function setCurrentUser(&$User) { $this->CurrentUser =& $User; $this->setCurrentUserOnController($User); $this->setCurrentUserOnSession($User); User::setCurrentUser($User); }
/** * Attempts to login a user against the authentication source * * If successfull, returns a User object * * @param string $username A valid identifying token for the source. Not * necessarily unique. For local user, bots username * and email are valid. * @param string $password Clear text password. * @param string $errmsg Reference of error message * @param int $errno Reference to error code * * @return object The actual User object if login was successfull, false * otherwise. */ public function login($username, $password, &$errmsg = null, &$errno = 0) { //echo "DEBUG: login($username, $password, $errmsg)<br/>"; $db = AbstractDb::getObject(); // Init values $retval = false; $username = $db->escapeString($username); if (empty($username)) { $errmsg .= sprintf(getErrorText(ERR_NO_USERNAME)); $errno = ERR_NO_USERNAME; $retval = false; } else { /* gbastien: this is not reusable!!, why not use password directly? */ //$password_hash = User::passwordHash($_REQUEST['password']); $password_hash = User::passwordHash($password); $password = $db->escapeString($password); $username = $this->getNetwork()->getUsernamesCaseSensitive() ? $username : strtolower($username); $compareto = $this->getNetwork()->getUsernamesCaseSensitive() ? 'username' : 'lower(username)'; $sql = "SELECT user_id FROM users WHERE ({$compareto} = '{$username}' OR lower(email) = '{$username}') AND account_origin='" . $this->getNetwork()->getId() . "' AND pass='******'"; $db->execSqlUniqueRes($sql, $user_info, false); if ($user_info != null) { $user = User::getObject($user_info['user_id']); if ($user->isUserValid($errmsg, $errno)) { $retval =& $user; $errmsg = _("Login successfull"); } else { $retval = false; //Reason for refusal is already in $errmsg } } else { /* * This is only used to discriminate if the problem was a * non-existent user or a wrong password. */ $user_info = null; $db->execSqlUniqueRes("SELECT * FROM users WHERE ({$compareto} = '{$username}' OR lower(email) = '{$username}') AND account_origin='" . $this->getNetwork()->getId() . "'", $user_info, false); if ($user_info == null) { $errmsg = getErrorText(ERR_UNKNOWN_USERNAME); $errno = ERR_UNKNOWN_USERNAME; } else { $errmsg = getErrorText(ERR_WRONG_PASSWORD); $errno = ERR_WRONG_PASSWORD; } $retval = false; } } User::setCurrentUser($retval); return $retval; }
function unsetCurrentUser() { User::setCurrentUser(null); }
/** * Attempts to login a user against the authentication source * * If successfull, returns a User object * * @param string $username A valid identifying token for the source. Not * necessarily unique. * @param string $password Clear text password. * @param string $errmsg Reference of error message * * @return object The actual User object if login was successfull, false * otherwise. */ public function login($username, $password, &$errmsg = null) { $db = AbstractDb::getObject(); // Init values $retval = false; $username = $db->EscapeString($username); $password = $db->EscapeString($password); // Check if php-ldap extension is loaded if (Dependency::check("ldap", $errmsg)) { if ($this->checkLdapUser($username, $password, $this->mldap_hostname, $this->mldap_o, $this->mldap_filter, $errmsg)) { //LDAP Authentication Successful $sql = "SELECT user_id, pass FROM users WHERE (username='******') AND account_origin='" . $this->getNetwork()->getId() . "'"; $db->ExecSqlUniqueRes($sql, $user_info, false); if ($user_info != null) { $user = User::getObject($user_info['user_id']); if ($user->isUserValid($errmsg)) { $retval = $user; User::setCurrentUser($user); $errmsg = _("Login successfull"); } else { $retval = false; //Error already been set } } else { $user = User::createUser(get_guid(), $username, $this->getNetwork(), "", ""); $retval =& $user; $user->setAccountStatus(ACCOUNT_STATUS_ALLOWED); $errmsg = _("Login successfull"); } } else { $retval = false; //Error already been set } } User::setCurrentUser($retval); return $retval; }
throw new Exception(_('No token specified!')); } if (!isset($_REQUEST["user_id"])) { throw new Exception(_('No user ID specified!')); } $validated_user = User::getObject($_REQUEST['user_id']); if ($db->escapeString($_REQUEST['token']) != $validated_user->getValidationToken()) { throw new Exception(_('The validation token does not match the one in the database.')); } if ($validated_user->getAccountStatus() == ACCOUNT_STATUS_ALLOWED) { throw new Exception(_('Your account has already been activated.')); } // This user wants to validate his account, the token is OK and he's not trying to pass the same token more than once // Activate his account and let him in NOW $validated_user->SetAccountStatus(ACCOUNT_STATUS_ALLOWED); User::setCurrentUser($validated_user); // Show activation message $smarty->assign('message', _("Your account has been succesfully activated!\n\nYou may now browse to a remote Internet address and take advantage of the free Internet access!\n\nIf you get prompted for a login, enter the username and password you have just created.")); } catch (Exception $e) { $smarty->assign('message', $e->getMessage()); } $ui = MainUI::getObject(); $ui->addContent('main_area_middle', $smarty->fetch("templates/sites/validate.tpl")); $ui->display(); /* * Local variables: * tab-width: 4 * c-basic-offset: 4 * c-hanging-comment-ender-p: nil * End: */
/** * Attempts to login a user against the authentication source. * * If successfull, returns a User object * * @param string $username A valid identifying token for the source. * Not necessarily unique. * @param string $password Clear text password. * @param string $errmsg Reference of error message * * @return object The actual User object if login was successfull, * false otherwise. */ public function login($username, $password, &$errmsg = null) { $db = AbstractDb::getObject(); User::setCurrentUser(null); //This should fix a security hole if using an empty username. I didn't have time to audit the radius code to see if it really was vulnerable, and code a better fix. // Init values $retval = false; $username = $db->escapeString($username); $password = $db->escapeString($password); if (Dependency::check("Auth_RADIUS", $errmsg)) { /* * Supported encryption methods are : * * CHAP_MD5 :Challenge-Handshake Authentication Protocol with MD5 * MSCHAPv1 and MSCHAPv2: Microsoft's CHAP implementation */ switch ($this->mRadius_encryption_method) { case "PAP": case "CHAP_MD5": case "MSCHAPv1": case "MSCHAPv2": // Instanciate PEAR class $classname = 'Auth_RADIUS_' . $this->mRadius_encryption_method; $radius_server = new $classname($username, $password); $radius_server->addServer($this->mRadius_hostname, $this->mRadius_auth_port, $this->mRadius_secret_key); break; default: // Invalid encryption method $errmsg = _("Invalid RADIUS encryption method."); return false; } // Instructing PEAR RADIUS class auth parameters $radius_server->username = $username; // Depending on the auth method, generate challenge response switch ($this->mRadius_encryption_method) { case 'CHAP_MD5': case 'MSCHAPv1': $classname = $this->mRadius_encryption_method == 'MSCHAPv1' ? 'Crypt_CHAP_MSv1' : 'Crypt_CHAP_MD5'; $crypt_class = new $classname(); $crypt_class->password = $password; $radius_server->challenge = $crypt_class->challenge; $radius_server->chapid = $crypt_class->chapid; $radius_server->response = $crypt_class->challengeResponse(); $radius_server->flags = 1; break; case 'MSCHAPv2': $crypt_class = new Crypt_CHAP_MSv2(); $crypt_class->username = $username; $crypt_class->password = $password; $radius_server->challenge = $crypt_class->authChallenge; $radius_server->peerChallenge = $crypt_class->peerChallenge; $radius_server->chapid = $crypt_class->chapid; $radius_server->response = $crypt_class->challengeResponse(); break; default: $radius_server->password = $password; break; } if (!$radius_server->start()) { $errmsg = _("Could not initiate PEAR RADIUS Auth class : " . $radius_server->getError()); return false; } // Send the authentication request to the RADIUS server $result = $radius_server->send(); if (PEAR::isError($result)) { $errmsg = _("Failed to send authentication request to the RADIUS server. : " . $result->getMessage()); return false; } else { if ($result === true) { // RADIUS authentication succeeded! // Now checking for local copy of this user $user_info = null; $sql = "SELECT user_id, pass FROM users WHERE (username='******') AND account_origin='" . $this->getNetwork()->getId() . "'"; $db->execSqlUniqueRes($sql, $user_info, false); if ($user_info != null) { $user = User::getObject($user_info['user_id']); if ($user->isUserValid($errmsg)) { $retval =& $user; User::setCurrentUser($user); $errmsg = _("Login successfull"); } else { $retval = false; //Reason for refusal is already in $errmsg } } else { /* * This user has been succcessfully authenticated through * remote RADIUS, but it's not yet in our local database. * Creating the user with a Global Unique ID, empty email * and password. * Local database password hashing is based on an empty * string (we do not store remote passwords). */ $user = User::createUser(get_guid(), $username, $this->getNetwork(), "", ""); $retval =& $user; // Validate the user right away ! $user->setAccountStatus(ACCOUNT_STATUS_ALLOWED); User::setCurrentUser($user); $errmsg = _("Login successfull"); } return $retval; } else { $errmsg = _("The RADIUS server rejected this username/password combination."); return false; } } $radius_server->close(); } else { return false; } }
} /** * Start login process section. * * If successfull, the browser is redirected to another page */ /* * If this is a splash-only node, skip the login interface and log-in using * the splash_only user */ if (!empty($node) && $node->isSplashOnly()) { if (!empty($gw_address) && !empty($gw_port)) { // Login from a gateway, redirect to the gateway to activate the token $user = $network->getSplashOnlyUser(); $token = $user->generateConnectionToken($mac); User::setCurrentUser($user); header("Location: http://" . $gw_address . ":" . $gw_port . "/wifidog/auth?token=" . $token); } else { // Virtual login, redirect to the auth server homepage header("Location: " . BASE_SSL_PATH); } } /* * Normal login process */ if (!empty($_REQUEST["login_form_submit"])) { // Init values $errmsg = ''; $user = User::getCurrentUser(); if (!$user) { //Normally, we already have a user logged-in (processed by process_login_out.php). But we try again, if only to display the error
/** * Verify the given user credentials against the wifidog database * @param $username The username to authenticate * @param $pwdhash The password hash * @param $gw_id The gateway id * @param $gw_ip The gateway's ip addresss * @param $mac The mac address of the user * @param $gw_port The port of the gateway's http server * @param $from The ip address of the user on the node * @param $logout Whether the user wants to logout * @return unknown_type */ protected function executeAuth($username = null, $password = null, $gw_id = null, $gw_ip = null, $mac = null, $gw_port = null, $from = null, $logout = false) { $this->_outputArr['auth'] = 0; require_once 'classes/Node.php'; require_once 'classes/User.php'; require_once 'classes/Network.php'; require_once 'classes/Authenticator.php'; if (!is_null($gw_id)) { if (is_null($gw_ip) || is_null($gw_port) || is_null($from)) { throw new WSException("Missing information on the gateway. You must specify parameter 'gw_address' AND 'gw_port' AND 'from_ip' if the parameter 'gw_id' is specified.", WSException::INVALID_PARAMETER); } $node = Node::getObjectByGatewayId($gw_id); if ($node) { $network = $node->getNetwork(); } else { throw new WSException("Node identified by {$gw_id} cannot be found", WSException::PROCESS_ERROR); } } else { // Gateway ID is not set ... virtual login $network = Network::getCurrentNetwork(); $node = null; } /* * If this is a splash-only node, then the user is automatically authenticated */ $token = null; if (!empty($node) && $node->isSplashOnly()) { $this->_outputArr['auth'] = 1; $user = $network->getSplashOnlyUser(); $token = $user->generateConnectionTokenNoSession($node, $from, $mac); if (!$token) { throw new WSException("User authenticated but cannot generate connection token.", WSException::PROCESS_ERROR); } } else { if (!$logout) { // Authenticate the user on the requested network $user = $network->getAuthenticator()->login($username, $password, $errMsg, $errNo); if (!$user) { $this->_outputArr['auth'] = 0; $this->_outputArr['explanation'] = $errMsg; $this->_outputArr['errorcode'] = $errNo; } else { $this->_outputArr['auth'] = 1; if (!is_null($node)) { $token = $user->generateConnectionTokenNoSession($node, $from, $mac); if (!$token) { throw new WSException("User authenticated but cannot generate connection token.", WSException::PROCESS_ERROR); } } } } else { $user = User::getUserByUsernameOrEmail($username); User::setCurrentUser($user); $network->getAuthenticator()->logout(); $this->_outputArr['auth'] = 1; } } if ($this->_outputArr['auth'] == 1 && !is_null($token)) { $this->_outputArr['forwardTo'] = "http://" . $gw_ip . ":" . $gw_port . "/wifidog/auth?token=" . $token; } }