r65178 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r65177‎ \| r65178 \| r65179 >
Date:	20:12, 17 April 2010
Author:	reedy
Status:	ok
Tags:
Comment:	Stylize LdapAuthentication
Modified paths:	/trunk/extensions/LdapAuthentication/LdapAuthentication.php (modified) (history) /trunk/extensions/LdapAuthentication/LdapAutoAuthentication.php (modified) (history)

Diff [purge]

Index: trunk/extensions/LdapAuthentication/LdapAutoAuthentication.php
—	—	@@ -16,8 +16,8 @@
17	17	$wgAuth->printDebug( "Entering AutoAuthentication.", NONSENSITIVE );
18	18
19	19	if ( version_compare( $wgVersion, '1.14.0', '<' ) ) {
20		~~- //The following section is a hack to determine whether or not~~
21		~~- //the user is logged in. We need a core fix to make this simpler.~~
	20	+ // The following section is a hack to determine whether or not
	21	+ // the user is logged in. We need a core fix to make this simpler.
22	22	if ( isset( $_SESSION['wsUserID'] ) ) {
23	23	$user->setID( $_SESSION['wsUserID'] );
24	24	if ( $user->loadFromId() ) {
—	—	@@ -39,22 +39,22 @@
40	40
41	41	$wgAuth->printDebug( "User isn't logged in, calling setup.", NONSENSITIVE );
42	42
43		~~- //Let regular authentication plugins configure themselves for auto~~
44		~~- //authentication chaining~~
	43	+ // Let regular authentication plugins configure themselves for auto
	44	+ // authentication chaining
45	45	$wgAuth->autoAuthSetup();
46	46
47	47	$wgAuth->printDebug( "Calling authenticate with username ($wgLDAPAutoAuthUsername).", NONSENSITIVE );
48		~~- //The user hasn't already been authenticated, let's check them~~
	48	+ // The user hasn't already been authenticated, let's check them
49	49	$authenticated = $wgAuth->authenticate( $wgLDAPAutoAuthUsername );
50	50	if ( !$authenticated ) {
51		~~- //If the user doesn't exist in LDAP, there isn't much reason to~~
52		~~- //go any further.~~
53		~~- $wgAuth->printDebug("User wasn't found in LDAP, exiting.", NONSENSITIVE );~~
	51	+ // If the user doesn't exist in LDAP, there isn't much reason to
	52	+ // go any further.
	53	+ $wgAuth->printDebug( "User wasn't found in LDAP, exiting.", NONSENSITIVE );
54	54	return false;
55	55	}
56	56
57		~~- //We need the username that MediaWiki will always use, not the one we~~
58		~~- //get from LDAP.~~
	57	+ // We need the username that MediaWiki will always use, not the one we
	58	+ // get from LDAP.
59	59	$mungedUsername = $wgAuth->getCanonicalName( $wgLDAPAutoAuthUsername );
60	60
61	61	$wgAuth->printDebug( "User exists in LDAP; finding the user by name ($mungedUsername) in MediaWiki.", NONSENSITIVE );
—	—	@@ -62,8 +62,8 @@
63	63	$localId = User::idFromName( $mungedUsername );
64	64	$wgAuth->printDebug( "Got id ($localId).", NONSENSITIVE );
65	65
66		~~- //Is the user already in the database?~~
67		~~- if( !$localId ) {~~
	66	+ // Is the user already in the database?
	67	+ if ( !$localId ) {
68	68	$userAdded = self::attemptAddUser( $user, $mungedUsername );
69	69	if ( !$userAdded ) {
70	70	$result = false;
Index: trunk/extensions/LdapAuthentication/LdapAuthentication.php
—	—	@@ -53,44 +53,44 @@
54	54	'url' => 'http://www.mediawiki.org/wiki/Extension:LDAP_Authentication',
55	55	);
56	56
57		~~-$dir = dirname(__FILE__) . '/';~~
	57	+$dir = dirname( __FILE__ ) . '/';
58	58	$wgExtensionMessagesFiles['LdapAuthentication'] = $dir . 'LdapAuthentication.i18n.php';
59	59
60		~~-//constants for search base~~
61		~~-define("GROUPDN", 0);~~
62		~~-define("USERDN", 1);~~
63		~~-define("DEFAULTDN", 2);~~
	60	+// constants for search base
	61	+define( "GROUPDN", 0 );
	62	+define( "USERDN", 1 );
	63	+define( "DEFAULTDN", 2 );
64	64
65		~~-//constants for error reporting~~
66		~~-define("NONSENSITIVE", 1);~~
67		~~-define("SENSITIVE", 2);~~
68		~~-define("HIGHLYSENSITIVE", 3);~~
	65	+// constants for error reporting
	66	+define( "NONSENSITIVE", 1 );
	67	+define( "SENSITIVE", 2 );
	68	+define( "HIGHLYSENSITIVE", 3 );
69	69
70	70	class LdapAuthenticationPlugin extends AuthPlugin {
71	71
72		~~- //ldap connection resource~~
	72	+ // ldap connection resource
73	73	var $ldapconn;
74	74
75		~~- //preferences~~
	75	+ // preferences
76	76	var $email, $lang, $realname, $nickname, $externalid;
77	77
78		~~- //username pulled from ldap~~
	78	+ // username pulled from ldap
79	79	var $LDAPUsername;
80	80
81		~~- //userdn pulled from ldap~~
	81	+ // userdn pulled from ldap
82	82	var $userdn;
83	83
84		~~- //groups pulled from ldap~~
	84	+ // groups pulled from ldap
85	85	var $userLDAPGroups;
86	86	var $allLDAPGroups;
87	87
88		~~- //boolean to test for failed auth~~
	88	+ // boolean to test for failed auth
89	89	var $authFailed;
90	90
91		~~- //boolean to test for fetched user info~~
	91	+ // boolean to test for fetched user info
92	92	var $fetchedUserInfo;
93	93
94		~~- //the user's entry and all attributes~~
	94	+ // the user's entry and all attributes
95	95	var $userInfo;
96	96
97	97	function LdapAuthenticationPlugin() {
—	—	@@ -111,11 +111,11 @@
112	112
113	113	$this->printDebug( "Entering userExists", NONSENSITIVE );
114	114
115		~~- //If we can't add LDAP users, we don't really need to check~~
116		~~- //if the user exists, the authenticate method will do this for~~
117		~~- //us. This will decrease hits to the LDAP server.~~
118		~~- //We do however, need to use this if we are using auto authentication.~~
119		~~- if ( ( !isset( $wgLDAPAddLDAPUsers[$_SESSION['wsDomain']] ) \|\| !$wgLDAPAddLDAPUsers[$_SESSION['wsDomain']]) && !$this->useAutoAuth() ) {~~
	115	+ // If we can't add LDAP users, we don't really need to check
	116	+ // if the user exists, the authenticate method will do this for
	117	+ // us. This will decrease hits to the LDAP server.
	118	+ // We do however, need to use this if we are using auto authentication.
	119	+ if ( ( !isset( $wgLDAPAddLDAPUsers[$_SESSION['wsDomain']] ) \|\| !$wgLDAPAddLDAPUsers[$_SESSION['wsDomain']] ) && !$this->useAutoAuth() ) {
120	120	return true;
121	121	}
122	122
—	—	@@ -125,20 +125,20 @@
126	126
127	127	$searchstring = $this->getSearchString( $this->ldapconn, $username );
128	128
129		~~- //If we are using auto authentication, and we got~~
130		~~- //anything back, then the user exists.~~
	129	+ // If we are using auto authentication, and we got
	130	+ // anything back, then the user exists.
131	131	if ( $this->useAutoAuth() && $searchstring != '' ) {
132		~~- //getSearchString is going to bind, but will not unbind~~
133		~~- //Let's clean up~~
	132	+ // getSearchString is going to bind, but will not unbind
	133	+ // Let's clean up
134	134	@ldap_unbind();
135	135	return true;
136	136	}
137	137
138		~~- //Search for the entry.~~
	138	+ // Search for the entry.
139	139	$entry = @ldap_read( $this->ldapconn, $searchstring, "objectclass=*" );
140	140
141		~~- //getSearchString is going to bind, but will not unbind~~
142		~~- //Let's clean up~~
	141	+ // getSearchString is going to bind, but will not unbind
	142	+ // Let's clean up
143	143	@ldap_unbind();
144	144	if ( !$entry ) {
145	145	$this->printDebug( "Did not find a matching user in LDAP", NONSENSITIVE );
—	—	@@ -171,14 +171,14 @@
172	172	return false;
173	173	}
174	174
175		~~- //If the admin didn't set an encryption type, we default to tls~~
	175	+ // If the admin didn't set an encryption type, we default to tls
176	176	if ( isset( $wgLDAPEncryptionType[$_SESSION['wsDomain']] ) ) {
177	177	$encryptionType = $wgLDAPEncryptionType[$_SESSION['wsDomain']];
178	178	} else {
179	179	$encryptionType = "tls";
180	180	}
181	181
182		~~- //Set the server string depending on whether we use ssl or not~~
	182	+ // Set the server string depending on whether we use ssl or not
183	183	switch( $encryptionType ) {
184	184	case "ldapi":
185	185	# this is a really dirty place to put this,
—	—	@@ -195,8 +195,8 @@
196	196	$serverpre = "ldap://";
197	197	}
198	198
199		~~- //Make a space separated list of server strings with the ldap:// or ldaps://~~
200		~~- //string added.~~
	199	+ // Make a space separated list of server strings with the ldap:// or ldaps://
	200	+ // string added.
201	201	$servers = "";
202	202	$tmpservers = $wgLDAPServerNames[$_SESSION['wsDomain']];
203	203	$tok = strtok( $tmpservers, " " );
—	—	@@ -204,14 +204,14 @@
205	205	$servers = $servers . " " . $serverpre . $tok;
206	206	$tok = strtok( " " );
207	207	}
208		~~- $servers = rtrim($servers);~~
	208	+ $servers = rtrim( $servers );
209	209
210	210	$this->printDebug( "Using servers: $servers", SENSITIVE );
211	211
212		~~- //Connect and set options~~
	212	+ // Connect and set options
213	213	$this->ldapconn = @ldap_connect( $servers );
214		~~- ldap_set_option( $this->ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);~~
215		~~- ldap_set_option( $this->ldapconn, LDAP_OPT_REFERRALS, 0);~~
	214	+ ldap_set_option( $this->ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3 );
	215	+ ldap_set_option( $this->ldapconn, LDAP_OPT_REFERRALS, 0 );
216	216
217	217	if ( isset( $wgLDAPOptions[$_SESSION['wsDomain']] ) ) {
218	218	$options = $wgLDAPOptions[$_SESSION['wsDomain']];
—	—	@@ -222,7 +222,7 @@
223	223	}
224	224	}
225	225
226		~~- //TLS needs to be started after the connection is made~~
	226	+ // TLS needs to be started after the connection is made
227	227	if ( $encryptionType == "tls" ) {
228	228	$this->printDebug( "Using TLS", SENSITIVE );
229	229	if ( !ldap_start_tls( $this->ldapconn ) ) {
—	—	@@ -244,7 +244,7 @@
245	245	* @return bool
246	246	* @access public
247	247	*/
248		~~- function authenticate( $username, $password='' ) {~~
	248	+ function authenticate( $username, $password = '' ) {
249	249	global $wgLDAPAuthAttribute;
250	250	global $wgLDAPAutoAuthUsername;
251	251	global $wgLDAPLowerCaseUsername;
—	—	@@ -252,25 +252,25 @@
253	253
254	254	$this->printDebug( "Entering authenticate", NONSENSITIVE );
255	255
256		~~- //We don't handle local authentication~~
	256	+ // We don't handle local authentication
257	257	if ( 'local' == $_SESSION['wsDomain'] ) {
258	258	$this->printDebug( "User is using a local domain", SENSITIVE );
259	259	return false;
260	260	}
261	261
262		~~- //If the user is using auto authentication, we need to ensure~~
263		~~- //that he/she isn't trying to fool us by sending a username other~~
264		~~- //than the one the web server got from the auto-authentication method.~~
	262	+ // If the user is using auto authentication, we need to ensure
	263	+ // that he/she isn't trying to fool us by sending a username other
	264	+ // than the one the web server got from the auto-authentication method.
265	265	if ( $this->useAutoAuth() && $wgLDAPAutoAuthUsername != $username ) {
266	266	$this->printDebug( "The username provided ($username) doesn't match the username provided by the webserver ($wgLDAPAutoAuthUsername). The user is probably trying to log in to the auto-authentication domain with password authentication via the wiki. Denying access.", SENSITIVE );
267	267	return false;
268	268	}
269	269
270		~~- //We need to ensure that if we require a password, that it is~~
271		~~- //not blank. We don't allow blank passwords, so we are being~~
272		~~- //tricked if someone is supplying one when using password auth.~~
273		~~- //Smartcard authentication uses a pin, and does not require~~
274		~~- //a password to be given; a blank password here is wanted.~~
	270	+ // We need to ensure that if we require a password, that it is
	271	+ // not blank. We don't allow blank passwords, so we are being
	272	+ // tricked if someone is supplying one when using password auth.
	273	+ // Smartcard authentication uses a pin, and does not require
	274	+ // a password to be given; a blank password here is wanted.
275	275	if ( '' == $password && !$this->useAutoAuth() ) {
276	276	$this->printDebug( "User used a blank password", NONSENSITIVE );
277	277	return false;
—	—	@@ -280,10 +280,10 @@
281	281	if ( $this->ldapconn ) {
282	282	$this->printDebug( "Connected successfully", NONSENSITIVE );
283	283
284		~~- //Mediawiki munges the username before authenticate is called,~~
285		~~- //this can mess with authentication, group pulling/restriction,~~
286		~~- //preference pulling, etc. Let's allow the admin to use~~
287		~~- //a lowercased username if needed.~~
	284	+ // Mediawiki munges the username before authenticate is called,
	285	+ // this can mess with authentication, group pulling/restriction,
	286	+ // preference pulling, etc. Let's allow the admin to use
	287	+ // a lowercased username if needed.
288	288	if ( isset( $wgLDAPLowerCaseUsername[$_SESSION['wsDomain']] ) && $wgLDAPLowerCaseUsername[$_SESSION['wsDomain']] ) {
289	289	$this->printDebug( "Lowercasing the username: $username", NONSENSITIVE );
290	290	$username = strtolower( $username );
—	—	@@ -291,9 +291,9 @@
292	292
293	293	$this->userdn = $this->getSearchString( $username );
294	294
295		~~- //It is possible that getSearchString will return an~~
296		~~- //empty string; if this happens, the bind will ALWAYS~~
297		~~- //return true, and will let anyone in!~~
	295	+ // It is possible that getSearchString will return an
	296	+ // empty string; if this happens, the bind will ALWAYS
	297	+ // return true, and will let anyone in!
298	298	if ( '' == $this->userdn ) {
299	299	$this->printDebug( "User DN is blank", NONSENSITIVE );
300	300	@ldap_unbind();
—	—	@@ -301,12 +301,12 @@
302	302	return false;
303	303	}
304	304
305		~~- //If we are using password authentication, we need to bind as the~~
306		~~- //user to make sure the password is correct.~~
	305	+ // If we are using password authentication, we need to bind as the
	306	+ // user to make sure the password is correct.
307	307	if ( !$this->useAutoAuth() ) {
308	308	$this->printDebug( "Binding as the user", NONSENSITIVE );
309	309
310		~~- //Let's see if the user can authenticate.~~
	310	+ // Let's see if the user can authenticate.
311	311	$bind = $this->bindAs( $this->userdn, $password );
312	312	if ( !$bind ) {
313	313	$this->markAuthFailed();
—	—	@@ -315,12 +315,12 @@
316	316
317	317	$this->printDebug( "Bound successfully", NONSENSITIVE );
318	318
319		~~- if ( isset( $wgLDAPSearchStrings[$_SESSION['wsDomain']] ) ) {~~
	319	+ if ( isset( $wgLDAPSearchStrings[$_SESSION['wsDomain']] ) ) {
320	320	$ss = $wgLDAPSearchStrings[$_SESSION['wsDomain']];
321	321	if ( strstr( $ss, "@" ) \|\| strstr( $ss, '\\' ) ) {
322		~~- //We are most likely configured using USER-NAME@DOMAIN, or~~
323		~~- //DOMAIN\\USER-NAME.~~
324		~~- //Get the user's full DN so we can search for groups and such.~~
	322	+ // We are most likely configured using USER-NAME@DOMAIN, or
	323	+ // DOMAIN\\USER-NAME.
	324	+ // Get the user's full DN so we can search for groups and such.
325	325	$this->userdn = $this->getUserDN( $username );
326	326	$this->printDebug( "Pulled the user's DN: $this->userdn", NONSENSITIVE );
327	327	}
—	—	@@ -369,7 +369,7 @@
370	370	}
371	371	$this->printDebug( "Authentication passed", NONSENSITIVE );
372	372
373		~~- //We made it this far; the user authenticated and didn't fail any checks, so he/she gets in.~~
	373	+ // We made it this far; the user authenticated and didn't fail any checks, so he/she gets in.
374	374	return true;
375	375	}
376	376
—	—	@@ -406,8 +406,8 @@
407	407	if ( isset( $wgLDAPAutoAuthDomain ) ) {
408	408	$this->printDebug( "Allowing auto-authentication login, removing the domain from the list.", NONSENSITIVE );
409	409
410		~~- //There is no reason for people to log in directly to the wiki if the are using an~~
411		~~- //auto-authentication domain. If they try to, they are probably up to something fishy.~~
	410	+ // There is no reason for people to log in directly to the wiki if the are using an
	411	+ // auto-authentication domain. If they try to, they are probably up to something fishy.
412	412	unset( $tempDomArr[array_search( $wgLDAPAutoAuthDomain, $tempDomArr )] );
413	413	}
414	414
—	—	@@ -451,21 +451,21 @@
452	452	if ( $_SESSION['wsDomain'] == 'local' ) {
453	453	$this->printDebug( "User is using a local domain", NONSENSITIVE );
454	454
455		~~- //We don't set local passwords, but we don't want the wiki~~
456		~~- //to send the user a failure.~~
	455	+ // We don't set local passwords, but we don't want the wiki
	456	+ // to send the user a failure.
457	457	return true;
458	458	} else if ( !isset( $wgLDAPUpdateLDAP[$_SESSION['wsDomain']] ) \|\| !$wgLDAPUpdateLDAP[$_SESSION['wsDomain']] ) {
459	459	$this->printDebug( "Wiki is set to not allow updates", NONSENSITIVE );
460	460
461		~~- //We aren't allowing the user to change his/her own password~~
	461	+ // We aren't allowing the user to change his/her own password
462	462	return false;
463	463	}
464	464
465	465	if ( !isset( $wgLDAPWriterDN[$_SESSION['wsDomain']] ) ) {
466	466	$this->printDebug( "Wiki doesn't have wgLDAPWriterDN set", NONSENSITIVE );
467	467
468		~~- //We can't change a user's password without an account that is~~
469		~~- //allowed to do it.~~
	468	+ // We can't change a user's password without an account that is
	469	+ // allowed to do it.
470	470	return false;
471	471	}
472	472
—	—	@@ -484,13 +484,13 @@
485	485
486	486	$values["userpassword"] = $pass;
487	487
488		~~- //Blank out the password in the database. We don't want to save~~
489		~~- //domain credentials for security reasons.~~
	488	+ // Blank out the password in the database. We don't want to save
	489	+ // domain credentials for security reasons.
490	490	$password = '';
491	491
492	492	$success = @ldap_modify( $this->ldapconn, $this->userdn, $values );
493	493
494		~~- //Let's clean up~~
	494	+ // Let's clean up
495	495	@ldap_unbind();
496	496	if ( $success ) {
497	497	$this->printDebug( "Successfully modified the user's password", NONSENSITIVE );
—	—	@@ -512,7 +512,7 @@
513	513	* @param User $user
514	514	* @return bool
515	515	* @access public
516		~~- */~~
	516	+ */
517	517	function updateExternalDB( $user ) {
518	518	global $wgLDAPUpdateLDAP;
519	519	global $wgLDAPWriterDN, $wgLDAPWriterPassword;
—	—	@@ -523,16 +523,16 @@
524	524	$_SESSION['wsDomain'] == 'local' ) {
525	525	$this->printDebug( "Either the user is using a local domain, or the wiki isn't allowing updates", NONSENSITIVE );
526	526
527		~~- //We don't handle local preferences, but we don't want the~~
528		~~- //wiki to return an error.~~
	527	+ // We don't handle local preferences, but we don't want the
	528	+ // wiki to return an error.
529	529	return true;
530	530	}
531	531
532	532	if ( !isset( $wgLDAPWriterDN[$_SESSION['wsDomain']] ) ) {
533	533	$this->printDebug( "The wiki doesn't have wgLDAPWriterDN set", NONSENSITIVE );
534	534
535		~~- //We can't modify LDAP preferences if we don't have a user~~
536		~~- //capable of editing LDAP attributes.~~
	535	+ // We can't modify LDAP preferences if we don't have a user
	536	+ // capable of editing LDAP attributes.
537	537	return false;
538	538	}
539	539
—	—	@@ -578,7 +578,7 @@
579	579	*
580	580	* @return bool
581	581	* @access public
582		~~- */~~
	582	+ */
583	583	function canCreateAccounts() {
584	584	global $wgLDAPAddLDAPUsers;
585	585
—	—	@@ -596,7 +596,7 @@
597	597	*
598	598	* @return bool
599	599	* @access public
600		~~- */~~
	600	+ */
601	601	function allowPasswordChange() {
602	602	global $wgLDAPUpdateLDAP, $wgLDAPMailPassword;
603	603	global $wgLDAPUseLocal;
—	—	@@ -606,7 +606,7 @@
607	607	$retval = false;
608	608
609	609	// Local domains need to be able to change passwords
610		~~- if ( (isset($wgLDAPUseLocal) && $wgLDAPUseLocal) && 'local' == $_SESSION['wsDomain'] ) {~~
	610	+ if ( ( isset( $wgLDAPUseLocal ) && $wgLDAPUseLocal ) && 'local' == $_SESSION['wsDomain'] ) {
611	611	$retval = true;
612	612	}
613	613
—	—	@@ -643,22 +643,22 @@
644	644	'local' == $_SESSION['wsDomain'] ) {
645	645	$this->printDebug( "Either the user is using a local domain, or the wiki isn't allowing users to be added to LDAP", NONSENSITIVE );
646	646
647		~~- //Tell the wiki not to return an error.~~
	647	+ // Tell the wiki not to return an error.
648	648	return true;
649	649	}
650	650
651	651	if ( $wgLDAPRequiredGroups \|\| $wgLDAPGroupDN ) {
652	652	$this->printDebug( "The wiki is requiring users to be in specific groups, and cannot add users as this would be a security hole.", NONSENSITIVE );
653		~~- //It is possible that later we can add users into~~
654		~~- //groups, but since we don't support it, we don't want~~
655		~~- //to open holes!~~
	653	+ // It is possible that later we can add users into
	654	+ // groups, but since we don't support it, we don't want
	655	+ // to open holes!
656	656	return false;
657	657	}
658	658
659	659	if ( !isset( $wgLDAPWriterDN[$_SESSION['wsDomain']] ) ) {
660	660	$this->printDebug( "The wiki doesn't have wgLDAPWriterDN set", NONSENSITIVE );
661	661
662		~~- //We can't add users without an LDAP account capable of doing so.~~
	662	+ // We can't add users without an LDAP account capable of doing so.
663	663	return false;
664	664	}
665	665
—	—	@@ -681,7 +681,7 @@
682	682	$username . "," . $wgLDAPWriteLocation[$_SESSION['wsDomain']];
683	683	} else {
684	684	$this->printDebug( "wgLDAPWriteLocation is not set, failing", NONSENSITIVE );
685		~~- //getSearchString will bind, but will not unbind~~
	685	+ // getSearchString will bind, but will not unbind
686	686	@ldap_unbind();
687	687	return false;
688	688	}
—	—	@@ -695,12 +695,12 @@
696	696	return false;
697	697	}
698	698
699		~~- //Set up LDAP attributes~~
	699	+ // Set up LDAP attributes
700	700	$values["uid"] = $username;
701		~~- //sn is required for objectclass inetorgperson~~
	701	+ // sn is required for objectclass inetorgperson
702	702	$values["sn"] = $username;
703	703	if ( '' != $this->email ) { $values["mail"] = $this->email; }
704		~~- if ( '' != $this->realname ) {$values["cn"] = $this->realname; }~~
	704	+ if ( '' != $this->realname ) { $values["cn"] = $this->realname; }
705	705	else { $values["cn"] = $username; }
706	706	$values["userpassword"] = $pass;
707	707	$values["objectclass"] = "inetorgperson";
—	—	@@ -772,15 +772,15 @@
773	773
774	774	$this->printDebug( "Entering updateUser", NONSENSITIVE );
775	775
776		~~- if ($this->authFailed) {~~
	776	+ if ( $this->authFailed ) {
777	777	$this->printDebug( "User didn't successfully authenticate, exiting.", NONSENSITIVE );
778	778	return;
779	779	}
780	780
781	781	$saveSettings = false;
782	782
783		~~- //If we aren't pulling preferences, we don't want to accidentally~~
784		~~- //overwrite anything.~~
	783	+ // If we aren't pulling preferences, we don't want to accidentally
	784	+ // overwrite anything.
785	785	if ( ( isset( $wgLDAPRetrievePrefs[$_SESSION['wsDomain']] ) && $wgLDAPRetrievePrefs[$_SESSION['wsDomain']] )
786	786	\|\| isset( $wgLDAPPreferences[$_SESSION['wsDomain']] ) ) {
787	787	$this->printDebug( "Setting user preferences.", NONSENSITIVE );
—	—	@@ -838,7 +838,7 @@
839	839
840	840	$this->printDebug( "Entering initUser", NONSENSITIVE );
841	841
842		~~- if ($this->authFailed) {~~
	842	+ if ( $this->authFailed ) {
843	843	$this->printDebug( "User didn't successfully authenticate, exiting.", NONSENSITIVE );
844	844	return;
845	845	}
—	—	@@ -848,15 +848,15 @@
849	849	return;
850	850	}
851	851
852		~~- //We are creating an LDAP user, it is very important that we do~~
853		~~- //NOT set a local password because it could compromise the~~
854		~~- //security of our domain.~~
	852	+ // We are creating an LDAP user, it is very important that we do
	853	+ // NOT set a local password because it could compromise the
	854	+ // security of our domain.
855	855	$user->mPassword = '';
856	856
857		~~- //The update user function does everything else we need done.~~
858		~~- $this->updateUser($user);~~
	857	+ // The update user function does everything else we need done.
	858	+ $this->updateUser( $user );
859	859
860		~~- //updateUser() won't definately save the user's settings~~
	860	+ // updateUser() won't definately save the user's settings
861	861	$user->saveSettings();
862	862	}
863	863
—	—	@@ -898,22 +898,22 @@
899	899	if ( $username != '' ) {
900	900	$this->printDebug( "Username isn't empty.", NONSENSITIVE );
901	901
902		~~- //We want to use the username returned by LDAP~~
903		~~- //if it exists~~
	902	+ // We want to use the username returned by LDAP
	903	+ // if it exists
904	904	if ( $this->LDAPUsername != '' ) {
905	905	$this->printDebug( "Using LDAPUsername.", NONSENSITIVE );
906	906	$username = $this->LDAPUsername;
907	907	}
908	908
909		~~- if ( isset($_SESSION['wsDomain']) && 'local' != $_SESSION['wsDomain']) {~~
910		~~- //Change username to lowercase so that multiple user accounts~~
911		~~- //won't be created for the same user.~~
912		~~- //But don't do it for the local domain!~~
	909	+ if ( isset( $_SESSION['wsDomain'] ) && 'local' != $_SESSION['wsDomain'] ) {
	910	+ // Change username to lowercase so that multiple user accounts
	911	+ // won't be created for the same user.
	912	+ // But don't do it for the local domain!
913	913	$username = strtolower( $username );
914	914	}
915	915
916		~~- //The wiki considers an all lowercase name to be invalid; need to~~
917		~~- //uppercase the first letter~~
	916	+ // The wiki considers an all lowercase name to be invalid; need to
	917	+ // uppercase the first letter
918	918	$username[0] = strtoupper( $username[0] );
919	919	}
920	920
—	—	@@ -949,19 +949,19 @@
950	950	$this->printDebug( "Entering getSearchString", NONSENSITIVE );
951	951
952	952	if ( isset( $wgLDAPSearchStrings[$_SESSION['wsDomain']] ) ) {
953		~~- //This is a straight bind~~
	953	+ // This is a straight bind
954	954	$this->printDebug( "Doing a straight bind", NONSENSITIVE );
955	955
956	956	$tmpuserdn = $wgLDAPSearchStrings[$_SESSION['wsDomain']];
957	957	$userdn = str_replace( "USER-NAME", $username, $tmpuserdn );
958	958	} else {
959		~~- //This is a proxy bind, or an anonymous bind with a search~~
	959	+ // This is a proxy bind, or an anonymous bind with a search
960	960	if ( isset( $wgLDAPProxyAgent[$_SESSION['wsDomain']] ) ) {
961		~~- //This is a proxy bind~~
	961	+ // This is a proxy bind
962	962	$this->printDebug( "Doing a proxy bind", NONSENSITIVE );
963	963	$bind = $this->bindAs( $wgLDAPProxyAgent[$_SESSION['wsDomain']], $wgLDAPProxyAgentPassword[$_SESSION['wsDomain']] );
964	964	} else {
965		~~- //This is an anonymous bind~~
	965	+ // This is an anonymous bind
966	966	$this->printDebug( "Doing an anonymous bind", NONSENSITIVE );
967	967	$bind = $this->bindAs();
968	968	}
—	—	@@ -990,11 +990,11 @@
991	991	global $wgLDAPSearchAttributes;
992	992	global $wgLDAPAuthAttribute;
993	993
994		~~- $this->printDebug("Entering getUserDN", NONSENSITIVE);~~
	994	+ $this->printDebug( "Entering getUserDN", NONSENSITIVE );
995	995
996		~~- //we need to do a subbase search for the entry~~
	996	+ // we need to do a subbase search for the entry
997	997
998		~~- //Auto auth needs to check LDAP for required attributes.~~
	998	+ // Auto auth needs to check LDAP for required attributes.
999	999	if ( ( isset( $wgLDAPAuthAttribute[$_SESSION['wsDomain']] ) )
1000	1000	&& $this->useAutoAuth() ) {
1001	1001	$auth_filter = "(" . $wgLDAPAuthAttribute[$_SESSION['wsDomain']] . ")";
—	—	@@ -1021,8 +1021,8 @@
1022	1022	$this->userInfo = @ldap_get_entries( $this->ldapconn, $entry );
1023	1023	$this->fetchedUserInfo = true;
1024	1024
1025		~~- //This is a pretty useful thing to have for auto authentication,~~
1026		~~- //group checking, and pulling preferences.~~
	1025	+ // This is a pretty useful thing to have for auto authentication,
	1026	+ // group checking, and pulling preferences.
1027	1027	wfRunHooks( 'SetUsernameAttributeFromLDAP', array( &$this->LDAPUsername, $this->userInfo ) );
1028	1028	if ( !is_string( $this->LDAPUsername ) ) {
1029	1029	$this->printDebug( "Fetched username is not a string (check your hook code...). This message can be safely ignored if you do not have the SetUsernameAttributeFromLDAP hook defined.", NONSENSITIVE );
—	—	@@ -1034,7 +1034,7 @@
1035	1035	}
1036	1036
1037	1037	function getUserInfo() {
1038		~~- //Don't fetch the same data more than once~~
	1038	+ // Don't fetch the same data more than once
1039	1039	if ( $this->fetchedUserInfo ) {
1040	1040	return $this->userInfo;
1041	1041	}
—	—	@@ -1060,14 +1060,14 @@
1061	1061	global $wgLDAPPreferences;
1062	1062	global $wgLDAPRetrievePrefs;
1063	1063
1064		~~- $this->printDebug("Entering getPreferences", NONSENSITIVE);~~
	1064	+ $this->printDebug( "Entering getPreferences", NONSENSITIVE );
1065	1065
1066	1066	$this->userInfo = $this->getUserInfo();
1067	1067	if ( is_null( $this->userInfo ) ) {
1068		~~- $this->printDebug("Failed to get preferences", NONSENSITIVE);~~
	1068	+ $this->printDebug( "Failed to get preferences", NONSENSITIVE );
1069	1069	}
1070	1070
1071		~~- //Retrieve preferences~~
	1071	+ // Retrieve preferences
1072	1072	if ( isset( $wgLDAPPreferences[$_SESSION['wsDomain']] ) ) {
1073	1073	$this->printDebug( "Retrieving preferences", NONSENSITIVE );
1074	1074	$prefs = $wgLDAPPreferences[$_SESSION['wsDomain']];
—	—	@@ -1100,20 +1100,20 @@
1101	1101	}
1102	1102	}
1103	1103	} else if ( isset( $wgLDAPRetrievePrefs[$_SESSION['wsDomain']] ) && $wgLDAPRetrievePrefs[$_SESSION['wsDomain']] ) {
1104		~~- //DEPRECATED. Kept for backwards compatibility.~~
	1104	+ // DEPRECATED. Kept for backwards compatibility.
1105	1105	$this->printDebug( "Retrieving preferences", NONSENSITIVE );
1106	1106	$this->printDebug( '$wgLDAPRetrievePrefs is a DEPRECATED option, please use $wgLDAPPreferences.', NONSENSITIVE );
1107	1107
1108		~~- if (isset($this->userInfo[0]["mail"])) {~~
	1108	+ if ( isset( $this->userInfo[0]["mail"] ) ) {
1109	1109	$this->email = $this->userInfo[0]["mail"][0];
1110	1110	}
1111		~~- if (isset($this->userInfo[0]["preferredlanguage"])) {~~
	1111	+ if ( isset( $this->userInfo[0]["preferredlanguage"] ) ) {
1112	1112	$this->lang = $this->userInfo[0]["preferredlanguage"][0];
1113	1113	}
1114		~~- if (isset($this->userInfo[0]["displayname"])) {~~
	1114	+ if ( isset( $this->userInfo[0]["displayname"] ) ) {
1115	1115	$this->nickname = $this->userInfo[0]["displayname"][0];
1116	1116	}
1117		~~- if (isset($this->userInfo[0]["cn"])) {~~
	1117	+ if ( isset( $this->userInfo[0]["cn"] ) ) {
1118	1118	$this->realname = $this->userInfo[0]["cn"][0];
1119	1119	}
1120	1120
—	—	@@ -1125,11 +1125,11 @@
1126	1126	global $wgLDAPUniqueBlockLogin, $wgLDAPUniqueRenameUser;
1127	1127	global $wgLDAPUniqueAttribute;
1128	1128
1129		~~- $this->printDebug("Entering synchUsername", NONSENSITIVE);~~
	1129	+ $this->printDebug( "Entering synchUsername", NONSENSITIVE );
1130	1130
1131	1131	$this->userInfo = $this->getUserInfo();
1132	1132	if ( is_null( $this->userInfo ) ) {
1133		~~- $this->printDebug("Failed to get preferences", NONSENSITIVE);~~
	1133	+ $this->printDebug( "Failed to get preferences", NONSENSITIVE );
1134	1134	}
1135	1135
1136	1136	// Are we blocking login/renaming users on unique external ID mismatches?
—	—	@@ -1144,7 +1144,7 @@
1145	1145
1146	1146	$this->printDebug( "Checking for username change in LDAP.", SENSITIVE );
1147	1147
1148		~~- //Get the user's unique attribute from LDAP~~
	1148	+ // Get the user's unique attribute from LDAP
1149	1149	if ( isset( $wgLDAPUniqueAttribute[$_SESSION['wsDomain']] ) ) {
1150	1150	$ldapuniqueattr = $wgLDAPUniqueAttribute[$_SESSION['wsDomain']];
1151	1151	$this->externalid = $this->info[0][$ldapuniqueattr][0];
—	—	@@ -1214,13 +1214,13 @@
1215	1215	global $wgLDAPGroupDN;
1216	1216	global $wgLDAPRequiredGroups, $wgLDAPExcludedGroups;
1217	1217
1218		~~- $this->printDebug("Entering checkGroups", NONSENSITIVE);~~
	1218	+ $this->printDebug( "Entering checkGroups", NONSENSITIVE );
1219	1219
1220		~~- //Old style groups, non-nestable and fairly limited on group type (full DN~~
1221		~~- //versus username). DEPRECATED~~
	1220	+ // Old style groups, non-nestable and fairly limited on group type (full DN
	1221	+ // versus username). DEPRECATED
1222	1222	if ( $wgLDAPGroupDN ) {
1223	1223	$this->printDebug( "Checking for (old style) group membership", NONSENSITIVE );
1224		~~- //we need to do a subbase search for the entry~~
	1224	+ // we need to do a subbase search for the entry
1225	1225	$filter = "(member=" . $this->getLdapEscapedString( $this->userdn ) . ")";
1226	1226	$info = @ldap_get_entries( $this->ldapconn, @ldap_search( $this->ldapconn, $wgLDAPGroupDN, $filter ) );
1227	1227
—	—	@@ -1245,7 +1245,7 @@
1246	1246	}
1247	1247	}
1248	1248
1249		~~- //New style group checking~~
	1249	+ // New style group checking
1250	1250	if ( isset( $wgLDAPRequiredGroups[$_SESSION['wsDomain']] ) ) {
1251	1251	$this->printDebug( "Checking for (new style) group membership", NONSENSITIVE );
1252	1252	$reqgroups = $wgLDAPRequiredGroups[$_SESSION['wsDomain']];
—	—	@@ -1263,7 +1263,7 @@
1264	1264	}
1265	1265	}
1266	1266
1267		~~- $this->printDebug("Couldn't find the user in any groups.", NONSENSITIVE );~~
	1267	+ $this->printDebug( "Couldn't find the user in any groups.", NONSENSITIVE );
1268	1268	return false;
1269	1269	}
1270	1270
—	—	@@ -1283,13 +1283,13 @@
1284	1284	global $wgLDAPGroupsPrevail;
1285	1285	global $wgLDAPGroupsUseMemberOf;
1286	1286
1287		~~- $this->printDebug("Entering getGroups", NONSENSITIVE);~~
	1287	+ $this->printDebug( "Entering getGroups", NONSENSITIVE );
1288	1288
1289		~~- //Find groups~~
	1289	+ // Find groups
1290	1290	if ( isset( $wgLDAPRequiredGroups[$_SESSION['wsDomain']] ) \|\| ( isset( $wgLDAPUseLDAPGroups[$_SESSION['wsDomain']] ) && $wgLDAPUseLDAPGroups[$_SESSION['wsDomain']] ) ) {
1291	1291	$this->printDebug( "Retrieving LDAP group membership", NONSENSITIVE );
1292	1292
1293		~~- //Let's figure out what we should be searching for~~
	1293	+ // Let's figure out what we should be searching for
1294	1294	if ( isset( $wgLDAPGroupUseFullDN[$_SESSION['wsDomain']] ) && $wgLDAPGroupUseFullDN[$_SESSION['wsDomain']] ) {
1295	1295	$usertopass = $this->userdn;
1296	1296	} else {
—	—	@@ -1306,14 +1306,14 @@
1307	1307	$this->printDebug( "Using memberOf", NONSENSITIVE );
1308	1308	$this->userInfo = $this->getUserInfo();
1309	1309	if ( is_null( $this->userInfo ) ) {
1310		~~- $this->printDebug("Failed to get memberOf attribute", NONSENSITIVE);~~
	1310	+ $this->printDebug( "Failed to get memberOf attribute", NONSENSITIVE );
1311	1311	}
1312	1312	if ( isset( $this->userInfo[0]["memberof"] ) ) {
1313	1313	# The first entry is always a count
1314	1314	$memberOfMembers = $this->userInfo[0]["memberof"];
1315	1315	array_shift( $memberOfMembers );
1316		~~- $groups = array( "dn"=> array(), "short"=>array() );~~
1317		~~- foreach( $memberOfMembers as $mem ) {~~
	1316	+ $groups = array( "dn" => array(), "short" => array() );
	1317	+ foreach ( $memberOfMembers as $mem ) {
1318	1318	array_push( $groups["dn"], strtolower( $mem ) );
1319	1319	}
1320	1320	$this->userLDAPGroups = $groups;
—	—	@@ -1328,8 +1328,8 @@
1329	1329	}
1330	1330	}
1331	1331
1332		~~- //Only find all groups if the user has any groups; otherwise, we are~~
1333		~~- //just wasting a search.~~
	1332	+ // Only find all groups if the user has any groups; otherwise, we are
	1333	+ // just wasting a search.
1334	1334	if ( ( isset( $wgLDAPGroupsPrevail[$_SESSION['wsDomain']] ) && $wgLDAPGroupsPrevail[$_SESSION['wsDomain']] ) && count( $this->userLDAPGroups ) != 0 ) {
1335	1335	$this->allLDAPGroups = $this->searchGroups( '*' );
1336	1336	}
—	—	@@ -1349,7 +1349,7 @@
1350	1350	function searchNestedGroups( $groups, $searchedgroups = array( "dn" => Array(), "short" => Array() ) ) {
1351	1351	$this->printDebug( "Entering searchNestedGroups", NONSENSITIVE );
1352	1352
1353		~~- //base case, no more groups left to check~~
	1353	+ // base case, no more groups left to check
1354	1354	if ( count( $groups["dn"] ) == 0 ) {
1355	1355	$this->printDebug( "No more groups to search.", NONSENSITIVE );
1356	1356	return $searchedgroups;
—	—	@@ -1357,27 +1357,27 @@
1358	1358
1359	1359	$this->printDebug( "Searching groups:", SENSITIVE, $groups["dn"] );
1360	1360
1361		~~- $groupstosearch = array( "short"=>array(), "dn"=>array() );~~
	1361	+ $groupstosearch = array( "short" => array(), "dn" => array() );
1362	1362	foreach ( $groups["dn"] as $group ) {
1363	1363	$returnedgroups = $this->searchGroups( $group );
1364	1364	$this->printDebug( "Group $group is in the following groups:", SENSITIVE, $returnedgroups["dn"] );
1365	1365	foreach ( $returnedgroups["dn"] as $searchme ) {
1366	1366	if ( in_array( $searchme, $searchedgroups["dn"] ) ) {
1367		~~- //We already searched this, move on~~
	1367	+ // We already searched this, move on
1368	1368	continue;
1369	1369	} else {
1370		~~- //We'll need to search this group's members now~~
	1370	+ // We'll need to search this group's members now
1371	1371	$this->printDebug( "Adding $searchme to the list of groups (1)", SENSITIVE );
1372	1372	$groupstosearch["dn"][] = $searchme;
1373	1373	}
1374	1374	}
1375	1375	foreach ( $returnedgroups["short"] as $searchme ) {
1376	1376	if ( in_array( $searchme, $searchedgroups["short"] ) ) {
1377		~~- //We already searched this, move on~~
	1377	+ // We already searched this, move on
1378	1378	continue;
1379	1379	} else {
1380	1380	$this->printDebug( "Adding $searchme to the list of groups (2)", SENSITIVE );
1381		~~- //We'll need to search this group's members now~~
	1381	+ // We'll need to search this group's members now
1382	1382	$groupstosearch["short"][] = $searchme;
1383	1383	}
1384	1384	}
—	—	@@ -1385,8 +1385,8 @@
1386	1386
1387	1387	$searchedgroups = array_merge_recursive( $groups, $searchedgroups );
1388	1388
1389		~~- //Mmmmmm. Tail recursion. Tasty.~~
1390		~~- return $this->searchNestedGroups( $groupstosearch, $searchedgroups );~~
	1389	+ // Mmmmmm. Tail recursion. Tasty.
	1390	+ return $this->searchNestedGroups( $groupstosearch, $searchedgroups );
1391	1391	}
1392	1392
1393	1393	/**
—	—	@@ -1419,30 +1419,30 @@
1420	1420	$this->printDebug( "Search string: $filter", SENSITIVE );
1421	1421
1422	1422	if ( isset( $wgLDAPProxyAgent[$_SESSION['wsDomain']] ) ) {
1423		~~- //We'll try to bind as the proxyagent as the proxyagent should normally have more~~
1424		~~- //rights than the user. If the proxyagent fails to bind, we will still be able~~
1425		~~- //to search as the normal user (which is why we don't return on fail).~~
	1423	+ // We'll try to bind as the proxyagent as the proxyagent should normally have more
	1424	+ // rights than the user. If the proxyagent fails to bind, we will still be able
	1425	+ // to search as the normal user (which is why we don't return on fail).
1426	1426	$this->printDebug( "Binding as the proxyagent", NONSENSITIVE );
1427	1427	$bind = $this->bindAs( $wgLDAPProxyAgent[$_SESSION['wsDomain']], $wgLDAPProxyAgentPassword[$_SESSION['wsDomain']] );
1428	1428	}
1429	1429
1430	1430	$info = @ldap_search( $this->ldapconn, $base, $filter );
1431		~~- #if ( $info["count"] < 1 ) {~~
	1431	+ # if ( $info["count"] < 1 ) {
1432	1432	if ( !$info ) {
1433	1433	$this->printDebug( "No entries returned from search.", SENSITIVE );
1434	1434
1435		~~- //Return an array so that other functions~~
1436		~~- //don't error out.~~
1437		~~- return array( "short"=>array(), "dn"=>array() );~~
	1435	+ // Return an array so that other functions
	1436	+ // don't error out.
	1437	+ return array( "short" => array(), "dn" => array() );
1438	1438	}
1439	1439
1440	1440	$entries = @ldap_get_entries( $this->ldapconn, $info );
1441	1441
1442		~~- //We need to shift because the first entry will be a count~~
	1442	+ // We need to shift because the first entry will be a count
1443	1443	array_shift( $entries );
1444	1444
1445		~~- //Let's get a list of both full dn groups and shortname groups~~
1446		~~- $groups = array( "short"=>array(), "dn"=>array() );~~
	1445	+ // Let's get a list of both full dn groups and shortname groups
	1446	+ $groups = array( "short" => array(), "dn" => array() );
1447	1447	foreach ( $entries as $entry ) {
1448	1448	$shortMember = strtolower( $entry[$nameattribute][0] );
1449	1449	$dnMember = strtolower( $entry['dn'] );
—	—	@@ -1493,7 +1493,7 @@
1494	1494	global $wgLDAPGroupsPrevail, $wgGroupPermissions;
1495	1495	global $wgLDAPLocallyManagedGroups;
1496	1496
1497		~~- //TODO: this is really ugly code. clean it up!~~
	1497	+ // TODO: this is really ugly code. clean it up!
1498	1498
1499	1499	$this->printDebug( "Entering setGroups.", NONSENSITIVE );
1500	1500
—	—	@@ -1505,7 +1505,7 @@
1506	1506
1507	1507	if ( isset( $wgLDAPLocallyManagedGroups[$_SESSION['wsDomain']] ) ) {
1508	1508	$locallyManagedGrps = $wgLDAPLocallyManagedGroups[$_SESSION['wsDomain']];
1509		~~- $locallyManagedGrps = array_unique( array_merge( $defaultLocallyManagedGrps, $locallyManagedGrps ) );~~
	1509	+ $locallyManagedGrps = array_unique( array_merge( $defaultLocallyManagedGrps, $locallyManagedGrps ) );
1510	1510	$this->printDebug( "Locally managed groups: ", SENSITIVE, $locallyManagedGrps );
1511	1511	} else {
1512	1512	$locallyManagedGrps = $defaultLocallyManagedGrps;
—	—	@@ -1528,7 +1528,7 @@
1529	1529	# as $localAvailGrps contains $cGroup only once.
1530	1530	foreach ( $localAvailGrps as $cGroup ) {
1531	1531	# did we once add the user to the group?
1532		~~- if ( in_array( $cGroup,$localUserGrps ) ) {~~
	1532	+ if ( in_array( $cGroup, $localUserGrps ) ) {
1533	1533	$this->printDebug( "Checking to see if we need to remove user from: $cGroup", NONSENSITIVE );
1534	1534	if ( ( !$this->hasLDAPGroup( $cGroup ) ) && ( !in_array( $cGroup, $locallyManagedGrps ) ) ) {
1535	1535	$this->printDebug( "Removing user from: $cGroup", NONSENSITIVE );
—	—	@@ -1564,7 +1564,7 @@
1565	1565	$hashtouse = '';
1566	1566	}
1567	1567
1568		~~- //Set the password hashing based upon admin preference~~
	1568	+ // Set the password hashing based upon admin preference
1569	1569	switch ( $hashtouse ) {
1570	1570	case 'crypt':
1571	1571	$pass = '{CRYPT}' . crypt( $password );
—	—	@@ -1573,8 +1573,8 @@
1574	1574	$pass = $password;
1575	1575	break;
1576	1576	default:
1577		~~- $pwd_sha = base64_encode( pack( 'H*',sha1( $password ) ) );~~
1578		~~- $pass = "{SHA}".$pwd_sha;~~
	1577	+ $pwd_sha = base64_encode( pack( 'H*', sha1( $password ) ) );
	1578	+ $pass = "{SHA}" . $pwd_sha;
1579	1579	break;
1580	1580	}
1581	1581
—	—	@@ -1614,8 +1614,8 @@
1615	1615	* @return bool
1616	1616	* @access private
1617	1617	*/
1618		~~- function bindAs( $userdn=null, $password=null ) {~~
1619		~~- //Let's see if the user can authenticate.~~
	1618	+ function bindAs( $userdn = null, $password = null ) {
	1619	+ // Let's see if the user can authenticate.
1620	1620	if ( $userdn == null \|\| $password == null ) {
1621	1621	$bind = @ldap_bind( $this->ldapconn );
1622	1622	} else {
—	—	@@ -1655,9 +1655,9 @@
1656	1656	function getLdapEscapedString ( $string ) {
1657	1657	// Make the string LDAP compliant by escaping *, (, ) , \ & NUL
1658	1658	return str_replace(
1659		~~- array( "*", "(", ")", "\\", "\x00" ), //replace this~~
1660		~~- array( "\\2a", "\\28", "\\29", "\\5c", "\\00" ), //with this~~
1661		~~- $string //in this~~
	1659	+ array( "*", "(", ")", "\\", "\x00" ), // replace this
	1660	+ array( "\\2a", "\\28", "\\29", "\\5c", "\\00" ), // with this
	1661	+ $string // in this
1662	1662	);
1663	1663	}
1664	1664
—	—	@@ -1731,7 +1731,7 @@
1732	1732
1733	1733	$wgAuth->printDebug( "Entering AutoAuthSetup.", NONSENSITIVE );
1734	1734
1735		~~- //Set configuration options for backwards compatibility~~
	1735	+ // Set configuration options for backwards compatibility
1736	1736	if ( isset( $wgLDAPSSLUsername ) ) {
1737	1737	$wgAuth->printDebug( 'Setting $wgLDAPAutoAuthUsername to $wgLDAPSSLUsername; please change your configuration to fix this deprecated configuration variable.', NONSENSITIVE );
1738	1738	$wgLDAPAutoAuthUsername = $wgLDAPSSLUsername;
—	—	@@ -1741,7 +1741,7 @@
1742	1742	$wgLDAPAutoAuthDomain = $wgLDAPSmartcardDomain;
1743	1743	}
1744	1744
1745		~~- if( $wgLDAPAutoAuthUsername != null ) {~~
	1745	+ if ( $wgLDAPAutoAuthUsername != null ) {
1746	1746	$wgAuth->printDebug( "wgLDAPAutoAuthUsername is not null, adding hooks.", NONSENSITIVE );
1747	1747	if ( version_compare( $wgVersion, '1.14.0', '<' ) ) {
1748	1748	if ( version_compare( $wgVersion, '1.13.0', '<' ) ) {

Status & tagging log

21:33, 27 November 2010 VasilievVV (talk | contribs) changed the status of r65178 [removed: new added: ok]