#!/usr/bin/php <?php /* * ejabberd extauth script for the integration with friendica * * Originally written for joomla by Dalibor Karlovic <dado@krizevci.info> * modified for Friendica by Michael Vogel <icarus@dabo.de> * published under GPL * * Latest version of the original script for joomla is available at: * http://87.230.15.86/~dado/ejabberd/joomla-login * * Installation: * * - Change it's owner to whichever user is running the server, ie. ejabberd * $ chown ejabberd:ejabberd /path/to/friendica/include/auth_ejabberd.php * * - Change the access mode so it is readable only to the user ejabberd and has exec * $ chmod 700 /path/to/friendica/include/auth_ejabberd.php * * - Edit your ejabberd.cfg file, comment out your auth_method and add: * {auth_method, external}. * {extauth_program, "/path/to/friendica/include/auth_ejabberd.php"}. * * - Restart your ejabberd service, you should be able to login with your friendica auth info * * Other hints: * - if your users have a space or a @ in their nickname, they'll run into trouble * registering with any client so they should be instructed to replace these chars * " " (space) is replaced with "%20" * "@" is replaced with "(a)" * */ if (sizeof($_SERVER["argv"]) == 0) die(); $directory = dirname($_SERVER["argv"][0]); if (substr($directory, 0, 1) != "/") $directory = $_SERVER["PWD"]."/".$directory; $directory = realpath($directory."/.."); chdir($directory); require_once("boot.php"); global $a, $db; if(is_null($a)) { $a = new App; } if(is_null($db)) { @include(".htconfig.php"); require_once("include/dba.php"); $db = new dba($db_host, $db_user, $db_pass, $db_data); unset($db_host, $db_user, $db_pass, $db_data); }; // the logfile to which to write, should be writeable by the user which is running the server $sLogFile = get_config('jabber','logfile'); // set true to debug if needed $bDebug = get_config('jabber','debug'); $oAuth = new exAuth($sLogFile, $bDebug); class exAuth { private $sLogFile; private $bDebug; private $rLogFile; public function __construct($sLogFile, $bDebug) { global $db; // setter $this->sLogFile = $sLogFile; $this->bDebug = $bDebug; // ovo ne provjeravamo jer ako ne mozes kreirati log file, onda si u kvascu :) if ($this->sLogFile != '') $this->rLogFile = fopen($this->sLogFile, "a") or die("Error opening log file: ". $this->sLogFile); $this->writeLog("[exAuth] start"); // ovdje bi trebali biti spojeni na MySQL, imati otvoren log i zavrtit cekalicu do { $iHeader = fgets(STDIN, 3); $aLength = unpack("n", $iHeader); $iLength = $aLength["1"]; if($iLength > 0) { // ovo znaci da smo nesto dobili $sData = fgets(STDIN, $iLength + 1); $this->writeDebugLog("[debug] received data: ". $sData); $aCommand = explode(":", $sData); if (is_array($aCommand)){ switch ($aCommand[0]){ case "isuser": // provjeravamo je li korisnik dobar if (!isset($aCommand[1])){ $this->writeLog("[exAuth] invalid isuser command, no username given"); fwrite(STDOUT, pack("nn", 2, 0)); } else { // ovdje provjeri je li korisnik OK $sUser = str_replace(array("%20", "(a)"), array(" ", "@"), $aCommand[1]); $this->writeDebugLog("[debug] checking isuser for ". $sUser); $sQuery = "select * from user where nickname='". $db->escape($sUser) ."'"; $this->writeDebugLog("[debug] using query ". $sQuery); if ($oResult = q($sQuery)){ if ($oResult) { // korisnik OK $this->writeLog("[exAuth] valid user: ". $sUser); fwrite(STDOUT, pack("nn", 2, 1)); } else { // korisnik nije OK $this->writeLog("[exAuth] invalid user: ". $sUser); fwrite(STDOUT, pack("nn", 2, 0)); } $oResult->close(); } else { $this->writeLog("[MySQL] invalid query: ". $sQuery); fwrite(STDOUT, pack("nn", 2, 0)); } } break; case "auth": // provjeravamo autentifikaciju korisnika if (sizeof($aCommand) != 4){ $this->writeLog("[exAuth] invalid auth command, data missing"); fwrite(STDOUT, pack("nn", 2, 0)); } else { // ovdje provjeri prijavu $sUser = str_replace(array("%20", "(a)"), array(" ", "@"), $aCommand[1]); $this->writeDebugLog("[debug] doing auth for ". $sUser); $sQuery = "select * from user where password='".hash('whirlpool',$aCommand[3])."' and nickname='". $db->escape($sUser) ."'"; $this->writeDebugLog("[debug] using query ". $sQuery); if ($oResult = q($sQuery)){ if ($oResult) { // korisnik OK $this->writeLog("[exAuth] authentificated user ". $sUser ."@". $aCommand[2]); fwrite(STDOUT, pack("nn", 2, 1)); } else { // korisnik nije OK $this->writeLog("[exAuth] authentification failed for user ". $sUser ."@". $aCommand[2]); fwrite(STDOUT, pack("nn", 2, 0)); } $oResult->close(); } else { $this->writeLog("[MySQL] invalid query: ". $sQuery); fwrite(STDOUT, pack("nn", 2, 0)); } } break; case "setpass": // postavljanje zaporke, onemoguceno $this->writeLog("[exAuth] setpass command disabled"); fwrite(STDOUT, pack("nn", 2, 0)); break; default: // ako je uhvaceno ista drugo $this->writeLog("[exAuth] unknown command ". $aCommand[0]); fwrite(STDOUT, pack("nn", 2, 0)); break; } } else { $this->writeDebugLog("[debug] invalid command string"); fwrite(STDOUT, pack("nn", 2, 0)); } } unset ($iHeader); unset ($aLength); unset ($iLength); unset($aCommand); } while (true); } public function __destruct() { // zatvori log file $this->writeLog("[exAuth] stop"); if (is_resource($this->rLogFile)){ fclose($this->rLogFile); } } private function writeLog($sMessage) { if (is_resource($this->rLogFile)) { fwrite($this->rLogFile, date("r") ." ". $sMessage ."\n"); } } private function writeDebugLog($sMessage) { if ($this->bDebug){ $this->writeLog($sMessage); } } } ?>