|
|
|---|
| [ Index ] |
Source Code Reference for V1.00 |
[Summary view] [Print] [Text view]
1 <?php /* $Id: authenticator.class.php 38 2008-02-11 11:38:51Z pedroix $ $URL: https://web2project.svn.sourceforge.net/svnroot/web2project/trunk/classes/authenticator.class.php $ */ 2 if (!defined('W2P_BASE_DIR')) { 3 die('You should not access this file directly.'); 4 } 5 6 /* 7 * Authenticator Class 8 * 9 */ 10 11 function &getAuth($auth_mode) { 12 switch ($auth_mode) { 13 case 'ldap': 14 $auth = new LDAPAuthenticator(); 15 return $auth; 16 break; 17 case 'pn': 18 $auth = new PostNukeAuthenticator(); 19 return $auth; 20 break; 21 default: 22 $auth = new SQLAuthenticator(); 23 return $auth; 24 break; 25 } 26 } 27 28 /** 29 * PostNuke authentication has encoded information 30 * passed in on the login request. This needs to 31 * be extracted and verified. 32 */ 33 class PostNukeAuthenticator extends SQLAuthenticator { 34 35 function PostNukeAuthenticator() { 36 global $w2Pconfig; 37 $this->fallback = isset($w2Pconfig['postnuke_allow_login']) ? $w2Pconfig['postnuke_allow_login'] : false; 38 } 39 40 function authenticate($username, $password) { 41 global $db, $AppUI; 42 if (!isset($_REQUEST['userdata'])) { // fallback to SQL Authentication if PostNuke fails. 43 if ($this->fallback) { 44 return parent::authenticate($username, $password); 45 } else { 46 die($AppUI->_('You have not configured your PostNuke site correctly')); 47 } 48 } 49 50 if (!$compressed_data = base64_decode(urldecode($_REQUEST['userdata']))) { 51 die($AppUI->_('The credentials supplied were missing or corrupted') . ' (1)'); 52 } 53 if (!$userdata = gzuncompress($compressed_data)) { 54 die($AppUI->_('The credentials supplied were missing or corrupted') . ' (2)'); 55 } 56 if (!$_REQUEST['check'] = md5($userdata)) { 57 die($AppUI->_('The credentials supplied were issing or corrupted') . ' (3)'); 58 } 59 $user_data = unserialize($userdata); 60 61 // Now we need to check if the user already exists, if so we just 62 // update. If not we need to create a new user and add a default 63 // role. 64 $username = trim($user_data['login']); 65 $this->username = $username; 66 $names = explode(' ', trim($user_data['name'])); 67 $last_name = array_pop($names); 68 $first_name = implode(' ', $names); 69 $passwd = trim($user_data['passwd']); 70 $email = trim($user_data['email']); 71 72 $q = new DBQuery; 73 $q->addTable('users'); 74 $q->addQuery('user_id, user_password, user_contact'); 75 $q->addWhere('user_username = \'' . $username . '\''); 76 if (!$rs = $q->exec()) { 77 die($AppUI->_('Failed to get user details') . ' - error was ' . $db->ErrorMsg()); 78 } 79 if ($rs->RecordCount() < 1) { 80 $q->clear(); 81 $this->createsqluser($username, $passwd, $email, $first_name, $last_name); 82 } else { 83 if (!$row = $rs->FetchRow()) { 84 die($AppUI->_('Failed to retrieve user detail')); 85 } 86 // User exists, update the user details. 87 $this->user_id = $row['user_id']; 88 $q->clear(); 89 $q->addTable('users'); 90 $q->addUpdate('user_password', $passwd); 91 $q->addWhere('user_id = ' . $this->user_id); 92 if (!$q->exec()) { 93 die($AppUI->_('Could not update user credentials')); 94 } 95 $q->clear(); 96 $q->addTable('contacts'); 97 $q->addUpdate('contact_first_name', $first_name); 98 $q->addUpdate('contact_last_name', $last_name); 99 $q->addUpdate('contact_email', $email); 100 $q->addWhere('contact_id = ' . $row['user_contact']); 101 if (!$q->exec()) { 102 die($AppUI->_('Could not update user details')); 103 } 104 $q->clear(); 105 } 106 return true; 107 } 108 109 function createsqluser($username, $password, $email, $first, $last) { 110 global $db, $AppUI; 111 112 require_once ($AppUI->getModuleClass('contacts')); 113 114 $c = new CContact(); 115 $c->contact_first_name = $first; 116 $c->contact_last_name = $last; 117 $c->contact_email = $email; 118 $c->contact_order_by = $first . ' ' . $last; 119 120 $q = new DBQuery; 121 $q->insertObject('contacts', $c, 'contact_id'); 122 $q->clear(); 123 $contact_id = ($c->contact_id == null) ? 'NULL' : $c->contact_id; 124 if (!$c->contact_id) { 125 die($AppUI->_('Failed to create user details')); 126 } 127 128 $q = new DBQuery; 129 $q->addTable('users'); 130 $q->addInsert('user_username', $username); 131 $q->addInsert('user_password', $password); 132 $q->addInsert('user_type', '1'); 133 $q->addInsert('user_contact', $c->contact_id); 134 if (!$q->exec()) { 135 die($AppUI->_('Failed to create user credentials')); 136 } 137 $user_id = $db->Insert_ID(); 138 $this->user_id = $user_id; 139 $q->clear(); 140 141 $acl = &$AppUI->acl(); 142 $acl->insertUserRole($acl->get_group_id('anon'), $this->user_id); 143 } 144 } 145 146 class SQLAuthenticator { 147 var $user_id; 148 var $username; 149 150 function authenticate($username, $password) { 151 global $db, $AppUI; 152 153 $this->username = $username; 154 155 $q = new DBQuery; 156 $q->addTable('users'); 157 $q->addQuery('user_id, user_password'); 158 $q->addWhere('user_username = \'' . $username . '\''); 159 if (!$rs = $q->exec()) { 160 $q->clear(); 161 return false; 162 } 163 if (!$row = $q->fetchRow()) { 164 $q->clear(); 165 return false; 166 } 167 168 $this->user_id = $row['user_id']; 169 $q->clear(); 170 if (MD5($password) == $row['user_password']) { 171 return true; 172 } 173 return false; 174 } 175 176 function userId() { 177 return $this->user_id; 178 } 179 } 180 181 class LDAPAuthenticator extends SQLAuthenticator { 182 var $ldap_host; 183 var $ldap_port; 184 var $ldap_version; 185 var $base_dn; 186 var $ldap_search_user; 187 var $ldap_search_pass; 188 var $filter; 189 190 var $user_id; 191 var $username; 192 193 function LDAPAuthenticator() { 194 global $w2Pconfig; 195 196 $this->fallback = isset($w2Pconfig['ldap_allow_login']) ? $w2Pconfig['ldap_allow_login'] : false; 197 198 $this->ldap_host = $w2Pconfig['ldap_host']; 199 $this->ldap_port = $w2Pconfig['ldap_port']; 200 $this->ldap_version = $w2Pconfig['ldap_version']; 201 $this->base_dn = $w2Pconfig['ldap_base_dn']; 202 $this->ldap_search_user = $w2Pconfig['ldap_search_user']; 203 $this->ldap_search_pass = $w2Pconfig['ldap_search_pass']; 204 $this->filter = $w2Pconfig['ldap_user_filter']; 205 } 206 207 function authenticate($username, $password) { 208 global $w2Pconfig; 209 $this->username = $username; 210 211 if (strlen($password) == 0) { 212 return false; // LDAP will succeed binding with no password on AD (defaults to anon bind) 213 } 214 if ($this->fallback == true) { 215 if (parent::authenticate($username, $password)) 216 return true; 217 } 218 // Fallback SQL authentication fails, proceed with LDAP 219 220 if (!$rs = @ldap_connect($this->ldap_host, $this->ldap_port)) { 221 return false; 222 } 223 @ldap_set_option($rs, LDAP_OPT_PROTOCOL_VERSION, $this->ldap_version); 224 @ldap_set_option($rs, LDAP_OPT_REFERRALS, 0); 225 226 //$ldap_bind_dn = 'cn='.$this->ldap_search_user.','.$this->base_dn; 227 $ldap_bind_dn = empty($this->ldap_search_user) ? null : $this->ldap_search_user; 228 $ldap_bind_pw = empty($this->ldap_search_pass) ? null : $this->ldap_search_pass; 229 230 if (!$bindok = @ldap_bind($rs, $ldap_bind_dn, $this->ldap_search_pass)) { 231 // Uncomment for LDAP debugging 232 /* 233 $error_msg = ldap_error($rs); 234 die('Couldnt Bind Using '.$ldap_bind_dn.'@'.$this->ldap_host.':'.$this->ldap_port.' Because:'.$error_msg); 235 */ 236 return false; 237 } else { 238 $filter_r = html_entity_decode(str_replace('%USERNAME%', $username, $this->filter), ENT_COMPAT, 'UTF-8'); 239 $result = @ldap_search($rs, $this->base_dn, $filter_r); 240 if (!$result) { 241 return false; // ldap search returned nothing or error 242 } 243 244 $result_user = ldap_get_entries($rs, $result); 245 if ($result_user['count'] == 0) { 246 return false; // No users match the filter 247 } 248 249 $first_user = $result_user[0]; 250 $ldap_user_dn = $first_user['dn']; 251 252 // Bind with the dn of the user that matched our filter (only one user should match sAMAccountName or uid etc..) 253 254 if (!$bind_user = @ldap_bind($rs, $ldap_user_dn, $password)) { 255 /* 256 $error_msg = ldap_error($rs); 257 die('Couldnt Bind Using '.$ldap_user_dn.'@'.$this->ldap_host.':'.$this->ldap_port.' Because:'.$error_msg); 258 */ 259 return false; 260 } else { 261 if ($this->userExists($username)) { 262 return true; 263 } else { 264 $this->createsqluser($username, $password, $first_user); 265 } 266 return true; 267 } 268 } 269 } 270 271 function userExists($username) { 272 global $db; 273 $q = new DBQuery; 274 $result = false; 275 $q->addTable('users'); 276 $q->addWhere('user_username = \'' . $username . '\''); 277 $rs = $q->exec(); 278 if ($rs->RecordCount() > 0) { 279 $result = true; 280 } 281 $q->clear(); 282 return $result; 283 } 284 285 function userId($username) { 286 global $db; 287 $q = new DBQuery; 288 $q->addTable('users'); 289 $q->addWhere('user_username = \'' . $username . '\''); 290 $rs = $q->exec(); 291 $row = $rs->FetchRow(); 292 $q->clear(); 293 return $row['user_id']; 294 } 295 296 function createsqluser($username, $password, $ldap_attribs = array()) { 297 global $db, $AppUI; 298 $hash_pass = MD5($password); 299 300 require_once ($AppUI->getModuleClass('contacts')); 301 302 if (!count($ldap_attribs) == 0) { 303 // Contact information based on the inetOrgPerson class schema 304 $c = new CContact(); 305 $c->contact_first_name = $ldap_attribs['givenname'][0]; 306 $c->contact_last_name = $ldap_attribs['sn'][0]; 307 $c->contact_email = $ldap_attribs['mail'][0]; 308 $c->contact_phone = $ldap_attribs['telephonenumber'][0]; 309 $c->contact_mobile = $ldap_attribs['mobile'][0]; 310 $c->contact_city = $ldap_attribs['l'][0]; 311 $c->contact_country = $ldap_attribs['country'][0]; 312 $c->contact_state = $ldap_attribs['st'][0]; 313 $c->contact_zip = $ldap_attribs['postalcode'][0]; 314 $c->contact_job = $ldap_attribs['title'][0]; 315 316 //print_r($c); die(); 317 $q = new DBQuery; 318 $q->insertObject('contacts', $c, 'contact_id'); 319 $q->clear(); 320 } 321 $contact_id = ($c->contact_id == null) ? 'NULL' : $c->contact_id; 322 323 $q = new DBQuery; 324 $q->addTable('users'); 325 $q->addInsert('user_username', $username); 326 $q->addInsert('user_password', $hash_pass); 327 $q->addInsert('user_type', '1'); 328 $q->addInsert('user_contact', $c->contact_id); 329 $q->exec(); 330 $user_id = $db->Insert_ID(); 331 $this->user_id = $user_id; 332 $q->clear(); 333 334 $acl = &$AppUI->acl(); 335 $acl->insertUserRole($acl->get_group_id('anon'), $this->user_id); 336 } 337 338 } 339 340 341 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Sat Jul 17 03:00:04 2010 | Cross-referenced by PHPXref 0.7 |