<?php if (!defined('PmWiki')) exit();

/*
#===============================================================================
# sessionauthform.php
#===============================================================================
# Copyright (c) 2004 Thomas Weibel. All rights reserved.
#
# This script allows seamless embedding of authentication into your Wiki
#
# To install the script, add the following to your config.php:
#
#  include_once("local/sessionauthform.php");
#
# Configuration variables:
#
# $LoginPage 
#   Defines the Wiki page to use as login form. This page must not exist! It is 
#   created the first time you run the sessionauthform.php script.
#   Default value is Main.Login.
#
# $AuthFormFmt 
#   Defines the look of the authentication form.
#
# These variables can be set in config.php.
#
# This script is based on sessionauth.php which is part of the PmWiki 
# distribution; you can redistribute it and/or modify it under the terms of 
# the GNU General Public License as published by the Free Software Foundation; 
# either version 2 of the License, or (at your option) any later version.
#===============================================================================
*/

/* Initialize hook for markup */
$LinkPatterns[125]["\\[\\[authform\\]\\]"] = 'CreateAuthForm';

session_start();

$AuthFunction = 'SessionAuthForm';

SDV($AuthFormFmt,"
<p>&nbsp;</p>
<p>&nbsp;</p>

<b>Please enter author and password</b>

<p>&nbsp;</p>

<form name='authform' action='{$_SERVER['REQUEST_URI']}' method='post'>
  <dl>
    <dt>
      <label for='author' title='Enter your author name here'>Author:</label>
    </dt>
    <dd>
        <input tabindex='1' id='author' name='author' value='$author' />
    </dd>
    <dt>
      <label for='password' title='Enter your password here'>Password:</label>
    </dt>
    <dd>
      <input tabindex='2' type='password' id='password' name='authpw' value='' />
    </dd>
    <dd>
      <input tabindex='3' type='submit' value='OK' />
    </dd>
  </dl>
</form>

<p>&nbsp;</p>
<p>&nbsp;</p>
");

SDV($LoginPage, "Main.Login");

if (@$_POST['authpw']) $_SESSION['authpw'] = $_POST['authpw'];

function SessionAuthForm($pagename,$level,$authprompt=true) {
  global $GroupAttributesFmt,$DefaultPasswords,
    $AllowPassword,$HTMLBodyFmt,$AuthFormFmt, $LoginPage;

  $page = ReadPage($pagename);

  if (!$page)
    return false;
  
  @$passwd = $page["passwd$level"];
  
  if ($passwd=="") {
    $grouppg = ReadPage(FmtPageName($GroupAttributesFmt,$pagename));
    @$passwd = $grouppg["passwd$level"];
  }
  
  if (crypt($AllowPassword,$passwd)==$passwd) 
    return $page;
  
  if ($passwd=="") { 
    $passwd=@$DefaultPasswords[$level]; 
  }

  if ($passwd=="") 
    return $page;

  $authpw = $_SESSION['authpw'];

  foreach(array_merge((array)$DefaultPasswords['admin'],(array)$passwd) as $pw)
    if (crypt($authpw,$pw)==$pw) return $page;

  if (!$authprompt) return false;

  $action = $GLOBALS['action']; 
  
  if (!PageExists($LoginPage)) {
    $page['text'] = '[[authform]]';
    WritePage($LoginPage, $page);
  }
  HandleBrowse($LoginPage);
  EndHTML();
  exit;
}

function CreateAuthForm($pattern, $ref, $txt) {
  global $AuthFormMsg,
    $AuthFormFmt,$AuthFormText, $AuthFormString;

  $AuthForm = $AuthFormFmt;
  
  $AuthForm = preg_replace('/'.$pattern.'/',$AuthForm, $ref);
  
  return $AuthForm;
}

?>