YunoHost-Apps/wordpress_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/wordpress_ynh.git synced 2024-09-03 20:36:10 +02:00
Code Issues Activity Actions

Merge pull request #25 from YunoHost-Apps/update_helpers

Browse source 
Upgrade to 4.8 upstream version and use latest helpers
This commit is contained in:
Maniack Crudelis 2017-09-12 18:46:46 +02:00 committed by GitHub
commit 5b24b9f955
23 changed files with 228 additions and 5057 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
README.md
View file

@ -1,7 +1,8 @@
# Wordpress multisite for YunoHost
==================
Site du project Yunohost : [Yunohost.org](https://yunohost.org/#/)
[Yunohost project](https://yunohost.org/#/)
https://wordpress.org/
=======
@ -9,10 +10,6 @@ Site du project Yunohost : [Yunohost.org](https://yunohost.org/#/)
Wordpress lets you create your blog or web site very easily. <br/>
With this package, you can even activate the [multisite](http://codex.wordpress.org/Glossary#Multisite)
https://wordpress.org/
If the multisite option is activated, the script also installs *php5-cli*.
**How to upgrade the package:**
1) sudo yunohost app upgrade --verbose wordpress -u https://github.com/YunoHost-Apps/wordpress_ynh <br/>
2) To be noted that once installed, the updates of the php code of the Wordpress blog are managed from the Wordpress web admin interface. <br/>
@ -20,13 +17,15 @@ If the multisite option is activated, the script also installs *php5-cli*.
**Multi-user support:** Yes, with LDAP ability.
**See the status of this package:**
*[Last weekly report](https://forum.yunohost.org/t/rapport-hebdomadaire-dintegration-continue/2297)*
*[Last continuous integration test](https://ci-apps.yunohost.org/jenkins/job/wordpress%20%28Official%29/lastBuild/consoleFull)*
=======
## Version Française
Logiciel de création de blog ou de site Web avec option [multisite](http://codex.wordpress.org/Glossary#Multisite)
https://wordpress.org/
Si l'option multisite est activée, le script installe le paquet *php5-cli*.
**Mise à jour du package:**
1) sudo yunohost app upgrade --verbose wordpress -u https://github.com/YunoHost-Apps/wordpress_ynh <br/>
2) A noter qu'une fois installé, les mises à jour du code php du blog Wordpress se font depuis l'interface wed d'admin de Wordpress <br/>

2
check_process
View file

@ -1,5 +1,4 @@
;; Test complet sans multisite
auto_remove=1
; Manifest
domain="domain.tld" (DOMAIN)
path="/path" (PATH)
@ -21,7 +20,6 @@
port_already_use=0
change_url=0
;; Test avec multisite
auto_remove=1
; Manifest
domain="domain.tld" (DOMAIN)
path="/path" (PATH)

4
conf/app.src
View file

@ -1,5 +1,5 @@
SOURCE_URL=https://wordpress.org/wordpress-4.7.2.tar.gz
SOURCE_SUM=17f9fe2fa6d14eba86aad152059b5afd
SOURCE_URL=https://wordpress.org/wordpress-4.8.tar.gz
SOURCE_SUM=b91248a7220a7fb1ca293c3a0ec8db6c
SOURCE_SUM_PRG=md5sum
ARCH_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true

1
conf/sql/common.sql
View file

@ -1,2 +1 @@
INSERT INTO wp_options VALUES('','http_authentication_options','a:8:{s:13:"allow_wp_auth";b:1;s:10:"auth_label";s:19:"HTTP authentication";s:9:"login_uri";s:40:"https://__DOMAIN_PATH__/wp-login.php";s:10:"logout_uri";s:28:"https://__DOMAIN_PATH__/";s:22:"additional_server_keys";s:13:"PHP_AUTH_USER";s:24:"auto_create_email_domain";s:0:"";s:10:"db_version";i:2;s:16:"auto_create_user";b:0;}','yes');
INSERT INTO wp_options (option_id,option_name,option_value,autoload) VALUES('','WPLANG','__LANGUAGE__','yes') ON DUPLICATE KEY UPDATE option_value=VALUES(option_value);

2
conf/sql/multisite.sql
View file

@ -1,3 +1 @@
INSERT INTO wp_sitemeta VALUES('',1,'sll_settings','a:14:{s:14:"account_suffix";s:0:"";s:7:"base_dn";s:27:"ou=users,dc=yunohost,dc=org";s:18:"domain_controllers";a:1:{i:0;s:9:"localhost";}s:9:"directory";s:2:"ol";s:4:"role";s:10:"subscriber";s:13:"high_security";s:5:"false";s:8:"ol_login";s:3:"uid";s:7:"use_tls";s:5:"false";s:9:"ldap_port";s:3:"389";s:12:"ldap_version";s:1:"3";s:12:"create_users";s:4:"true";s:7:"enabled";s:4:"true";s:7:"version";s:3:"1.5";s:6:"groups";a:1:{i:0;s:0:"";}}');
#--PUBLIC--UPDATE wp_sitemeta SET meta_value='a:1:{s:39:"simple-ldap-login/Simple-LDAP-Login.php";i:__DATE__;}' WHERE meta_key='active_sitewide_plugins';
#--PRIVATE--UPDATE wp_sitemeta SET meta_value='a:2:{s:39:"simple-ldap-login/Simple-LDAP-Login.php";i:__DATE__;s:43:"http-authentication/http-authentication.php";i:__DATE__;}' WHERE meta_key='active_sitewide_plugins';

2
conf/sql/single.sql
View file

@ -1,3 +1 @@
INSERT INTO wp_options VALUES('','sll_settings','a:14:{s:14:"account_suffix";s:0:"";s:7:"base_dn";s:27:"ou=users,dc=yunohost,dc=org";s:18:"domain_controllers";a:1:{i:0;s:9:"localhost";}s:9:"directory";s:2:"ol";s:4:"role";s:10:"subscriber";s:13:"high_security";s:5:"false";s:8:"ol_login";s:3:"uid";s:7:"use_tls";s:5:"false";s:9:"ldap_port";s:3:"389";s:12:"ldap_version";s:1:"3";s:12:"create_users";s:4:"true";s:7:"enabled";s:4:"true";s:7:"version";s:3:"1.5";s:6:"groups";a:1:{i:0;s:0:"";}}','yes');
#--PRIVATE--UPDATE wp_options SET option_value='a:2:{i:0;s:43:"http-authentication/http-authentication.php";i:1;s:39:"simple-ldap-login/Simple-LDAP-Login.php";}' WHERE option_name='active_plugins';
#--PUBLIC--UPDATE wp_options SET option_value='a:1:{i:1;s:39:"simple-ldap-login/Simple-LDAP-Login.php";}' WHERE option_name='active_plugins';

83
conf/wp-config.php
View file

@ -1,14 +1,51 @@
<?php
/**
* The base configuration for WordPress
*
* The wp-config.php creation script uses this file during the
* installation. You don't have to use the web site, you can
* copy this file to "wp-config.php" and fill in the values.
*
* This file contains the following configurations:
*
* * MySQL settings
* * Secret keys
* * Database table prefix
* * ABSPATH
*
* @link https://codex.wordpress.org/Editing_wp-config.php
*
* @package WordPress
*/
// Database
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', '__DB_USER__');
/** MySQL database username */
define('DB_USER', '__DB_USER__');
/** MySQL database password */
define('DB_PASSWORD', '__DB_PWD__');
/** MySQL hostname */
define('DB_HOST', 'localhost');
/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');
/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');
// Keys
/**#@+
* Authentication Unique Keys and Salts.
*
* Change these to different unique phrases!
* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
*
* @since 2.6.0
*/
define('AUTH_KEY', 'KEY1');
define('SECURE_AUTH_KEY', 'KEY2');
define('LOGGED_IN_KEY', 'KEY3');
@ -18,32 +55,38 @@ define('SECURE_AUTH_SALT', 'KEY6');
define('LOGGED_IN_SALT', 'KEY7');
define('NONCE_SALT', 'KEY8');
// Prefix
/**#@-*/
/**
* WordPress Database Table prefix.
*
* You can have multiple installations in one database if you give each
* a unique prefix. Only numbers, letters, and underscores please!
*/
$table_prefix = 'wp_';
// Debug mode
define('WP_DEBUG', false);
/**
* For developers: WordPress debugging mode.
*
* Change this to true to enable the display of notices during development.
* It is strongly recommended that plugin and theme developers use WP_DEBUG
* in their development environments.
*
* For information on other constants that can be used for debugging,
* visit the Codex.
*
* @link https://codex.wordpress.org/Debugging_in_WordPress
*/
define('WP_DEBUG', false);
// Multisite
//--MULTISITE1--define('WP_ALLOW_MULTISITE', true);
//--MULTISITE2--define('MULTISITE', true);
//--MULTISITE2--define('SUBDOMAIN_INSTALL', false);
//--MULTISITE2--define('DOMAIN_CURRENT_SITE', '__DOMAIN__');
//--MULTISITE2--define('PATH_CURRENT_SITE', '__PATH__/');
//--MULTISITE2--define('SITE_ID_CURRENT_SITE', 1);
//--MULTISITE2--define('BLOG_ID_CURRENT_SITE', 1);
/* That's all, stop editing! Happy blogging. */
// Path
/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
// WordPress settings path
/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');
// Force https redirect
//--PUBLIC--define('FORCE_SSL_ADMIN', true);
// Auto update
define('WP_AUTO_UPDATE_CORE', 'minor');
//add_filter( 'auto_update_plugin', '__return_true' );
//add_filter( 'auto_update_theme', '__return_true' );

12
manifest.json
View file

@ -2,20 +2,20 @@
"name": "WordPress",
"id": "wordpress",
"packaging_format": 1,
"requirements": {
"yunohost": ">= 2.4"
},
"description": {
"en": "Create a beautiful blog or website easily",
"fr": "Logiciel de création de blog ou de site Web"
},
"version": "4.7.2",
"version": "4.8",
"url": "https://wordpress.org/",
"license": "GPLv2",
"maintainer": {
"name": "Maniack Crudelis",
"email": "maniackc_dev@crudelis.fr"
},
"requirements": {
"yunohost": ">= 2.7.2"
},
"multi_instance": true,
"services": [
"nginx",
@ -58,8 +58,8 @@
"en": "Choose the language of the WordPress site",
"fr": "Choissisez la langue du WordPress"
},
"choices": ["en_EN", "fr_FR"],
"default": "en_EN"
"choices": ["en_US", "fr_FR"],
"default": "en_US"
},
{
"name": "multisite",

819
scripts/_common.sh
View file

@ -1,147 +1,13 @@
#!/bin/bash
#=================================================
#=================================================
# TESTING
#=================================================
#=================================================
ynh_fpm_config () {
finalphpconf="/etc/php5/fpm/pool.d/$app.conf"
ynh_backup_if_checksum_is_different "$finalphpconf" 1
sudo cp ../conf/php-fpm.conf "$finalphpconf"
ynh_replace_string "__NAMETOCHANGE__" "$app" "$finalphpconf"
ynh_replace_string "__FINALPATH__" "$final_path" "$finalphpconf"
ynh_replace_string "__USER__" "$app" "$finalphpconf"
sudo chown root: "$finalphpconf"
ynh_store_file_checksum "$finalphpconf"
if [ -e "../conf/php-fpm.ini" ]
then
finalphpini="/etc/php5/fpm/conf.d/20-$app.ini"
ynh_backup_if_checksum_is_different "$finalphpini" 1
sudo cp ../conf/php-fpm.ini "$finalphpini"
sudo chown root: "$finalphpini"
ynh_store_file_checksum "$finalphpini"
fi
sudo systemctl reload php5-fpm
}
ynh_remove_fpm_config () {
ynh_secure_remove "/etc/php5/fpm/pool.d/$app.conf"
ynh_secure_remove "/etc/php5/fpm/conf.d/20-$app.ini"
sudo systemctl reload php5-fpm
}
ynh_nginx_config () {
finalnginxconf="/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_backup_if_checksum_is_different "$finalnginxconf" 1
sudo cp ../conf/nginx.conf "$finalnginxconf"
# To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable.
# Substitute in a nginx config file only if the variable is not empty
if test -n "${path_url:-}"; then
ynh_replace_string "__PATH__" "$path_url" "$finalnginxconf"
fi
if test -n "${domain:-}"; then
ynh_replace_string "__DOMAIN__" "$domain" "$finalnginxconf"
fi
if test -n "${port:-}"; then
ynh_replace_string "__PORT__" "$port" "$finalnginxconf"
fi
if test -n "${app:-}"; then
ynh_replace_string "__NAME__" "$app" "$finalnginxconf"
fi
if test -n "${final_path:-}"; then
ynh_replace_string "__FINALPATH__" "$final_path" "$finalnginxconf"
fi
ynh_store_file_checksum "$finalnginxconf"
sudo systemctl reload nginx
}
ynh_remove_nginx_config () {
ynh_secure_remove "/etc/nginx/conf.d/$domain.d/$app.conf"
sudo systemctl reload nginx
}
ynh_systemd_config () {
finalsystemdconf="/etc/systemd/system/$app.service"
ynh_backup_if_checksum_is_different "$finalsystemdconf" 1
sudo cp ../conf/systemd.service "$finalsystemdconf"
# To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable.
# Substitute in a nginx config file only if the variable is not empty
if test -n "${final_path:-}"; then
ynh_replace_string "__FINALPATH__" "$final_path" "$finalsystemdconf"
fi
if test -n "${app:-}"; then
ynh_replace_string "__APP__" "$app" "$finalsystemdconf"
fi
ynh_store_file_checksum "$finalsystemdconf"
sudo chown root: "$finalsystemdconf"
sudo systemctl enable $app
sudo systemctl daemon-reload
}
ynh_remove_systemd_config () {
finalsystemdconf="/etc/systemd/system/$app.service"
if [ -e "$finalsystemdconf" ]; then
sudo systemctl stop $app
sudo systemctl disable $app
ynh_secure_remove "$finalsystemdconf"
fi
}
#=================================================
#=================================================
#=================================================
# CHECKING
#=================================================
CHECK_DOMAINPATH () { # Vérifie la disponibilité du path et du domaine.
if sudo yunohost app --help | grep --quiet url-available
then
# Check availability of a web path
ynh_webpath_available $domain $path_url
# Register/book a web path for an app
ynh_webpath_register $app $domain $path_url
else
# Use the legacy command
sudo yunohost app checkurl $domain$path_url -a $app
fi
}
CHECK_FINALPATH () { # Vérifie que le dossier de destination n'est pas déjà utilisé.
final_path=/var/www/$app
test ! -e "$final_path" || ynh_die "This path already contains a folder"
}
#=================================================
# DISPLAYING
#=================================================
NO_PRINT () { # Supprime l'affichage dans stdout pour la commande en argument.
set +x
$@
set -x
}
WARNING () { # Écrit sur le canal d'erreur pour passer en warning.
$@ >&2
}
SUPPRESS_WARNING () { # Force l'écriture sur la sortie standard
$@ 2>&1
}
QUIET () { # Redirige la sortie standard dans /dev/null
$@ > /dev/null
}
ALL_QUIET () { # Redirige la sortie standard et d'erreur dans /dev/null
$@ > /dev/null 2>&1
}
@ -150,35 +16,6 @@ ALL_QUIET () { # Redirige la sortie standard et d'erreur dans /dev/null
# BACKUP
#=================================================
BACKUP_FAIL_UPGRADE () {
WARNING echo "Upgrade failed."
app_bck=${app//_/-} # Replace all '_' by '-'
if sudo yunohost backup list | grep -q $app_bck-pre-upgrade$backup_number; then # Vérifie l'existence de l'archive avant de supprimer l'application et de restaurer
sudo yunohost app remove $app # Supprime l'application avant de la restaurer.
sudo yunohost backup restore --ignore-hooks $app_bck-pre-upgrade$backup_number --apps $app --force # Restore the backup if upgrade failed
ynh_die "The app was restored to the way it was before the failed upgrade."
fi
}
BACKUP_BEFORE_UPGRADE () { # Backup the current version of the app, restore it if the upgrade fails
backup_number=1
old_backup_number=2
app_bck=${app//_/-} # Replace all '_' by '-'
if sudo yunohost backup list | grep -q $app_bck-pre-upgrade1; then # Vérifie l'existence d'une archive déjà numéroté à 1.
backup_number=2 # Et passe le numéro de l'archive à 2
old_backup_number=1
fi
sudo yunohost backup create --ignore-hooks --apps $app --name $app_bck-pre-upgrade$backup_number # Créer un backup différent de celui existant.
if [ "$?" -eq 0 ]; then # Si le backup est un succès, supprime l'archive précédente.
if sudo yunohost backup list | grep -q $app_bck-pre-upgrade$old_backup_number; then # Vérifie l'existence de l'ancienne archive avant de la supprimer, pour éviter une erreur.
QUIET sudo yunohost backup delete $app_bck-pre-upgrade$old_backup_number
fi
else # Si le backup a échoué
ynh_die "Backup failed, the upgrade process was aborted."
fi
}
HUMAN_SIZE () { # Transforme une taille en Ko en une taille lisible pour un humain
human=$(numfmt --to=iec --from-unit=1K $1)
echo $human
@ -186,8 +23,8 @@ HUMAN_SIZE () { # Transforme une taille en Ko en une taille lisible pour un huma
CHECK_SIZE () { # Vérifie avant chaque backup que l'espace est suffisant
file_to_analyse=$1
backup_size=$(sudo du --summarize "$file_to_analyse" | cut -f1)
free_space=$(sudo df --output=avail "/home/yunohost.backup" | sed 1d)
backup_size=$(du --summarize "$file_to_analyse" | cut -f1)
free_space=$(df --output=avail "/home/yunohost.backup" | sed 1d)
if [ $free_space -le $backup_size ]
then
@ -196,655 +33,3 @@ CHECK_SIZE () { # Vérifie avant chaque backup que l'espace est suffisant
ynh_die "Espace nécessaire: $(HUMAN_SIZE $backup_size)"
fi
}
# Ce helper est temporaire et sert de remplacement à la véritable fonction ynh_restore_file. Le temps qu'elle arrive...
ynh_restore_file () {
if [ -f "$1" ]; then
ynh_die "There is already a file at this path: $1"
fi
sudo cp -a "${YNH_APP_BACKUP_DIR}$1" "$1"
}
#=================================================
# PACKAGE CHECK BYPASSING...
#=================================================
IS_PACKAGE_CHECK () { # Détermine une exécution en conteneur (Non testé)
return $(uname -n | grep -c 'pchecker_lxc')
}
#=================================================
# NODEJS
#=================================================
sudo_path () {
sudo env "PATH=$PATH" $@
}
# INFOS
# n (Node version management) utilise la variable PATH pour stocker le path de la version de node à utiliser.
# C'est ainsi qu'il change de version
# En attendant une généralisation de root, il est possible d'utiliser sudo avec le helper temporaire sudo_path
# Il permet d'utiliser sudo en gardant le $PATH modifié
# ynh_install_nodejs installe la version de nodejs demandée en argument, avec n
# ynh_use_nodejs active une version de nodejs dans le script courant
# 3 variables sont mises à disposition, et 2 sont stockées dans la config de l'app
# - nodejs_path: Le chemin absolu de cette version de node
# Utilisé pour des appels directs à node.
# - nodejs_version: Simplement le numéro de version de nodejs pour cette application
# - nodejs_use_version: Un alias pour charger une version de node dans le shell courant.
# Utilisé pour démarrer un service ou un script qui utilise node ou npm
# Dans ce cas, c'est $PATH qui contient le chemin de la version de node. Il doit être propagé sur les autres shell si nécessaire.
n_install_dir="/opt/node_n"
ynh_use_nodejs () {
nodejs_version=$(ynh_app_setting_get $app nodejs_version)
load_n_path="[[ :$PATH: == *\":$n_install_dir/bin:\"* ]] || PATH+=\":$n_install_dir/bin\""
nodejs_use_version="n $nodejs_version"
# "Load" a version of node
eval $load_n_path; $nodejs_use_version
eval $load_n_path; sudo env "PATH=$PATH" $nodejs_use_version
# Get the absolute path of this version of node
nodejs_path="$(n bin $nodejs_version)"
# Make an alias for node use
ynh_node_exec="eval $load_n_path; n use $nodejs_version"
sudo_ynh_node_exec="eval $load_n_path; sudo env \"PATH=$PATH\" n use $nodejs_version"
}
ynh_install_nodejs () {
# Use n, https://github.com/tj/n to manage the nodejs versions
local nodejs_version="$1"
local n_install_script="https://git.io/n-install"
# Create $n_install_dir
sudo mkdir -p "$n_install_dir"
# Load n path in PATH
PATH+=":$n_install_dir/bin"
# If n is not previously setup, install it
n --version > /dev/null 2>&1 || \
( echo "Installation of N - Node.js version management" >&2; \
curl -sL $n_install_script | sudo N_PREFIX="$n_install_dir" bash -s -- -y $nodejs_version )
# Install the requested version of nodejs (except for the first installation of n, which installed the requested version of node.)
sudo env "PATH=$PATH" n $nodejs_version
# Use the real installed version. Sometimes slightly different
nodejs_version=$(node --version | cut -c2-)
# Store the ID of this app and the version of node requested for it
echo "$YNH_APP_ID:$nodejs_version" | sudo tee --append "$n_install_dir/ynh_app_version"
# Store nodejs_version into the config of this app
ynh_app_setting_set $app nodejs_version $nodejs_version
ynh_use_nodejs
}
ynh_remove_nodejs () {
ynh_use_nodejs
# Remove the line for this app
sudo sed --in-place "/$YNH_APP_ID:$nodejs_version/d" "$n_install_dir/ynh_app_version"
# If none another app uses this version of nodejs, remove it.
if ! grep --quiet "$nodejs_version" "$n_install_dir/ynh_app_version"
then
n rm $nodejs_version
fi
# If none another app uses n, remove n
if [ ! -s "$n_install_dir/ynh_app_version" ]
then
ynh_secure_remove "$n_install_dir"
sudo sed --in-place "/N_PREFIX/d" /root/.bashrc
fi
}
#=================================================
#=================================================
# FUTUR YNH HELPERS
#=================================================
# Importer ce fichier de fonction avant celui des helpers officiel
# Ainsi, les officiels prendront le pas sur ceux-ci le cas échéant
#=================================================
# Normalize the url path syntax
# Handle the slash at the beginning of path and its absence at ending
# Return a normalized url path
#
# example: url_path=$(ynh_normalize_url_path $url_path)
# ynh_normalize_url_path example -> /example
# ynh_normalize_url_path /example -> /example
# ynh_normalize_url_path /example/ -> /example
# ynh_normalize_url_path / -> /
#
# usage: ynh_normalize_url_path path_to_normalize
# | arg: url_path_to_normalize - URL path to normalize before using it
ynh_normalize_url_path () {
path_url=$1
test -n "$path_url" || ynh_die "ynh_normalize_url_path expect a URL path as first argument and received nothing."
if [ "${path_url:0:1}" != "/" ]; then # If the first character is not a /
path_url="/$path_url" # Add / at begin of path variable
fi
if [ "${path_url:${#path_url}-1}" == "/" ] && [ ${#path_url} -gt 1 ]; then # If the last character is a / and that not the only character.
path_url="${path_url:0:${#path_url}-1}" # Delete the last character
fi
echo $path_url
}
# Check if a mysql user exists
#
# usage: ynh_mysql_user_exists user
# | arg: user - the user for which to check existence
function ynh_mysql_user_exists()
{
local user=$1
if [[ -z $(ynh_mysql_execute_as_root "SELECT User from mysql.user WHERE User = '$user';") ]]
then
return 1
else
return 0
fi
}
# Create a database, an user and its password. Then store the password in the app's config
#
# After executing this helper, the password of the created database will be available in $db_pwd
# It will also be stored as "mysqlpwd" into the app settings.
#
# usage: ynh_mysql_setup_db user name [pwd]
# | arg: user - Owner of the database
# | arg: name - Name of the database
# | arg: pwd - Password of the database. If not given, a password will be generated
ynh_mysql_setup_db () {
local db_user="$1"
local db_name="$2"
local new_db_pwd=$(ynh_string_random) # Generate a random password
db_pwd="${3:-$new_db_pwd}"
ynh_mysql_create_db "$db_name" "$db_user" "$db_pwd" # Create the database
ynh_app_setting_set $app mysqlpwd $db_pwd # Store the password in the app's config
}
# Remove a database if it exists, and the associated user
#
# usage: ynh_mysql_remove_db user name
# | arg: user - Owner of the database
# | arg: name - Name of the database
ynh_mysql_remove_db () {
local db_user="$1"
local db_name="$2"
local mysql_root_password=$(sudo cat $MYSQL_ROOT_PWD_FILE)
if mysqlshow -u root -p$mysql_root_password | grep -q "^| $db_name"; then # Check if the database exists
echo "Removing database $db_name" >&2
ynh_mysql_drop_db $db_name # Remove the database
else
echo "Database $db_name not found" >&2
fi
# Remove mysql user if it exists
if $(ynh_mysql_user_exists $db_user); then
ynh_mysql_drop_user $db_user
fi
}
# Correct the name given in argument for mariadb
#
# Avoid invalid name for your database
#
# Exemple: dbname=$(ynh_make_valid_dbid $app)
#
# usage: ynh_make_valid_dbid name
# | arg: name - name to correct
# | ret: the corrected name
ynh_sanitize_dbid () {
dbid=${1//[-.]/_} # We should avoid having - and . in the name of databases. They are replaced by _
echo $dbid
}
# Manage a fail of the script
#
# Print a warning to inform that the script was failed
# Execute the ynh_clean_setup function if used in the app script
#
# usage of ynh_clean_setup function
# This function provide a way to clean some residual of installation that not managed by remove script.
# To use it, simply add in your script:
# ynh_clean_setup () {
# instructions...
# }
# This function is optionnal.
#
# Usage: ynh_exit_properly is used only by the helper ynh_abort_if_errors.
# You must not use it directly.
ynh_exit_properly () {
exit_code=$?
if [ "$exit_code" -eq 0 ]; then
exit 0 # Exit without error if the script ended correctly
fi
trap '' EXIT # Ignore new exit signals
set +eu # Do not exit anymore if a command fail or if a variable is empty
echo -e "!!\n $app's script has encountered an error. Its execution was cancelled.\n!!" >&2
if type -t ynh_clean_setup > /dev/null; then # Check if the function exist in the app script.
ynh_clean_setup # Call the function to do specific cleaning for the app.
fi
ynh_die # Exit with error status
}
# Exit if an error occurs during the execution of the script.
#
# Stop immediatly the execution if an error occured or if a empty variable is used.
# The execution of the script is derivate to ynh_exit_properly function before exit.
#
# Usage: ynh_abort_if_errors
ynh_abort_if_errors () {
set -eu # Exit if a command fail, and if a variable is used unset.
trap ynh_exit_properly EXIT # Capturing exit signals on shell script
}
# Define and install dependencies with a equivs control file
# This helper can/should only be called once per app
#
# usage: ynh_install_app_dependencies dep [dep [...]]
# | arg: dep - the package name to install in dependence
ynh_install_app_dependencies () {
dependencies=$@
manifest_path="../manifest.json"
if [ ! -e "$manifest_path" ]; then
manifest_path="../settings/manifest.json" # Into the restore script, the manifest is not at the same place
fi
version=$(sudo grep '\"version\": ' "$manifest_path" | cut -d '"' -f 4) # Retrieve the version number in the manifest file.
dep_app=${app//_/-} # Replace all '_' by '-'
if ynh_package_is_installed "${dep_app}-ynh-deps"; then
echo "A package named ${dep_app}-ynh-deps is already installed" >&2
else
cat > ./${dep_app}-ynh-deps.control << EOF # Make a control file for equivs-build
Section: misc
Priority: optional
Package: ${dep_app}-ynh-deps
Version: ${version}
Depends: ${dependencies// /, }
Architecture: all
Description: Fake package for ${app} (YunoHost app) dependencies
This meta-package is only responsible of installing its dependencies.
EOF
ynh_package_install_from_equivs ./${dep_app}-ynh-deps.control \
|| ynh_die "Unable to install dependencies" # Install the fake package and its dependencies
ynh_app_setting_set $app apt_dependencies $dependencies
fi
}
# Remove fake package and its dependencies
#
# Dependencies will removed only if no other package need them.
#
# usage: ynh_remove_app_dependencies
ynh_remove_app_dependencies () {
dep_app=${app//_/-} # Replace all '_' by '-'
ynh_package_autoremove ${dep_app}-ynh-deps # Remove the fake package and its dependencies if they not still used.
}
# Use logrotate to manage the logfile
#
# usage: ynh_use_logrotate [logfile]
# | arg: logfile - absolute path of logfile
#
# If no argument provided, a standard directory will be use. /var/log/${app}
# You can provide a path with the directory only or with the logfile.
# /parentdir/logdir/
# /parentdir/logdir/logfile.log
#
# It's possible to use this helper several times, each config will added to same logrotate config file.
ynh_use_logrotate () {
if [ "$#" -gt 0 ]; then
if [ "$(echo ${1##*.})" == "log" ]; then # Keep only the extension to check if it's a logfile
logfile=$1 # In this case, focus logrotate on the logfile
else
logfile=$1/.log # Else, uses the directory and all logfile into it.
fi
else
logfile="/var/log/${app}/*.log" # Without argument, use a defaut directory in /var/log
fi
cat > ./${app}-logrotate << EOF # Build a config file for logrotate
$logfile {
# Rotate if the logfile exceeds 100Mo
size 100M
# Keep 12 old log maximum
rotate 12
# Compress the logs with gzip
compress
# Compress the log at the next cycle. So keep always 2 non compressed logs
delaycompress
# Copy and truncate the log to allow to continue write on it. Instead of move the log.
copytruncate
# Do not do an error if the log is missing
missingok
# Not rotate if the log is empty
notifempty
# Keep old logs in the same dir
noolddir
}
EOF
sudo mkdir -p $(dirname "$logfile") # Create the log directory, if not exist
cat ${app}-logrotate | sudo tee -a /etc/logrotate.d/$app > /dev/null # Append this config to the others for this app. If a config file already exist
}
# Remove the app's logrotate config.
#
# usage: ynh_remove_logrotate
ynh_remove_logrotate () {
if [ -e "/etc/logrotate.d/$app" ]; then
sudo rm "/etc/logrotate.d/$app"
fi
}
# Find a free port and return it
#
# example: port=$(ynh_find_port 8080)
#
# usage: ynh_find_port begin_port
# | arg: begin_port - port to start to search
ynh_find_port () {
port=$1
test -n "$port" || ynh_die "The argument of ynh_find_port must be a valid port."
while netcat -z 127.0.0.1 $port # Check if the port is free
do
port=$((port+1)) # Else, pass to next port
done
echo $port
}
# Create a system user
#
# usage: ynh_system_user_create user_name [home_dir]
# | arg: user_name - Name of the system user that will be create
# | arg: home_dir - Path of the home dir for the user. Usually the final path of the app. If this argument is omitted, the user will be created without home
ynh_system_user_create () {
if ! ynh_system_user_exists "$1" # Check if the user exists on the system
then # If the user doesn't exist
if [ $# -ge 2 ]; then # If a home dir is mentioned
user_home_dir="-d $2"
else
user_home_dir="--no-create-home"
fi
sudo useradd $user_home_dir --system --user-group $1 --shell /usr/sbin/nologin || ynh_die "Unable to create $1 system account"
fi
}
# Delete a system user
#
# usage: ynh_system_user_delete user_name
# | arg: user_name - Name of the system user that will be create
ynh_system_user_delete () {
if ynh_system_user_exists "$1" # Check if the user exists on the system
then
echo "Remove the user $1" >&2
sudo userdel $1
else
echo "The user $1 was not found" >&2
fi
}
# Curl abstraction to help with POST requests to local pages (such as installation forms)
#
# $domain and $path_url should be defined externally (and correspond to the domain.tld and the /path (of the app?))
#
# example: ynh_local_curl "/install.php?installButton" "foo=$var1" "bar=$var2"
#
# usage: ynh_local_curl "page_uri" "key1=value1" "key2=value2" ...
# | arg: page_uri - Path (relative to $path_url) of the page where POST data will be sent
# | arg: key1=value1 - (Optionnal) POST key and corresponding value
# | arg: key2=value2 - (Optionnal) Another POST key and corresponding value
# | arg: ... - (Optionnal) More POST keys and values
ynh_local_curl () {
# Define url of page to curl
full_page_url=https://localhost$path_url$1
# Concatenate all other arguments with '&' to prepare POST data
POST_data=""
for arg in "${@:2}"
do
POST_data="${POST_data}${arg}&"
done
if [ -n "$POST_data" ]
then
# Add --data arg and remove the last character, which is an unecessary '&'
POST_data="--data \"${POST_data::-1}\""
fi
# Curl the URL
curl --silent --show-error -kL -H "Host: $domain" --resolve $domain:443:127.0.0.1 $POST_data "$full_page_url"
}
# Substitute/replace a string by another in a file
#
# usage: ynh_replace_string match_string replace_string target_file
# | arg: match_string - String to be searched and replaced in the file
# | arg: replace_string - String that will replace matches
# | arg: target_file - File in which the string will be replaced.
ynh_replace_string () {
delimit=@
match_string=${1//${delimit}/"\\${delimit}"} # Escape the delimiter if it's in the string.
replace_string=${2//${delimit}/"\\${delimit}"}
workfile=$3
sudo sed --in-place "s${delimit}${match_string}${delimit}${replace_string}${delimit}g" "$workfile"
}
# Remove a file or a directory securely
#
# usage: ynh_secure_remove path_to_remove
# | arg: path_to_remove - File or directory to remove
ynh_secure_remove () {
path_to_remove=$1
forbidden_path=" \
/var/www \
/home/yunohost.app"
if [[ "$forbidden_path" =~ "$path_to_remove" \
# Match all paths or subpaths in $forbidden_path
|| "$path_to_remove" =~ ^/[[:alnum:]]+$ \
# Match all first level paths from / (Like /var, /root, etc...)
|| "${path_to_remove:${#path_to_remove}-1}" = "/" ]]
# Match if the path finishes by /. Because it seems there is an empty variable
then
echo "Avoid deleting $path_to_remove." >&2
else
if [ -e "$path_to_remove" ]
then
sudo rm -R "$path_to_remove"
else
echo "$path_to_remove wasn't deleted because it doesn't exist." >&2
fi
fi
}
# Download, check integrity, uncompress and patch the source from app.src
#
# The file conf/app.src need to contains:
#
# SOURCE_URL=Address to download the app archive
# SOURCE_SUM=Control sum
# # (Optional) Programm to check the integrity (sha256sum, md5sum$YNH_EXECUTION_DIR/...)
# # default: sha256
# SOURCE_SUM_PRG=sha256
# # (Optional) Archive format
# # default: tar.gz
# SOURCE_FORMAT=tar.gz
# # (Optional) Put false if source are directly in the archive root
# # default: true
# SOURCE_IN_SUBDIR=false
# # (Optionnal) Name of the local archive (offline setup support)
# # default: ${src_id}.${src_format}
# SOURCE_FILENAME=example.tar.gz
#
# Details:
# This helper download sources from SOURCE_URL if there is no local source
# archive in /opt/yunohost-apps-src/APP_ID/SOURCE_FILENAME
#
# Next, it check the integrity with "SOURCE_SUM_PRG -c --status" command.
#
# If it's ok, the source archive will be uncompress in $dest_dir. If the
# SOURCE_IN_SUBDIR is true, the first level directory of the archive will be
# removed.
#
# Finally, patches named sources/patches/${src_id}-*.patch and extra files in
# sources/extra_files/$src_id will be applyed to dest_dir
#
#
# usage: ynh_setup_source dest_dir [source_id]
# | arg: dest_dir - Directory where to setup sources
# | arg: source_id - Name of the app, if the package contains more than one app
YNH_EXECUTION_DIR="."
ynh_setup_source () {
local dest_dir=$1
local src_id=${2:-app} # If the argument is not given, source_id equal "app"
# Load value from configuration file (see above for a small doc about this file
# format)
local src_url=$(grep 'SOURCE_URL=' "$YNH_EXECUTION_DIR/../conf/${src_id}.src" | cut -d= -f2-)
local src_sum=$(grep 'SOURCE_SUM=' "$YNH_EXECUTION_DIR/../conf/${src_id}.src" | cut -d= -f2-)
local src_sumprg=$(grep 'SOURCE_SUM_PRG=' "$YNH_EXECUTION_DIR/../conf/${src_id}.src" | cut -d= -f2-)
local src_format=$(grep 'SOURCE_FORMAT=' "$YNH_EXECUTION_DIR/../conf/${src_id}.src" | cut -d= -f2-)
local src_in_subdir=$(grep 'SOURCE_IN_SUBDIR=' "$YNH_EXECUTION_DIR/../conf/${src_id}.src" | cut -d= -f2-)
local src_filename=$(grep 'SOURCE_FILENAME=' "$YNH_EXECUTION_DIR/../conf/${src_id}.src" | cut -d= -f2-)
# Default value
src_sumprg=${src_sumprg:-sha256sum}
src_in_subdir=${src_in_subdir:-true}
src_format=${src_format:-tar.gz}
src_format=$(echo "$src_format" | tr '[:upper:]' '[:lower:]')
if [ "$src_filename" = "" ] ; then
src_filename="${src_id}.${src_format}"
fi
local local_src="/opt/yunohost-apps-src/${YNH_APP_ID}/${src_filename}"
if test -e "$local_src"
then # Use the local source file if it is present
cp $local_src $src_filename
else # If not, download the source
wget -nv -O $src_filename $src_url
fi
# Check the control sum
echo "${src_sum} ${src_filename}" | ${src_sumprg} -c --status \
|| ynh_die "Corrupt source"
# Extract source into the app dir
sudo mkdir -p "$dest_dir"
if [ "$src_format" = "zip" ]
then
# Zip format
# Using of a temp directory, because unzip doesn't manage --strip-components
if $src_in_subdir ; then
local tmp_dir=$(mktemp -d)
sudo unzip -quo $src_filename -d "$tmp_dir"
sudo cp -a $tmp_dir/*/. "$dest_dir"
ynh_secure_remove "$tmp_dir"
else
sudo unzip -quo $src_filename -d "$dest_dir"
fi
else
local strip=""
if $src_in_subdir ; then
strip="--strip-components 1"
fi
if [[ "$src_format" =~ ^tar.gz|tar.bz2|tar.xz$ ]] ; then
sudo tar -xf $src_filename -C "$dest_dir" $strip
else
ynh_die "Archive format unrecognized."
fi
fi
# Apply patches
if (( $(find $YNH_EXECUTION_DIR/../sources/patches/ -type f -name "${src_id}-*.patch" 2> /dev/null | wc -l) > "0" )); then
local old_dir=$(pwd)
(cd "$dest_dir" \
&& for p in $YNH_EXECUTION_DIR/../sources/patches/${src_id}-*.patch; do \
sudo patch -p1 < $p; done) \
|| ynh_die "Unable to apply patches"
cd $old_dir
fi
# Add supplementary files
if test -e "$YNH_EXECUTION_DIR/../sources/extra_files/${src_id}"; then
sudo cp -a $YNH_EXECUTION_DIR/../sources/extra_files/$src_id/. "$dest_dir"
fi
}
# Check availability of a web path
#
# example: ynh_webpath_available some.domain.tld /coffee
#
# usage: ynh_webpath_available domain path
# | arg: domain - the domain/host of the url
# | arg: path - the web path to check the availability of
ynh_webpath_available () {
local domain=$1
local path=$2
sudo yunohost domain url-available $domain $path
}
# Register/book a web path for an app
#
# example: ynh_webpath_register wordpress some.domain.tld /coffee
#
# usage: ynh_webpath_register app domain path
# | arg: app - the app for which the domain should be registered
# | arg: domain - the domain/host of the web path
# | arg: path - the web path to be registered
ynh_webpath_register () {
local app=$1
local domain=$2
local path=$3
sudo yunohost app register-url $app $domain $path
}
# Calculate and store a file checksum into the app settings
#
# $app should be defined when calling this helper
#
# usage: ynh_store_file_checksum file
# | arg: file - The file on which the checksum will performed, then stored.
ynh_store_file_checksum () {
local checksum_setting_name=checksum_${1//[\/ ]/_} # Replace all '/' and ' ' by '_'
ynh_app_setting_set $app $checksum_setting_name $(sudo md5sum "$1" | cut -d' ' -f1)
}
# Verify the checksum and backup the file if it's different
# This helper is primarily meant to allow to easily backup personalised/manually
# modified config files.
#
# $app should be defined when calling this helper
#
# usage: ynh_backup_if_checksum_is_different file
# | arg: file - The file on which the checksum test will be perfomed.
#
# | ret: Return the name a the backup file, or nothing
ynh_backup_if_checksum_is_different () {
local file=$1
local checksum_setting_name=checksum_${file//[\/ ]/_} # Replace all '/' and ' ' by '_'
local checksum_value=$(ynh_app_setting_get $app $checksum_setting_name)
if [ -n "$checksum_value" ]
then # Proceed only if a value was stored into the app settings
if ! echo "$checksum_value $file" | sudo md5sum -c --status
then # If the checksum is now different
backup_file="/home/yunohost.conf/backup/$file.backup.$(date '+%Y%m%d.%H%M%S')"
sudo mkdir -p "$(dirname "$backup_file")"
sudo cp -a "$file" "$backup_file" # Backup the current file
echo "File $file has been manually modified since the installation or last upgrade. So it has been duplicated in $backup_file" >&2
echo "$backup_file" # Return the name of the backup file
fi
fi
}

29
scripts/backup
View file

@ -2,25 +2,25 @@
#=================================================
# GENERIC STARTING
#=================================================
# MANAGE FAILURE OF THE SCRIPT
#=================================================
# Exit on command errors and treat unset variables as an error
set -eu
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
if [ ! -e _common.sh ]; then
# Rapatrie le fichier de fonctions si il n'est pas dans le dossier courant
sudo cp ../settings/scripts/_common.sh ./_common.sh
sudo chmod a+rx _common.sh
# Get the _common.sh file if it's not in the current directory
cp ../settings/scripts/_common.sh ./_common.sh
chmod a+rx _common.sh
fi
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
@ -39,20 +39,20 @@ db_pwd=$(ynh_app_setting_get $app mysqlpwd)
#=================================================
CHECK_SIZE "$final_path"
ynh_backup "$final_path" "${YNH_APP_BACKUP_DIR}$final_path"
ynh_backup "$final_path"
#=================================================
# BACKUP OF THE NGINX CONFIGURATION
#=================================================
ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" "${YNH_APP_BACKUP_DIR}/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# BACKUP OF THE PHP-FPM CONFIGURATION
#=================================================
ynh_backup "/etc/php5/fpm/pool.d/$app.conf" "${YNH_APP_BACKUP_DIR}/etc/php5/fpm/pool.d/$app.conf"
ynh_backup "/etc/php5/fpm/conf.d/20-$app.ini" "${YNH_APP_BACKUP_DIR}/etc/php5/fpm/conf.d/20-$app.ini"
ynh_backup "/etc/php5/fpm/pool.d/$app.conf"
ynh_backup "/etc/php5/fpm/conf.d/20-$app.ini"
#=================================================
# BACKUP OF THE SQL BDD
@ -60,4 +60,3 @@ ynh_backup "/etc/php5/fpm/conf.d/20-$app.ini" "${YNH_APP_BACKUP_DIR}/etc/php5/fp
ynh_mysql_dump_db "$db_name" > db.sql
CHECK_SIZE "db.sql"
# ynh_backup "db.sql" "${YNH_APP_BACKUP_DIR}/db.sql"

98
scripts/install
View file

@ -13,7 +13,8 @@ source /usr/share/yunohost/helpers
# MANAGE FAILURE OF THE SCRIPT
#=================================================
ynh_abort_if_errors # Active trap pour arrêter le script si une erreur est détectée.
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
@ -32,9 +33,16 @@ app=$YNH_APP_INSTANCE_NAME
# CHECK IF THE APP CAN BE INSTALLED WITH THIS ARGS
#=================================================
path_url=$(ynh_normalize_url_path $path_url) # Vérifie et corrige la syntaxe du path.
CHECK_DOMAINPATH # Vérifie la disponibilité du path et du domaine.
CHECK_FINALPATH # Vérifie que le dossier de destination n'est pas déjà utilisé.
final_path=/var/www/$app
test ! -e "$final_path" || ynh_die "This path already contains a folder"
# Normalize the url path syntax
path_url=$(ynh_normalize_url_path $path_url)
# Check web path availability
ynh_webpath_available $domain $path_url
# Register (book) web path
ynh_webpath_register $app $domain $path_url
if [ "$path_url" == "/" ] && [ $multisite -eq 1 ]; then
ynh_die "Multisite option of wordpress doesn't work at root of domain."
@ -72,25 +80,29 @@ ynh_mysql_setup_db $db_name $db_name
#=================================================
ynh_app_setting_set $app final_path $final_path
ynh_setup_source "$final_path" # Télécharge la source, décompresse et copie dans $final_path
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source "$final_path"
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_nginx_config
# Create a dedicated nginx config
ynh_add_nginx_config
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_system_user_create $app # Créer un utilisateur système dédié à l'app
# Create a system user
ynh_system_user_create $app
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_fpm_config # Créer le fichier de configuration du pool php-fpm et le configure.
# Create a dedicated php-fpm config
ynh_add_fpm_config
#=================================================
# SPECIFIC SETUP
@ -98,7 +110,7 @@ ynh_fpm_config # Créer le fichier de configuration du pool php-fpm et le config
# CONFIGURE WP-CONFIG
#=================================================
sudo cp ../conf/wp-config.php $final_path/wp-config.php
cp ../conf/wp-config.php $final_path/wp-config.php
# Change variables in Wordpress configuration
ynh_replace_string "__DB_USER__" "$db_name" $final_path/wp-config.php
ynh_replace_string "__DB_PWD__" "$db_pwd" $final_path/wp-config.php
@ -122,17 +134,17 @@ done
#=================================================
# Set right permissions for curl install
sudo chown -R $app: $final_path
chown -R $app: $final_path
# Rend la page d'install publique pour curl
ynh_app_setting_set $app unprotected_uris "/"
sudo yunohost app ssowatconf # Régénère la configuration de SSOwat
yunohost app ssowatconf # Régénère la configuration de SSOwat
# Reload Nginx
sudo systemctl reload nginx
systemctl reload nginx
# Wordpress installation
ynh_local_curl "/wp-admin/install.php?step=2" "&weblog_title=YunoBlog" "user_name=$admin_wordpress" "admin_password=$db_pwd" "admin_password2=$db_pwd" "admin_email=$admin_wordpress@$domain" "language=$language" "Submit=Install+WordPress"
ynh_local_curl "/wp-admin/install.php?step=2" "&weblog_title=YunoBlog" "user_name=$admin_wordpress" "admin_password=$db_pwd" "admin_password2=$db_pwd" "admin_email=$admin_wordpress@$domain" "Submit=Install+WordPress"
WARNING echo -n "Please wait during Wordpress installation"
for i in `seq 1 300`
@ -143,6 +155,18 @@ do # La boucle attend la fin de l'installation de wordpress Ou 5 minutes.
WARNING echo -n "."
sleep 1
done
WARNING echo ""
#=================================================
# INSTALL WORDPRESS' PLUGINS
#=================================================
wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O $final_path/wp-cli.phar
wpcli_alias="php $final_path/wp-cli.phar --allow-root --path=$final_path"
$wpcli_alias plugin install simple-ldap-login
$wpcli_alias plugin install http-authentication
$wpcli_alias plugin install companion-auto-update
#=================================================
# LOAD SQL CONFIG
@ -150,13 +174,18 @@ done
# Replace variables in sql scripts
ynh_replace_string "__DOMAIN_PATH__" "$domain$path_url" ../conf/sql/*.sql
ynh_replace_string "__LANGUAGE__" "$language" ../conf/sql/*.sql
ynh_replace_string "__DATE__" "$(date +%s)" ../conf/sql/*.sql
# Charge les commandes sql communes à tous les scripts.
# mysql --debug-check -u $db_user -p$db_pwd $db_user < ../conf/sql/common.sql
ynh_mysql_connect_as $db_name $db_pwd $db_name < ../conf/sql/common.sql
#=================================================
# SET LANGUAGE
#=================================================
$wpcli_alias core language install $language
$wpcli_alias core language activate $language
#=================================================
# CONFIGURE MULTISITE
#=================================================
@ -168,42 +197,30 @@ then
ynh_replace_string "//--MULTISITE1--define" "define " $final_path/wp-config.php
# Active le multisite via wp-cli.
sudo wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O $final_path/wp-cli.phar
ALL_QUIET php $final_path/wp-cli.phar core multisite-convert --allow-root --path=$final_path --base=$path_url/
ALL_QUIET $wpcli_alias core multisite-convert --base=$path_url/
# Active le multisite wordpress
ynh_replace_string "//--MULTISITE2--define" "define" $final_path/wp-config.php
# Charge les commandes sql pour activer les plugins
if [ $is_public -eq 0 ]
then
ynh_replace_string "#--PRIVATE--" "" ../conf/sql/multisite.sql
else
ynh_replace_string "#--PUBLIC--" "" ../conf/sql/multisite.sql
fi
ynh_mysql_connect_as $db_name $db_pwd $db_name < ../conf/sql/multisite.sql
else
if [ $is_public -eq 0 ]
then
ynh_replace_string "#--PRIVATE--" "" /etc/nginx/conf.d/$domain.d/$app.conf
ynh_replace_string "#--PRIVATE--" "" ../conf/sql/single.sql
else
ynh_replace_string "//--PUBLIC--define" "define" $final_path/wp-config.php
ynh_replace_string "#--PRIVATE--" "#" /etc/nginx/conf.d/$domain.d/$app.conf
ynh_replace_string "#--PUBLIC--" "" ../conf/sql/single.sql
fi
# Charge les commandes sql pour activer les plugins
ynh_mysql_connect_as $db_name $db_pwd $db_name < ../conf/sql/single.sql
fi
# Décommente les add_filter, qui auraient provoqué une erreur avec wp-cli
ynh_replace_string "//add_filter" "add_filter" $final_path/wp-config.php
#=================================================
# ACTIVATE WORDPRESS' PLUGINS
#=================================================
$wpcli_alias plugin activate simple-ldap-login
$wpcli_alias plugin activate http-authentication
$wpcli_alias plugin activate companion-auto-update
#=================================================
# STORE THE CHECKSUM OF THE CONFIG FILE
#=================================================
ynh_store_file_checksum "$final_path/wp-config.php" # Enregistre la somme de contrôle du fichier de config
# Calculate and store the config file checksum into the app settings
ynh_store_file_checksum "$final_path/wp-config.php"
#=================================================
# GENERIC FINALISATION
@ -212,9 +229,9 @@ ynh_store_file_checksum "$final_path/wp-config.php" # Enregistre la somme de con
#=================================================
# Les fichiers appartiennent à l'user wordpress, pour permettre les mises à jour.
sudo chown -R $app: $final_path
chown -R $app: $final_path
# Sauf le fichier de config wp-config.php qui appartient à root
sudo chown root: $final_path/wp-config.php
chown root: $final_path/wp-config.php
#=================================================
# SETUP SSOWAT
@ -230,11 +247,10 @@ fi
# RELOAD NGINX
#=================================================
sudo systemctl reload nginx
systemctl reload nginx
#=================================================
# REMOVE WP-CLI.PHAR
#=================================================
# wp-cli me semble un peu trop permissif... Il a terminé son travail...
ynh_secure_remove $final_path/wp-cli.phar

14
scripts/remove
View file

@ -24,31 +24,36 @@ db_name=$(ynh_app_setting_get $app db_name)
# REMOVE DEPENDENCIES
#=================================================
# Remove metapackage and its dependencies
ynh_remove_app_dependencies
#=================================================
# REMOVE THE SQL BDD
#=================================================
ynh_mysql_remove_db $db_name $db_name # Suppression de la base de donnée et de l'utilisateur associé.
# Remove a database if it exists, along with the associated user
ynh_mysql_remove_db $db_name $db_name
#=================================================
# REMOVE THE MAIN DIR OF THE APP
#=================================================
ynh_secure_remove "/var/www/$app" # Suppression du dossier de l'application
# Remove the app directory securely
ynh_secure_remove "/var/www/$app"
#=================================================
# REMOVE THE NGINX CONFIGURATION
#=================================================
ynh_remove_nginx_config # Suppression de la configuration nginx
# Remove the dedicated nginx config
ynh_remove_nginx_config
#=================================================
# REMOVE THE PHP-FPM CONFIGURATION
#=================================================
ynh_remove_fpm_config # Suppression de la configuration du pool php-fpm
# Remove the dedicated php-fpm config
ynh_remove_fpm_config
#=================================================
# GENERIC FINALISATION
@ -56,4 +61,5 @@ ynh_remove_fpm_config # Suppression de la configuration du pool php-fpm
# REMOVE DEDICATED USER
#=================================================
# Delete a system user
ynh_system_user_delete $app

30
scripts/restore
View file

@ -2,25 +2,25 @@
#=================================================
# GENERIC STARTING
#=================================================
# MANAGE FAILURE OF THE SCRIPT
#=================================================
# Exit on command errors and treat unset variables as an error
set -eu
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
if [ ! -e _common.sh ]; then
# Rapatrie le fichier de fonctions si il n'est pas dans le dossier courant
sudo cp ../settings/scripts/_common.sh ./_common.sh
sudo chmod a+rx _common.sh
# Get the _common.sh file if it's not in the current directory
cp ../settings/scripts/_common.sh ./_common.sh
chmod a+rx _common.sh
fi
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
@ -37,7 +37,7 @@ db_name=$(ynh_app_setting_get $app db_name)
# CHECK IF THE APP CAN BE RESTORED
#=================================================
sudo yunohost app checkurl "${domain}${path_url}" -a "$app" \
ynh_webpath_available $domain $path_url \
|| ynh_die "Path not available: ${domain}${path_url}"
test ! -d $final_path \
|| ynh_die "There is already a directory: $final_path "
@ -75,9 +75,9 @@ ynh_system_user_create $app # Recreate the dedicated user, if not exist
#=================================================
# Les fichiers appartiennent à l'user wordpress, pour permettre les mises à jour.
sudo chown -R $app: $final_path
chown -R $app: $final_path
# Sauf le fichier de config wp-config.php qui appartient à root
sudo chown root: $final_path/wp-config.php
chown root: $final_path/wp-config.php
#=================================================
# RESTORE OF THE PHP-FPM CONFIGURATION
@ -92,5 +92,5 @@ ynh_restore_file "/etc/php5/fpm/conf.d/20-$app.ini"
# RELOAD NGINX AND PHP-FPM
#=================================================
sudo systemctl reload php5-fpm
sudo systemctl reload nginx
systemctl reload php5-fpm
systemctl reload nginx

65
scripts/upgrade
View file

@ -14,6 +14,7 @@ source /usr/share/yunohost/helpers
#=================================================
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get $app domain)
path_url=$(ynh_app_setting_get $app path)
admin_wordpress=$(ynh_app_setting_get $app admin)
@ -24,7 +25,7 @@ final_path=$(ynh_app_setting_get $app final_path)
db_name=$(ynh_app_setting_get $app db_name)
#=================================================
# FIX OLD THINGS
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
if [ -z "$admin_wordpress" ]; then
@ -40,7 +41,7 @@ if [ -z "$final_path" ]; then
fi
if [ -z "$language" ]; then
language=$(sudo grep WPLANG $final_path/wp-config.php | cut -d"'" -f4)
language=$(grep WPLANG $final_path/wp-config.php | cut -d"'" -f4)
ynh_app_setting_set $app language $language
fi
@ -65,46 +66,61 @@ if [ -z $db_name ]; then # Si db_name n'est pas renseigné dans app setting
ynh_app_setting_set $app db_name $db_name
fi
if grep add_filter.*auto_update $final_path/wp-config.php; then # Si des add_filter demeurent dans le wp-config
sed --in-place '/add_filter.*auto_update/d' $final_path/wp-config.php
fi
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
BACKUP_BEFORE_UPGRADE # Backup the current version of the app
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
BACKUP_FAIL_UPGRADE # restore it if the upgrade fails
# restore it if the upgrade fails
ynh_restore_upgradebackup
}
ynh_abort_if_errors # Active trap pour arrêter le script si une erreur est détectée.
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# CHECK THE PATH
#=================================================
path_url=$(ynh_normalize_url_path $path_url) # Vérifie et corrige la syntaxe du path.
# Normalize the URL path syntax
path_url=$(ynh_normalize_url_path $path_url)
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_nginx_config
# Create a dedicated nginx config
ynh_add_nginx_config
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_system_user_create $app # Create the dedicated user, if not exist
# Create the dedicated user, if not exist
ynh_system_user_create $app
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_fpm_config # Créer le fichier de configuration du pool php-fpm et le configure.
# Create a dedicated php-fpm config
ynh_add_fpm_config
#=================================================
# SPECIFIC UPGRADE
#=================================================
# SAVE THE CONFIG FILE IF IT BEEN MODIFIED
#=================================================
ynh_backup_if_checksum_is_different "$final_path/wp-config.php" # Créé un backup du fichier de config si il a été modifié.
# Verify the checksum and backup the file if it's different
ynh_backup_if_checksum_is_different "$final_path/wp-config.php"
#=================================================
# CONFIGURE MULTISITE
@ -124,11 +140,26 @@ else
fi
ynh_app_setting_set $app multisite $multisite
#=================================================
# UPDATE WORDPRESS' PLUGINS
#=================================================
wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O $final_path/wp-cli.phar
wpcli_alias="php $final_path/wp-cli.phar --allow-root --path=$final_path"
update_plugin () {
( $wpcli_alias plugin is-installed $1 && $wpcli_alias plugin update $1 ) || $wpcli_alias plugin install $1
}
update_plugin simple-ldap-login
update_plugin http-authentication
update_plugin companion-auto-update
$wpcli_alias plugin activate companion-auto-update
#=================================================
# STORE THE CHECKSUM OF THE CONFIG FILE
#=================================================
ynh_store_file_checksum "$final_path/wp-config.php" # Réenregistre la somme de contrôle du fichier de config
# Recalculate and store the config file checksum into the app settings
ynh_store_file_checksum "$final_path/wp-config.php"
#=================================================
# GENERIC FINALISATION
@ -137,9 +168,9 @@ ynh_store_file_checksum "$final_path/wp-config.php" # Réenregistre la somme de
#=================================================
# Les fichiers appartiennent à l'user wordpress, pour permettre les mises à jour.
sudo chown -R $app: $final_path
chown -R $app: $final_path
# Sauf le fichier de config wp-config.php qui appartient à root
sudo chown root: $final_path/wp-config.php
chown root: $final_path/wp-config.php
#=================================================
# SETUP SSOWAT
@ -156,4 +187,10 @@ fi
# RELOAD NGINX
#=================================================
sudo systemctl reload nginx
systemctl reload nginx
#=================================================
# REMOVE WP-CLI.PHAR
#=================================================
ynh_secure_remove $final_path/wp-cli.phar

278
sources/extra_files/wp-content/plugins/http-authentication/http-authentication.php
View file

@ -1,278 +0,0 @@
<?php
/*
Plugin Name: HTTP Authentication
Version: 4.5
Plugin URI: http://danieltwc.com/2011/http-authentication-4-0/
Description: Authenticate users using basic HTTP authentication (<code>REMOTE_USER</code>). This plugin assumes users are externally authenticated, as with <a href="http://www.gatorlink.ufl.edu/">GatorLink</a>.
Author: Daniel Westermann-Clark
Author URI: http://danieltwc.com/
*/
require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'options-page.php');
class HTTPAuthenticationPlugin {
var $db_version = 2;
var $option_name = 'http_authentication_options';
var $options;
function HTTPAuthenticationPlugin() {
$this->options = get_option($this->option_name);
if (is_admin()) {
$options_page = new HTTPAuthenticationOptionsPage($this, $this->option_name, __FILE__, $this->options);
add_action('admin_init', array($this, 'check_options'));
}
add_action('login_head', array($this, 'add_login_css'));
add_action('login_footer', array($this, 'add_login_link'));
add_action('check_passwords', array($this, 'generate_password'), 10, 3);
add_action('wp_logout', array($this, 'logout'));
add_filter('login_url', array($this, 'bypass_reauth'));
add_filter('show_password_fields', array($this, 'allow_wp_auth'));
add_filter('allow_password_reset', array($this, 'allow_wp_auth'));
add_filter('authenticate', array($this, 'authenticate'), 10, 3);
}
/*
* Check the options currently in the database and upgrade if necessary.
*/
function check_options() {
if ($this->options === false || ! isset($this->options['db_version']) || $this->options['db_version'] < $this->db_version) {
if (! is_array($this->options)) {
$this->options = array();
}
$current_db_version = isset($this->options['db_version']) ? $this->options['db_version'] : 0;
$this->upgrade($current_db_version);
$this->options['db_version'] = $this->db_version;
update_option($this->option_name, $this->options);
}
}
/*
* Upgrade options as needed depending on the current database version.
*/
function upgrade($current_db_version) {
$default_options = array(
'allow_wp_auth' => false,
'auth_label' => 'HTTP authentication',
'login_uri' => htmlspecialchars_decode(wp_login_url()),
'logout_uri' => remove_query_arg('_wpnonce', htmlspecialchars_decode(wp_logout_url())),
'additional_server_keys' => '',
'auto_create_user' => false,
'auto_create_email_domain' => '',
);
if ($current_db_version < 1) {
foreach ($default_options as $key => $value) {
// Handle migrating existing options from before we stored a db_version
if (! isset($this->options[$key])) {
$this->options[$key] = $value;
}
}
}
}
function add_login_css() {
?>
<style type="text/css">
p#http-authentication-link {
width: 100%;
height: 4em;
text-align: center;
margin-top: 2em;
}
p#http-authentication-link a {
margin: 0 auto;
float: none;
}
</style>
<?php
}
/*
* Add a link to the login form to initiate external authentication.
*/
function add_login_link() {
global $redirect_to;
$login_uri = $this->_generate_uri($this->options['login_uri'], wp_login_url($redirect_to));
$auth_label = $this->options['auth_label'];
echo "\t" . '<p id="http-authentication-link"><a class="button-primary" href="' . htmlspecialchars($login_uri) . '">Log In with ' . htmlspecialchars($auth_label) . '</a></p>' . "\n";
}
/*
* Generate a password for the user. This plugin does not require the
* administrator to enter this value, but we need to set it so that user
* creation and editing works.
*/
function generate_password($username, $password1, $password2) {
if (! $this->allow_wp_auth()) {
$password1 = $password2 = wp_generate_password();
}
}
/*
* Logout the user by redirecting them to the logout URI.
*/
function logout() {
$logout_uri = $this->_generate_uri($this->options['logout_uri'], home_url());
wp_redirect($logout_uri);
exit();
}
/*
* Remove the reauth=1 parameter from the login URL, if applicable. This allows
* us to transparently bypass the mucking about with cookies that happens in
* wp-login.php immediately after wp_signon when a user e.g. navigates directly
* to wp-admin.
*/
function bypass_reauth($login_url) {
$login_url = remove_query_arg('reauth', $login_url);
return $login_url;
}
/*
* Can we fallback to built-in WordPress authentication?
*/
function allow_wp_auth() {
return (bool) $this->options['allow_wp_auth'];
}
/*
* Authenticate the user, first using the external authentication source.
* If allowed, fall back to WordPress password authentication.
*/
function authenticate($user, $username, $password) {
$user = $this->check_remote_user();
if (! is_wp_error($user)) {
// User was authenticated via REMOTE_USER
$user = new WP_User($user->ID);
}
else {
// REMOTE_USER is invalid; now what?
if (! $this->allow_wp_auth()) {
// Bail with the WP_Error when not falling back to WordPress authentication
wp_die($user);
}
// Fallback to built-in hooks (see wp-includes/user.php)
}
return $user;
}
/*
* If the REMOTE_USER or REDIRECT_REMOTE_USER evironment variable is set, use it
* as the username. This assumes that you have externally authenticated the user.
*/
function check_remote_user() {
$username = '';
$server_keys = $this->_get_server_keys();
foreach ($server_keys as $server_key) {
if (! empty($_SERVER[$server_key])) {
$username = $_SERVER[$server_key];
}
}
if (! $username) {
return new WP_Error('empty_username', '<strong>ERROR</strong>: No user found in server variables.');
}
// Create new users automatically, if configured
$user = get_user_by('login', $username);
if (! $user) {
if ((bool) $this->options['auto_create_user']) {
$user = $this->_create_user($username);
}
else {
// Bail out to avoid showing the login form
$user = new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Invalid username or incorrect password.'));
}
}
return $user;
}
/*
* Return the list of $_SERVER keys that we will check for a username. By
* default, these are REMOTE_USER and REDIRECT_REMOTE_USER. Additional keys
* can be configured from the options page.
*/
function _get_server_keys() {
$server_keys = array('REMOTE_USER', 'REDIRECT_REMOTE_USER');
$additional_server_keys = $this->options['additional_server_keys'];
if (! empty($additional_server_keys)) {
$keys = preg_split('/,\s*/', $additional_server_keys);
$server_keys = array_merge($server_keys, $keys);
}
return $server_keys;
}
/*
* Create a new WordPress account for the specified username.
*/
function _create_user($username) {
$password = wp_generate_password();
$email_domain = $this->options['auto_create_email_domain'];
$user_id = wp_create_user($username, $password, $username . ($email_domain ? '@' . $email_domain : ''));
$user = get_user_by('id', $user_id);
return $user;
}
/*
* Fill the specified URI with the site URI and the specified return location.
*/
function _generate_uri($uri, $redirect_to) {
// Support tags for staged deployments
$base = $this->_get_base_url();
$tags = array(
'host' => $_SERVER['HTTP_HOST'],
'base' => $base,
'site' => home_url(),
'redirect' => $redirect_to,
);
foreach ($tags as $tag => $value) {
$uri = str_replace('%' . $tag . '%', $value, $uri);
$uri = str_replace('%' . $tag . '_encoded%', urlencode($value), $uri);
}
// Support previous versions with only the %s tag
if (strstr($uri, '%s') !== false) {
$uri = sprintf($uri, urlencode($redirect_to));
}
return $uri;
}
/*
* Return the base domain URL based on the WordPress home URL.
*/
function _get_base_url() {
$home = parse_url(home_url());
$base = home_url();
foreach (array('path', 'query', 'fragment') as $key) {
if (! isset($home[$key])) continue;
$base = str_replace($home[$key], '', $base);
}
return $base;
}
}
// Load the plugin hooks, etc.
$http_authentication_plugin = new HTTPAuthenticationPlugin();
?>

195
sources/extra_files/wp-content/plugins/http-authentication/options-page.php
View file

@ -1,195 +0,0 @@
<?php
class HTTPAuthenticationOptionsPage {
var $plugin;
var $group;
var $page;
var $options;
var $title;
function HTTPAuthenticationOptionsPage($plugin, $group, $page, $options, $title = 'HTTP Authentication') {
$this->plugin = $plugin;
$this->group = $group;
$this->page = $page;
$this->options = $options;
$this->title = $title;
add_action('admin_init', array($this, 'register_options'));
add_action('admin_menu', array($this, 'add_options_page'));
}
/*
* Register the options for this plugin so they can be displayed and updated below.
*/
function register_options() {
register_setting($this->group, $this->group, array($this, 'sanitize_settings'));
$section = 'http_authentication_main';
add_settings_section($section, 'Main Options', array($this, '_display_options_section'), $this->page);
add_settings_field('http_authentication_allow_wp_auth', 'Allow WordPress authentication?', array($this, '_display_option_allow_wp_auth'), $this->page, $section, array('label_for' => 'http_authentication_allow_wp_auth'));
add_settings_field('http_authentication_auth_label', 'Authentication label', array($this, '_display_option_auth_label'), $this->page, $section, array('label_for' => 'http_authentication_auth_label'));
add_settings_field('http_authentication_login_uri', 'Login URI', array($this, '_display_option_login_uri'), $this->page, $section, array('label_for' => 'http_authentication_login_uri'));
add_settings_field('http_authentication_logout_uri', 'Logout URI', array($this, '_display_option_logout_uri'), $this->page, $section, array('label_for' => 'http_authentication_logout_uri'));
add_settings_field('http_authentication_additional_server_keys', '$_SERVER variables', array($this, '_display_option_additional_server_keys'), $this->page, $section, array('label_for' => 'http_authentication_additional_server_keys'));
add_settings_field('http_authentication_auto_create_user', 'Automatically create accounts?', array($this, '_display_option_auto_create_user'), $this->page, $section, array('label_for' => 'http_authentication_auto_create_user'));
add_settings_field('http_authentication_auto_create_email_domain', 'Email address domain', array($this, '_display_option_auto_create_email_domain'), $this->page, $section, array('label_for' => 'http_authentication_auto_create_email_domain'));
}
/*
* Set the database version on saving the options.
*/
function sanitize_settings($input) {
$output = $input;
$output['db_version'] = $this->plugin->db_version;
$output['allow_wp_auth'] = isset($input['allow_wp_auth']) ? (bool) $input['allow_wp_auth'] : false;
$output['auto_create_user'] = isset($input['auto_create_user']) ? (bool) $input['auto_create_user'] : false;
return $output;
}
/*
* Add an options page for this plugin.
*/
function add_options_page() {
add_options_page($this->title, $this->title, 'manage_options', $this->page, array($this, '_display_options_page'));
}
/*
* Display the options for this plugin.
*/
function _display_options_page() {
if (! current_user_can('manage_options')) {
wp_die(__('You do not have sufficient permissions to access this page.'));
}
?>
<div class="wrap">
<h2>HTTP Authentication Options</h2>
<p>For the Login URI and Logout URI options, you can use the following variables to support your installation:</p>
<ul>
<li><code>%host%</code> - The current value of <code>$_SERVER['HTTP_HOST']</code></li>
<li><code>%base%</code> - The base domain URL (everything before the path)</li>
<li><code>%site%</code> - The WordPress home URI</li>
<li><code>%redirect%</code> - The return URI provided by WordPress</li>
</ul>
<p>You can also use <code>%host_encoded%</code>, <code>%site_encoded%</code>, and <code>%redirect_encoded%</code> for URL-encoded values.</p>
<form action="options.php" method="post">
<?php settings_errors(); ?>
<?php settings_fields($this->group); ?>
<?php do_settings_sections($this->page); ?>
<p class="submit">
<input type="submit" name="Submit" value="<?php esc_attr_e('Save Changes'); ?>" class="button-primary" />
</p>
</form>
</div>
<?php
}
/*
* Display explanatory text for the main options section.
*/
function _display_options_section() {
}
/*
* Display the WordPress authentication checkbox.
*/
function _display_option_allow_wp_auth() {
$allow_wp_auth = $this->options['allow_wp_auth'];
$this->_display_checkbox_field('allow_wp_auth', $allow_wp_auth);
?>
Should the plugin fallback to WordPress authentication if none is found from the server?
<?php
if ($allow_wp_auth && $this->options['login_uri'] == htmlspecialchars_decode(wp_login_url())) {
echo '<br /><strong>WARNING</strong>: You must set the login URI below to your external authentication system. Otherwise you will not be able to login!';
}
}
/*
* Display the authentication label field, describing the authentication system
* in use.
*/
function _display_option_auth_label() {
$auth_label = $this->options['auth_label'];
$this->_display_input_text_field('auth_label', $auth_label);
?>
Default is <code>HTTP authentication</code>; override to use the name of your single sign-on system.
<?php
}
/*
* Display the login URI field.
*/
function _display_option_login_uri() {
$login_uri = $this->options['login_uri'];
$this->_display_input_text_field('login_uri', $login_uri);
?>
Default is <code><?php echo wp_login_url(); ?></code>; override to direct users to a single sign-on system. See above for available variables.<br />
Example: <code>%base%/Shibboleth.sso/Login?target=%redirect_encoded%</code>
<?php
}
/*
* Display the logout URI field.
*/
function _display_option_logout_uri() {
$logout_uri = $this->options['logout_uri'];
$this->_display_input_text_field('logout_uri', $logout_uri);
?>
Default is <code><?php echo htmlspecialchars(remove_query_arg('_wpnonce', htmlspecialchars_decode(wp_logout_url()))); ?></code>; override to e.g. remove a cookie. See above for available variables.<br />
Example: <code>%base%/Shibboleth.sso/Logout?return=%redirect_encoded%</code>
<?php
}
/*
* Display the additional $_SERVER keys field.
*/
function _display_option_additional_server_keys() {
$additional_server_keys = $this->options['additional_server_keys'];
$this->_display_input_text_field('additional_server_keys', $additional_server_keys);
?>
<code>$_SERVER</code> variables in addition to <code>REMOTE_USER</code> and <code>REDIRECT_REMOTE_USER</code> to check for the username value, separated by a comma. Use this to e.g. support personal X.509 certificates for authentication.<br />
Example: <code>SSL_CLIENT_S_DN_CN</code>
<?php
}
/*
* Display the automatically create accounts checkbox.
*/
function _display_option_auto_create_user() {
$auto_create_user = $this->options['auto_create_user'];
$this->_display_checkbox_field('auto_create_user', $auto_create_user);
?>
Should a new user be created automatically if not already in the WordPress database?<br />
Created users will obtain the role defined under &quot;New User Default Role&quot; on the <a href="options-general.php">General Options</a> page.
<?php
}
/*
* Display the email domain field.
*/
function _display_option_auto_create_email_domain() {
$auto_create_email_domain = $this->options['auto_create_email_domain'];
$this->_display_input_text_field('auto_create_email_domain', $auto_create_email_domain);
?>
When a new user logs in, this domain is used for the initial email address on their account. The user can change his or her email address by editing their profile.
<?php
}
/*
* Display a text input field.
*/
function _display_input_text_field($name, $value, $size = 75) {
?>
<input type="text" name="<?php echo htmlspecialchars($this->group); ?>[<?php echo htmlspecialchars($name); ?>]" id="http_authentication_<?php echo htmlspecialchars($name); ?>" value="<?php echo htmlspecialchars($value) ?>" size="<?php echo htmlspecialchars($size); ?>" /><br />
<?php
}
/*
* Display a checkbox field.
*/
function _display_checkbox_field($name, $value) {
?>
<input type="checkbox" name="<?php echo htmlspecialchars($this->group); ?>[<?php echo htmlspecialchars($name); ?>]" id="http_authentication_<?php echo htmlspecialchars($name); ?>"<?php if ($value) echo ' checked="checked"' ?> value="1" /><br />
<?php
}
}
?>

202
sources/extra_files/wp-content/plugins/http-authentication/readme.txt
View file

@ -1,202 +0,0 @@
=== HTTP Authentication ===
Contributors: dwc
Tags: authentication
Requires at least: 3.1
Tested up to: 3.4
Stable tag: 4.5
Use an external authentication source in WordPress.
== Description ==
The HTTP Authentication plugin allows you to use existing means of authenticating people to WordPress. This includes Apache's basic HTTP authentication module, [Shibboleth](http://shibboleth.internet2.edu/), and many others.
To follow updates to this plugin, visit:
http://danieltwc.com/
For help with this version, visit:
http://danieltwc.com/2011/http-authentication-4-0/
== Installation ==
1. Login as an existing user, such as admin.
2. Upload the `http-authentication` folder to your plugins folder, usually `wp-content/plugins`. (Or simply via the built-in installer.)
3. Activate the plugin on the Plugins screen.
4. Add one or more users to WordPress, specifying the external username for the "Username" field. Also be sure to set the role for each user.
5. Logout.
6. Protect `wp-login.php` and `wp-admin` using your external authentication (using, for example, `.htaccess` files).
7. Try logging in as one of the users added in step 4.
Note: This version works with WordPress 3.0 and above. Use the following for older versions of WordPress:
* Wordpress 2.0: [Version 1.8](http://downloads.wordpress.org/plugin/http-authentication.1.8.zip)
* Wordpress 2.5 through 2.9.x: [Version 2.4](http://downloads.wordpress.org/plugin/http-authentication.2.4.zip)
== Frequently Asked Questions ==
= What authentication mechanisms can I use? =
Any authentication mechanism which sets the `REMOTE_USER` (or `REDIRECT_REMOTE_USER`, in the case of ScriptAlias'd PHP-as-CGI) environment variable can be used in conjunction with this plugin. Examples include Apache's `mod_auth` and `mod_auth_ldap`.
= How should I set up external authentication? =
This depends on your hosting environment and your means of authentication.
Many Apache installations allow configuration of authentication via `.htaccess` files, while some do not. Try adding the following to your blog's top-level `.htaccess` file:
`<Files wp-login.php>
AuthName "WordPress"
AuthType Basic
AuthUserFile /path/to/passwords
Require user dwc
</Files>`
(You may also want to protect your `xmlrpc.php` file, which uses separate authentication code.)
Then, create another `.htaccess` file in your `wp-admin` directory with the following contents:
`AuthName "WordPress"
AuthType Basic
AuthUserFile /path/to/passwords
Require user dwc`
In both files, be sure to set `/path/to/passwords` to the location of your password file. For more information on creating this file, see below.
= Where can I find more information on configuring Apache authentication? =
See Apache's HOWTO: [Authentication, Authorization, and Access Control](http://httpd.apache.org/docs/howto/auth.html).
= How does this plugin authenticate users? =
This plugin doesn't actually authenticate users. It simply feeds WordPress the name of a user who has successfully authenticated through Apache.
To determine the username, this plugin uses the `REMOTE_USER` or the `REDIRECT_REMOTE_USER` environment variable, which is set by many Apache authentication modules. If someone can find a way to spoof this value, this plugin is not guaranteed to be secure.
By default, this plugin generates a random password each time you create a user or edit an existing user's profile. However, since this plugin requires an external authentication mechanism, this password is not requested by WordPress. Generating a random password helps protect accounts, preventing one authorized user from pretending to be another.
= If I disable this plugin, how will I login? =
Because this plugin generates a random password when you create a new user or edit an existing user's profile, you will most likely have to reset each user's password if you disable this plugin. WordPress provides a link for requesting a new password on the login screen.
Also, you should leave the `admin` user as a fallback, i.e. create a new account to use with this plugin. As long as you don't edit the `admin` profile, WordPress will store the password set when you installed WordPress.
In the worst case scenario, you may have to use phpMyAdmin or the MySQL command line to [reset a user's password](http://codex.wordpress.org/Resetting_Your_Password).
= Can I configure the plugin to support standard WordPress logins? =
Yes. You can authenticate some users via an external, single sign-on system and other users via the built-in username and password combination. (Note: When mixed authentication is in use, this plugin does not scramble passwords as described above.)
When you configure your external authentication system, make sure that you allow users in even if they have not authenticated externally. Using [Shibboleth](http://shibboleth.internet2.edu/) as an example:
`AuthName "Shibboleth"
AuthType Shibboleth
Require Shibboleth`
This enables Shibboleth authentication in ["passive" mode](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPProtectContent).
Then, in WordPress:
1. Set the plugin to allow WordPress authentication.
2. Configure the login URI to match your Shibboleth system. For example, if your blog is hosted at `http://example.com/`, then your login URI should be `http://example.com/Shibboleth.sso/Login?target=%redirect_encoded%`.
3. Configure the logout URI to match your Shibboleth system. Following the above example, your logout URI would be `http://example.com/Shibboleth.sso/Logout?return=%redirect_encoded%`.
After saving the options, authentication will work as follows:
* If a user is already authenticated via Shibboleth, and he or she exists in the WordPress database, this plugin will log them in automatically.
* If a user is not authenticated via Shibboleth, the plugin will present the standard WordPress login form with an additional link to login via Shibboleth.
Other authentication systems (particularly those without a login or logout URI) will need to be configured differently.
= Does this plugin support multisite (WordPress MU) setups? =
Yes, you can enable this plugin across a network or on individual sites. However, options will need to be set on individual sites.
If you have suggestions on how to improve network support, please submit a comment.
= How do you handle staged deployments (dev, test, prod) with the plugin? =
If you have a WordPress site with multiple environments (e.g. `dev.example.com`, `test.example.com`, and `example.com`) you can use additional variables in the login and logout URIs:
* `%host%` - The current value of `$_SERVER['HTTP_HOST']`
* `%base%` - The base domain URL (everything before the path)
* `%site%` - The WordPress home URI
* `%redirect%` - The return URI provided by WordPress
You can also use `%host_encoded%`, `%site_encoded%`, and `%redirect_encoded%` for URL-encoded values.
For example, your login URI could be:
`https://%host%/Shibboleth.sso/Login?target=%redirect_encoded%`
This would be modified for each environment as appropriate.
== Screenshots ==
1. Plugin options, allowing WordPress authentication
2. WordPress login form with external authentication link
== Changelog ==
= 4.5 =
* Avoid some PHP notices due to saving options (William Schneider)
* Fix for redirect loop on some multisite setups (#1497)
* Add option to support additional $_SERVER variables in authentication (#1477)
* Remove use of call-time pass by reference to avoid warnings on PHP 5.3 and newer
* Fix deprecation notice in WordPress 3.3 on `get_userdatabylogin` (#1513)
* Fix deprecation notice in WordPress 3.1 and later for including wp-includes/registration.php
* Associate options page label tags with their input fields (#1514)
= 4.4 =
* Update CSS to correctly center login button on WordPress 3.3
= 4.3 =
* Update plugin URIs
= 4.2 =
* Declare support for WordPress 3.2.1
* Extend variable replacement for staged deployments
* Wrap redirect parameter on login to force us through `wp-login.php` so we can check the external authentication (thanks to Josh Larios)
= 4.1 =
* Declare support for WordPress 3.2
* Update screenshots for WordPress 3.2
= 4.0 =
* Restore (and improve) support for falling back to WordPress password authentication
* Remove migration of old options format (we'll assume enough people have upgraded)
= 3.3 =
* Update options handling to better support WordPress MU
= 3.2 =
* Restore password generation for adding and editing users
= 3.1 =
* Bump version number to make 3.0.1 the latest version on wordpress.org
= 3.0.1 =
* Handle authentication cookies more gracefully
= 3.0 =
* Add support for WordPress 3.0
* Update WordPress MU support for WordPress 3.0
= 2.4 =
* Add support for WordPress MU (Elliot Kendall)
* Allow for mixed HTTP and built-in authentication by falling back to wp-login.php (Elliot Kendall)
== Upgrade Notice ==
= 4.5 =
Avoid some PHP errors and warnings; add support for choosing $_SERVER variables
= 4.4 =
Minor CSS fix for WordPress 3.3
= 4.3 =
No code changes; updating plugin URIs
= 4.2 =
Extends support for variable replacement
= 4.1 =
Minor update for WordPress 3.2

BIN
sources/extra_files/wp-content/plugins/http-authentication/screenshot-1.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 196 KiB

BIN
sources/extra_files/wp-content/plugins/http-authentication/screenshot-2.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 70 KiB

238
sources/extra_files/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login-Admin.php
View file

@ -1,238 +0,0 @@
<?php
global $SimpleLDAPLogin;
if( isset( $_GET[ 'tab' ] ) ) {
$active_tab = $_GET[ 'tab' ];
} else {
$active_tab = 'simple';
}
?>
<div class="wrap">
<div id="icon-themes" class="icon32"></div>
<h2>Simple LDAP Login Settings</h2>
<h2 class="nav-tab-wrapper">
<a href="<?php echo add_query_arg( array('tab' => 'simple'), $_SERVER['REQUEST_URI'] ); ?>" class="nav-tab <?php echo $active_tab == 'simple' ? 'nav-tab-active' : ''; ?>">Simple</a>
<a href="<?php echo add_query_arg( array('tab' => 'advanced'), $_SERVER['REQUEST_URI'] ); ?>" class="nav-tab <?php echo $active_tab == 'advanced' ? 'nav-tab-active' : ''; ?>">Advanced</a>
<a href="<?php echo add_query_arg( array('tab' => 'user'), $_SERVER['REQUEST_URI'] ); ?>" class="nav-tab <?php echo $active_tab == 'user' ? 'nav-tab-active' : ''; ?>">User</a>
<a href="<?php echo add_query_arg( array('tab' => 'help'), $_SERVER['REQUEST_URI'] ); ?>" class="nav-tab <?php echo $active_tab == 'help' ? 'nav-tab-active' : ''; ?>">Help</a>
</h2>
<form method="post" action="<?php echo str_replace( '%7E', '~', $_SERVER['REQUEST_URI']); ?>">
<?php wp_nonce_field( 'save_sll_settings','save_the_sll' ); ?>
<?php if( $active_tab == "simple" ): ?>
<h3>Required</h3>
<p>These are the most basic settings you must configure. Without these, you won't be able to use Simple LDAP Login.</p>
<table class="form-table">
<tbody>
<tr>
<th scope="row" valign="top">Enable LDAP Authentication</th>
<td>
<input type="hidden" name="<?php echo $this->get_field_name('enabled'); ?>" value="false" />
<label><input type="checkbox" name="<?php echo $this->get_field_name('enabled'); ?>" value="true" <?php if( str_true($this->get_setting('enabled')) ) echo "checked"; ?> /> Enable LDAP login authentication for WordPress. (this one is kind of important)</label><br/>
</td>
<tr>
<tr>
<th scope="row" valign="top">Account Suffix</th>
<td>
<input type="text" name="<?php echo $this->get_field_name('account_suffix'); ?>" value="<?php echo $SimpleLDAPLogin->get_setting('account_suffix'); ?>" /><br/>
Often the suffix of your e-mail address. Example: @gmail.com
</td>
</tr>
<tr>
<th scope="row" valign="top">Base DN</th>
<td>
<input type="text" name="<?php echo $this->get_field_name('base_dn'); ?>" value="<?php echo $SimpleLDAPLogin->get_setting('base_dn'); ?>" />
<br/>
Example: For subdomain.domain.suffix, use DC=subdomain,DC=domain,DC=suffix. In most cases you should not specify an ou here.
</td>
</tr>
<tr>
<th scope="row" valign="top">Domain Controller(s)</th>
<td>
<input type="text" name="<?php echo $this->get_field_name('domain_controllers', 'array'); ?>" value="<?php echo join(';', (array)$SimpleLDAPLogin->get_setting('domain_controllers')); ?>" />
<br/>Separate with semi-colons.
</td>
</tr>
<tr>
<th scope="row" valign="top">LDAP Directory</th>
<td>
<label><input type="radio" name="<?php echo $this->get_field_name('directory'); ?>" value="ad" <?php if( $this->get_setting('directory') == "ad" ) echo "checked"; ?> /> Active Directory</label><br/>
<label><input type="radio" name="<?php echo $this->get_field_name('directory'); ?>" value="ol" <?php if( $this->get_setting('directory') == "ol" ) echo "checked"; ?> /> Open LDAP (and etc)</label>
</td>
</tr>
</tbody>
</table>
<p><input class="button-primary" type="submit" value="Save Settings" /></p>
<?php elseif ( $active_tab == "advanced" ): ?>
<h3>Typical</h3>
<p>These settings give you finer control over how logins work.</p>
<table class="form-table" style="margin-bottom: 20px;">
<tbody>
<tr>
<th scope="row" valign="top">Required Groups</th>
<td>
<input type="text" name="<?php echo $this->get_field_name('groups', 'array'); ?>" value="<?php echo join(';', (array)$SimpleLDAPLogin->get_setting('groups')); ?>" /><br/>
The groups, if any, that authenticating LDAP users must belong to. <br/>
Empty means no group required. Separate with semi-colons.
</td>
</tr>
<tr>
<th scope="row" valign="top">LDAP Exclusive</th>
<td>
<input type="hidden" name="<?php echo $this->get_field_name('high_security'); ?>" value="false" />
<label><input type="checkbox" name="<?php echo $this->get_field_name('high_security'); ?>" value="true" <?php if( str_true($this->get_setting('high_security')) ) echo "checked"; ?> /> Force all logins to authenticate against LDAP. Do NOT fallback to default authentication for existing users.<br/>Formerly known as high security mode.</label><br/>
</td>
</tr>
<tr>
<th scope="row" valign="top">User Creations</th>
<td>
<input type="hidden" name="<?php echo $this->get_field_name('create_users'); ?>" value="false" />
<label><input type="checkbox" name="<?php echo $this->get_field_name('create_users'); ?>" value="true" <?php if( str_true($this->get_setting('create_users')) ) echo "checked"; ?> /> Create WordPress user for authenticated LDAP login with appropriate roles.</label><br/>
</td>
<tr>
<th scope="row" valign="top">New User Role</th>
<td>
<select name="<?php echo $this->get_field_name('role'); ?>">
<?php wp_dropdown_roles( strtolower($this->get_setting('role')) ); ?>
</select>
</td>
</tr>
</tbody>
</table>
<hr />
<h3>Extraordinary</h3>
<p>Most users should leave these alone.</p>
<table class="form-table">
<tbody>
<tr>
<th scope="row" valign="top">Group Base DN (optional)</th>
<td>
<input type="text" name="<?php echo $this->get_field_name('group_base_dn'); ?>" value="<?php echo $SimpleLDAPLogin->get_setting('group_base_dn'); ?>" />
<br/>
If you need to specify a different Base DN for group searches. Example: For subdomain.domain.suffix, use ou=groups,DC=subdomain,DC=domain,DC=suffix.
</td>
</tr>
<tr>
<th scope="row" valign="top">LDAP Login Attribute</th>
<td>
<input type="text" name="<?php echo $this->get_field_name('ol_login'); ?>" value="<?php echo $SimpleLDAPLogin->get_setting('ol_login'); ?>" />
<br />
Default: <b>uid</b>;
</td>
</tr>
<tr>
<th scope="row" valign="top">LDAP Group Attribute</th>
<td>
<input type="text" name="<?php echo $this->get_field_name('ol_group'); ?>" value="<?php echo $SimpleLDAPLogin->get_setting('ol_group'); ?>" />
<br />
In case your installation uses something other than <b>cn</b>;
</td>
</tr>
<tr>
<th scope="row" valign="top">Use TLS</th>
<td>
<input type="hidden" name="<?php echo $this->get_field_name('use_tls'); ?>" value="false" />
<label><input type="checkbox" name="<?php echo $this->get_field_name('use_tls'); ?>" value="true" <?php if( str_true($this->get_setting('use_tls')) ) echo "checked"; ?> /> Transport Layer Security. This feature is beta, very beta.</label><br/>
</td>
</tr>
<tr>
<th scope="row" valign="top">LDAP Port</th>
<td>
<input type="text" name="<?php echo $this->get_field_name('ldap_port'); ?>" value="<?php echo $SimpleLDAPLogin->get_setting('ldap_port'); ?>" /><br/>
This is usually 389.
</td>
</tr>
<tr>
<th scope="row" valign="top">LDAP Version</th>
<td>
<input type="text" name="<?php echo $this->get_field_name('ldap_version'); ?>" value="<?php echo $SimpleLDAPLogin->get_setting('ldap_version'); ?>" /><br/>
Only applies to Open LDAP. Typically 3.
</td>
</tr>
<tr>
<th scope="row" valign="top">Search Sub OUs</th>
<td>
<input type="hidden" name="<?php echo $this->get_field_name('search_sub_ous'); ?>" value="false" />
<label><input type="checkbox" name="<?php echo $this->get_field_name('search_sub_ous'); ?>" value="true" <?php if( str_true($this->get_setting('search_sub_ous')) ) echo "checked"; ?> /> Also search sub-OUs of Base DN. For example, if the base DN is "ou=People,dc=example,dc=com", also search "ou=Staff,ou=People,dc=example,dc=com for uid=<i>username</i></label><br/>
</td>
</tr>
<tr>
<th scope="row" valign="top">Login Domain</th>
<td>
<input type="text" name="<?php echo $this->get_field_name('login_domain'); ?>" value="<?php echo $SimpleLDAPLogin->get_setting('login_domain'); ?>" /><br/>
prefixes login names with this domain, f.i. mydomain\username
</td>
</tr>
</tbody>
</table>
<p><input class="button-primary" type="submit" value="Save Settings" /></p>
<?php elseif ( $active_tab == "user" ): ?>
<h3>User Data</h3>
<p>These settings give you control over which LDAP attributes are used for user creation.</p>
<table class="form-table" style="margin-bottom: 20px;">
<tbody>
<tr>
<th scope="row" valign="top">First name</th>
<td>
<input type="text" name="<?php echo $this->get_field_name('user_first_name_attribute'); ?>" value="<?php echo $SimpleLDAPLogin->get_setting('user_first_name_attribute'); ?>" />
<br/>
The LDAP attribute for the first name.
</td>
</tr>
<tr>
<th scope="row" valign="top">Last name</th>
<td>
<input type="text" name="<?php echo $this->get_field_name('user_last_name_attribute'); ?>" value="<?php echo $SimpleLDAPLogin->get_setting('user_last_name_attribute'); ?>" />
<br/>
The LDAP attribute for the last name.
</td>
</tr>
<tr>
<th scope="row" valign="top">Email</th>
<td>
<input type="text" name="<?php echo $this->get_field_name('user_email_attribute'); ?>" value="<?php echo $SimpleLDAPLogin->get_setting('user_email_attribute'); ?>" />
<br/>
The LDAP attribute for the email.
</td>
</tr>
<tr>
<th scope="row" valign="top">Website</th>
<td>
<input type="text" name="<?php echo $this->get_field_name('user_url_attribute'); ?>" value="<?php echo $SimpleLDAPLogin->get_setting('user_url_attribute'); ?>" />
<br/>
The LDAP attribute for the website.
</td>
</tr>
</tbody>
</table>
<hr />
<h3>Additional user data</h3>
<p>Additional user data can be stored as user meta data. You can specify the LDAP
attributes and the associated wordpress meta keys in the format <i>&lt;ldap_attribute_name&gt;:&lt;wordpress_meta_key&gt;</i>. Multiple attributes can be given on separate lines.</p>
<p> Example:<br/><i>phone:user_phone_number</i><br/><i>adress:user_home_address</i></p>
<table class="form-table" style="margin-bottom: 20px;">
<tbody>
<tr>
<th scope="row" valign="top">Meta data</th>
<td>
<textarea name="<?php echo $this->get_field_name('user_meta_data'); ?>">
<?php echo join("\n", array_map(function ($attr) { return join(':', $attr); }, $SimpleLDAPLogin->get_setting('user_meta_data'))); ?>
</textarea>
</td>
</tr>
</tbody>
</table>
<p><input class="button-primary" type="submit" value="Save Settings" /></p>
<?php else: ?>
<h3>Help</h3>
<p>Here's a brief primer on how to effectively use and test Simple LDAP Login.</p>
<h4>Testing</h4>
<p>The most effective way to test logins is to use two browsers. In other words, keep the WordPress Dashboard open in Chrome, and use Firefox to try logging in. This will give you real time feedback on your settings and prevent you from inadvertently locking yourself out.</p>
<h4>Which raises the question, what happens if I get locked out?</h4>
<p>If you accidentally lock yourself out, the easiest way to get back in is to rename <strong><?php echo plugin_dir_path(__FILE__); ?></strong> to something else and then refresh. WordPress will detect the change and disable Simple LDAP Login. You can then rename the folder back to its previous name.</p>
<?php endif; ?>
</form>
</div>

563
sources/extra_files/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
View file

@ -1,563 +0,0 @@
<?php
/*
Plugin Name: Simple LDAP Login
Plugin URI: http://clifgriffin.com/simple-ldap-login/
Description: Authenticate WordPress against LDAP.
Version: 1.6.0
Author: Clif Griffin Development Inc.
Author URI: http://cgd.io
*/
class SimpleLDAPLogin {
static $instance = false;
var $prefix = 'sll_';
var $settings = array();
var $adldap;
var $ldap;
var $network_version = null;
var $version = "160";
public function __construct () {
$this->settings = $this->get_settings_obj( $this->prefix );
if( $this->get_setting('directory') == "ad" ) {
require_once( plugin_dir_path(__FILE__) . "/includes/adLDAP.php" );
$this->adldap = new adLDAP(
array (
"account_suffix" => $this->get_setting('account_suffix'),
"use_tls" => str_true( $this->get_setting('use_tls') ),
"base_dn" => $this->get_setting('base_dn'),
"domain_controllers" => (array)$this->get_setting('domain_controllers'),
"ad_port" => $this->get_setting('ldap_port')
)
);
}
add_action('admin_init', array($this, 'save_settings') );
if ($this->is_network_version()) {
add_action('network_admin_menu', array($this, 'menu') );
}
else {
add_action('admin_menu', array($this, 'menu') );
}
if ( str_true($this->get_setting('enabled')) ) {
add_filter('authenticate', array($this, 'authenticate'), 1, 3);
}
register_activation_hook( __FILE__, array($this, 'activate') );
// If version is false, and old version detected, run activation
if( $this->get_setting('version') === false || $this->get_setting('version') != $version ) {
$this->upgrade_settings();
}
}
public static function getInstance () {
if ( !self::$instance ) {
self::$instance = new self;
}
return self::$instance;
}
function activate () {
// Default settings
$this->add_setting('account_suffix', "@mydomain.org");
$this->add_setting('base_dn', "DC=mydomain,DC=org");
$this->add_setting('domain_controllers', array("dc01.mydomain.local") );
$this->add_setting('directory', "ad");
$this->add_setting('role', "contributor");
$this->add_setting('high_security', "true");
$this->add_setting('ol_login', "uid");
$this->add_setting('ol_group', "cn");
$this->add_setting('use_tls', "false");
$this->add_setting('ldap_port', 389);
$this->add_setting('ldap_version', 3);
$this->add_setting('create_users', "false");
$this->add_setting('enabled', "false");
$this->add_setting('search_sub_ous', "false");
$this->add_setting('group_dn', "");
$this->add_setting('group_uid', "memberUid");
// User attribute settings
$this->add_setting('user_first_name_attribute', "givenname");
$this->add_setting('user_last_name_attribute', "sn");
$this->add_setting('user_email_attribute', "mail");
$this->add_setting('user_url_attribute', "wwwhomepage");
$this->add_setting('user_meta_data', array() );
}
function upgrade_settings() {
if( $this->get_setting('version') === false ) {
$this->set_setting('enabled', 'true');
if ($this->is_network_version()) {
$account_suffix = get_site_option('simpleldap_account_suffix');
$simpleldap_base_dn = get_site_option('simpleldap_base_dn');
$simpleldap_domain_controllers = get_site_option('simpleldap_domain_controllers');
$simpleldap_directory_type = get_site_option('simpleldap_directory_type');
$simpleldap_group = get_site_option('simpleldap_group');
$simpleldap_account_type = get_site_option('simpleldap_account_type');
$simpleldap_ol_login = get_site_option('simpleldap_ol_login');
$simpleldap_use_tls = get_site_option('simpleldap_use_tls');
$simpleldap_login_mode = get_site_option('simpleldap_login_mode');
$simpleldap_security_mode = get_site_option('simpleldap_security_mode');
}
else {
$account_suffix = get_option('simpleldap_account_suffix');
$simpleldap_base_dn = get_option('simpleldap_base_dn');
$simpleldap_domain_controllers = get_option('simpleldap_domain_controllers');
$simpleldap_directory_type = get_option('simpleldap_directory_type');
$simpleldap_group = get_option('simpleldap_group');
$simpleldap_account_type = get_option('simpleldap_account_type');
$simpleldap_ol_login = get_option('simpleldap_ol_login');
$simpleldap_use_tls = get_option('simpleldap_use_tls');
$simpleldap_login_mode = get_option('simpleldap_login_mode');
$simpleldap_security_mode = get_option('simpleldap_security_mode');
}
$this->set_setting('account_suffix', $account_suffix );
$this->set_setting('base_dn', $simpleldap_base_dn);
$this->set_setting('domain_controllers', $simpleldap_domain_controllers);
$this->set_setting('groups', (array)$simpleldap_group );
$this->set_setting('role', $simpleldap_account_type);
$this->set_setting('ol_login', $simpleldap_ol_login);
$this->set_setting('use_tls', str_true( $simpleldap_use_tls ) );
// Directory Type
if ( $simpleldap_directory_type == "directory_ad" ) {
$this->set_setting('directory', 'ad');
} else {
$this->set_setting('directory', 'ol');
}
// Create User Setting
$create_users = false;
if ( $simpleldap_login_mode == "mode_create_all" || $simpleldap_login_mode == "mode_create_group" ) {
$this->set_setting('create_users', true);
}
// High Security Setting
$high_security = false;
if ( $simpleldap_security_mode == "security_high" ) {
$this->set_setting('high_security', true);
}
}
if ( $this->get_setting('version') < $this->version || $this->get_setting('version') === false ) {
$this->add_setting('search_sub_ous', "false");
$this->add_setting('group_base_dn', "");
$this->add_setting('group_uid', "memberUid");
// User attribute settings
$this->add_setting('user_first_name_attribute', "givenname");
$this->add_setting('user_last_name_attribute', "sn");
$this->add_setting('user_email_attribute', "mail");
$this->add_setting('user_url_attribute', "wwwhomepage");
$this->add_setting('user_meta_data', array() );
}
// Update version
$this->set_setting( 'version', $this->version );
}
function menu () {
if ($this->is_network_version()) {
add_submenu_page(
"settings.php",
"Simple LDAP Login",
"Simple LDAP Login",
'manage_network_plugins',
"simple-ldap-login",
array($this, 'admin_page')
);
}
else {
add_options_page("Simple LDAP Login", "Simple LDAP Login", 'manage_options', "simple-ldap-login", array($this, 'admin_page') );
}
}
function admin_page () {
include 'Simple-LDAP-Login-Admin.php';
}
function get_settings_obj () {
if ( $this->is_network_version() ) {
return get_site_option("{$this->prefix}settings", false);
}
else {
return get_option("{$this->prefix}settings", false);
}
}
function set_settings_obj ( $newobj ) {
if ( $this->is_network_version() ) {
return update_site_option("{$this->prefix}settings", $newobj);
}
else {
return update_option("{$this->prefix}settings", $newobj);
}
}
function set_setting ( $option = false, $newvalue ) {
if( $option === false ) return false;
$this->settings = $this->get_settings_obj($this->prefix);
$this->settings[$option] = $newvalue;
return $this->set_settings_obj($this->settings);
}
function get_setting ( $option = false ) {
if( $option === false || ! isset($this->settings[$option]) ) return false;
return apply_filters($this->prefix . 'get_setting', $this->settings[$option], $option);
}
function add_setting ( $option = false, $newvalue ) {
if( $option === false ) return false;
if ( ! isset($this->settings[$option]) ) {
return $this->set_setting($option, $newvalue);
} else return false;
}
function get_field_name($setting, $type = 'string') {
return "{$this->prefix}setting[$setting][$type]";
}
function save_settings()
{
if( isset($_REQUEST["{$this->prefix}setting"]) && check_admin_referer('save_sll_settings','save_the_sll') ) {
$new_settings = $_REQUEST["{$this->prefix}setting"];
foreach( $new_settings as $setting_name => $setting_value ) {
foreach( $setting_value as $type => $value ) {
if( $setting_name == 'user_meta_data') {
$this->set_setting($setting_name,
array_map( function ($attr) { return explode(':', $attr); },
array_filter(preg_split('/\r\n|\n|\r|;/', $value))));
}
elseif( $type == "array") {
$this->set_setting($setting_name, explode(";", $value));
} else {
$this->set_setting($setting_name, $value);
}
}
}
add_action('admin_notices', array($this, 'saved_admin_notice') );
}
}
function saved_admin_notice(){
echo '<div class="updated">
<p>Simple LDAP Login settings have been saved.</p>
</div>';
if( ! str_true($this->get_setting('enabled')) ) {
echo '<div class="error">
<p>Simple LDAP Login is disabled.</p>
</div>';
}
}
function authenticate ($user, $username, $password) {
// If previous authentication succeeded, respect that
if ( is_a($user, 'WP_User') ) { return $user; }
// Determine if user a local admin
$local_admin = false;
$user_obj = get_user_by('login', $username);
if( user_can($user_obj, 'update_core') ) $local_admin = true;
$local_admin = apply_filters( 'sll_force_ldap', $local_admin );
$password = stripslashes($password);
// To force LDAP authentication, the filter should return boolean false
if ( empty($username) || empty($password) ) {
$error = new WP_Error();
if ( empty($username) )
$error->add('empty_username', __('<strong>ERROR</strong>: The username field is empty.'));
if ( empty($password) )
$error->add('empty_password', __('<strong>ERROR</strong>: The password field is empty.'));
return $error;
}
// If high security mode is enabled, remove default WP authentication hook
if ( apply_filters('sll_remove_default_authentication_hook', str_true( $this->get_setting('high_security') ) && ! $local_admin ) ) {
remove_filter('authenticate', 'wp_authenticate_username_password', 20, 3);
}
// Sweet, let's try to authenticate our user and pass against LDAP
$auth_result = $this->ldap_auth($username, $password, $this->get_setting('directory') );
if( $auth_result ) {
// Authenticated, does user have required groups, if any?
if( $this->user_has_groups( $username, $this->get_setting('directory') ) ) {
$user = get_user_by('login', $username);
if ( ! $user || ( strtolower($user->user_login) !== strtolower($username) ) ) {
if( ! str_true($this->get_setting('create_users')) ) {
do_action( 'wp_login_failed', $username );
return $this->ldap_auth_error('invalid_username', __('<strong>Simple LDAP Login Error</strong>: LDAP credentials are correct, but there is no matching WordPress user and user creation is not enabled.'));
}
$new_user = wp_insert_user( $this->get_user_data( $username, $this->get_setting('directory') ) );
if( ! is_wp_error($new_user) )
{
// Add user meta data
$user_meta_data = $this->get_user_meta_data( $username, $this->get_setting('directory'));
foreach( $user_meta_data as $meta_key => $meta_value ) {
add_user_meta($new_user, $meta_key, $meta_value);
}
// Successful Login
$new_user = new WP_User($new_user);
do_action_ref_array($this->prefix . 'auth_success', array($new_user) );
return $new_user;
}
else
{
do_action( 'wp_login_failed', $username );
return $this->ldap_auth_error("{$this->prefix}login_error", __('<strong>Simple LDAP Login Error</strong>: LDAP credentials are correct and user creation is allowed but an error occurred creating the user in WordPress. Actual error: '.$new_user->get_error_message() ));
}
} else {
return new WP_User($user->ID);
}
} else {
return $this->ldap_auth_error("{$this->prefix}login_error", __('<strong>Simple LDAP Login Error</strong>: Your LDAP credentials are correct, but you are not in an authorized LDAP group.'));
}
} elseif ( str_true($this->get_setting('high_security')) ) {
return $this->ldap_auth_error('invalid_username', __('<strong>Simple LDAP Login</strong>: Simple LDAP Login could not authenticate your credentials. The security settings do not permit trying the WordPress user database as a fallback.'));
}
do_action($this->prefix . 'auth_failure');
return false;
}
function get_domain_username( $username ) {
// Format username with domain prefix, if login_domain is set
$login_domain = $this->get_setting('login_domain');
if ( ! empty($login_domain) ) {
return $login_domain . '\\' . $username;
}
return $username;
}
function ldap_auth( $username, $password, $directory ) {
$result = false;
if ( $directory == "ad" ) {
$result = $this->adldap->authenticate( $this->get_domain_username($username), $password );
} elseif ( $directory == "ol" ) {
$this->ldap = ldap_connect( join(' ', (array)$this->get_setting('domain_controllers')), (int)$this->get_setting('ldap_port') );
ldap_set_option($this->ldap, LDAP_OPT_PROTOCOL_VERSION, (int)$this->get_setting('ldap_version'));
if ( str_true($this->get_setting('use_tls')) ) {
ldap_start_tls($this->ldap);
}
$dn = $this->get_setting('ol_login') .'=' . $username . ',' . $this->get_setting('base_dn');
if (str_true($this->get_setting('search_sub_ous'))) {
// search for user's DN in the base DN and below
$filter = $this->get_setting('ol_login') .'=' . $username;
$sr = @ldap_search($this->ldap, $this->get_setting('base_dn'), $filter, array('cn'));
if ($sr !== FALSE) {
$info = @ldap_get_entries($this->ldap, $sr);
if ($info !== FALSE && $info['count'] > 0) {
$dn = $info[0]['dn'];
}
}
}
$ldapbind = @ldap_bind($this->ldap, $dn, $password);
$this->dn = $dn;
$result = $ldapbind;
}
return apply_filters($this->prefix . 'ldap_auth', $result);
}
/**
* Prevent modification of the error message by other authenticate hooks
* before it is shown to the user
*
* @param string $code
* @param string $message
* @return WP_Error
*/
function ldap_auth_error( $code, $message ) {
remove_all_filters( 'authenticate' );
return new WP_Error( $code, $message );
}
function user_has_groups( $username = false, $directory ) {
$result = false;
$groups = (array)$this->get_setting('groups');
$groups = array_filter($groups);
if ( ! $username ) return $result;
if ( count( $groups ) == 0 ) return true;
if ( $directory == "ad" ) {
foreach ($groups as $gp) {
if ( $this->adldap->user_ingroup ($username, $gp ) ) {
$result = true;
break;
}
}
} elseif ( $directory == "ol" ) {
if( $this->ldap === false ) return false;
$group_base_dn = $this->get_setting('group_base_dn') !== false ? $this->get_setting('group_base_dn') : $this->get_setting('base_dn');
$result = ldap_search($this->ldap, $group_base_dn, '(|(&(objectClass=groupOfUniqueNames)(uniquemember=' . $this->dn . '))(&(objectClass=groupOfNames)(member=' . $this->dn . '))(' . $this->get_setting('group_uid') . '=' . $username . '))', array($this->get_setting('ol_group')));
$ldapgroups = ldap_get_entries($this->ldap, $result);
// Ok, we should have the user, all the info, including which groups he is a member of.
// Let's make sure he's in the right group before proceeding.
$user_groups = array();
for ( $i = 0; $i < $ldapgroups['count']; $i++) {
$user_groups[] = $ldapgroups[$i][$this->get_setting('ol_group')][0];
}
$result = (bool)(count( array_intersect($user_groups, $groups) ) > 0);
}
return apply_filters($this->prefix . 'user_has_groups', $result);
}
function get_user_data( $username, $directory ) {
$user_data = array(
'user_pass' => md5( microtime() ),
'user_login' => $username,
'user_nicename' => '',
'user_email' => '',
'display_name' => '',
'first_name' => '',
'last_name' => '',
'user_url' => '',
'role' => $this->get_setting('role')
);
if ( $directory == "ad" ) {
$userinfo = $this->adldap->user_info($username, array("samaccountname","givenname","sn","mail"));
$userinfo = $userinfo[0];
} elseif ( $directory == "ol" ) {
if ( $this->ldap == null ) {return false;}
$attributes = array(
$this->get_setting('ol_login'),
$this->get_setting('user_last_name_attribute'),
$this->get_setting('user_first_name_attribute'),
$this->get_setting('user_email_attribute'),
$this->get_setting('user_url_attribute')
);
$result = ldap_search($this->ldap, $this->get_setting('base_dn'), '(' . $this->get_setting('ol_login') . '=' . $username . ')', $attributes);
$userinfo = ldap_get_entries($this->ldap, $result);
if ($userinfo['count'] == 1) {
$userinfo = $userinfo[0];
}
} else return false;
if( is_array($userinfo) ) {
$user_data['user_nicename'] = strtolower($userinfo[$this->get_setting('user_first_name_attribute')][0]) . '-' . strtolower($userinfo[$this->get_setting('user_last_name_attribute')][0]);
$user_data['user_email'] = $userinfo[$this->get_setting('user_email_attribute')][0];
$user_data['display_name'] = $userinfo[$this->get_setting('user_first_name_attribute')][0] . ' ' . $userinfo[$this->get_setting('user_last_name_attribute')][0];
$user_data['first_name'] = $userinfo[$this->get_setting('user_first_name_attribute')][0];
$user_data['last_name'] = $userinfo[$this->get_setting('user_last_name_attribute')][0];
$user_data['user_url'] = $userinfo[$this->get_setting('user_url_attribute')][0];
}
return apply_filters($this->prefix . 'user_data', $user_data);
}
function get_user_meta_data( $username, $directory ) {
if ( $directory == "ad" ) {
// TODO: get user meta data for ad
return false;
} elseif ( $directory == "ol" ) {
if ( $this->ldap == null ) {return false;}
$attributes = array();
foreach( $this->get_setting('user_meta_data') as $attr ) {
$attributes[] = $attr[0];
}
$result = ldap_search($this->ldap, $this->get_setting('base_dn'), '(' . $this->get_setting('ol_login') . '=' . $username . ')', $attributes);
$userinfo = ldap_get_entries($this->ldap, $result);
if ($userinfo['count'] == 1) {
$userinfo = $userinfo[0];
}
} else return false;
$user_meta_data = array();
foreach( $this->get_setting('user_meta_data') as $attr ) {
$user_meta_data[$attr[1]] = $userinfo[$attr[0]][0];
}
return apply_filters($this->prefix . 'user_meta_data', $user_meta_data);
}
/**
* Returns whether this plugin is currently network activated
*/
function is_network_version() {
if ( $this->network_version !== null) {
return $this->network_version;
}
if ( ! function_exists( 'is_plugin_active_for_network' ) ) {
require_once( ABSPATH . '/wp-admin/includes/plugin.php' );
}
if ( is_plugin_active_for_network( plugin_basename(__FILE__) ) ) {
$this->network_version = true;
}
else {
$this->network_version = false;
}
return $this->network_version;
}
}
if ( ! function_exists('str_true') ) {
/**
* Evaluates natural language strings to boolean equivalent
*
* Used primarily for handling boolean text provided in shopp() tag options.
* All values defined as true will return true, anything else is false.
*
* Boolean values will be passed through.
*
* Replaces the 1.0-1.1 value_is_true()
*
* @author Jonathan Davis
* @since 1.2
*
* @param string $string The natural language value
* @param array $istrue A list strings that are true
* @return boolean The boolean value of the provided text
**/
function str_true ( $string, $istrue = array('yes', 'y', 'true','1','on','open') ) {
if (is_array($string)) return false;
if (is_bool($string)) return $string;
return in_array(strtolower($string),$istrue);
}
}
$SimpleLDAPLogin = SimpleLDAPLogin::getInstance();

2413
sources/extra_files/wp-content/plugins/simple-ldap-login/includes/adLDAP.php
View file

File diff suppressed because it is too large Load diff

218
sources/extra_files/wp-content/plugins/simple-ldap-login/readme.txt
View file

@ -1,218 +0,0 @@
=== Plugin Name ===
Contributors: clifgriffin
Donate link: http://cgd.io
Tags: LDAP, authentication, login, active directory, adLDAP
Requires at least: 3.4
Tested up to: 4.5.0
Stable tag: 1.6.0
License: GPLv2 or later
Integrating WordPress with LDAP shouldn't be difficult. Now it isn't. Simple LDAP Login provides all of the features, none of the hassles.
== Description ==
Having a single login for every service is a must in large organizations. This plugin allows you to integrate WordPress with LDAP quickly and easily. Like, really really easy.
**Contributing**
This is a community project now. Most development is done by users like you who find bugs and fix them, or find new ways to make the plugin more powerful for everyone.
The easiest way to contribute to this plugin is to submit a GitHub pull request. Here's the repo:
https://github.com/clifgriffin/simple-ldap-login
**Support**
If you need support, file an issue here:
https://github.com/clifgriffin/simple-ldap-login/issues
**Special Requests**
If you need a customization or change specific to your install, I am available for hire. Shoot me an e-mail: clifgriffin[at]gmail.com
= Features =
* Supports Active Directory and OpenLDAP (and other directory systems which comply to the LDAP standard, such as OpenDS)
* Supports TLS
* Uses up-to-date methods for WordPress authentication routines.
* Authenticates existing WordPress usernames against LDAP.
* Can be configured to automatically create WordPress users for valid LDAP logins.
* You can restrict logins based on one or more LDAP groups.
* Intuitive control panel.
= Architecture =
Simple LDAP Login adds an authentication filter to WordPress that authentication requests must pass. In doing so, it makes several decisions.
* Can the provided credentials be authenticated against LDAP?
* * If so, is the LDAP user a member of the required LDAP groups (if any)?
* * * Does a matching WordPress user exist?
* * * * If so, log the user in.
* * * * If not, is user creation enabled?
* * * * * Create the user and log them in.
This is high level overview. This should answer the philosophical questions about how the plugin works. If the plugin is unable to authenticate the user, it should pass it down the chain to WordPress. (Unless LDAP Exclusive is turned on, in which case it won't.)
== Changelog ==
**Version 1.6.0**
* New filter sll_remove_default_authentication_hook lets you override local password fallback.
* Lots of new features from various pull requests from contributing users. Most of these focus on new settings for edge cases, and some general improvements.
* If we did our jobs right, nothing will break. But if it does, rolling back to 1.5.5 is the best place to start.
**Version 1.5.5**
* Fix syntax error.
* Dont sanitize user info.
**Version 1.5.4**
* Local admins will always fall back to local WP password.
* Fixes bug where new users do not have name or other information from LDAP directory
**Version 1.5.3**
* Fixing apparent security problem with blank passwords. (!)
* Fixing typo in filter name (did not affect any functionality)
* Local admin exception coming soon, as well as more bug fixes.
* Possible fix for login error upon arriving at login page when LDAP exclusive enabled.
**Version 1.5.2**
* Fixed bug with groups setting.
* Removed delete_option references in upgrade code to allow for easier rollbacks (sorry about that!)
* Fixed a few bugs in the user creation code.
* Fixed bug with storing default user role.
**Version 1.5.1**
* Fixed a bug where the domain controllers are passed as a string.
**Version 1.5**
* Complete rewritten from the ground up.
* It's Object Oriented, DRY and Singleton.
* The options have been overhauled to make configuration much easier. Focuses on individual features rather than "modes" that encapsulate several behaviors.
* Admin pages now use WordPress admin styles and behaviors.
* Tested with Active Directory. I recommend OpenLDAP users test carefully before implementing in their production environments.
* Added global on off switch so you can easily disable LDAP authentication without deactivating.
**Version 1.4.0.5.1**
* I broke it. Sorry guys! :(
* Downgraded adLDAP as some referenced functions no longer exist.
**Version 1.4.0.5**
* Updated adLDAP to version 4.x
* Fixed error in OpenLDAP group membership check
* As always TEST this first. Don't assume it works...I don't have a testing environment to ensure it will work correctly.
**Version 1.4.0.4**
* Fixes nickname bug accidentally put back in in last version. (My bad!)
**Version 1.4.0.3**
* Reverts bug introduced in 1.4.0.2
* If you installed 1.4.0.2 and use OpenLDAP, please update as soon as possible and verify users cannot login with incorrect passwords (and vice versa).
**Version 1.4.0.2 - Patches submitted by Jonas Genannt and Ilya Kozlov**
* Updates adLDAP to 3.3.2
* Fixes issue with users in recursive OUs not being found.
* Fixes issues with different Base DN formats.
* NOTE: Please be catious in updating. As I don't have an OpenLDAP install, I am unable to independently confirm these fix the problems. If you have issues, revert to 1.4.0.1 and e-mail me: clifgriffin[at]gmail.com. Likewise, If you can confirm these changes are effective, also let me know. :)
**Version 1.4.0.1**
* Fix for e-mail exists issue with WP 3.0+ for LDAP installations that don't populate the e-mail address attribute.
* Shows actual error message from WordPress upon failure.
**Version 1.4**
* First update in about a year. Thanks for your patience.
* Completely rewritten to support changes in WordPress 2.8+. Now fully supports WordPress 3.0.
* Much more manageable and efficient code structure. Less code repetition.
* Includes TLS support.
* Allows OpenLDAP users to specify an alternate LDAP attribute to use for logins for those not using UID.
**Version 1.3.0.3**
* Test form now implements wp_authenticate and uses the same routines as the actual login. This also means account creation and group membership are tested.
* Implemented stripslashes() to correct issue with some special characters such as a single quote and backslash.
* WordPress account "admin" is now allowed to login using local password even when security mode is set to high. For safety.
* Made some minor wording changes to the admin panel.
**Version 1.3.0.2.1**
* Fixed case sensitivity issue that could result in multiple accounts. There may be lingering case insensitivity issues due to the get_userdatabylogin function being case-sensitive. We'll figure this out in due time.
* Sorry for posting two updates on the same day!
**Version 1.3.0.2**
* Fixes several tickets including role assignment, case sensitivity, and potential compatibility issues with other themes/plugins.
* Added security mode setting to allow security to be tightened.
* Changed auto created accounts to use a random password rather than the LDAP password given.
* Fixed error with the way announcements are displayed in the admin panel.
* More code clean up.
**Version 1.3.0.1**
* Never officially released.
* Contained code cleanup and some attempted fixes.
**Version 1.3 Beta**
* Support for both Active Directory and OpenLDAP.
* The ability to create WordPress users automatically upon login based on LDAP group membership OR by LDAP authentication alone.
* The ability to test domain settings straight from admin panel.
* Announcements pane that allows me to update you with fixes, cautions, new beta versions, or other important information.
**Version 1.2.0.1**
* Changed required user level for admin page to 10, Administrators only.
**Version 1.2**
* Implemented multiple domain controllers.
* Changed field sizes on admin page to be more user friendly.
**Version 1.1**
* Moved settings to administration pages under settings.
* Upgraded to latest version of adLDAP 2.1.
* Got rid of credentials. (They are not neccessary for the authenticate function in adLDAP!)
* Plugin is now upgrade proof. Settings are stored using WordPress's setting functions.
**Version 1.0**
* Original release.
== Installation ==
1. Use the WordPress plugin directory to install the plugin or upload the directory `simple-ldap-login` to the `/wp-content/plugins/` directory.
1. Activate the plugin through the 'Plugins' menu in WordPress
1. Update the settings to those that best match your environment by going to Settings -> Simple LDAP Login
1. If you don't get the settings right the first time, don't fret! Just use your WordPress credentials. They should always work
1. Once you have the settings correct, you can toggle LDAP Exclusive mode (if you like).
1. To make your life easier, consider using two different browsers (e.g., Chrome and Firefox) to do testing. Change settings in one. Test in the other. This will prevent any chance of being locked out.
== Frequently Asked Questions ==
= Other than WordPress, what does my system require? =
Your install of PHP must be configured/compiled with LDAP support.
= How do I know what the correct settings are? =
I have tried to make the settings as self-explanatory as possible. If you are struggling figuring them out, you may need to speak with your LDAP administrator. I realize this is an obnoxious response, but there is no good, fool proof way to help you discover these settings. A good place to start, if you're feeling daring, might be to use ADSIEdit for Windows and Active Directory, or GQ for Linux and OpenLDAP.
= It's still not working, what other things can I try? =
If you are confident your settings are correct and it still does not work, it may be time to check for port or firewall issues. If your LDAP server is running on a non-standard port or an obsolete version of the LDAP protocol you are going to have issues. Port 389 is the port this plugin, and nearly every other LDAP enabled software expects. They are also expecting protocol version 3. If you are using an old version of LDAP or running a non-standard port you may need to modify the code that the plugin runs or update your LDAP installation.
Unfortunately I can't be relied upon to assist with these types of requests. I chose not to support these scenarios because they are infrequent and because they confuse everyone else.
= It's still not working! How can I get help? =
The easiest way to get help is to post a comment on my blog: http://clifgriffin.com/simple-ldap-login/. I'll do my best to get you up and running!
== Screenshots ==
1. Easy to use admin panel.
2. Advanced options for power users.