$role) { if ($role == 'admin') { if (preg_match('@^https?://@', $id)) { $admins[] = $id; } else { $regadmins[$id] = $id; } } } if (count($regadmins)) { /* look at aliases to see if there are any that look like OpenIDs */ foreach (MTrackDB::q('select alias, userid from useraliases')->fetchAll() as $row) { if (!preg_match('@^https?://@', $row[0])) { continue; } if (isset($regadmins[$row[1]])) { $admins[] = $row[0]; } } } return $admins; } function get_admins() { $admins = array(); foreach (MTrackConfig::getSection('user_classes') as $id => $role) { if ($role == 'admin' && !preg_match('@^https?://@', $id)) { $admins[] = $id; } } return $admins; } $message = null; if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (isset($_POST['setuppublic'])) { $admins = get_openid_admins(); $add_admin = isset($_POST['adminopenid']) ? trim($_POST['adminopenid']) : ''; $localid = isset($_POST['adminuserid']) ? trim($_POST['adminuserid']) : ''; if (count($admins) == 0 && (!strlen($add_admin) || !strlen($localid))) { $message = "You MUST add an OpenID for the administrator"; } else { if (strlen($localid)) { MTrackConfig::set('user_classes', $localid, 'admin'); } $new = true; foreach (MTrackDB::q('select userid from userinfo where userid = ?', $localid)->fetchAll() as $row) { $new = false; break; } if ($new) { MTrackDB::q('insert into userinfo (userid, active) values (?, 1)', $localid); } $new = true; foreach (MTrackDB::q('select userid from useraliases where alias = ?', $add_admin)->fetchAll() as $row) { if ($row[0] != $localid) { throw new Exception("$add_admin is already associated with $row[0]"); } $new = false; } if ($new) { MTrackDB::q('insert into useraliases (userid, alias) values (?,?)', $localid, $add_admin); } MTrackConfig::set('plugins', 'MTrackAuth_OpenID', ''); if (isset($plugins['MTrackAuth_HTTP'])) { MTrackConfig::remove('plugins', 'MTrackAuth_HTTP'); // Reset anonymous for public access MTrackConfig::remove('user_class_roles', 'anonymous'); } MTrackConfig::save(); header("Location: {$ABSWEB}admin/auth.php"); exit; } } elseif (isset($_POST['setupprivate'])) { $admins = get_admins(); $add_admin = isset($_POST['adminuser']) ? trim($_POST['adminuser']) : ''; if (count($admins) == 0 && !strlen($add_admin)) { $message = "You MUST add a user with admin rights"; } else { $vardir = MTrackConfig::get('core', 'vardir'); $pfile = "$vardir/http.user"; if (strlen($add_admin)) { if (!isset($_SERVER['REMOTE_USER'])) { // validate the password if ($_POST['adminpass1'] != $_POST['adminpass2']) { $message = "Passwords don't match"; } else { $http_auth = new MTrackAuth_HTTP(null, "digest:$pfile"); $http_auth->setUserPassword($add_admin, $_POST['adminpass1']); } } MTrackConfig::set('user_classes', $add_admin, 'admin'); } if ($message == null) { if (!isset($plugins['MTrackAuth_HTTP'])) { MTrackConfig::set('plugins', 'MTrackAuth_HTTP', "$vardir/http.group, digest:$pfile"); } if (isset($plugins['MTrackAuth_OpenID'])) { MTrackConfig::remove('plugins', 'MTrackAuth_OpenID'); // Set up the roles for private access // Use default authenticated permissions MTrackConfig::remove('user_class_roles', 'authenticated'); // Make anonymous have no rights MTrackConfig::set('user_class_roles', 'anonymous', ''); } MTrackConfig::save(); header("Location: {$ABSWEB}admin/auth.php"); exit; } } } } mtrack_head("Administration - Authentication"); $plugins = MTrackConfig::getSection('plugins'); $http_configd = isset($plugins['MTrackAuth_HTTP']) ? " (Active)" : ''; $openid_configd = isset($plugins['MTrackAuth_OpenID']) ? " (Active)" : ''; ?>
Select one of the following, depending on which one best matches your intended mtrack deployment: