]>
Commit | Line | Data |
---|---|---|
a5eae6b7 MR |
1 | <?php |
2 | /* $Id$ */ | |
3 | require_once 'config.inc.php'; | |
4 | require_once 'persistens.php'; | |
5 | require_once 'helper.php'; | |
6 | ||
7 | class Authenticate { | |
8 | ||
9 | private $valid_user; | |
10 | private $settings; | |
11 | private $db; | |
12 | private $secKey; | |
13 | private $pubKey; | |
14 | private $ldap; | |
15 | ||
16 | public function __construct($db) { | |
17 | $this->valid_user = FALSE; | |
18 | $this->settings = array(); | |
19 | $this->db = $db; | |
20 | $this->secKey = NULL; | |
21 | $this->pubKey = NULL; | |
22 | $this->ldap = NULL; | |
23 | } | |
24 | ||
25 | public function login($uid, $pwd) { | |
26 | $con = Persistens::getInstance($this->db); | |
27 | if ($this->useLDAP() && $uid != 'admin') { | |
28 | if ($this->authLDAP($uid, $pwd)) { | |
29 | // check user exists. Internal password sha1 hash of uid | |
30 | $pwd = sha1($uid); | |
31 | //echo "$uid:$pwd<br/>"; | |
32 | //exit; | |
33 | $settings = array_change_key_case( | |
34 | $con->authenticate($uid, $pwd)); | |
35 | //print_r($settings); | |
36 | //exit; | |
37 | if (is_array($settings) && count($settings) > 0) { | |
38 | // user found | |
39 | $this->valid_user = TRUE; | |
40 | } | |
41 | else if (is_array($settings) && count($settings) == 0) { | |
42 | // User not found | |
43 | if ($con->getRole($uid)) { | |
44 | // A user with this uid exists. We cannot create | |
45 | $this->valid_user = FALSE; | |
46 | if (session_id()) | |
47 | session_destroy(); | |
48 | header('Location: ' . WEB_ROOT . 'user_exist_error.php'); | |
49 | exit; | |
50 | } | |
51 | else { | |
52 | // User does not exist so create a normal user | |
53 | $data = create_user_data($uid, $pwd, 2); | |
54 | if ($con->newUser($data) === FALSE) { | |
55 | $this->valid_user = FALSE; | |
56 | if (session_id()) | |
57 | session_destroy(); | |
58 | header('Location: ' . WEB_ROOT . 'error.html'); | |
59 | exit; | |
60 | } | |
61 | $settings = array_change_key_case( | |
62 | $con->authenticate($uid, $pwd)); | |
63 | if (count($settings) == 0) { | |
64 | $this->valid_user = FALSE; | |
65 | } | |
66 | else { | |
67 | $this->valid_user = TRUE; | |
68 | } | |
69 | } | |
70 | } | |
71 | else { | |
72 | $this->valid_user = FALSE; | |
73 | if (session_id()) | |
74 | session_destroy(); | |
75 | header('Location: ' . WEB_ROOT . 'error.html'); | |
76 | exit; | |
77 | } | |
78 | } | |
79 | else { | |
80 | $this->valid_user = FALSE; | |
81 | } | |
82 | } | |
83 | else { | |
84 | $settings = array_change_key_case( | |
85 | $con->authenticate($uid, $pwd)); | |
86 | if (count($settings) == 0) { | |
87 | $this->valid_user = FALSE; | |
88 | } | |
89 | else { | |
90 | $this->valid_user = TRUE; | |
91 | } | |
92 | } | |
93 | if ($this->valid_user == TRUE) { | |
94 | $setting = array(); | |
95 | $this->settings = array(); | |
96 | foreach ($settings as $row) { | |
97 | $this->secKey = $row['seckey']; | |
98 | $this->pubKey = $row['pubkey']; | |
99 | foreach ($row as $key => $val) { | |
100 | if ($key != 'seckey' || $key != 'pubkey') | |
101 | $setting[$key] = $val; | |
102 | } | |
103 | array_push($this->settings, $setting); | |
104 | } | |
105 | } | |
106 | } | |
107 | ||
108 | public function logout() { | |
109 | $this->valid_user = false; | |
110 | $this->key = NULL; | |
111 | } | |
112 | ||
113 | public function validUser() { | |
114 | return $this->valid_user; | |
115 | } | |
116 | ||
117 | public function getSettings() { | |
118 | return $this->settings; | |
119 | } | |
120 | ||
121 | public function getSecretKey() { | |
122 | return $this->secKey; | |
123 | } | |
124 | ||
125 | public function getPublicKey() { | |
126 | return $this->pubKey; | |
127 | } | |
128 | ||
129 | private function useLDAP() { | |
130 | $con = Persistens::getInstance($this->db); | |
131 | $version = $con->getVersion(); | |
132 | $version = string2int($version['version']); | |
133 | //print_r($version); | |
134 | if ($version < 175) { | |
135 | // no LDAP before 0.7.5 | |
136 | return FALSE; | |
137 | } | |
138 | $this->ldap = $con->getLdapConfig(); | |
139 | if (! is_array($this->ldap) && $this->ldap) { | |
140 | $this->ldap = NULL; | |
141 | if (session_id()) | |
142 | session_destroy(); | |
143 | header('Location: ' . WEB_ROOT . 'error.html'); | |
144 | exit; | |
145 | } | |
146 | ||
147 | return ($this->ldap && $this->ldap['enable'] !== 0); | |
148 | } | |
149 | ||
150 | private function authLDAP($uid, $pwd) { | |
151 | $res = false; | |
152 | $ver = 3; | |
153 | ||
154 | // ldap_bind always accepts login if password is empty since and | |
155 | // empty password will be considered a try to make an anonymous login | |
156 | if ($this->ldap && $uid && $pwd && !empty($pwd)) { | |
157 | $dns = $this->ldap['dns']; | |
158 | $dn = $this->ldap['user_attr'] . "=$uid," . $this->ldap['base_dn']; | |
159 | $lc = ldap_connect($dns); | |
160 | if ($lc) { | |
161 | if (ldap_set_option($lc, LDAP_OPT_PROTOCOL_VERSION, 3) === false) { | |
162 | if (ldap_set_option($lc, LDAP_OPT_PROTOCOL_VERSION, 2) === FALSE) | |
163 | return $res; | |
164 | $ver = 2; | |
165 | } | |
166 | if ($this->ldap['tls']) { | |
167 | if ($ver < 3) | |
168 | return $res; | |
169 | if (ldap_start_tls($lc) === false) | |
170 | return $res; | |
171 | } | |
172 | //echo "$ver: $dn\n"; | |
173 | if (@ldap_bind($lc, $dn, $pwd)) | |
174 | $res = true; | |
175 | ldap_close($lc); | |
176 | } | |
177 | } | |
178 | return $res; | |
179 | } | |
180 | } |