Changeset 468 for trunk/lib/Auth_File.inc.php
- Timestamp:
- Feb 20, 2014 3:03:59 AM (10 years ago)
- Location:
- trunk
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk
-
Property
svn:mergeinfo
set to
/branches/eli_branch merged eligible
-
Property
svn:mergeinfo
set to
-
trunk/lib/Auth_File.inc.php
r396 r468 4 4 * For details visit the project site: <http://trac.strangecode.com/codebase/> 5 5 * Copyright 2001-2012 Strangecode, LLC 6 * 6 * 7 7 * This file is part of The Strangecode Codebase. 8 8 * … … 11 11 * Free Software Foundation, either version 3 of the License, or (at your option) 12 12 * any later version. 13 * 13 * 14 14 * The Strangecode Codebase is distributed in the hope that it will be useful, but 15 15 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 16 16 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 17 17 * details. 18 * 18 * 19 19 * You should have received a copy of the GNU General Public License along with 20 20 * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>. 21 21 */ 22 22 23 /* *23 /* 24 24 * Auth_File.inc.php 25 25 * … … 30 30 * @version 1.2 31 31 */ 32 32 33 33 // Usage example: 34 34 // $auth = new Auth_File(); … … 40 40 // )); 41 41 42 // Available encryption types for class Auth_SQL.43 define('AUTH_ENCRYPT_MD5', 'md5');44 define('AUTH_ENCRYPT_CRYPT', 'crypt');45 define('AUTH_ENCRYPT_SHA1', 'sha1');46 define('AUTH_ENCRYPT_PLAINTEXT', 'plaintext');47 48 42 class Auth_File { 49 43 44 // Available encryption types for class Auth_File. 45 const ENCRYPT_MD5 = 'md5'; 46 const ENCRYPT_CRYPT = 'crypt'; 47 const ENCRYPT_SHA1 = 'sha1'; 48 const ENCRYPT_PLAINTEXT = 'plaintext'; 49 50 50 // Namespace of this auth object. 51 var$_ns;52 51 private $_ns; 52 53 53 // Parameters to be specified by setParam(). 54 var$_params = array();55 var$_default_params = array(56 54 private $_params = array(); 55 private $_default_params = array( 56 57 57 // Full path to htpasswd file. 58 58 'htpasswd_file' => null, 59 59 60 // The type of encryption to use for passwords stored in the db_table. Use one of the AUTH_ENCRYPT_* types specified above.61 'encryption_type' => AUTH_ENCRYPT_CRYPT,60 // The type of encryption to use for passwords stored in the db_table. Use one of the self::ENCRYPT_* types specified above. 61 'encryption_type' => self::ENCRYPT_CRYPT, 62 62 63 63 // The URL to the login script. … … 77 77 78 78 // Associative array of usernames to hashed passwords. 79 var$_users = array();80 81 /* *82 83 84 85 86 87 88 function Auth_File($namespace='')79 private $_users = array(); 80 81 /* 82 * Constructs a new htpasswd authentication object. 83 * 84 * @access public 85 * 86 * @param optional array $params A hash containing parameters. 87 */ 88 public function __construct($namespace='') 89 89 { 90 90 $this->_ns = $namespace; … … 94 94 } 95 95 96 /* *97 98 99 100 101 102 function setParam($params)96 /* 97 * Set the params of an auth object. 98 * 99 * @param array $params Array of parameter keys and value to set. 100 * @return bool true on success, false on failure 101 */ 102 public function setParam($params) 103 103 { 104 104 if (isset($params) && is_array($params)) { … … 108 108 } 109 109 110 /* *111 112 113 114 115 116 117 function getParam($param)118 { 119 $app =&App::getInstance();120 110 /* 111 * Return the value of a parameter, if it exists. 112 * 113 * @access public 114 * @param string $param Which parameter to return. 115 * @return mixed Configured parameter value. 116 */ 117 public function getParam($param) 118 { 119 $app = &App::getInstance(); 120 121 121 if (isset($this->_params[$param])) { 122 122 return $this->_params[$param]; … … 127 127 } 128 128 129 /* *130 131 132 133 134 function clear()129 /* 130 * Clear any authentication tokens in the current session. A.K.A. logout. 131 * 132 * @access public 133 */ 134 public function clear() 135 135 { 136 136 $_SESSION['_auth_file'][$this->_ns] = array('authenticated' => false); 137 137 } 138 138 139 140 /** 141 * Sets a variable into a registered auth session. 142 * 143 * @access public 144 * @param mixed $key Which value to set. 145 * @param mixed $val Value to set variable to. 146 */ 147 function set($key, $val) 139 /* 140 * Sets a variable into a registered auth session. 141 * 142 * @access public 143 * @param mixed $key Which value to set. 144 * @param mixed $val Value to set variable to. 145 */ 146 public function set($key, $val) 148 147 { 149 148 if (!isset($_SESSION['_auth_file'][$this->_ns]['user_data'])) { … … 153 152 } 154 153 155 /* *156 157 158 159 160 161 162 163 function get($key, $default='')154 /* 155 * Returns a specified value from a registered auth session. 156 * 157 * @access public 158 * @param mixed $key Which value to return. 159 * @param mixed $default Value to return if key not found in user_data. 160 * @return mixed Value stored in session. 161 */ 162 public function get($key, $default='') 164 163 { 165 164 if (isset($_SESSION['_auth_file'][$this->_ns][$key])) { … … 171 170 } 172 171 } 173 /** 174 * Find out if a set of login credentials are valid. Only supports 175 * htpasswd files with DES passwords right now. 176 * 177 * @access public 178 * 179 * @param string $username The username to check. 180 * @param array $password The password to compare to username. 181 * 182 * @return boolean Whether or not the credentials are valid. 183 */ 184 function authenticate($username, $password) 185 { 186 $app =& App::getInstance(); 187 172 173 /* 174 * Find out if a set of login credentials are valid. Only supports 175 * htpasswd files with DES passwords right now. 176 * 177 * @access public 178 * 179 * @param string $username The username to check. 180 * @param array $password The password to compare to username. 181 * 182 * @return boolean Whether or not the credentials are valid. 183 */ 184 public function authenticate($username, $password) 185 { 186 $app = &App::getInstance(); 187 188 188 if ('' == trim($password)) { 189 189 $app->logMsg(_("No password provided for authentication."), LOG_INFO, __FILE__, __LINE__); 190 190 return false; 191 191 } 192 192 193 193 // Load users file. 194 194 $this->_loadHTPasswdFile(); … … 203 203 return false; 204 204 } 205 205 206 206 // Authentication successful! 207 207 return true; 208 208 } 209 209 210 /* *211 212 213 214 215 216 217 218 219 220 function login($username, $password)210 /* 211 * If user passes authentication create authenticated session. 212 * 213 * @access public 214 * 215 * @param string $username The username to check. 216 * @param array $password The password to compare to username. 217 * 218 * @return boolean Whether or not the credentials are valid. 219 */ 220 public function login($username, $password) 221 221 { 222 222 $username = mb_strtolower(trim($username)); … … 228 228 return false; 229 229 } 230 230 231 231 $_SESSION['_auth_file'][$this->_ns] = array( 232 232 'authenticated' => true, … … 241 241 } 242 242 243 /* *244 245 246 247 248 249 250 251 252 253 function isLoggedIn()254 { 255 $app =&App::getInstance();256 243 /* 244 * Test if user has a currently logged-in session. 245 * - authentication flag set to true 246 * - username not empty 247 * - total logged-in time is not greater than login_timeout 248 * - idle time is not greater than idle_timeout 249 * - remote address is the same as the login remote address. 250 * 251 * @access public 252 */ 253 public function isLoggedIn() 254 { 255 $app = &App::getInstance(); 256 257 257 // Some users will access from networks with a changing IP number (i.e. behind a proxy server). These users must be allowed entry by adding their IP to the list of trusted_networks. 258 258 if ($trusted_net = ipInRange(getRemoteAddr(), $this->_params['trusted_networks'])) { … … 268 268 // Test login with information stored in session. Skip IP matching for users from trusted networks. 269 269 if (isset($_SESSION['_auth_file'][$this->_ns]) 270 271 272 273 274 270 && true === $_SESSION['_auth_file'][$this->_ns]['authenticated'] 271 && !empty($_SESSION['_auth_file'][$this->_ns]['username']) 272 && strtotime($_SESSION['_auth_file'][$this->_ns]['login_datetime']) > time() - $this->_params['login_timeout'] 273 && strtotime($_SESSION['_auth_file'][$this->_ns]['last_access_datetime']) > time() - $this->_params['idle_timeout'] 274 && ($_SESSION['_auth_file'][$this->_ns]['remote_ip'] == getRemoteAddr() || $user_in_trusted_network) 275 275 ) { 276 276 // User is authenticated! … … 303 303 } 304 304 305 /* *306 307 308 309 310 311 312 313 314 315 function requireLogin($message='', $type=MSG_NOTICE, $file=null, $line=null)316 { 317 $app =&App::getInstance();318 305 /* 306 * Redirect user to login page if they are not logged in. 307 * 308 * @param string $message The text description of a message to raise. 309 * @param int $type The type of message: MSG_NOTICE, 310 * MSG_SUCCESS, MSG_WARNING, or MSG_ERR. 311 * @param string $file __FILE__. 312 * @param string $line __LINE__. 313 * @access public 314 */ 315 public function requireLogin($message='', $type=MSG_NOTICE, $file=null, $line=null) 316 { 317 $app = &App::getInstance(); 318 319 319 if (!$this->isLoggedIn()) { 320 320 // Display message for requiring login. (RaiseMsg will ignore empty strings.) … … 326 326 } 327 327 } 328 329 /** 330 * Wrapper function for compatibility with lib/Lock.inc.php. 331 * 332 * @param string $username Username to return. 333 * @return string Username, or false if none found. 334 */ 335 function getUsername($username) 336 { 328 329 /* 330 * Wrapper function for compatibility with lib/Lock.inc.php. 331 * 332 * @param string $username Username to return. 333 * @return string Username, or false if none found. 334 */ 335 public function getUsername($username) { 337 336 if ('' != $username) { 338 337 return $username; … … 351 350 * @since 18 Apr 2006 18:17:48 352 351 */ 353 function _loadHTPasswdFile()354 { 355 $app =&App::getInstance();356 352 private function _loadHTPasswdFile() 353 { 354 $app = &App::getInstance(); 355 357 356 static $users = null; 358 357 359 358 if (!file_exists($this->_params['htpasswd_file'])) { 360 359 $app->logMsg(sprintf('htpasswd file missing or not specified: %s', $this->_params['htpasswd_file']), LOG_ERR, __FILE__, __LINE__); 361 360 return false; 362 361 } 363 362 364 363 if (!isset($users)) { 365 364 if (false === ($users = file($this->_params['htpasswd_file']))) { … … 379 378 } 380 379 381 /* *382 383 384 385 386 387 388 389 390 function _encrypt($password, $encrypted_password=null)380 /* 381 * Hash a given password according to the configured encryption 382 * type. 383 * 384 * @param string $password The password to encrypt. 385 * @param string $encrypted_password The currently encrypted password to use as salt, if needed. 386 * 387 * @return string The hashed password. 388 */ 389 private function _encrypt($password, $encrypted_password=null) 391 390 { 392 391 switch ($this->_params['encryption_type']) { 393 case AUTH_ENCRYPT_PLAINTEXT :392 case self::ENCRYPT_PLAINTEXT : 394 393 return $password; 395 394 break; 396 395 397 case AUTH_ENCRYPT_SHA1 :396 case self::ENCRYPT_SHA1 : 398 397 return sha1($password); 399 398 break; 400 399 401 case AUTH_ENCRYPT_MD5 :400 case self::ENCRYPT_MD5 : 402 401 return md5($password); 403 402 break; 404 403 405 case AUTH_ENCRYPT_CRYPT :404 case self::ENCRYPT_CRYPT : 406 405 default : 407 406 return crypt($password, $encrypted_password); … … 411 410 412 411 } // end class 413 ?>
Note: See TracChangeset
for help on using the changeset viewer.