/**
* Delete current session datas
*
* @param boolean $force : force removing persistent session (default false)
* @return void
* @access public
* @static
*/
static function deleteSession($force = false)
{
//clear session storage
$authStorage = new Zend_Auth_Storage_Session('atm-auth');
$authStorage->clear();
//clear session table
$sql = "\n\t\t\tdelete\n\t\t\tfrom\n\t\t\t\tsessions\n\t\t\twhere\n\t\t\t\tphpid_ses='" . io::sanitizeSQLString(Zend_Session::getId()) . "'\n\t\t";
if (!$force) {
//keep session with persistent cookie
$sql .= "\n\t\t\t\tand (\n\t\t\t\t\tUNIX_TIMESTAMP(NOW())-UNIX_TIMESTAMP(lastTouch_ses) > " . io::sanitizeSQLString(APPLICATION_SESSION_TIMEOUT) . "\n\t\t\t\t\tand cookie_expire_ses = '0000-00-00 00:00:00'\n\t\t\t\t) or (\n\t\t\t\t\tcookie_expire_ses != '0000-00-00 00:00:00'\n\t\t\t\t\tand TO_DAYS(NOW()) >= cookie_expire_ses\n\t\t\t\t)\n\t\t\t";
} else {
//remove autologin cookie if exists
if (isset($_COOKIE[CMS_session::getAutoLoginCookieName()])) {
//remove cookie
CMS_session::setCookie(CMS_session::getAutoLoginCookieName());
}
}
$q = new CMS_query($sql);
//remove phpMyAdmin cookies if any
@setcookie(session_name(), false, time() - 3600, PATH_REALROOT_WR . '/automne/phpMyAdmin/', '', 0);
@setcookie('phpMyAdmin', false, time() - 3600, PATH_REALROOT_WR . '/automne/phpMyAdmin/', '', 0);
return true;
}
/**
* Try to authenticate user from :
* SSO
* COOKIE
* Given parameters
* SESSION
*
* @return Zend_Auth_Result
*/
public function authenticate()
{
if (isset($this->_params['authType'])) {
switch ($this->_params['authType']) {
case 'credentials':
if (isset($this->_params['login']) && isset($this->_params['password']) && $this->_params['login'] && $this->_params['password']) {
//check token
if (isset($this->_params['tokenName']) && $this->_params['tokenName'] && (!isset($this->_params['token']) || !$this->_params['token'] || !CMS_session::checkToken($this->_params['tokenName'], $this->_params['token']))) {
$this->_messages[] = self::AUTH_INVALID_TOKEN;
$this->_result = new Zend_Auth_Result(Zend_Auth_Result::FAILURE, null, $this->_messages);
} else {
//check user credentials from DB
$sql = "\n\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\tid_pru\n\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\tprofilesUsers\n\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\tlogin_pru = '" . SensitiveIO::sanitizeSQLString($this->_params['login']) . "'\n\t\t\t\t\t\t\t\t\tand (\n\t\t\t\t\t\t\t\t\t\tpassword_pru = '" . SensitiveIO::sanitizeSQLString(md5($this->_params['password'])) . "'\n\t\t\t\t\t\t\t\t\t\tor password_pru = '{sha}" . SensitiveIO::sanitizeSQLString(sha1($this->_params['password'])) . "'\n\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\tand password_pru != ''\n\t\t\t\t\t\t\t\t\tand active_pru = 1\n\t\t\t\t\t\t\t\t\tand deleted_pru = 0\n\t\t\t\t\t\t\t";
$q = new CMS_query($sql);
if ($q->getNumRows()) {
$userId = $q->getValue("id_pru");
$this->_user = CMS_profile_usersCatalog::getByID($userId);
if ($this->_user && !$this->_user->hasError() && !$this->_user->isDeleted() && $this->_user->isActive()) {
$this->_messages[] = self::AUTH_VALID_CREDENTIALS;
$this->_result = new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $this->_user->getUserId(), $this->_messages);
//remove previous autologin cookie if exists
if (isset($_COOKIE[CMS_session::getAutoLoginCookieName()])) {
CMS_session::setCookie(CMS_session::getAutoLoginCookieName());
}
return $this->_result;
} else {
$this->_messages[] = self::AUTH_INVALID_USER;
$this->_result = new Zend_Auth_Result(Zend_Auth_Result::FAILURE, null, $this->_messages);
$this->raiseError("user_id found don't instanciate a valid user object. ID : " . $userId);
}
} else {
$this->_messages[] = self::AUTH_INVALID_CREDENTIALS;
$this->_result = new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, null, $this->_messages);
//wait a little (5 seconds) to avoid multiple simultaneous attempts
sleep(5);
}
}
}
break;
case 'session':
$authStorage = new Zend_Auth_Storage_Session('atm-auth');
$userId = $authStorage->read();
if (io::isPositiveInteger($userId)) {
if (!isset($this->_params['disconnect']) || !$this->_params['disconnect']) {
//check user from session table
if ($this->_checkSession($userId)) {
$this->_user = CMS_profile_usersCatalog::getByID($userId);
if ($this->_user && !$this->_user->hasError() && !$this->_user->isDeleted() && $this->_user->isActive()) {
$this->_messages[] = self::AUTH_VALID_USER_SESSION;
$this->_result = new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $this->_user->getUserId(), $this->_messages);
return $this->_result;
} else {
$this->_messages[] = self::AUTH_INVALID_USER_SESSION;
$this->_result = new Zend_Auth_Result(Zend_Auth_Result::FAILURE, null, $this->_messages);
//clear session content
CMS_session::deleteSession(true);
}
} else {
//clear session content
CMS_session::deleteSession();
}
}
}
break;
case 'cookie':
if (isset($_COOKIE[CMS_session::getAutoLoginCookieName()])) {
if (!isset($this->_params['disconnect']) || !$this->_params['disconnect']) {
if (!$this->_autoLogin()) {
//remove cookie
CMS_session::setCookie(CMS_session::getAutoLoginCookieName());
} else {
return $this->_result;
}
}
}
break;
case 'sso':
if (!(isset($this->_params['login']) && isset($this->_params['password']) && $this->_params['login'] && $this->_params['password'])) {
if (defined('MOD_STANDARD_SSO_LOGIN') && MOD_STANDARD_SSO_LOGIN) {
$this->_user = CMS_profile_usersCatalog::getByLogin(MOD_STANDARD_SSO_LOGIN);
if ($this->_user && !$this->_user->hasError()) {
$this->_messages[] = self::AUTH_SSOLOGIN_VALID;
$this->_result = new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $this->_user->getUserId(), $this->_messages);
return $this->_result;
} else {
$this->_messages[] = self::AUTH_SSOLOGIN_INVALID_USER;
$this->_result = new Zend_Auth_Result(Zend_Auth_Result::FAILURE, null, $this->_messages);
}
} elseif (defined('MOD_STANDARD_SSO_FUNCTION') && MOD_STANDARD_SSO_FUNCTION) {
if (is_callable(MOD_STANDARD_SSO_FUNCTION, false)) {
//check if function/method name exists.
$login = '';
if (io::strpos(MOD_STANDARD_SSO_FUNCTION, '::') !== false) {
//static method call
$method = explode('::', MOD_STANDARD_SSO_FUNCTION);
$login = call_user_func(array($method[0], $method[1]));
} else {
//function call
$login = call_user_func(MOD_STANDARD_SSO_FUNCTION);
}
if ($login) {
$this->_user = CMS_profile_usersCatalog::getByLogin($login);
if ($this->_user && !$this->_user->hasError()) {
$this->_messages[] = self::AUTH_SSOLOGIN_VALID;
$this->_result = new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $this->_user->getUserId(), $this->_messages);
return $this->_result;
} else {
$this->_messages[] = self::AUTH_SSOLOGIN_INVALID_USER;
$this->_result = new Zend_Auth_Result(Zend_Auth_Result::FAILURE, null, $this->_messages);
}
}
} else {
$this->raiseError('Cannot call SSO method/function: ' . MOD_STANDARD_SSO_FUNCTION);
}
}
}
break;
default:
CMS_grandFather::raiseError('Unknown authType: ' . $this->_params['authType']);
break;
}
}
//Nothing found
if (!$this->_result) {
$this->_messages[] = self::AUTH_MISSING_CREDENTIALS;
$this->_result = new Zend_Auth_Result(Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND, null, $this->_messages);
}
return $this->_result;
}
/**
* Sets a cookie given at least its name
* If value is empty, deletes cookie
*
* @param string $name, cookie name
* @param string $value, the value to store
* @param int $expire, represents time in which cookie will expire
* if not set, expires at the end of the session
* @access public
* @static
*/
static function setCookie($name, $value = false, $expire = false)
{
return CMS_session::setCookie($name, $value, $expire);
}
