|
From: Joe S. <joe...@us...> - 2004-09-15 23:36:40
|
Update of /cvsroot/phpslash/phpslash-dev/include/modules/auth In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv14210/phpslash-dev/include/modules/auth Added Files: slashAuth.class Removed Files: slashAuthCR.class Log Message: removed classes that already had been moved to module directories. moved Infolog and slashAuth to module directories. --- NEW FILE: slashAuth.class --- <?php /* $Id: slashAuth.class,v 1.1 2004/09/15 23:36:29 joestewart Exp $ * * Provides the authorization functions of PHPSlash * * Extends the phplib auth class. * * Quoting the phplib local.inc * * "A variation of Auth which uses a Challenge-Response * Authentication. The password never crosses the net in clear, * if the remote system supports JavaScript. Please read the * Documentation section about CR Authentication to understand * what is going on." * * NOTE: This class does NOT use the PSL page layout engine */ class slashAuth_base extends Auth { var $classname = "slashAuth"; // For object health var $lifetime = 15; var $database_class = "slashDB"; var $database_table = "auth_user"; var $magic = "monkeyisnotanape"; var $nobody = true; var $cancel_login = "cancel"; var $mode = "log"; var $psl; var $sess; /** * customizes class names and loads the class definitions * * @param string classnames (as many as you want) * @return void */ function loadClasses() { $arr = func_get_args(); foreach($arr as $class) { $this->$class = pslGetClass($this->$class); loadClass($this->$class); } } /** * functions as a class constructor. * Called from page_open. * * @return void */ function start() { global $_PSL, $sess; $this->psl = &$_PSL; $this->sess = &$sess; // If the magic word is defined in the config file - use it. if(!empty($_PSL['magic'])) { $this->magic = $_PSL['magic']; } AddClassRequirement("author",$_PSL['moduledir'] ."/". $_PSL['module']['Author'] ."/Author.class"); $this->loadClasses("database_class"); // setup registration mode or login only if (!empty($_GET['mode']) && $_GET['mode']=='reg') { if( !empty($_PSL['auth.mode'])) { $this->mode = $_PSL['auth.mode']; } else { $this->mode='reg'; } } else { $this->mode='log'; } // use preferences if(!empty($this->auth['preferences'])) { $this->use_preferences(); } // call underlying phplib auth Auth::start(); } /** * auth_loginform - displays the login form * * @todo: Move to Block_render_login * * @return void */ function auth_loginform() { global $challenge, $sess, $saved_get, $saved_post; // preserve the POST variable through the login process $saved_post = $_POST; $saved_get = $_GET; $sess->register("saved_post"); $sess->register("saved_get"); // generate a challenge word if needed. if (empty($challenge)) { $challenge = md5(uniqid($this->magic)); $sess->register("challenge"); } // create the template object $templ = pslNew("slashTemplate"); $templ->set_file(array( 'form' => 'loginformCR.tpl', 'index' => 'index1col.tpl' )); $templ->set_var( array( // 'ACTION_URL' => $this->psl['rooturl'] . "/login.php", 'ACTION_URL' => $this->psl['phpself'], 'PHP_SELF' => $this->psl['phpself'], 'ROOTURL' => $this->psl['rooturl'], 'CHALLENGE' => $challenge )); // Display the previously used name in the form field if (isset($this->auth["uname"]) && $this->auth["uname"] != "nobody") { $templ->set_var('USERNAME', htmlentities($this->auth["uname"])); } else { $templ->set_var('USERNAME', ""); // $this->auth["error"] = ""; } // Display message string if present if (isset($this->auth["error"])) { $templ->set_var('ERROR', $this->auth["error"]); } else { $templ->set_var('ERROR', ""); } // Link to registration screen if enabled $templ->set_block("form","reg_block","regblock"); if( $this->psl['auth.mode'] == "reg") { $templ->parse("regblock", "reg_block", true); } AddClassRequirement("navbar",$this->psl['moduledir'] ."/". $this->psl['module']['NavBar'] ."/NavBar.class"); $navbar = pslNew("NavBar"); // display $templ->set_var(array( 'TOP' => getHeader('Login', 'Login') . $navbar->getNavBar('navbarBlockh'), 'CENTER_BLOCK_COLUMN' => $templ->parse('form','form'), 'BOTTOM' => getFooter() )); $templ->pparse('OUT','index'); } /** * auth_preauth - allow for auto login or preference loading. * * @return int */ function auth_preauth() { global $sess; // debug("auth", "preauth"); // The preauth cookie is called 'user_info' if( !empty($_COOKIE['user_info'])){ // generate the challenge we expect $cookie_challenge = md5($this->magic .":". $this->psl['basedir']); // decode the cookie data into an array $cookie_ary = unserialize(base64_decode($_COOKIE['user_info'])); # assume the check is gonna fail $uid = false; $user_info = $this->get_psluser_info($cookie_ary[1]); $is_user = $this->psl_preauth($user_info['author_name'], $user_info['password'], $user_info); // if the user is not found - apply any preferences if ($is_user == false) { if(!empty($cookie_ary['preferences'])) { $this->auth['preferences'] = $cookie_ary['preferences']; // use preferences $this->use_preferences(); } return false; } // user found - now check for correct data $this->auth["uname"] = $user_info["author_name"]; $this->auth["dname"] = $user_info["author_realname"]; $temparray=unserialize($user_info['author_options']); $md5_pw = $user_info['password']; // this is the raw MD5ed user/pass combo $expected_response = md5("$md5_pw:$cookie_challenge"); // compare the response given in the cookie to expected response if( $expected_response == $cookie_ary[0]) { // preauth successful // debug("preauth", "successful"); $this->auth["url"] = $user_info["url"]; $uid = $user_info["author_id"]; $this->auth["perm"] = $this->get_userperms($uid); // use preferences if(!empty($temparray['preferences'])){ $this->auth['preferences'] = $temparray['preferences']; $this->use_preferences(); } // expire cache for this session if(function_exists('jpcache_gc')) { jpcache_gc('string', "-slashSess-" . $sess->id, "100"); } // success is signalled by returning the user's id. return $uid; } else { // preauth failed // debug("preauth", "failed"); return false; } } else if ($this->nobody) { // no user_info cookie // if public access allowed apply the data for user named 'nobody' $arg_ary['author_name'] = 'nobody'; $author_ary = $this->load_user_info($arg_ary); $this->auth['preferences'] = ''; // get rid of session variables and use the db author record. $this->clear_session_vars(); // expire cache for this session if(function_exists('jpcache_gc')) { jpcache_gc('string', "-slashSess-" . $sess->id, "100"); } // return the id for user 'nobody' return $author_ary['author_id']; } } /** * auth_validatelogin - process the login form. * * @return int */ function auth_validatelogin() { global $saved_get, $saved_post, $challenge, $sess; // If no POST variables this must be an error or user // abandoned a login form to return to a public area of site if(empty($_POST)) { // This will happen when abandoning a login form // need to load the data for the 'nobody' user. if(!empty($this->auth['uid']) && ($this->auth['uid'] == 'nobody' || $this->auth['uid'] == 'form')){ $arg_ary['author_name'] = 'nobody'; $author_ary = $this->load_user_info($arg_ary); return $author_ary['author_id']; } return false; } $setcookie = ''; $lostpw = ''; // set form entries to local variables $username = $_POST['username']; $password = ''; if(array_key_exists('password', $_POST)) { $password = $_POST['password']; } // $challenge = $_POST['challenge']; // use session variable $response = $_POST['response']; if(!empty($_POST['setcookie'])) { $setcookie = $_POST['setcookie']; } if(!empty($_POST['lostpw'])) { $lostpw = $_POST['lostpw']; } // missing challenge - shouldn't happen if(empty($_POST['challenge'])) { // $this->auth["error"] = "debug only - missing challenge"; return false; } // old loginforms expire - prevents hitting "back" or // "refresh" to login if($challenge != $_POST['challenge']) { // $this->auth["error"] = "debug only - wrong challenge"; return false; } // the login form will save the username if(isset($username)) { $this->auth["uname"] = $username; } else if ($this->nobody) { // provides for "default login cancel" $arg_ary['author_name'] = 'nobody'; $author_ary = $this->load_user_info($arg_ary); return $author_ary['author_id']; } // check for missing name or other shenanigans if ($username == "" || strstr($username,"'")) { // spit out empty login form $this->auth["error"] = pslgetText("Either your username or password are invalid. Please try again."); return false; } // If the "Lost password" reminder is checked - call the // method in Author class. if( $lostpw) { $author = pslNew("Author"); $ary['username'] = $username; $success = $author->lostpw($ary); $this->auth["error"] = $author->message; return false; } // assume the check is gonna fail $uid = false; $user_info = $this->get_psluser_info($username); // username not found - return failure if ($user_info == false) { return false; } // username found $uid = $user_info["author_id"]; $this->auth["uid"] = $user_info["author_id"]; $this->auth["uname"] = $user_info["author_name"]; $this->auth["dname"] = $user_info["author_realname"]; $this->auth["url"] = $user_info["url"]; // auth type specific validation // psl built in Challenge Response // other auth methods can return true or false for validation results $is_user = $this->psl_validate($username, $password, $response, $user_info); // Drop password for safety $password=''; $_POST['password'] = ''; if ($is_user == false) { // failed - return with error message $this->auth["error"] = pslgetText("Either your username or password are invalid. Please try again."); return false; } else { // success - authenticated // set Remember Me cookie if(!empty($setcookie)){ $this->set_preauth_cookie($user_info); } // apply user's preferences $temparray=unserialize($user_info['author_options']); if(!empty($temparray['preferences'])){ $this->auth['preferences'] = $temparray['preferences']; $this->use_preferences(); } // load the user's permissions/group membership $this->auth["perm"] = $this->get_userperms( $uid); // successful - no errors $this->auth["error"] = ""; // restore saved POST variables $_GET = $saved_get; $_POST = $saved_post; // clear the session variables $saved_get = ''; $saved_post = ''; $challenge = ''; // get rid of session variables and use the db author record. $this->clear_session_vars(); // expire cache for this session if(function_exists('jpcache_gc')) { jpcache_gc('string', "-slashSess-" . $sess->id, "100"); } // signal success by returning user id return $uid; } $this->auth["error"] = pslgetText("Either your username or password are invalid. Please try again."); return false; } /** * auth_registerform - displays the registration form. * * @todo Move to new class: Block_render_registerform * * @return void */ function auth_registerform() { global $sess; // create the template object $templ = pslNew("slashTemplate"); $templ->set_file(array( form => "registerform.tpl" )); // Fill out any fields already saved $templ->set_var(ACTION_URL,$this->psl['rooturl']."/login.php?mode=reg"); $templ->set_var(PHP_SELF,$this->psl[phpself]); if (isset($this->auth["uname"])) { $templ->set_var(USERNAME,$this->auth['uname']); } else { $templ->set_var(USERNAME,""); $this->auth["error"] = ""; } if (isset($this->auth["email"])) { $templ->set_var(EMAIL,$this->auth["email"]); } else { $templ->set_var(EMAIL,""); } if (isset($this->auth["realname"])) { $templ->set_var(REALNAME,$this->auth["realname"]); } else { $templ->set_var(REALNAME,""); } if (isset($this->auth["url"])) { $templ->set_var(URL,$this->auth["url"]); } else { $templ->set_var(URL,""); } if (isset($this->auth["quote"])) { $templ->set_var(QUOTE,$this->auth["quote"]); } else { $templ->set_var(QUOTE,""); } if (isset($this->auth["seclev"])) { $templ->set_var(SECLEV,$this->auth["seclev"]); } else { $templ->set_var(SECLEV,""); } if (isset($this->auth["error"])) { $templ->set_var(ERROR,$this->auth["error"]); } else { $templ->set_var(ERROR,""); } // display the form // - see auth_loginform for an example of how to make the screen look more consistent echo getHeader("Register", "Register"); AddClassRequirement("navbar",$this->psl['moduledir'] ."/". $this->psl['module']['NavBar'] ."/NavBar.class"); $navbar = pslNew("NavBar"); echo $navbar->getNavBar(); $templ->pparse(OUT,"form"); echo getFooter(); } /** * auth_doregister - validate the registration. * * @return void */ function auth_doregister() { global $challenge, $response; // if no POST variables, this must be an error if(empty($_POST)) { return false; } // save the entered data - to display the form again with data $this->auth["uname"] = $username = $_POST['username']; $this->auth["realname"] = $realname = $_POST['realname']; $this->auth["email"] = $email = $_POST['email']; $this->auth["url"] = $url = $_POST['url']; $this->auth["quote"] = $quote = $_POST['quote']; $this->auth["seclev"] = $seclev = $_POST['seclev']; // password is not saved in the session $pass1 = $_POST['pass1']; $pass2 = $_POST['pass2']; // if form empty - complain if ($username == "" || $pass1 == ""){ $this->auth["error"] = pslgetText("Username or password missing. Please try again."); return false; } // Check the passwords for validity. if ($pass1 != $pass2) { $this->auth["error"] = pslgetText("Password and repeated password do not match. Please try again."); return false; } if (($pass1 == "") OR ($pass2 == "")) { $this->auth["error"] = pslgetText("Please enter your password."); return false; } // assume the check is gonna fail $uid = false; $user_info = $this->get_psluser_info($username); if($user_info) { // If user is present and password matches, silently log // the user in. $md5_pw = md5($username .":". $pass1); if($this->psl_validate($username, $md5_pw, '', $user_info)) { // if ($user_info["password"] == $md5_pw) { $uid = $user_info["author_id"]; $this->auth["uid"] = $user_info['author_id']; $this->auth["uname"] = $user_info['author_name']; // $this->auth["perm"] = $user_info['perms']; $this->auth["email"] = $user_info['email']; $this->auth["realname"] = $user_info['realname']; // $this->auth["perm"] = $this->get_userperms($uid); return $uid; } // If user is present and password does not match, // complain and fail. $this->auth["error"] = pslgetText("This username is already taken. Please choose a different one."); return false; } // add new user $author = pslNew("Author"); $ary["author_name"] = $username; $ary["password"] = $pass1; $ary["email"] = $email; $ary["url"] = $url; $ary["quote"] = $quote; $ary["author_realname"] = $realname; $ary["seclev"] = $seclev; // temporary kludge to fix registration $perm_ary['nobody'] = 20; $perm_ary['user'] = 21; $ary["permission"] = $perm_ary; // use Author.class saveAuthor for account creation if ($author->saveAuthor($ary)) { // successful account creation // attempt to log in the new user // $password = $pass1; $_POST['username'] = $username; $_POST['password'] = $pass1; // $_POST['challenge'] = md5(uniqid($this->magic)); $_POST['challenge'] = $challenge; $_POST['response'] = ''; // debug("username", $username); // debug("pass1", $pass1); $uid = $this->auth_validatelogin(); if( $uid == false) { $this->auth["error"] = pslgetText("Account created, but validation failed"); } return $uid; } else { // account creation failed $this->auth["error"] = pslgetText("User Registration failed"); return false; } } /** * get_userperms - return an array of the user's group memberships. * * @return array */ function get_userperms($uid) { /* * Get the group perms's for this author into an array */ $q = "SELECT psl_permission.permission_name, psl_group.group_name, psl_group.group_id FROM psl_group, psl_author_group_lut, psl_group_permission_lut, psl_permission WHERE psl_group.group_id = psl_author_group_lut.group_id AND psl_group.group_id = psl_group_permission_lut.group_id AND psl_group_permission_lut.permission_id = psl_permission.permission_id AND psl_author_group_lut.author_id = '$uid' "; // debug("q", $q); $this->db->query($q); while ($this->db->next_record()) { $group_id = $this->db->Record['group_id']; // Load the group and its permissions $this->auth['perm'][$this->db->Record['group_name']][$this->db->Record['permission_name']] = true; // get the available sections for this group $q = "SELECT section_id FROM psl_group_section_lut WHERE group_id = '$group_id' "; $db2 = pslNew("slashDB"); $db2->query($q); while ($db2->next_record()) { $section_perm = "section_id". $db2->Record['section_id']; $this->auth["perm"][$this->db->Record['group_name']][$section_perm] = true; } } /* * Get the group->group perm's for this author into an array */ // first get all the group names in an array $q = "SELECT group_name, group_id FROM psl_group "; // debug("q", $q); $this->db->query($q); while ($this->db->next_record()) { $groups_ary[$this->db->Record['group_id']] = $this->db->Record['group_name']; } // get the group of groups for this user $q = "SELECT psl_group_group_lut.group_id, psl_group_group_lut.childgroup_id FROM psl_author_group_lut, psl_group_group_lut WHERE psl_group_group_lut.group_id = psl_author_group_lut.group_id AND psl_author_group_lut.author_id = '$uid' "; // debug("q", $q); $this->db->query($q); while ($this->db->next_record()) { $group_id = $this->db->Record['group_id']; $childgroup_id = $this->db->Record['childgroup_id']; $group_name = $groups_ary[$group_id]; $childgroup_name = ''; if(!empty($groups_ary[$childgroup_id])) { $childgroup_name = $groups_ary[$childgroup_id]; } if(empty($this->auth['perm'])) { $this->auth['perm'] = array(); } if( array_key_exists($childgroup_name, $this->auth['perm'])) { // We already know the perms for this group $this->auth['perm'][$group_name][$childgroup_name] = $this->auth['perm'][$childgroup_name]; } else { // We don't have the perms for this group so - // query to get group perms $q = "SELECT psl_permission.permission_name FROM psl_group_permission_lut, psl_permission WHERE psl_group_permission_lut.permission_id = psl_permission.permission_id AND psl_group_permission_lut.group_id = '$childgroup_id' "; // debug("q", $q); $db2 = pslNew("slashDB"); $db2->query($q); while ($db2->next_record()) { $this->auth['perm'][$group_name][$childgroup_name][$db2->Record['permission_name']] = true; // get the available sections for this group $q = "SELECT section_id FROM psl_group_section_lut WHERE group_id = '$childgroup_id' "; $db3 = pslNew("slashDB"); $db3->query($q); while ($db3->next_record()) { $section_perm = "section_id". $db3->Record['section_id']; $this->auth["perm"][$group_name][$childgroup_name][$section_perm] = true; } } } // endif } //end while return $this->auth['perm']; } // end of function get_userperms() function clear_session_vars() { $this->clear_session_var("comment_name"); $this->clear_session_var("comment_email"); $this->clear_session_var("comment_url"); } function clear_session_var($var) { if($this->sess->is_registered($var)) { $this->sess->unregister($var); $_SESSION[$var] = null; unset($GLOBALS[$var]); } } function use_preferences() { // use language preference if(isset($this->auth['preferences']['lang'])) { $this->psl['languagefile'] = setLang($this->auth['preferences']['lang']); $this->psl['templatedir'] = setLangTpl($this->auth['preferences']['lang']); } // use skin preference if ((isset($this->auth['preferences']['skin'])) && ($this->psl['defaultskin'] != $this->auth['preferences']['skin'])){ $this->psl['templatedir'] = setSkinTpl($this->auth['preferences']['skin'],"userpref"); } } function load_user_info($arg_ary) { loadClass('Author'); $author_ary = Author::getAuthor($arg_ary); $this->auth["perm"] = $this->get_userperms($author_ary['author_id']); $this->auth["dname"] = $author_ary['author_realname']; $this->auth["uname"] = $author_ary['author_name']; $this->auth["email"] = $author_ary['email']; $this->auth["url"] = $author_ary['url']; return $author_ary; } function get_psluser_info($username) { $info = false; $q = "SELECT * FROM psl_author WHERE author_name = '$username' "; $this->db->query($q); if($this->db->next_record()) { $info = $this->db->Record; } return $info; } function set_preauth_cookie($user_info) { // set preauth cookie so the user won't have // to log in again $cookie_challenge = md5($this->magic .":". $this->psl['basedir']); $md5_pw = $user_info['password']; // this is the raw MD5ed user/pass combo $cookie_response = md5("$md5_pw:$cookie_challenge"); $cookie_ary[] = $cookie_response; $cookie_ary[] = $this->auth['uname']; $cookie_ary[] = $cookie_challenge; // strip the rooturl down to its path for the cookie path. $rooturl_ary = parse_url($this->psl['rooturl']); setcookie( 'user_info', base64_encode(serialize($cookie_ary)), time()+31536000,$rooturl_ary['path'] , "" , ""); } // dummy method to be overridden in child class function psl_validate($username, $password, $response, $user_info) { return false; } // dummy method to be overridden in child class function psl_preauth($username, $password, $user_info) { return false; } } ?> --- slashAuthCR.class DELETED --- |
