Changeset 65 for trunk/lib/Auth_File.inc.php

Timestamp:

Feb 15, 2006 3:30:50 AM (18 years ago)

Author:

scdev

Message:

fixed Auth_File

File:

• trunk/lib/Auth_File.inc.php (modified) (7 diffs)

trunk/lib/Auth_File.inc.php

@@ -5 +5 @@
  *
  * @author  Quinn Comendant <quinn@strangecode.com>
- * @inspiration  Horde's Auth class <www.horde.org>
- * @version 1.0
+ * @version 1.1
  */
+
+// Available encryption types for class Auth_SQL.
+define('AUTH_ENCRYPT_MD5', 'md5');
+define('AUTH_ENCRYPT_CRYPT', 'crypt');
+define('AUTH_ENCRYPT_SHA1', 'sha1');
+define('AUTH_ENCRYPT_PLAINTEXT', 'plaintext');
+
 class Auth_File {
 
     var $_params = array(
-        'encryption_type' => 'des',
+        'encryption_type' => AUTH_ENCRYPT_CRYPT,
         'htpasswd_file' => null,
         'login_timeout' => 21600, // 6 hours.
         'idle_timeout' => 3600, // 1 hour.
     );
-    var $auths = array();
+    var $_users = array();
 
     /**
@@ -30 +36 @@
 
         if (!empty($this->_params['htpasswd_file'])) {
-            if (false === ($users = @file($this->_params['htpasswd_file']))) {
+            if (false === ($users = file($this->_params['htpasswd_file']))) {
                 App::logMsg(sprintf(_("Could not read htpasswd file: %s"), $this->_params['htpasswd_file']), LOG_ERR, __FILE__, __LINE__);
             }
@@ -43 +49 @@
 
     /**
+     * Set the params of an auth object.
+     *
+     * @param  array $params   Array of parameter keys and value to set.
+     * @return bool true on success, false on failure
+     */
+    function setParam($params)
+    {
+        if (isset($params) && is_array($params)) {
+            // Merge new parameters with old overriding only those passed.
+            $this->_params = array_merge($this->_params, $params);
+        }
+    }
+
+    /**
+     * Return the value of a parameter, if it exists.
+     *
+     * @access public
+     * @param string $param        Which parameter to return.
+     * @return mixed               Configured parameter value.
+     */
+    function getParam($param)
+    {
+        if (isset($this->_params[$param])) {
+            return $this->_params[$param];
+        } else {
+            App::logMsg(sprintf('Parameter is not set: %s', $param), LOG_DEBUG, __FILE__, __LINE__);
+            return null;
+        }
+    }
+
+    /**
+     * Clear any authentication tokens in the current session. A.K.A. logout.
+     *
+     * @access public
+     */
+    function clearAuth()
+    {
+        $_SESSION['_auth_file'] = array('authenticated' => false);
+    }
+
+    /**
      * Find out if a set of login credentials are valid. Only supports
      * htpasswd files with DES passwords right now.
      *
-     * @access private
-     *
-     * @param string $user_id      The user_id to check.
-     * @param array $password      The password to compare to user_id.
+     * @access public
+     *
+     * @param string $username      The username to check.
+     * @param array $password      The password to compare to username.
      *
      * @return boolean  Whether or not the credentials are valid.
      */
-    function authenticate($user_id, $password)
-    {
-        if (empty($password)) {
-            App::logMsg(_("No password provided for htpasswd authentication."), LOG_NOTICE, __FILE__, __LINE__);
+    function authenticate($username, $password)
+    {
+        if ('' == trim($password)) {
+            App::logMsg(_("No password provided for htpasswd authentication."), LOG_INFO, __FILE__, __LINE__);
             return false;
         }
 
-        if (empty($this->_users[$user_id])) {
-            App::logMsg(_("User ID provided does not exist."), LOG_NOTICE, __FILE__, __LINE__);
+        if (!isset($this->_users[$username])) {
+            App::logMsg(_("User ID provided does not exist."), LOG_INFO, __FILE__, __LINE__);
             return false;
         }
 
-        $hash = $this->_encrypt($password, $this->_salt($user_id));
-        if ($hash == $this->_users[$user_id]) {
+        if ($this->_encrypt($password, $password) == $this->_users[$username]) {
             return true;
         } else {
+            App::logMsg(sprintf('Authentication failed for user %s', $username), LOG_INFO, __FILE__, __LINE__);
             return false;
         }
@@ -76 +123 @@
      * If user passes authentication create authenticated session.
      *
-     * @access private
-     *
-     * @param string $user_id     The user_id to check.
-     * @param array $password     The password to compare to user_id.
+     * @access public
+     *
+     * @param string $username     The username to check.
+     * @param array $password     The password to compare to username.
      *
      * @return boolean  Whether or not the credentials are valid.
      */
-    function login($user_id, $password)
-    {
-        $user_id = trim($user_id);
+    function login($username, $password)
+    {
+        $username = strtolower(trim($username));
 
         $this->clearAuth();
 
-        if ($this->authenticate($user_id, $password)) {
-            $_SESSION['_auth'] = array(
+        if ($this->authenticate($username, $password)) {
+            $_SESSION['_auth_file'] = array(
                 'authenticated' => true,
-                'user_id' => $user_id,
-                'user_type' => 'admin',
-                'priv' => 'editor',
+                'username' => $username,
                 'login_datetime' => date('Y-m-d H:i:s'),
                 'last_access_datetime' => date('Y-m-d H:i:s'),
@@ -105 +150 @@
 
     /**
-     * Clear any authentication tokens in the current session. A.K.A. logout.
-     *
-     * @access public
-     */
-    function clearAuth()
-    {
-        $_SESSION['_auth'] = array();
-        $_SESSION['_auth']['authenticated'] = false;
-    }
-
-    /**
      * Test if user has a currently logged-in session.
      *  - authentication flag set to true
-     *  - user_id not empty
+     *  - username not empty
      *  - total logged-in time is not greater than login_timeout
      *  - idle time is not greater than idle_timeout
@@ -127 +161 @@
     function isLoggedIn()
     {
-        if (isset($_SESSION['_auth'])) {
-            if (true === $_SESSION['_auth']['authenticated']
-            && !empty($_SESSION['_auth']['user_id'])
-            && strtotime($_SESSION['_auth']['login_datetime']) > time() - $this->_params['login_timeout']
-            && strtotime($_SESSION['_auth']['last_access_datetime']) > time() - $this->_params['idle_timeout']
-            && $_SESSION['_auth']['remote_addr'] == getRemoteAddr()
+        if (isset($_SESSION['_auth_file'])) {
+            if (true === $_SESSION['_auth_file']['authenticated']
+            && !empty($_SESSION['_auth_file']['username'])
+            && strtotime($_SESSION['_auth_file']['login_datetime']) > time() - $this->_params['login_timeout']
+            && strtotime($_SESSION['_auth_file']['last_access_datetime']) > time() - $this->_params['idle_timeout']
+            && $_SESSION['_auth_file']['remote_addr'] == getRemoteAddr()
             ) {
-                $_SESSION['_auth']['last_access_datetime'] = date('Y-m-d H:i:s');
+                $_SESSION['_auth_file']['last_access_datetime'] = date('Y-m-d H:i:s');
                 return true;
-            } else if (true === $_SESSION['_auth']['authenticated']) {
+            } else if (true === $_SESSION['_auth_file']['authenticated']) {
                 App::raiseMsg(_("Your session has closed. You need to log-in again."), MSG_NOTICE, __FILE__, __LINE__);
                 $this->clearAuth();
@@ -145 +179 @@
 
     /**
-     * Test if user is of user_type 'admin'.
-     *
-     * @access public
-     */
-    function isAdmin()
-    {
-        if ($_SESSION['_auth']['user_type'] == 'admin') {
-            return true;
-        }
-        return false;
-    }
-
-    /**
-     * Redirect user to login page if they are not logged in.
-     *
-     * @access public
-     */
-    function requireAdminLogin()
-    {
-        if (!$this->isLoggedIn() || !$this->isAdmin()) {
-            App::setBoomerangURL(absoluteMe());
-            App::dieURL('/admin/login.php');
-        }
-    }
-
-    /**
      * Hash a given password according to the configured encryption
      * type.
      *
-     * @param string $password  The password to encrypt.
-     * @param string $salt      The salt to use, if needed.
+     * @param string $password              The password to encrypt.
+     * @param string $encrypted_password    The currently encrypted password to use as salt, if needed.
      *
      * @return string  The hashed password.
      */
-    function _encrypt($password, $salt=null)
+    function _encrypt($password, $encrypted_password=null)
     {
         switch ($this->_params['encryption_type']) {
-        case 'des' :
-            if (isset($salt)) {
-                return crypt($password, $salt);
-            } else {
-                return crypt($password);
-            }
-            break;
+        case AUTH_ENCRYPT_PLAINTEXT :
+            return $password;
+            break;
+
+        case AUTH_ENCRYPT_SHA1 :
+            return sha1($password);
+            break;
+
+        case AUTH_ENCRYPT_MD5 :
+            return md5($password);
+            break;
+
+        case AUTH_ENCRYPT_CRYPT :
         default :
-            App::logMsg('Encryption type not found.', LOG_ERR, __FILE__, __LINE__);
-        }
-
-        return false;
-    }
-
-    /**
-     * Get a salt for $user_id, or generate a new one.
-     *
-     * @return string  The salt.
-     */
-    function _salt($user_id)
-    {
-        switch ($this->_params['encryption_type']) {
-        case 'des':
-            if (!empty($this->_users[$user_id])) {
-                return substr($this->_users[$user_id], 0, 2);
-            }
-            break;
-        default :
-            App::logMsg('Encryption type not found.', LOG_ERR, __FILE__, __LINE__);
-        }
-
-        return '';
-    }
-
-}
+            return crypt($password, $encrypted_password);
+            break;
+        }
+    }
+
+} // end class
 ?>