/**
  * Tries to logon to the FTP server with given id and password
  *
  * @access public
  *
  * @param  string $source Authentication source to be used 
  * @param  string $external_uid    The ID entered
  * @param  string $external_passwd The password of the user
  *
  * @return boolean  True if the authentication was a success, false 
  *                  otherwise
  */
 public function Authenticate($source, $external_uid, $external_passwd)
 {
     $enc = ExternalAuthenticator::getAuthEnc($source);
     $port = ExternalAuthenticator::getAuthPort($source);
     if (is_null($port)) {
         $port = self::$port;
     }
     ExternalAuthenticator::AuthLog($external_uid . '.ftp - Connecting to ' . ExternalAuthenticator::getAuthServer($source) . ' port ' . $port);
     if ($enc == 'ssl') {
         ExternalAuthenticator::AuthLog($external_uid . '.ftp - Connection type is SSL');
         $conn = @ftp_ssl_connect(ExternalAuthenticator::getAuthServer($source), $port);
     } else {
         $conn = @ftp_connect(ExternalAuthenticator::getAuthServer($source), $port);
     }
     if (!$conn) {
         ExternalAuthenticator::AuthLog($external_uid . '.ftp - Connection to server failed');
         ExternalAuthenticator::setAuthMessage(_t('FTP_Authenticator.NoConnect', 'Could not connect to FTP server'));
         return false;
     } else {
         ExternalAuthenticator::AuthLog($external_uid . '.ftp - Connection to server succeeded');
     }
     if (!@ftp_login($conn, $external_uid, $external_passwd)) {
         ExternalAuthenticator::AuthLog($external_uid . '.ftp - User credentials failed at ftp server');
         ftp_close($conn);
         ExternalAuthenticator::setAuthMessage(_t('ExternalAuthenticator.Failed'));
         return false;
     } else {
         ExternalAuthenticator::AuthLog($external_uid . '.ftp - ftp server validated credentials');
         ftp_close($conn);
         return true;
     }
 }
 /**
  * Tries to logon using the credentials in the SilverStripe database
  *
  * @access public
  *
  * @param  string $source Authentication source to be used 
  * @param  string $external_uid    The ID entered
  * @param  string $external_passwd The password of the user
  *
  * @return boolean  True if the authentication was a success, false 
  *                  otherwise
  */
 public function Authenticate($RAW_source, $RAW_external_uid, $RAW_external_passwd)
 {
     $SQL_identity = Convert::raw2sql($RAW_external_uid);
     // Default login (see Security::setDefaultAdmin())
     if (Security::check_default_admin($RAW_external_uid, $RAW_external_passwd)) {
         ExternalAuthenticator::AuthLog($RAW_external_uid . '.sstripe - Logging on with an Administrator account');
         $member = Security::findAnAdministrator();
     } else {
         $SQL_source = Convert::raw2sql($RAW_source);
         ExternalAuthenticator::AuthLog($RAW_external_uid . '.sstripe - Searching for user with source ' . $SQL_source . ' in database');
         $member = DataObject::get_one("Member", "\"Member\".\"External_UserID\" = '{$SQL_identity}'" . " AND \"Member\".\"External_SourceID\" = '{$SQL_source}'" . " AND \"Password\" IS NOT NULL");
         if ($member) {
             ExternalAuthenticator::AuthLog($RAW_external_uid . '.sstripe - User was found in database');
             if ($member->checkPassword($RAW_external_passwd) == false) {
                 ExternalAuthenticator::AuthLog($RAW_external_uid . '.sstripe - Password authentication failed');
                 $member = null;
             } else {
                 ExternalAuthenticator::AuthLog($RAW_external_uid . '.sstripe - Password authentication succeeded');
             }
         } else {
             ExternalAuthenticator::AuthLog($RAW_external_uid . '.sstripe - User was NOT found in database');
         }
     }
     if ($member) {
         return true;
     } else {
         ExternalAuthenticator::setAuthMessage(_t('ExternalAuthenticator.Failed'));
         return false;
     }
 }
 /**
  * Tries to logon to the IMAP server with given id and password
  *
  * @access public
  *
  * @param  string $source Authentication source to be used 
  * @param  string $external_uid    The ID entered
  * @param  string $external_passwd The password of the user
  *
  * @return boolean  True if the authentication was a success, false 
  *                  otherwise
  */
 public function Authenticate($source, $external_uid, $external_passwd)
 {
     $servicetype = ExternalAuthenticator::getOption($source, 'protocol');
     if (is_null($servicetype) || !in_array(strtolower($servicetype), array('imap', 'pop3'))) {
         ExternalAuthenticator::setAuthMessage(_t('IMAP_Authenticator.Protocol', 'Protocol is not set to a valid type'));
         return false;
     }
     $enc = ExternalAuthenticator::getAuthEnc($source);
     $port = ExternalAuthenticator::getAuthPort($source);
     if (is_null($port)) {
         if (is_null($enc)) {
             $port = self::$portlist["{$servicetype}"]['default'];
         } else {
             $port = self::$portlist["{$servicetype}"]["{$enc}"];
         }
     }
     $connectstring = '{' . ExternalAuthenticator::getAuthServer($source);
     $connectstring .= ':' . $port;
     $connectstring .= '/' . $servicetype;
     if (!is_null($enc)) {
         $connectstring .= '/' . $enc;
         $validate = ExternalAuthenticator::getOption($source, 'certnovalidate');
         if (!is_null($validate) || $validate) {
             $connectstring .= '/novalidate-cert';
         }
     } else {
         $connectstring .= '/notls';
     }
     $connectstring .= '}';
     ExternalAuthenticator::AuthLog($external_uid . '.imap - Connect string to server is ' . $connectstring);
     ExternalAuthenticator::AuthLog($external_uid . '.imap - If you get a blank screen and the process end here, check php_imap module');
     $mbox = @imap_open($connectstring, $external_uid, $external_passwd);
     if (!$mbox) {
         ExternalAuthenticator::AuthLog($external_uid . '.imap - ' . imap_last_error());
         ExternalAuthenticator::setAuthMessage(_t('ExternalAuthenticator.Failed'));
         return false;
     } else {
         ExternalAuthenticator::AuthLog($external_uid . '.imap - imap_open returned mailbox handle');
         @imap_close($mbox);
         return true;
     }
 }
 /**
  * Tries to logon to the LDAP server with given id and password
  *
  * @access public
  *
  * @param string $source          The Authentication source to be used
  * @param string $external_anchor The ID entered
  * @param string $external_passwd The password of the user
  *
  * @return mixed    Account details if succesful , false if not 
  */
 public function Authenticate($source, $external_anchor, $external_passwd)
 {
     // A password should have some lenght. An empty password will result
     // in a succesfull anonymous bind. A password should not be all spaces
     if (strlen(trim($external_passwd)) == 0) {
         ExternalAuthenticator::setAuthMessage(_t('LDAP_Authenticator.NoPasswd', 'Please enter a password'));
         return false;
     }
     // Do we support password expiration?
     $expire = ExternalAuthenticator::getOption($source, 'passwd_expiration');
     $result = self::Connect($source, $external_anchor);
     if (is_string($result)) {
         ExternalAuthenticator::setAuthMessage($result);
         return false;
     }
     $dn = self::findDN($source, ExternalAuthenticator::getOption($source, 'attribute'), $external_anchor);
     if (is_bool($dn)) {
         @ldap_close(self::$ds);
         ExternalAuthenticator::setAuthMessage(_t('ExternalAuthenticator.Failed'));
         return false;
     }
     // Restore the default error handler. We dont want a red bordered
     // screen on error, but a civilized message to the user
     restore_error_handler();
     $success = false;
     //Initialize the result of the authentication
     ExternalAuthenticator::AuthLog($external_anchor . '.ldap - Binding to LDAP as ' . $dn);
     $bind = @ldap_bind(self::$ds, $dn, $external_passwd);
     if ($bind != false) {
         ExternalAuthenticator::AuthLog($external_anchor . '.ldap - LDAP accepted password for ' . $dn);
         $accountdetails = self::lookupDetails($source, $dn, $external_anchor);
         if (!is_null($expire) && $expire) {
             ExternalAuthenticator::AuthLog($external_anchor . '.ldap - Check if password has expired');
             // Reset the SilverStripe error handler
             Debug::loadErrorHandlers();
             // Do some calculations on the attributes to convert them
             // to the interval [now]-[expires at]
             if ($accountdetails['shadowmax']['value'] && $accountdetails['shadowlastchange']['value'] && $accountdetails['shadowwarning']['value']) {
                 $today = floor(time() / 86400);
                 $warnday = $accountdetails['shadowlastchange']['value'] + $accountdetails['shadowmax']['value'] - $accountdetails['shadowwarning']['value'];
                 $toexpire = $accountdetails['shadowlastchange']['value'] + $accountdetails['shadowmax']['value'] - $today;
                 ExternalAuthenticator::AuthLog($external_anchor . '.ldap - ' . $toexpire . ' before password expires ' . $towarn . ' days before warning');
                 // Out of luck. His password has expired.
                 if ($toexpire < 0) {
                     ExternalAuthenticator::setAuthMessage(_t('LDAP_Authenticator.Expired', 'Your password has expired'));
                     ExternalAuthenticator::AuthLog($external_anchor . '.ldap - LDAP Authentication FAILED due to expired password');
                 } else {
                     ExternalAuthenticator::AuthLog($external_anchor . '.ldap - LDAP Authentication success');
                     $success = array('firstname' => $accountdetails['firstname']['value'], 'surname' => $accountdetails['surname']['value'], 'email' => $accountdetails['email']['value'], 'group' => $accountdetails['group']['value']);
                     // Lets be civilized and warn the user that he should
                     // change his password soon
                     if ($today >= $warnday) {
                         ExternalAuthenticator::setAuthMessage(sprintf(_t('LDAP_Authenticator.WillExpire', 'Your password expires in %d days'), $toexpire));
                     }
                 }
             } else {
                 ExternalAuthenticator::AuthLog($external_anchor . '.ldap - LDAP password expiry enabled, but attributes not set; IGNORING');
                 ExternalAuthenticator::AuthLog($external_anchor . '.ldap - LDAP Authentication success');
                 $success = array('firstname' => $accountdetails['firstname']['value'], 'surname' => $accountdetails['surname']['value'], 'email' => $accountdetails['email']['value'], 'group' => $accountdetails['group']['value']);
             }
         } else {
             ExternalAuthenticator::AuthLog($external_anchor . '.ldap - Password expiry not enabled');
             // Reset the SilverStripe error handler
             Debug::loadErrorHandlers();
             ExternalAuthenticator::AuthLog($external_anchor . '.ldap - LDAP Authentication success');
             $success = array('firstname' => $accountdetails['firstname']['value'], 'surname' => $accountdetails['surname']['value'], 'email' => $accountdetails['email']['value'], 'group' => $accountdetails['group']['value']);
         }
     } else {
         // Reset the SilverStripe error handler
         Debug::loadErrorHandlers();
         ExternalAuthenticator::AuthLog($external_anchor . '.ldap - LDAP authentication for ' . $dn . ' failed');
         ExternalAuthenticator::setAuthMessage(_t('ExternalAuthenticator.Failed'));
         $success = false;
     }
     @ldap_close(self::$ds);
     return $success;
 }
 /**
  * Tries to logon to the HTTP server with given id and password
  *
  * @access public
  *
  * @param  string $source Authentication source to be used 
  * @param  string $external_uid    The ID entered
  * @param  string $external_passwd The password of the user
  *
  * @return boolean  True if the authentication was a success, false 
  *                  otherwise
  */
 public function Authenticate($source, $external_uid, $external_passwd)
 {
     require_once 'HTTP/Request.php';
     // Set some default HTTP request options
     $request_options['method'] = 'GET';
     $request_options['timeout'] = 5;
     $request_options['allowRedirects'] = true;
     $enc = ExternalAuthenticator::getAuthEnc($source);
     $port = ExternalAuthenticator::getAuthPort($source);
     $folder = ExternalAuthenticator::getOption($source, 'folder');
     $proxy = ExternalAuthenticator::getOption($source, 'proxy');
     $proxy_port = ExternalAuthenticator::getOption($source, 'proxy_port');
     $proxy_user = ExternalAuthenticator::getOption($source, 'proxy_user');
     $proxy_pass = ExternalAuthenticator::getOption($source, 'proxy_pass');
     if (!is_null($proxy) && !is_null($proxy_port)) {
         ExternalAuthenticator::AuthLog($external_uid . '.http - Proxy is set to ' . $proxy . ':' . $proxy_port);
         $request_options['proxy_host'] = $proxy;
         $request_options['proxy_port'] = $proxy_port;
     } else {
         ExternalAuthenticator::AuthLog($external_uid . '.http - Proxy is not set');
     }
     if (!is_null($proxy_user)) {
         ExternalAuthenticator::AuthLog($external_uid . '.http - Proxy user is set to ' . $proxy_user);
         $request_options['proxy_user'] = $proxy_user;
         if (!is_null($proxy_pass)) {
             ExternalAuthenticator::AuthLog($external_uid . '.http - Proxy password is set');
             $request_options['proxy_pass'] = $proxy_pass;
         } else {
             ExternalAuthenticator::AuthLog($external_uid . '.http - Proxy password is NOT set');
         }
     } else {
         ExternalAuthenticator::AuthLog($external_uid . '.http - Proxy user is NOT set');
     }
     if ($enc == 'ssl') {
         $url = 'https://';
     } else {
         $url = 'http://';
     }
     $url .= ExternalAuthenticator::getAuthServer($source);
     if (!is_null($port)) {
         $url .= ':' . $port;
     }
     if (!is_null($folder)) {
         $url .= $folder;
     }
     ExternalAuthenticator::AuthLog($external_uid . '.http - Authentication URL is set to ' . $url);
     $request = new HTTP_Request($url, $request_options);
     $request->setBasicAuth($external_uid, $external_passwd);
     ExternalAuthenticator::AuthLog($external_uid . '.http - Sending authentication request');
     $request->sendRequest();
     // HTTP code 200 means everything is OK
     if ($request->getResponseCode() == 200) {
         ExternalAuthenticator::AuthLog($external_uid . '.http - Remote server returned code 200');
         return true;
     } else {
         ExternalAuthenticator::AuthLog($external_uid . '.http - Authentication failed with HTTP code ' . $request->getResponseCode());
         ExternalAuthenticator::setAuthMessage(_t('ExternalAuthenticator.Failed'));
         return false;
     }
 }