View of /mambo/branches/4.6/includes/authenticator.php
Parent Directory
| 
Revision Log
Revision 129 -
(download)
(annotate)
Sat Jan 14 18:19:40 2006 UTC (7 years, 4 months ago) by csouza
File size: 7827 byte(s)
Sat Jan 14 18:19:40 2006 UTC (7 years, 4 months ago) by csouza
File size: 7827 byte(s)
csouza - Merging 4.5.4 changes (revisions 118 to 127) into 4.6.
<?php
class mamboAuthenticator {
function &getInstance () {
static $instance;
if (!is_object($instance)) {
$instance =& new mamboAuthenticator();
}
return $instance;
}
/**
* Login management function
*
* The current session is passed.
* Username and encoded password is authenticated.
* A successful authentication updates the current session record with
* the users details.
*/
function loginUser ($username=null, $passwd=null, $remember=null) {
$mambothandler = mosMambotHandler::getInstance();
$mambothandler->loadBotGroup('authenticator');
$session = mosSession::getCurrent();
$database = mamboDatabase::getInstance();
if (!$username || !$passwd) {
$username = mosGetParam($_POST, 'username', '');
$passwd = mosGetParam($_POST, 'passwd', '' );
$bypost = 1;
}
else $bypost = 0;
if ($remember === null) $remember = mosGetParam($_POST, 'remember', '');
if (!$username || !$passwd) {
echo "<script> alert(\""._LOGIN_INCOMPLETE."\"); window.history.go(-1); </script>\n";
exit();
} else {
$loginfo =& new mosLoginDetails($username, $passwd, $remember);
$checkuser = true;
$logresults = $mambothandler->trigger('requiredLogin',array($loginfo));
if (count($logresults) == 0) $logresults[] = _LOGIN_NOAUTHENTICS;
foreach ($logresults as $message) {
if ($message) $checkuser = false;
break;
}
if ($checkuser) {
$mambothandler->trigger('goodLogin', array($loginfo));
return;
}
$mambothandler->trigger('badLogin', array($loginfo));
if (isset($bypost)) echo "<script>alert(\"".$message."\"); window.history.go(-1); </script>\n";
@session_destroy();
mamboCore::redirect('index.php');
}
}
/**
* User authentication function
*
* Username and encoded password are checked against the database.
*/
function authenticateUser (&$message, $username, $passwd, $remember=null, $session=null) {
$message = '';
if ($session === null) $session = mosSession::getCurrent();
$database = mamboDatabase::getInstance();
$database->setQuery( "SELECT id, gid, block, usertype"
. "\nFROM #__users"
. "\nWHERE username='$username' AND password='$passwd'"
);
if ($database->loadObject($row)) {
if ($row->block) {
$message = _LOGIN_BLOCKED;
return false;
}
// fudge the group stuff
// $grp = $acl->getAroGroup( $row->id );
// if ($acl->is_group_child_of( $grp->name, 'Registered', 'ARO' ) ||
// $acl->is_group_child_of( $grp->name, 'Public Backend', 'ARO' )) {
// fudge Authors, Editors, Publishers and Super Administrators into the Special Group
// $row->usertype = $grp->name;
$session->guest = 0;
$session->username = $username;
$session->userid = $row->id;
$session->usertype = $row->usertype;
if ($row->usertype == 'Registered') $session->gid = 1;
else $session->gid = 2;
$session->gid = intval( $row->gid ); # what is going on here???
$session->update();
$currentDate = date("Y-m-d\TH:i:s");
$query = "UPDATE #__users SET lastvisitDate='$currentDate' where id='$session->userid'";
$database->setQuery($query);
if (!$database->query()) {
die($database->stderr(true));
}
if ($remember=="yes") {
$lifetime = time() + 365*24*60*60;
setcookie("usercookie[username]", $username, $lifetime, "/");
setcookie("usercookie[password]", $passwd, $lifetime, "/");
}
//mosCache::cleanCache('com_content');
mosCache::cleanCache();
} else {
$message =_LOGIN_INCORRECT;
$this->clearSession($session);
return false;
}
return true;
}
function clearSession ($session=null) {
if ($session === null) $session = mosSession::getCurrent();
//mosCache::cleanCache('com_content');
mosCache::cleanCache();
$session->guest = 1;
$session->username = '';
$session->userid = '';
$session->usertype = '';
$session->gid = 0;
$session->update();
// this is daggy??
$lifetime = time() - 1800;
setcookie( "usercookie[username]", " ", $lifetime, "/" );
setcookie( "usercookie[password]", " ", $lifetime, "/" );
setcookie( "usercookie", " ", $lifetime, "/" );
}
/**
* User logout
*
* Reverts the current session record back to 'anonymous' parameters
*/
function logoutUser ($session=null) {
$mambothandler = mosMambotHandler::getInstance();
$mambothandler->loadBotGroup('authenticator');
$loginfo =& new mosLoginDetails($session->userid);
$mambothandler->trigger('beforeLogout', array($loginfo));
$this->clearSession($session);
}
function &loginAdmin ($acl) {
$database = mamboDatabase::getInstance();
/** escape and trim to minimise injection of malicious sql */
$usrname = $database->getEscaped(mosGetParam($_POST, 'usrname', ''));
$pass = $database->getEscaped(mosGetParam($_POST, 'pass', ''));
$my = null;
if (!$pass) echo "<script>alert('Please enter a password'); document.location.href='index.php';</script>\n";
else $pass = md5( $pass );
$admintypes = array ('administrator', 'superadministrator', 'super administrator');
$admins = 0;
$query = "SELECT * FROM #__users"
. "\n WHERE ( LOWER( usertype ) = 'administrator'"
. "\n OR LOWER( usertype ) = 'superadministrator'"
. "\n OR LOWER( usertype ) = 'super administrator' )"
. "\n OR (username='$usrname' AND block=0)"
;
$database->setQuery( $query );
$users = $database->loadObjectList();
if ($users) {
foreach ($users as $key=>$oneuser) {
if (in_array(strtolower($oneuser->usertype),$admintypes)) $admins++;
if ($oneuser->username == $usrname) $my =& $users[$key];
}
}
if ($admins == 0) echo "<script>alert(\""._LOGIN_NOADMINS."\"); window.history.go(-1); </script>\n";
/** find the user group (or groups in the future) */
elseif (isset($my)) {
// $authoriser = new mosAuthoriser($database);
if (strcmp( $my->password, $pass )
OR !$acl->acl_check( 'administration', 'login', 'users', $my->usertype )) {
echo "<script>alert('Incorrect Username, Password, or Access Level. Please try again'); document.location.href='index.php';</script>\n";
return;
}
session_name( md5(mamboCore::get('mosConfig_live_site')));
session_start();
$logintime = time();
$session_id = md5( "$my->id$my->username$my->usertype$logintime" );
$query = "INSERT INTO #__session"
. "\nSET time='$logintime', session_id='$session_id', "
. "userid='$my->id', usertype='$my->usertype', username='$my->username'"
;
$database->setQuery( $query );
if (!$database->query()) {
echo $database->stderr();
}
$_SESSION['session_id'] = $session_id;
$_SESSION['session_user_id'] = $my->id;
$_SESSION['session_username'] = $my->username;
$_SESSION['session_usertype'] = $my->usertype;
$_SESSION['session_gid'] = $my->gid;
$_SESSION['session_logintime'] = $logintime;
$_SESSION['session_userstate'] = array();
}
return $my;
}
/**
* Random password generator
* @return password
*/
function mosMakePassword() {
$salt = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$len = strlen($salt);
$makepass="";
mt_srand(10000000*(double)microtime());
for ($i = 0; $i < 8; $i++)
$makepass .= $salt[mt_rand(0,$len - 1)];
return $makepass;
}
}
class mosLoginDetails {
var $_user = '';
var $_password = '';
var $_remember = '';
function mosLoginDetails ($user, $password='', $remember='') {
$this->_user = $user;
$this->_password = $password;
$this->_remember = $remember;
}
function getUser () {
return $this->_user;
}
function getPassword () {
return $this->_password;
}
function getRemember () {
return $this->_remember;
}
}
| ViewVC Help | |
| Powered by ViewVC 1.0.0 |
