Changeset 468 for trunk/lib/Auth_SQL.inc.php
- Timestamp:
- Feb 20, 2014 3:03:59 AM (10 years ago)
- Location:
- trunk
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk
-
Property
svn:mergeinfo
set to
/branches/eli_branch merged eligible
-
Property
svn:mergeinfo
set to
-
trunk/lib/Auth_SQL.inc.php
r465 r468 28 28 */ 29 29 30 // Available encryption types for class Auth_SQL.31 define('AUTH_ENCRYPT_PLAINTEXT', 1);32 define('AUTH_ENCRYPT_CRYPT', 2);33 define('AUTH_ENCRYPT_SHA1', 3);34 define('AUTH_ENCRYPT_SHA1_HARDENED', 4);35 define('AUTH_ENCRYPT_MD5', 5);36 define('AUTH_ENCRYPT_MD5_HARDENED', 6);37 38 30 require_once dirname(__FILE__) . '/Email.inc.php'; 39 31 40 32 class Auth_SQL { 41 33 34 // Available encryption types for class Auth_SQL. 35 const ENCRYPT_PLAINTEXT = 1; 36 const ENCRYPT_CRYPT = 2; 37 const ENCRYPT_SHA1 = 3; 38 const ENCRYPT_SHA1_HARDENED = 4; 39 const ENCRYPT_MD5 = 5; 40 const ENCRYPT_MD5_HARDENED = 6; 41 42 42 // Namespace of this auth object. 43 var$_ns;43 private $_ns; 44 44 45 45 // Static var for test. 46 var$_authentication_tested;46 private $_authentication_tested; 47 47 48 48 // Parameters to be configured by setParam. 49 var$_params = array();50 var$_default_params = array(49 private $_params = array(); 50 private $_default_params = array( 51 51 52 52 // Automatically create table and verify columns. Better set to false after site launch. … … 66 66 'db_login_table' => 'user_login_tbl', 67 67 68 // The type of encryption to use for passwords stored in the db_table. Use one of the A UTH_ENCRYPT_* types specified above.68 // The type of encryption to use for passwords stored in the db_table. Use one of the Auth_SQL::ENCRYPT_* types specified above. 69 69 // Hardened password hashes rely on the same key/salt being used to compare encryptions. 70 70 // Be aware that when using one of the hardened types the App signing_key or $more_salt below cannot change! 71 'encryption_type' => AUTH_ENCRYPT_MD5,71 'encryption_type' => self::ENCRYPT_MD5, 72 72 73 73 // The URL to the login script. … … 127 127 * @param optional array $params A hash containing parameters. 128 128 */ 129 function Auth_SQL($namespace='')129 public function __construct($namespace='') 130 130 { 131 131 $app =& App::getInstance(); … … 153 153 * @since 26 Aug 2005 17:09:36 154 154 */ 155 function initDB($recreate_db=false)155 public function initDB($recreate_db=false) 156 156 { 157 157 $app =& App::getInstance(); … … 253 253 * @return bool true on success, false on failure 254 254 */ 255 function setParam($params)255 public function setParam($params) 256 256 { 257 257 if (isset($params['match_remote_ip_exempt_usernames'])) { … … 274 274 * @return mixed Configured parameter value. 275 275 */ 276 function getParam($param)276 public function getParam($param) 277 277 { 278 278 $app =& App::getInstance(); … … 291 291 * @access public 292 292 */ 293 function clear()293 public function clear() 294 294 { 295 295 $db =& DB::getInstance(); … … 326 326 * @param mixed $val Value to set variable to. 327 327 */ 328 function set($key, $val)328 public function set($key, $val) 329 329 { 330 330 if (!isset($_SESSION['_auth_sql'][$this->_ns]['user_data'])) { … … 342 342 * @return mixed Value stored in session. 343 343 */ 344 function get($key, $default='')344 public function get($key, $default='') 345 345 { 346 346 if (isset($_SESSION['_auth_sql'][$this->_ns][$key])) { … … 361 361 * @return mixed False if credentials not found in DB, or returns DB row matching credentials. 362 362 */ 363 function authenticate($username, $password)363 public function authenticate($username, $password) 364 364 { 365 365 $app =& App::getInstance(); … … 369 369 370 370 switch ($this->_params['encryption_type']) { 371 case AUTH_ENCRYPT_CRYPT :371 case self::ENCRYPT_CRYPT : 372 372 // Query DB for user matching credentials. Compare cyphertext with salted-encrypted password. 373 373 $qid = $db->query(" … … 378 378 "); 379 379 break; 380 case AUTH_ENCRYPT_PLAINTEXT :381 case AUTH_ENCRYPT_MD5 :382 case AUTH_ENCRYPT_SHA1 :380 case self::ENCRYPT_PLAINTEXT : 381 case self::ENCRYPT_MD5 : 382 case self::ENCRYPT_SHA1 : 383 383 default : 384 384 // Query DB for user matching credentials. Directly compare cyphertext with result from encryptPassword(). … … 412 412 * @return boolean Whether or not the credentials are valid. 413 413 */ 414 function login($username, $password)414 public function login($username, $password) 415 415 { 416 416 $app =& App::getInstance(); … … 421 421 $this->clear(); 422 422 423 if (! $user_data = $this->authenticate($username, $password)) {423 if (!($user_data = $this->authenticate($username, $password))) { 424 424 // No login: failed authentication! 425 425 return false; … … 539 539 * @access public 540 540 */ 541 function isLoggedIn($user_id=null)541 public function isLoggedIn($user_id=null) 542 542 { 543 543 $app =& App::getInstance(); … … 671 671 * @access public 672 672 */ 673 function requireLogin($message='', $type=MSG_NOTICE, $file=null, $line=null)673 public function requireLogin($message='', $type=MSG_NOTICE, $file=null, $line=null) 674 674 { 675 675 $app =& App::getInstance(); … … 693 693 * @param string $reason The reason for blocking the account. 694 694 */ 695 function blockAccount($user_id=null, $reason='')695 public function blockAccount($user_id=null, $reason='') 696 696 { 697 697 $app =& App::getInstance(); … … 723 723 * @return boolean True if the user is blocked, false otherwise. 724 724 */ 725 function isBlocked($user_id=null)725 public function isBlocked($user_id=null) 726 726 { 727 727 $db =& DB::getInstance(); … … 745 745 * Unblocks a user in the db_table, and clears any blocked_reason. 746 746 */ 747 function unblockAccount($user_id=null)747 public function unblockAccount($user_id=null) 748 748 { 749 749 $db =& DB::getInstance(); … … 769 769 * @return bool True if username exists. 770 770 */ 771 function usernameExists($username)771 public function usernameExists($username) 772 772 { 773 773 $db =& DB::getInstance(); … … 789 789 * @return string Username, or false if none found. 790 790 */ 791 function getUsername($user_id)791 public function getUsername($user_id) 792 792 { 793 793 $db =& DB::getInstance(); … … 813 813 * patterns, at minimum the US State Department standard: cvcddcvc. 814 814 * 815 * - x a random upper or lower alpha character or digit816 * - C a random upper or lower consonant817 * - V a random upper or lower vowel818 * - c a random lowercase consonant819 * - v a random lowercase vowel820 * - d a random digit815 * - x A random upper or lower character, digit, or punctuation. 816 * - C A random upper or lower consonant. 817 * - V A random upper or lower vowel. 818 * - c A random lowercase consonant. 819 * - v A random lowercase vowel. 820 * - d A random digit. 821 821 * 822 822 * @param string $pattern a sequence of character types, above. 823 823 * @return string a password 824 824 */ 825 function generatePassword($pattern='CvcdCvc')825 public function generatePassword($pattern='CvcdCvc') 826 826 { 827 827 $app =& App::getInstance(); … … 846 846 * 847 847 */ 848 function encryptPassword($password, $salt=null)848 public function encryptPassword($password, $salt=null) 849 849 { 850 850 $app =& App::getInstance(); … … 855 855 856 856 switch ($this->_params['encryption_type']) { 857 case AUTH_ENCRYPT_PLAINTEXT :857 case self::ENCRYPT_PLAINTEXT : 858 858 return $password; 859 859 break; 860 860 861 case AUTH_ENCRYPT_CRYPT :861 case self::ENCRYPT_CRYPT : 862 862 // If comparing plaintext password with a hash, provide first two chars of the hash as the salt. 863 863 return isset($salt) ? crypt($password, mb_substr($salt, 0, 2)) : crypt($password); 864 864 break; 865 865 866 case AUTH_ENCRYPT_SHA1 :866 case self::ENCRYPT_SHA1 : 867 867 return sha1($password); 868 868 break; 869 869 870 case AUTH_ENCRYPT_SHA1_HARDENED :870 case self::ENCRYPT_SHA1_HARDENED : 871 871 $hash = sha1($app->getParam('signing_key') . $password . $more_salt); 872 872 // Increase key strength by 12 bits. … … 877 877 break; 878 878 879 case AUTH_ENCRYPT_MD5 :879 case self::ENCRYPT_MD5 : 880 880 return md5($password); 881 881 break; 882 882 883 case AUTH_ENCRYPT_MD5_HARDENED :883 case self::ENCRYPT_MD5_HARDENED : 884 884 // Include salt to improve hash 885 885 $hash = md5($app->getParam('signing_key') . $password . $more_salt); … … 901 901 * 902 902 */ 903 function setPassword($user_id=null, $password)903 public function setPassword($user_id=null, $password) 904 904 { 905 905 $app =& App::getInstance(); … … 951 951 * @return string The user's new password. 952 952 */ 953 function resetPassword($user_id=null, $reason='')953 public function resetPassword($user_id=null, $reason='') 954 954 { 955 955 $app =& App::getInstance(); … … 1016 1016 * @return bool true if user is a member of security zone, false otherwise 1017 1017 */ 1018 function inClearanceZone($security_zone, $user_type='') 1019 { 1020 // return true; /// WTF? 1018 public function inClearanceZone($security_zone, $user_type='') 1019 { 1021 1020 $zone_members = preg_split('/,\s*/', $security_zone); 1022 1021 $user_type = empty($user_type) ? $this->get('user_type') : $user_type; … … 1039 1038 * @param constant $security_zone string of comma delimited privileges for the zone 1040 1039 */ 1041 function requireAccessClearance($security_zone, $message='')1040 public function requireAccessClearance($security_zone, $message='') 1042 1041 { 1043 1042 $app =& App::getInstance(); 1044 1043 1045 // return true; /// WTF?1046 1044 $zone_members = preg_split('/,\s*/', $security_zone); 1047 1045 … … 1097 1095 // 128.0.0.0 10000000.00000000.00000000.00000000 /1 1098 1096 // 0.0.0.0 00000000.00000000.00000000.00000000 /0 IP space 1099 ?>
Note: See TracChangeset
for help on using the changeset viewer.