1 <?php # vim:ts=2:sw=2:et:
2 /* For licensing and copyright terms, see the file named LICENSE */
3 include '../../inc/common.php';
5 MTrackACL::requireAnyRights('User', 'modify');
6 $plugins = MTrackConfig::getSection('plugins');
8 function get_openid_admins()
12 foreach (MTrackConfig::getSection('user_classes') as $id => $role) {
13 if ($role == 'admin') {
14 if (preg_match('@^https?://@', $id)) {
17 $regadmins[$id] = $id;
21 if (count($regadmins)) {
22 /* look at aliases to see if there are any that look like OpenIDs */
23 foreach (MTrackDB::q('select alias, userid from useraliases')->fetchAll()
25 if (!preg_match('@^https?://@', $row[0])) {
28 if (isset($regadmins[$row[1]])) {
39 foreach (MTrackConfig::getSection('user_classes') as $id => $role) {
40 if ($role == 'admin' && !preg_match('@^https?://@', $id)) {
49 if ($_SERVER['REQUEST_METHOD'] == 'POST') {
50 if (isset($_POST['setuppublic'])) {
51 $admins = get_openid_admins();
52 $add_admin = isset($_POST['adminopenid']) ?
53 trim($_POST['adminopenid']) : '';
54 $localid = isset($_POST['adminuserid']) ?
55 trim($_POST['adminuserid']) : '';
56 if (count($admins) == 0 && (!strlen($add_admin) || !strlen($localid))) {
57 $message = "You MUST add an OpenID for the administrator";
59 if (strlen($localid)) {
60 MTrackConfig::set('user_classes', $localid, 'admin');
63 foreach (MTrackDB::q('select userid from userinfo where userid = ?',
64 $localid)->fetchAll() as $row) {
69 MTrackDB::q('insert into userinfo (userid, active) values (?, 1)', $localid);
72 foreach (MTrackDB::q('select userid from useraliases where alias = ?', $add_admin)->fetchAll() as $row) {
73 if ($row[0] != $localid) {
74 throw new Exception("$add_admin is already associated with $row[0]");
79 MTrackDB::q('insert into useraliases (userid, alias) values (?,?)',
80 $localid, $add_admin);
83 MTrackConfig::set('plugins', 'MTrackAuth_OpenID', '');
84 if (isset($plugins['MTrackAuth_HTTP'])) {
85 MTrackConfig::remove('plugins', 'MTrackAuth_HTTP');
86 // Reset anonymous for public access
87 MTrackConfig::remove('user_class_roles', 'anonymous');
91 header("Location: {$ABSWEB}admin/auth.php");
94 } elseif (isset($_POST['setupprivate'])) {
95 $admins = get_admins();
96 $add_admin = isset($_POST['adminuser']) ?
97 trim($_POST['adminuser']) : '';
98 if (count($admins) == 0 && !strlen($add_admin)) {
99 $message = "You MUST add a user with admin rights";
101 $vardir = MTrackConfig::get('core', 'vardir');
102 $pfile = "$vardir/http.user";
104 if (strlen($add_admin)) {
105 if (!isset($_SERVER['REMOTE_USER'])) {
106 // validate the password
107 if ($_POST['adminpass1'] != $_POST['adminpass2']) {
108 $message = "Passwords don't match";
110 $http_auth = new MTrackAuth_HTTP(null, "digest:$pfile");
111 $http_auth->setUserPassword($add_admin, $_POST['adminpass1']);
114 MTrackConfig::set('user_classes', $add_admin, 'admin');
116 if ($message == null) {
117 if (!isset($plugins['MTrackAuth_HTTP'])) {
118 MTrackConfig::set('plugins', 'MTrackAuth_HTTP',
119 "$vardir/http.group, digest:$pfile");
121 if (isset($plugins['MTrackAuth_OpenID'])) {
122 MTrackConfig::remove('plugins', 'MTrackAuth_OpenID');
123 // Set up the roles for private access
124 // Use default authenticated permissions
125 MTrackConfig::remove('user_class_roles', 'authenticated');
126 // Make anonymous have no rights
127 MTrackConfig::set('user_class_roles', 'anonymous', '');
129 MTrackConfig::save();
130 header("Location: {$ABSWEB}admin/auth.php");
137 mtrack_head("Administration - Authentication");
139 $plugins = MTrackConfig::getSection('plugins');
140 $http_configd = isset($plugins['MTrackAuth_HTTP']) ? " (Active)" : '';
141 $openid_configd = isset($plugins['MTrackAuth_OpenID']) ? " (Active)" : '';
145 <h1>Authentication</h1>
148 $message = htmlentities($message, ENT_QUOTES, 'utf-8');
150 <div class='ui-state-error ui-corner-all'>
151 <span class='ui-icon ui-icon-alert'></span>
160 Select one of the following, depending
161 on which one best matches your intended mtrack deployment:
165 <div id="authaccordion">
166 <h2><a href='#'>Private (HTTP authentication)<?php echo $http_configd ?></a></h2>
169 I want to strictly control who has access to mtrack, and prevent
170 anonymous users from having any rights.
173 if (isset($_SERVER['REMOTE_USER'])) {
176 It looks like your web server is configured to use HTTP authentication
177 (you're authenticated as <?php
178 echo htmlentities($_SERVER['REMOTE_USER'], ENT_QUOTES, 'utf-8') ?>)
179 mtrack will defer to your web server configuration for authentication.
180 Contact your system administrator to add or remove users, or to change
181 their passwords. You may still use the mtrack user management screens
182 to change rights assignments for the users.
188 mtrack will use HTTP authentication and store the password and group
189 files in the <em>vardir</em>.
193 echo "<h3>Administrators</h3>";
194 $admins = get_admins();
195 if (count($admins)) {
196 echo "<p>The following users are configured with admin rights:</p>";
198 foreach ($admins as $id) {
199 echo mtrack_username($id) . " ";
204 <p>You <em>MUST</em> add at least one user as an administrator,
205 otherwise no one will be able to administer the system without editing
213 <td><b>Add Admin User</b>:</td>
214 <td><input type="text" name="adminuser"></td>
218 if (!isset($_SERVER['REMOTE_USER'])) {
221 <td><b>Set Password</b>:</td>
222 <td><input type="password" name="adminpass1"></td>
225 <td><b>Confirm Password</b>:</td>
226 <td><input type="password" name="adminpass2"></td>
234 <em>You can't set the password here, because mtrack has no way to automatically
235 find out how to do that. Contact your system administrator to ensure that
236 you have a username and password configured for mtrack</em></p>
241 <input type='submit' name='setupprivate'
242 value='Configure Private Authentication'>
245 <h2><a href='#'>Public (OpenID)<?php echo $openid_configd ?></a></h2>
248 I want to allow the public access to mtrack, but only allow people that
249 I trust to make certain kinds of changes.
252 mtrack will use OpenID to manage authentication.
254 <h3>Administrators</h3>
256 $admins = get_openid_admins();
257 if (count($admins)) {
258 echo "<p>The following OpenID users are configured with admin rights:</p>";
260 foreach ($admins as $id) {
261 echo mtrack_username($id) . " ($id) ";
266 <p>You <em>MUST</em> add at least one OpenID as an administrator,
267 otherwise no one will be able to administer the system without editing
273 <b>Add Admin OpenID</b>: <input type="text" name="adminopenid"><br>
274 <b>Local Username</b>: <input type="text" name="adminuserid"><br>
275 <input type='submit' name='setuppublic'
276 value='Configure Public Authentication'>
281 $(document).ready(function () {
282 $('#authaccordion').accordion({
284 if (isset($plugins['MTrackAuth_OpenID'])) {