$role) { if ($role == 'admin') { if (preg_match('@^https?://@', $id)) { $admins[] = $id; } else { $regadmins[$id] = $id; } } } if (count($regadmins)) { /* look at aliases to see if there are any that look like OpenIDs */ foreach (MTrackDB::q('select alias, userid from useraliases')->fetchAll() as $row) { if (!preg_match('@^https?://@', $row[0])) { continue; } if (isset($regadmins[$row[1]])) { $admins[] = $row[0]; } } } return $admins; } function get_admins() { $admins = array(); foreach (MTrackConfig::getSection('user_classes') as $id => $role) { if ($role == 'admin' && !preg_match('@^https?://@', $id)) { $admins[] = $id; } } return $admins; } $message = null; if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (isset($_POST['setuppublic'])) { $admins = get_openid_admins(); $add_admin = isset($_POST['adminopenid']) ? trim($_POST['adminopenid']) : ''; $localid = isset($_POST['adminuserid']) ? trim($_POST['adminuserid']) : ''; if (count($admins) == 0 && (!strlen($add_admin) || !strlen($localid))) { $message = "You MUST add an OpenID for the administrator"; } else { if (strlen($localid)) { MTrackConfig::set('user_classes', $localid, 'admin'); } $new = true; foreach (MTrackDB::q('select userid from userinfo where userid = ?', $localid)->fetchAll() as $row) { $new = false; break; } if ($new) { MTrackDB::q('insert into userinfo (userid, active) values (?, 1)', $localid); } $new = true; foreach (MTrackDB::q('select userid from useraliases where alias = ?', $add_admin)->fetchAll() as $row) { if ($row[0] != $localid) { throw new Exception("$add_admin is already associated with $row[0]"); } $new = false; } if ($new) { MTrackDB::q('insert into useraliases (userid, alias) values (?,?)', $localid, $add_admin); } MTrackConfig::set('plugins', 'MTrackAuth_OpenID', ''); if (isset($plugins['MTrackAuth_HTTP'])) { MTrackConfig::remove('plugins', 'MTrackAuth_HTTP'); // Reset anonymous for public access MTrackConfig::remove('user_class_roles', 'anonymous'); } MTrackConfig::save(); header("Location: {$ABSWEB}admin/auth.php"); exit; } } elseif (isset($_POST['setupprivate'])) { $admins = get_admins(); $add_admin = isset($_POST['adminuser']) ? trim($_POST['adminuser']) : ''; if (count($admins) == 0 && !strlen($add_admin)) { $message = "You MUST add a user with admin rights"; } else { $vardir = MTrackConfig::get('core', 'vardir'); $pfile = "$vardir/http.user"; if (strlen($add_admin)) { if (!isset($_SERVER['REMOTE_USER'])) { // validate the password if ($_POST['adminpass1'] != $_POST['adminpass2']) { $message = "Passwords don't match"; } else { $http_auth = new MTrackAuth_HTTP(null, "digest:$pfile"); $http_auth->setUserPassword($add_admin, $_POST['adminpass1']); } } MTrackConfig::set('user_classes', $add_admin, 'admin'); } if ($message == null) { if (!isset($plugins['MTrackAuth_HTTP'])) { MTrackConfig::set('plugins', 'MTrackAuth_HTTP', "$vardir/http.group, digest:$pfile"); } if (isset($plugins['MTrackAuth_OpenID'])) { MTrackConfig::remove('plugins', 'MTrackAuth_OpenID'); // Set up the roles for private access // Use default authenticated permissions MTrackConfig::remove('user_class_roles', 'authenticated'); // Make anonymous have no rights MTrackConfig::set('user_class_roles', 'anonymous', ''); } MTrackConfig::save(); header("Location: {$ABSWEB}admin/auth.php"); exit; } } } } mtrack_head("Administration - Authentication"); $plugins = MTrackConfig::getSection('plugins'); $http_configd = isset($plugins['MTrackAuth_HTTP']) ? " (Active)" : ''; $openid_configd = isset($plugins['MTrackAuth_OpenID']) ? " (Active)" : ''; ?>

Authentication

$message HTML; } ?>

Select one of the following, depending on which one best matches your intended mtrack deployment:

Private (HTTP authentication)

I want to strictly control who has access to mtrack, and prevent anonymous users from having any rights.

It looks like your web server is configured to use HTTP authentication (you're authenticated as ) mtrack will defer to your web server configuration for authentication. Contact your system administrator to add or remove users, or to change their passwords. You may still use the mtrack user management screens to change rights assignments for the users.

mtrack will use HTTP authentication and store the password and group files in the vardir.

Administrators"; $admins = get_admins(); if (count($admins)) { echo "

The following users are configured with admin rights:

"; echo "

"; foreach ($admins as $id) { echo mtrack_username($id) . " "; } echo "

"; } else { echo <<You MUST add at least one user as an administrator, otherwise no one will be able to administer the system without editing the config.ini file.

HTML; echo << Add Admin User: HTML; if (!isset($_SERVER['REMOTE_USER'])) { echo << Set Password: Confirm Password: HTML; } else { echo <<

You can't set the password here, because mtrack has no way to automatically find out how to do that. Contact your system administrator to ensure that you have a username and password configured for mtrack

HTML; } } ?>

Public (OpenID)

I want to allow the public access to mtrack, but only allow people that I trust to make certain kinds of changes.

mtrack will use OpenID to manage authentication.

Administrators

The following OpenID users are configured with admin rights:

"; echo "

"; foreach ($admins as $id) { echo mtrack_username($id) . " ($id) "; } echo "

"; } else { echo <<You MUST add at least one OpenID as an administrator, otherwise no one will be able to administer the system without editing the config.ini file.

HTML; } ?> Add Admin OpenID:
Local Username: