Changeset 439 for branches/eli_branch/lib/Auth_File.inc.php

Timestamp:

Nov 30, 2013 7:30:44 PM (11 years ago)

Author:

anonymous

Message:

added public and private keywords to all properties and methods, changed old classname constructor function to construct, removed more ?> closing tags

File:

• branches/eli_branch/lib/Auth_File.inc.php (modified) (19 diffs)

branches/eli_branch/lib/Auth_File.inc.php

@@ -4 +4 @@
  * For details visit the project site: <http://trac.strangecode.com/codebase/>
  * Copyright 2001-2012 Strangecode, LLC
- * 
+ *
  * This file is part of The Strangecode Codebase.
  *
@@ -11 +11 @@
  * Free Software Foundation, either version 3 of the License, or (at your option)
  * any later version.
- * 
+ *
  * The Strangecode Codebase is distributed in the hope that it will be useful, but
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
  * details.
- * 
+ *
  * You should have received a copy of the GNU General Public License along with
  * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>.
@@ -30 +30 @@
  * @version 1.2
  */
- 
+
 // Usage example:
 // $auth = new Auth_File();
@@ -47 +47 @@
 
 class Auth_File {
-    
+
     // Namespace of this auth object.
-    var $_ns;
-    
+    private $_ns;
+
     // Parameters to be specified by setParam().
-    var $_params = array();
-    var $_default_params = array(
-        
-        // Full path to htpasswd file.
-        'htpasswd_file' => null,
-
-        // The type of encryption to use for passwords stored in the db_table. Use one of the AUTH_ENCRYPT_* types specified above.
-        'encryption_type' => AUTH_ENCRYPT_CRYPT,
-
-        // The URL to the login script.
-        'login_url' => '/',
-
-        // The maximum amount of time a user is allowed to be logged in. They will be forced to login again if they expire.
-        // This applies to admins and users. In seconds. 21600 seconds = 6 hours.
-        'login_timeout' => 21600,
-
-        // The maximum amount of time a user is allowed to be idle before their session expires. They will be forced to login again if they expire.
-        // This applies to admins and users. In seconds. 3600 seconds = 1 hour.
-        'idle_timeout' => 3600,
-
-        // An array of IP blocks that are bypass the remote_ip comparison check. Useful for dynamic IPs or those behind proxy servers.
-        'trusted_networks' => array(),
-    );
+    private $_params = array();
+    private $_default_params = array(
+
+    // Full path to htpasswd file.
+    'htpasswd_file' => null,
+
+    // The type of encryption to use for passwords stored in the db_table. Use one of the AUTH_ENCRYPT_* types specified above.
+    'encryption_type' => AUTH_ENCRYPT_CRYPT,
+
+    // The URL to the login script.
+    'login_url' => '/',
+
+    // The maximum amount of time a user is allowed to be logged in. They will be forced to login again if they expire.
+    // This applies to admins and users. In seconds. 21600 seconds = 6 hours.
+    'login_timeout' => 21600,
+
+    // The maximum amount of time a user is allowed to be idle before their session expires. They will be forced to login again if they expire.
+    // This applies to admins and users. In seconds. 3600 seconds = 1 hour.
+    'idle_timeout' => 3600,
+
+    // An array of IP blocks that are bypass the remote_ip comparison check. Useful for dynamic IPs or those behind proxy servers.
+    'trusted_networks' => array(), );
 
     // Associative array of usernames to hashed passwords.
-    var $_users = array();
+    private $_users = array();
 
     /**
@@ -86 +85 @@
      * @param optional array $params  A hash containing parameters.
      */
-    function Auth_File($namespace='')
-    {
-        $this->_ns = $namespace;
+    public function __construct($namespace = '') {
+        $this -> _ns = $namespace;
 
         // Initialize default parameters.
-        $this->setParam($this->_default_params);
+        $this -> setParam($this -> _default_params);
     }
 
@@ -100 +98 @@
      * @return bool true on success, false on failure
      */
-    function setParam($params)
-    {
+    public function setParam($params) {
         if (isset($params) && is_array($params)) {
             // Merge new parameters with old overriding only those passed.
-            $this->_params = array_merge($this->_params, $params);
+            $this -> _params = array_merge($this -> _params, $params);
         }
     }
@@ -115 +112 @@
      * @return mixed               Configured parameter value.
      */
-    function getParam($param)
-    {
-        $app =& App::getInstance();
-    
-        if (isset($this->_params[$param])) {
-            return $this->_params[$param];
+    public function getParam($param) {
+        $app = &App::getInstance();
+
+        if (isset($this -> _params[$param])) {
+            return $this -> _params[$param];
         } else {
-            $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_DEBUG, __FILE__, __LINE__);
+            $app -> logMsg(sprintf('Parameter is not set: %s', $param), LOG_DEBUG, __FILE__, __LINE__);
             return null;
         }
@@ -132 +128 @@
      * @access public
      */
-    function clear()
-    {
-        $_SESSION['_auth_file'][$this->_ns] = array('authenticated' => false);
-    }
-
+    public function clear() {
+        $_SESSION['_auth_file'][$this -> _ns] = array('authenticated' => false);
+    }
 
     /**
@@ -145 +139 @@
      * @param mixed $val      Value to set variable to.
      */
-    function set($key, $val)
-    {
-        if (!isset($_SESSION['_auth_file'][$this->_ns]['user_data'])) {
-            $_SESSION['_auth_file'][$this->_ns]['user_data'] = array();
-        }
-        $_SESSION['_auth_file'][$this->_ns]['user_data'][$key] = $val;
+    public function set($key, $val) {
+        if (!isset($_SESSION['_auth_file'][$this -> _ns]['user_data'])) {
+            $_SESSION['_auth_file'][$this -> _ns]['user_data'] = array();
+        }
+        $_SESSION['_auth_file'][$this -> _ns]['user_data'][$key] = $val;
     }
 
@@ -161 +154 @@
      * @return mixed          Value stored in session.
      */
-    function get($key, $default='')
-    {
-        if (isset($_SESSION['_auth_file'][$this->_ns][$key])) {
-            return $_SESSION['_auth_file'][$this->_ns][$key];
-        } else if (isset($_SESSION['_auth_file'][$this->_ns]['user_data'][$key])) {
-            return $_SESSION['_auth_file'][$this->_ns]['user_data'][$key];
+    public function get($key, $default = '') {
+        if (isset($_SESSION['_auth_file'][$this -> _ns][$key])) {
+            return $_SESSION['_auth_file'][$this -> _ns][$key];
+        } else if (isset($_SESSION['_auth_file'][$this -> _ns]['user_data'][$key])) {
+            return $_SESSION['_auth_file'][$this -> _ns]['user_data'][$key];
         } else {
             return $default;
         }
     }
+
     /**
      * Find out if a set of login credentials are valid. Only supports
@@ -182 +175 @@
      * @return boolean  Whether or not the credentials are valid.
      */
-    function authenticate($username, $password)
-    {
-        $app =& App::getInstance();
-    
+    public function authenticate($username, $password) {
+        $app = &App::getInstance();
+
         if ('' == trim($password)) {
-            $app->logMsg(_("No password provided for authentication."), LOG_INFO, __FILE__, __LINE__);
-            return false;
-        }
-        
+            $app -> logMsg(_("No password provided for authentication."), LOG_INFO, __FILE__, __LINE__);
+            return false;
+        }
+
         // Load users file.
-        $this->_loadHTPasswdFile();
-
-        if (!isset($this->_users[$username])) {
-            $app->logMsg(_("User ID provided does not exist."), LOG_INFO, __FILE__, __LINE__);
-            return false;
-        }
-
-        if ($this->_encrypt($password, $this->_users[$username]) != $this->_users[$username]) {
-            $app->logMsg(sprintf('Authentication failed for user %s', $username), LOG_INFO, __FILE__, __LINE__);
-            return false;
-        }
-        
+        $this -> _loadHTPasswdFile();
+
+        if (!isset($this -> _users[$username])) {
+            $app -> logMsg(_("User ID provided does not exist."), LOG_INFO, __FILE__, __LINE__);
+            return false;
+        }
+
+        if ($this -> _encrypt($password, $this -> _users[$username]) != $this -> _users[$username]) {
+            $app -> logMsg(sprintf('Authentication failed for user %s', $username), LOG_INFO, __FILE__, __LINE__);
+            return false;
+        }
+
         // Authentication successful!
         return true;
@@ -218 +210 @@
      * @return boolean  Whether or not the credentials are valid.
      */
-    function login($username, $password)
-    {
+    public function login($username, $password) {
         $username = mb_strtolower(trim($username));
 
-        $this->clear();
-
-        if (!$this->authenticate($username, $password)) {
+        $this -> clear();
+
+        if (!$this -> authenticate($username, $password)) {
             // No login: failed authentication!
             return false;
         }
-        
-        $_SESSION['_auth_file'][$this->_ns] = array(
-            'authenticated' => true,
-            'username' => $username,
-            'login_datetime' => date('Y-m-d H:i:s'),
-            'last_access_datetime' => date('Y-m-d H:i:s'),
-            'remote_ip' => getRemoteAddr()
-        );
+
+        $_SESSION['_auth_file'][$this -> _ns] = array('authenticated' => true, 'username' => $username, 'login_datetime' => date('Y-m-d H:i:s'), 'last_access_datetime' => date('Y-m-d H:i:s'), 'remote_ip' => getRemoteAddr());
 
         // We're logged-in!
@@ -251 +236 @@
      * @access public
      */
-    function isLoggedIn()
-    {
-        $app =& App::getInstance();
-    
+    public function isLoggedIn() {
+        $app = &App::getInstance();
+
         // Some users will access from networks with a changing IP number (i.e. behind a proxy server). These users must be allowed entry by adding their IP to the list of trusted_networks.
-        if ($trusted_net = ipInRange(getRemoteAddr(), $this->_params['trusted_networks'])) {
+        if ($trusted_net = ipInRange(getRemoteAddr(), $this -> _params['trusted_networks'])) {
             $user_in_trusted_network = true;
-            $app->logMsg(sprintf('User %s accessing from trusted network %s', $_SESSION['_auth_file'][$this->_ns]['username'], $trusted_net), LOG_DEBUG, __FILE__, __LINE__);
+            $app -> logMsg(sprintf('User %s accessing from trusted network %s', $_SESSION['_auth_file'][$this -> _ns]['username'], $trusted_net), LOG_DEBUG, __FILE__, __LINE__);
         } else if (preg_match('/proxy.aol.com$/i', getRemoteAddr(true))) {
             $user_in_trusted_network = true;
-            $app->logMsg(sprintf('User %s accessing from trusted network proxy.aol.com', $_SESSION['_auth_file'][$this->_ns]['username']), LOG_DEBUG, __FILE__, __LINE__);
+            $app -> logMsg(sprintf('User %s accessing from trusted network proxy.aol.com', $_SESSION['_auth_file'][$this -> _ns]['username']), LOG_DEBUG, __FILE__, __LINE__);
         } else {
             $user_in_trusted_network = false;
@@ -267 +251 @@
 
         // Test login with information stored in session. Skip IP matching for users from trusted networks.
-        if (isset($_SESSION['_auth_file'][$this->_ns])
-            && true === $_SESSION['_auth_file'][$this->_ns]['authenticated']
-            && !empty($_SESSION['_auth_file'][$this->_ns]['username'])
-            && strtotime($_SESSION['_auth_file'][$this->_ns]['login_datetime']) > time() - $this->_params['login_timeout']
-            && strtotime($_SESSION['_auth_file'][$this->_ns]['last_access_datetime']) > time() - $this->_params['idle_timeout']
-            && ($_SESSION['_auth_file'][$this->_ns]['remote_ip'] == getRemoteAddr() || $user_in_trusted_network)
-        ) {
+        if (isset($_SESSION['_auth_file'][$this -> _ns]) && true === $_SESSION['_auth_file'][$this -> _ns]['authenticated'] && !empty($_SESSION['_auth_file'][$this -> _ns]['username']) && strtotime($_SESSION['_auth_file'][$this -> _ns]['login_datetime']) > time() - $this -> _params['login_timeout'] && strtotime($_SESSION['_auth_file'][$this -> _ns]['last_access_datetime']) > time() - $this -> _params['idle_timeout'] && ($_SESSION['_auth_file'][$this -> _ns]['remote_ip'] == getRemoteAddr() || $user_in_trusted_network)) {
             // User is authenticated!
-            $_SESSION['_auth_file'][$this->_ns]['last_access_datetime'] = date('Y-m-d H:i:s');
+            $_SESSION['_auth_file'][$this -> _ns]['last_access_datetime'] = date('Y-m-d H:i:s');
             return true;
-        } else if (isset($_SESSION['_auth_file'][$this->_ns]) && true === $_SESSION['_auth_file'][$this->_ns]['authenticated']) {
-            if (strtotime($_SESSION['_auth_file'][$this->_ns]['last_access_datetime']) > time() - 43200) {
+        } else if (isset($_SESSION['_auth_file'][$this -> _ns]) && true === $_SESSION['_auth_file'][$this -> _ns]['authenticated']) {
+            if (strtotime($_SESSION['_auth_file'][$this -> _ns]['last_access_datetime']) > time() - 43200) {
                 // Only raise message if last session is less than 12 hours old.
-                $app->raiseMsg(_("Your session has closed. You need to log-in again."), MSG_NOTICE, __FILE__, __LINE__);
+                $app -> raiseMsg(_("Your session has closed. You need to log-in again."), MSG_NOTICE, __FILE__, __LINE__);
             }
 
             // Log the reason for login expiration.
             $expire_reasons = array();
-            if (empty($_SESSION['_auth_file'][$this->_ns]['username'])) {
+            if (empty($_SESSION['_auth_file'][$this -> _ns]['username'])) {
                 $expire_reasons[] = 'username not found';
             }
-            if (strtotime($_SESSION['_auth_file'][$this->_ns]['login_datetime']) <= time() - $this->_params['login_timeout']) {
+            if (strtotime($_SESSION['_auth_file'][$this -> _ns]['login_datetime']) <= time() - $this -> _params['login_timeout']) {
                 $expire_reasons[] = 'login_timeout expired';
             }
-            if (strtotime($_SESSION['_auth_file'][$this->_ns]['last_access_datetime']) <= time() - $this->_params['idle_timeout']) {
+            if (strtotime($_SESSION['_auth_file'][$this -> _ns]['last_access_datetime']) <= time() - $this -> _params['idle_timeout']) {
                 $expire_reasons[] = 'idle_timeout expired';
             }
-            if ($_SESSION['_auth_file'][$this->_ns]['remote_ip'] != getRemoteAddr() && !$user_in_trusted_network) {
-                $expire_reasons[] = sprintf('remote_ip not matched (%s != %s)', $_SESSION['_auth_file'][$this->_ns]['remote_ip'], getRemoteAddr());
-            }
-            $app->logMsg(sprintf('User %s session expired: %s', $_SESSION['_auth_file'][$this->_ns]['username'], join(', ', $expire_reasons)), LOG_INFO, __FILE__, __LINE__);
+            if ($_SESSION['_auth_file'][$this -> _ns]['remote_ip'] != getRemoteAddr() && !$user_in_trusted_network) {
+                $expire_reasons[] = sprintf('remote_ip not matched (%s != %s)', $_SESSION['_auth_file'][$this -> _ns]['remote_ip'], getRemoteAddr());
+            }
+            $app -> logMsg(sprintf('User %s session expired: %s', $_SESSION['_auth_file'][$this -> _ns]['username'], join(', ', $expire_reasons)), LOG_INFO, __FILE__, __LINE__);
         }
 
@@ -313 +291 @@
      * @access public
      */
-    function requireLogin($message='', $type=MSG_NOTICE, $file=null, $line=null)
-    {
-        $app =& App::getInstance();
-    
-        if (!$this->isLoggedIn()) {
+    public function requireLogin($message = '', $type = MSG_NOTICE, $file = null, $line = null) {
+        $app = &App::getInstance();
+
+        if (!$this -> isLoggedIn()) {
             // Display message for requiring login. (RaiseMsg will ignore empty strings.)
-            $app->raiseMsg($message, $type, $file, $line);
+            $app -> raiseMsg($message, $type, $file, $line);
 
             // Login scripts must have the same 'login' tag for boomerangURL verification/manipulation.
-            $app->setBoomerangURL(absoluteMe(), 'login');
-            $app->dieURL($this->_params['login_url']);
-        }
-    }
-    
+            $app -> setBoomerangURL(absoluteMe(), 'login');
+            $app -> dieURL($this -> _params['login_url']);
+        }
+    }
+
     /**
      * Wrapper function for compatibility with lib/Lock.inc.php.
@@ -333 +310 @@
      * @return string               Username, or false if none found.
      */
-    function getUsername($username)
-    {
+    public function getUsername($username) {
         if ('' != $username) {
             return $username;
@@ -343 +319 @@
 
     /*
-    * Reads the configured htpasswd file into the _users array.
-    *
-    * @access   public
-    * @return   false on error, true on success.
-    * @author   Quinn Comendant <quinn@strangecode.com>
-    * @version  1.0
-    * @since    18 Apr 2006 18:17:48
-    */
-    function _loadHTPasswdFile()
-    {
-        $app =& App::getInstance();
-    
+     * Reads the configured htpasswd file into the _users array.
+     *
+     * @access   public
+     * @return   false on error, true on success.
+     * @author   Quinn Comendant <quinn@strangecode.com>
+     * @version  1.0
+     * @since    18 Apr 2006 18:17:48
+     */
+    private function _loadHTPasswdFile() {
+        $app = &App::getInstance();
+
         static $users = null;
-        
-        if (!file_exists($this->_params['htpasswd_file'])) {
-            $app->logMsg(sprintf('htpasswd file missing or not specified: %s', $this->_params['htpasswd_file']), LOG_ERR, __FILE__, __LINE__);
-            return false;
-        }
-        
+
+        if (!file_exists($this -> _params['htpasswd_file'])) {
+            $app -> logMsg(sprintf('htpasswd file missing or not specified: %s', $this -> _params['htpasswd_file']), LOG_ERR, __FILE__, __LINE__);
+            return false;
+        }
+
         if (!isset($users)) {
-            if (false === ($users = file($this->_params['htpasswd_file']))) {
-                $app->logMsg(sprintf('Could not read htpasswd file: %s', $this->_params['htpasswd_file']), LOG_ERR, __FILE__, __LINE__);
+            if (false === ($users = file($this -> _params['htpasswd_file']))) {
+                $app -> logMsg(sprintf('Could not read htpasswd file: %s', $this -> _params['htpasswd_file']), LOG_ERR, __FILE__, __LINE__);
                 return false;
             }
@@ -372 +347 @@
             foreach ($users as $u) {
                 list($user, $pass) = explode(':', $u, 2);
-                $this->_users[trim($user)] = trim($pass);
+                $this -> _users[trim($user)] = trim($pass);
             }
             return true;
@@ -388 +363 @@
      * @return string  The hashed password.
      */
-    function _encrypt($password, $encrypted_password=null)
-    {
+    private function _encrypt($password, $encrypted_password = null) {
         switch ($this->_params['encryption_type']) {
-        case AUTH_ENCRYPT_PLAINTEXT :
-            return $password;
-            break;
-
-        case AUTH_ENCRYPT_SHA1 :
-            return sha1($password);
-            break;
-
-        case AUTH_ENCRYPT_MD5 :
-            return md5($password);
-            break;
-
-        case AUTH_ENCRYPT_CRYPT :
-        default :
-            return crypt($password, $encrypted_password);
-            break;
+            case AUTH_ENCRYPT_PLAINTEXT :
+                return $password;
+                break;
+
+            case AUTH_ENCRYPT_SHA1 :
+                return sha1($password);
+                break;
+
+            case AUTH_ENCRYPT_MD5 :
+                return md5($password);
+                break;
+
+            case AUTH_ENCRYPT_CRYPT :
+            default :
+                return crypt($password, $encrypted_password);
+                break;
         }
     }
 
 } // end class
-?>