PageRenderTime 47ms CodeModel.GetById 23ms RepoModel.GetById 0ms app.codeStats 0ms

/inc/bx/permm/auth/common.php

https://github.com/chregu/fluxcms
PHP | 272 lines | 147 code | 45 blank | 80 comment | 43 complexity | f8bec5cd9f0abd525ff50c8577793d91 MD5 | raw file
Possible License(s): GPL-2.0, BSD-3-Clause, Apache-2.0, LGPL-2.1
  1. <?php
  2. abstract class bx_permm_auth_common {
  3. /**
  4. * the auth module object
  5. *
  6. * @access protected
  7. * @var object
  8. */
  9. protected $authObj = null;
  10. /**
  11. * db dsn
  12. *
  13. * @access protected
  14. * @var array
  15. */
  16. protected $dsn = array();
  17. /**
  18. * auth table
  19. *
  20. * @access protected
  21. * @var string
  22. */
  23. protected $auth_table = 'users';
  24. /**
  25. * auth table username column
  26. *
  27. * @access protected
  28. * @var string
  29. */
  30. protected $auth_usernamecol = 'login';
  31. /**
  32. * auth table password tolumn
  33. *
  34. * @access protected
  35. * @var string
  36. */
  37. protected $auth_passwordcol = 'password';
  38. protected $specialencoding = '';
  39. protected $auth_gidcol = 'user_gid';
  40. protected $auth_gupicol = 'user_gupi';
  41. protected $auth_emailcol = 'user_email';
  42. protected $auth_dbfields = 'user_adminlang, user_gid, user_email';
  43. protected $auth_sessname = '_authsession';
  44. protected $advancedsecurity = false;
  45. protected $auth_idcol = 'id';
  46. /**
  47. * auth password crypt method
  48. *
  49. * @access protected
  50. * @var string
  51. */
  52. protected $auth_crypttype = 'md5';
  53. protected function __construct($options = null) {
  54. if (is_array($options)) {
  55. $this->initOptions($options);
  56. }
  57. }
  58. protected function initOptions($options) {
  59. if (!empty($options['auth_overwriteDbfields']) && $options['auth_overwriteDbfields'] == 'true') {
  60. //$options['auth_dbfields'] =
  61. } else if (!empty($options['auth_dbfields']) && trim($options['auth_dbfields']) != '') {
  62. $options['auth_dbfields'] .= "," . $this->auth_dbfields;
  63. } else {
  64. $options['auth_dbfields'] = $this->auth_dbfields;
  65. }
  66. if (!empty($options['adv_useragentcheck']) && $options['adv_useragentcheck'] == 'true') {
  67. $this->advancedsecurity = array();
  68. $this->advancedsecurity[AUTH_ADV_USERAGENT] = true;
  69. }
  70. if (!empty($options['adv_ipcheck']) && $options['adv_ipcheck'] == 'true') {
  71. if (!is_array($this->advancedsecurity)) {
  72. $this->advancedsecurity = array();
  73. }
  74. $this->advancedsecurity[AUTH_ADV_IPCHECK] = true;
  75. }
  76. $options['advancedsecurity'] = $this->advancedsecurity;
  77. foreach ($options as $name => $value) {
  78. if (isset($this->$name)) {
  79. $this->$name = $value;
  80. }
  81. }
  82. return $options;
  83. }
  84. /**
  85. * Wrapper function for the auth object -
  86. * interface to the permm object,
  87. * to start authentication process
  88. *
  89. * @access public
  90. * @return void
  91. */
  92. public function start() {
  93. $prts = parse_url(BX_WEBROOT);
  94. $path = $prts['path'];
  95. if (empty($_SESSION['_authsession']['registered']) && empty($_POST) && !empty($_COOKIE['fluxcms_login']) ) {
  96. list($_POST['username'],$_POST['password']) = explode(":", $_COOKIE['fluxcms_login']);
  97. } elseif (!empty($_POST) && !empty($_POST['remember']) && !empty($_POST['username']) && !empty($_POST['password'])) {
  98. $hash = $_POST['username'].':'.md5($_POST['username'].md5($_POST['password']));
  99. if (! (isset($_COOKIE['fluxcms_login']) && $_COOKIE['fluxcms_login'] == $hash)) {
  100. setcookie('fluxcms_login',$hash, time() + 3600*24*365, $path ,null,null,true);
  101. $_COOKIE['fluxcms_login'] = $hash;
  102. }
  103. }
  104. $this->authObj->assignData();
  105. $u = $this->specialEncode($this->authObj->username);
  106. $p = $this->specialEncode($this->authObj->password);
  107. ini_set('session.cookie_path', $path);
  108. @session_start();
  109. if (!$this->authObj->checkAuth() && $this->authObj->showLogin) {
  110. $this->authObj->login();
  111. session_regenerate_id(true);
  112. }
  113. }
  114. protected function specialEncode(&$prm) {
  115. if (isset($this->specialencoding) && !empty($this->specialencoding)) {
  116. $m = "specialEncode".ucfirst($this->specialencoding);
  117. if (method_exists($this, $m)) {
  118. return $this->$m($prm);
  119. }
  120. }
  121. }
  122. protected function specialEncodeEntities(&$prm) {
  123. $prm = bx_helpers_string::utf2entities($prm);
  124. return $prm;
  125. }
  126. /**
  127. * Wrapper function for the auth object -
  128. * interface to the permm object
  129. * to check authenticated user
  130. *
  131. * @access public
  132. * @return boolean
  133. */
  134. public function getAuth() {
  135. return $this->authObj->getAuth();
  136. }
  137. /**
  138. * Wrapper function for auth object's logout() method
  139. *
  140. * @return void
  141. * @access public
  142. */
  143. public function logout() {
  144. if (method_exists($this->authObj, "logout")) {
  145. $this->authObj->logout();
  146. }
  147. return NULL;
  148. }
  149. /**
  150. * Wrapper function for the auth object -
  151. * interface to the permm object
  152. * to get information about current
  153. * authentication status
  154. *
  155. */
  156. public function getStatus() {
  157. return $this->authObj->getStatus();
  158. }
  159. public function getUsername() {
  160. return $this->authObj->getUsername();
  161. }
  162. public function fetchData($username, $password, $isChallengeResponse=false) {
  163. If(!is_object($this->authObj->storage)) {
  164. $this->authObj->_loadStorage();
  165. }
  166. return $this->authObj->storage->fetchData($username, $password, $isChallengeResponse);
  167. }
  168. public function getUserGid() {
  169. return @$_SESSION[$this->auth_sessname]['data'][$this->auth_gidcol];
  170. }
  171. public function getUserId() {
  172. @session_start();
  173. return $this->authObj->getUserId();
  174. }
  175. protected function MDB2Constructor($options,$pearcontainer = 'MDB2',$additionalOpts = array()) {
  176. $opts = array(
  177. 'dsn' => $this->dsn,
  178. 'usernamecol' => $this->auth_usernamecol,
  179. 'passwordcol' => $this->auth_passwordcol,
  180. 'gupicol' => $this->auth_gupicol,
  181. 'emailcol' => $this->auth_emailcol,
  182. 'idcol' => $this->auth_idcol,
  183. 'db_fields' => $this->auth_dbfields,
  184. 'cryptType' => $this->auth_crypttype,
  185. );
  186. if (empty($options['auth_prependTablePrefix']) || $options['auth_prependTablePrefix'] == 'true') {
  187. $opts['table'] = $GLOBALS['POOL']->config->getTablePrefix().$this->auth_table;
  188. } else {
  189. $opts['table'] = $this->auth_table;
  190. }
  191. foreach ($additionalOpts as $key) {
  192. if (isset($options[$key])) {
  193. $opts[$key] = $options[$key];
  194. }
  195. }
  196. // if someone tries to "login" via http_auth, let them do that :)
  197. if ((!empty($_GET['httpauth'])) | (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW']) && $GLOBALS['POOL']->config->allowHTTPAuthentication == "true") ) {
  198. $opts['mode'] = '0644';
  199. $this->authObj = new Auth_HTTP($pearcontainer, $opts);
  200. $this->authObj->realm = 'Flux CMS HTTP Auth Login';
  201. } else {
  202. $this->authObj = new Auth($pearcontainer, $opts, "bxLoginFunction");
  203. }
  204. }
  205. /**
  206. * wrapper function for Auth modules setAuth() method
  207. *
  208. * @param string $username
  209. * @return void
  210. */
  211. public function setAuth($username) {
  212. // make sure this really is an instance of the Auth module
  213. if($this->authObj instanceof Auth) {
  214. $this->authObj->setAuth($username);
  215. }
  216. }
  217. }
  218. /**
  219. * BX Function for Loginscreen
  220. * does nothing since loginscreen is
  221. * handled via sitemap
  222. *
  223. */
  224. function bxLoginFunction() {
  225. return true;
  226. }
  227. ?>