Annotation of /mambo/branches/4.6/includes/authenticator.php
Parent Directory
| 
Revision Log
Revision 188 - (view) (download)
| 1 : | counterpoi | 6 | t <?php |
| 2 : | t | ||
| 3 : | t class mamboAuthenticator { | ||
| 4 : | t | ||
| 5 : | t function &getInstance () { | ||
| 6 : | t static $instance; | ||
| 7 : | t if (!is_object($instance)) { | ||
| 8 : | t $instance =& new mamboAuthenticator(); | ||
| 9 : | t } | ||
| 10 : | t return $instance; | ||
| 11 : | t } | ||
| 12 : | t | ||
| 13 : | t /** | ||
| 14 : | t * Login management function | ||
| 15 : | t * | ||
| 16 : | t * The current session is passed. | ||
| 17 : | t * Username and encoded password is authenticated. | ||
| 18 : | t * A successful authentication updates the current session record with | ||
| 19 : | t * the users details. | ||
| 20 : | t */ | ||
| 21 : | t function loginUser ($username=null, $passwd=null, $remember=null) { | ||
| 22 : | counterpoi | 89 | t $mambothandler = mosMambotHandler::getInstance(); |
| 23 : | t $mambothandler->loadBotGroup('authenticator'); | ||
| 24 : | counterpoi | 6 | t $session = mosSession::getCurrent(); |
| 25 : | t $database = mamboDatabase::getInstance(); | ||
| 26 : | t if (!$username || !$passwd) { | ||
| 27 : | t $username = mosGetParam($_POST, 'username', ''); | ||
| 28 : | t $passwd = mosGetParam($_POST, 'passwd', '' ); | ||
| 29 : | t $bypost = 1; | ||
| 30 : | t } | ||
| 31 : | t else $bypost = 0; | ||
| 32 : | t if ($remember === null) $remember = mosGetParam($_POST, 'remember', ''); | ||
| 33 : | t | ||
| 34 : | t if (!$username || !$passwd) { | ||
| 35 : | csouza | 188 | echo "<script> alert(\"".T_('Please complete the username and password fields.')."\"); window.history.go(-1); </script>\n"; |
| 36 : | counterpoi | 6 | t exit(); |
| 37 : | t } else { | ||
| 38 : | counterpoi | 89 | t $loginfo =& new mosLoginDetails($username, $passwd, $remember); |
| 39 : | csouza | 129 | $checkuser = true; |
| 40 : | $logresults = $mambothandler->trigger('requiredLogin',array($loginfo)); | ||
| 41 : | csouza | 188 | if (count($logresults) == 0) $logresults[] = T_('Logins are not permitted. There is no authentication check active.'); |
| 42 : | csouza | 129 | foreach ($logresults as $message) { |
| 43 : | if ($message) $checkuser = false; | ||
| 44 : | break; | ||
| 45 : | } | ||
| 46 : | counterpoi | 89 | t if ($checkuser) { |
| 47 : | t $mambothandler->trigger('goodLogin', array($loginfo)); | ||
| 48 : | t return; | ||
| 49 : | t } | ||
| 50 : | t $mambothandler->trigger('badLogin', array($loginfo)); | ||
| 51 : | counterpoi | 6 | t if (isset($bypost)) echo "<script>alert(\"".$message."\"); window.history.go(-1); </script>\n"; |
| 52 : | t @session_destroy(); | ||
| 53 : | t mamboCore::redirect('index.php'); | ||
| 54 : | t } | ||
| 55 : | t } | ||
| 56 : | t | ||
| 57 : | t /** | ||
| 58 : | t * User authentication function | ||
| 59 : | t * | ||
| 60 : | t * Username and encoded password are checked against the database. | ||
| 61 : | t */ | ||
| 62 : | t function authenticateUser (&$message, $username, $passwd, $remember=null, $session=null) { | ||
| 63 : | t $message = ''; | ||
| 64 : | t if ($session === null) $session = mosSession::getCurrent(); | ||
| 65 : | t $database = mamboDatabase::getInstance(); | ||
| 66 : | t $database->setQuery( "SELECT id, gid, block, usertype" | ||
| 67 : | t . "\nFROM #__users" | ||
| 68 : | t . "\nWHERE username='$username' AND password='$passwd'" | ||
| 69 : | t ); | ||
| 70 : | t if ($database->loadObject($row)) { | ||
| 71 : | t if ($row->block) { | ||
| 72 : | csouza | 188 | $message = T_('Your login has been blocked. Please contact the administrator.'); |
| 73 : | counterpoi | 6 | t return false; |
| 74 : | t } | ||
| 75 : | t // fudge the group stuff | ||
| 76 : | t // $grp = $acl->getAroGroup( $row->id ); | ||
| 77 : | t // if ($acl->is_group_child_of( $grp->name, 'Registered', 'ARO' ) || | ||
| 78 : | t // $acl->is_group_child_of( $grp->name, 'Public Backend', 'ARO' )) { | ||
| 79 : | t // fudge Authors, Editors, Publishers and Super Administrators into the Special Group | ||
| 80 : | t // $row->usertype = $grp->name; | ||
| 81 : | t $session->guest = 0; | ||
| 82 : | t $session->username = $username; | ||
| 83 : | t $session->userid = $row->id; | ||
| 84 : | t $session->usertype = $row->usertype; | ||
| 85 : | t if ($row->usertype == 'Registered') $session->gid = 1; | ||
| 86 : | t else $session->gid = 2; | ||
| 87 : | t $session->gid = intval( $row->gid ); # what is going on here??? | ||
| 88 : | t $session->update(); | ||
| 89 : | t $currentDate = date("Y-m-d\TH:i:s"); | ||
| 90 : | t $query = "UPDATE #__users SET lastvisitDate='$currentDate' where id='$session->userid'"; | ||
| 91 : | t $database->setQuery($query); | ||
| 92 : | t if (!$database->query()) { | ||
| 93 : | t die($database->stderr(true)); | ||
| 94 : | t } | ||
| 95 : | t if ($remember=="yes") { | ||
| 96 : | t $lifetime = time() + 365*24*60*60; | ||
| 97 : | t setcookie("usercookie[username]", $username, $lifetime, "/"); | ||
| 98 : | t setcookie("usercookie[password]", $passwd, $lifetime, "/"); | ||
| 99 : | t } | ||
| 100 : | t //mosCache::cleanCache('com_content'); | ||
| 101 : | t mosCache::cleanCache(); | ||
| 102 : | t } else { | ||
| 103 : | csouza | 188 | $message = T_('Incorrect username or password. Please try again.'); |
| 104 : | csouza | 129 | $this->clearSession($session); |
| 105 : | counterpoi | 6 | t return false; |
| 106 : | t } | ||
| 107 : | t return true; | ||
| 108 : | t } | ||
| 109 : | csouza | 129 | |
| 110 : | function clearSession ($session=null) { | ||
| 111 : | counterpoi | 6 | t if ($session === null) $session = mosSession::getCurrent(); |
| 112 : | t //mosCache::cleanCache('com_content'); | ||
| 113 : | t mosCache::cleanCache(); | ||
| 114 : | t $session->guest = 1; | ||
| 115 : | t $session->username = ''; | ||
| 116 : | t $session->userid = ''; | ||
| 117 : | t $session->usertype = ''; | ||
| 118 : | t $session->gid = 0; | ||
| 119 : | t $session->update(); | ||
| 120 : | t // this is daggy?? | ||
| 121 : | t $lifetime = time() - 1800; | ||
| 122 : | t setcookie( "usercookie[username]", " ", $lifetime, "/" ); | ||
| 123 : | t setcookie( "usercookie[password]", " ", $lifetime, "/" ); | ||
| 124 : | t setcookie( "usercookie", " ", $lifetime, "/" ); | ||
| 125 : | t } | ||
| 126 : | t | ||
| 127 : | csouza | 129 | /** |
| 128 : | * User logout | ||
| 129 : | * | ||
| 130 : | * Reverts the current session record back to 'anonymous' parameters | ||
| 131 : | */ | ||
| 132 : | function logoutUser ($session=null) { | ||
| 133 : | $mambothandler = mosMambotHandler::getInstance(); | ||
| 134 : | $mambothandler->loadBotGroup('authenticator'); | ||
| 135 : | $loginfo =& new mosLoginDetails($session->userid); | ||
| 136 : | $mambothandler->trigger('beforeLogout', array($loginfo)); | ||
| 137 : | $this->clearSession($session); | ||
| 138 : | } | ||
| 139 : | |||
| 140 : | counterpoi | 6 | t function &loginAdmin ($acl) { |
| 141 : | t $database = mamboDatabase::getInstance(); | ||
| 142 : | t /** escape and trim to minimise injection of malicious sql */ | ||
| 143 : | t $usrname = $database->getEscaped(mosGetParam($_POST, 'usrname', '')); | ||
| 144 : | t $pass = $database->getEscaped(mosGetParam($_POST, 'pass', '')); | ||
| 145 : | t | ||
| 146 : | t $my = null; | ||
| 147 : | csouza | 188 | if (!$pass) echo "<script>alert('".T_('Please enter a password')."'); document.location.href='index.php';</script>\n"; |
| 148 : | counterpoi | 6 | t else $pass = md5( $pass ); |
| 149 : | t | ||
| 150 : | t $admintypes = array ('administrator', 'superadministrator', 'super administrator'); | ||
| 151 : | t $admins = 0; | ||
| 152 : | t $query = "SELECT * FROM #__users" | ||
| 153 : | t . "\n WHERE ( LOWER( usertype ) = 'administrator'" | ||
| 154 : | t . "\n OR LOWER( usertype ) = 'superadministrator'" | ||
| 155 : | t . "\n OR LOWER( usertype ) = 'super administrator' )" | ||
| 156 : | t . "\n OR (username='$usrname' AND block=0)" | ||
| 157 : | t ; | ||
| 158 : | t $database->setQuery( $query ); | ||
| 159 : | t $users = $database->loadObjectList(); | ||
| 160 : | t if ($users) { | ||
| 161 : | t foreach ($users as $key=>$oneuser) { | ||
| 162 : | t if (in_array(strtolower($oneuser->usertype),$admintypes)) $admins++; | ||
| 163 : | t if ($oneuser->username == $usrname) $my =& $users[$key]; | ||
| 164 : | t } | ||
| 165 : | t } | ||
| 166 : | csouza | 188 | if ($admins == 0) echo "<script>alert(\"".T_('You cannot login. There are no administrators set up.')."\"); window.history.go(-1); </script>\n"; |
| 167 : | counterpoi | 6 | t /** find the user group (or groups in the future) */ |
| 168 : | t elseif (isset($my)) { | ||
| 169 : | counterpoi | 81 | t // $authoriser = new mosAuthoriser($database); |
| 170 : | counterpoi | 6 | t if (strcmp( $my->password, $pass ) |
| 171 : | t OR !$acl->acl_check( 'administration', 'login', 'users', $my->usertype )) { | ||
| 172 : | t echo "<script>alert('Incorrect Username, Password, or Access Level. Please try again'); document.location.href='index.php';</script>\n"; | ||
| 173 : | t return; | ||
| 174 : | t } | ||
| 175 : | t session_name( md5(mamboCore::get('mosConfig_live_site'))); | ||
| 176 : | t session_start(); | ||
| 177 : | t $logintime = time(); | ||
| 178 : | t $session_id = md5( "$my->id$my->username$my->usertype$logintime" ); | ||
| 179 : | t $query = "INSERT INTO #__session" | ||
| 180 : | t . "\nSET time='$logintime', session_id='$session_id', " | ||
| 181 : | t . "userid='$my->id', usertype='$my->usertype', username='$my->username'" | ||
| 182 : | t ; | ||
| 183 : | t $database->setQuery( $query ); | ||
| 184 : | t if (!$database->query()) { | ||
| 185 : | t echo $database->stderr(); | ||
| 186 : | t } | ||
| 187 : | t $_SESSION['session_id'] = $session_id; | ||
| 188 : | t $_SESSION['session_user_id'] = $my->id; | ||
| 189 : | t $_SESSION['session_username'] = $my->username; | ||
| 190 : | t $_SESSION['session_usertype'] = $my->usertype; | ||
| 191 : | t $_SESSION['session_gid'] = $my->gid; | ||
| 192 : | t $_SESSION['session_logintime'] = $logintime; | ||
| 193 : | t $_SESSION['session_userstate'] = array(); | ||
| 194 : | t } | ||
| 195 : | t return $my; | ||
| 196 : | t } | ||
| 197 : | t | ||
| 198 : | counterpoi | 89 | t /** |
| 199 : | t * Random password generator | ||
| 200 : | t * @return password | ||
| 201 : | t */ | ||
| 202 : | t function mosMakePassword() { | ||
| 203 : | t $salt = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; | ||
| 204 : | t $len = strlen($salt); | ||
| 205 : | t $makepass=""; | ||
| 206 : | t mt_srand(10000000*(double)microtime()); | ||
| 207 : | t for ($i = 0; $i < 8; $i++) | ||
| 208 : | t $makepass .= $salt[mt_rand(0,$len - 1)]; | ||
| 209 : | t return $makepass; | ||
| 210 : | t } | ||
| 211 : | counterpoi | 6 | t } |
| 212 : | counterpoi | 89 | t |
| 213 : | t class mosLoginDetails { | ||
| 214 : | t var $_user = ''; | ||
| 215 : | t var $_password = ''; | ||
| 216 : | t var $_remember = ''; | ||
| 217 : | t | ||
| 218 : | t function mosLoginDetails ($user, $password='', $remember='') { | ||
| 219 : | t $this->_user = $user; | ||
| 220 : | t $this->_password = $password; | ||
| 221 : | t $this->_remember = $remember; | ||
| 222 : | t } | ||
| 223 : | t | ||
| 224 : | t function getUser () { | ||
| 225 : | t return $this->_user; | ||
| 226 : | t } | ||
| 227 : | t | ||
| 228 : | t function getPassword () { | ||
| 229 : | t return $this->_password; | ||
| 230 : | t } | ||
| 231 : | t | ||
| 232 : | t function getRemember () { | ||
| 233 : | t return $this->_remember; | ||
| 234 : | t } | ||
| 235 : | t | ||
| 236 : | t } |
| ViewVC Help | |
| Powered by ViewVC 1.0.0 |
Web Hosting provided by Network Redux.