[Home]WikiPatches/LoginAndPasswordsFromApache

UseModWiki | WikiPatches | RecentChanges | Preferences

Patch against 1.0 follows, useful as a source of ideas. Really several patches in one.

Main features:

Note on better ways to achieve the same result:

--- /home/martin/downloads/usemod10/wiki.pl	2003-09-11 22:21:02.000000000 +1000
+++ wiki.pl	2004-07-24 13:22:54.000000000 +1000
@@ -382,7 +392,7 @@
 }
 
 sub Tss {
-  my $text = @_[0];
+  my $text = $_[0];
 
   $text = T($text);
   $text =~ s/\%([1-9])/$_[$1]/ge;
@@ -434,9 +454,9 @@
   $UserID = $UserCookie{'id'};
   $UserID =~ s/\D//g;  # Numeric only
   if ($UserID < 200) {
-    $UserID = 111;
+      &FindId(); # only if no cookie
   } else {
-    &LoadUserData($UserID);
+      &LoadUserData();
   }
   if ($UserID > 199) {
     if (($UserData{'id'}       != $UserCookie{'id'})      ||
@@ -450,6 +470,30 @@
   }
 }
 
+sub FindId { 
+    my $fname = "$DataDir/usermap";
+    my $user = $ENV{'REMOTE_USER'};
+    if (-f $fname) {
+	my $data = &ReadFileOrDie($fname);
+	for my $ul (split("\n", $data)) {
+	    if ($ul =~ /([0-9]+):(.*)/) {
+		my ($idc, $userc) = ($1, $2);
+		if (($userc eq $user) && ($idc > 199)) {
+		    $UserID = $idc;
+		    &LoadUserData();
+		    if (!defined($UserData{'password'}) || 
+			($UserData{'password'} eq '')) {
+			$SetCookie{'id'} = $idc;
+			$SetCookie{'randkey'} = $UserData{'randkey'};
+			$SetCookie{'rev'} = 1;
+		    }		    
+		}
+	    }
+	}
+    }
+    $UserID = 111;
+}
+
 sub DoBrowseRequest {
   my ($id, $action, $text);
@@ -1675,6 +1777,8 @@
       s/----+/<hr class=wikiline>/g;
     }
   }
+  my $signature = Signature();
+  s/~~/$signature/g;
   if ($doLines) { # 0 = no line-oriented, 1 or 2 = do line-oriented
     # The quote markup patterns avoid overlapping tags (with 5 quotes)
     # by matching the inner quotes for the strong pattern.
@@ -2344,7 +2448,7 @@
   $Section{'ip'} = $ENV{REMOTE_ADDR};
   $Section{'host'} = '';        # Updated only for real edits (can be slow)
   $Section{'id'} = $UserID;
-  $Section{'username'} = &GetParam("username", "");
+  $Section{'username'} = &UserName();
   $Section{'data'} = $data;
   $Page{$name} = join($FS2, %Section);  # Replace with save?
 }
@@ -2448,7 +2552,7 @@
   $Section{'ts'} = $Now;       # Updated every edit
   $Section{'ip'} = $ENV{REMOTE_ADDR};
   $Section{'id'} = $UserID;
-  $Section{'username'} = &GetParam("username", "");
+  $Section{'username'} = &UserName();
   $Section{'data'} = $data;
   $Page{$name} = join($FS2, %Section);
 }
@@ -2981,9 +3085,9 @@
   if ($NumberDates) {
     return ($year + 1900) . '-' . ($mon+1) . '-' . $mday;
   }
-  return ("January", "February", "March", "April", "May", "June",
+  return $mday . ' ' . ("January", "February", "March", "April", "May", "June",
           "July", "August", "September", "October", "November",
-          "December")[$mon]. " " . $mday . ", " . ($year+1900);
+          "December")[$mon] . " " . ($year+1900);
 }
 
 sub CalcTime {
@@ -3271,7 +3375,7 @@
     print T($EditNote) . '<br>';  # Allow translation
   }
   print $q->submit(-name=>'Save', -value=>T('Save')), "\n";
-  $userName = &GetParam("username", "");
+  $userName = &UserName();
   if ($userName ne "") {
     print ' (', T('Your user name is'), ' ',
           &GetPageLink($userName) . ') ';
@@ -3447,6 +3554,7 @@
     return;
   }
   $username = &GetParam("p_username",  "");
+  $username = $ENV{'REMOTE_USER'} if $username =~ /^\s*$/;
   if ($FreeLinks) {
     $username =~ s/^\[\[(.+)\]\]/$1/;  # Remove [[ and ]] if added
     $username =  &FreeToNormal($username);
@@ -3471,7 +3579,7 @@
     undef $UserData{'password'};
   } elsif ($password ne "*") {
     print T('Password changed.'), '<br>';
-    $UserData{'password'} = $password;
+    $UserData{'password'} = CryptPass($EditPass, $password);
   }
   if (($AdminPass ne "") || ($EditPass ne "")) {
     $password = &GetParam("p_adminpw",  "");
@@ -3480,7 +3588,7 @@
       undef $UserData{'adminpw'};
     } elsif ($password ne "*") {
       print T('Administrator password changed.'), '<br>';
-      $UserData{'adminpw'} = $password;
+      $UserData{'adminpw'} = CryptPass($AdminPass, $password);
       if (&UserIsAdmin()) {
         print T('User has administrative abilities.'), '<br>';
       } elsif (&UserIsEditor()) {
@@ -3614,6 +3722,9 @@
   $UserData{'createtime'} = $Now;
   $UserData{'createip'} = $ENV{REMOTE_ADDR};
   &SaveUserData();
+
+  my $fname = "$DataDir/usermap";
+  &AppendStringToFile($fname, $UserID . ':' . $ENV{'REMOTE_USER'} . "\n");
 }
 
 sub DoEnterLogin {
@@ -3644,8 +3755,8 @@
     $UserID = $uid;
     &LoadUserData();
     if ($UserID > 199) {
-      if (defined($UserData{'password'}) &&
-          ($UserData{'password'} eq $password)) {
+	if (defined($UserData{'password'}) && 
+	    ($UserData{'password'} eq CryptPass($EditPass, $password))) {
         $SetCookie{'id'} = $uid;
         $SetCookie{'randkey'} = $UserData{'randkey'};
         $SetCookie{'rev'} = 1;
@@ -3916,6 +4027,8 @@
   }
   # Add a newline to the end of the string (if it doesn't have one)
   $string .= "\n"  if (!($string =~ /\n$/));
+  my $signature = Signature();
+  $string =~ s/~~/$signature/g;
   # Lock before getting old page to prevent races
   # Consider extracting lock section into sub, and eval-wrap it?
   # (A few called routines can die, leaving locks.)
@@ -3964,7 +4077,7 @@
     &DoEdit($id, 0, $pgtime, $string, 1);
     return;
   }
-  $user = &GetParam("username", "");
+  $user = &UserName();
   # If the person doing editing chooses, send out email notification
   if ($EmailNotify) {
     &EmailNotify($id, $user) if &GetParam("do_email_notify", "") eq 'on';
@@ -5089,6 +5202,26 @@
   print Ts('Recommended $StartUID setting is %s.', $maxID + 100) . '<br>';
   print &GetCommonFooter();
 }
+
+sub Signature {
+    return ($FreeLinks ? '[[' : '') . UserName() . ($FreeLinks ? ']]' : '') . ' ' . TimeToText($Now);
+}
+sub UserName {
+    my ($userName);
+    $userName = &GetParam("username", "");
+    $userName = ucfirst($ENV{'REMOTE_USER'}) if $userName =~ /^\s*$/;
+    return $userName;
+}
+
+sub CryptPass {
+    my ($salt, $pass) = @_;
+    if (!$salt) {
+	my $lets = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+	$salt = substr($lets, rand(62),1 ) . substr($lets, rand(62), 1);
+    }
+    return crypt($pass, $salt);
+}
+
 #END_OF_OTHER_CODE
 
 &DoWikiRequest()  if ($RunCGI && ($_ ne 'nocgi'));   # Do everything.


@@ -3205,6 +3205,13 @@
   my ($header, $editRows, $editCols, $userName, $revision, $oldText);
   my ($summary, $isEdit, $pageTime);

+  if (!&UserName()) {
+    print &GetHeader("", T('Editing Denied'), "");
+    print Ts('Editing not allowed without a username. Please set your Preferences.', $SiteName);
+    print &GetCommonFooter();
+    return;
+  }
+
   if ($FreeLinks) {
     $id = &FreeToNormal($id);  # Take care of users like Markus Lude :-)
   }

UseModWiki | WikiPatches | RecentChanges | Preferences
Edit text of this page | View other revisions | Search MetaWiki
Last edited February 14, 2008 3:58 pm by MarkusLude (diff)
Search: