| [ Index ] | PHP Cross Reference of Mambo 4.6.5 |
|
| [ Variables ] [ Functions ] [ Classes ] [ Constants ] [ Statistics ] | ||
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * Authenticator class file for Mambo 4 * @package Mambo 5 * @author Mambo Foundation Inc see README.php 6 * @copyright (C) 2000 - 2009 Mambo Foundation Inc. 7 * See COPYRIGHT.php for copyright notices and details. 8 * @license GNU/GPL Version 2, see LICENSE.php 9 * 10 * Redistributions of files must retain the above copyright notice. 11 * 12 * Mambo is free software; you can redistribute it and/or 13 * modify it under the terms of the GNU General Public License 14 * as published by the Free Software Foundation; version 2 of the License. 15 */ 16 17 class mamboAuthenticator { 18 19 function &getInstance () { 20 static $instance; 21 if (!is_object($instance)) { 22 $instance =& new mamboAuthenticator(); 23 } 24 return $instance; 25 } 26 27 /** 28 * Login management function 29 * 30 * The current session is passed. 31 * Username and encoded password is authenticated. 32 * A successful authentication updates the current session record with 33 * the users details. 34 */ 35 function loginUser ($username=null, $passwd=null, $remember=null) { 36 $mambothandler =& mosMambotHandler::getInstance(); 37 $mambothandler->loadBotGroup('authenticator'); 38 $session =& mosSession::getCurrent(); 39 $database =& mamboDatabase::getInstance(); 40 if (!$username OR !$passwd) { 41 $username = mosGetParam($_REQUEST, 'username', ''); 42 $passwd = mosGetParam($_REQUEST, 'passwd', '' ); 43 $bypost = 1; 44 } 45 else $bypost = 0; 46 if ($remember === null) $remember = mosGetParam($_REQUEST, 'remember', ''); 47 48 if (!$username OR !$passwd) { 49 echo "<script> alert(\"".T_('Please complete the username and password fields.')."\"); window.history.go(-1); </script>\n"; 50 exit(); 51 } else { 52 $username = $database->getEscaped($username); 53 $passwd = $database->getEscaped($passwd); 54 $loginfo =& new mosLoginDetails($username, $passwd, $remember); 55 $checkuser = true; 56 $logresults = $mambothandler->trigger('requiredLogin',array($loginfo)); 57 if (count($logresults) == 0) $logresults[] = T_('Logins are not permitted. There is no authentication check active.'); 58 foreach ($logresults as $message) { 59 if ($message) $checkuser = false; 60 break; 61 } 62 if ($checkuser) { 63 $mambothandler->trigger('goodLogin', array($loginfo)); 64 return true; 65 } 66 $mambothandler->trigger('badLogin', array($loginfo)); 67 if (isset($bypost)) echo "<script>alert(\"".$message."\"); window.history.go(-1); </script>\n"; 68 @session_destroy(); 69 } 70 } 71 72 /** 73 * User authentication function 74 * 75 * Username and encoded password are checked against the database. 76 */ 77 function authenticateUser (&$message, $username, $passwd, $remember=null, $session=null) { 78 $message = ''; 79 if ($session === null) $session =& mosSession::getCurrent(); 80 $database =& mamboDatabase::getInstance(); 81 $database->setQuery( "SELECT id, gid, block, usertype" 82 . "\nFROM #__users" 83 . "\nWHERE username='$username' AND password='$passwd'" 84 ); 85 if ($database->loadObject($row)) { 86 if ($row->block) { 87 $message = T_('Your login has been blocked. Please contact the administrator.'); 88 return false; 89 } 90 // fudge the group stuff 91 // $grp = $acl->getAroGroup( $row->id ); 92 // if ($acl->is_group_child_of( $grp->name, 'Registered', 'ARO' ) || 93 // $acl->is_group_child_of( $grp->name, 'Public Backend', 'ARO' )) { 94 // fudge Authors, Editors, Publishers and Super Administrators into the Special Group 95 // $row->usertype = $grp->name; 96 $session->guest = 0; 97 $session->username = $username; 98 $session->userid = $row->id; 99 $session->usertype = $row->usertype; 100 if ($row->usertype == 'Registered') $session->gid = 1; 101 else $session->gid = 2; 102 $session->gid = intval( $row->gid ); # what is going on here??? 103 $session->update(); 104 $currentDate = date("Y-m-d\TH:i:s"); 105 $query = "UPDATE #__users SET lastvisitDate='$currentDate' where id='$session->userid'"; 106 $database->setQuery($query); 107 if (!$database->query()) { 108 die($database->stderr(true)); 109 } 110 if ($remember=="yes") { 111 $lifetime = time() + 365*24*60*60; 112 setcookie("usercookie[username]", $username, $lifetime, "/"); 113 setcookie("usercookie[password]", $passwd, $lifetime, "/"); 114 } 115 //mosCache::cleanCache('com_content'); 116 mosCache::cleanCache(); 117 } else { 118 $message = T_('Incorrect username or password. Please try again.'); 119 $this->clearSession($session); 120 return false; 121 } 122 return true; 123 } 124 125 function clearSession ($session=null) { 126 if ($session === null) $session =& mosSession::getCurrent(); 127 //mosCache::cleanCache('com_content'); 128 mosCache::cleanCache(); 129 $session->guest = 1; 130 $session->username = ''; 131 $session->userid = ''; 132 $session->usertype = ''; 133 $session->gid = 0; 134 $session->update(); 135 // this is daggy?? 136 $lifetime = time() - 1800; 137 setcookie( "usercookie[username]", " ", $lifetime, "/" ); 138 setcookie( "usercookie[password]", " ", $lifetime, "/" ); 139 setcookie( "usercookie", " ", $lifetime, "/" ); 140 @session_destroy(); 141 } 142 143 /** 144 * User logout 145 * 146 * Reverts the current session record back to 'anonymous' parameters 147 */ 148 function logoutUser () { 149 $session =& mosSession::getCurrent(); 150 if ($session) { 151 $mambothandler =& mosMambotHandler::getInstance(); 152 $mambothandler->loadBotGroup('authenticator'); 153 $loginfo = new mosLoginDetails($session->username); 154 $mambothandler->trigger('beforeLogout', array($loginfo)); 155 $this->clearSession($session); 156 } 157 } 158 159 function &loginAdmin ($acl) { 160 $database =& mamboDatabase::getInstance(); 161 /** escape and trim to minimise injection of malicious sql */ 162 $usrname = $database->getEscaped(mosGetParam($_POST, 'usrname', '')); 163 $pass = $database->getEscaped(mosGetParam($_POST, 'pass', '')); 164 165 $my = null; 166 if (!$pass) echo "<script>alert('".T_('Please enter a password')."'); document.location.href='index.php';</script>\n"; 167 else $pass = md5( $pass ); 168 169 $admintypes = array ('administrator', 'superadministrator', 'super administrator'); 170 $admins = 0; 171 $query = "SELECT u.*, a.name as usertype, a.lft as grp FROM #__users AS u, #__core_acl_aro_groups AS a" 172 . "\n WHERE ( LOWER( usertype ) = 'administrator'" 173 . "\n OR LOWER( usertype ) = 'superadministrator'" 174 . "\n OR LOWER( usertype ) = 'super administrator'" 175 . "\n OR (username='$usrname' AND block=0)) AND a.group_id = u.gid" 176 ; 177 $users = $database->doSQLget( $query, 'mosUser' ); 178 foreach ($users as $key=>$oneuser) { 179 if (in_array(strtolower($oneuser->usertype),$admintypes)) $admins++; 180 if ($oneuser->username == $usrname) $my =& $users[$key]; 181 } 182 if ($admins == 0) echo "<script>alert(\"".T_('You cannot login. There are no administrators set up.')."\"); window.history.go(-1); </script>\n"; 183 /** find the user group (or groups in the future) */ 184 elseif (isset($my)) { 185 if (strcmp( $my->password, $pass ) 186 OR !$acl->acl_check( 'administration', 'login', 'users', $my->usertype )) { 187 echo "<script>alert('".T_('Incorrect Username, Password, or Access Level. Please try again')."'); document.location.href='index.php';</script>\n"; 188 return; 189 } 190 $logintime = time(); 191 $session_id = md5( "$my->id$my->username$my->usertype$logintime" ); 192 $query = "INSERT INTO #__session" 193 . "\nSET time='$logintime', session_id='$session_id', " 194 . "userid='$my->id', usertype='$my->usertype', username='$my->username', guest=-1" 195 ; 196 $database->setQuery( $query ); 197 if (!$database->query()) { 198 echo $database->stderr(); 199 } 200 $_SESSION['session_id'] = $session_id; 201 $_SESSION['session_user_id'] = $my->id; 202 $_SESSION['session_username'] = $my->username; 203 $_SESSION['session_usertype'] = $my->usertype; 204 $_SESSION['session_gid'] = $my->gid; 205 $_SESSION['session_grp'] = $my->grp; 206 $_SESSION['session_logintime'] = $logintime; 207 $_SESSION['session_userstate'] = array(); 208 } 209 return $my; 210 } 211 212 /** 213 * Random password generator 214 * @return password 215 */ 216 function mosMakePassword() { 217 $salt = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; 218 $len = strlen($salt); 219 $makepass=""; 220 mt_srand(10000000*(double)microtime()); 221 for ($i = 0; $i < 8; $i++) 222 $makepass .= $salt[mt_rand(0,$len - 1)]; 223 return $makepass; 224 } 225 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Feb 8 00:05:01 2012 | Cross-referenced by PHPXref 0.7 |
| Mambo API: Mambo is Free software released under the GNU/General Public License, Version 2 |