WikiPatches/LoginAndPasswordsFromApache

Patch against 1.0 follows, useful as a source of ideas. Really several patches in one.

Main features:

• relies on Apache to authenticate users. Assumes that some sort of authentication is in use, and that the REMOTE_USER parameter is authoritative.
• allows the use of '~~' in markup, to be replaced by the userid and date/time.
• encrypts passwords.
• dates are day month year not month day year (making this user configurable is left as an exercise).

Note on better ways to achieve the same result:

• this will be a bit slow if you have many, many users, because the &FindId routine does a linear search.
  • you could come up with a better way of saving the username→userid mapping (e.g. a tied hash).
  • alternatively, you could rewrite everything so that $UserID is alphanumeric and contains the username. Then you would not need the username and password fields in $Userdata.
    • I did something along these lines in /UseridApache It is very kludged, and probably needs some work, but it basically works
• as this stands, users will need to login for all accesses, including read, which may be what you want. If you want to allow anonymous read access, you may have to come up with some way of changing the URLs, so that read accesses use a URL like http://wiki.example.com/Setting_A_Good_Example and edits use http://wiki.example.com/edit/action=edit&id=Setting_A_Good_Example. The Apache can authenticate separately, with a userid/password only being required for the edit subdirectory.

• see additional patch at the bottom - require username to be set to edit

--- /home/martin/downloads/usemod10/wiki.pl	2003-09-11 22:21:02.000000000 +1000
+++ wiki.pl	2004-07-24 13:22:54.000000000 +1000
@@ -382,7 +392,7 @@
 }
 
 sub Tss {
-  my $text = @_[0];
+  my $text = $_[0];
 
   $text = T($text);
   $text =~ s/\%([1-9])/$_[$1]/ge;
@@ -434,9 +454,9 @@
   $UserID = $UserCookie{'id'};
   $UserID =~ s/\D//g;  # Numeric only
   if ($UserID < 200) {
-    $UserID = 111;
+      &FindId(); # only if no cookie
   } else {
-    &LoadUserData($UserID);
+      &LoadUserData();
   }
   if ($UserID > 199) {
     if (($UserData{'id'}       != $UserCookie{'id'})      ||
@@ -450,6 +470,30 @@
   }
 }
 
+sub FindId { 
+    my $fname = "$DataDir/usermap";
+    my $user = $ENV{'REMOTE_USER'};
+    if (-f $fname) {
+	my $data = &ReadFileOrDie($fname);
+	for my $ul (split("\n", $data)) {
+	    if ($ul =~ /([0-9]+):(.*)/) {
+		my ($idc, $userc) = ($1, $2);
+		if (($userc eq $user) && ($idc > 199)) {
+		    $UserID = $idc;
+		    &LoadUserData();
+		    if (!defined($UserData{'password'}) || 
+			($UserData{'password'} eq '')) {
+			$SetCookie{'id'} = $idc;
+			$SetCookie{'randkey'} = $UserData{'randkey'};
+			$SetCookie{'rev'} = 1;
+		    }		    
+		}
+	    }
+	}
+    }
+    $UserID = 111;
+}
+
 sub DoBrowseRequest {
   my ($id, $action, $text);
@@ -1675,6 +1777,8 @@
       s/----+/<hr class=wikiline>/g;
     }
   }
+  my $signature = Signature();
+  s/~~/$signature/g;
   if ($doLines) { # 0 = no line-oriented, 1 or 2 = do line-oriented
     # The quote markup patterns avoid overlapping tags (with 5 quotes)
     # by matching the inner quotes for the strong pattern.
@@ -2344,7 +2448,7 @@
   $Section{'ip'} = $ENV{REMOTE_ADDR};
   $Section{'host'} = '';        # Updated only for real edits (can be slow)
   $Section{'id'} = $UserID;
-  $Section{'username'} = &GetParam("username", "");
+  $Section{'username'} = &UserName();
   $Section{'data'} = $data;
   $Page{$name} = join($FS2, %Section);  # Replace with save?
 }
@@ -2448,7 +2552,7 @@
   $Section{'ts'} = $Now;       # Updated every edit
   $Section{'ip'} = $ENV{REMOTE_ADDR};
   $Section{'id'} = $UserID;
-  $Section{'username'} = &GetParam("username", "");
+  $Section{'username'} = &UserName();
   $Section{'data'} = $data;
   $Page{$name} = join($FS2, %Section);
 }
@@ -2981,9 +3085,9 @@
   if ($NumberDates) {
     return ($year + 1900) . '-' . ($mon+1) . '-' . $mday;
   }
-  return ("January", "February", "March", "April", "May", "June",
+  return $mday . ' ' . ("January", "February", "March", "April", "May", "June",
           "July", "August", "September", "October", "November",
-          "December")[$mon]. " " . $mday . ", " . ($year+1900);
+          "December")[$mon] . " " . ($year+1900);
 }
 
 sub CalcTime {
@@ -3271,7 +3375,7 @@
     print T($EditNote) . '<br>';  # Allow translation
   }
   print $q->submit(-name=>'Save', -value=>T('Save')), "\n";
-  $userName = &GetParam("username", "");
+  $userName = &UserName();
   if ($userName ne "") {
     print ' (', T('Your user name is'), ' ',
           &GetPageLink($userName) . ') ';
@@ -3447,6 +3554,7 @@
     return;
   }
   $username = &GetParam("p_username",  "");
+  $username = $ENV{'REMOTE_USER'} if $username =~ /^\s*$/;
   if ($FreeLinks) {
     $username =~ s/^\[\[(.+)\]\]/$1/;  # Remove [[ and ]] if added
     $username =  &FreeToNormal($username);
@@ -3471,7 +3579,7 @@
     undef $UserData{'password'};
   } elsif ($password ne "*") {
     print T('Password changed.'), '<br>';
-    $UserData{'password'} = $password;
+    $UserData{'password'} = CryptPass($EditPass, $password);
   }
   if (($AdminPass ne "") || ($EditPass ne "")) {
     $password = &GetParam("p_adminpw",  "");
@@ -3480,7 +3588,7 @@
       undef $UserData{'adminpw'};
     } elsif ($password ne "*") {
       print T('Administrator password changed.'), '<br>';
-      $UserData{'adminpw'} = $password;
+      $UserData{'adminpw'} = CryptPass($AdminPass, $password);
       if (&UserIsAdmin()) {
         print T('User has administrative abilities.'), '<br>';
       } elsif (&UserIsEditor()) {
@@ -3614,6 +3722,9 @@
   $UserData{'createtime'} = $Now;
   $UserData{'createip'} = $ENV{REMOTE_ADDR};
   &SaveUserData();
+
+  my $fname = "$DataDir/usermap";
+  &AppendStringToFile($fname, $UserID . ':' . $ENV{'REMOTE_USER'} . "\n");
 }
 
 sub DoEnterLogin {
@@ -3644,8 +3755,8 @@
     $UserID = $uid;
     &LoadUserData();
     if ($UserID > 199) {
-      if (defined($UserData{'password'}) &&
-          ($UserData{'password'} eq $password)) {
+	if (defined($UserData{'password'}) && 
+	    ($UserData{'password'} eq CryptPass($EditPass, $password))) {
         $SetCookie{'id'} = $uid;
         $SetCookie{'randkey'} = $UserData{'randkey'};
         $SetCookie{'rev'} = 1;
@@ -3916,6 +4027,8 @@
   }
   # Add a newline to the end of the string (if it doesn't have one)
   $string .= "\n"  if (!($string =~ /\n$/));
+  my $signature = Signature();
+  $string =~ s/~~/$signature/g;
   # Lock before getting old page to prevent races
   # Consider extracting lock section into sub, and eval-wrap it?
   # (A few called routines can die, leaving locks.)
@@ -3964,7 +4077,7 @@
     &DoEdit($id, 0, $pgtime, $string, 1);
     return;
   }
-  $user = &GetParam("username", "");
+  $user = &UserName();
   # If the person doing editing chooses, send out email notification
   if ($EmailNotify) {
     &EmailNotify($id, $user) if &GetParam("do_email_notify", "") eq 'on';
@@ -5089,6 +5202,26 @@
   print Ts('Recommended $StartUID setting is %s.', $maxID + 100) . '<br>';
   print &GetCommonFooter();
 }
+
+sub Signature {
+    return ($FreeLinks ? '[[' : '') . UserName() . ($FreeLinks ? ']]' : '') . ' ' . TimeToText($Now);
+}
+sub UserName {
+    my ($userName);
+    $userName = &GetParam("username", "");
+    $userName = ucfirst($ENV{'REMOTE_USER'}) if $userName =~ /^\s*$/;
+    return $userName;
+}
+
+sub CryptPass {
+    my ($salt, $pass) = @_;
+    if (!$salt) {
+	my $lets = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+	$salt = substr($lets, rand(62),1 ) . substr($lets, rand(62), 1);
+    }
+    return crypt($pass, $salt);
+}
+
 #END_OF_OTHER_CODE
 
 &DoWikiRequest()  if ($RunCGI && ($_ ne 'nocgi'));   # Do everything.

---

@@ -3205,6 +3205,13 @@
   my ($header, $editRows, $editCols, $userName, $revision, $oldText);
   my ($summary, $isEdit, $pageTime);

+  if (!&UserName()) {
+    print &GetHeader("", T('Editing Denied'), "");
+    print Ts('Editing not allowed without a username. Please set your Preferences.', $SiteName);
+    print &GetCommonFooter();
+    return;
+  }
+
   if ($FreeLinks) {
     $id = &FreeToNormal($id);  # Take care of users like Markus Lude :-)
   }