Here is a patch to includes/User.php to allow password checking via a
remote webserver. We're using it here to authenticate against our
Kerberos server via a connection to an apache vhost on localhost
running mod_auth_kerb, but I've generalized the code so it should work
against any webserver you specify.
To enable it, add something like the following to LocalSettings.php:
$wgRemotePasswordCheck = true;
$wgRemotePasswordServer = "localhost";
$wgRemotePasswordPort = 80;
Patch:
--- mediawiki-1.3.7/includes/User.php Thu Sep 23 11:41:57 2004
+++ wiki-bioterm/includes/User.php Tue Oct 26 17:32:04 2004
@@ -722,6 +722,7 @@
# Check to see if the given clear-text password is one of the
accepted passwords
function checkPassword( $password ) {
+ global $wgRemotePasswordCheck,
$wgRemotePasswordServer, $wgRemotePasswordPort;
$this->loadFromDatabase();
$ep = $this->encryptPassword( $password );
if ( 0 == strcmp( $ep, $this->mPassword ) ) {
@@ -733,6 +734,24 @@
# Check for this with iconv
$cp1252hash = $this->encryptPassword( iconv(
'UTF-8', 'WINDOWS-1252', $password ) );
if ( 0 == strcmp( $cp1252hash, $this->mPassword ) ) {
+ return true;
+ }
+ }
+ if ( $wgRemotePasswordCheck ) {
+ $lower = strtolower( $this->mName );
+ $credentials = $lower . ":" . $password;
+ $out = "GET / HTTP/1.1\r\n";
+ $out .= "Host: $wgRemotePasswordServer\r\n";
+ $out .= "Authorization: Basic " .
base64_encode($credentials) . "\r\n\r\n";
+ $fp = fsockopen( $wgRemotePasswordServer,
$wgRemotePasswordPort, $errno, $errstr, 30 );
+ if( !$fp ) {
+ echo "$errstr ($errno)<br>";
+ } else {
+ fwrite( $fp, $out );
+ $test = fgets( $fp, 128);
+ fclose( $fp );
+ }
+ if( 0 == strcmp( $test, "HTTP/1.0 200 OK\r\n" ) ) {
return true;
}
}
Show replies by date