function auth_require_login()
{
$realm = $GLOBALS['config']['login_message'];
header('WWW-Authenticate: Basic realm="' . $realm . '"');
header('HTTP/1.1 401 Unauthorized');
include $GLOBALS['config']['html_dir'] . '/includes/error-no-perm.inc.php';
session_logout();
die;
}
function session_logoutIfNoOpenId()
{
if (isset($_SESSION['user'])) {
$user = $_SESSION['user'];
if (!@$user->identity) {
session_logout();
}
}
}
/**
* This function forces a login prompt via basic HTTP authentication by making the browser believe
* the authentication has failed. Required to log out a basic HTTP auth session.
*/
function http_auth_require_login()
{
$realm = $GLOBALS['config']['login_message'];
header('WWW-Authenticate: Basic realm="' . $realm . '"');
header('HTTP/1.1 401 Unauthorized');
print_error_permission();
session_logout();
die;
}
function radius_authenticate($username, $password)
{
global $config, $rad;
radius_init();
if ($username && $rad) {
radius_create_request($rad, RADIUS_ACCESS_REQUEST);
radius_put_string($rad, 1, $username);
radius_put_string($rad, 2, $password);
radius_put_string($rad, 4, $_SERVER['SERVER_ADDR']);
$response = radius_send_request($rad);
if ($response == RADIUS_ACCESS_ACCEPT) {
return 1;
}
}
session_logout();
return 0;
}
/**
* Initializes the RADIUS connection to the specified server(s). Cycles through all servers, throws error when no server can be reached.
* Private function for this RADIUS module only.
*/
function radius_init()
{
global $rad, $config;
if (!is_resource($rad)) {
$success = 0;
$rad = radius_auth_open();
foreach ($config['auth_radius_server'] as $server) {
if (radius_add_server($rad, $server, $config['auth_radius_port'], $config['auth_radius_secret'], $config['auth_radius_timeout'], $config['auth_radius_retries'])) {
$success = 1;
}
}
if (!$success) {
print_error("Fatal error: Could not connect to configured RADIUS server(s).");
session_logout();
exit;
}
}
}
function authenticate($username, $password)
{
$encrypted_old = md5($password);
$row = dbFetchRow("SELECT `username`, `password` FROM `users` WHERE `username`= ?", array($username));
if ($row['username'] && $row['username'] == $username) {
// Migrate from old, unhashed password
if ($row['password'] == $encrypted_old) {
$row = dbFetchRow("DESCRIBE `users` `password`");
if ($row['Type'] == 'varchar(34)') {
auth_change_password($username, $password);
}
return 1;
}
if ($row['password'] == crypt($password, $row['password'])) {
return 1;
}
}
session_logout();
return 0;
}
/**
* logout - Logs out a SOAP client
*
* @param string sessionkey The session key
*/
function logout($session_ser)
{
continue_session($session_ser);
session_logout();
return "OK";
}
<?php
include "./functions/sessao.php";
session_start();
session_logout();
header('Location: login.php');
die;
/**
* session_set() - Re-initialize session for the logged in user
*
* This function checks that the user is logged in and if so, initialize
* internal session environment.
*
* @return none
*/
function session_set()
{
global $G_SESSION;
global $session_ser, $session_key;
// assume bad session_hash and session. If all checks work, then allow
// otherwise make new session
$id_is_good = false;
// If user says he's logged in (by presenting cookie), check that
if ($session_ser) {
$user_id = session_check_session_cookie($session_ser);
if ($user_id) {
$result = session_getdata($user_id);
if (db_numrows($result) > 0) {
$id_is_good = true;
}
}
}
// else (hash does not exist) or (session hash is bad)
if ($id_is_good) {
$G_SESSION = user_get_object($user_id, $result);
if ($G_SESSION) {
$G_SESSION->setLoggedIn(true);
}
} else {
$G_SESSION = false;
// if there was bad session cookie, kill it and the user cookie
//
if ($session_ser) {
session_logout();
}
}
}
// Not authenticated
$_SESSION['auth_message'] = "Authentication Failed";
session_logout(function_exists('auth_require_login'));
}
}
// Retrieve user ID and permissions
if ($_SESSION['authenticated']) {
if (!is_numeric($_SESSION['userlevel']) || !is_numeric($_SESSION['user_id'])) {
$_SESSION['userlevel'] = auth_user_level($_SESSION['username']);
$_SESSION['user_id'] = auth_user_id($_SESSION['username']);
}
$level_permissions = auth_user_level_permissions($_SESSION['userlevel']);
// If userlevel == 0 - user disabled an can not be logon
if (!$level_permissions['permission_access']) {
$_SESSION['auth_message'] = 'User login disabled';
session_logout(FALSE, 'User disabled');
header('Location: ' . $config['base_url']);
exit;
} else {
if (!isset($_SESSION['user_limited']) || $_SESSION['user_limited'] != $level_permissions['limited']) {
// Store user limited flag, required for quick permissions list generate
$_SESSION['user_limited'] = $level_permissions['limited'];
}
}
// Now we can enable debug if required
if (defined('OBS_DEBUG_WUI')) {
if ($_SESSION['userlevel'] < 7 && !$config['permit_user_debug']) {
// DO NOT ALLOW show debug output for users with privilege level less than "global secure read"
define('OBS_DEBUG', 0);
ini_set('display_errors', 0);
ini_set('display_startup_errors', 0);
function ldap_bind_dn($username = "", $password = "")
{
global $config, $ds;
print_debug("LDAP[Bind DN called]");
if ($config['auth_ldap_binddn']) {
print_debug("LDAP[Bind][" . $config['auth_ldap_binddn'] . "]");
$bind = ldap_bind($ds, $config['auth_ldap_binddn'], $config['auth_ldap_bindpw']);
} else {
// Try anonymous bind if configured to do so
if ($config['auth_ldap_bindanonymous']) {
print_debug("LDAP[Bind][anonymous]");
$bind = ldap_bind($ds);
} else {
if (($username == '' || $password == '') && isset($_SESSION['password'])) {
// Use session credintials
$username = $_SESSION['username'];
$password = $_SESSION['password'];
}
print_debug("LDAP[Bind][" . $config['auth_ldap_prefix'] . $username . $config['auth_ldap_suffix'] . "]");
$bind = ldap_bind($ds, $config['auth_ldap_prefix'] . $username . $config['auth_ldap_suffix'], $password);
}
}
if ($bind) {
return 0;
} else {
print_debug("Error binding to LDAP server: " . $config['auth_ldap_server'] . ": " . ldap_error($ds));
session_logout();
return 1;
}
}
// Retrieve user ID and permissions
if ($_SESSION['authenticated']) {
if (!is_numeric($_SESSION['userlevel']) || !is_numeric($_SESSION['user_id'])) {
$_SESSION['userlevel'] = auth_user_level($_SESSION['username']);
$_SESSION['user_id'] = auth_user_id($_SESSION['username']);
}
$permissions = permissions_cache($_SESSION['user_id']);
// Add feeds & api keys after first auth
if ($mcrypt_exists && !get_user_pref($_SESSION['user_id'], 'atom_key')) {
set_user_pref($_SESSION['user_id'], 'atom_key', md5(strgen()));
}
} else {
if (isset($_SESSION['username'])) {
$auth_message = "认证失败";
//dbInsert(array('user' => $_SESSION['username'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => 'Authentication Failure'), 'authlog');
session_logout(function_exists('auth_require_login'));
}
}
if ($config['auth_mechanism'] != 'ldap') {
// Duh.. for LDAP still need store password :(
unset($_SESSION['password']);
// Remove password so that it's not saved in $_SESSION in plaintext on the disk.
}
if ($auth_success) {
// If just logged in go to request uri
if (!OBS_DEBUG) {
header("位置: " . $_SERVER['REQUEST_URI']);
} else {
print_message("调试模式禁用重定向到首页; 请点击 <a href=\"" . $_SERVER['REQUEST_URI'] . "\">这里</a> 继续.");
}
exit;
/**
* Bind with either the configured bind DN, the user's configured DN, or anonymously, depending on config.
* Private function for this LDAP module only.
*
* @param string $username Bind username (optional)
* @param string $password Bind password (optional)
* @return bool FALSE if bind succeeded, TRUE if not
*/
function ldap_bind_dn($username = "", $password = "")
{
global $config, $ds, $cache;
print_debug("LDAP[Bind DN called]");
// Avoid binding multiple times on one resource, this upsets some LDAP servers.
if (isset($cache['ldap_bind_result'])) {
return $cache['ldap_bind_result'];
} else {
if ($config['auth_ldap_binddn']) {
print_debug("LDAP[Bind][" . $config['auth_ldap_binddn'] . "]");
$bind = ldap_bind($ds, $config['auth_ldap_binddn'], $config['auth_ldap_bindpw']);
} else {
// Try anonymous bind if configured to do so
if ($config['auth_ldap_bindanonymous']) {
print_debug("LDAP[Bind][anonymous]");
$bind = ldap_bind($ds);
} else {
if (($username == '' || $password == '') && isset($_SESSION['user_encpass'])) {
// Use session credintials
print_debug("LDAP[Bind][session]");
$username = $_SESSION['username'];
if (!isset($_SESSION['mcrypt_required'])) {
$password = decrypt($_SESSION['user_encpass'], session_unique_id() . get_unique_id());
} else {
// WARNING, requires mcrypt
$password = base64_decode($_SESSION['user_encpass'], TRUE);
}
}
print_debug("LDAP[Bind][" . $config['auth_ldap_prefix'] . $username . $config['auth_ldap_suffix'] . "]");
$bind = ldap_bind($ds, $config['auth_ldap_prefix'] . $username . $config['auth_ldap_suffix'], $password);
}
}
}
if ($bind) {
$cache['ldap_bind_result'] = 0;
return FALSE;
} else {
$cache['ldap_bind_result'] = 1;
print_debug("Error binding to LDAP server: " . implode(',', $config['auth_ldap_server']) . ': ' . ldap_error($ds));
session_logout();
return TRUE;
}
}
public function Logout()
{
session_logout();
header('location: home.php?action=index');
}