r23336 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r23335‎ \| r23336 \| r23337 >
Date:	20:55, 24 June 2007
Author:	laner
Status:	old
Tags:
Comment:	* Some internal cleanup; slight code refactoring * Added the ability to define different basedns for groups and users * Fixed a bug with auto-rename of users breaking things even when it wasn't being used
Modified paths:	/trunk/extensions/LdapAuthentication/LdapAuthentication.php (modified) (history)

Diff [purge]

Index: trunk/extensions/LdapAuthentication/LdapAuthentication.php
—	—	@@ -44,6 +44,17 @@
45	45	require_once( 'AuthPlugin.php' );
46	46
47	47	class LdapAuthenticationPlugin extends AuthPlugin {
	48	+
	49	+ //constants for search base
	50	+ const GROUPDN = 0;
	51	+ const USERDN = 1;
	52	+ const DEFAULTDN = 2;
	53	+
	54	+ //constants for error reporting
	55	+ const NONSENSITIVE = 1;
	56	+ const SENSITIVE = 2;
	57	+ const HIGHLYSENSITIVE = 3;
	58	+
48	59	//preferences
49	60	var $email, $lang, $realname, $nickname, $externalid;
50	61
—	—	@@ -70,7 +81,7 @@
71	82	function userExists( $username ) {
72	83	global $wgLDAPAddLDAPUsers;
73	84
74		~~- $this->printDebug( "Entering userExists", 1 );~~
	85	+ $this->printDebug( "Entering userExists", self::NONSENSITIVE );
75	86
76	87	//If we can't add LDAP users, we don't really need to check
77	88	//if the user exists, the authenticate method will do this for
—	—	@@ -82,7 +93,8 @@
83	94
84	95	$ldapconn = $this->connect();
85	96	if ( $ldapconn ) {
86		~~- $this->printDebug( "Successfully connected", 1 );~~
	97	+ $this->printDebug( "Successfully connected", self::NONSENSITIVE );
	98	+
87	99	$searchstring = $this->getSearchString( $ldapconn, $username );
88	100
89	101	//If we are using smartcard authentication, and we got
—	—	@@ -101,15 +113,14 @@
102	114	//Let's clean up
103	115	@ldap_unbind();
104	116	if ( !$entry ) {
105		~~- $this->printDebug( "Did not find a matching user in LDAP", 1 );~~
106		~~- //user wasn't found~~
	117	+ $this->printDebug( "Did not find a matching user in LDAP", self::NONSENSITIVE );
107	118	return false;
108	119	} else {
109		~~- $this->printDebug( "Found a matching user in LDAP", 1 );~~
	120	+ $this->printDebug( "Found a matching user in LDAP", self::NONSENSITIVE );
110	121	return true;
111	122	}
112	123	} else {
113		~~- $this->printDebug( "Failed to connect", 1 );~~
	124	+ $this->printDebug( "Failed to connect", self::NONSENSITIVE );
114	125	return false;
115	126	}
116	127
—	—	@@ -125,9 +136,9 @@
126	137	global $wgLDAPServerNames;
127	138	global $wgLDAPEncryptionType;
128	139
129		~~- $this->printDebug( "Entering Connect", 1 );~~
	140	+ $this->printDebug( "Entering Connect", self::NONSENSITIVE );
130	141
131		~~- //If the user didn't set an encryption type, we default to tls~~
	142	+ //If the admin didn't set an encryption type, we default to tls
132	143	if ( isset( $wgLDAPEncryptionType[$_SESSION['wsDomain']] ) ) {
133	144	$encryptionType = $wgLDAPEncryptionType[$_SESSION['wsDomain']];
134	145	} else {
—	—	@@ -137,11 +148,11 @@
138	149	//Set the server string depending on whether we use ssl or not
139	150	switch( $encryptionType ) {
140	151	case "ssl":
141		~~- $this->printDebug( "Using SSL", 2 );~~
	152	+ $this->printDebug( "Using SSL", self::SENSITIVE );
142	153	$serverpre = "ldaps://";
143	154	break;
144	155	default:
145		~~- $this->printDebug( "Using TLS or not using encryption.", 2 );~~
	156	+ $this->printDebug( "Using TLS or not using encryption.", self::SENSITIVE );
146	157	$serverpre = "ldap://";
147	158	}
148	159
—	—	@@ -156,7 +167,7 @@
157	168	}
158	169	$servers = rtrim($servers);
159	170
160		~~- $this->printDebug( "Using servers: $servers", 2 );~~
	171	+ $this->printDebug( "Using servers: $servers", self::SENSITIVE );
161	172
162	173	//Connect and set options
163	174	$ldapconn = @ldap_connect( $servers );
—	—	@@ -165,9 +176,9 @@
166	177
167	178	//TLS needs to be started after the connection is made
168	179	if ( $encryptionType == "tls" ) {
169		~~- $this->printDebug( "Using TLS", 2 );~~
	180	+ $this->printDebug( "Using TLS", self::SENSITIVE );
170	181	if ( !ldap_start_tls( $ldapconn ) ) {
171		~~- $this->printDebug( "Failed to start TLS.", 2 );~~
	182	+ $this->printDebug( "Failed to start TLS.", self::SENSITIVE );
172	183	return;
173	184	}
174	185	}
—	—	@@ -198,11 +209,11 @@
199	210	global $wgLDAPSearchStrings;
200	211	global $wgLDAPUniqueAttribute, $wgLDAPUniqueBlockLogin, $wgLDAPUniqueRenameUser;
201	212
202		~~- $this->printDebug( "Entering authenticate", 1 );~~
	213	+ $this->printDebug( "Entering authenticate", self::NONSENSITIVE );
203	214
204	215	//We don't handle local authentication
205	216	if ( 'local' == $_SESSION['wsDomain'] ) {
206		~~- $this->printDebug( "User is using a local domain", 2 );~~
	217	+ $this->printDebug( "User is using a local domain", self::SENSITIVE );
207	218	return false;
208	219	}
209	220
—	—	@@ -210,7 +221,7 @@
211	222	//that he/she isn't trying to fool us by sending a username other
212	223	//than the one the web server got from the smartcard.
213	224	if ( $this->useSmartcardAuth() && $wgLDAPSSLUsername != $username ) {
214		- $this->printDebug( "The username provided doesn't match the username on the smartcard. The user is probably trying to log in to the smartcard domain with password authentication. Denying access.", 2 );
	225	+ $this->printDebug( "The username provided doesn't match the username on the smartcard. The user is probably trying to log in to the smartcard domain with password authentication. Denying access.", self::SENSITIVE );
215	226	return false;
216	227	}
217	228
—	—	@@ -220,21 +231,21 @@
221	232	//Smartcard authentication uses a pin, and does not require
222	233	//a password to be given; a blank password here is wanted.
223	234	if ( '' == $password && !$this->useSmartcardAuth() ) {
224		~~- $this->printDebug( "User used a blank password", 1 );~~
	235	+ $this->printDebug( "User used a blank password", self::NONSENSITIVE );
225	236	return false;
226	237	}
227	238
228	239	$ldapconn = $this->connect();
229	240	if ( $ldapconn ) {
230		~~- $this->printDebug( "Connected successfully", 1 );~~
	241	+ $this->printDebug( "Connected successfully", self::NONSENSITIVE );
231	242
232	243	//Mediawiki munges the username before authenticate is called,
233	244	//this can mess with authentication, group pulling/restriction,
234		~~- //preference pulling, etc. Let's allow the user to use~~
235		~~- //a lowercased username.~~
	245	+ //preference pulling, etc. Let's allow the admin to use
	246	+ //a lowercased username if needed.
236	247	if ( isset( $wgLDAPLowerCaseUsername[$_SESSION['wsDomain']] ) && $wgLDAPLowerCaseUsername[$_SESSION['wsDomain']] ) {
	248	+ $this->printDebug( "Lowercasing the username: $username", self::NONSENSITIVE );
237	249	$username = strtolower( $username );
238		~~- $this->printDebug( "Lowercasing the username: $username", 1 );~~
239	250	}
240	251
241	252	$userdn = $this->getSearchString( $ldapconn, $username );
—	—	@@ -243,7 +254,7 @@
244	255	//empty string; if this happens, the bind will ALWAYS
245	256	//return true, and will let anyone in!
246	257	if ( '' == $userdn ) {
247		~~- $this->printDebug( "User DN is blank", 1 );~~
	258	+ $this->printDebug( "User DN is blank", self::NONSENSITIVE );
248	259	// Lets clean up.
249	260	@ldap_unbind();
250	261	return false;
—	—	@@ -252,7 +263,7 @@
253	264	//If we are using password authentication, we need to bind as the
254	265	//user to make sure the password is correct.
255	266	if ( !$this->useSmartcardAuth() ) {
256		~~- $this->printDebug( "Binding as the user", 1 );~~
	267	+ $this->printDebug( "Binding as the user", self::NONSENSITIVE );
257	268
258	269	//Let's see if the user can authenticate.
259	270	$bind = $this->bindAs( $ldapconn, $userdn, $password );
—	—	@@ -261,7 +272,7 @@
262	273	@ldap_unbind();
263	274	return false;
264	275	}
265		~~- $this->printDebug( "Binded successfully", 1 );~~
	276	+ $this->printDebug( "Binded successfully", self::NONSENSITIVE );
266	277
267	278	if ( isset( $wgLDAPSearchStrings[$_SESSION['wsDomain']] ) ) {
268	279	$ss = $wgLDAPSearchStrings[$_SESSION['wsDomain']];
—	—	@@ -270,20 +281,23 @@
271	282	//DOMAIN\\USER-NAME.
272	283	//Get the user's full DN so we can search for groups and such.
273	284	$userdn = $this->getUserDN( $ldapconn, $username );
274		~~- $this->printDebug( "Pulled the user's DN: $userdn", 1 );~~
	285	+ $this->printDebug( "Pulled the user's DN: $userdn", self::NONSENSITIVE );
275	286	}
276	287	}
277	288
278	289	if ( ( isset( $wgLDAPRequireAuthAttribute[$_SESSION['wsDomain']] )
279	290	&& $wgLDAPRequireAuthAttribute[$_SESSION['wsDomain']] ) ) {
280	291
281		~~- $this->printDebug( "Checking for auth attributes", 1 );~~
	292	+ $this->printDebug( "Checking for auth attributes", self::NONSENSITIVE );
	293	+
282	294	$filter = "(" . $wgLDAPAuthAttribute[$_SESSION['wsDomain']] . ")";
283	295	$attributes = array( "dn" );
	296	+
284	297	$entry = ldap_read( $ldapconn, $userdn, $filter, $attributes );
285	298	$info = ldap_get_entries( $ldapconn, $entry );
	299	+
286	300	if ( $info["count"] < 1 ) {
287		~~- $this->printDebug( "Failed auth attribute check", 1 );~~
	301	+ $this->printDebug( "Failed auth attribute check", self::NONSENSITIVE );
288	302	// Lets clean up.
289	303	@ldap_unbind();
290	304	return false;
—	—	@@ -294,9 +308,9 @@
295	309	//Old style groups, non-nestable and fairly limited on group type (full DN
296	310	//versus username). DEPRECATED
297	311	if ( $wgLDAPGroupDN ) {
298		~~- $this->printDebug( "Checking for (old style) group membership", 1 );~~
	312	+ $this->printDebug( "Checking for (old style) group membership", self::NONSENSITIVE );
299	313	if ( !$this->isMemberOfLdapGroup( $ldapconn, $userdn, $wgLDAPGroupDN ) ) {
300		~~- $this->printDebug( "Failed (old style) group membership check", 1 );~~
	314	+ $this->printDebug( "Failed (old style) group membership check", self::NONSENSITIVE );
301	315
302	316	//No point in going on if the user isn't in the required group
303	317	// Lets clean up.
—	—	@@ -307,7 +321,7 @@
308	322
309	323	//New style group checking
310	324	if ( isset( $wgLDAPRequiredGroups[$_SESSION['wsDomain']] ) ) {
311		~~- $this->printDebug( "Checking for (new style) group membership", 1 );~~
	325	+ $this->printDebug( "Checking for (new style) group membership", self::NONSENSITIVE );
312	326
313	327	if ( isset( $wgLDAPGroupUseFullDN[$_SESSION['wsDomain']] ) && $wgLDAPGroupUseFullDN[$_SESSION['wsDomain']] ) {
314	328	$inGroup = $this->isMemberOfRequiredLdapGroup( $ldapconn, $userdn );
—	—	@@ -316,7 +330,7 @@
317	331	&& $wgLDAPGroupUseRetrievedUsername[$_SESSION['wsDomain']] )
318	332	&& $this->LDAPUsername != '' ) {
319	333
320		~~- $this->printDebug( "Using the username retrieved from the user's entry.", 1 );~~
	334	+ $this->printDebug( "Using the username retrieved from the user's entry.", self::NONSENSITIVE );
321	335	$inGroup = $this->isMemberOfRequiredLdapGroup( $ldapconn, $this->LDAPUsername );
322	336	} else {
323	337	$inGroup = $this->isMemberOfRequiredLdapGroup( $ldapconn, $username );
—	—	@@ -333,7 +347,7 @@
334	348
335	349	//Synch LDAP groups with MediaWiki groups
336	350	if ( isset( $wgLDAPUseLDAPGroups[$_SESSION['wsDomain']] ) && $wgLDAPUseLDAPGroups[$_SESSION['wsDomain']] ) {
337		~~- $this->printDebug( "Retrieving LDAP group membership", 1 );~~
	351	+ $this->printDebug( "Retrieving LDAP group membership", self::NONSENSITIVE );
338	352
339	353	//Let's get the user's LDAP groups
340	354	if ( isset( $wgLDAPGroupUseFullDN[$_SESSION['wsDomain']] ) && $wgLDAPGroupUseFullDN[$_SESSION['wsDomain']] ) {
—	—	@@ -341,13 +355,15 @@
342	356	} else {
343	357	if ( ( isset( $wgLDAPGroupUseRetrievedUsername[$_SESSION['wsDomain']] ) && $wgLDAPGroupUseRetrievedUsername[$_SESSION['wsDomain']] )
344	358	&& $this->LDAPUsername != '' ) {
	359	+
345	360	$this->userLDAPGroups = $this->getUserGroups( $ldapconn, $this->LDAPUsername, true );
346	361	} else {
347	362	$this->userLDAPGroups = $this->getUserGroups( $ldapconn, $username, true );
348	363	}
349	364	}
350	365
351		~~- //If the user doesn't have any groups there is no need to waste another search.~~
	366	+ //Only find all groups if the user has any groups; otherwise, we are
	367	+ //just wasting a search.
352	368	if ( $this->foundUserLDAPGroups ) {
353	369	$this->allLDAPGroups = $this->getAllGroups( $ldapconn, true );
354	370	}
—	—	@@ -355,7 +371,7 @@
356	372
357	373	//Retrieve preferences
358	374	if ( isset( $wgLDAPRetrievePrefs[$_SESSION['wsDomain']] ) && $wgLDAPRetrievePrefs[$_SESSION['wsDomain']] ) {
359		~~- $this->printDebug( "Retrieving preferences", 1 );~~
	375	+ $this->printDebug( "Retrieving preferences", self::NONSENSITIVE );
360	376
361	377	$entry = @ldap_read( $ldapconn, $userdn, "objectclass=*" );
362	378	$info = @ldap_get_entries( $ldapconn, $entry );
—	—	@@ -364,19 +380,20 @@
365	381	$this->nickname = $info[0]["displayname"][0];
366	382	$this->realname = $info[0]["cn"][0];
367	383
368		~~- $this->printDebug( "Retrieved: $this->email, $this->lang, $this->nickname, $this->realname", 2 );~~
	384	+ $this->printDebug( "Retrieved: $this->email, $this->lang, $this->nickname, $this->realname", self::SENSITIVE );
369	385	}
370	386
371	387	// Are we blocking login/renaming users on unique external ID mismatches?
372	388	// * WARNING *
373	389	// This needs to be fixed before use! This probably does not work correctly
374	390	// with all options. It is probably a good idea to refactor the username stuff
375		- // in general (as it is currently somewhat of a kludge)! ***
	391	+ // in general (as it is currently somewhat of a kludge). Also, MediaWiki does
	392	+ // not currently have support for this.
376	393	// * WARNING *
377	394	if ( ( isset( $wgLDAPUniqueBlockLogin[$_SESSION['wsDomain']] ) && $wgLDAPUniqueBlockLogin[$_SESSION['wsDomain']] )
378	395	\|\| ( isset( $wgLDAPUniqueRenameUser[$_SESSION['wsDomain']] ) && $wgLDAPUniqueRenameUser[$_SESSION['wsDomain']] ) ) {
379	396
380		~~- $this->printDebug( "Checking for username change in LDAP.", 2 );~~
	397	+ $this->printDebug( "Checking for username change in LDAP.", self::SENSITIVE );
381	398
382	399	//Get the user's unique attribute from LDAP
383	400	if ( isset( $wgLDAPUniqueAttribute[$_SESSION['wsDomain']] ) ) {
—	—	@@ -384,27 +401,26 @@
385	402	$this->externalid = $info[0][$ldapuniqueattr][0];
386	403	}
387	404
388		~~- $this->printDebug( "Retrieved external id: $this->externalid", 2 );~~
	405	+ $this->printDebug( "Retrieved external id: $this->externalid", self::SENSITIVE );
389	406
390	407	$retrievedusername = User::whoIsExternalID( "$this->externalid" );
391	408
392		~~- $this->printDebug( "Username in database of fetched external id: $retrievedusername", 2 );~~
	409	+ $this->printDebug( "Username (in MediaWiki database) of fetched external id: $retrievedusername", self::SENSITIVE );
393	410
394	411	// See if the username returned from the database matches the username given
395	412	if ( $retrievedusername != '' && ( $username != $retrievedusername ) ) {
396		~~- //~~
397	413	if ( isset( $wgLDAPUniqueBlockLogin[$_SESSION['wsDomain']] )
398	414	&& $wgLDAPUniqueBlockLogin[$_SESSION['wsDomain']] ) {
399	415
400		~~- $this->printDebug( "Usernames do not match, blocking login.", 2 );~~
	416	+ $this->printDebug( "Usernames do not match, blocking login.", self::SENSITIVE );
401	417	return false;
402	418	} else if ( isset( $wgLDAPUniqueRenameUser[$_SESSION['wsDomain']] )
403	419	&& $wgLDAPUniqueRenameUser[$_SESSION['wsDomain']] ) {
404	420
405		~~- $this->printDebug( "Usernames do not match, renaming user in database.", 2 );~~
	421	+ $this->printDebug( "Usernames do not match, renaming user in database.", self::SENSITIVE );
406	422
407	423	if ( version_compare( $wgVersion, '1.7.0', '<' ) ) {
408		~~- $this->printDebug( "Renaming users is only supported in MediaWiki 1.7+, please upgrade.", 2 );~~
	424	+ $this->printDebug( "Renaming users is only supported in MediaWiki 1.7+, please upgrade.", self::SENSITIVE );
409	425	return false;
410	426	}
411	427
—	—	@@ -428,16 +444,16 @@
429	445	}
430	446	}
431	447
432		~~- $this->printDebug( "Usernames matched or the user doesn't exist in the database yet.", 2 );~~
	448	+ $this->printDebug( "Usernames matched or the user doesn't exist in the database yet.", self::SENSITIVE );
433	449	}
434	450
435	451	// Lets clean up.
436	452	@ldap_unbind();
437	453	} else {
438		~~- $this->printDebug( "Failed to connect", 1 );~~
	454	+ $this->printDebug( "Failed to connect", self::NONSENSITIVE );
439	455	return false;
440	456	}
441		~~- $this->printDebug( "Authentication passed", 1 );~~
	457	+ $this->printDebug( "Authentication passed", self::NONSENSITIVE );
442	458
443	459	//We made it this far; the user authenticated and didn't fail any checks, so he/she gets in.
444	460	return true;
—	—	@@ -454,7 +470,7 @@
455	471	global $wgLDAPAddLDAPUsers;
456	472	global $wgLDAPUseSmartcardAuth, $wgLDAPSmartcardDomain;
457	473
458		~~- $this->printDebug( "Entering modifyUITemplate", 1 );~~
	474	+ $this->printDebug( "Entering modifyUITemplate", self::NONSENSITIVE );
459	475
460	476	if ( !isset( $wgLDAPAddLDAPUsers[$_SESSION['wsDomain']] ) \|\| !$wgLDAPAddLDAPUsers[$_SESSION['wsDomain']] ) {
461	477	$template->set( 'create', false );
—	—	@@ -465,12 +481,13 @@
466	482
467	483	$tempDomArr = $wgLDAPDomainNames;
468	484	if ( $wgLDAPUseLocal ) {
469		~~- $this->printDebug( "Allowing the local domain, adding it to the list.", 1 );~~
	485	+ $this->printDebug( "Allowing the local domain, adding it to the list.", self::NONSENSITIVE );
470	486	array_push( $tempDomArr, 'local' );
471	487	}
472	488
473	489	if ( $wgLDAPUseSmartcardAuth ) {
474		~~- $this->printDebug( "Allowing smartcard login, removing the domain from the list.", 1 );~~
	490	+ $this->printDebug( "Allowing smartcard login, removing the domain from the list.", self::NONSENSITIVE );
	491	+
475	492	//There is no reason for people to log in directly to the wiki if the are using a
476	493	//smartcard. If they try to, they are probably up to something fishy.
477	494	unset( $tempDomArr[array_search( $wgLDAPSmartcardDomain, $tempDomArr )] );
—	—	@@ -511,23 +528,23 @@
512	529	function setPassword( $user, &$password ) {
513	530	global $wgLDAPUpdateLDAP, $wgLDAPWriterDN, $wgLDAPWriterPassword;
514	531
515		~~- $this->printDebug( "Entering setPassword", 1 );~~
	532	+ $this->printDebug( "Entering setPassword", self::NONSENSITIVE );
516	533
517	534	if ( $_SESSION['wsDomain'] == 'local' ) {
518		~~- $this->printDebug( "User is using a local domain", 1 );~~
	535	+ $this->printDebug( "User is using a local domain", self::NONSENSITIVE );
519	536
520	537	//We don't set local passwords, but we don't want the wiki
521	538	//to send the user a failure.
522	539	return true;
523	540	} else if ( !isset( $wgLDAPUpdateLDAP[$_SESSION['wsDomain']] ) \|\| !$wgLDAPUpdateLDAP[$_SESSION['wsDomain']] ) {
524		~~- $this->printDebug( "Wiki is set to not allow updates", 1 );~~
	541	+ $this->printDebug( "Wiki is set to not allow updates", self::NONSENSITIVE );
525	542
526	543	//We aren't allowing the user to change his/her own password
527	544	return false;
528	545	}
529	546
530	547	if ( !isset( $wgLDAPWriterDN[$_SESSION['wsDomain']] ) ) {
531		~~- $this->printDebug( "Wiki doesn't have wgLDAPWriterDN set", 1 );~~
	548	+ $this->printDebug( "Wiki doesn't have wgLDAPWriterDN set", self::NONSENSITIVE );
532	549
533	550	//We can't change a user's password without an account that is
534	551	//allowed to do it.
—	—	@@ -538,10 +555,10 @@
539	556
540	557	$ldapconn = $this->connect();
541	558	if ( $ldapconn ) {
542		~~- $this->printDebug( "Connected successfully", 1 );~~
	559	+ $this->printDebug( "Connected successfully", self::NONSENSITIVE );
543	560	$userdn = $this->getSearchString( $ldapconn, $user->getName() );
544	561
545		~~- $this->printDebug( "Binding as the writerDN", 1 );~~
	562	+ $this->printDebug( "Binding as the writerDN", self::NONSENSITIVE );
546	563	$bind = $this->bindAs( $ldapconn, $wgLDAPWriterDN[$_SESSION['wsDomain']], $wgLDAPWriterPassword[$_SESSION['wsDomain']] );
547	564	if ( !$bind ) {
548	565	return false;
—	—	@@ -558,13 +575,14 @@
559	576	//Let's clean up
560	577	@ldap_unbind();
561	578	if ( $success ) {
562		~~- $this->printDebug( "Successfully modified the user's password", 1 );~~
	579	+ $this->printDebug( "Successfully modified the user's password", self::NONSENSITIVE );
563	580	return true;
564	581	} else {
565		~~- $this->printDebug( "Failed to modify the user's password", 1 );~~
	582	+ $this->printDebug( "Failed to modify the user's password", self::NONSENSITIVE );
566	583	return false;
567	584	}
568	585	} else {
	586	+ $this->printDebug( "Failed to connect", self::NONSENSITIVE );
569	587	return false;
570	588	}
571	589	}
—	—	@@ -581,11 +599,11 @@
582	600	global $wgLDAPUpdateLDAP;
583	601	global $wgLDAPWriterDN, $wgLDAPWriterPassword;
584	602
585		~~- $this->printDebug( "Entering updateExternalDB", 1 );~~
	603	+ $this->printDebug( "Entering updateExternalDB", self::NONSENSITIVE );
586	604
587	605	if ( ( !isset( $wgLDAPUpdateLDAP[$_SESSION['wsDomain']] ) \|\| !$wgLDAPUpdateLDAP[$_SESSION['wsDomain']] ) \|\|
588	606	$_SESSION['wsDomain'] == 'local' ) {
589		~~- $this->printDebug( "Either the user is using a local domain, or the wiki isn't allowing updates", 1 );~~
	607	+ $this->printDebug( "Either the user is using a local domain, or the wiki isn't allowing updates", self::NONSENSITIVE );
590	608
591	609	//We don't handle local preferences, but we don't want the
592	610	//wiki to return an error.
—	—	@@ -593,7 +611,7 @@
594	612	}
595	613
596	614	if ( !isset( $wgLDAPWriterDN[$_SESSION['wsDomain']] ) ) {
597		~~- $this->printDebug( "The wiki doesn't have wgLDAPWriterDN set", 1 );~~
	615	+ $this->printDebug( "The wiki doesn't have wgLDAPWriterDN set", self::NONSENSITIVE );
598	616
599	617	//We can't modify LDAP preferences if we don't have a user
600	618	//capable of editing LDAP attributes.
—	—	@@ -607,10 +625,10 @@
608	626
609	627	$ldapconn = $this->connect();
610	628	if ( $ldapconn ) {
611		~~- $this->printDebug( "Connected successfully", 1 );~~
	629	+ $this->printDebug( "Connected successfully", self::NONSENSITIVE );
612	630	$userdn = $this->getSearchString( $ldapconn, $user->getName() );
613	631
614		~~- $this->printDebug( "Binding as the writerDN", 1 );~~
	632	+ $this->printDebug( "Binding as the writerDN", self::NONSENSITIVE );
615	633	$bind = $this->bindAs( $ldapconn, $wgLDAPWriterDN[$_SESSION['wsDomain']], $wgLDAPWriterPassword[$_SESSION['wsDomain']] );
616	634	if ( !$bind ) {
617	635	return false;
—	—	@@ -622,16 +640,16 @@
623	641	if ( '' != $this->language ) { $values["preferredlanguage"] = $this->language; }
624	642
625	643	if ( 0 != sizeof( $values ) && ldap_modify( $ldapconn, $userdn, $values ) ) {
626		~~- $this->printDebug( "Successfully modified the user's attributes", 1 );~~
	644	+ $this->printDebug( "Successfully modified the user's attributes", self::NONSENSITIVE );
627	645	@ldap_unbind();
628	646	return true;
629	647	} else {
630		~~- $this->printDebug( "Failed to modify the user's attributes", 1 );~~
	648	+ $this->printDebug( "Failed to modify the user's attributes", self::NONSENSITIVE );
631	649	@ldap_unbind();
632	650	return false;
633	651	}
634	652	} else {
635		~~- $this->printDebug( "Failed to Connect", 1 );~~
	653	+ $this->printDebug( "Failed to Connect", self::NONSENSITIVE );
636	654	return false;
637	655	}
638	656	}
—	—	@@ -697,18 +715,18 @@
698	716	global $wgLDAPRequiredGroups, $wgLDAPGroupDN;
699	717	global $wgLDAPRequireAuthAttribute, $wgLDAPAuthAttribute;
700	718
701		~~- $this->printDebug( "Entering addUser", 1 );~~
	719	+ $this->printDebug( "Entering addUser", self::NONSENSITIVE );
702	720
703	721	if ( ( !isset( $wgLDAPAddLDAPUsers[$_SESSION['wsDomain']] ) \|\| !$wgLDAPAddLDAPUsers[$_SESSION['wsDomain']] ) \|\|
704	722	'local' == $_SESSION['wsDomain'] ) {
705		~~- $this->printDebug( "Either the user is using a local domain, or the wiki isn't allowing users to be added to LDAP", 1 );~~
	723	+ $this->printDebug( "Either the user is using a local domain, or the wiki isn't allowing users to be added to LDAP", self::NONSENSITIVE );
706	724
707	725	//Tell the wiki not to return an error.
708	726	return true;
709	727	}
710	728
711	729	if ( $wgLDAPRequiredGroups \|\| $wgLDAPGroupDN ) {
712		~~- $this->printDebug( "The wiki is requiring users to be in specific groups, and cannot add users as this would be a security hole.", 1 );~~
	730	+ $this->printDebug( "The wiki is requiring users to be in specific groups, and cannot add users as this would be a security hole.", self::NONSENSITIVE );
713	731	//It is possible that later we can add users into
714	732	//groups, but since we don't support it, we don't want
715	733	//to open holes!
—	—	@@ -716,7 +734,7 @@
717	735	}
718	736
719	737	if ( !isset( $wgLDAPWriterDN[$_SESSION['wsDomain']] ) ) {
720		~~- $this->printDebug( "The wiki doesn't have wgLDAPWriterDN set", 1 );~~
	738	+ $this->printDebug( "The wiki doesn't have wgLDAPWriterDN set", self::NONSENSITIVE );
721	739
722	740	//We can't add users without an LDAP account capable of doing so.
723	741	return false;
—	—	@@ -730,30 +748,34 @@
731	749
732	750	$ldapconn = $this->connect();
733	751	if ( $ldapconn ) {
734		~~- $this->printDebug( "Successfully connected", 1 );~~
	752	+ $this->printDebug( "Successfully connected", self::NONSENSITIVE );
	753	+
735	754	$userdn = $this->getSearchString( $ldapconn, $username );
736	755	if ( '' == $userdn ) {
737		~~- $this->printDebug( "userdn is blank, attempting to use wgLDAPWriteLocation", 1 );~~
	756	+ $this->printDebug( "userdn is blank, attempting to use wgLDAPWriteLocation", self::NONSENSITIVE );
738	757	if ( isset( $wgLDAPWriteLocation[$_SESSION['wsDomain']] ) ) {
739		~~- $this->printDebug( "wgLDAPWriteLocation is set, using that", 1 );~~
	758	+ $this->printDebug( "wgLDAPWriteLocation is set, using that", self::NONSENSITIVE );
740	759	$userdn = $wgLDAPSearchAttributes[$_SESSION['wsDomain']] . "=" .
741	760	$username . $wgLDAPWriteLocation[$_SESSION['wsDomain']];
742	761	} else {
743		~~- $this->printDebug( "wgLDAPWriteLocation is not set, failing", 1 );~~
	762	+ $this->printDebug( "wgLDAPWriteLocation is not set, failing", self::NONSENSITIVE );
744	763	//getSearchString will bind, but will not unbind
745	764	@ldap_unbind();
746	765	return false;
747	766	}
748	767	}
749	768
750		~~- $this->printDebug( "Binding as the writerDN", 1 );~~
	769	+ $this->printDebug( "Binding as the writerDN", self::NONSENSITIVE );
	770	+
751	771	$bind = $this->bindAs( $ldapconn, $wgLDAPWriterDN[$_SESSION['wsDomain']], $wgLDAPWriterPassword[$_SESSION['wsDomain']] );
752	772	if ( !$bind ) {
	773	+ $this->printDebug( "Failed to bind as the writerDN; add failed", self::NONSENSITIVE );
753	774	return false;
754	775	}
755	776
756	777	//Set up LDAP attributes
757	778	$values["uid"] = $username;
	779	+ //sn is required for objectclass inetorgperson
758	780	$values["sn"] = $username;
759	781	if ( '' != $this->email ) { $values["mail"] = $this->email; }
760	782	if ( '' != $this->realname ) {$values["cn"] = $this->realname; }
—	—	@@ -765,16 +787,18 @@
766	788	$values[$wgLDAPAuthAttribute[$_SESSION['wsDomain']]] = "true";
767	789	}
768	790
	791	+ $this->printDebug( "Adding user", self::NONSENSITIVE );
769	792	if ( @ldap_add( $ldapconn, $userdn, $values ) ) {
770		~~- $this->printDebug( "Successfully added user", 1 );~~
	793	+ $this->printDebug( "Successfully added user", self::NONSENSITIVE );
771	794	@ldap_unbind();
772	795	return true;
773	796	} else {
774		~~- $this->printDebug( "Failed to add user", 1 );~~
	797	+ $this->printDebug( "Failed to add user", self::NONSENSITIVE );
775	798	@ldap_unbind();
776	799	return false;
777	800	}
778	801	} else {
	802	+ $this->printDebug( "Failed to connect; add failed", self::NONSENSITIVE );
779	803	return false;
780	804	}
781	805	}
—	—	@@ -786,7 +810,7 @@
787	811	* @access public
788	812	*/
789	813	function setDomain( $domain ) {
790		~~- $this->printDebug( "Setting domain as: $domain", 1 );~~
	814	+ $this->printDebug( "Setting domain as: $domain", self::NONSENSITIVE );
791	815	$_SESSION['wsDomain'] = $domain;
792	816	}
793	817
—	—	@@ -801,13 +825,13 @@
802	826	function validDomain( $domain ) {
803	827	global $wgLDAPDomainNames, $wgLDAPUseLocal;
804	828
805		~~- $this->printDebug( "Entering validDomain", 1 );~~
	829	+ $this->printDebug( "Entering validDomain", self::NONSENSITIVE );
806	830
807	831	if ( in_array( $domain, $wgLDAPDomainNames ) \|\| ( $wgLDAPUseLocal && 'local' == $domain ) ) {
808		~~- $this->printDebug( "User is using a valid domain.", 1 );~~
	832	+ $this->printDebug( "User is using a valid domain.", self::NONSENSITIVE );
809	833	return true;
810	834	} else {
811		~~- $this->printDebug( "User is not using a valid domain.", 1 );~~
	835	+ $this->printDebug( "User is not using a valid domain.", self::NONSENSITIVE );
812	836	return false;
813	837	}
814	838	}
—	—	@@ -817,19 +841,21 @@
818	842	*
819	843	* @param User $user
820	844	* @access public
	845	+ * TODO: fix the setExternalID stuff
821	846	*/
822	847	function updateUser( &$user ) {
823	848	global $wgLDAPRetrievePrefs;
824	849	global $wgLDAPUseLDAPGroups;
	850	+ global $wgLDAPUniqueBlockLogin, $wgLDAPUniqueRenameUser;
825	851
826		~~- $this->printDebug( "Entering updateUser", 1 );~~
	852	+ $this->printDebug( "Entering updateUser", self::NONSENSITIVE );
827	853
828	854	$saveSettings = false;
829	855
830	856	//If we aren't pulling preferences, we don't want to accidentally
831	857	//overwrite anything.
832	858	if ( isset( $wgLDAPRetrievePrefs[$_SESSION['wsDomain']] ) && $wgLDAPRetrievePrefs[$_SESSION['wsDomain']] ) {
833		~~- $this->printDebug( "Setting user preferences.", 1 );~~
	859	+ $this->printDebug( "Setting user preferences.", self::NONSENSITIVE );
834	860
835	861	if ( '' != $this->lang ) {
836	862	$user->setOption( 'language', $this->lang );
—	—	@@ -843,60 +869,44 @@
844	870	if ( '' != $this->email ) {
845	871	$user->setEmail( $this->email );
846	872	}
847		~~- if ( '' != $this->externalid ) {~~
848		~~- $user->setExternalID( $this->externalid );~~
	873	+ if ( ( isset( $wgLDAPUniqueBlockLogin[$_SESSION['wsDomain']] ) && $wgLDAPUniqueBlockLogin[$_SESSION['wsDomain']] )
	874	+ \|\| ( isset( $wgLDAPUniqueRenameUser[$_SESSION['wsDomain']] ) && $wgLDAPUniqueRenameUser[$_SESSION['wsDomain']] ) ) {
	875	+
	876	+ if ( '' != $this->externalid ) {
	877	+ $user->setExternalID( $this->externalid );
	878	+ }
849	879	}
850	880
851	881	$saveSettings = true;
852	882	}
853	883
854	884	if ( isset( $wgLDAPUseLDAPGroups[$_SESSION['wsDomain']] ) && $wgLDAPUseLDAPGroups[$_SESSION['wsDomain']] ) {
	885	+ $this->printDebug( "Setting user groups.", self::NONSENSITIVE );
855	886	$this->setGroups( $user );
	887	+
856	888	$saveSettings = true;
857	889	}
858	890
859	891	if ( $saveSettings ) {
860		~~- $this->printDebug( "Saving user settings.", 1 );~~
	892	+ $this->printDebug( "Saving user settings.", self::NONSENSITIVE );
861	893	$user->saveSettings();
862	894	}
863	895	}
864	896
865	897	/**
866		~~- * Return true to prevent logins that don't authenticate here from being~~
867		~~- * checked against the local database's password fields.~~
868		- *
869		~~- * This is just a question, and shouldn't perform any actions.~~
870		- *
871		~~- * @return bool~~
872		~~- * @access public~~
873		~~- */~~
874		~~- function strict() {~~
875		~~- global $wgLDAPUseLocal, $wgLDAPMailPassword;~~
876		-
877		~~- $this->printDebug( "Entering strict.", 1 );~~
878		-
879		~~- if ( $wgLDAPUseLocal \|\| $wgLDAPMailPassword ) {~~
880		~~- $this->printDebug( "Returning false in strict().", 1 );~~
881		~~- return false;~~
882		~~- } else {~~
883		~~- $this->printDebug( "Returning true in strict().", 1 );~~
884		~~- return true;~~
885		~~- }~~
886		~~- }~~
887		-
888		- /**
889	898	* When creating a user account, initialize user with information from LDAP.
890	899	*
891	900	* @param User $user
892	901	* @access public
	902	+ * TODO: fix setExternalID stuff
893	903	*/
894	904	function initUser( &$user ) {
895	905	global $wgLDAPUseLDAPGroups;
896	906
897		~~- $this->printDebug( "Entering initUser", 1 );~~
	907	+ $this->printDebug( "Entering initUser", self::NONSENSITIVE );
898	908
899	909	if ( 'local' == $_SESSION['wsDomain'] ) {
900		~~- $this->printDebug( "User is using a local domain", 1 );~~
	910	+ $this->printDebug( "User is using a local domain", self::NONSENSITIVE );
901	911	return;
902	912	}
903	913
—	—	@@ -905,32 +915,37 @@
906	916	//security of our domain.
907	917	$user->mPassword = '';
908	918
909		~~- if ( isset( $wgLDAPRetrievePrefs[$_SESSION['wsDomain']] ) && $wgLDAPRetrievePrefs[$_SESSION['wsDomain']] ) {~~
910		~~- if ( '' != $this->lang ) {~~
911		~~- $user->setOption( 'language', $this->lang );~~
912		~~- }~~
913		~~- if ( '' != $this->nickname ) {~~
914		~~- $user->setOption( 'nickname', $this->nickname );~~
915		~~- }~~
916		~~- if ( '' != $this->realname ) {~~
917		~~- $user->setRealName( $this->realname );~~
918		~~- }~~
919		~~- if ( '' != $this->email ) {~~
920		~~- $user->setEmail( $this->email );~~
921		~~- }~~
922		~~- if ( '' != $this->externalid ) {~~
923		~~- $user->setExternalID( 'uniqueLDAPattr', $this->externalid );~~
924		~~- }~~
925		~~- }~~
	919	+ //The update user function does everything else we need done.
	920	+ $this->updateUser($user);
926	921
927		~~- if ( isset( $wgLDAPUseLDAPGroups[$_SESSION['wsDomain']] ) && $wgLDAPUseLDAPGroups[$_SESSION['wsDomain']] ) {~~
928		~~- $this->setGroups( $user );~~
929		~~- }~~
930		-
	922	+ //updateUser() won't definately save the user's settings
931	923	$user->saveSettings();
932	924	}
933	925
934	926	/**
	927	+ * Return true to prevent logins that don't authenticate here from being
	928	+ * checked against the local database's password fields.
	929	+ *
	930	+ * This is just a question, and shouldn't perform any actions.
	931	+ *
	932	+ * @return bool
	933	+ * @access public
	934	+ */
	935	+ function strict() {
	936	+ global $wgLDAPUseLocal, $wgLDAPMailPassword;
	937	+
	938	+ $this->printDebug( "Entering strict.", self::NONSENSITIVE );
	939	+
	940	+ if ( $wgLDAPUseLocal \|\| $wgLDAPMailPassword ) {
	941	+ $this->printDebug( "Returning false in strict().", self::NONSENSITIVE );
	942	+ return false;
	943	+ } else {
	944	+ $this->printDebug( "Returning true in strict().", self::NONSENSITIVE );
	945	+ return true;
	946	+ }
	947	+ }
	948	+
	949	+ /**
935	950	* Munge the username to always have a form of uppercase for the first letter,
936	951	* and lowercase for the rest of the letters.
937	952	*
—	—	@@ -939,15 +954,15 @@
940	955	* @access public
941	956	*/
942	957	function getCanonicalName( $username ) {
943		~~- $this->printDebug( "Entering getCanonicalName", 1 );~~
	958	+ $this->printDebug( "Entering getCanonicalName", self::NONSENSITIVE );
944	959
945	960	if ( $username != '' ) {
946		~~- $this->printDebug( "Username isn't empty.", 1 );~~
	961	+ $this->printDebug( "Username isn't empty.", self::NONSENSITIVE );
947	962
948	963	//We want to use the username returned by LDAP
949	964	//if it exists
950	965	if ( $this->LDAPUsername != '' ) {
951		~~- $this->printDebug( "Using LDAPUsername.", 1 );~~
	966	+ $this->printDebug( "Using LDAPUsername.", self::NONSENSITIVE );
952	967	$username = $this->LDAPUsername;
953	968	}
954	969
—	—	@@ -959,21 +974,13 @@
960	975	//uppercase the first letter
961	976	$username[0] = strtoupper( $username[0] );
962	977	}
963		~~- $this->printDebug( "Munged username: $username", 1 );~~
	978	+
	979	+ $this->printDebug( "Munged username: $username", self::NONSENSITIVE );
	980	+
964	981	return $username;
965	982	}
966	983
967	984	/**
968		~~- * Returns the username pulled from LDAP when getSearchString() was called.~~
969		- *
970		~~- * @return string~~
971		~~- * @access public~~
972		~~- */~~
973		~~- function getLDAPUsername() {~~
974		~~- return $this->LDAPUsername;~~
975		~~- }~~
976		-
977		- /**
978	985	* Configures the authentication plugin for use with auto-authentication
979	986	* plugins.
980	987	*
—	—	@@ -1000,11 +1007,11 @@
1001	1008	global $wgLDAPSearchStrings;
1002	1009	global $wgLDAPProxyAgent, $wgLDAPProxyAgentPassword;
1003	1010
1004		~~- $this->printDebug( "Entering getSearchString", 1 );~~
	1011	+ $this->printDebug( "Entering getSearchString", self::NONSENSITIVE );
1005	1012
1006	1013	if ( isset( $wgLDAPSearchStrings[$_SESSION['wsDomain']] ) ) {
1007	1014	//This is a straight bind
1008		~~- $this->printDebug( "Doing a straight bind", 1 );~~
	1015	+ $this->printDebug( "Doing a straight bind", self::NONSENSITIVE );
1009	1016
1010	1017	$tmpuserdn = $wgLDAPSearchStrings[$_SESSION['wsDomain']];
1011	1018	$userdn = str_replace( "USER-NAME", $username, $tmpuserdn );
—	—	@@ -1012,22 +1019,22 @@
1013	1020	//This is a proxy bind, or an anonymous bind with a search
1014	1021	if ( isset( $wgLDAPProxyAgent[$_SESSION['wsDomain']] ) ) {
1015	1022	//This is a proxy bind
1016		~~- $this->printDebug( "Doing a proxy bind", 1 );~~
	1023	+ $this->printDebug( "Doing a proxy bind", self::NONSENSITIVE );
1017	1024	$bind = $this->bindAs( $ldapconn, $wgLDAPProxyAgent[$_SESSION['wsDomain']], $wgLDAPProxyAgentPassword[$_SESSION['wsDomain']] );
1018	1025	} else {
1019	1026	//This is an anonymous bind
1020		~~- $this->printDebug( "Doing an anonymous bind", 1 );~~
	1027	+ $this->printDebug( "Doing an anonymous bind", self::NONSENSITIVE );
1021	1028	$bind = $this->bindAs( $ldapconn );
1022	1029	}
1023	1030
1024	1031	if ( !$bind ) {
1025		~~- $this->printDebug( "Failed to bind", 1 );~~
	1032	+ $this->printDebug( "Failed to bind", self::NONSENSITIVE );
1026	1033	return '';
1027	1034	}
1028	1035
1029	1036	$userdn = $this->getUserDN( $ldapconn, $username );
1030	1037	}
1031		~~- $this->printDebug( "userdn is: $userdn", 2 );~~
	1038	+ $this->printDebug( "userdn is: $userdn", self::SENSITIVE );
1032	1039	return $userdn;
1033	1040	}
1034	1041
—	—	@@ -1044,9 +1051,8 @@
1045	1052	function getUserDN( $ldapconn, $username ) {
1046	1053	global $wgLDAPSearchAttributes;
1047	1054	global $wgLDAPRequireAuthAttribute, $wgLDAPAuthAttribute;
1048		~~- global $wgLDAPBaseDNs;~~
1049	1055
1050		~~- $this->printDebug("Entering getUserDN",1);~~
	1056	+ $this->printDebug("Entering getUserDN", self::NONSENSITIVE);
1051	1057
1052	1058	//we need to do a subbase search for the entry
1053	1059
—	—	@@ -1056,30 +1062,30 @@
1057	1063	$auth_filter = "(" . $wgLDAPAuthAttribute[$_SESSION['wsDomain']] . ")";
1058	1064	$srch_filter = "(" . $wgLDAPSearchAttributes[$_SESSION['wsDomain']] . "=" . $this->getLdapEscapedString( $username ) . ")";
1059	1065	$filter = "(&" . $srch_filter . $auth_filter . ")";
1060		~~- $this->printDebug( "Created an auth attribute filter: $filter", 2 );~~
	1066	+ $this->printDebug( "Created an auth attribute filter: $filter", self::SENSITIVE );
1061	1067	} else {
1062	1068	$filter = "(" . $wgLDAPSearchAttributes[$_SESSION['wsDomain']] . "=" . $this->getLdapEscapedString( $username ) . ")";
1063		~~- $this->printDebug( "Created a regular filter: $filter", 2 );~~
	1069	+ $this->printDebug( "Created a regular filter: $filter", self::SENSITIVE );
1064	1070	}
1065	1071
1066	1072	$attributes = array( "*" );
1067		~~- $base = $wgLDAPBaseDNs[$_SESSION['wsDomain']];~~
	1073	+ $base = $this->getBaseDN( self::USERDN );
1068	1074
1069		~~- $this->printDebug( "Using base: $base", 2 );~~
	1075	+ $this->printDebug( "Using base: $base", self::SENSITIVE );
1070	1076
1071	1077	$entry = @ldap_search( $ldapconn, $base, $filter, $attributes );
1072	1078	if ( !$entry ) {
1073		~~- $this->printDebug( "Couldn't find an entry", 1 );~~
	1079	+ $this->printDebug( "Couldn't find an entry", self::NONSENSITIVE );
1074	1080	return '';
1075	1081	}
1076	1082
1077	1083	$info = @ldap_get_entries( $ldapconn, $entry );
1078	1084
1079		~~- //This is a pretty useful thing to have for both smartcard authentication,~~
	1085	+ //This is a pretty useful thing to have for smartcard authentication,
1080	1086	//group checking, and pulling preferences.
1081	1087	wfRunHooks( 'SetUsernameAttributeFromLDAP', array( &$this->LDAPUsername, $info ) );
1082	1088	if ( !is_string( $this->LDAPUsername ) ) {
1083		~~- $this->printDebug( "Fetched username is not a string (check your hook code...).", 1 );~~
	1089	+ $this->printDebug( "Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined.", self::NONSENSITIVE );
1084	1090	$this->LDAPUsername = '';
1085	1091	}
1086	1092
—	—	@@ -1089,11 +1095,12 @@
1090	1096
1091	1097	//DEPRECATED
1092	1098	function isMemberOfLdapGroup( $ldapconn, $userDN, $groupDN ) {
1093		~~- $this->printDebug( "Entering isMemberOfLdapGroup (DEPRECATED)", 1 );~~
	1099	+ $this->printDebug( "Entering isMemberOfLdapGroup (DEPRECATED)", self::NONSENSITIVE );
1094	1100
1095	1101	//we need to do a subbase search for the entry
1096	1102	$filter = "(member=" . $this->getLdapEscapedString( $userDN ) . ")";
1097	1103	$info = ldap_get_entries( $ldapconn, @ldap_search( $ldapconn, $groupDN, $filter ) );
	1104	+
1098	1105	return ( $info["count"] >= 1 );
1099	1106	}
1100	1107
—	—	@@ -1109,7 +1116,7 @@
1110	1117	global $wgLDAPRequiredGroups;
1111	1118	global $wgLDAPGroupSearchNestedGroups;
1112	1119
1113		~~- $this->printDebug( "Entering isMemberOfRequiredLdapGroup", 1 );~~
	1120	+ $this->printDebug( "Entering isMemberOfRequiredLdapGroup", self::NONSENSITIVE );
1114	1121
1115	1122	$reqgroups = $wgLDAPRequiredGroups[$_SESSION['wsDomain']];
1116	1123	for ( $i = 0; $i < count( $reqgroups ); $i++ ) {
—	—	@@ -1118,35 +1125,35 @@
1119	1126
1120	1127	$searchnested = $wgLDAPGroupSearchNestedGroups[$_SESSION['wsDomain']];
1121	1128
1122		~~- $this->printDebug( "Required groups:" . implode( ",",$reqgroups ) . "", 1 );~~
	1129	+ $this->printDebug( "Required groups:" . implode( ",",$reqgroups ) . "", self::NONSENSITIVE );
1123	1130
1124	1131	$groups = $this->getUserGroups( $ldapconn, $userDN );
1125	1132
	1133	+ //TODO: using variables for this kind of thing is dirty, let's think of a new way
	1134	+ // to handle this need.
1126	1135	if ( !$this->foundUserLDAPGroups ) {
	1136	+ $this->printDebug( "Couldn't find the user in any groups (1).", self::NONSENSITIVE );
	1137	+
1127	1138	//User isn't in any groups, so he/she obviously can't be in
1128	1139	//a required one
1129		~~- $this->printDebug( "Couldn't find the user in any groups (1).", 1 );~~
1130		-
1131	1140	return false;
1132	1141	} else {
1133	1142	//User is in groups, let's see if a required group is one of them
1134	1143	foreach ( $groups as $group ) {
1135	1144	if ( in_array( $group, $reqgroups ) ) {
1136		~~- $this->printDebug( "Found user in a group.", 1 );~~
	1145	+ $this->printDebug( "Found user in a group.", self::NONSENSITIVE );
1137	1146	return true;
1138	1147	}
1139	1148	}
1140	1149
1141	1150	//We didn't find the user in the group, lets check nested groups
1142	1151	if ( $searchnested ) {
1143		~~- //No reason to go on if we aren't allowing nested group~~
1144		~~- //searches~~
1145	1152	if ( $this->searchNestedGroups( $ldapconn, $groups ) ) {
1146	1153	return true;
1147	1154	}
1148	1155	}
1149	1156
1150		~~- $this->printDebug( "Couldn't find the user in any groups (2).", 1 );~~
	1157	+ $this->printDebug( "Couldn't find the user in any groups (2).", self::NONSENSITIVE );
1151	1158
1152	1159	return false;
1153	1160	}
—	—	@@ -1166,15 +1173,15 @@
1167	1174	function searchNestedGroups( $ldapconn, $groups, $checkedgroups = array() ) {
1168	1175	global $wgLDAPRequiredGroups;
1169	1176
1170		~~- $this->printDebug( "Entering searchNestedGroups", 1 );~~
	1177	+ $this->printDebug( "Entering searchNestedGroups", self::NONSENSITIVE );
1171	1178
1172	1179	//base case, no more groups left to check
1173	1180	if ( !$groups ) {
1174		~~- $this->printDebug( "Couldn't find user in any nested groups.", 1 );~~
	1181	+ $this->printDebug( "Couldn't find user in any nested groups.", self::NONSENSITIVE );
1175	1182	return false;
1176	1183	}
1177	1184
1178		~~- $this->printDebug( "Checking groups:" . implode( ",", $groups ) . "", 2 );~~
	1185	+ $this->printDebug( "Checking groups:" . implode( ",", $groups ) . "", self::SENSITIVE );
1179	1186
1180	1187	$reqgroups = $wgLDAPRequiredGroups[$_SESSION['wsDomain']];
1181	1188	for ( $i = 0; $i < count( $reqgroups ); $i++ ) {
—	—	@@ -1185,12 +1192,12 @@
1186	1193	foreach ( $groups as $group ) {
1187	1194	$returnedgroups = $this->getUserGroups( $ldapconn, $group );
1188	1195	foreach ( $returnedgroups as $checkme ) {
1189		~~- $this->printDebug( "Checking membership for: $checkme", 2 );~~
	1196	+ $this->printDebug( "Checking membership for: $checkme", self::SENSITIVE );
1190	1197	if ( in_array( $checkme, $checkedgroups ) ) {
1191	1198	//We already checked this, move on
1192	1199	continue;
1193	1200	} else if ( in_array( $checkme, $reqgroups ) ) {
1194		~~- $this->printDebug( "Found user in a nested group.", 1 );~~
	1201	+ $this->printDebug( "Found user in a nested group.", self::NONSENSITIVE );
1195	1202	//Woohoo
1196	1203	return true;
1197	1204	} else {
—	—	@@ -1203,15 +1210,12 @@
1204	1211	$checkedgroups = array_unique( array_merge( $groups, $checkedgroups ) );
1205	1212
1206	1213	//Mmmmmm. Tail recursion. Tasty.
1207		~~- if ( $this->searchNestedGroups( $ldapconn, $groupstocheck, $checkedgroups ) ) {~~
1208		~~- return true;~~
1209		~~- } else {~~
1210		~~- return false;~~
1211		~~- }~~
	1214	+ return $this->searchNestedGroups( $ldapconn, $groupstocheck, $checkedgroups );
1212	1215	}
1213	1216
1214	1217	/**
1215		~~- * Helper function for isMemberOfRequiredLdapGroup and searchNestedGroups~~
	1218	+ * Helper function for isMemberOfRequiredLdapGroup and searchNestedGroups. Returns
	1219	+ * a list of groups the user is in, all munged to lowercase.
1216	1220	* Sets $this->foundUserLDAPGroups
1217	1221	*
1218	1222	* @param resource $ldapconn
—	—	@@ -1220,7 +1224,7 @@
1221	1225	* @access private
1222	1226	*/
1223	1227	function getUserGroups( $ldapconn, $dn, $getShortnames = false ) {
1224		~~- $this->printDebug( "Entering getUserGroups", 1 );~~
	1228	+ $this->printDebug( "Entering getUserGroups", self::NONSENSITIVE );
1225	1229
1226	1230	//Let's return the saved groups if they are available
1227	1231	if ( $getShortnames ) {
—	—	@@ -1256,7 +1260,9 @@
1257	1261	}
1258	1262
1259	1263	/**
1260		~~- * Helper function for retrieving all LDAP groups~~
	1264	+ * Helper function for retrieving all LDAP groups. Returns
	1265	+ * a list of all groups in the LDAP server, under the appropriate
	1266	+ * basedn, all munged to lowercase.
1261	1267	* Sets $this->foundAllLDAPGroups
1262	1268	*
1263	1269	* @param resource $ldapconn
—	—	@@ -1265,7 +1271,7 @@
1266	1272	* @access private
1267	1273	*/
1268	1274	function getAllGroups( $ldapconn, $getShortnames = false ) {
1269		~~- $this->printDebug( "Entering getAllGroups", 1 );~~
	1275	+ $this->printDebug( "Entering getAllGroups", self::NONSENSITIVE );
1270	1276
1271	1277	//Let's return the saved groups if they are available
1272	1278	if ( $getShortnames ) {
—	—	@@ -1310,13 +1316,12 @@
1311	1317	* @access private
1312	1318	*/
1313	1319	function getGroups( $ldapconn, $dn ) {
1314		~~- global $wgLDAPBaseDNs;~~
1315	1320	global $wgLDAPGroupObjectclass, $wgLDAPGroupAttribute, $wgLDAPGroupNameAttribute;
1316	1321	global $wgLDAPProxyAgent, $wgLDAPProxyAgentPassword;
1317	1322
1318		~~- $this->printDebug( "Entering getGroups", 1 );~~
	1323	+ $this->printDebug( "Entering getGroups", self::NONSENSITIVE );
1319	1324
1320		~~- $base = $wgLDAPBaseDNs[$_SESSION['wsDomain']];~~
	1325	+ $base = $this->getBaseDN( self::GROUPDN );
1321	1326	$objectclass = $wgLDAPGroupObjectclass[$_SESSION['wsDomain']];
1322	1327	$attribute = $wgLDAPGroupAttribute[$_SESSION['wsDomain']];
1323	1328	$nameattribute = $wgLDAPGroupNameAttribute[$_SESSION['wsDomain']];
—	—	@@ -1324,19 +1329,19 @@
1325	1330	//Search for the groups this user is in
1326	1331	$filter = "(&($attribute=" . $this->getLdapEscapedString( $dn ) . ")(objectclass=$objectclass))";
1327	1332
1328		~~- $this->printDebug( "Search string: $filter", 2 );~~
	1333	+ $this->printDebug( "Search string: $filter", self::SENSITIVE );
1329	1334
1330	1335	if ( isset( $wgLDAPProxyAgent[$_SESSION['wsDomain']] ) ) {
1331	1336	//We'll try to bind as the proxyagent as the proxyagent should normally have more
1332	1337	//rights than the user. If the proxyagent fails to bind, we will still be able
1333	1338	//to search as the normal user (which is why we don't return on fail).
1334		~~- $this->printDebug( "Binding as the proxyagentDN", 1 );~~
	1339	+ $this->printDebug( "Binding as the proxyagentDN", self::NONSENSITIVE );
1335	1340	$bind = $this->bindAs( $ldapconn, $wgLDAPProxyAgent[$_SESSION['wsDomain']], $wgLDAPProxyAgentPassword[$_SESSION['wsDomain']] );
1336	1341	}
1337	1342
1338	1343	$info = @ldap_search( $ldapconn, $base, $filter );
1339	1344	if ( !$info ) {
1340		~~- $this->printDebug( "No entries returned from search.", 2 );~~
	1345	+ $this->printDebug( "No entries returned from search.", self::SENSITIVE );
1341	1346
1342	1347	//Return an array with two empty arrays so that other functions
1343	1348	//don't error out.
—	—	@@ -1363,8 +1368,8 @@
1364	1369	array_push( $both_groups, $groups );
1365	1370	array_push( $both_groups, $shortnamegroups );
1366	1371
1367		~~- $this->printDebug( "Returned groups:" . implode( ",", $groups ) . "", 2 );~~
1368		~~- $this->printDebug( "Returned groups:" . implode( ",", $shortnamegroups ) . "", 2 );~~
	1372	+ $this->printDebug( "Returned groups:" . implode( ",", $groups ) . "", self::SENSITIVE );
	1373	+ $this->printDebug( "Returned groups:" . implode( ",", $shortnamegroups ) . "", self::SENSITIVE );
1369	1374
1370	1375	return $both_groups;
1371	1376	}
—	—	@@ -1378,7 +1383,7 @@
1379	1384	* @access private
1380	1385	*/
1381	1386	function hasLDAPGroup( $group ) {
1382		~~- $this->printDebug( "Entering hasLDAPGroup", 1 );~~
	1387	+ $this->printDebug( "Entering hasLDAPGroup", self::NONSENSITIVE );
1383	1388
1384	1389	return in_array( strtolower( $group ), $this->userLDAPGroups );
1385	1390	}
—	—	@@ -1391,7 +1396,7 @@
1392	1397	* @access private
1393	1398	*/
1394	1399	function isLDAPGroup( $group ) {
1395		~~- $this->printDebug( "Entering isLDAPGroup", 1 );~~
	1400	+ $this->printDebug( "Entering isLDAPGroup", self::NONSENSITIVE );
1396	1401
1397	1402	return in_array( strtolower( $group ), $this->allLDAPGroups );
1398	1403	}
—	—	@@ -1404,34 +1409,34 @@
1405	1410	* @access private
1406	1411	*/
1407	1412	function setGroups( &$user ) {
1408		~~- $this->printDebug( "Pulling groups from LDAP.", 1 );~~
	1413	+ $this->printDebug( "Pulling groups from LDAP.", self::NONSENSITIVE );
1409	1414
1410	1415	# add groups permissions
1411	1416	$localAvailGrps = $user->getAllGroups();
1412	1417	$localUserGrps = $user->getEffectiveGroups();
1413	1418
1414		~~- $this->printDebug( "Available groups are: " . implode( ",", $localAvailGrps ) . "", 1 );~~
1415		~~- $this->printDebug( "Effective groups are: " . implode( ",", $localUserGrps ) . "", 1 );~~
	1419	+ $this->printDebug( "Available groups are: " . implode( ",", $localAvailGrps ) . "", self::NONSENSITIVE );
	1420	+ $this->printDebug( "Effective groups are: " . implode( ",", $localUserGrps ) . "", self::NONSENSITIVE );
1416	1421
1417	1422	# note: $localUserGrps does not need to be updated with $cGroup added,
1418	1423	# as $localAvailGrps contains $cGroup only once.
1419	1424	foreach ( $localAvailGrps as $cGroup ) {
1420	1425	# did we once add the user to the group?
1421	1426	if ( in_array( $cGroup,$localUserGrps ) ) {
1422		~~- $this->printDebug( "Checking to see if we need to remove user from: $cGroup", 1 );~~
	1427	+ $this->printDebug( "Checking to see if we need to remove user from: $cGroup", self::NONSENSITIVE );
1423	1428	if ( ( !$this->hasLDAPGroup( $cGroup ) ) && ( $this->isLDAPGroup( $cGroup ) ) ) {
1424		~~- $this->printDebug( "Removing user from: $cGroup", 1 );~~
	1429	+ $this->printDebug( "Removing user from: $cGroup", self::NONSENSITIVE );
1425	1430	# the ldap group overrides the local group
1426	1431	# so as the user is currently not a member of the ldap group, he shall be removed from the local group
1427	1432	$user->removeGroup( $cGroup );
1428	1433	}
1429	1434	} else { # no, but maybe the user has recently been added to the ldap group?
1430		~~- $this->printDebug( "Checking to see if user is in: $cGroup", 1 );~~
	1435	+ $this->printDebug( "Checking to see if user is in: $cGroup", self::NONSENSITIVE );
1431	1436	if ( $this->hasLDAPGroup( $cGroup ) ) {
1432		~~- $this->printDebug( "Adding user to: $cGroup", 1 );~~
	1437	+ $this->printDebug( "Adding user to: $cGroup", self::NONSENSITIVE );
1433	1438	# so use the addGroup function
1434	1439	$user->addGroup( $cGroup );
1435		~~- # completedfor $cGroup.~~
	1440	+ # completed for $cGroup.
1436	1441	}
1437	1442	}
1438	1443	}
—	—	@@ -1447,13 +1452,14 @@
1448	1453	function getPasswordHash( $password ) {
1449	1454	global $wgLDAPPasswordHash;
1450	1455
1451		~~- $this->printDebug( "Entering getPasswordHash", 1 );~~
	1456	+ $this->printDebug( "Entering getPasswordHash", self::NONSENSITIVE );
1452	1457
1453	1458	if ( isset( $wgLDAPPasswordHash[$_SESSION['wsDomain']] ) ) {
1454	1459	$hashtouse = $wgLDAPPasswordHash[$_SESSION['wsDomain']];
1455	1460	} else {
1456	1461	$hashtouse = '';
1457	1462	}
	1463	+
1458	1464	//Set the password hashing based upon admin preference
1459	1465	switch ( $hashtouse ) {
1460	1466	case 'crypt':
—	—	@@ -1463,11 +1469,12 @@
1464	1470	$pass = $password;
1465	1471	break;
1466	1472	default:
1467		~~- $pwd_md5 = base64_encode( pack( 'H*',sha1( $password ) ) );~~
1468		~~- $pass = "{SHA}".$pwd_md5;~~
	1473	+ $pwd_sha = base64_encode( pack( 'H*',sha1( $password ) ) );
	1474	+ $pass = "{SHA}".$pwd_sha;
1469	1475	break;
1470	1476	}
1471		~~- $this->printDebug( "Password is $pass", 3 );~~
	1477	+
	1478	+ $this->printDebug( "Password is $pass", self::HIGHLYSENSITIVE );
1472	1479	return $pass;
1473	1480	}
1474	1481
—	—	@@ -1505,8 +1512,8 @@
1506	1513	$bind = @ldap_bind( $ldapconn, $userdn, $password );
1507	1514	}
1508	1515	if ( !$bind ) {
1509		~~- $this->printDebug( "Failed to bind as $userdn", 1 );~~
1510		~~- $this->printDebug( "with password: $password", 3 );~~
	1516	+ $this->printDebug( "Failed to bind as $userdn", self::NONSENSITIVE );
	1517	+ $this->printDebug( "with password: $password", self::HIGHLYSENSITIVE );
1511	1518	return false;
1512	1519	}
1513	1520	return true;
—	—	@@ -1543,6 +1550,53 @@
1544	1551	);
1545	1552	}
1546	1553
	1554	+ /**
	1555	+ * Returns a basedn by the type of entry we are searching for.
	1556	+ *
	1557	+ * @param int $type
	1558	+ * @return string
	1559	+ * @access private
	1560	+ */
	1561	+ function getBaseDN ( $type ) {
	1562	+ global $wgLDAPBaseDNs, $wgLDAPGroupBaseDNs, $wgLDAPUserBaseDNs;
	1563	+
	1564	+ $this->printDebug( "Entering getBaseDN", self::NONSENSITIVE );
	1565	+
	1566	+ $ret = '';
	1567	+ switch( $type ) {
	1568	+ case self::USERDN:
	1569	+ if ( isset( $wgLDAPUserBaseDNs[$_SESSION['wsDomain']] ) ) {
	1570	+ $ret = $wgLDAPUserBaseDNs[$_SESSION['wsDomain']];
	1571	+ }
	1572	+ break;
	1573	+ case self::GROUPDN:
	1574	+ if ( isset( $wgLDAPGroupBaseDNs[$_SESSION['wsDomain']] ) ) {
	1575	+ $ret = $wgLDAPGroupBaseDNs[$_SESSION['wsDomain']];
	1576	+ }
	1577	+ break;
	1578	+ case self::DEFAULTDN:
	1579	+ if ( isset( $wgLDAPBaseDNs[$_SESSION['wsDomain']] ) ) {
	1580	+ $ret = $wgLDAPBaseDNs[$_SESSION['wsDomain']];
	1581	+ $this->printDebug( "basedn is $ret", self::NONSENSITIVE );
	1582	+ return $ret;
	1583	+ } else {
	1584	+ $this->printDebug( "basedn is not set.", self::NONSENSITIVE );
	1585	+ return '';
	1586	+ }
	1587	+ break;
	1588	+ }
	1589	+
	1590	+ if ( $ret == '' ) {
	1591	+ $this->printDebug( "basedn is not set for this type of entry, trying to get the default basedn.", self::NONSENSITIVE );
	1592	+ // We will never reach here if $type is self::DEFAULTDN, so to avoid code
	1593	+ // code duplication, we'll get the default by re-calling the function.
	1594	+ return $this->getBaseDN( self::DEFAULTDN );
	1595	+ } else {
	1596	+ $this->printDebug( "basedn is $ret", self::NONSENSITIVE );
	1597	+ return $ret;
	1598	+ }
	1599	+ }
	1600	+
1547	1601	}
1548	1602
1549	1603	/**
—	—	@@ -1572,23 +1626,23 @@
1573	1627
1574	1628	$wgAuth = new LdapAuthenticationPlugin();
1575	1629
1576		~~- $wgAuth->printDebug( "Entering AutoAuthSetup.", 1 );~~
	1630	+ $wgAuth->printDebug( "Entering AutoAuthSetup.", self::NONSENSITIVE );
1577	1631
1578	1632	//We may add quite a few different auto authenticate methods in the
1579	1633	//future, let's make it easy to support.
1580	1634	switch( $wgLDAPAutoAuthMethod ) {
1581	1635	case "smartcard":
1582		~~- $wgAuth->printDebug( "Allowing smartcard authentication.", 1 );~~
1583		~~- $wgAuth->printDebug( "wgLDAPSSLUsername = $wgLDAPSSLUsername", 2 );~~
	1636	+ $wgAuth->printDebug( "Allowing smartcard authentication.", self::NONSENSITIVE );
	1637	+ $wgAuth->printDebug( "wgLDAPSSLUsername = $wgLDAPSSLUsername", self::SENSITIVE );
1584	1638
1585	1639	if( $wgLDAPSSLUsername != null ) {
1586		~~- $wgAuth->printDebug( "wgLDAPSSLUsername is not null, adding hooks.", 1 );~~
	1640	+ $wgAuth->printDebug( "wgLDAPSSLUsername is not null, adding hooks.", self::NONSENSITIVE );
1587	1641	$wgHooks['AutoAuthenticate'][] = 'SSLAuth'; /* Hook for magical authN */
1588	1642	$wgHooks['PersonalUrls'][] = 'NoLogout'; /* Disallow logout link */
1589	1643	}
1590	1644	break;
1591	1645	default:
1592		~~- $wgAuth->printDebug( "Not using any AutoAuthentication methods.", 1 );~~
	1646	+ $wgAuth->printDebug( "Not using any AutoAuthentication methods.", self::NONSENSITIVE );
1593	1647	}
1594	1648	}
1595	1649
—	—	@@ -1607,15 +1661,15 @@
1608	1662	global $wgUser;
1609	1663	global $wgAuth;
1610	1664
1611		~~- $wgAuth->printDebug( "Entering SSLAuth.", 1 );~~
	1665	+ $wgAuth->printDebug( "Entering SSLAuth.", self::NONSENSITIVE );
1612	1666
1613	1667	//Give us a user, see if we're around
1614		~~- $tmpuser = User::newFromSession();~~
	1668	+ $tmpuser = User::LoadFromSession();
1615	1669
1616	1670	//They already with us? If so, quit this function.
1617	1671	if( $tmpuser->isLoggedIn() ) {
1618		~~- $wgAuth->printDebug( "User is already logged in.", 1 );~~
1619		~~- return false;~~
	1672	+ $wgAuth->printDebug( "User is already logged in.", self::NONSENSITIVE );
	1673	+ return;
1620	1674	}
1621	1675
1622	1676	//Let regular authentication plugins configure themselves for auto
—	—	@@ -1623,39 +1677,39 @@
1624	1678	$wgAuth->autoAuthSetup();
1625	1679
1626	1680	//The user hasn't already been authenticated, let's check them
1627		~~- $wgAuth->printDebug( "User is not logged in, we need to authenticate", 1 );~~
	1681	+ $wgAuth->printDebug( "User is not logged in, we need to authenticate", self::NONSENSITIVE );
1628	1682	$authenticated = $wgAuth->authenticate( $wgLDAPSSLUsername );
1629	1683	if ( !$authenticated ) {
1630	1684	//If the user doesn't exist in LDAP, there isn't much reason to
1631	1685	//go any further.
1632		~~- $wgAuth->printDebug("User wasn't found in LDAP, exiting.", 1 );~~
1633		~~- return false;~~
	1686	+ $wgAuth->printDebug("User wasn't found in LDAP, exiting.", self::NONSENSITIVE );
	1687	+ return;
1634	1688	}
1635	1689
1636	1690	//We need the username that MediaWiki will always use, not the one we
1637	1691	//get from LDAP.
1638	1692	$mungedUsername = $wgAuth->getCanonicalName( $wgLDAPSSLUsername );
1639	1693
1640		~~- $wgAuth->printDebug( "User exists in LDAP; finding the user by name in MediaWiki.", 1 );~~
	1694	+ $wgAuth->printDebug( "User exists in LDAP; finding the user by name in MediaWiki.", self::NONSENSITIVE );
1641	1695
1642	1696	//Is the user already in the database?
1643	1697	$tmpuser = User::newFromName( $mungedUsername );
1644	1698
1645	1699	if ( $tmpuser == null ) {
1646		~~- $wgAuth->printDebug( "Username is not a valid MediaWiki username.", 1 );~~
1647		~~- return false;~~
	1700	+ $wgAuth->printDebug( "Username is not a valid MediaWiki username.", self::NONSENSITIVE );
	1701	+ return;
1648	1702	}
1649	1703
1650	1704	//If exists, log them in
1651	1705	if( $tmpuser->getID() != 0 ) {
1652		~~- $wgAuth->printDebug( "User exists in local database, logging in.", 1 );~~
	1706	+ $wgAuth->printDebug( "User exists in local database, logging in.", self::NONSENSITIVE );
1653	1707	$wgUser = &$tmpuser;
1654	1708	$wgAuth->updateUser( $wgUser );
1655	1709	$wgUser->setCookies();
1656	1710	$wgUser->setupSession();
1657		~~- return true;~~
	1711	+ return;
1658	1712	}
1659		~~- $wgAuth->printDebug( "User does not exist in local database; creating.", 1 );~~
	1713	+ $wgAuth->printDebug( "User does not exist in local database; creating.", self::NONSENSITIVE );
1660	1714
1661	1715	//Require SpecialUserlogin so that we can get a loginForm
1662	1716	require_once( 'SpecialUserlogin.php' );
—	—	@@ -1670,7 +1724,7 @@
1671	1725	$wgLangUnset = true;
1672	1726	}
1673	1727
1674		~~- $wgAuth->printDebug( "Creating LoginForm.", 1 );~~
	1728	+ $wgAuth->printDebug( "Creating LoginForm.", self::NONSENSITIVE );
1675	1729
1676	1730	//This creates our form that'll let us create a new user in the database
1677	1731	$lf = new LoginForm( $wgRequest );
—	—	@@ -1679,7 +1733,7 @@
1680	1734	$wgUser = &$tmpuser;
1681	1735	$wgUser->setName( $wgContLang->ucfirst( $mungedUsername ) );
1682	1736
1683		~~- $wgAuth->printDebug( "Creating User.", 1 );~~
	1737	+ $wgAuth->printDebug( "Creating User.", self::NONSENSITIVE );
1684	1738
1685	1739	//Create the user
1686	1740	$lf->initUser( $wgUser );
—	—	@@ -1687,7 +1741,5 @@
1688	1742	//Initialize the user
1689	1743	$wgUser->setupSession();
1690	1744	$wgUser->setCookies();
1691		-
1692		~~- return true;~~
1693	1745	}
1694	1746	?>

Status & tagging log

15:19, 12 September 2011 Meno25 (talk | contribs) changed the status of r23336 [removed: ok added: old]