/** * Main method to process current row returned by getNextRow() method. * You may throw an exception if something goes wrong. It will be logged but won't break the import process * @param mixed $row Depending on your data format, can be DOMNode, SimpleXMLIterator, SimpleXMLElement, CSV row... */ public function process($row) { $contentOptions = new SQLIContentOptions(array('class_identifier' => 'user', 'remote_id' => (string) $row->login)); $content = SQLIContent::create($contentOptions); $content->fields->first_name = (string) $row->firstName; $content->fields->last_name = (string) $row->lastName; $userParts = array((string) $row->login, (string) $row->email); //password management : if empty, generate it, use custom default or fixed default $password = $row->password; if (!$password) { if (isset($this->options->generate_password) && $this->options->generate_password) { $password = eZUser::createPassword(6); } elseif (isset($this->options->default_password) && $this->options->default_password) { $password = $this->options->default_password; } else { $password = '******'; } } $userParts[] = $password; $userParts[] = eZUser::createHash((string) $row->login, $password, eZUser::site(), eZUser::hashType()); $userParts[] = eZUser::hashType(); $content->fields->user_account = implode('|', $userParts); // Now publish content $content->addLocation(SQLILocation::fromNodeID($this->handlerConfArray['DefaultParentNodeID'])); $publisher = SQLIContentPublisher::getInstance(); $publisher->publish($content); // Free some memory. Internal methods eZContentObject::clearCache() and eZContentObject::resetDataMap() will be called // @see SQLIContent::__destruct() unset($content); $this->csv->rows->next(); }
static function authenticateHash($user, $password, $site, $type, $hash) { return eZUser::createHash($user, $password, $site, $type, $hash) === (string) $hash; }
static function loginUser($login, $password, $authenticationMatch = false) { $http = eZHTTPTool::instance(); $db = eZDB::instance(); if ($authenticationMatch === false) { $authenticationMatch = eZUser::authenticationMatch(); } $loginEscaped = $db->escapeString($login); $passwordEscaped = $db->escapeString($password); $loginArray = array(); if ($authenticationMatch & eZUser::AUTHENTICATE_LOGIN) { $loginArray[] = "login='******'"; } if ($authenticationMatch & eZUser::AUTHENTICATE_EMAIL) { $loginArray[] = "email='{$loginEscaped}'"; } if (count($loginArray) == 0) { $loginArray[] = "login='******'"; } $loginText = implode(' OR ', $loginArray); $contentObjectStatus = eZContentObject::STATUS_PUBLISHED; $ini = eZINI::instance(); $textFileIni = eZINI::instance('textfile.ini'); $databaseName = $db->databaseName(); // if mysql if ($databaseName === 'mysql') { $query = "SELECT contentobject_id, password_hash, password_hash_type, email, login\n FROM ezuser, ezcontentobject\n WHERE ( {$loginText} ) AND\n ezcontentobject.status='{$contentObjectStatus}' AND\n ( ezcontentobject.id=contentobject_id OR ( password_hash_type=4 AND ( {$loginText} ) AND password_hash=PASSWORD('{$passwordEscaped}') ) )"; } else { $query = "SELECT contentobject_id, password_hash, password_hash_type, email, login\n FROM ezuser, ezcontentobject\n WHERE ( {$loginText} ) AND\n ezcontentobject.status='{$contentObjectStatus}' AND\n ezcontentobject.id=contentobject_id"; } $users = $db->arrayQuery($query); $exists = false; if (count($users) >= 1) { foreach ($users as $userRow) { $userID = $userRow['contentobject_id']; $hashType = $userRow['password_hash_type']; $hash = $userRow['password_hash']; $exists = eZUser::authenticateHash($userRow['login'], $password, eZUser::site(), $hashType, $hash); // If hash type is MySql if ($hashType == eZUser::PASSWORD_HASH_MYSQL and $databaseName === 'mysql') { $queryMysqlUser = "******"; $mysqlUsers = $db->arrayQuery($queryMysqlUser); if (count($mysqlUsers) >= 1) { $exists = true; } } eZDebugSetting::writeDebug('kernel-user', eZUser::createHash($userRow['login'], $password, eZUser::site(), $hashType), "check hash"); eZDebugSetting::writeDebug('kernel-user', $hash, "stored hash"); // If current user has been disabled after a few failed login attempts. $canLogin = eZUser::isEnabledAfterFailedLogin($userID); if ($exists) { // We should store userID for warning message. $GLOBALS['eZFailedLoginAttemptUserID'] = $userID; $userSetting = eZUserSetting::fetch($userID); $isEnabled = $userSetting->attribute("is_enabled"); if ($hashType != eZUser::hashType() and strtolower($ini->variable('UserSettings', 'UpdateHash')) == 'true') { $hashType = eZUser::hashType(); $hash = eZUser::createHash($login, $password, eZUser::site(), $hashType); $db->query("UPDATE ezuser SET password_hash='{$hash}', password_hash_type='{$hashType}' WHERE contentobject_id='{$userID}'"); } break; } } } if ($exists and $isEnabled and $canLogin) { eZDebugSetting::writeDebug('kernel-user', $userRow, 'user row'); $user = new eZUser($userRow); eZDebugSetting::writeDebug('kernel-user', $user, 'user'); $userID = $user->attribute('contentobject_id'); eZUser::updateLastVisit($userID); eZUser::setCurrentlyLoggedInUser($user, $userID); // Reset number of failed login attempts eZUser::setFailedLoginAttempts($userID, 0); return $user; } else { if ($textFileIni->variable('TextFileSettings', 'TextFileEnabled') == "true") { $fileName = $textFileIni->variable('TextFileSettings', 'FileName'); $filePath = $textFileIni->variable('TextFileSettings', 'FilePath'); $defaultUserPlacement = $ini->variable("UserSettings", "DefaultUserPlacement"); $separator = $textFileIni->variable("TextFileSettings", "FileFieldSeparator"); $loginColumnNr = $textFileIni->variable("TextFileSettings", "LoginAttribute"); $passwordColumnNr = $textFileIni->variable("TextFileSettings", "PasswordAttribute"); $emailColumnNr = $textFileIni->variable("TextFileSettings", "EmailAttribute"); $lastNameColumnNr = $textFileIni->variable("TextFileSettings", "LastNameAttribute"); $firstNameColumnNr = $textFileIni->variable("TextFileSettings", "FirstNameAttribute"); if ($textFileIni->hasVariable('TextFileSettings', 'DefaultUserGroupType')) { $UserGroupType = $textFileIni->variable('TextFileSettings', 'DefaultUserGroupType'); $UserGroup = $textFileIni->variable('TextFileSettings', 'DefaultUserGroup'); } if ($UserGroupType != null) { if ($UserGroupType == "name") { $groupName = $UserGroup; $groupQuery = "SELECT ezcontentobject_tree.node_id\n FROM ezcontentobject, ezcontentobject_tree\n WHERE ezcontentobject.name='{$groupName}'\n AND ezcontentobject.id=ezcontentobject_tree.contentobject_id"; $groupObject = $db->arrayQuery($groupQuery); if (count($groupObject) > 0) { $defaultUserPlacement = $groupObject[0]['node_id']; } } else { if ($UserGroupType == "id") { $groupID = $UserGroup; $groupQuery = "SELECT ezcontentobject_tree.node_id\n FROM ezcontentobject, ezcontentobject_tree\n WHERE ezcontentobject.id='{$groupID}'\n AND ezcontentobject.id=ezcontentobject_tree.contentobject_id"; $groupObject = $db->arrayQuery($groupQuery); if (count($groupObject) > 0) { $defaultUserPlacement = $groupObject[0]['node_id']; } } } } if ($filePath != "root" and $filePath != null) { $fileName = $filePath . "/" . $fileName; } if (file_exists($fileName)) { $handle = fopen($fileName, "r"); } else { // Increase number of failed login attempts. if (isset($userID)) { eZUser::setFailedLoginAttempts($userID); } return false; } while (!feof($handle)) { $line = trim(fgets($handle, 4096)); if ($line === '') { continue; } if ($separator == "tab") { $userArray = explode("\t", $line); } else { $userArray = explode($separator, $line); } $uid = $userArray[$loginColumnNr - 1]; $email = $userArray[$emailColumnNr - 1]; $pass = $userArray[$passwordColumnNr - 1]; $firstName = $userArray[$firstNameColumnNr - 1]; $lastName = $userArray[$lastNameColumnNr - 1]; if ($login == $uid) { if (trim($pass) == $password) { $createNewUser = true; $existUser = eZUser::fetchByName($login); if ($existUser != null) { $createNewUser = false; } if ($createNewUser) { $userClassID = $ini->variable("UserSettings", "UserClassID"); $userCreatorID = $ini->variable("UserSettings", "UserCreatorID"); $defaultSectionID = $ini->variable("UserSettings", "DefaultSectionID"); $remoteID = "TextFile_" . $login; $db->begin(); // The content object may already exist if this process has failed once before, before the eZUser object was created. // Therefore we try to fetch the eZContentObject before instantiating it. $contentObject = eZContentObject::fetchByRemoteID($remoteID); if (!is_object($contentObject)) { $class = eZContentClass::fetch($userClassID); $contentObject = $class->instantiate($userCreatorID, $defaultSectionID); } $contentObject->setAttribute('remote_id', $remoteID); $contentObject->store(); $contentObjectID = $contentObject->attribute('id'); $userID = $contentObjectID; $nodeAssignment = eZNodeAssignment::create(array('contentobject_id' => $contentObjectID, 'contentobject_version' => 1, 'parent_node' => $defaultUserPlacement, 'is_main' => 1)); $nodeAssignment->store(); $version = $contentObject->version(1); $version->setAttribute('modified', time()); $version->setAttribute('status', eZContentObjectVersion::STATUS_DRAFT); $version->store(); $contentObjectID = $contentObject->attribute('id'); $contentObjectAttributes = $version->contentObjectAttributes(); $contentObjectAttributes[0]->setAttribute('data_text', $firstName); $contentObjectAttributes[0]->store(); $contentObjectAttributes[1]->setAttribute('data_text', $lastName); $contentObjectAttributes[1]->store(); $user = eZUser::create($userID); $user->setAttribute('login', $login); $user->setAttribute('email', $email); $user->setAttribute('password_hash', ""); $user->setAttribute('password_hash_type', 0); $user->store(); eZUser::updateLastVisit($userID); eZUser::setCurrentlyLoggedInUser($user, $userID); // Reset number of failed login attempts eZUser::setFailedLoginAttempts($userID, 0); $operationResult = eZOperationHandler::execute('content', 'publish', array('object_id' => $contentObjectID, 'version' => 1)); $db->commit(); return $user; } else { $db->begin(); // Update user information $userID = $existUser->attribute('contentobject_id'); $contentObject = eZContentObject::fetch($userID); $parentNodeID = $contentObject->attribute('main_parent_node_id'); $currentVersion = $contentObject->attribute('current_version'); $version = $contentObject->attribute('current'); $contentObjectAttributes = $version->contentObjectAttributes(); $contentObjectAttributes[0]->setAttribute('data_text', $firstName); $contentObjectAttributes[0]->store(); $contentObjectAttributes[1]->setAttribute('data_text', $lastName); $contentObjectAttributes[1]->store(); $existUser = eZUser::fetch($userID); $existUser->setAttribute('email', $email); $existUser->setAttribute('password_hash', ""); $existUser->setAttribute('password_hash_type', 0); $existUser->store(); if ($defaultUserPlacement != $parentNodeID) { $newVersion = $contentObject->createNewVersion(); $newVersion->assignToNode($defaultUserPlacement, 1); $newVersion->removeAssignment($parentNodeID); $newVersionNr = $newVersion->attribute('version'); $operationResult = eZOperationHandler::execute('content', 'publish', array('object_id' => $userID, 'version' => $newVersionNr)); } eZUser::updateLastVisit($userID); eZUser::setCurrentlyLoggedInUser($existUser, $userID); // Reset number of failed login attempts eZUser::setFailedLoginAttempts($userID, 0); $db->commit(); return $existUser; } } else { // Increase number of failed login attempts. if (isset($userID)) { eZUser::setFailedLoginAttempts($userID); } return false; } } } fclose($handle); } } // Increase number of failed login attempts. if (isset($userID)) { eZUser::setFailedLoginAttempts($userID); } return false; }
/** * Unit test for eZUser::createHash() * @dataProvider hashDataProvider */ public function testCreateHash($user, $password, $site, $type, $hash, $expected) { $this->assertSame($expected, eZUser::createHash($user, $password, $site, $type, $hash)); }
/** * Imports a value to an attribute adapting it to the proper type. * Not written by me, downloaded from ez.no! Extended it only! * @param data The value (string/int/float). * @param contentObjectAttribute The attribute to modify. */ function importAttribute($data, &$contentObjectAttribute) { $contentClassAttribute = $contentObjectAttribute->attribute('contentclass_attribute'); $dataTypeString = $contentClassAttribute->attribute('data_type_string'); ezDebug::writeDebug("Converting " . $data . " to expected " . $dataTypeString); switch ($dataTypeString) { case 'ezfloat': case 'ezprice': $contentObjectAttribute->setAttribute('data_float', $data); $contentObjectAttribute->store(); break; case 'ezboolean': case 'ezdate': case 'ezdatetime': case 'ezinteger': case 'ezsubtreesubscription': case 'eztime': $contentObjectAttribute->setAttribute('data_int', $data); $contentObjectAttribute->store(); break; case 'ezobjectrelation': // $data is contentobject_id to relate to // $oldData = $contentObjectAttribute->attribute( 'data_int' ); $contentObjectAttribute->setAttribute('data_int', $data); $contentObjectAttribute->store(); $object = $contentObjectAttribute->object(); $contentObjectVersion = $contentObjectAttribute->attribute('version'); $contentClassAttributeID = $contentObjectAttribute->attribute('contentclassattribute_id'); // Problem with translations if removing old relations ?! // $object->removeContentObjectRelation( $oldData, $contentObjectVersion, $contentClassAttributeID, eZContentObject::RELATION_ATTRIBUTE ); $object->addContentObjectRelation($data, $contentObjectVersion, $contentClassAttributeID, RELATION_ATTRIBUTE); break; case 'ezurl': $urlID = eZURL::registerURL($data); $contentObjectAttribute->setAttribute('data_int', $urlID); // Fall through to set data_text // Fall through to set data_text case 'ezemail': case 'ezisbn': case 'ezstring': case 'eztext': $contentObjectAttribute->setAttribute('data_text', $data); $contentObjectAttribute->store(); break; case 'ezxmltext': /* $parser = new eZXMLInputParser(); $document = $parser->process( $data ); $data = eZXMLTextType::domString( $document ); $contentObjectAttribute->fromString( $data );*/ $contentObjectAttribute->setAttribute('data_text', $data); $contentObjectAttribute->store(); break; // case 'ezimage': // $this->saveImage( $data, $contentObjectAttribute ); // break; // case 'ezbinaryfile': // $this->saveFile( $data, $contentObjectAttribute ); // break; // case 'ezenum': //removed enum - function can be found at ez.no // break; // case 'ezimage': // $this->saveImage( $data, $contentObjectAttribute ); // break; // case 'ezbinaryfile': // $this->saveFile( $data, $contentObjectAttribute ); // break; // case 'ezenum': //removed enum - function can be found at ez.no // break; case 'ezuser': // $data is assumed to be an associative array( login, password, email ); $user = new eZUser($contentObjectAttribute->attribute('contentobject_id')); if (isset($data['login'])) { $user->setAttribute('login', $data['login']); } if (isset($data['email'])) { $user->setAttribute('email', $data['email']); } if (isset($data['password'])) { $hashType = eZUser::hashType() . ''; $newHash = $user->createHash($data['login'], $data['password'], eZUser::site(), $hashType); $user->setAttribute('password_hash_type', $hashType); $user->setAttribute('password_hash', $newHash); } $user->store(); break; default: die('Can not store ' . $data . ' as datatype: ' . $dataTypeString); } }
static function loginUser($login, $password, $authenticationMatch = false) { $http = eZHTTPTool::instance(); $db = eZDB::instance(); if ($authenticationMatch === false) { $authenticationMatch = eZUser::authenticationMatch(); } $loginEscaped = $db->escapeString($login); $passwordEscaped = $db->escapeString($password); $loginLdapEscaped = self::ldap_escape($login); $loginArray = array(); if ($authenticationMatch & eZUser::AUTHENTICATE_LOGIN) { $loginArray[] = "login='******'"; } if ($authenticationMatch & eZUser::AUTHENTICATE_EMAIL) { $loginArray[] = "email='{$loginEscaped}'"; } if (count($loginArray) == 0) { $loginArray[] = "login='******'"; } $loginText = implode(' OR ', $loginArray); $contentObjectStatus = eZContentObject::STATUS_PUBLISHED; $ini = eZINI::instance(); $LDAPIni = eZINI::instance('ldap.ini'); $databaseName = $db->databaseName(); // if mysql if ($databaseName === 'mysql') { $query = "SELECT contentobject_id, password_hash, password_hash_type, email, login\n FROM ezuser, ezcontentobject\n WHERE ( {$loginText} ) AND\n ezcontentobject.status='{$contentObjectStatus}' AND\n ( ezcontentobject.id=contentobject_id OR ( password_hash_type=4 AND ( {$loginText} ) AND password_hash=PASSWORD('{$passwordEscaped}') ) )"; } else { $query = "SELECT contentobject_id, password_hash, password_hash_type, email, login\n FROM ezuser, ezcontentobject\n WHERE ( {$loginText} ) AND\n ezcontentobject.status='{$contentObjectStatus}' AND\n ezcontentobject.id=contentobject_id"; } $users = $db->arrayQuery($query); $exists = false; if (count($users) >= 1) { foreach ($users as $userRow) { $userID = $userRow['contentobject_id']; $hashType = $userRow['password_hash_type']; $hash = $userRow['password_hash']; $exists = eZUser::authenticateHash($userRow['login'], $password, eZUser::site(), $hashType, $hash); // If hash type is MySql if ($hashType == eZUser::PASSWORD_HASH_MYSQL and $databaseName === 'mysql') { $queryMysqlUser = "******"; $mysqlUsers = $db->arrayQuery($queryMysqlUser); if (count($mysqlUsers) >= 1) { $exists = true; } } eZDebugSetting::writeDebug('kernel-user', eZUser::createHash($userRow['login'], $password, eZUser::site(), $hashType), "check hash"); eZDebugSetting::writeDebug('kernel-user', $hash, "stored hash"); // If current user has been disabled after a few failed login attempts. $canLogin = eZUser::isEnabledAfterFailedLogin($userID); if ($exists) { // We should store userID for warning message. $GLOBALS['eZFailedLoginAttemptUserID'] = $userID; $userSetting = eZUserSetting::fetch($userID); $isEnabled = $userSetting->attribute("is_enabled"); if ($hashType != eZUser::hashType() and strtolower($ini->variable('UserSettings', 'UpdateHash')) == 'true') { $hashType = eZUser::hashType(); $hash = eZUser::createHash($login, $password, eZUser::site(), $hashType); $db->query("UPDATE ezuser SET password_hash='{$hash}', password_hash_type='{$hashType}' WHERE contentobject_id='{$userID}'"); } break; } } } if ($exists and $isEnabled and $canLogin) { eZDebugSetting::writeDebug('kernel-user', $userRow, 'user row'); $user = new eZUser($userRow); eZDebugSetting::writeDebug('kernel-user', $user, 'user'); $userID = $user->attribute('contentobject_id'); eZUser::updateLastVisit($userID); eZUser::setCurrentlyLoggedInUser($user, $userID); // Reset number of failed login attempts eZUser::setFailedLoginAttempts($userID, 0); return $user; } else { if ($LDAPIni->variable('LDAPSettings', 'LDAPEnabled') === 'true') { // read LDAP ini settings // and then try to bind to the ldap server $LDAPDebugTrace = $LDAPIni->variable('LDAPSettings', 'LDAPDebugTrace') === 'enabled'; $LDAPVersion = $LDAPIni->variable('LDAPSettings', 'LDAPVersion'); $LDAPServer = $LDAPIni->variable('LDAPSettings', 'LDAPServer'); $LDAPPort = $LDAPIni->variable('LDAPSettings', 'LDAPPort'); $LDAPFollowReferrals = (int) $LDAPIni->variable('LDAPSettings', 'LDAPFollowReferrals'); $LDAPBaseDN = $LDAPIni->variable('LDAPSettings', 'LDAPBaseDn'); $LDAPBindUser = $LDAPIni->variable('LDAPSettings', 'LDAPBindUser'); $LDAPBindPassword = $LDAPIni->variable('LDAPSettings', 'LDAPBindPassword'); $LDAPSearchScope = $LDAPIni->variable('LDAPSettings', 'LDAPSearchScope'); $LDAPLoginAttribute = strtolower($LDAPIni->variable('LDAPSettings', 'LDAPLoginAttribute')); $LDAPFirstNameAttribute = strtolower($LDAPIni->variable('LDAPSettings', 'LDAPFirstNameAttribute')); $LDAPFirstNameIsCN = $LDAPIni->variable('LDAPSettings', 'LDAPFirstNameIsCommonName') === 'true'; $LDAPLastNameAttribute = strtolower($LDAPIni->variable('LDAPSettings', 'LDAPLastNameAttribute')); $LDAPEmailAttribute = strtolower($LDAPIni->variable('LDAPSettings', 'LDAPEmailAttribute')); $defaultUserPlacement = $ini->variable("UserSettings", "DefaultUserPlacement"); $LDAPUserGroupAttributeType = strtolower($LDAPIni->variable('LDAPSettings', 'LDAPUserGroupAttributeType')); $LDAPUserGroupAttribute = strtolower($LDAPIni->variable('LDAPSettings', 'LDAPUserGroupAttribute')); if ($LDAPIni->hasVariable('LDAPSettings', 'Utf8Encoding')) { $Utf8Encoding = $LDAPIni->variable('LDAPSettings', 'Utf8Encoding'); if ($Utf8Encoding == "true") { $isUtf8Encoding = true; } else { $isUtf8Encoding = false; } } else { $isUtf8Encoding = false; } if ($LDAPIni->hasVariable('LDAPSettings', 'LDAPSearchFilters')) { $LDAPFilters = $LDAPIni->variable('LDAPSettings', 'LDAPSearchFilters'); } if ($LDAPIni->hasVariable('LDAPSettings', 'LDAPUserGroupType') and $LDAPIni->hasVariable('LDAPSettings', 'LDAPUserGroup')) { $LDAPUserGroupType = $LDAPIni->variable('LDAPSettings', 'LDAPUserGroupType'); $LDAPUserGroup = $LDAPIni->variable('LDAPSettings', 'LDAPUserGroup'); } $LDAPFilter = "( &"; if (count($LDAPFilters) > 0) { foreach (array_keys($LDAPFilters) as $key) { $LDAPFilter .= "(" . $LDAPFilters[$key] . ")"; } } $LDAPEqualSign = trim($LDAPIni->variable('LDAPSettings', "LDAPEqualSign")); $LDAPBaseDN = str_replace($LDAPEqualSign, "=", $LDAPBaseDN); $LDAPFilter = str_replace($LDAPEqualSign, "=", $LDAPFilter); $LDAPBindUser = str_replace($LDAPEqualSign, "=", $LDAPBindUser); if ($LDAPDebugTrace) { $debugArray = array('stage' => '1/5: Connecting and Binding to LDAP server', 'LDAPServer' => $LDAPServer, 'LDAPPort' => $LDAPPort, 'LDAPBindUser' => $LDAPBindUser, 'LDAPVersion' => $LDAPVersion); // Set debug trace mode for ldap connections if (function_exists('ldap_set_option')) { ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7); } eZDebug::writeNotice(var_export($debugArray, true), __METHOD__); } if (function_exists('ldap_connect')) { $ds = ldap_connect($LDAPServer, $LDAPPort); } else { $ds = false; } if ($ds) { ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $LDAPVersion); ldap_set_option($ds, LDAP_OPT_REFERRALS, $LDAPFollowReferrals); if ($LDAPBindUser == '') { $r = ldap_bind($ds); } else { $r = ldap_bind($ds, $LDAPBindUser, $LDAPBindPassword); } if (!$r) { // Increase number of failed login attempts. eZDebug::writeError('Cannot bind to LDAP server, might be something wronge with connetion or bind user!', __METHOD__); if (isset($userID)) { eZUser::setFailedLoginAttempts($userID); } $user = false; return $user; } $LDAPFilter .= "({$LDAPLoginAttribute}={$loginLdapEscaped})"; $LDAPFilter .= ")"; ldap_set_option($ds, LDAP_OPT_SIZELIMIT, 0); ldap_set_option($ds, LDAP_OPT_TIMELIMIT, 0); $retrieveAttributes = array($LDAPLoginAttribute, $LDAPFirstNameAttribute, $LDAPLastNameAttribute, $LDAPEmailAttribute); if ($LDAPUserGroupAttributeType) { $retrieveAttributes[] = $LDAPUserGroupAttribute; } if ($LDAPDebugTrace) { $debugArray = array('stage' => '2/5: finding user', 'LDAPFilter' => $LDAPFilter, 'retrieveAttributes' => $retrieveAttributes, 'LDAPSearchScope' => $LDAPSearchScope, 'LDAPBaseDN' => $LDAPBaseDN); eZDebug::writeNotice(var_export($debugArray, true), __METHOD__); } if ($LDAPSearchScope == "one") { $sr = ldap_list($ds, $LDAPBaseDN, $LDAPFilter, $retrieveAttributes); } else { if ($LDAPSearchScope == "base") { $sr = ldap_read($ds, $LDAPBaseDN, $LDAPFilter, $retrieveAttributes); } else { $sr = ldap_search($ds, $LDAPBaseDN, $LDAPFilter, $retrieveAttributes); } } $info = ldap_get_entries($ds, $sr); if ($info['count'] > 1) { // More than one user with same uid, not allow login. eZDebug::writeWarning('More then one user with same uid, not allowed to login!', __METHOD__); $user = false; return $user; } else { if ($info['count'] < 1) { // Increase number of failed login attempts. if (isset($userID)) { eZUser::setFailedLoginAttempts($userID); } // user DN was not found eZDebug::writeWarning('User DN was not found!', __METHOD__); $user = false; return $user; } else { if ($LDAPDebugTrace) { $debugArray = array('stage' => '3/5: real authentication of user', 'info' => $info); eZDebug::writeNotice(var_export($debugArray, true), __METHOD__); } } } if (!$password) { $password = crypt(microtime()); } // is it real authenticated LDAP user? if (!@ldap_bind($ds, $info[0]['dn'], $password)) { // Increase number of failed login attempts. if (isset($userID)) { eZUser::setFailedLoginAttempts($userID); } eZDebug::writeWarning("User {$userID} failed to login!", __METHOD__); $user = false; return $user; } $extraNodeAssignments = array(); $userGroupClassID = $ini->variable("UserSettings", "UserGroupClassID"); // default user group assigning if ($LDAPUserGroupType != null) { if ($LDAPUserGroupType == "name") { if (is_array($LDAPUserGroup)) { foreach (array_keys($LDAPUserGroup) as $key) { $groupName = $db->escapeString($LDAPUserGroup[$key]); $groupQuery = "SELECT ezcontentobject_tree.node_id\n FROM ezcontentobject, ezcontentobject_tree\n WHERE ezcontentobject.name like '{$groupName}'\n AND ezcontentobject.id=ezcontentobject_tree.contentobject_id\n AND ezcontentobject.contentclass_id={$userGroupClassID}"; $groupObject = $db->arrayQuery($groupQuery); if (count($groupObject) > 0 and $key == 0) { $defaultUserPlacement = $groupObject[0]['node_id']; } else { if (count($groupObject) > 0) { $extraNodeAssignments[] = $groupObject[0]['node_id']; } } } } else { $groupName = $db->escapeString($LDAPUserGroup); $groupQuery = "SELECT ezcontentobject_tree.node_id\n FROM ezcontentobject, ezcontentobject_tree\n WHERE ezcontentobject.name like '{$groupName}'\n AND ezcontentobject.id=ezcontentobject_tree.contentobject_id\n AND ezcontentobject.contentclass_id={$userGroupClassID}"; $groupObject = $db->arrayQuery($groupQuery); if (count($groupObject) > 0) { $defaultUserPlacement = $groupObject[0]['node_id']; } } } else { if ($LDAPUserGroupType == "id") { if (is_array($LDAPUserGroup)) { foreach (array_keys($LDAPUserGroup) as $key) { $groupID = $LDAPUserGroup[$key]; $groupQuery = "SELECT ezcontentobject_tree.node_id\n FROM ezcontentobject, ezcontentobject_tree\n WHERE ezcontentobject.id='{$groupID}'\n AND ezcontentobject.id=ezcontentobject_tree.contentobject_id\n AND ezcontentobject.contentclass_id={$userGroupClassID}"; $groupObject = $db->arrayQuery($groupQuery); if (count($groupObject) > 0 and $key == 0) { $defaultUserPlacement = $groupObject[0]['node_id']; } else { if (count($groupObject) > 0) { $extraNodeAssignments[] = $groupObject[0]['node_id']; } } } } else { $groupID = $LDAPUserGroup; $groupQuery = "SELECT ezcontentobject_tree.node_id\n FROM ezcontentobject, ezcontentobject_tree\n WHERE ezcontentobject.id='{$groupID}'\n AND ezcontentobject.id=ezcontentobject_tree.contentobject_id\n AND ezcontentobject.contentclass_id={$userGroupClassID}"; $groupObject = $db->arrayQuery($groupQuery); if (count($groupObject) > 0) { $defaultUserPlacement = $groupObject[0]['node_id']; } } } } } // read group mapping LDAP settings $LDAPGroupMappingType = $LDAPIni->variable('LDAPSettings', 'LDAPGroupMappingType'); $LDAPUserGroupMap = $LDAPIni->variable('LDAPSettings', 'LDAPUserGroupMap'); if (!is_array($LDAPUserGroupMap)) { $LDAPUserGroupMap = array(); } // group mapping constants $ByMemberAttribute = 'SimpleMapping'; // by group's member attributes (with mapping) $ByMemberAttributeHierarhicaly = 'GetGroupsTree'; // by group's member attributes hierarhically $ByGroupAttribute = 'UseGroupAttribute'; // by user's group attribute (old style) $groupMappingTypes = array($ByMemberAttribute, $ByMemberAttributeHierarhicaly, $ByGroupAttribute); $userData =& $info[0]; // default mapping using old style if (!in_array($LDAPGroupMappingType, $groupMappingTypes)) { $LDAPGroupMappingType = $ByGroupAttribute; } if ($LDAPDebugTrace) { $debugArray = array('stage' => '4/5: group mapping init', 'LDAPUserGroupType' => $LDAPUserGroupType, 'LDAPGroupMappingType' => $LDAPGroupMappingType, 'LDAPUserGroup' => $LDAPUserGroup, 'defaultUserPlacement' => $defaultUserPlacement, 'extraNodeAssignments' => $extraNodeAssignments); eZDebug::writeNotice(var_export($debugArray, true), __METHOD__); } if ($LDAPGroupMappingType == $ByMemberAttribute or $LDAPGroupMappingType == $ByMemberAttributeHierarhicaly) { $LDAPGroupBaseDN = $LDAPIni->variable('LDAPSettings', 'LDAPGroupBaseDN'); $LDAPGroupBaseDN = str_replace($LDAPEqualSign, '=', $LDAPGroupBaseDN); $LDAPGroupClass = $LDAPIni->variable('LDAPSettings', 'LDAPGroupClass'); $LDAPGroupNameAttribute = strtolower($LDAPIni->variable('LDAPSettings', 'LDAPGroupNameAttribute')); $LDAPGroupMemberAttribute = strtolower($LDAPIni->variable('LDAPSettings', 'LDAPGroupMemberAttribute')); $LDAPGroupDescriptionAttribute = strtolower($LDAPIni->variable('LDAPSettings', 'LDAPGroupDescriptionAttribute')); $groupSearchingDepth = $LDAPGroupMappingType == '1' ? 1 : 1000; // now, get all parents for currently ldap authenticated user $requiredParams = array(); $requiredParams['LDAPLoginAttribute'] = $LDAPLoginAttribute; $requiredParams['LDAPGroupBaseDN'] = $LDAPGroupBaseDN; $requiredParams['LDAPGroupClass'] = $LDAPGroupClass; $requiredParams['LDAPGroupNameAttribute'] = $LDAPGroupNameAttribute; $requiredParams['LDAPGroupMemberAttribute'] = $LDAPGroupMemberAttribute; $requiredParams['LDAPGroupDescriptionAttribute'] = $LDAPGroupDescriptionAttribute; $requiredParams['ds'] =& $ds; if ($LDAPIni->variable('LDAPSettings', 'LDAPGroupRootNodeId') !== '') { $requiredParams['TopUserGroupNodeID'] = $LDAPIni->variable('LDAPSettings', 'LDAPGroupRootNodeId'); } else { $requiredParams['TopUserGroupNodeID'] = 5; } $groupsTree = array(); $stack = array(); $newfilter = '(&(objectClass=' . $LDAPGroupClass . ')(' . $LDAPGroupMemberAttribute . '=' . $userData['dn'] . '))'; $groupsTree[$userData['dn']] = array('data' => &$userData, 'parents' => array(), 'children' => array()); eZLDAPUser::getUserGroupsTree($requiredParams, $newfilter, $userData['dn'], $groupsTree, $stack, $groupSearchingDepth); $userRecord =& $groupsTree[$userData['dn']]; if ($LDAPGroupMappingType == $ByMemberAttribute) { if (count($userRecord['parents']) > 0) { $remappedGroupNames = array(); foreach (array_keys($userRecord['parents']) as $key) { $parentGroup =& $userRecord['parents'][$key]; if (isset($parentGroup['data'][$LDAPGroupNameAttribute])) { $ldapGroupName = $parentGroup['data'][$LDAPGroupNameAttribute]; if (is_array($ldapGroupName)) { $ldapGroupName = $ldapGroupName['count'] > 0 ? $ldapGroupName[0] : ''; } // remap group name and check that group exists if (array_key_exists($ldapGroupName, $LDAPUserGroupMap)) { $remmapedGroupName = $db->escapeString($LDAPUserGroupMap[$ldapGroupName]); $groupQuery = "SELECT ezcontentobject_tree.node_id\n FROM ezcontentobject, ezcontentobject_tree\n WHERE ezcontentobject.name like '{$remmapedGroupName}'\n AND ezcontentobject.id=ezcontentobject_tree.contentobject_id\n AND ezcontentobject.contentclass_id={$userGroupClassID}"; $groupRow = $db->arrayQuery($groupQuery); if (count($groupRow) > 0) { $userRecord['new_parents'][] = $groupRow[0]['node_id']; } } } } } } else { if ($LDAPGroupMappingType == $ByMemberAttributeHierarhicaly) { $stack = array(); self::goAndPublishGroups($requiredParams, $userData['dn'], $groupsTree, $stack, $groupSearchingDepth, true); } } if (isset($userRecord['new_parents']) and count($userRecord['new_parents']) > 0) { $defaultUserPlacement = $userRecord['new_parents'][0]; $extraNodeAssignments = array_merge($extraNodeAssignments, $userRecord['new_parents']); } } else { if ($LDAPGroupMappingType == $ByGroupAttribute) { if ($LDAPUserGroupAttributeType) { // Should we create user groups that are specified in LDAP, but not found in eZ Publish? $createMissingGroups = $LDAPIni->variable('LDAPSettings', 'LDAPCreateMissingGroups') === 'enabled'; if ($LDAPIni->variable('LDAPSettings', 'LDAPGroupRootNodeId') !== '') { $parentNodeID = $LDAPIni->variable('LDAPSettings', 'LDAPGroupRootNodeId'); } else { $parentNodeID = 5; } $groupAttributeCount = $info[0][$LDAPUserGroupAttribute]['count']; if ($LDAPUserGroupAttributeType == "name") { for ($i = 0; $i < $groupAttributeCount; $i++) { if ($isUtf8Encoding) { $groupName = utf8_decode($info[0][$LDAPUserGroupAttribute][$i]); } else { $groupName = $info[0][$LDAPUserGroupAttribute][$i]; } // Save group node id to either defaultUserPlacement or extraNodeAssignments self::getNodeAssignmentsForGroupName($groupName, $i == 0, $defaultUserPlacement, $extraNodeAssignments, $createMissingGroups, $parentNodeID); } } else { if ($LDAPUserGroupAttributeType == "id") { for ($i = 0; $i < $groupAttributeCount; $i++) { if ($isUtf8Encoding) { $groupID = utf8_decode($info[0][$LDAPUserGroupAttribute][$i]); } else { $groupID = $info[0][$LDAPUserGroupAttribute][$i]; } $groupName = "LDAP {$groupID}"; // Save group node id to either defaultUserPlacement or extraNodeAssignments self::getNodeAssignmentsForGroupName($groupName, $i == 0, $defaultUserPlacement, $extraNodeAssignments, $createMissingGroups, $parentNodeID); } } else { if ($LDAPUserGroupAttributeType == "dn") { for ($i = 0; $i < $groupAttributeCount; $i++) { $groupDN = $info[0][$LDAPUserGroupAttribute][$i]; $groupName = self::getGroupNameByDN($ds, $groupDN); if ($groupName) { // Save group node id to either defaultUserPlacement or extraNodeAssignments self::getNodeAssignmentsForGroupName($groupName, $i == 0, $defaultUserPlacement, $extraNodeAssignments, $createMissingGroups, $parentNodeID); } } } else { eZDebug::writeError("Bad LDAPUserGroupAttributeType '{$LDAPUserGroupAttributeType}'. It must be either 'name', 'id' or 'dn'.", __METHOD__); $user = false; return $user; } } } } } } // remove ' last_name' from first_name if cn is used for first name if ($LDAPFirstNameIsCN && isset($userData[$LDAPFirstNameAttribute]) && isset($userData[$LDAPLastNameAttribute])) { $userData[$LDAPFirstNameAttribute][0] = str_replace(' ' . $userData[$LDAPLastNameAttribute][0], '', $userData[$LDAPFirstNameAttribute][0]); } if (isset($userData[$LDAPEmailAttribute])) { $LDAPuserEmail = $userData[$LDAPEmailAttribute][0]; } else { if (trim($LDAPIni->variable('LDAPSettings', 'LDAPEmailEmptyAttributeSuffix'))) { $LDAPuserEmail = $login . $LDAPIni->variable('LDAPSettings', 'LDAPEmailEmptyAttributeSuffix'); } else { $LDAPuserEmail = false; } } $userAttributes = array('login' => $login, 'first_name' => isset($userData[$LDAPFirstNameAttribute]) ? $userData[$LDAPFirstNameAttribute][0] : false, 'last_name' => isset($userData[$LDAPLastNameAttribute]) ? $userData[$LDAPLastNameAttribute][0] : false, 'email' => $LDAPuserEmail); if ($LDAPDebugTrace) { $debugArray = array('stage' => '5/5: storing user', 'userAttributes' => $userAttributes, 'isUtf8Encoding' => $isUtf8Encoding, 'defaultUserPlacement' => $defaultUserPlacement, 'extraNodeAssignments' => $extraNodeAssignments); eZDebug::writeNotice(var_export($debugArray, true), __METHOD__); } $oldUser = clone eZUser::currentUser(); $existingUser = eZLDAPUser::publishUpdateUser($extraNodeAssignments, $defaultUserPlacement, $userAttributes, $isUtf8Encoding); if (is_object($existingUser)) { eZUser::setCurrentlyLoggedInUser($existingUser, $existingUser->attribute('contentobject_id')); } else { eZUser::setCurrentlyLoggedInUser($oldUser, $oldUser->attribute('contentobject_id')); } ldap_close($ds); return $existingUser; } else { eZDebug::writeError('Cannot initialize connection for LDAP server', __METHOD__); $user = false; return $user; } } else { // Increase number of failed login attempts. if (isset($userID)) { eZUser::setFailedLoginAttempts($userID); } eZDebug::writeWarning('User does not exist or LDAP is not enabled in php', __METHOD__); $user = false; return $user; } } }
/** * Helper method that creates a new user. * Currently only creates in users/guest_accounts. * First and last name will be a splitup of username * * @param string $username * @param string $password If not provided, uses the username as password * @param string $email If not provided, uses '<username><at>test.ez.no' * * @return eZContentObject */ protected static function createUser($username, $password = false, $email = false) { $firstname = substr($username, 0, floor(strlen($username) / 2)); $lastname = substr($username, ceil(strlen($username) / 2)); if ($email === false) { $email = "{$username}@test.ez.no"; } if ($password === false) { $password = $username; } $user = new ezpObject('user', eZContentObjectTreeNode::fetchByPath('users/guest_accounts')); $user->first_name = $firstname; $user->last_name = $lastname; $user->user_account = $account = sprintf('%s|%s|%s|%d', $username, $email, eZUser::createHash($username, $password, eZUser::site(), eZUser::PASSWORD_HASH_MD5_USER), eZUser::PASSWORD_HASH_MD5_USER); $user->publish(); $user->refresh(); return $user->object; }
$validationResult = ngConnectUserActivation::validateUserInput($http); if ($validationResult['status'] == 'success') { $user = ngConnectFunctions::createUser($authResult); if ($user instanceof eZUser) { $login = trim($http->postVariable('data_user_login')); $email = trim($http->postVariable('data_user_email')); $password = trim($http->postVariable('data_user_password')); if (empty($password) && $siteINI->variable('UserSettings', 'GeneratePasswordIfEmpty') == 'true') { $password = $user->createPassword($siteINI->variable('UserSettings', 'GeneratePasswordLength')); } // we created the new account, but still need to set things up so users can login using a regular login form $db = eZDB::instance(); $db->begin(); $user->setAttribute('login', $login); $user->setAttribute('email', $email); $user->setAttribute('password_hash', eZUser::createHash($login, $password, eZUser::site(), eZUser::hashType())); $user->setAttribute('password_hash_type', eZUser::hashType()); $user->store(); ngConnectFunctions::connectUser($user->ContentObjectID, $authResult['login_method'], $authResult['id']); $db->commit(); $http->removeSessionVariable('NGConnectStartedRegistration'); $http->removeSessionVariable('NGConnectAuthResult'); $http->removeSessionVariable('NGConnectForceRedirect'); $verifyUserType = $siteINI->variable('UserSettings', 'VerifyUserType'); if ($verifyUserType === 'email' && $siteINI->hasVariable('UserSettings', 'VerifyUserEmail') && $siteINI->variable('UserSettings', 'VerifyUserEmail') !== 'enabled') { $verifyUserType = false; } if ($authResult['email'] == '' || $email != $authResult['email'] && $verifyUserType) { // we only validate the account if no email was provided by social network or entered email is not the same // as the one from social network and if email verification is active of course ngConnectUserActivation::processUserActivation($user, $siteINI->variable('UserSettings', 'GeneratePasswordIfEmpty') == 'true' ? $password : false);
protected function getUserAccountString($login, $email) { $password = eZUser::createPassword(8); $passwordHash = eZUser::createHash($login, $password, eZUser::site(), eZUser::hashType()); return $login . '|' . $email . '|' . $passwordHash . '|' . eZUser::passwordHashTypeName(eZUser::hashType()); }
/** * Validates the input from the object edit form concerning this attribute. * * @param mixed $http Class eZHTTPTool. * @param string $base Seems to be always 'ContentObjectAttribute'. * @param mixed $contentObjectAttribute Class eZContentObjectAttribute. * * @return int eZInputValidator::STATE_INVALID/STATE_ACCEPTED */ public function validateObjectAttributeHTTPInput($http, $base, $contentObjectAttribute) { if ($http->hasPostVariable($base . '_ymcmschapv2_data_text_' . $contentObjectAttribute->attribute('id'))) { $data = $http->postVariable($base . '_ymcmschapv2_data_text_' . $contentObjectAttribute->attribute('id')); $classAttribute = $contentObjectAttribute->contentClassAttribute(); if ($data == "") { if ($contentObjectAttribute->validateIsRequired()) { $contentObjectAttribute->setValidationError(ezi18n('kernel/classes/datatypes', 'Input required.')); return eZInputValidator::STATE_INVALID; } } else { $maxLen = $classAttribute->attribute(self::MAX_LEN_FIELD); $textCodec = eZTextCodec::instance(false); if ($textCodec->strlen($data) > $maxLen and $maxLen > 0) { $contentObjectAttribute->setValidationError(ezi18n('kernel/classes/datatypes', 'The input text is too long. The maximum number of characters allowed is %1.'), $maxLen); return eZInputValidator::STATE_INVALID; } $minLen = $classAttribute->attribute(self::MIN_LEN_FIELD); if ($textCodec->strlen($data) < $minLen and $minLen > 0) { $contentObjectAttribute->setValidationError(ezi18n('kernel/classes/datatypes', 'The input text is too short. The minimum number of characters is %1.'), $minLen); return eZInputValidator::STATE_INVALID; } //Make the user input asomething different from his normal password //start //ToDo: Do not return valid if the user has changed his pwassword but the new password is not in the "_POST-Array... $found_login = false; $found_password = false; //ToDO: Don't walk through the $_POST-array... foreach ($_POST as $key => $content) { if (strpos($key, '_data_user_login_') != false and $content != '') { $found_login = $content; } else { if (strpos($key, '_data_user_password_') != false and $content != '') { $found_password = $content; } } } if ($found_password !== false and $found_password == $data) { $contentObjectAttribute->setValidationError(ezi18n('kernel/classes/datatypes', 'This has to be different from your new user account password.')); return eZInputValidator::STATE_INVALID; } else { $objectID = $contentObjectAttribute->attribute('contentobject_id'); include_once "kernel/classes/datatypes/ezuser/ezuser.php"; $user = eZUser::fetch($objectID); if (is_object($user)) { if ($found_login === false) { $found_login = $user->attribute('login'); } $passHash = eZUser::createHash($found_login, $data, eZUser::site(), $user->attribute('password_hash_type')); if ($passHash == $user->attribute('password_hash')) { $contentObjectAttribute->setValidationError(ezi18n('kernel/classes/datatypes', 'This has to be different from your current user account password.')); return eZInputValidator::STATE_INVALID; } } } //Make the user input asomething different from his normal password //end return eZInputValidator::STATE_ACCEPTED; } } return eZInputValidator::STATE_ACCEPTED; }