Ejemplo n.º 1
0
 /**
  * Test for issue #16322: eZTextFileUser makes user names with newline (with patch)
  */
 public function testLoginWrongUsername()
 {
     $userClass = eZUserLoginHandler::instance('textfile');
     $user = $userClass->loginUser('wrong username', 'wrong password');
     // the username and password were not accepted
     $this->assertEquals(false, $user instanceof eZUser);
 }
 /**
  * Checks authentication for the given $user.
  *
  * This method checks the given user/password credentials encapsulated in
  * $data. Returns true if the user was succesfully recognized and the
  * password is valid for him, false otherwise. In case no username and/or
  * password was provided in the request, empty strings are provided as the
  * parameters of this method.
  * 
  * @param ezcWebdavBasicAuth $data
  * @return bool
  */
 public function authenticateBasic(ezcWebdavBasicAuth $data)
 {
     $loginHandler = 'standard';
     eZWebDAVContentBackend::appendLogEntry("Got username: {$data->username}");
     // added by @ds to fix problems with IE6 SP2
     if (preg_match('(^' . preg_quote($_SERVER['SERVER_NAME']) . '(.+))', $data->username, $matches) > 0) {
         $data->username = $matches[1];
     }
     eZWebDAVContentBackend::appendLogEntry("Processed to username: {$data->username}");
     $userClass = eZUserLoginHandler::instance($loginHandler);
     $user = $userClass->loginUser($data->username, $data->password);
     if (!$user instanceof eZUser) {
         return false;
     }
     eZWebDAVContentBackend::appendLogEntry("AuthenticatedBasic");
     return true;
 }
Ejemplo n.º 3
0
/**
 * Check if user login is required. If so, use login handler to redirect user.
 *
 * @deprecated As of 4.4, moved to {@link eZUserLoginHandler::preCheck()}
 * @param array $siteBasics
 * @param eZURI $uri
 * @return array|true|false|null An associative array on redirect with 'module' and 'function' keys, true on successful
 *                               and false/null on #fail.
 */
function eZCheckUser(array &$siteBasics, eZURI $uri)
{
    if (!$siteBasics['user-object-required']) {
        return null;
    }
    $ini = eZINI::instance();
    $requireUserLogin = $ini->variable('SiteAccessSettings', 'RequireUserLogin') == 'true';
    $forceLogin = false;
    if (eZSession::hasStarted()) {
        $http = eZHTTPTool::instance();
        $forceLogin = $http->hasSessionVariable(eZUserLoginHandler::FORCE_LOGIN);
    }
    if (!$requireUserLogin && !$forceLogin) {
        return null;
    }
    return eZUserLoginHandler::checkUser($siteBasics, $uri);
}
Ejemplo n.º 4
0
/**
 * Check if user login is required. If so, use login handler to redirect user.
 *
 * @deprecated As of 4.4, moved to {@link eZUserLoginHandler::preCheck()}
 * @param array $siteBasics
 * @param eZURI $uri
 * @return array|true|false|null An associative array on redirect with 'module' and 'function' keys, true on successful
 *                               and false/null on #fail.
 */
function eZCheckUser(array &$siteBasics, eZURI $uri)
{
    eZDebug::writeStrict('Function eZCheckUser() has been deprecated in 4.4 in favor of eZUserLoginHandler::preCheck()', 'Deprecation');
    if (!$siteBasics['user-object-required']) {
        return null;
    }
    $ini = eZINI::instance();
    $requireUserLogin = $ini->variable('SiteAccessSettings', 'RequireUserLogin') == 'true';
    $forceLogin = false;
    if (eZSession::hasStarted()) {
        $http = eZHTTPTool::instance();
        $forceLogin = $http->hasSessionVariable(eZUserLoginHandler::FORCE_LOGIN);
    }
    if (!$requireUserLogin && !$forceLogin) {
        return null;
    }
    return eZUserLoginHandler::checkUser($siteBasics, $uri);
}
Ejemplo n.º 5
0
function ezp_authandexec($user, $password, $functionName, $params)
{
    $server = $GLOBALS['ggws_server'];
    // replicate here logic found in user/login
    $ini = eZINI::instance();
    if ($ini->hasVariable('UserSettings', 'LoginHandler')) {
        $loginHandlers = $ini->variable('UserSettings', 'LoginHandler');
    } else {
        $loginHandlers = array('standard');
    }
    foreach ($loginHandlers as $loginHandler) {
        $userClass = eZUserLoginHandler::instance($loginHandler);
        $user = $userClass->loginUser($user, $password);
        if ($user instanceof eZUser) {
            // do we need to check this, really?
            //$hasAccessToSite = $user->canLoginToSiteAccess( $GLOBALS['eZCurrentAccess'] );
            //if ( $hasAccessToSite )
            //{
            // check if new user has access to the actual ws
            $access = ggeZWebservices::checkAccess($functionName, $user);
            if (!$access) {
                return new ggWebservicesFault(ggWebservicesServer::INVALIDAUTHERROR, ggWebservicesServer::INVALIDAUTHSTRING);
            }
            if ($server->isInternalRequest($functionName)) {
                return $server->handleInternalRequest($functionName, $params);
            } else {
                return $server->handleRequest($functionName, $params);
            }
            //}
            //else
            //{
            //    $user->logoutCurrent();
            //    // @todo ...
            //    //return $module->handleError( eZError::KERNEL_ACCESS_DENIED, 'kernel' );
            //    return new ggWebservicesFault( ggWebservicesServer::INVALIDAUTHERROR, ggWebservicesServer::INVALIDAUTHSTRING );
            //}
        }
    }
    return new ggWebservicesFault(ggWebservicesServer::INVALIDAUTHERROR, ggWebservicesServer::INVALIDAUTHSTRING);
}
Ejemplo n.º 6
0
 /**
  * Test for issue #16328: Wrong hash stored in database on hash update in ezUser.php
  */
 public function testPasswordHashSamePasswordToUser()
 {
     // Get the password_hash
     $db = eZDB::instance();
     $rows = $db->arrayQuery("SELECT * FROM ezuser where login = '******'");
     if (count($rows) !== 1) {
         $this->fail("User {$this->username} is not in database.");
     }
     // Not used in this test
     $passwordHashMD5Password = $rows[0]['password_hash'];
     // Above it was only the setup for the test, the real test begins now
     // Set HashType to md5_user (password_hash in the ezuser table is updated again)
     ezpINIHelper::setINISetting('site.ini', 'UserSettings', 'HashType', 'md5_user');
     // Login the user with email instead of username
     $userClass = eZUserLoginHandler::instance('standard');
     $user = $userClass->loginUser($this->email, $this->password);
     // Verify that the email and password were accepted
     if (!$user instanceof eZUser) {
         $this->fail("User {$this->email} is not in database.");
     }
     // Get the password_hash
     $db = eZDB::instance();
     $rows = $db->arrayQuery("SELECT * FROM ezuser where login = '******'");
     $passwordHashMD5User = $rows[0]['password_hash'];
     // The value that is expected to be saved in the ezuser table after updating the HashType to md5_user
     // (using the username and not the email address, which caused issue #16328)
     $hashMD5Expected = md5("{$this->username}\n{$this->password}");
     // Verify that the 2 password hashes saved above are the same
     $this->assertEquals($hashMD5Expected, $passwordHashMD5User);
     // Verify that the user can still login with username
     $userClass = eZUserLoginHandler::instance('standard');
     $user = $userClass->loginUser($this->username, $this->password);
     // Verify that the username and password were accepted
     if (!$user instanceof eZUser) {
         $this->fail("User {$this->username} is not in database.");
     }
 }
 static function checkUser(&$siteBasics, &$url)
 {
     $http = eZHTTPTool::instance();
     if (!$http->hasSessionVariable(self::STEP)) {
         $http->setSessionVariable(self::STEP, self::STEP_PRE_CHECK_USER_INFO);
     }
     $loginStep =& $http->sessionVariable(self::STEP);
     if ($http->hasSessionVariable(self::FORCE_LOGIN) && $loginStep < self::STEP_PRE_COLLECT_USER_INFO) {
         $loginStep = self::STEP_PRE_COLLECT_USER_INFO;
     }
     switch ($loginStep) {
         case self::STEP_PRE_CHECK_USER_INFO:
             $ini = eZINI::instance();
             $handlerList = array('standard');
             if ($ini->hasVariable('UserSettings', 'LoginHandler')) {
                 $handlerList = $ini->variable('UserSettings', 'LoginHandler');
             }
             if ($http->hasSessionVariable(self::LAST_HANDLER_NAME)) {
                 $http->removeSessionVariable(self::LAST_HANDLER_NAME);
             }
             foreach ($handlerList as $handler) {
                 $userObject = eZUserLoginHandler::instance($handler);
                 if ($userObject) {
                     $check = $userObject->checkUser($siteBasics, $url);
                     if ($check === null) {
                         eZUserLoginHandler::sessionCleanup();
                         return null;
                     }
                     $http->setSessionVariable(self::LAST_CHECK_REDIRECT, $check);
                     $http->setSessionVariable(self::LAST_HANDLER_NAME, $handler);
                 }
             }
             $http->setSessionVariable(self::STEP, self::STEP_PRE_COLLECT_USER_INFO);
             return eZUserLoginHandler::checkUser($siteBasics, $url);
             break;
         case self::STEP_PRE_COLLECT_USER_INFO:
             $http->setSessionVariable(self::STEP, self::STEP_POST_COLLECT_USER_INFO);
             $handler = null;
             if ($http->hasSessionVariable(self::LAST_HANDLER_NAME)) {
                 $handlerName = $http->sessionVariable(self::LAST_HANDLER_NAME);
                 $handler = eZUserLoginHandler::instance($handlerName);
             }
             if ($handler) {
                 return $handler->preCollectUserInfo();
             } else {
                 $redirect =& $http->sessionVariable(self::LAST_CHECK_REDIRECT);
                 if (!$redirect) {
                     $redirect = array('module' => 'user', 'function' => 'login');
                 }
                 return $redirect;
             }
             break;
         case self::STEP_POST_COLLECT_USER_INFO:
             $http->setSessionVariable(self::STEP, self::STEP_LOGIN_USER);
             $handler = null;
             if ($http->hasSessionVariable(self::LAST_HANDLER_NAME)) {
                 $handlerName = $http->sessionVariable(self::LAST_HANDLER_NAME);
                 $handler = eZUserLoginHandler::instance($handlerName);
             }
             if ($handler) {
                 // Use specified login handler to handle Login info input
                 if (!$handler->postCollectUserInfo()) {
                     eZUserLoginHandler::sessionCleanup();
                     eZHTTPTool::redirect('/');
                     eZExecution::cleanExit();
                 }
             }
             return eZUserLoginHandler::checkUser($siteBasics, $url);
             break;
         case self::STEP_LOGIN_USER:
             $ini = eZINI::instance();
             $handlerList = array('standard');
             if ($ini->hasVariable('UserSettings', 'LoginHandler')) {
                 $handlerList = $ini->variable('UserSettings', 'LoginHandler');
             }
             $userInfoArray =& $http->sessionVariable(self::USER_INFO);
             $http->removeSessionVariable(self::USER_INFO);
             if ($http->hasSessionVariable(self::FORCE_LOGIN)) {
                 $http->removeSessionVariable(self::FORCE_LOGIN);
             }
             $user = null;
             if (is_array($userInfoArray) and $userInfoArray['login'] and $userInfoArray['password']) {
                 foreach ($handlerList as $handler) {
                     $userObject = eZUserLoginHandler::instance($handler);
                     if ($userObject) {
                         $user = $userObject->loginUser($userInfoArray['login'], $userInfoArray['password']);
                         if (is_subclass_of($user, 'eZUser')) {
                             eZUserLoginHandler::sessionCleanup();
                             return null;
                         } else {
                             if (is_array($user)) {
                                 eZUserLoginHandler::sessionCleanup();
                                 return $user;
                             }
                         }
                     }
                 }
             }
             $http->setSessionVariable(self::STEP, self::STEP_PRE_CHECK_USER_INFO);
             return eZUserLoginHandler::checkUser($siteBasics, $url);
             break;
     }
 }
Ejemplo n.º 8
0
 if ($userLogin != '') {
     if ($http->hasSessionVariable("RedirectAfterLogin", false)) {
         $http->removeSessionVariable('RedirectAfterLogin');
     }
     if ($ini->hasVariable('UserSettings', 'LoginHandler')) {
         $loginHandlers = $ini->variable('UserSettings', 'LoginHandler');
     } else {
         $loginHandlers = array('standard');
     }
     $hasAccessToSite = true;
     if ($http->hasPostVariable('Cookie') && $ini->hasVariable('Session', 'RememberMeTimeout') && ($rememberMeTimeout = $ini->variable('Session', 'RememberMeTimeout'))) {
         eZSession::setCookieParams($rememberMeTimeout);
     }
     foreach (array_keys($loginHandlers) as $key) {
         $loginHandler = $loginHandlers[$key];
         $userClass = eZUserLoginHandler::instance($loginHandler);
         if (!is_object($userClass)) {
             continue;
         }
         $user = $userClass->loginUser($userLogin, $userPassword);
         if ($user instanceof eZUser) {
             $hasAccessToSite = $user->canLoginToSiteAccess($GLOBALS['eZCurrentAccess']);
             if (!$hasAccessToSite) {
                 $user->logoutCurrent();
                 $user = null;
                 $siteAccessName = $GLOBALS['eZCurrentAccess']['name'];
                 $siteAccessAllowed = false;
             }
             break;
         }
     }
Ejemplo n.º 9
0
 protected function requestInit()
 {
     if ($this->isInitialized) {
         return;
     }
     eZExecution::setCleanExit(false);
     $scriptStartTime = microtime(true);
     $GLOBALS['eZRedirection'] = false;
     $this->access = eZSiteAccess::current();
     eZDebug::setScriptStart($scriptStartTime);
     eZDebug::addTimingPoint("Script start");
     $this->uri = eZURI::instance(eZSys::requestURI());
     $GLOBALS['eZRequestedURI'] = $this->uri;
     // Be able to do general events early in process
     ezpEvent::getInstance()->notify('request/preinput', array($this->uri));
     // Initialize module loading
     $this->siteBasics['module-repositories'] = eZModule::activeModuleRepositories();
     eZModule::setGlobalPathList($this->siteBasics['module-repositories']);
     // make sure we get a new $ini instance now that it has been reset
     $ini = eZINI::instance();
     // start: eZCheckValidity
     // pre check, setup wizard related so needs to be before session/db init
     // TODO: Move validity check in the constructor? Setup is not meant to be launched at each (sub)request is it?
     if ($ini->variable('SiteAccessSettings', 'CheckValidity') === 'true') {
         $this->check = array('module' => 'setup', 'function' => 'init');
         // Turn off some features that won't bee needed yet
         $this->siteBasics['policy-check-omit-list'][] = 'setup';
         $this->siteBasics['show-page-layout'] = $ini->variable('SetupSettings', 'PageLayout');
         $this->siteBasics['validity-check-required'] = true;
         $this->siteBasics['session-required'] = $this->siteBasics['user-object-required'] = false;
         $this->siteBasics['db-required'] = $this->siteBasics['no-cache-adviced'] = $this->siteBasics['url-translator-allowed'] = false;
         $this->siteBasics['site-design-override'] = $ini->variable('SetupSettings', 'OverrideSiteDesign');
         $this->access = eZSiteAccess::change(array('name' => 'setup', 'type' => eZSiteAccess::TYPE_URI));
         eZTranslatorManager::enableDynamicTranslations();
     }
     // stop: eZCheckValidity
     if ($this->siteBasics['session-required']) {
         // Check if this should be run in a cronjob
         if ($ini->variable('Session', 'BasketCleanup') !== 'cronjob') {
             eZSession::addCallback('destroy_pre', function (eZDBInterface $db, $key, $escapedKey) {
                 $basket = eZBasket::fetch($key);
                 if ($basket instanceof eZBasket) {
                     $basket->remove();
                 }
             });
             eZSession::addCallback('gc_pre', function (eZDBInterface $db, $time) {
                 eZBasket::cleanupExpired($time);
             });
             eZSession::addCallback('cleanup_pre', function (eZDBInterface $db) {
                 eZBasket::cleanup();
             });
         }
         // addCallBack to update session id for shop basket on session regenerate
         eZSession::addCallback('regenerate_post', function (eZDBInterface $db, $escNewKey, $escOldKey) {
             $db->query("UPDATE ezbasket SET session_id='{$escNewKey}' WHERE session_id='{$escOldKey}'");
         });
         // TODO: Session starting should be made only once in the constructor
         $this->sessionInit();
     }
     // if $this->siteBasics['db-required'], open a db connection and check that db is connected
     if ($this->siteBasics['db-required'] && !eZDB::instance()->isConnected()) {
         $this->warningList[] = array('error' => array('type' => 'kernel', 'number' => eZError::KERNEL_NO_DB_CONNECTION), 'text' => 'No database connection could be made, the system might not behave properly.');
     }
     // eZCheckUser: pre check, RequireUserLogin & FORCE_LOGIN related so needs to be after session init
     if (!isset($this->check)) {
         $this->check = eZUserLoginHandler::preCheck($this->siteBasics, $this->uri);
     }
     ezpEvent::getInstance()->notify('request/input', array($this->uri));
     // Initialize with locale settings
     // TODO: Move to constructor? Is it relevant to init the locale/charset for each (sub)requests?
     $this->languageCode = eZLocale::instance()->httpLocaleCode();
     $phpLocale = trim($ini->variable('RegionalSettings', 'SystemLocale'));
     if ($phpLocale != '') {
         setlocale(LC_ALL, explode(',', $phpLocale));
     }
     $this->httpCharset = eZTextCodec::httpCharset();
     // TODO: are these parameters supposed to vary across potential sub-requests?
     $this->site = array('title' => $ini->variable('SiteSettings', 'SiteName'), 'design' => $ini->variable('DesignSettings', 'SiteDesign'), 'http_equiv' => array('Content-Type' => 'text/html; charset=' . $this->httpCharset, 'Content-language' => $this->languageCode));
     // Read role settings
     $this->siteBasics['policy-check-omit-list'] = array_merge($this->siteBasics['policy-check-omit-list'], $ini->variable('RoleSettings', 'PolicyOmitList'));
     $this->isInitialized = true;
 }
Ejemplo n.º 10
0
    eZSession::addCallback('regenerate_post', 'eZSessionBasketRegenerate');
    if ($ini->variable('Session', 'ForceStart') === 'enabled') {
        eZSession::start();
    } else {
        eZSession::lazyStart();
    }
    // let session specify if db is required
    $dbRequired = eZSession::getHandlerInstance()->dbRequired();
}
// if $dbRequired, open a db connection and check that db is connected
if ($dbRequired && !eZDB::instance()->isConnected()) {
    $warningList[] = array('error' => array('type' => 'kernel', 'number' => eZError::KERNEL_NO_DB_CONNECTION), 'text' => 'No database connection could be made, the system might not behave properly.');
}
// eZCheckUser: pre check, RequireUserLogin & FORCE_LOGIN related so needs to be after session init
if (!isset($check)) {
    $check = eZUserLoginHandler::preCheck($siteBasics, $uri);
}
/**
 * Check for activating Debug by user ID (Final checking. The first was in eZDebug::updateSettings())
 * @uses eZUser::instance() So needs to be executed after eZSession::start()|lazyStart()
 */
eZDebug::checkDebugByUser();
ezpEvent::getInstance()->notify('request/input', array($uri));
// Initialize with locale settings
$locale = eZLocale::instance();
$languageCode = $locale->httpLocaleCode();
$phpLocale = trim($ini->variable('RegionalSettings', 'SystemLocale'));
if ($phpLocale != '') {
    setlocale(LC_ALL, explode(',', $phpLocale));
}
// send header information
Ejemplo n.º 11
0
 /**
  * Logins with $username and $password and returns the userID.
  *
  * @param string $username
  * @param string $password
  * @return int
  */
 public function loginEZPUser($username, $password)
 {
     $userClass = eZUserLoginHandler::instance('standard');
     $user = $userClass->loginUser('admin', 'publish');
     if (!$user instanceof eZUser) {
         return false;
     }
     $user = eZUser::currentUser();
     $userId = $user->attribute("contentobject_id");
     return $userId;
 }