ldap_port'); ?>" /><br/>
This is usually 389.
</td>
</tr>
<tr>
<th scope="row" valign="top">LDAP Version</th>
<td>
<input type="text" name="<?php echo $this->get_field_name('ldap_version'); ?>" value="<?php echo $SimpleLDAPLogin->get_setting('ldap_version'); ?>" /><br/>
Only applies to Open LDAP. Typically 3.
</td>
</tr>
<tr>
<th scope="row" valign="top">Search Sub OUs</th>
<td>
<input type="hidden" name="<?php echo $this->get_field_name('search_sub_ous'); ?>" value="false" />
<label><input type="checkbox" name="<?php echo $this->get_field_name('search_sub_ous'); ?>" value="true" <?php if( str_true($this->get_setting('search_sub_ous')) ) echo "checked"; ?> /> Also search sub-OUs of Base DN. For example, if the base DN is "ou=People,dc=example,dc=com", also search "ou=Staff,ou=People,dc=example,dc=com for uid=<i>username</i></label><br/>
</td>
</tr>
<tr>
<th scope="row" valign="top">Login Domain</th>
<td>
<input type="text" name="<?php echo $this->get_field_name('login_domain'); ?>" value="<?php echo $SimpleLDAPLogin->get_setting('login_domain'); ?>" /><br/>
prefixes login names with this domain, f.i. mydomain\username
</td>
</tr>
</tbody>
</table>
<p><input class="button-primary" type="submit" value="Save Settings" /></p>
<?php elseif ( $active_tab == "user" ): ?>
<h3>User Data</h3>
<p>These settings give you control over which LDAP attributes are used for user creation.</p>
<table class="form-table" style="margin-bottom: 20px;">
<tbody>
<tr>
<th scope="row" valign="top">First name</th>
<td>
<input type="text" name="<?php echo $this->get_field_name('user_first_name_attribute'); ?>" value="<?php echo $SimpleLDAPLogin->get_setting('user_first_name_attribute'); ?>" />
<br/>
The LDAP attribute for the first name.
</td>
</tr>
<tr>
<th scope="row" valign="top">Last name</th>
<td>
<input type="text" name="<?php echo $this->get_field_name('user_last_name_attribute'); ?>" value="<?php echo $SimpleLDAPLogin->get_setting('user_last_name_attribute'); ?>" />
<br/>
The LDAP attribute for the last name.
</td>
</tr>
<tr>
<th scope="row" valign="top">Email</th>
<td>
<input type="text" name="<?php echo $this->get_field_name('user_email_attribute'); ?>" value="<?php echo $SimpleLDAPLogin->get_setting('user_email_attribute'); ?>" />
<br/>
The LDAP attribute for the email.
</td>
</tr>
<tr>
<th scope="row" valign="top">Website</th>
<td>
<input type="text" name="<?php echo $this->get_field_name('user_url_attribute'); ?>" value="<?php echo $SimpleLDAPLogin->get_setting('user_url_attribute'); ?>" />
<br/>
The LDAP attribute for the website.
</td>
</tr>
</tbody>
</table>
<hr />
<h3>Additional user data</h3>
<p>Additional user data can be stored as user meta data. You can specify the LDAP
attributes and the associated wordpress meta keys in the format <i>&lt;ldap_attribute_name&gt;:&lt;wordpress_meta_key&gt;</i>. Multiple attributes can be given on separate lines.</p>
<p> Example:<br/><i>phone:user_phone_number</i><br/><i>adress:user_home_address</i></p>
<table class="form-table" style="margin-bottom: 20px;">
<tbody>
<tr>
<th scope="row" valign="top">Meta data</th>
<td>
<textarea name="<?php echo $this->get_field_name('user_meta_data'); ?>">
<?php echo join("\n", array_map(function ($attr) { return join(':', $attr); }, $SimpleLDAPLogin->get_setting('user_meta_data'))); ?>
</textarea>
</td>
</tr>
</tbody>
</table>
<p><input class="button-primary" type="submit" value="Save Settings" /></p>
<?php else: ?>
<h3>Help</h3>
<p>Here's a brief primer on how to effectively use and test Simple LDAP Login.</p>
<h4>Testing</h4>
<p>The most effective way to test logins is to use two browsers. In other words, keep the WordPress Dashboard open in Chrome, and use Firefox to try logging in. This will give you real time feedback on your settings and prevent you from inadvertently locking yourself out.</p>
<h4>Which raises the question, what happens if I get locked out?</h4>
<p>If you accidentally lock yourself out, the easiest way to get back in is to rename <strong><?php echo plugin_dir_path(__FILE__); ?></strong> to something else and then refresh. WordPress will detect the change and disable Simple LDAP Login. You can then rename the folder back to its previous name.</p>
<?php endif; ?>
</form>
</div>

563
sources/extra_files/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
View file

@ -1,563 +0,0 @@
<?php
/*
Plugin Name: Simple LDAP Login
Plugin URI: http://clifgriffin.com/simple-ldap-login/
Description: Authenticate WordPress against LDAP.
Version: 1.6.0
Author: Clif Griffin Development Inc.
Author URI: http://cgd.io
*/
class SimpleLDAPLogin {
static $instance = false;
var $prefix = 'sll_';
var $settings = array();
var $adldap;
var $ldap;
var $network_version = null;
var $version = "160";
public function __construct () {
$this->settings = $this->get_settings_obj( $this->prefix );
if( $this->get_setting('directory') == "ad" ) {
require_once( plugin_dir_path(__FILE__) . "/includes/adLDAP.php" );
$this->adldap = new adLDAP(
array (
"account_suffix" => $this->get_setting('account_suffix'),
"use_tls" => str_true( $this->get_setting('use_tls') ),
"base_dn" => $this->get_setting('base_dn'),
"domain_controllers" => (array)$this->get_setting('domain_controllers'),
"ad_port" => $this->get_setting('ldap_port')
)
);
}
add_action('admin_init', array($this, 'save_settings') );
if ($this->is_network_version()) {
add_action('network_admin_menu', array($this, 'menu') );
}
else {
add_action('admin_menu', array($this, 'menu') );
}
if ( str_true($this->get_setting('enabled')) ) {
add_filter('authenticate', array($this, 'authenticate'), 1, 3);
}
register_activation_hook( __FILE__, array($this, 'activate') );
// If version is false, and old version detected, run activation
if( $this->get_setting('version') === false || $this->get_setting('version') != $version ) {
$this->upgrade_settings();
}
}
public static function getInstance () {
if ( !self::$instance ) {
self::$instance = new self;
}
return self::$instance;
}
function activate () {
// Default settings
$this->add_setting('account_suffix', "@mydomain.org");
$this->add_setting('base_dn', "DC=mydomain,DC=org");
$this->add_setting('domain_controllers', array("dc01.mydomain.local") );
$this->add_setting('directory', "ad");
$this->add_setting('role', "contributor");
$this->add_setting('high_security', "true");
$this->add_setting('ol_login', "uid");
$this->add_setting('ol_group', "cn");
$this->add_setting('use_tls', "false");
$this->add_setting('ldap_port', 389);
$this->add_setting('ldap_version', 3);
$this->add_setting('create_users', "false");
$this->add_setting('enabled', "false");
$this->add_setting('search_sub_ous', "false");
$this->add_setting('group_dn', "");
$this->add_setting('group_uid', "memberUid");
// User attribute settings
$this->add_setting('user_first_name_attribute', "givenname");
$this->add_setting('user_last_name_attribute', "sn");
$this->add_setting('user_email_attribute', "mail");
$this->add_setting('user_url_attribute', "wwwhomepage");
$this->add_setting('user_meta_data', array() );
}
function upgrade_settings() {
if( $this->get_setting('version') === false ) {
$this->set_setting('enabled', 'true');
if ($this->is_network_version()) {
$account_suffix = get_site_option('simpleldap_account_suffix');
$simpleldap_base_dn = get_site_option('simpleldap_base_dn');
$simpleldap_domain_controllers = get_site_option('simpleldap_domain_controllers');
$simpleldap_directory_type = get_site_option('simpleldap_directory_type');
$simpleldap_group = get_site_option('simpleldap_group');
$simpleldap_account_type = get_site_option('simpleldap_account_type');
$simpleldap_ol_login = get_site_option('simpleldap_ol_login');
$simpleldap_use_tls = get_site_option('simpleldap_use_tls');
$simpleldap_login_mode = get_site_option('simpleldap_login_mode');
$simpleldap_security_mode = get_site_option('simpleldap_security_mode');
}
else {
$account_suffix = get_option('simpleldap_account_suffix');
$simpleldap_base_dn = get_option('simpleldap_base_dn');
$simpleldap_domain_controllers = get_option('simpleldap_domain_controllers');
$simpleldap_directory_type = get_option('simpleldap_directory_type');
$simpleldap_group = get_option('simpleldap_group');
$simpleldap_account_type = get_option('simpleldap_account_type');
$simpleldap_ol_login = get_option('simpleldap_ol_login');
$simpleldap_use_tls = get_option('simpleldap_use_tls');
$simpleldap_login_mode = get_option('simpleldap_login_mode');
$simpleldap_security_mode = get_option('simpleldap_security_mode');
}
$this->set_setting('account_suffix', $account_suffix );
$this->set_setting('base_dn', $simpleldap_base_dn);
$this->set_setting('domain_controllers', $simpleldap_domain_controllers);
$this->set_setting('groups', (array)$simpleldap_group );
$this->set_setting('role', $simpleldap_account_type);
$this->set_setting('ol_login', $simpleldap_ol_login);
$this->set_setting('use_tls', str_true( $simpleldap_use_tls ) );
// Directory Type
if ( $simpleldap_directory_type == "directory_ad" ) {
$this->set_setting('directory', 'ad');
} else {
$this->set_setting('directory', 'ol');
}
// Create User Setting
$create_users = false;
if ( $simpleldap_login_mode == "mode_create_all" || $simpleldap_login_mode == "mode_create_group" ) {
$this->set_setting('create_users', true);
}
// High Security Setting
$high_security = false;
if ( $simpleldap_security_mode == "security_high" ) {
$this->set_setting('high_security', true);
}
}
if ( $this->get_setting('version') < $this->version || $this->get_setting('version') === false ) {
$this->add_setting('search_sub_ous', "false");
$this->add_setting('group_base_dn', "");
$this->add_setting('group_uid', "memberUid");
// User attribute settings
$this->add_setting('user_first_name_attribute', "givenname");
$this->add_setting('user_last_name_attribute', "sn");
$this->add_setting('user_email_attribute', "mail");
$this->add_setting('user_url_attribute', "wwwhomepage");
$this->add_setting('user_meta_data', array() );
}
// Update version
$this->set_setting( 'version', $this->version );
}
function menu () {
if ($this->is_network_version()) {
add_submenu_page(
"settings.php",
"Simple LDAP Login",
"Simple LDAP Login",
'manage_network_plugins',
"simple-ldap-login",
array($this, 'admin_page')
);
}
else {
add_options_page("Simple LDAP Login", "Simple LDAP Login", 'manage_options', "simple-ldap-login", array($this, 'admin_page') );
}
}
function admin_page () {
include 'Simple-LDAP-Login-Admin.php';
}
function get_settings_obj () {
if ( $this->is_network_version() ) {
return get_site_option("{$this->prefix}settings", false);
}
else {
return get_option("{$this->prefix}settings", false);
}
}
function set_settings_obj ( $newobj ) {
if ( $this->is_network_version() ) {
return update_site_option("{$this->prefix}settings", $newobj);
}
else {
return update_option("{$this->prefix}settings", $newobj);
}
}
function set_setting ( $option = false, $newvalue ) {
if( $option === false ) return false;
$this->settings = $this->get_settings_obj($this->prefix);
$this->settings[$option] = $newvalue;
return $this->set_settings_obj($this->settings);
}
function get_setting ( $option = false ) {
if( $option === false || ! isset($this->settings[$option]) ) return false;
return apply_filters($this->prefix . 'get_setting', $this->settings[$option], $option);
}
function add_setting ( $option = false, $newvalue ) {
if( $option === false ) return false;
if ( ! isset($this->settings[$option]) ) {
return $this->set_setting($option, $newvalue);
} else return false;
}
function get_field_name($setting, $type = 'string') {
return "{$this->prefix}setting[$setting][$type]";
}
function save_settings()
{
if( isset($_REQUEST["{$this->prefix}setting"]) && check_admin_referer('save_sll_settings','save_the_sll') ) {
$new_settings = $_REQUEST["{$this->prefix}setting"];
foreach( $new_settings as $setting_name => $setting_value ) {
foreach( $setting_value as $type => $value ) {
if( $setting_name == 'user_meta_data') {
$this->set_setting($setting_name,
array_map( function ($attr) { return explode(':', $attr); },
array_filter(preg_split('/\r\n|\n|\r|;/', $value))));
}
elseif( $type == "array") {
$this->set_setting($setting_name, explode(";", $value));
} else {
$this->set_setting($setting_name, $value);
}
}
}
add_action('admin_notices', array($this, 'saved_admin_notice') );
}
}
function saved_admin_notice(){
echo '<div class="updated">
<p>Simple LDAP Login settings have been saved.</p>
</div>';
if( ! str_true($this->get_setting('enabled')) ) {
echo '<div class="error">
<p>Simple LDAP Login is disabled.</p>
</div>';
}
}
function authenticate ($user, $username, $password) {
// If previous authentication succeeded, respect that
if ( is_a($user, 'WP_User') ) { return $user; }
// Determine if user a local admin
$local_admin = false;
$user_obj = get_user_by('login', $username);
if( user_can($user_obj, 'update_core') ) $local_admin = true;
$local_admin = apply_filters( 'sll_force_ldap', $local_admin );
$password = stripslashes($password);
// To force LDAP authentication, the filter should return boolean false
if ( empty($username) || empty($password) ) {
$error = new WP_Error();
if ( empty($username) )
$error->add('empty_username', __('<strong>ERROR</strong>: The username field is empty.'));
if ( empty($password) )
$error->add('empty_password', __('<strong>ERROR</strong>: The password field is empty.'));
return $error;
}
// If high security mode is enabled, remove default WP authentication hook
if ( apply_filters('sll_remove_default_authentication_hook', str_true( $this->get_setting('high_security') ) && ! $local_admin ) ) {
remove_filter('authenticate', 'wp_authenticate_username_password', 20, 3);
}
// Sweet, let's try to authenticate our user and pass against LDAP
$auth_result = $this->ldap_auth($username, $password, $this->get_setting('directory') );
if( $auth_result ) {
// Authenticated, does user have required groups, if any?
if( $this->user_has_groups( $username, $this->get_setting('directory') ) ) {
$user = get_user_by('login', $username);
if ( ! $user || ( strtolower($user->user_login) !== strtolower($username) ) ) {
if( ! str_true($this->get_setting('create_users')) ) {
do_action( 'wp_login_failed', $username );
return $this->ldap_auth_error('invalid_username', __('<strong>Simple LDAP Login Error</strong>: LDAP credentials are correct, but there is no matching WordPress user and user creation is not enabled.'));
}
$new_user = wp_insert_user( $this->get_user_data( $username, $this->get_setting('directory') ) );
if( ! is_wp_error($new_user) )
{
// Add user meta data
$user_meta_data = $this->get_user_meta_data( $username, $this->get_setting('directory'));
foreach( $user_meta_data as $meta_key => $meta_value ) {
add_user_meta($new_user, $meta_key, $meta_value);
}
// Successful Login
$new_user = new WP_User($new_user);
do_action_ref_array($this->prefix . 'auth_success', array($new_user) );
return $new_user;
}
else
{
do_action( 'wp_login_failed', $username );
return $this->ldap_auth_error("{$this->prefix}login_error", __('<strong>Simple LDAP Login Error</strong>: LDAP credentials are correct and user creation is allowed but an error occurred creating the user in WordPress. Actual error: '.$new_user->get_error_message() ));
}
} else {
return new WP_User($user->ID);
}
} else {
return $this->ldap_auth_error("{$this->prefix}login_error", __('<strong>Simple LDAP Login Error</strong>: Your LDAP credentials are correct, but you are not in an authorized LDAP group.'));
}
} elseif ( str_true($this->get_setting('high_security')) ) {
return $this->ldap_auth_error('invalid_username', __('<strong>Simple LDAP Login</strong>: Simple LDAP Login could not authenticate your credentials. The security settings do not permit trying the WordPress user database as a fallback.'));
}
do_action($this->prefix . 'auth_failure');
return false;
}
function get_domain_username( $username ) {
// Format username with domain prefix, if login_domain is set
$login_domain = $this->get_setting('login_domain');
if ( ! empty($login_domain) ) {
return $login_domain . '\\' . $username;
}
return $username;
}
function ldap_auth( $username, $password, $directory ) {
$result = false;
if ( $directory == "ad" ) {
$result = $this->adldap->authenticate( $this->get_domain_username($username), $password );
} elseif ( $directory == "ol" ) {
$this->ldap = ldap_connect( join(' ', (array)$this->get_setting('domain_controllers')), (int)$this->get_setting('ldap_port') );
ldap_set_option($this->ldap, LDAP_OPT_PROTOCOL_VERSION, (int)$this->get_setting('ldap_version'));
if ( str_true($this->get_setting('use_tls')) ) {
ldap_start_tls($this->ldap);
}
$dn = $this->get_setting('ol_login') .'=' . $username . ',' . $this->get_setting('base_dn');
if (str_true($this->get_setting('search_sub_ous'))) {
// search for user's DN in the base DN and below
$filter = $this->get_setting('ol_login') .'=' . $username;
$sr = @ldap_search($this->ldap, $this->get_setting('base_dn'), $filter, array('cn'));
if ($sr !== FALSE) {
$info = @ldap_get_entries($this->ldap, $sr);
if ($info !== FALSE && $info['count'] > 0) {
$dn = $info[0]['dn'];
}
}
}
$ldapbind = @ldap_bind($this->ldap, $dn, $password);
$this->dn = $dn;
$result = $ldapbind;
}
return apply_filters($this->prefix . 'ldap_auth', $result);
}
/**
* Prevent modification of the error message by other authenticate hooks
* before it is shown to the user
*
* @param string $code
* @param string $message
* @return WP_Error
*/
function ldap_auth_error( $code, $message ) {
remove_all_filters( 'authenticate' );
return new WP_Error( $code, $message );
}
function user_has_groups( $username = false, $directory ) {
$result = false;
$groups = (array)$this->get_setting('groups');
$groups = array_filter($groups);
if ( ! $username ) return $result;
if ( count( $groups ) == 0 ) return true;
if ( $directory == "ad" ) {
foreach ($groups as $gp) {
if ( $this->adldap->user_ingroup ($username, $gp ) ) {
$result = true;
break;
}
}
} elseif ( $directory == "ol" ) {
if( $this->ldap === false ) return false;
$group_base_dn = $this->get_setting('group_base_dn') !== false ? $this->get_setting('group_base_dn') : $this->get_setting('base_dn');
$result = ldap_search($this->ldap, $group_base_dn, '(|(&(objectClass=groupOfUniqueNames)(uniquemember=' . $this->dn . '))(&(objectClass=groupOfNames)(member=' . $this->dn . '))(' . $this->get_setting('group_uid') . '=' . $username . '))', array($this->get_setting('ol_group')));
$ldapgroups = ldap_get_entries($this->ldap, $result);
// Ok, we should have the user, all the info, including which groups he is a member of.
// Let's make sure he's in the right group before proceeding.
$user_groups = array();
for ( $i = 0; $i < $ldapgroups['count']; $i++) {
$user_groups[] = $ldapgroups[$i][$this->get_setting('ol_group')][0];
}
$result = (bool)(count( array_intersect($user_groups, $groups) ) > 0);
}
return apply_filters($this->prefix . 'user_has_groups', $result);
}
function get_user_data( $username, $directory ) {
$user_data = array(
'user_pass' => md5( microtime() ),
'user_login' => $username,
'user_nicename' => '',
'user_email' => '',
'display_name' => '',
'first_name' => '',
'last_name' => '',
'user_url' => '',
'role' => $this->get_setting('role')
);
if ( $directory == "ad" ) {
$userinfo = $this->adldap->user_info($username, array("samaccountname","givenname","sn","mail"));
$userinfo = $userinfo[0];
} elseif ( $directory == "ol" ) {
if ( $this->ldap == null ) {return false;}
$attributes = array(
$this->get_setting('ol_login'),
$this->get_setting('user_last_name_attribute'),
$this->get_setting('user_first_name_attribute'),
$this->get_setting('user_email_attribute'),
$this->get_setting('user_url_attribute')
);
$result = ldap_search($this->ldap, $this->get_setting('base_dn'), '(' . $this->get_setting('ol_login') . '=' . $username . ')', $attributes);
$userinfo = ldap_get_entries($this->ldap, $result);
if ($userinfo['count'] == 1) {
$userinfo = $userinfo[0];
}
} else return false;
if( is_array($userinfo) ) {
$user_data['user_nicename'] = strtolower($userinfo[$this->get_setting('user_first_name_attribute')][0]) . '-' . strtolower($userinfo[$this->get_setting('user_last_name_attribute')][0]);
$user_data['user_email'] = $userinfo[$this->get_setting('user_email_attribute')][0];
$user_data['display_name'] = $userinfo[$this->get_setting('user_first_name_attribute')][0] . ' ' . $userinfo[$this->get_setting('user_last_name_attribute')][0];
$user_data['first_name'] = $userinfo[$this->get_setting('user_first_name_attribute')][0];
$user_data['last_name'] = $userinfo[$this->get_setting('user_last_name_attribute')][0];
$user_data['user_url'] = $userinfo[$this->get_setting('user_url_attribute')][0];
}
return apply_filters($this->prefix . 'user_data', $user_data);
}
function get_user_meta_data( $username, $directory ) {
if ( $directory == "ad" ) {
// TODO: get user meta data for ad
return false;
} elseif ( $directory == "ol" ) {
if ( $this->ldap == null ) {return false;}
$attributes = array();
foreach( $this->get_setting('user_meta_data') as $attr ) {
$attributes[] = $attr[0];
}
$result = ldap_search($this->ldap, $this->get_setting('base_dn'), '(' . $this->get_setting('ol_login') . '=' . $username . ')', $attributes);
$userinfo = ldap_get_entries($this->ldap, $result);
if ($userinfo['count'] == 1) {
$userinfo = $userinfo[0];
}
} else return false;
$user_meta_data = array();
foreach( $this->get_setting('user_meta_data') as $attr ) {
$user_meta_data[$attr[1]] = $userinfo[$attr[0]][0];
}
return apply_filters($this->prefix . 'user_meta_data', $user_meta_data);
}
/**
* Returns whether this plugin is currently network activated
*/
function is_network_version() {
if ( $this->network_version !== null) {
return $this->network_version;
}
if ( ! function_exists( 'is_plugin_active_for_network' ) ) {
require_once( ABSPATH . '/wp-admin/includes/plugin.php' );
}
if ( is_plugin_active_for_network( plugin_basename(__FILE__) ) ) {
$this->network_version = true;
}
else {
$this->network_version = false;
}
return $this->network_version;
}
}
if ( ! function_exists('str_true') ) {
/**
* Evaluates natural language strings to boolean equivalent
*
* Used primarily for handling boolean text provided in shopp() tag options.
* All values defined as true will return true, anything else is false.
*
* Boolean values will be passed through.
*
* Replaces the 1.0-1.1 value_is_true()
*
* @author Jonathan Davis
* @since 1.2
*
* @param string $string The natural language value
* @param array $istrue A list strings that are true
* @return boolean The boolean value of the provided text
**/
function str_true ( $string, $istrue = array('yes', 'y', 'true','1','on','open') ) {
if (is_array($string)) return false;
if (is_bool($string)) return $string;
return in_array(strtolower($string),$istrue);
}
}
$SimpleLDAPLogin = SimpleLDAPLogin::getInstance();

2413
sources/extra_files/wp-content/plugins/simple-ldap-login/includes/adLDAP.php
View file

File diff suppressed because it is too large Load diff

218
sources/extra_files/wp-content/plugins/simple-ldap-login/readme.txt
View file

@ -1,218 +0,0 @@
=== Plugin Name ===
Contributors: clifgriffin
Donate link: http://cgd.io
Tags: LDAP, authentication, login, active directory, adLDAP
Requires at least: 3.4
Tested up to: 4.5.0
Stable tag: 1.6.0
License: GPLv2 or later
Integrating WordPress with LDAP shouldn't be difficult. Now it isn't. Simple LDAP Login provides all of the features, none of the hassles.
== Description ==
Having a single login for every service is a must in large organizations. This plugin allows you to integrate WordPress with LDAP quickly and easily. Like, really really easy.
**Contributing**
This is a community project now. Most development is done by users like you who find bugs and fix them, or find new ways to make the plugin more powerful for everyone.
The easiest way to contribute to this plugin is to submit a GitHub pull request. Here's the repo:
https://github.com/clifgriffin/simple-ldap-login
**Support**
If you need support, file an issue here:
https://github.com/clifgriffin/simple-ldap-login/issues
**Special Requests**
If you need a customization or change specific to your install, I am available for hire. Shoot me an e-mail: clifgriffin[at]gmail.com
= Features =
* Supports Active Directory and OpenLDAP (and other directory systems which comply to the LDAP standard, such as OpenDS)
* Supports TLS
* Uses up-to-date methods for WordPress authentication routines.
* Authenticates existing WordPress usernames against LDAP.
* Can be configured to automatically create WordPress users for valid LDAP logins.
* You can restrict logins based on one or more LDAP groups.
* Intuitive control panel.
= Architecture =
Simple LDAP Login adds an authentication filter to WordPress that authentication requests must pass. In doing so, it makes several decisions.
* Can the provided credentials be authenticated against LDAP?
* * If so, is the LDAP user a member of the required LDAP groups (if any)?
* * * Does a matching WordPress user exist?
* * * * If so, log the user in.
* * * * If not, is user creation enabled?
* * * * * Create the user and log them in.
This is high level overview. This should answer the philosophical questions about how the plugin works. If the plugin is unable to authenticate the user, it should pass it down the chain to WordPress. (Unless LDAP Exclusive is turned on, in which case it won't.)
== Changelog ==
**Version 1.6.0**
* New filter sll_remove_default_authentication_hook lets you override local password fallback.
* Lots of new features from various pull requests from contributing users. Most of these focus on new settings for edge cases, and some general improvements.
* If we did our jobs right, nothing will break. But if it does, rolling back to 1.5.5 is the best place to start.
**Version 1.5.5**
* Fix syntax error.
* Dont sanitize user info.
**Version 1.5.4**
* Local admins will always fall back to local WP password.
* Fixes bug where new users do not have name or other information from LDAP directory
**Version 1.5.3**
* Fixing apparent security problem with blank passwords. (!)
* Fixing typo in filter name (did not affect any functionality)
* Local admin exception coming soon, as well as more bug fixes.
* Possible fix for login error upon arriving at login page when LDAP exclusive enabled.
**Version 1.5.2**
* Fixed bug with groups setting.
* Removed delete_option references in upgrade code to allow for easier rollbacks (sorry about that!)
* Fixed a few bugs in the user creation code.
* Fixed bug with storing default user role.
**Version 1.5.1**
* Fixed a bug where the domain controllers are passed as a string.
**Version 1.5**
* Complete rewritten from the ground up.
* It's Object Oriented, DRY and Singleton.
* The options have been overhauled to make configuration much easier. Focuses on individual features rather than "modes" that encapsulate several behaviors.
* Admin pages now use WordPress admin styles and behaviors.
* Tested with Active Directory. I recommend OpenLDAP users test carefully before implementing in their production environments.
* Added global on off switch so you can easily disable LDAP authentication without deactivating.
**Version 1.4.0.5.1**
* I broke it. Sorry guys! :(
* Downgraded adLDAP as some referenced functions no longer exist.
**Version 1.4.0.5**
* Updated adLDAP to version 4.x
* Fixed error in OpenLDAP group membership check
* As always TEST this first. Don't assume it works...I don't have a testing environment to ensure it will work correctly.
**Version 1.4.0.4**
* Fixes nickname bug accidentally put back in in last version. (My bad!)
**Version 1.4.0.3**
* Reverts bug introduced in 1.4.0.2
* If you installed 1.4.0.2 and use OpenLDAP, please update as soon as possible and verify users cannot login with incorrect passwords (and vice versa).
**Version 1.4.0.2 - Patches submitted by Jonas Genannt and Ilya Kozlov**
* Updates adLDAP to 3.3.2
* Fixes issue with users in recursive OUs not being found.
* Fixes issues with different Base DN formats.
* NOTE: Please be catious in updating. As I don't have an OpenLDAP install, I am unable to independently confirm these fix the problems. If you have issues, revert to 1.4.0.1 and e-mail me: clifgriffin[at]gmail.com. Likewise, If you can confirm these changes are effective, also let me know. :)
**Version 1.4.0.1**
* Fix for e-mail exists issue with WP 3.0+ for LDAP installations that don't populate the e-mail address attribute.
* Shows actual error message from WordPress upon failure.
**Version 1.4**
* First update in about a year. Thanks for your patience.
* Completely rewritten to support changes in WordPress 2.8+. Now fully supports WordPress 3.0.
* Much more manageable and efficient code structure. Less code repetition.
* Includes TLS support.
* Allows OpenLDAP users to specify an alternate LDAP attribute to use for logins for those not using UID.
**Version 1.3.0.3**
* Test form now implements wp_authenticate and uses the same routines as the actual login. This also means account creation and group membership are tested.
* Implemented stripslashes() to correct issue with some special characters such as a single quote and backslash.
* WordPress account "admin" is now allowed to login using local password even when security mode is set to high. For safety.
* Made some minor wording changes to the admin panel.
**Version 1.3.0.2.1**
* Fixed case sensitivity issue that could result in multiple accounts. There may be lingering case insensitivity issues due to the get_userdatabylogin function being case-sensitive. We'll figure this out in due time.
* Sorry for posting two updates on the same day!
**Version 1.3.0.2**
* Fixes several tickets including role assignment, case sensitivity, and potential compatibility issues with other themes/plugins.
* Added security mode setting to allow security to be tightened.
* Changed auto created accounts to use a random password rather than the LDAP password given.
* Fixed error with the way announcements are displayed in the admin panel.
* More code clean up.
**Version 1.3.0.1**
* Never officially released.
* Contained code cleanup and some attempted fixes.
**Version 1.3 Beta**
* Support for both Active Directory and OpenLDAP.
* The ability to create WordPress users automatically upon login based on LDAP group membership OR by LDAP authentication alone.
* The ability to test domain settings straight from admin panel.
* Announcements pane that allows me to update you with fixes, cautions, new beta versions, or other important information.
**Version 1.2.0.1**
* Changed required user level for admin page to 10, Administrators only.
**Version 1.2**
* Implemented multiple domain controllers.
* Changed field sizes on admin page to be more user friendly.
**Version 1.1**
* Moved settings to administration pages under settings.
* Upgraded to latest version of adLDAP 2.1.
* Got rid of credentials. (They are not neccessary for the authenticate function in adLDAP!)
* Plugin is now upgrade proof. Settings are stored using WordPress's setting functions.
**Version 1.0**
* Original release.
== Installation ==
1. Use the WordPress plugin directory to install the plugin or upload the directory `simple-ldap-login` to the `/wp-content/plugins/` directory.
1. Activate the plugin through the 'Plugins' menu in WordPress
1. Update the settings to those that best match your environment by going to Settings -> Simple LDAP Login
1. If you don't get the settings right the first time, don't fret! Just use your WordPress credentials. They should always work
1. Once you have the settings correct, you can toggle LDAP Exclusive mode (if you like).
1. To make your life easier, consider using two different browsers (e.g., Chrome and Firefox) to do testing. Change settings in one. Test in the other. This will prevent any chance of being locked out.
== Frequently Asked Questions ==
= Other than WordPress, what does my system require? =
Your install of PHP must be configured/compiled with LDAP support.
= How do I know what the correct settings are? =
I have tried to make the settings as self-explanatory as possible. If you are struggling figuring them out, you may need to speak with your LDAP administrator. I realize this is an obnoxious response, but there is no good, fool proof way to help you discover these settings. A good place to start, if you're feeling daring, might be to use ADSIEdit for Windows and Active Directory, or GQ for Linux and OpenLDAP.
= It's still not working, what other things can I try? =
If you are confident your settings are correct and it still does not work, it may be time to check for port or firewall issues. If your LDAP server is running on a non-standard port or an obsolete version of the LDAP protocol you are going to have issues. Port 389 is the port this plugin, and nearly every other LDAP enabled software expects. They are also expecting protocol version 3. If you are using an old version of LDAP or running a non-standard port you may need to modify the code that the plugin runs or update your LDAP installation.
Unfortunately I can't be relied upon to assist with these types of requests. I chose not to support these scenarios because they are infrequent and because they confuse everyone else.
= It's still not working! How can I get help? =
The easiest way to get help is to post a comment on my blog: http://clifgriffin.com/simple-ldap-login/. I'll do my best to get you up and running!
== Screenshots ==
1. Easy to use admin panel.
2. Advanced options for power users.