/** * Authenticate user * * @return DataObjects_Users returns users dataobject on success authentication * or null if user wasn't succesfully authenticated */ function &authenticateUser() { $aCredentials = $this->_getCredentials(); if (PEAR::isError($aCredentials)) { OA_Auth::displayError($aCredentials); } return $this->checkPassword($aCredentials['username'], $aCredentials['password']); }
/** * Tests that default authentication plugin is correctly created * */ function testStaticGetAuthPlugin() { $authInternal = OA_Auth::staticGetAuthPlugin('internal'); $this->assertIsA($authInternal, 'Plugins_Authentication'); $authInternal2 = OA_Auth::staticGetAuthPlugin('internal'); $this->assertIdentical($authInternal, $authInternal2); $authDefault = OA_Auth::staticGetAuthPlugin(); $this->assertIsA($authInternal, 'Plugins_Authentication'); }
/** * Verify Session * * @param string $sessionId * @return boolean */ function verifySession($sessionId) { if (!$this->_verifySessionLength($sessionId)) { return false; } $this->_setSessionId($sessionId); if (OA_Auth::isLoggedIn()) { return true; } else { $this->raiseError('Session ID is invalid'); return false; } }
function _runDeleteUnverifiedAccounts() { $oPlugin = OA_Auth::staticGetAuthPlugin(); $oPlugin->deleteUnverifiedUsers($this); }
/** * Save the new password in the user properties * * @param string recovery ID * @param string new password * @return bool Ttrue the new password was correctly saved */ function saveNewPasswordAndLogin($recoveryId, $password) { $doPwdRecovery = OA_Dal::factoryDO('password_recovery'); $doPwdRecovery->recovery_id = $recoveryId; $doPwdRecoveryClone = clone $doPwdRecovery; $doPwdRecovery->find(); if ($doPwdRecovery->fetch()) { $userId = $doPwdRecovery->user_id; $doPlugin =& OA_Auth::staticGetAuthPlugin(); $doPlugin->setNewPassword($userId, $password); $doPwdRecoveryClone->delete(); phpAds_SessionStart(); $doUser = OA_Dal::staticGetDO('users', $userId); phpAds_SessionDataRegister(OA_Auth::getSessionData($doUser)); phpAds_SessionDataStore(); return true; } return false; }
/** * This method modifies an existing agency. Undefined fields do not change * and defined fields with a NULL value also remain unchanged. * * @access public * * @param OA_Dll_AgencyInfo &$oAgency <br /> * <b>For adding</b><br /> * <b>Required properties:</b> agencyName<br /> * <b>Optional properties:</b> contactName, emailAddress, username, password<br /> * * <b>For modify</b><br /> * <b>Required properties:</b> agencyId<br /> * <b>Optional properties:</b> agencyName, contactName, emailAddress<br /> * * @return boolean True if the operation was successful * */ function modify(&$oAgency) { if (!$this->checkPermissions(OA_ACCOUNT_ADMIN)) { return false; } $agencyData = (array) $oAgency; // Name $agencyData['name'] = $oAgency->agencyName; // Default fields $agencyData['contact'] = $oAgency->contactName; $agencyData['email'] = $oAgency->emailAddress; if ($this->_validate($oAgency)) { $doAgency = OA_Dal::factoryDO('agency'); if (!isset($agencyData['agencyId'])) { $doAgency->setFrom($agencyData); $oAgency->agencyId = $doAgency->insert(); if ($oAgency->agencyId) { // Set the account ID $doAgency = OA_Dal::staticGetDO('agency', $oAgency->agencyId); $oAgency->accountId = (int) $doAgency->account_id; } if (isset($agencyData['username']) || isset($agencyData['userEmail'])) { // Use the authentication plugin to create the user $oPlugin = OA_Auth::staticGetAuthPlugin(); $userId = $oPlugin->getMatchingUserId($agencyData['userEmail'], $agencyData['username']); $userId = $oPlugin->saveUser($userId, $agencyData['username'], $agencyData['password'], $agencyData['contactName'], $agencyData['userEmail'], $agencyData['language'], $oAgency->accountId); if ($userId) { // Link the user and give permission to create new accounts $aAllowedPermissions = array(OA_PERM_SUPER_ACCOUNT => 'This string intentionally left blank. WTF?'); $aPermissions = array(OA_PERM_SUPER_ACCOUNT); OA_Permission::setAccountAccess($oAgency->accountId, $userId); OA_Permission::storeUserAccountsPermissions($aPermissions, $oAgency->accountId, $userId, $aAllowedPermissions); } } } else { $doAgency->get($agencyData['agencyId']); $doAgency->setFrom($agencyData); $doAgency->update(); } return true; } else { return false; } }
/** * Assign common template variables * * @param Admin_Template $oTpl */ function assignUserStartTemplateVariables(&$oTpl) { $oTpl->assign('method', 'GET'); // Add variables required by the current authentication plugin $oPlugin = OA_Auth::staticGetAuthPlugin(); $oPlugin->setTemplateVariables($oTpl); $helpString = OA_Admin_UI_UserAccess::getHelpString($oTpl->get_template_vars('sso')); $oTpl->assign('strLinkUserHelp', $helpString); }
OA_Permission::enforceAccount(OA_ACCOUNT_ADMIN, OA_ACCOUNT_MANAGER, OA_ACCOUNT_ADVERTISER, OA_ACCOUNT_TRAFFICKER); // Create a new option object for displaying the setting's page's HTML form $oOptions = new OA_Admin_Option('user'); // Prepare an array for storing error messages $aErrormessage = array(); // If the settings page is a submission, deal with the form data if (isset($_POST['submitok']) && $_POST['submitok'] == 'true') { // Register input variables phpAds_registerGlobalUnslashed('pwold', 'pw', 'pw2'); // Get the DB_DataObject for the current user $doUsers = OA_Dal::factoryDO('users'); $doUsers->get(OA_Permission::getUserId()); // Set defaults $changePassword = false; // Get the current authentication plugin instance $oPlugin = OA_Auth::staticGetAuthPlugin(); // Check password if (!isset($pwold) || !$oPlugin->checkPassword(OA_Permission::getUsername(), $pwold)) { $aErrormessage[0][] = $GLOBALS['strPasswordWrong']; } if (isset($pw) && strlen($pw) || isset($pw2) && strlen($pw2)) { if (!strlen($pw) || strstr("\\", $pw)) { $aErrormessage[0][] = $GLOBALS['strInvalidPassword']; } elseif (strcmp($pw, $pw2)) { $aErrormessage[0][] = $GLOBALS['strNotSamePasswords']; } else { $changePassword = true; } } if (!count($aErrormessage) && $changePassword) { $result = $oPlugin->changePassword($doUsers, $pw, $pwold);
function _assignUserAccountInfo($oCurrentSection) { global $session; // Show currently logged on user and IP if (OA_Auth::isLoggedIn() || defined('phpAds_installing')) { $this->oTpl->assign('helpLink', OA_Admin_Help::getHelpLink($oCurrentSection)); if (!defined('phpAds_installing')) { $this->oTpl->assign('infoUser', OA_Permission::getUsername()); $this->oTpl->assign('buttonLogout', true); $this->oTpl->assign('buttonReportBugs', true); // Account switcher OA_Admin_UI_AccountSwitch::assignModel($this->oTpl); $this->oTpl->assign('strWorkingAs', $GLOBALS['strWorkingAs_Key']); $this->oTpl->assign('keyWorkingAs', $GLOBALS['keyWorkingAs']); $this->oTpl->assign('accountId', OA_Permission::getAccountId()); $this->oTpl->assign('accountName', OA_Permission::getAccountName()); $this->oTpl->assign('accountSearchUrl', MAX::constructURL(MAX_URL_ADMIN, 'account-switch-search.php')); $this->oTpl->assign('productUpdatesCheck', OA_Permission::isAccount(OA_ACCOUNT_ADMIN) && $GLOBALS['_MAX']['CONF']['sync']['checkForUpdates'] && !isset($session['maint_update_js'])); if (OA_Permission::isUserLinkedToAdmin()) { $this->oTpl->assign('maintenanceAlert', OA_Dal_Maintenance_UI::alertNeeded()); } } else { $this->oTpl->assign('buttonStartOver', true); } } }
/** * Starts or continue existing session * * @param unknown_type $checkRedirectFunc */ function OA_Start($checkRedirectFunc = null) { $conf = $GLOBALS['_MAX']['CONF']; global $session; // XXX: Why not try loading session data when OpenX is not installed? //if ($conf['openads']['installed']) if (OA_INSTALLATION_STATUS == OA_INSTALLATION_STATUS_INSTALLED) { phpAds_SessionDataFetch(); } if (!OA_Auth::isLoggedIn() || OA_Auth::suppliedCredentials()) { // Required files include_once MAX_PATH . '/lib/max/language/Loader.php'; // Load the required language files Language_Loader::load('default'); phpAds_SessionDataRegister(OA_Auth::login($checkRedirectFunc)); $aPlugins = OX_Component::getListOfRegisteredComponentsForHook('afterLogin'); foreach ($aPlugins as $i => $id) { if ($obj = OX_Component::factoryByComponentIdentifier($id)) { $obj->afterLogin(); } } } // Overwrite certain preset preferences if (!empty($session['language']) && $session['language'] != $GLOBALS['pref']['language']) { $GLOBALS['_MAX']['CONF']['max']['language'] = $session['language']; } // Check if manual account switch has happened and migrate to new global variable if (isset($session['accountSwitch'])) { $GLOBALS['_OX']['accountSwtich'] = $session['accountSwitch']; unset($session['accountSwitch']); phpAds_SessionDataStore(); } }
/** * A static method to display a login screen * * @static * * @param string $sMessage * @param string $sessionID * @param bool $inlineLogin */ function displayLogin($sMessage = '', $sessionID = 0, $inLineLogin = false) { $authLogin = OA_Auth::staticGetAuthPlugin(); $authLogin->displayLogin($sMessage, $sessionID, $inLineLogin); }
function phpAds_Die($title = "Error", $message = "Unknown error") { if (defined('OA_WEBSERVICES_API_XMLRPC')) { // It's an XML-RPC response if (class_exists('XmlRpcUtils')) { $oResponse = XmlRpcUtils::generateError($message); } else { $oResponse = new XML_RPC_Response('', 99999, $message); } echo $oResponse->serialize(); exit; } $conf = $GLOBALS['_MAX']['CONF']; global $phpAds_GUIDone, $phpAds_TextDirection; $header = $title == $GLOBALS['strAccessDenied'] ? phpAds_Login : phpAds_Error; // Header if ($phpAds_GUIDone == false) { if (!isset($phpAds_TextDirection)) { $phpAds_TextDirection = 'ltr'; } phpAds_PageHeader(phpAds_Error); } echo "<br>"; echo "<div class='errormessage'><img class='errormessage' src='" . OX::assetPath() . "/images/errormessage.gif' align='absmiddle'> "; echo "<span class='tab-r'>" . $title . "</span><br><br>" . $message . "</div><br>"; // Die if ($header == phpAds_Login) { $_COOKIE['sessionID'] = phpAds_SessionStart(); OA_Auth::displayLogin('', $_COOKIE['sessionID'], true); } phpAds_PageFooter(); exit; }
/** * Starts or continue existing session * * @param unknown_type $checkRedirectFunc */ function OA_Start($checkRedirectFunc = null) { $conf = $GLOBALS['_MAX']['CONF']; global $session; // Send no cache headers MAX_header('Pragma: no-cache'); MAX_header('Cache-Control: no-cache, no-store, must-revalidate'); MAX_header('Expires: 0'); if (RV_INSTALLATION_STATUS == RV_INSTALLATION_STATUS_INSTALLED) { phpAds_SessionDataFetch(); } if (!OA_Auth::isLoggedIn() || OA_Auth::suppliedCredentials()) { // Required files include_once MAX_PATH . '/lib/max/language/Loader.php'; // Load the required language files Language_Loader::load('default'); phpAds_SessionDataRegister(OA_Auth::login($checkRedirectFunc)); $aPlugins = OX_Component::getListOfRegisteredComponentsForHook('afterLogin'); foreach ($aPlugins as $i => $id) { if ($obj = OX_Component::factoryByComponentIdentifier($id)) { $obj->afterLogin(); } } } // Overwrite certain preset preferences if (!empty($session['language']) && $session['language'] != $GLOBALS['pref']['language']) { $GLOBALS['_MAX']['CONF']['max']['language'] = $session['language']; } // Check if manual account switch has happened and migrate to new global variable if (isset($session['accountSwitch'])) { $GLOBALS['_OX']['accountSwtich'] = $session['accountSwitch']; unset($session['accountSwitch']); phpAds_SessionDataStore(); } }
/** * Check if the user is allowed to see the password recovery tools * */ function checkAccess() { return !OA_Auth::isLoggedIn() && !OA_Auth::suppliedCredentials(); }
/** * Logoff from the session. * * @access public * * @param string $sessionId * * @return boolean */ function logoff($sessionId) { if ($this->verifySession($sessionId)) { phpAds_SessionDataDestroy(); unset($GLOBALS['session']); return !OA_Auth::isLoggedIn(); } else { return false; } }
| ========== | | | | Copyright (c) 2003-2009 OpenX Limited | | For contact details, see: http://www.openx.org/ | | | | This program is free software; you can redistribute it and/or modify | | it under the terms of the GNU General Public License as published by | | the Free Software Foundation; either version 2 of the License, or | | (at your option) any later version. | | | | This program is distributed in the hope that it will be useful, | | but WITHOUT ANY WARRANTY; without even the implied warranty of | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | | GNU General Public License for more details. | | | | You should have received a copy of the GNU General Public License | | along with this program; if not, write to the Free Software | | Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | +---------------------------------------------------------------------------+ $Id: logout.php 37157 2009-05-28 12:31:10Z andrew.hill $ */ // Require the initialisation file require_once '../../init.php'; define('OA_SKIP_LOGIN', 1); // Required files require_once MAX_PATH . '/www/admin/config.php'; /*-------------------------------------------------------*/ /* Main code */ /*-------------------------------------------------------*/ OA_Auth::logout();
function _checkLoginOld($tableName, $agencySupport) { if (!isset($_COOKIE['sessionID'])) { return new PEAR_Error($GLOBALS['strEnableCookies']); } $prefix = $GLOBALS['_MAX']['CONF']['table']['prefix']; $oDbh = OA_DB::singleton(); if (!PEAR::isError($oDbh)) { $tblPreferences = $oDbh->quoteIdentifier($prefix . $tableName, true); $query = "SELECT admin, admin_pw FROM {$tblPreferences}"; if ($agencySupport) { $query .= " WHERE agencyid = 0"; } $aPref = $oDbh->queryRow($query, null, MDB2_FETCHMODE_ASSOC); if (is_array($aPref)) { $oPlugin =& OA_Auth::staticGetAuthPlugin('internal'); $aCredentials = $oPlugin->_getCredentials(false); if (!PEAR::isError($aCredentials)) { if (strtolower($aPref['admin']) == strtolower($aCredentials['username']) && $aPref['admin_pw'] == md5($aCredentials['password'])) { $doUser = OA_Dal::factoryDO('users'); $doUser->username = $aPref['admin']; $aSession = OA_Auth::getSessionData($doUser, true); $aSession['user']->aAccount['account_type'] = OA_ACCOUNT_ADMIN; phpAds_SessionDataRegister($aSession); } } } // Openads for PostgreSQL 2.0 session.last_used field is a // timestamp with timezone, which gives troubles reading back // session data if TZ offset is > 0 if ($tableName == 'config' && $oDbh->dbsyntax == 'pgsql') { // Make sure that session time is loaded as UTC $oDbh->exec("SET TIMEZONE TO 'UTC'"); phpAds_SessionDataStore(); $oDbh->exec("SET TIMEZONE TO DEFAULT"); return; } phpAds_SessionDataStore(); } }
/** * This method performs data validation for the username and password fields * depending on the authentication plugin in use on the system * * @param OA_Dll_UserInfo $oUser * @return boolean */ function _validateAuthentication(&$oUser) { $oPlugin = OA_Auth::staticGetAuthPlugin(); return $oPlugin->dllValidation($this, $oUser); }
function setUp() { $this->oPlugin = OA_Auth::staticGetAuthPlugin(); }