utils/authenticate.php

   1 <?php
   2 /* $Id$ */
   3 require_once 'config.inc.php';
   4 require_once 'persistens.php';
   5 require_once 'helper.php';
   6
   7 class Authenticate {
   8
   9     private $valid_user;
  10     private $settings;
  11     private $db;
  12     private $secKey;
  13     private $pubKey;
  14     private $ldap;
  15
  16     public function __construct($db) {
  17         $this->valid_user = FALSE;
  18         $this->settings = array();
  19         $this->db = $db;
  20         $this->secKey = NULL;
  21         $this->pubKey = NULL;
  22         $this->ldap = NULL;
  23     }
  24
  25     public function login($uid, $pwd) {
  26         $con = Persistens::getInstance($this->db);
  27         if ($this->useLDAP() && $uid != 'admin') {
  28             if ($this->authLDAP($uid, $pwd)) {
  29                 // check user exists. Internal password sha1 hash of uid
  30                 $pwd = sha1($uid);
  31                 //echo "$uid:$pwd<br/>";
  32                 //exit;
  33                 $settings = array_change_key_case(
  34                         $con->authenticate($uid, $pwd));
  35                 //print_r($settings);
  36                 //exit;
  37                 if (is_array($settings) && count($settings) > 0) {
  38                     // user found
  39                     $this->valid_user = TRUE;
  40                 }
  41                 else if (is_array($settings) && count($settings) == 0) {
  42                     // User not found
  43                     if ($con->getRole($uid)) {
  44                         // A user with this uid exists. We cannot create
  45                         $this->valid_user = FALSE;
  46                         if (session_id())
  47                             session_destroy();
  48                         header('Location: ' . WEB_ROOT . 'user_exist_error.php');
  49                         exit;
  50                     }
  51                     else {
  52                         // User does not exist so create a normal user
  53                         $data = create_user_data($uid, $pwd, 2);
  54                         if ($con->newUser($data) === FALSE) {
  55                             $this->valid_user = FALSE;
  56                             if (session_id())
  57                                 session_destroy();
  58                             header('Location: ' . WEB_ROOT . 'error.html');
  59                             exit;
  60                         }
  61                         $settings = array_change_key_case(
  62                                 $con->authenticate($uid, $pwd));
  63                         if (count($settings) == 0) {
  64                             $this->valid_user = FALSE;
  65                         }
  66                         else {
  67                             $this->valid_user = TRUE;
  68                         }
  69                     }
  70                 }
  71                 else {
  72                     $this->valid_user = FALSE;
  73                     if (session_id())
  74                         session_destroy();
  75                     header('Location: ' . WEB_ROOT . 'error.html');
  76                     exit;
  77                 }
  78             }
  79             else {
  80                 $this->valid_user = FALSE;
  81             }
  82         }
  83         else {
  84             $settings = array_change_key_case(
  85                     $con->authenticate($uid, $pwd));
  86             if (count($settings) == 0) {
  87                 $this->valid_user = FALSE;
  88             }
  89             else {
  90                 $this->valid_user = TRUE;
  91             }
  92         }
  93         if ($this->valid_user == TRUE) {
  94             $setting = array();
  95             $this->settings = array();
  96             foreach ($settings as $row) {
  97                 $this->secKey = $row['seckey'];
  98                 $this->pubKey = $row['pubkey'];
  99                 foreach ($row as $key => $val) {
 100                     if ($key != 'seckey' || $key != 'pubkey')
 101                         $setting[$key] = $val;
 102                 }
 103                 array_push($this->settings, $setting);
 104             }
 105         }
 106     }
 107
 108     public function logout() {
 109         $this->valid_user = false;
 110         $this->key = NULL;
 111     }
 112
 113     public function validUser() {
 114         return $this->valid_user;
 115     }
 116
 117     public function getSettings() {
 118         return $this->settings;
 119     }
 120
 121     public function getSecretKey() {
 122         return $this->secKey;
 123     }
 124
 125     public function getPublicKey() {
 126         return $this->pubKey;
 127     }
 128
 129     private function useLDAP() {
 130         $con = Persistens::getInstance($this->db);
 131         $version = $con->getVersion();
 132         $version = string2int($version['version']);
 133         //print_r($version);
 134         if ($version < 175) {
 135             // no LDAP before 0.7.5
 136             return FALSE;
 137         }
 138         $this->ldap = $con->getLdapConfig();
 139             if (! is_array($this->ldap) && $this->ldap) {
 140             $this->ldap = NULL;
 141             if (session_id())
 142                 session_destroy();
 143             header('Location: ' . WEB_ROOT . 'error.html');
 144             exit;
 145         }
 146
 147             return ($this->ldap && $this->ldap['enable'] !== 0);
 148     }
 149
 150     private function authLDAP($uid, $pwd) {
 151         $res = false;
 152         $ver = 3;
 153
 154         // ldap_bind always accepts login if password is empty since and
 155         // empty password will be considered a try to make an anonymous login
 156         if ($this->ldap && $uid && $pwd && !empty($pwd)) {
 157             $dns = $this->ldap['dns'];
 158             $dn = $this->ldap['user_attr'] . "=$uid," . $this->ldap['base_dn'];
 159             $lc = ldap_connect($dns);
 160             if ($lc) {
 161                 if (ldap_set_option($lc, LDAP_OPT_PROTOCOL_VERSION, 3) === false) {
 162                     if (ldap_set_option($lc, LDAP_OPT_PROTOCOL_VERSION, 2) === FALSE)
 163                         return $res;
 164                     $ver = 2;
 165                 }
 166                 if ($this->ldap['tls']) {
 167                     if ($ver < 3)
 168                         return $res;
 169                     if (ldap_start_tls($lc) === false)
 170                         return $res;
 171                 }
 172                 //echo "$ver: $dn\n";
 173                 if (@ldap_bind($lc, $dn, $pwd))
 174                     $res = true;
 175                 ldap_close($lc);
 176             }
 177         }
 178         return $res;
 179     }
 180 }