This authentication module, changes the password check for DokuWiki, from using the password file, to use an IMAP or pop3 server. It is build on the plain authentication backend, and works in the same way, with the only change that user passwords are checked against an IMAP/POP3 server.
NB: You still need to create you users in DokuWiki before they can log in.
Copy the file imap.class.php to “inc/auth”.
Or manually create the file by applying the following steps:
Copy the plain module:
cp plain.class.php imap.class.php
Change the following lines in the file imap.class.php:
[...] class auth_imap extends auth_basic { [...] function auth_imap() { [...] $this->cando['modPass'] = false; [...] function checkPass($user,$pass){ $userinfo = $this->getUserData($user); if ($userinfo === false) return false; $toReturn=false; $imap_login = @imap_open("{imap.server:143/novalidate-cert}", $user."@domain.tld", $pass, OP_HALFOPEN, 1); if ($imap_login == false){ $toReturn = false; } else { $toReturn = true; imap_close($imap_login); } return $toReturn; } [...] function createUser($user,$pwd,$name,$mail,$grps=null){ [...] $tmppass = time(); $pass = auth_cryptPassword($tmppass); [...]
Now update the IMAP/pop3 server connection string.
imap_open("{imap.server:143/novalidate-cert}", $user."@domain.tld", $pass, OP_HALFOPEN, 1);
See http://dk.php.net/imap_open for documentation on the imap_open function.
As noted in pam there seams to be a bug in the User Manager, it won't create a user if no password is specified. Fix it by either applying the patch on pam or by setting “$this→cando['modPass']” to true, and specifying a random password when the user is created.
by mpc@20080825 :
I guess we must also, as specified in pam auth , configure DokuWiki tu use imap auth by adding the following line to local.php:
$conf['authtype'] = 'imap';
Anyway, even if adding user in the configuration panel works fine, authentication does not works on my SME 7.3 server with this code, I had to modify the “imap_open” function line to inc/auth/imap.class.php like this to make it works :
$imap_login = @imap_open("{myserver:143/imap/novalidate-cert}", $user, $pass);
of course, use this code this if your server supports imaps :
$imap_login = @imap_open("{myserver:993/imap/ssl/novalidate-cert}", $user, $pass);
Except a little bug (error message display when adding a user, but user added anyway), everything works great.
mjm 20080913:
I have modified the checkPass function to allow users to enter a full email address into the Username field during login. DokuWiki automatically converts the '@' in the email address into an underscore (“_”) in the username. This version of checkPass:
function checkPass($user,$pass){
#$userinfo = $this->getUserData($user);
#if ($userinfo === false) return false;
$toReturn=false;
list( $imapUser, $imapDomain) = split('[_@]', $user);
if(!$imapDomain) $imapDomain = "null";
$imapDomain= strtolower( $imapDomain);
switch ($imapDomain) {
case "domainone.com":
$_groups = array( 'user', 'domainone');
$imapServer = "{mail.domainone.com:993/imap/ssl/novalidate-cert}";
$imapLogin = $imapUser.'@'.$imapDomain;
break;
case "domaintwo.org":
$_groups = array( 'user', 'domaintwo');
$imapServer = "{imap.domaintwo.org:993/imap/ssl/novalidate-cert}";
$imapLogin = $imapUser
break;
case "null":
unset ($imapServer);
}
switch (isset($imapServer)) {
case true:
$imap_login = @imap_open($imapServer, $imapLogin, $pass);
if ($imap_login == false){
$toReturn = false;
} else {
$toReturn = true;
imap_close($imap_login);
$userinfo = $this->getUserData($user);
if ($userinfo === false) $newUser = $this->createUser($user,"!imap_auth!",
$imapUser,$imapUser.'@'.$imapDomain,$_groups);
}
break;
case false:
$userinfo = $this->getUserData($user);
if ($userinfo === false) {
$toReturn = false;
} else {
$toReturn = auth_verifyPassword($pass,$this->users[$user]['pass']);
}
}
return $toReturn;
}