/**
* This is a option-less authentication. Either your login works or it doesn't.
* Other apps implementing this interface may need to know what you're trying to do
* in order to make a decision; $pa_options is an associative array of User handler-specific
* keys and values that can contain such information
*/
public function authenticate(&$ps_username, $ps_password = "", $pa_options = null)
{
// if user doesn't exist, try creating it through the authentication backend, if the backend supports it
if (strlen($ps_username) > 0 && !$this->load($ps_username)) {
if (AuthenticationManager::supports(__CA_AUTH_ADAPTER_FEATURE_AUTOCREATE_USERS__)) {
try {
$va_values = AuthenticationManager::getUserInfo($ps_username, $ps_password);
} catch (Exception $e) {
$this->opo_log->log(array('CODE' => 'SYS', 'SOURCE' => 'ca_users/authenticate', 'MESSAGE' => _t('There was an error while trying to fetch information for a new user from the current authentication backend. The message was %1 : %2', get_class($e), $e->getMessage())));
return false;
}
if (!is_array($va_values) || sizeof($va_values) < 1) {
return false;
}
// @todo: check sanity on values from plugins before inserting them?
foreach ($va_values as $vs_k => $vs_v) {
if (in_array($vs_k, array('roles', 'groups'))) {
continue;
}
$this->set($vs_k, $vs_v);
}
$vn_mode = $this->getMode();
$this->setMode(ACCESS_WRITE);
$this->insert();
if (!$this->getPrimaryKey()) {
$this->setMode($vn_mode);
$this->opo_log->log(array('CODE' => 'SYS', 'SOURCE' => 'ca_users/authenticate', 'MESSAGE' => _t('User could not be created after getting info from authentication adapter. API message was: %1', join(" ", $this->getErrors()))));
return false;
}
if (is_array($va_values['groups']) && sizeof($va_values['groups']) > 0) {
$this->addToGroups($va_values['groups']);
}
if (is_array($va_values['roles']) && sizeof($va_values['roles']) > 0) {
$this->addRoles($va_values['roles']);
}
if (is_array($va_values['preferences']) && sizeof($va_values['preferences']) > 0) {
foreach ($va_values['preferences'] as $vs_pref => $vs_pref_val) {
$this->setPreference($vs_pref, $vs_pref_val);
}
}
$this->update();
// restore mode
$this->setMode($vn_mode);
}
}
if (AuthenticationManager::authenticate($ps_username, $ps_password, $pa_options)) {
$this->load($ps_username);
return true;
}
// check ips
if (!isset($pa_options["dont_check_ips"]) || !$pa_options["dont_check_ips"]) {
if ($vn_user_id = $this->ipAuthenticate()) {
if ($this->load($vn_user_id)) {
$ps_username = $this->get("user_name");
return 2;
}
}
}
return false;
}
public function invokePostAction()
{
if ($_SERVER['REQUEST_METHOD'] != self::REQUEST_METHOD) {
throw new Exception("Controller can only handle " . self::REQUEST_METHOD . ' requests');
return null;
} else {
if (!isset($_REQUEST[self::ACTION_PARAM])) {
throw new Exception(self::ACTION_PARAM . ' parameter is not specified');
}
}
$action = $_REQUEST[self::ACTION_PARAM];
switch ($action) {
case self::ACTION_LOGIN:
if (!AuthenticationManager::authenticate($_REQUEST[self::USR_NAME], $_REQUEST[self::USR_PASSWORD])) {
$this->forwardRequest(['Invalid user information provided']);
}
$user = DataManager::getUserByUsername($_REQUEST[self::USR_NAME]);
$_SESSION['username'] = $user->getID();
$user = AuthenticationManager::getAuthenticatedUser();
$channels = DataManager::getChannelsByUserId($user->getID());
$_SESSION['channel'] = $channels[0]->getName();
Util::redirect();
break;
case self::ACTION_LOGOUT:
if (AuthenticationManager::isAuthenticated()) {
AuthenticationManager::signOut();
}
Util::redirect();
break;
case self::ACTION_REGISTRATION:
$channels = $_REQUEST['channels'];
foreach ($channels as $ch) {
$channel = DataManager::getChannelByName($ch);
$registratedUsers = DataManager::getUsersByChannelId($channel->getID());
foreach ($registratedUsers as $user) {
if ($user->getUsername() === $_REQUEST[self::USR_NAME]) {
$this->forwardRequest(['The username ' . $_REQUEST[self::USR_NAME] . ' is already used!'], 'index.php?view=registration');
}
}
$user = DataManager::getUserByUsername($_REQUEST[self::USR_NAME]);
$userId = null;
if ($user) {
$userId = $user->getID();
} else {
$userId = DataManager::saveNewUser($_REQUEST[self::USR_FIRST_NAME], $_REQUEST[self::USR_LAST_NAME], $_REQUEST[self::USR_NAME], AuthenticationManager::getHash($_REQUEST[self::USR_NAME], $_REQUEST[self::USR_PASSWORD]));
}
DataManager::registrateUser($userId, $channel->getID());
}
if (!AuthenticationManager::authenticate($_REQUEST[self::USR_NAME], $_REQUEST[self::USR_PASSWORD])) {
$this->forwardRequest(['Invalid user information provided'], "index.php?view=registration");
}
$_SESSION[self::USR_CHANNELS] = $_REQUEST[self::USR_CHANNELS];
// first channel should be selected as default channel
$_SESSION['channel'] = $channels[0];
Util::redirect();
break;
case self::POST_MSG:
$channel = DataManager::getChannelByName($_SESSION['channel']);
$user = AuthenticationManager::getAuthenticatedUser();
$messages = DataManager::getAllUnansweredPosts($channel->getID());
//TODO: mark message as answered
foreach ($messages as $message) {
if ($message->getAuthor() != $user->getID()) {
DataManager::changePostStatus($message->getID(), Status::ANSWERED);
}
}
DataManager::publishMessage($user->getID(), $channel->getID(), $_REQUEST[self::POST_TITLE], $_REQUEST[self::POST_CONTENT], Status::UNREAD);
break;
case self::ACTION_CHANGE_CHANNEL:
//print_r($_REQUEST);
$_SESSION['channel'] = $_REQUEST['selectedChannel'];
Util::redirect();
break;
case self::ACTION_JOIN_CHANNEL:
$channel = DataManager::getChannelByName($_REQUEST[self::USR_CHANNEL]);
$registratedUsers = DataManager::getUsersByChannelId($channel->getID());
foreach ($registratedUsers as $user) {
if ($user->getUsername() === $_REQUEST[self::USR_NAME]) {
$this->forwardRequest(['User ' . $_REQUEST[self::USR_NAME] . ' is already registered!'], "index.php?view=join");
}
}
$user = DataManager::getUserByUsername($_REQUEST[self::USR_NAME]);
if (!$user) {
$this->forwardRequest(['Please registrate, the user ' . $_REQUEST[self::USR_NAME] . ' does not exists!'], "index.php?view=register");
}
DataManager::registrateUser($user->getID(), $channel->getID());
if (!AuthenticationManager::authenticate($_REQUEST[self::USR_NAME], $_REQUEST[self::USR_PASSWORD], $_REQUEST[self::USR_CHANNEL])) {
$this->forwardRequest(['Invalid user information provided'], "index.php?view=registration");
}
$_SESSION[self::USR_CHANNEL] = $_REQUEST[self::USR_CHANNEL];
Util::redirect();
break;
case self::AJAX_SET_PRIO:
if (isset($_POST) && $_POST) {
DataManager::changePostStatus($_POST['id'], Status::PRIOR);
echo "index.php?view=welcome";
}
break;
case self::AJAX_RESET_PRIO:
if (isset($_POST) && $_POST) {
DataManager::changePostStatus($_POST['id'], Status::READ);
echo "index.php?view=welcome";
}
break;
case self::AJAX_DELETE_MESSAGE:
if (isset($_POST) && $_POST) {
DataManager::changePostStatus($_POST['id'], Status::DELETED);
echo "index.php?view=welcome";
}
break;
case self::AJAX_UPDATE_CHAT:
$currUserId = isset($_SESSION['username']) ? $_SESSION['username'] : null;
$channel = isset($_SESSION['channel']) ? $_SESSION['channel'] : null;
if ($currUserId && $channel) {
$unreadPosts = DataManager::getAllUnreadPostsByUserId($currUserId);
foreach ($unreadPosts as $post) {
if ($post->getAuthor() != $currUserId) {
DataManager::changePostStatus($post->getId(), Status::READ);
}
}
}
if (isset($_POST) && $_POST) {
$channel = DataManager::getChannelByName($_REQUEST['channel']);
$messages = DataManager::getPostsByChannel($channel->getID());
$return = "";
foreach ($messages as $message) {
if ($message->exists()) {
$return .= Viewtility::viewMessage($message, DataManager::getPostStatus($message->getId()));
}
}
echo $return;
}
break;
}
}
private function handleRegister()
{
$errors = array();
$username = isset($_REQUEST[self::USR_NAME]) ? Util::escape($_REQUEST[self::USR_NAME]) : null;
$firstName = isset($_REQUEST[self::USR_FIRSTNAME]) ? Util::escape($_REQUEST[self::USR_FIRSTNAME]) : null;
$lastName = isset($_REQUEST[self::USR_LASTNAME]) ? Util::escape($_REQUEST[self::USR_LASTNAME]) : null;
$mail = isset($_REQUEST[self::USR_MAIL]) ? Util::escape($_REQUEST[self::USR_MAIL]) : null;
$password = isset($_REQUEST[self::USR_PASSWORD]) ? Util::escape($_REQUEST[self::USR_PASSWORD]) : null;
$password2 = isset($_REQUEST[self::USR_PASSWORD2]) ? Util::escape($_REQUEST[self::USR_PASSWORD2]) : null;
$channels = isset($_REQUEST[self::USR_CHANNELS]) ? $_REQUEST[self::USR_CHANNELS] : null;
if ($username == null || $firstName == null || $lastName == null || $mail == null || $password == null || $password2 == null || $channels == null) {
$errors[] = "Please fill in all fields.";
}
if (DataManager::userNameExists($username)) {
$errors[] = "Username already exists.";
}
if (DataManager::mailAddressExists($mail)) {
$errors[] = "Mail address already in use.";
}
if ($password !== $password2) {
$errors[] = "Entered passwords have to be equal.";
}
if (count($channels) == 0) {
$errors[] = "Please select one or more channels.";
}
if (count($errors) > 0) {
echo $_REQUEST[self::USR_MAIL];
$this->forwardRequest($errors, '?view=register', array(self::USR_NAME => $_REQUEST[self::USR_NAME], self::USR_FIRSTNAME => $_REQUEST[self::USR_FIRSTNAME], self::USR_LASTNAME => $_REQUEST[self::USR_LASTNAME], self::USR_MAIL => $_REQUEST[self::USR_MAIL]));
} else {
DataManager::createUser($username, $firstName, $lastName, $mail, $password, $channels);
AuthenticationManager::authenticate($username, $password);
}
}
<?php
namespace noFlash\PkiAuthenticator;
require_once '../src/Bootstrap.php';
if (!isset($_GET['data'], $_GET['svc'])) {
throw new SecurityViolationException('Invalid auth call - consult documentation');
}
$data = base64_decode($_GET['data']);
//AuthRequest expects raw binary data, to carry them inside url they need to be base64-encoded, so decode it first
if ($data === false) {
throw new \InvalidArgumentException('Data decode failed');
}
$request = new AuthRequest($_GET['svc'], $data);
$authenticator = new AuthenticationManager($request);
if (!$authenticator->authenticate()) {
throw new \LogicException('Authentication failed');
}
header('HTTP/1.0 307 Redirecting');
header('Location: ' . $authenticator->getRedirectUrl());
