/**
* Checks whether this user has correctly entered password or not
*
* @access public
* @return bool
*/
public function authenticate($sOneTimePassword = '')
{
if (Yii::app()->getConfig("auth_webserver") == false || $this->username != "") {
$user = User::model()->findByAttributes(array('users_name' => $this->username));
if ($user !== null) {
if (gettype($user->password) == 'resource') {
$sStoredPassword = stream_get_contents($user->password, -1, 0);
// Postgres delivers bytea fields as streams :-o
} else {
$sStoredPassword = $user->password;
}
} else {
$this->errorCode = self::ERROR_USERNAME_INVALID;
return !$this->errorCode;
}
if ($sOneTimePassword != '' && Yii::app()->getConfig("use_one_time_passwords") && md5($sOneTimePassword) == $user->one_time_pw) {
$user->one_time_pw = '';
$user->save();
$this->id = $user->uid;
$this->user = $user;
$this->errorCode = self::ERROR_NONE;
} elseif ($sStoredPassword !== hash('sha256', $this->password)) {
$this->errorCode = self::ERROR_PASSWORD_INVALID;
} else {
$this->id = $user->uid;
$this->user = $user;
$this->errorCode = self::ERROR_NONE;
}
} elseif (Yii::app()->getConfig("auth_webserver") === true && (isset($_SERVER['PHP_AUTH_USER']) || isset($_SERVER['LOGON_USER']))) {
if (isset($_SERVER['PHP_AUTH_USER'])) {
$sUser = $_SERVER['PHP_AUTH_USER'];
} else {
$sUser = $_SERVER['LOGON_USER'];
$sUser = substr($sUser, strrpos($sUser, "\\") + 1);
}
$aUserMappings = Yii::app()->getConfig("auth_webserver_user_map");
if (isset($aUserMappings[$sUser])) {
$sUser = $aUserMappings[$sUser];
}
$oUser = User::model()->findByAttributes(array('users_name' => $sUser));
if (is_null($oUser)) {
if (function_exists("hook_get_auth_webserver_profile")) {
// If defined this function returns an array
// describing the defaukt profile for this user
$aUserProfile = hook_get_autouserprofile($sUser);
} elseif (Yii::app()->getConfig("auth_webserver_autocreate_user")) {
$aUserProfile = Yii::app()->getConfig("auth_webserver_autocreate_profile");
}
} else {
$this->id = $oUser->uid;
$this->user = $oUser;
$this->errorCode = self::ERROR_NONE;
}
if (Yii::app()->getConfig("auth_webserver_autocreate_user") && isset($aUserProfile) && is_null($oUser)) {
// user doesn't exist but auto-create user is set
$oUser = new User();
$oUser->users_name = $sUser;
$oUser->password = hash('sha256', createPassword());
$oUser->full_name = $aUserProfile['full_name'];
$oUser->parent_id = 1;
$oUser->lang = $aUserProfile['lang'];
$oUser->email = $aUserProfile['email'];
$oUser->create_survey = $aUserProfile['create_survey'];
$oUser->create_user = $aUserProfile['create_user'];
$oUser->delete_user = $aUserProfile['delete_user'];
$oUser->superadmin = $aUserProfile['superadmin'];
$oUser->configurator = $aUserProfile['configurator'];
$oUser->manage_template = $aUserProfile['manage_template'];
$oUser->manage_label = $aUserProfile['manage_label'];
if ($oUser->save()) {
$aTemplates = explode(",", $aUserProfile['templatelist']);
foreach ($aTemplates as $sTemplateName) {
$oRecord = new Templates_rights();
$oRecord->uid = $oUser->uid;
$oRecord->folder = trim($sTemplateName);
$oRecord->use = 1;
$oRecord->save();
}
// read again user from newly created entry
$this->id = $oUser->uid;
$this->user = $oUser;
$this->errorCode = self::ERROR_NONE;
} else {
$this->errorCode = self::ERROR_USERNAME_INVALID;
}
}
} else {
$this->errorCode = self::ERROR_USERNAME_INVALID;
}
return !$this->errorCode;
}
} else {
$mappeduser = $_SERVER['PHP_AUTH_USER'];
}
include "database.php";
$query = "SELECT uid, users_name, password, parent_id, email, lang, htmleditormode, dateformat FROM " . db_table_name('users') . " WHERE users_name=" . $connect->qstr($mappeduser);
$ADODB_FETCH_MODE = ADODB_FETCH_ASSOC;
//Checked
$result = $connect->SelectLimit($query, 1) or safe_die($query . "<br />" . $connect->ErrorMsg());
if ($result->RecordCount() < 1) {
// In case the hook function is defined
// overrite the default auto-import profile
// by this function's result
if (function_exists("hook_get_autouserprofile")) {
// If defined this function returns an array
// describing the defaukt profile for this user
$WebserverAuth_autouserprofile = hook_get_autouserprofile($mappeduser);
}
if (isset($WebserverAuth_autocreateUser) && $WebserverAuth_autocreateUser === true && isset($WebserverAuth_autouserprofile) && is_array($WebserverAuth_autouserprofile) && count($WebserverAuth_autouserprofile) > 0) {
// user doesn't exist but auto-create user is set
$isAuthenticated = false;
$new_pass = createPassword();
$uquery = "INSERT INTO {$dbprefix}users " . "(users_name, password,full_name,parent_id,lang,email,create_survey,create_user,delete_user,superadmin,configurator,manage_template,manage_label) " . "VALUES (" . $connect->qstr($mappeduser) . ", " . "'" . SHA256::hashing($new_pass) . "', " . "'" . db_quote($WebserverAuth_autouserprofile['full_name']) . "', " . getInitialAdmin_uid() . " , " . "'" . $WebserverAuth_autouserprofile['lang'] . "', " . "'" . db_quote($WebserverAuth_autouserprofile['email']) . "', " . intval($WebserverAuth_autouserprofile['create_survey']) . "," . intval($WebserverAuth_autouserprofile['create_user']) . "," . intval($WebserverAuth_autouserprofile['delete_user']) . "," . intval($WebserverAuth_autouserprofile['superadmin']) . "," . intval($WebserverAuth_autouserprofile['configurator']) . "," . intval($WebserverAuth_autouserprofile['manage_template']) . "," . intval($WebserverAuth_autouserprofile['manage_label']) . ")";
$uresult = $connect->Execute($uquery);
//Checked
if ($uresult) {
$isAuthenticated = true;
$newqid = $connect->Insert_ID("{$dbprefix}users", "uid");
$arrayTemplates = explode(",", $WebserverAuth_autouserprofile['templatelist']);
foreach ($arrayTemplates as $tplname) {
$template_query = "INSERT INTO {$dbprefix}templates_rights VALUES('{$newqid}','{$tplname}','1')";
$connect->Execute($template_query);
