Commit e11dd1b1 authored by Gábor Hojtsy's avatar Gábor Hojtsy
Browse files

#178768: Removing Drupal module from Drupal to improve security and privacy....

#178768: Removing Drupal module from Drupal to improve security and privacy. Will live in contrib under a different name if people step up to maintain. Look at the issue for more information.
parent 81fc35b3
<?php
// $Id$
/**
* @file
* Admin page callbacks for the drupal module.
*/
/**
* Form builder; Configure what sites this site can authenticate with.
*
* @ingroup forms
* @see system_settings_form().
*/
function drupal_sites_registry_settings() {
// Check if all required fields are present
if ((variable_get('site_name', 'Drupal') == 'Drupal') || (variable_get('site_name', 'Drupal') == '')) {
form_set_error('drupal_directory', t('You must set the name of your site on the <a href="@url">administer &raquo; settings &raquo; site information</a> page.', array('@url' => url('admin/settings/site-information'))));
}
else if (variable_get('site_mail', ini_get('sendmail_from')) == '') {
form_set_error('drupal_directory', t('You must set an e-mail address for your site on the <a href="@url">site information settings page</a>.', array('@url' => url('admin/settings/site-information'))));
}
else if (variable_get('site_slogan', '') == '') {
form_set_error('drupal_directory', t('You must set your site slogan on the <a href="@url">site information settings page</a>.', array('@url' => url('admin/settings/site-information'))));
}
else if (variable_get('site_mission', '') == '') {
form_set_error('drupal_directory', t('You must set your site mission on the <a href="@url">site information settings page</a>.' , array('@url' => url('admin/settings/site-information'))));
}
$options = array('1' => t('Enabled'), '0' => t('Disabled'));
$form['drupal_register'] = array(
'#type' => 'radios',
'#title' => t('Register with a Drupal server'),
'#default_value' => variable_get('drupal_register', 0),
'#options' => $options,
'#description' => t("If enabled, your Drupal site will register itself with the specified Drupal XML-RPC server. For this to work properly, you must set your site's name, e-mail address, slogan and mission statement. When the Drupal XML-RPC server field is set to %drupal-xml-rpc, your website will register itself with drupal.org. Requires the cron feature to be enabled.", array("%drupal-xml-rpc" => "http://drupal.org/xmlrpc.php"))
);
$form['drupal_server'] = array(
'#type' => 'textfield',
'#title' => t('Drupal XML-RPC server'),
'#default_value' => variable_get('drupal_server', 'http://drupal.org/xmlrpc.php'),
'#description' => t('The URL of the Drupal XML-RPC server you wish to register with.')
);
$form['drupal_system'] = array(
'#type' => 'radios',
'#title' => t('Send system information'),
'#default_value' => variable_get('drupal_system', 0),
'#options' => $options,
'#description' => t("If enabled, your site will send information on its installed components (modules, themes, and theme engines). This information can help in compiling statistics on usage of Drupal projects.")
);
$form['drupal_statistics'] = array(
'#type' => 'radios',
'#title' => t('Send statistics'),
'#default_value' => variable_get('drupal_statistics', 0),
'#options' => $options,
'#description' => t("If enabled, your site will send summary statistics on the number of registered users and the total number of posts. No private information will be sent. These data help to improve the ranking statistics of Drupal projects.")
);
$form['drupal_client_service'] = array(
'#type' => 'radios',
'#title' => t('Allow other Drupal sites to register'),
'#default_value' => variable_get('drupal_client_service', 0),
'#options' => $options,
'#description' => t('If enabled, your Drupal site will allow other sites to register with your site and send information to this site. This functionality can be used to maintain a list of related sites.')
);
return system_settings_form($form);
}
/**
* Form builder; Configure how distributed authentication will work.
*
* @ingroup forms
* @see system_settings_form().
*/
function drupal_distributed_authentication_settings() {
$options = array('1' => t('Enabled'), '0' => t('Disabled'));
$form['drupal_authentication_service'] = array(
'#type' => 'radios',
'#title' => t('Authentication service'),
'#default_value' => variable_get('drupal_authentication_service', 0),
'#options' => $options,
'#description' => t('If enabled, your Drupal site will accept logins with the user names of other Drupal sites, and likewise provide authentication for users logging into other Drupal sites, based on their user accounts here.')
);
$form['drupal_default_da_server'] = array(
'#type' => 'textfield',
'#title' => t('Default authentication server'),
'#default_value' => variable_get('drupal_default_da_server', ''),
'#description' => t('The URL of the default Drupal authentication server. Omit the %http prefix (e.g. drupal.org, www.example.com, etc.). If the authentication service has been enabled, users registered at the server specified here, will not need to append the server to their user name when logging into your site. This enables users to provide a briefer, more familiar username in the login form.', array('%http' => 'http'))
);
$form['drupal_default_da_server_only'] = array(
'#type' => 'radios',
'#title' => t('Only allow authentication from default server'),
'#default_value' => variable_get('drupal_default_da_server_only', 0),
'#options' => $options,
'#description' => t("Only accept remote logins from the above specified default authentication server and not from any other server. Useful when an external system is the solitary authority on user accounts for this site. A common usage is to enable this setting and also enable an authentication module which talks to your company's directory server.")
);
return system_settings_form($form);
}
; $Id$
name = Drupal
description = Lets you register your site with a central server and improve ranking of Drupal projects by posting information on your installed modules and themes; also enables users to log in using a Drupal ID.
package = Core - optional
version = VERSION
core = 6.x
<?php
// $Id$
/**
* Implementation of hook_install().
*/
function drupal_install() {
// Create tables.
drupal_install_schema('drupal');
}
/**
* Implementation of hook_uninstall().
*/
function drupal_uninstall() {
// Remove tables.
drupal_uninstall_schema('drupal');
variable_del('drupal_authentication_service');
variable_del('drupal_directory');
variable_del('drupal_register');
variable_del('drupal_server');
variable_del('drupal_system');
variable_del('drupal_statistics');
variable_del('drupal_client_service');
variable_del('drupal_default_da_server');
variable_del('drupal_default_da_server_only');
}
/**
* Implementation of hook_schema().
*/
function drupal_schema() {
$schema['client'] = array(
'fields' => array(
'cid' => array('type' => 'serial', 'unsigned' => TRUE, 'not null' => TRUE),
'link' => array('type' => 'varchar', 'length' => 255, 'not null' => TRUE, 'default' => ''),
'name' => array('type' => 'varchar', 'length' => 128, 'not null' => TRUE, 'default' => ''),
'mail' => array('type' => 'varchar', 'length' => 128, 'not null' => TRUE, 'default' => ''),
'slogan' => array('type' => 'text', 'not null' => TRUE, 'size' => 'big'),
'mission' => array('type' => 'text', 'not null' => TRUE, 'size' => 'big'),
'users' => array('type' => 'int', 'not null' => TRUE, 'default' => 0),
'nodes' => array('type' => 'int', 'not null' => TRUE, 'default' => 0),
'version' => array('type' => 'varchar', 'length' => 35, 'not null' => TRUE, 'default' => ''),
'created' => array('type' => 'int', 'not null' => TRUE, 'default' => 0),
'changed' => array('type' => 'int', 'not null' => TRUE, 'default' => 0)
),
'primary key' => array('cid'),
);
$schema['client_system'] = array(
'fields' => array(
'cid' => array('type' => 'int', 'not null' => TRUE, 'default' => 0),
'name' => array('type' => 'varchar', 'length' => 255, 'not null' => TRUE, 'default' => ''),
'type' => array('type' => 'varchar', 'length' => 255, 'not null' => TRUE, 'default' => '')
),
'primary key' => array('cid', 'name'),
);
return $schema;
}
<?php
// $Id$
/**
* @file
* Lets users log in using a Drupal ID and can notify a central server about your site.
*/
/**
* Implementation of hook_help().
*/
function drupal_help($path, $arg) {
switch ($path) {
case 'admin/help#drupal':
$output = '<p>'. t('The Drupal module uses the XML-RPC network communication protocol to connect your site with a central server that maintains a directory of client sites.') .'</p>';
$output .= t('<p>Enabling the Drupal module will allow you to:</p>
<ul>
<li>register your site with a server, including (optionally) posting information on your installed modules and themes and summary statistics on your number of posts and users, information that can help rank Drupal modules and themes</li>
<li>enable other sites to register with your site</li>
<li>allow members on all sites using the Drupal module to log in to your site without registering using their distributed identification</li>
<li>allow members to log in to any other site that uses the Drupal module, using a login name that looks much like an e-mail address: <em>username@example.com</em></li>
</ul>
');
$output .= '<p>'. t('The Drupal module administration page allows you to set the xml-rpc server page and other related options.') .'</p>';
$output .= t('<p>If you maintain a directory of sites, you can list them on a page using the <code>drupal_client_page()</code> function. Sample instructions: </p>
<ul>
<li>Ensure that you have the page content type enabled, and you can use PHP in an input format.</li>
<li>Select create content &gt;&gt; page.</li>
<li>For input format, select PHP code.</li>
<li>Give the page a title. For body, put:
<pre>
&lt;?php
print drupal_client_page();
?&gt;
</pre>
<li>Save the page.</li>
</ul>');
$output .= '<p>'. t('For more information please read the configuration and customization handbook <a href="@drupal">Drupal page</a>.', array('@drupal' => 'http://drupal.org/handbook/modules/drupal/')) .'</p>';
return $output;
case 'admin/settings/distributed-authentication':
return '<p>'. t('Using this your site can "call home" to another Drupal server. By calling home to drupal.org and sending a list of your installed modules and themes, you help rank projects on drupal.org and so assist all Drupal administrators to find the best components for meeting their needs. If you want to register with a different server, you can change the Drupal XML-RPC server setting -- but the server has to be able to handle Drupal XML. Some XML-RPC servers may present directories of all registered sites. To get all your site information listed, go to the <a href="@site-settings">site information settings page</a> and set the site name, the e-mail address, the slogan, and the mission statement.', array('@site-settings' => url('admin/settings/site-information'))) .'</p>';
case 'user/register':
if (!user_access('administer users')) {
return t('Note: if you have an account with another Drupal site, you may be able to <a href="!login">log in</a> with its username and password instead of registering.', array('!login' => url('user/login')));
}
break;
}
}
/**
* Implementation of hook_theme()
*/
function drupal_theme() {
return array(
'client_list' => array(
'arguments' => array('clients' => NULL),
),
);
}
function drupal_form_alter(&$form, $form_state, $form_id) {
if ($form_id == 'user_login_block' || $form_id == 'user_login') {
// Splice in our validate handler for authentication if user is performing a distributed login.
// Remove the local authentication handler added by user.module
if (!empty($form_state['post']['name']) && drupal_is_distributed_login($form_state['post']['name'])) {
$key = array_search('user_login_authenticate_validate', $form['#validate']);
$form['#validate']['key'] = 'drupal_distributed_validate';
}
}
}
/**
* When login form is shown on full page, let users know that Drupal IDs are accepted.
*
* @return void
**/
function drupal_form_user_login_alter(&$form, $form_state) {
if (variable_get('drupal_authentication_service', FALSE)) {
$form['name']['#description'] = t('Enter your @s username, or a Drupal ID from another web site.', array('@s' => variable_get('site_name', 'Drupal')));
}
}
/**
* Given a username, determine if user is attempting a distributed login.
*
* @return boolean
**/
function drupal_is_distributed_login($name) {
return variable_get('drupal_authentication_service', FALSE) && (strpos($name, '@') || variable_get('drupal_default_da_server', ''));
}
/**
* A custom validate handler on the login form. Checks supplied username/password against a remote Drupal site.
*
* @return boolean
**/
function drupal_distributed_validate($form, &$form_state) {
global $user;
if ($user->uid) {
return;
}
$name = $form_state['values']['name'];
$pass = trim($form_state['values']['pass']);
// Strip name and server from ID:
if ($server = strrchr($name, '@')) {
$name = substr($name, 0, strlen($name) - strlen($server));
$server = substr($server, 1);
}
if (drupal_auth($name, $pass, $server)) {
// We have a successful authentication. Login or register the user.
if ($server) {
$name .= '@'. $server;
}
user_external_login_register($name, 'drupal');
}
}
/**
* Implementation of hook_cron(); handles pings to and from the site.
*/
function drupal_cron() {
if (time() - variable_get('cron_last', 0) > 21600) {
// If this site acts as a Drupal XML-RPC server, delete the sites that
// stopped sending "ping" messages.
if (variable_get('drupal_client_service', 0)) {
$result = db_query("SELECT cid FROM {client} WHERE changed < %d", time() - 259200);
while ($client = db_fetch_object($result)) {
db_query("DELETE FROM {client_system} WHERE cid = %d", $client->cid);
db_query("DELETE FROM {client} WHERE cid = %d", $client->cid);
}
}
// If this site acts as a Drupal XML-RPC client, send a message to the
// Drupal XML-RPC server.
if (variable_get('drupal_register', 0) && variable_get('drupal_server', 0)) {
drupal_notify(variable_get('drupal_server', ''));
}
}
}
/**
* Callback function from drupal_xmlrpc() called when another site pings this one.
*/
function drupal_client_ping($client, $system) {
/*
** Parse our parameters:
*/
foreach (array('link', 'name', 'mail', 'slogan', 'mission') as $key) {
$client[$key] = strip_tags($client[$key]);
}
/*
** Update the data in our database and send back a reply:
*/
if ($client['link'] && $client['name'] && $client['mail'] && $client['slogan'] && $client['mission']) {
$result = db_query("SELECT cid FROM {client} WHERE link = '%s'", $client['link']);
if ($record = db_fetch_object($result)) {
$client['cid'] = $record->cid;
// We have an existing record.
db_query("UPDATE {client} SET link = '%s', name = '%s', mail = '%s', slogan = '%s', mission = '%s', users = %d, nodes = %d, version = '%s', changed = '%s' WHERE cid = %d", $client['uid'], $client['link'], $client['name'], $client['mail'], $client['slogan'], $client['mission'], $client['users'], $client['nodes'], $client['version'], time(), $client['cid']);
}
else {
db_query("INSERT INTO {client} (link, name, mail, slogan, mission, users, nodes, version, created, changed) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')", $client['link'], $client['name'], $client['mail'], $client['slogan'], $client['mission'], $client['users'], $client['nodes'], $client['version'], time(), time());
$client['cid'] = db_last_insert_id('client', 'cid');
}
if (is_array($system)) {
db_query("DELETE FROM {client_system} WHERE cid = %d", $client['cid']);
foreach ($system as $item) {
db_query("INSERT INTO {client_system} (cid, name, type) VALUES (%d, '%s', '%s')", $client['cid'], $item['name'], $item['type']);
}
}
watchdog('client ping', 'Ping from %name (%link).', array('%name' => $client['name'], '%link' => $client['link']), WATCHDOG_NOTICE, '<a href="'. check_url($client['link']) .'">view</a>');
return TRUE;
}
else {
return 0;
}
}
/**
* Formats a list of all clients.
*
* This function may be called from a custom page on sites that are
* Drupal directory servers.
*/
function drupal_client_page($sort = 'name') {
$result = db_query('SELECT * FROM {client} ORDER BY %s', $sort);
$clients = array();
while ($client = db_fetch_object($result)) {
$clients[] = $client;
}
return theme('client_list', $clients);
}
/**
* Theme a client list.
*/
function theme_client_list($clients) {
// Note: All fields except the mission are treated as plain-text.
// The mission is stripped of any HTML tags to keep the output simple and consistent.
$output = "\n<dl>\n";
foreach ($clients as $client) {
$output .= ' <dt><a href="'. check_url($client->link) .'">'. check_plain($client->name) .'</a> - '. check_plain($client->slogan) ."</dt>\n";
$output .= ' <dd>'. strip_tags($client->mission) ."</dd>\n";
}
$output .= "</dl>\n";
return $output;
}
/**
* Implementation of hook_xmlrpc().
*/
function drupal_xmlrpc() {
$xmlrpc = array();
if (variable_get('drupal_client_service', 0)) {
$xmlrpc[] = array(
'drupal.client.ping',
'drupal_client_ping',
array('array', 'array', 'array'),
t('Handling ping request')
);
}
if (variable_get('drupal_authentication_service', 0)) {
$xmlrpc[] = array(
'drupal.login',
'drupal_login',
array('int', 'string', 'string'),
t('Logging into a Drupal site')
);
}
return $xmlrpc;
}
/**
* Sends a ping to the Drupal directory server.
*/
function drupal_notify($server) {
global $base_url;
$client = array(
'link' => $base_url,
'name' => variable_get('site_name', ''),
'mail' => variable_get('site_mail', ''),
'slogan' => variable_get('site_slogan', ''),
'mission' => variable_get('site_mission', ''),
'version' => VERSION
);
if (variable_get('drupal_system', 0)) {
$system = array();
$result = db_query("SELECT name, type FROM {system} WHERE status = 1");
while ($item = db_fetch_array($result)) {
$system[] = $item;
}
}
if (variable_get('drupal_statistics', 0)) {
$users = db_fetch_object(db_query("SELECT COUNT(uid) AS count FROM {users}"));
$client['users'] = $users->count;
$nodes = db_fetch_object(db_query("SELECT COUNT(nid) AS count FROM {node}"));
$client['nodes'] = $nodes->count;
}
$result = xmlrpc($server, 'drupal.client.ping', $client, $system);
if ($result === FALSE) {
watchdog('server ping', 'Failed to notify %server; error code: %errno; error message: %error_msg.', array('%server' => $server, '%errno' => xmlrpc_errno(), '%error_msg' => xmlrpc_error_msg()), WATCHDOG_WARNING);
}
}
/**
* Attempt to authenticate using the presented credentials and Drupal site.
*
* @return boolean
**/
function drupal_auth($username, $password, $server = FALSE) {
if (variable_get('drupal_authentication_service', 0)) {
if (!$server) {
$server = variable_get('drupal_default_da_server', '');
}
else if (variable_get('drupal_default_da_server_only', 0)) {
if (variable_get('drupal_default_da_server', '') != $server) {
return;
}
}
if (!empty($server)) {
$result = xmlrpc("http://$server/xmlrpc.php", 'drupal.login', $username, $password);
if ($result === FALSE) {
drupal_set_message(t('Error %code: %message', array('%code' => xmlrpc_errno(), '%message' => xmlrpc_error_msg())), 'error');
}
else {
return $result;
}
}
}
}
/**
* Implementation of hook_menu().
*/
function drupal_menu() {
$items['admin/settings/sites-registry'] = array(
'title' => 'Sites registry',
'description' => 'Register with another Drupal site (drupal.org by default) for statistics sharing, or set up your server to be a central server for registrations.',
'page callback' => 'drupal_get_form',
'page arguments' => array('drupal_sites_registry_settings'),
'access arguments' => array('administer site configuration'),
'file' => 'drupal.admin.inc',
);
$items['admin/settings/distributed-authentication'] = array(
'title' => 'Distributed authentication',
'description' => 'Allow your site to accept logins from other Drupal sites such as drupal.org.',
'page callback' => 'drupal_get_form',
'page arguments' => array('drupal_distributed_authentication_settings'),
'access arguments' => array('administer site configuration'),
'file' => 'drupal.admin.inc',
);
if (variable_get('drupal_authentication_service', 0)) {
$items['drupal/help'] = array(
'title' => t('External login tips'),
'page callback' => 'drupal_page_help',
'type' => MENU_CALLBACK,
'file' => 'drupal.pages.inc',
);
}
return $items;
}
/**
* Callback function from drupal_xmlrpc() for authenticating remote clients.
*
* Remote clients are usually other Drupal instances.
*/
function drupal_login($username, $password) {
if (variable_get('drupal_authentication_service', 0)) {
return user_authenticate($username, $password);
}
}
<?php
// $Id$
/**
* @file
* User page callbacks for the drupal module.
*/
/**
* Menu callback; print Drupal-authentication-specific information.
*/
function drupal_page_help() {
return t('<p><a href="@Drupal">Drupal</a> is the name of the software that powers %this-site. There are Drupal websites all over the world, and many of them share their registration databases so that users may freely log in to any Drupal site using a single <strong>Drupal ID</strong>.</p>
<p>So please feel free to log in to your account here at %this-site with a username from another Drupal site. The format of a Drupal ID is similar to an e-mail address: <strong>username</strong>@<em>server</em>. An example of a valid Drupal ID is <strong>mwlily</strong>@<em>drupal.org</em>.</p>', array('@Drupal' => 'http://drupal.org', '%this-site' => variable_get('site_name', 'Drupal')));
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment