Annotation of /mambo/branches/4.6/includes/authenticator.php
Parent Directory
| 
Revision Log
Revision 1756 - (view) (download)
| 1 : | elpie | 1037 | <?php |
| 2 : | /** | ||
| 3 : | * Authenticator class file for Mambo | ||
| 4 : | * @package Mambo | ||
| 5 : | elpie | 1756 | * @author Mambo Foundation Inc see README.php |
| 6 : | * @copyright (C) 2000 - 2009 Mambo Foundation Inc. | ||
| 7 : | * See COPYRIGHT.php for copyright notices and details. | ||
| 8 : | * @license GNU/GPL Version 2, see LICENSE.php | ||
| 9 : | * | ||
| 10 : | * Redistributions of files must retain the above copyright notice. | ||
| 11 : | * | ||
| 12 : | * Mambo is free software; you can redistribute it and/or | ||
| 13 : | * modify it under the terms of the GNU General Public License | ||
| 14 : | * as published by the Free Software Foundation; version 2 of the License. | ||
| 15 : | */ | ||
| 16 : | elpie | 1037 | |
| 17 : | class mamboAuthenticator { | ||
| 18 : | |||
| 19 : | function &getInstance () { | ||
| 20 : | static $instance; | ||
| 21 : | if (!is_object($instance)) { | ||
| 22 : | $instance =& new mamboAuthenticator(); | ||
| 23 : | } | ||
| 24 : | return $instance; | ||
| 25 : | } | ||
| 26 : | |||
| 27 : | /** | ||
| 28 : | * Login management function | ||
| 29 : | * | ||
| 30 : | * The current session is passed. | ||
| 31 : | * Username and encoded password is authenticated. | ||
| 32 : | * A successful authentication updates the current session record with | ||
| 33 : | * the users details. | ||
| 34 : | */ | ||
| 35 : | function loginUser ($username=null, $passwd=null, $remember=null) { | ||
| 36 : | $mambothandler =& mosMambotHandler::getInstance(); | ||
| 37 : | $mambothandler->loadBotGroup('authenticator'); | ||
| 38 : | $session =& mosSession::getCurrent(); | ||
| 39 : | $database =& mamboDatabase::getInstance(); | ||
| 40 : | if (!$username OR !$passwd) { | ||
| 41 : | $username = mosGetParam($_REQUEST, 'username', ''); | ||
| 42 : | $passwd = mosGetParam($_REQUEST, 'passwd', '' ); | ||
| 43 : | $bypost = 1; | ||
| 44 : | } | ||
| 45 : | else $bypost = 0; | ||
| 46 : | if ($remember === null) $remember = mosGetParam($_REQUEST, 'remember', ''); | ||
| 47 : | |||
| 48 : | if (!$username OR !$passwd) { | ||
| 49 : | echo "<script> alert(\"".T_('Please complete the username and password fields.')."\"); window.history.go(-1); </script>\n"; | ||
| 50 : | exit(); | ||
| 51 : | } else { | ||
| 52 : | $username = $database->getEscaped($username); | ||
| 53 : | $passwd = $database->getEscaped($passwd); | ||
| 54 : | $loginfo =& new mosLoginDetails($username, $passwd, $remember); | ||
| 55 : | $checkuser = true; | ||
| 56 : | $logresults = $mambothandler->trigger('requiredLogin',array($loginfo)); | ||
| 57 : | if (count($logresults) == 0) $logresults[] = T_('Logins are not permitted. There is no authentication check active.'); | ||
| 58 : | foreach ($logresults as $message) { | ||
| 59 : | if ($message) $checkuser = false; | ||
| 60 : | break; | ||
| 61 : | } | ||
| 62 : | if ($checkuser) { | ||
| 63 : | $mambothandler->trigger('goodLogin', array($loginfo)); | ||
| 64 : | return true; | ||
| 65 : | } | ||
| 66 : | $mambothandler->trigger('badLogin', array($loginfo)); | ||
| 67 : | if (isset($bypost)) echo "<script>alert(\"".$message."\"); window.history.go(-1); </script>\n"; | ||
| 68 : | @session_destroy(); | ||
| 69 : | } | ||
| 70 : | } | ||
| 71 : | |||
| 72 : | /** | ||
| 73 : | * User authentication function | ||
| 74 : | * | ||
| 75 : | * Username and encoded password are checked against the database. | ||
| 76 : | */ | ||
| 77 : | function authenticateUser (&$message, $username, $passwd, $remember=null, $session=null) { | ||
| 78 : | $message = ''; | ||
| 79 : | if ($session === null) $session =& mosSession::getCurrent(); | ||
| 80 : | $database =& mamboDatabase::getInstance(); | ||
| 81 : | $database->setQuery( "SELECT id, gid, block, usertype" | ||
| 82 : | . "\nFROM #__users" | ||
| 83 : | . "\nWHERE username='$username' AND password='$passwd'" | ||
| 84 : | ); | ||
| 85 : | if ($database->loadObject($row)) { | ||
| 86 : | if ($row->block) { | ||
| 87 : | $message = T_('Your login has been blocked. Please contact the administrator.'); | ||
| 88 : | return false; | ||
| 89 : | } | ||
| 90 : | // fudge the group stuff | ||
| 91 : | // $grp = $acl->getAroGroup( $row->id ); | ||
| 92 : | // if ($acl->is_group_child_of( $grp->name, 'Registered', 'ARO' ) || | ||
| 93 : | // $acl->is_group_child_of( $grp->name, 'Public Backend', 'ARO' )) { | ||
| 94 : | // fudge Authors, Editors, Publishers and Super Administrators into the Special Group | ||
| 95 : | // $row->usertype = $grp->name; | ||
| 96 : | $session->guest = 0; | ||
| 97 : | $session->username = $username; | ||
| 98 : | $session->userid = $row->id; | ||
| 99 : | $session->usertype = $row->usertype; | ||
| 100 : | if ($row->usertype == 'Registered') $session->gid = 1; | ||
| 101 : | else $session->gid = 2; | ||
| 102 : | $session->gid = intval( $row->gid ); # what is going on here??? | ||
| 103 : | $session->update(); | ||
| 104 : | $currentDate = date("Y-m-d\TH:i:s"); | ||
| 105 : | $query = "UPDATE #__users SET lastvisitDate='$currentDate' where id='$session->userid'"; | ||
| 106 : | $database->setQuery($query); | ||
| 107 : | if (!$database->query()) { | ||
| 108 : | die($database->stderr(true)); | ||
| 109 : | } | ||
| 110 : | if ($remember=="yes") { | ||
| 111 : | $lifetime = time() + 365*24*60*60; | ||
| 112 : | setcookie("usercookie[username]", $username, $lifetime, "/"); | ||
| 113 : | setcookie("usercookie[password]", $passwd, $lifetime, "/"); | ||
| 114 : | } | ||
| 115 : | //mosCache::cleanCache('com_content'); | ||
| 116 : | mosCache::cleanCache(); | ||
| 117 : | } else { | ||
| 118 : | $message = T_('Incorrect username or password. Please try again.'); | ||
| 119 : | $this->clearSession($session); | ||
| 120 : | return false; | ||
| 121 : | } | ||
| 122 : | return true; | ||
| 123 : | } | ||
| 124 : | |||
| 125 : | function clearSession ($session=null) { | ||
| 126 : | if ($session === null) $session =& mosSession::getCurrent(); | ||
| 127 : | //mosCache::cleanCache('com_content'); | ||
| 128 : | mosCache::cleanCache(); | ||
| 129 : | $session->guest = 1; | ||
| 130 : | $session->username = ''; | ||
| 131 : | $session->userid = ''; | ||
| 132 : | $session->usertype = ''; | ||
| 133 : | $session->gid = 0; | ||
| 134 : | $session->update(); | ||
| 135 : | // this is daggy?? | ||
| 136 : | $lifetime = time() - 1800; | ||
| 137 : | setcookie( "usercookie[username]", " ", $lifetime, "/" ); | ||
| 138 : | setcookie( "usercookie[password]", " ", $lifetime, "/" ); | ||
| 139 : | setcookie( "usercookie", " ", $lifetime, "/" ); | ||
| 140 : | @session_destroy(); | ||
| 141 : | } | ||
| 142 : | |||
| 143 : | /** | ||
| 144 : | * User logout | ||
| 145 : | * | ||
| 146 : | * Reverts the current session record back to 'anonymous' parameters | ||
| 147 : | */ | ||
| 148 : | function logoutUser () { | ||
| 149 : | $session =& mosSession::getCurrent(); | ||
| 150 : | if ($session) { | ||
| 151 : | $mambothandler =& mosMambotHandler::getInstance(); | ||
| 152 : | $mambothandler->loadBotGroup('authenticator'); | ||
| 153 : | $loginfo = new mosLoginDetails($session->username); | ||
| 154 : | $mambothandler->trigger('beforeLogout', array($loginfo)); | ||
| 155 : | $this->clearSession($session); | ||
| 156 : | } | ||
| 157 : | } | ||
| 158 : | |||
| 159 : | function &loginAdmin ($acl) { | ||
| 160 : | $database =& mamboDatabase::getInstance(); | ||
| 161 : | /** escape and trim to minimise injection of malicious sql */ | ||
| 162 : | $usrname = $database->getEscaped(mosGetParam($_POST, 'usrname', '')); | ||
| 163 : | $pass = $database->getEscaped(mosGetParam($_POST, 'pass', '')); | ||
| 164 : | |||
| 165 : | $my = null; | ||
| 166 : | if (!$pass) echo "<script>alert('".T_('Please enter a password')."'); document.location.href='index.php';</script>\n"; | ||
| 167 : | else $pass = md5( $pass ); | ||
| 168 : | |||
| 169 : | $admintypes = array ('administrator', 'superadministrator', 'super administrator'); | ||
| 170 : | $admins = 0; | ||
| 171 : | $query = "SELECT u.*, a.name as usertype, a.lft as grp FROM #__users AS u, #__core_acl_aro_groups AS a" | ||
| 172 : | . "\n WHERE ( LOWER( usertype ) = 'administrator'" | ||
| 173 : | . "\n OR LOWER( usertype ) = 'superadministrator'" | ||
| 174 : | . "\n OR LOWER( usertype ) = 'super administrator'" | ||
| 175 : | . "\n OR (username='$usrname' AND block=0)) AND a.group_id = u.gid" | ||
| 176 : | ; | ||
| 177 : | $users = $database->doSQLget( $query, 'mosUser' ); | ||
| 178 : | foreach ($users as $key=>$oneuser) { | ||
| 179 : | if (in_array(strtolower($oneuser->usertype),$admintypes)) $admins++; | ||
| 180 : | if ($oneuser->username == $usrname) $my =& $users[$key]; | ||
| 181 : | } | ||
| 182 : | if ($admins == 0) echo "<script>alert(\"".T_('You cannot login. There are no administrators set up.')."\"); window.history.go(-1); </script>\n"; | ||
| 183 : | /** find the user group (or groups in the future) */ | ||
| 184 : | elseif (isset($my)) { | ||
| 185 : | if (strcmp( $my->password, $pass ) | ||
| 186 : | OR !$acl->acl_check( 'administration', 'login', 'users', $my->usertype )) { | ||
| 187 : | echo "<script>alert('".T_('Incorrect Username, Password, or Access Level. Please try again')."'); document.location.href='index.php';</script>\n"; | ||
| 188 : | return; | ||
| 189 : | } | ||
| 190 : | $logintime = time(); | ||
| 191 : | $session_id = md5( "$my->id$my->username$my->usertype$logintime" ); | ||
| 192 : | $query = "INSERT INTO #__session" | ||
| 193 : | . "\nSET time='$logintime', session_id='$session_id', " | ||
| 194 : | . "userid='$my->id', usertype='$my->usertype', username='$my->username', guest=-1" | ||
| 195 : | ; | ||
| 196 : | $database->setQuery( $query ); | ||
| 197 : | if (!$database->query()) { | ||
| 198 : | echo $database->stderr(); | ||
| 199 : | } | ||
| 200 : | $_SESSION['session_id'] = $session_id; | ||
| 201 : | $_SESSION['session_user_id'] = $my->id; | ||
| 202 : | $_SESSION['session_username'] = $my->username; | ||
| 203 : | $_SESSION['session_usertype'] = $my->usertype; | ||
| 204 : | $_SESSION['session_gid'] = $my->gid; | ||
| 205 : | $_SESSION['session_grp'] = $my->grp; | ||
| 206 : | $_SESSION['session_logintime'] = $logintime; | ||
| 207 : | $_SESSION['session_userstate'] = array(); | ||
| 208 : | } | ||
| 209 : | return $my; | ||
| 210 : | } | ||
| 211 : | |||
| 212 : | /** | ||
| 213 : | * Random password generator | ||
| 214 : | * @return password | ||
| 215 : | */ | ||
| 216 : | function mosMakePassword() { | ||
| 217 : | $salt = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; | ||
| 218 : | $len = strlen($salt); | ||
| 219 : | $makepass=""; | ||
| 220 : | mt_srand(10000000*(double)microtime()); | ||
| 221 : | for ($i = 0; $i < 8; $i++) | ||
| 222 : | $makepass .= $salt[mt_rand(0,$len - 1)]; | ||
| 223 : | return $makepass; | ||
| 224 : | } | ||
| 225 : | } |
| ViewVC Help | |
| Powered by ViewVC 1.0.0 |
Web Hosting provided by Network Redux.