Changeset 65 for trunk/lib/Auth_File.inc.php
- Timestamp:
- Feb 15, 2006 3:30:50 AM (18 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/Auth_File.inc.php
r64 r65 5 5 * 6 6 * @author Quinn Comendant <quinn@strangecode.com> 7 * @inspiration Horde's Auth class <www.horde.org> 8 * @version 1.0 7 * @version 1.1 9 8 */ 9 10 // Available encryption types for class Auth_SQL. 11 define('AUTH_ENCRYPT_MD5', 'md5'); 12 define('AUTH_ENCRYPT_CRYPT', 'crypt'); 13 define('AUTH_ENCRYPT_SHA1', 'sha1'); 14 define('AUTH_ENCRYPT_PLAINTEXT', 'plaintext'); 15 10 16 class Auth_File { 11 17 12 18 var $_params = array( 13 'encryption_type' => 'des',19 'encryption_type' => AUTH_ENCRYPT_CRYPT, 14 20 'htpasswd_file' => null, 15 21 'login_timeout' => 21600, // 6 hours. 16 22 'idle_timeout' => 3600, // 1 hour. 17 23 ); 18 var $ auths = array();24 var $_users = array(); 19 25 20 26 /** … … 30 36 31 37 if (!empty($this->_params['htpasswd_file'])) { 32 if (false === ($users = @file($this->_params['htpasswd_file']))) {38 if (false === ($users = file($this->_params['htpasswd_file']))) { 33 39 App::logMsg(sprintf(_("Could not read htpasswd file: %s"), $this->_params['htpasswd_file']), LOG_ERR, __FILE__, __LINE__); 34 40 } … … 43 49 44 50 /** 51 * Set the params of an auth object. 52 * 53 * @param array $params Array of parameter keys and value to set. 54 * @return bool true on success, false on failure 55 */ 56 function setParam($params) 57 { 58 if (isset($params) && is_array($params)) { 59 // Merge new parameters with old overriding only those passed. 60 $this->_params = array_merge($this->_params, $params); 61 } 62 } 63 64 /** 65 * Return the value of a parameter, if it exists. 66 * 67 * @access public 68 * @param string $param Which parameter to return. 69 * @return mixed Configured parameter value. 70 */ 71 function getParam($param) 72 { 73 if (isset($this->_params[$param])) { 74 return $this->_params[$param]; 75 } else { 76 App::logMsg(sprintf('Parameter is not set: %s', $param), LOG_DEBUG, __FILE__, __LINE__); 77 return null; 78 } 79 } 80 81 /** 82 * Clear any authentication tokens in the current session. A.K.A. logout. 83 * 84 * @access public 85 */ 86 function clearAuth() 87 { 88 $_SESSION['_auth_file'] = array('authenticated' => false); 89 } 90 91 /** 45 92 * Find out if a set of login credentials are valid. Only supports 46 93 * htpasswd files with DES passwords right now. 47 94 * 48 * @access p rivate49 * 50 * @param string $user _id The user_idto check.51 * @param array $password The password to compare to user _id.95 * @access public 96 * 97 * @param string $username The username to check. 98 * @param array $password The password to compare to username. 52 99 * 53 100 * @return boolean Whether or not the credentials are valid. 54 101 */ 55 function authenticate($user _id, $password)56 { 57 if ( empty($password)) {58 App::logMsg(_("No password provided for htpasswd authentication."), LOG_ NOTICE, __FILE__, __LINE__);102 function authenticate($username, $password) 103 { 104 if ('' == trim($password)) { 105 App::logMsg(_("No password provided for htpasswd authentication."), LOG_INFO, __FILE__, __LINE__); 59 106 return false; 60 107 } 61 108 62 if ( empty($this->_users[$user_id])) {63 App::logMsg(_("User ID provided does not exist."), LOG_ NOTICE, __FILE__, __LINE__);109 if (!isset($this->_users[$username])) { 110 App::logMsg(_("User ID provided does not exist."), LOG_INFO, __FILE__, __LINE__); 64 111 return false; 65 112 } 66 113 67 $hash = $this->_encrypt($password, $this->_salt($user_id)); 68 if ($hash == $this->_users[$user_id]) { 114 if ($this->_encrypt($password, $password) == $this->_users[$username]) { 69 115 return true; 70 116 } else { 117 App::logMsg(sprintf('Authentication failed for user %s', $username), LOG_INFO, __FILE__, __LINE__); 71 118 return false; 72 119 } … … 76 123 * If user passes authentication create authenticated session. 77 124 * 78 * @access p rivate79 * 80 * @param string $user _id The user_idto check.81 * @param array $password The password to compare to user _id.125 * @access public 126 * 127 * @param string $username The username to check. 128 * @param array $password The password to compare to username. 82 129 * 83 130 * @return boolean Whether or not the credentials are valid. 84 131 */ 85 function login($user _id, $password)86 { 87 $user _id = trim($user_id);132 function login($username, $password) 133 { 134 $username = strtolower(trim($username)); 88 135 89 136 $this->clearAuth(); 90 137 91 if ($this->authenticate($user _id, $password)) {92 $_SESSION['_auth '] = array(138 if ($this->authenticate($username, $password)) { 139 $_SESSION['_auth_file'] = array( 93 140 'authenticated' => true, 94 'user_id' => $user_id, 95 'user_type' => 'admin', 96 'priv' => 'editor', 141 'username' => $username, 97 142 'login_datetime' => date('Y-m-d H:i:s'), 98 143 'last_access_datetime' => date('Y-m-d H:i:s'), … … 105 150 106 151 /** 107 * Clear any authentication tokens in the current session. A.K.A. logout.108 *109 * @access public110 */111 function clearAuth()112 {113 $_SESSION['_auth'] = array();114 $_SESSION['_auth']['authenticated'] = false;115 }116 117 /**118 152 * Test if user has a currently logged-in session. 119 153 * - authentication flag set to true 120 * - user _idnot empty154 * - username not empty 121 155 * - total logged-in time is not greater than login_timeout 122 156 * - idle time is not greater than idle_timeout … … 127 161 function isLoggedIn() 128 162 { 129 if (isset($_SESSION['_auth '])) {130 if (true === $_SESSION['_auth ']['authenticated']131 && !empty($_SESSION['_auth ']['user_id'])132 && strtotime($_SESSION['_auth ']['login_datetime']) > time() - $this->_params['login_timeout']133 && strtotime($_SESSION['_auth ']['last_access_datetime']) > time() - $this->_params['idle_timeout']134 && $_SESSION['_auth ']['remote_addr'] == getRemoteAddr()163 if (isset($_SESSION['_auth_file'])) { 164 if (true === $_SESSION['_auth_file']['authenticated'] 165 && !empty($_SESSION['_auth_file']['username']) 166 && strtotime($_SESSION['_auth_file']['login_datetime']) > time() - $this->_params['login_timeout'] 167 && strtotime($_SESSION['_auth_file']['last_access_datetime']) > time() - $this->_params['idle_timeout'] 168 && $_SESSION['_auth_file']['remote_addr'] == getRemoteAddr() 135 169 ) { 136 $_SESSION['_auth ']['last_access_datetime'] = date('Y-m-d H:i:s');170 $_SESSION['_auth_file']['last_access_datetime'] = date('Y-m-d H:i:s'); 137 171 return true; 138 } else if (true === $_SESSION['_auth ']['authenticated']) {172 } else if (true === $_SESSION['_auth_file']['authenticated']) { 139 173 App::raiseMsg(_("Your session has closed. You need to log-in again."), MSG_NOTICE, __FILE__, __LINE__); 140 174 $this->clearAuth(); … … 145 179 146 180 /** 147 * Test if user is of user_type 'admin'.148 *149 * @access public150 */151 function isAdmin()152 {153 if ($_SESSION['_auth']['user_type'] == 'admin') {154 return true;155 }156 return false;157 }158 159 /**160 * Redirect user to login page if they are not logged in.161 *162 * @access public163 */164 function requireAdminLogin()165 {166 if (!$this->isLoggedIn() || !$this->isAdmin()) {167 App::setBoomerangURL(absoluteMe());168 App::dieURL('/admin/login.php');169 }170 }171 172 /**173 181 * Hash a given password according to the configured encryption 174 182 * type. 175 183 * 176 * @param string $password The password to encrypt.177 * @param string $ salt The salt to use, if needed.184 * @param string $password The password to encrypt. 185 * @param string $encrypted_password The currently encrypted password to use as salt, if needed. 178 186 * 179 187 * @return string The hashed password. 180 188 */ 181 function _encrypt($password, $ salt=null)189 function _encrypt($password, $encrypted_password=null) 182 190 { 183 191 switch ($this->_params['encryption_type']) { 184 case 'des' : 185 if (isset($salt)) { 186 return crypt($password, $salt); 187 } else { 188 return crypt($password); 189 } 190 break; 192 case AUTH_ENCRYPT_PLAINTEXT : 193 return $password; 194 break; 195 196 case AUTH_ENCRYPT_SHA1 : 197 return sha1($password); 198 break; 199 200 case AUTH_ENCRYPT_MD5 : 201 return md5($password); 202 break; 203 204 case AUTH_ENCRYPT_CRYPT : 191 205 default : 192 App::logMsg('Encryption type not found.', LOG_ERR, __FILE__, __LINE__); 193 } 194 195 return false; 196 } 197 198 /** 199 * Get a salt for $user_id, or generate a new one. 200 * 201 * @return string The salt. 202 */ 203 function _salt($user_id) 204 { 205 switch ($this->_params['encryption_type']) { 206 case 'des': 207 if (!empty($this->_users[$user_id])) { 208 return substr($this->_users[$user_id], 0, 2); 209 } 210 break; 211 default : 212 App::logMsg('Encryption type not found.', LOG_ERR, __FILE__, __LINE__); 213 } 214 215 return ''; 216 } 217 218 } 206 return crypt($password, $encrypted_password); 207 break; 208 } 209 } 210 211 } // end class 219 212 ?>
Note: See TracChangeset
for help on using the changeset viewer.