Changeset 136 for trunk/lib/Auth_File.inc.php
- Timestamp:
- Jun 3, 2006 7:47:48 PM (18 years ago)
- File:
-
- 1 edited
-
trunk/lib/Auth_File.inc.php (modified) (15 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/Auth_File.inc.php
r103 r136 1 1 <?php 2 2 /** 3 * The Auth_File:: class provides a htpasswd file implementation for 3 * Auth_File.inc.php 4 * code by strangecode :: www.strangecode.com :: this document contains copyrighted information 5 * 6 * The Auth_File class provides a htpasswd file implementation for 4 7 * authentication. 5 8 * … … 24 27 25 28 class Auth_File { 26 27 var $_auth = ''; 28 var $_sess = '_auth_'; 29 30 // Namespace of this auth object. 31 var $_ns; 32 33 // Parameters to be specified by setParam(). 29 34 var $_params = array(); 30 35 var $_default_params = array( … … 61 66 * @param optional array $params A hash containing parameters. 62 67 */ 63 function Auth_File($auth_name=null) 64 { 65 if (isset($auth_name)) { 66 $this->_auth = $auth_name; 67 $this->_sess .= $auth_name; 68 } 68 function Auth_File($namespace='null') 69 { 70 $this->_ns = '_auth_' . $namespace; 69 71 70 72 // Initialize default parameters. … … 95 97 function getParam($param) 96 98 { 99 $app =& App::getInstance(); 100 97 101 if (isset($this->_params[$param])) { 98 102 return $this->_params[$param]; 99 103 } else { 100 App::logMsg(sprintf('Parameter is not set: %s', $param), LOG_DEBUG, __FILE__, __LINE__);104 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_NOTICE, __FILE__, __LINE__); 101 105 return null; 102 106 } … … 110 114 function clearAuth() 111 115 { 112 $_SESSION[$this->_ sess] = array('authenticated' => false);116 $_SESSION[$this->_ns] = array('authenticated' => false); 113 117 } 114 118 … … 123 127 function setVal($key, $val) 124 128 { 125 if (!isset($_SESSION[$this->_ sess]['user_data'])) {126 $_SESSION[$this->_ sess]['user_data'] = array();127 } 128 $_SESSION[$this->_ sess]['user_data'][$key] = $val;129 if (!isset($_SESSION[$this->_ns]['user_data'])) { 130 $_SESSION[$this->_ns]['user_data'] = array(); 131 } 132 $_SESSION[$this->_ns]['user_data'][$key] = $val; 129 133 } 130 134 … … 139 143 function getVal($key, $default='') 140 144 { 141 if (isset($_SESSION[$this->_ sess][$key])) {142 return $_SESSION[$this->_ sess][$key];143 } else if (isset($_SESSION[$this->_ sess]['user_data'][$key])) {144 return $_SESSION[$this->_ sess]['user_data'][$key];145 if (isset($_SESSION[$this->_ns][$key])) { 146 return $_SESSION[$this->_ns][$key]; 147 } else if (isset($_SESSION[$this->_ns]['user_data'][$key])) { 148 return $_SESSION[$this->_ns]['user_data'][$key]; 145 149 } else { 146 150 return $default; … … 160 164 function authenticate($username, $password) 161 165 { 166 $app =& App::getInstance(); 167 162 168 if ('' == trim($password)) { 163 App::logMsg(_("No password provided for authentication."), LOG_INFO, __FILE__, __LINE__);169 $app->logMsg(_("No password provided for authentication."), LOG_INFO, __FILE__, __LINE__); 164 170 return false; 165 171 } … … 169 175 170 176 if (!isset($this->_users[$username])) { 171 App::logMsg(_("User ID provided does not exist."), LOG_INFO, __FILE__, __LINE__);177 $app->logMsg(_("User ID provided does not exist."), LOG_INFO, __FILE__, __LINE__); 172 178 return false; 173 179 } 174 180 175 181 if ($this->_encrypt($password, $this->_users[$username]) != $this->_users[$username]) { 176 App::logMsg(sprintf('Authentication failed for user %s', $username), LOG_INFO, __FILE__, __LINE__);182 $app->logMsg(sprintf('Authentication failed for user %s', $username), LOG_INFO, __FILE__, __LINE__); 177 183 return false; 178 184 } … … 203 209 } 204 210 205 $_SESSION[$this->_ sess] = array(211 $_SESSION[$this->_ns] = array( 206 212 'authenticated' => true, 207 213 'username' => $username, … … 227 233 function isLoggedIn() 228 234 { 235 $app =& App::getInstance(); 236 229 237 // Some users will access from networks with a changing IP number (i.e. behind a proxy server). These users must be allowed entry by adding their IP to the list of trusted_networks. 230 238 if ($trusted_net = ipInRange(getRemoteAddr(), $this->_params['trusted_networks'])) { 231 239 $user_in_trusted_network = true; 232 App::logMsg(sprintf('User %s accessing from trusted network %s', $_SESSION[$this->_sess]['username'], $trusted_net), LOG_DEBUG, __FILE__, __LINE__);240 $app->logMsg(sprintf('User %s accessing from trusted network %s', $_SESSION[$this->_ns]['username'], $trusted_net), LOG_DEBUG, __FILE__, __LINE__); 233 241 } else if (preg_match('/proxy.aol.com$/i', getRemoteAddr(true))) { 234 242 $user_in_trusted_network = true; 235 App::logMsg(sprintf('User %s accessing from trusted network proxy.aol.com', $_SESSION[$this->_sess]['username']), LOG_DEBUG, __FILE__, __LINE__);243 $app->logMsg(sprintf('User %s accessing from trusted network proxy.aol.com', $_SESSION[$this->_ns]['username']), LOG_DEBUG, __FILE__, __LINE__); 236 244 } else { 237 245 $user_in_trusted_network = false; … … 239 247 240 248 // Test login with information stored in session. Skip IP matching for users from trusted networks. 241 if (isset($_SESSION[$this->_ sess])242 && true === $_SESSION[$this->_ sess]['authenticated']243 && !empty($_SESSION[$this->_ sess]['username'])244 && strtotime($_SESSION[$this->_ sess]['login_datetime']) > time() - $this->_params['login_timeout']245 && strtotime($_SESSION[$this->_ sess]['last_access_datetime']) > time() - $this->_params['idle_timeout']246 && ($_SESSION[$this->_ sess]['remote_ip'] == getRemoteAddr() || $user_in_trusted_network)249 if (isset($_SESSION[$this->_ns]) 250 && true === $_SESSION[$this->_ns]['authenticated'] 251 && !empty($_SESSION[$this->_ns]['username']) 252 && strtotime($_SESSION[$this->_ns]['login_datetime']) > time() - $this->_params['login_timeout'] 253 && strtotime($_SESSION[$this->_ns]['last_access_datetime']) > time() - $this->_params['idle_timeout'] 254 && ($_SESSION[$this->_ns]['remote_ip'] == getRemoteAddr() || $user_in_trusted_network) 247 255 ) { 248 256 // User is authenticated! 249 $_SESSION[$this->_ sess]['last_access_datetime'] = date('Y-m-d H:i:s');257 $_SESSION[$this->_ns]['last_access_datetime'] = date('Y-m-d H:i:s'); 250 258 return true; 251 } else if (isset($_SESSION[$this->_ sess]) && true === $_SESSION[$this->_sess]['authenticated']) {252 if (strtotime($_SESSION[$this->_ sess]['last_access_datetime']) > time() - 43200) {259 } else if (isset($_SESSION[$this->_ns]) && true === $_SESSION[$this->_ns]['authenticated']) { 260 if (strtotime($_SESSION[$this->_ns]['last_access_datetime']) > time() - 43200) { 253 261 // Only raise message if last session is less than 12 hours old. 254 App::raiseMsg(_("Your session has closed. You need to log-in again."), MSG_NOTICE, __FILE__, __LINE__);262 $app->raiseMsg(_("Your session has closed. You need to log-in again."), MSG_NOTICE, __FILE__, __LINE__); 255 263 } 256 264 257 265 // Log the reason for login expiration. 258 266 $expire_reasons = array(); 259 if (empty($_SESSION[$this->_ sess]['username'])) {267 if (empty($_SESSION[$this->_ns]['username'])) { 260 268 $expire_reasons[] = 'username not found'; 261 269 } 262 if (strtotime($_SESSION[$this->_ sess]['login_datetime']) <= time() - $this->_params['login_timeout']) {270 if (strtotime($_SESSION[$this->_ns]['login_datetime']) <= time() - $this->_params['login_timeout']) { 263 271 $expire_reasons[] = 'login_timeout expired'; 264 272 } 265 if (strtotime($_SESSION[$this->_ sess]['last_access_datetime']) <= time() - $this->_params['idle_timeout']) {273 if (strtotime($_SESSION[$this->_ns]['last_access_datetime']) <= time() - $this->_params['idle_timeout']) { 266 274 $expire_reasons[] = 'idle_timeout expired'; 267 275 } 268 if ($_SESSION[$this->_ sess]['remote_ip'] != getRemoteAddr() && !$user_in_trusted_network) {269 $expire_reasons[] = sprintf('remote_ip not matched (%s != %s)', $_SESSION[$this->_ sess]['remote_ip'], getRemoteAddr());270 } 271 App::logMsg(sprintf('User %s session expired: %s', $_SESSION[$this->_sess]['username'], join(', ', $expire_reasons)), LOG_INFO, __FILE__, __LINE__);276 if ($_SESSION[$this->_ns]['remote_ip'] != getRemoteAddr() && !$user_in_trusted_network) { 277 $expire_reasons[] = sprintf('remote_ip not matched (%s != %s)', $_SESSION[$this->_ns]['remote_ip'], getRemoteAddr()); 278 } 279 $app->logMsg(sprintf('User %s session expired: %s', $_SESSION[$this->_ns]['username'], join(', ', $expire_reasons)), LOG_INFO, __FILE__, __LINE__); 272 280 } 273 281 … … 287 295 function requireLogin($message='', $type=MSG_NOTICE, $file=null, $line=null) 288 296 { 297 $app =& App::getInstance(); 298 289 299 if (!$this->isLoggedIn()) { 290 300 // Display message for requiring login. (RaiseMsg will ignore empty strings.) 291 App::raiseMsg($message, $type, $file, $line);301 $app->raiseMsg($message, $type, $file, $line); 292 302 293 303 // Login scripts must have the same 'login' tag for boomerangURL verification/manipulation. 294 App::setBoomerangURL(absoluteMe(), 'login');295 App::dieURL($this->_params['login_url']);304 $app->setBoomerangURL(absoluteMe(), 'login'); 305 $app->dieURL($this->_params['login_url']); 296 306 } 297 307 } … … 308 318 function _loadHTPasswdFile() 309 319 { 320 $app =& App::getInstance(); 321 310 322 static $users = null; 311 323 312 324 if (!file_exists($this->_params['htpasswd_file'])) { 313 App::logMsg(sprintf('htpasswd file missing or not specified: %s', $this->_params['htpasswd_file']), LOG_ERR, __FILE__, __LINE__);325 $app->logMsg(sprintf('htpasswd file missing or not specified: %s', $this->_params['htpasswd_file']), LOG_ERR, __FILE__, __LINE__); 314 326 return false; 315 327 } … … 317 329 if (!isset($users)) { 318 330 if (false === ($users = file($this->_params['htpasswd_file']))) { 319 App::logMsg(sprintf(_("Could not read htpasswd file: %s"), $this->_params['htpasswd_file']), LOG_ERR, __FILE__, __LINE__);331 $app->logMsg(sprintf(_("Could not read htpasswd file: %s"), $this->_params['htpasswd_file']), LOG_ERR, __FILE__, __LINE__); 320 332 return false; 321 333 }
Note: See TracChangeset
for help on using the changeset viewer.
