/**
* Format is "auth user@example.com password"
*
* @param Net_SmartIRC $irc
* @param Net_SmartIRC_data $data
*/
public final function auth(Net_SmartIRC $irc, Net_SmartIRC_data $data)
{
if (count($data->messageex) != 3) {
$this->sendResponse($data->nick, 'Error: wrong parameter count for "AUTH" command. Format is "!auth user@example.com password".');
return;
}
$email = $data->messageex[1];
$password = $data->messageex[2];
// check if the email exists
if (!Auth::userExists($email)) {
$this->sendResponse($data->nick, 'Error: could not find a user account for the given email address "$email".');
return;
}
// check if the given password is correct
if (!Auth::isCorrectPassword($email, $password)) {
$this->sendResponse($data->nick, 'Error: The email address / password combination could not be found in the system.');
return;
}
// check if the user account is activated
if (!Auth::isActiveUser($email)) {
$this->sendResponse($data->nick, 'Error: Your user status is currently set as inactive. Please contact your local system administrator for further information.');
return;
}
$this->bot->addUser($data, $email);
$this->sendResponse($data->nick, 'Thank you, you have been successfully authenticated.');
}
/**
* @param string $email
* @param string $password
* @return bool
* @access public
*/
public function isValidLogin($email, $password)
{
if (!Auth::isCorrectPassword($email, $password) && !APIAuthToken::isTokenValidForEmail($password, $email)) {
$is_valid = false;
} else {
$is_valid = true;
}
return $is_valid;
}
/**
* Method used to check for the appropriate authentication for a specific
* page. It will check for the cookie name provided and redirect the user
* to another page if needed.
*
* @param string $cookie_name The name of the cookie to check for
* @param string $failed_url The URL to redirect to if the user is not authenticated
* @param boolean $is_popup Flag to tell the function if the current page is a popup window or not
* @return void
*/
public static function checkAuthentication($cookie_name, $failed_url = null, $is_popup = false)
{
self::getAuthBackend()->checkAuthentication();
if ($cookie_name == null) {
$cookie_name = APP_COOKIE;
}
if ($failed_url == null) {
$failed_url = APP_RELATIVE_URL . 'index.php?err=5';
}
$failed_url .= '&url=' . urlencode($_SERVER['REQUEST_URI']);
if (!isset($_COOKIE[$cookie_name])) {
if (APP_ANON_USER) {
$anon_usr_id = User::getUserIDByEmail(APP_ANON_USER);
$prj_id = reset(array_keys(Project::getAssocList($anon_usr_id)));
self::createFakeCookie($anon_usr_id, $prj_id);
self::createLoginCookie(APP_COOKIE, APP_ANON_USER, false);
self::setCurrentProject($prj_id, true);
Session::init($anon_usr_id);
} else {
// check for valid HTTP_BASIC params
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
if (Auth::isCorrectPassword($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) {
$usr_id = User::getUserIDByEmail($_SERVER['PHP_AUTH_USER'], true);
$prj_id = reset(array_keys(Project::getAssocList($usr_id)));
self::createFakeCookie($usr_id, $prj_id);
self::createLoginCookie(APP_COOKIE, APP_ANON_USER);
self::setCurrentProject($prj_id, true);
} else {
header('WWW-Authenticate: Basic realm="Eventum"');
header('HTTP/1.0 401 Unauthorized');
echo 'Login Failed';
return;
}
} else {
self::redirect($failed_url, $is_popup);
}
}
}
$cookie = $_COOKIE[$cookie_name];
$cookie = unserialize(base64_decode($cookie));
if (!self::isValidCookie($cookie)) {
self::removeCookie($cookie_name);
self::redirect($failed_url, $is_popup);
}
if (self::isPendingUser($cookie['email'])) {
self::removeCookie($cookie_name);
self::redirect('index.php?err=9', $is_popup);
}
if (!self::isActiveUser($cookie['email'])) {
self::removeCookie($cookie_name);
self::redirect('index.php?err=7', $is_popup);
}
$usr_id = self::getUserID();
// check the session
Session::verify($usr_id);
if (!defined('SKIP_LANGUAGE_INIT')) {
Language::setPreference();
}
// check whether the project selection is set or not
$prj_id = self::getCurrentProject();
if (empty($prj_id)) {
// redirect to select project page
self::redirect(APP_RELATIVE_URL . 'select_project.php?url=' . urlencode($_SERVER['REQUEST_URI']), $is_popup);
}
// check the expiration date for a 'Customer' type user
$contact_id = User::getCustomerContactID($usr_id);
if (!empty($contact_id) && CRM::hasCustomerIntegration($prj_id)) {
$crm = CRM::getInstance($prj_id);
$crm->authenticateCustomer();
}
// auto switch project
if (isset($_GET['switch_prj_id'])) {
self::setCurrentProject($_GET['switch_prj_id'], false);
self::redirect($_SERVER['PHP_SELF'] . '?' . str_replace('switch_prj_id=' . $_GET['switch_prj_id'], '', $_SERVER['QUERY_STRING']));
}
// if the current session is still valid, then renew the expiration
self::createLoginCookie($cookie_name, $cookie['email'], $cookie['permanent']);
// renew the project cookie as well
$prj_cookie = self::getCookieInfo(APP_PROJECT_COOKIE);
self::setCurrentProject($prj_id, $prj_cookie['remember']);
}
$login = isset($_POST['email']) ? (string) $_POST['email'] : null;
if (Validation::isWhitespace($login)) {
Auth::redirect('index.php?err=1');
}
$passwd = isset($_POST['passwd']) ? (string) $_POST['passwd'] : null;
if (Validation::isWhitespace($passwd)) {
Auth::saveLoginAttempt($login, 'failure', 'empty password');
Auth::redirect('index.php?err=2&email=' . rawurlencode($login));
}
// check if user exists
if (!Auth::userExists($login)) {
Auth::saveLoginAttempt($login, 'failure', 'unknown user');
Auth::redirect('index.php?err=3');
}
// check if user is locked
if (Auth::isUserBackOffLocked(Auth::getUserIDByLogin($login))) {
Auth::saveLoginAttempt($login, 'failure', 'account back-off locked');
Auth::redirect('index.php?err=13');
}
// check if the password matches
if (!Auth::isCorrectPassword($login, $passwd)) {
Auth::saveLoginAttempt($login, 'failure', 'wrong password');
Auth::redirect('index.php?err=3&email=' . rawurlencode($login));
}
Auth::login($login);
if (!empty($_POST['url'])) {
$extra = '?url=' . urlencode($_POST['url']);
} else {
$extra = '';
}
Auth::redirect('select_project.php' . $extra);
function isValidLogin($p)
{
$email = XML_RPC_decode($p->getParam(0));
$password = XML_RPC_decode($p->getParam(1));
if (!Auth::isCorrectPassword($email, $password)) {
$is_valid = 'no';
} else {
$is_valid = 'yes';
}
return new XML_RPC_Response(new XML_RPC_Value($is_valid, $XML_RPC_String));
}
public function authenticate(&$irc, &$data)
{
global $auth;
$pieces = explode(' ', $data->message);
if (count($pieces) != 3) {
$this->sendResponse($irc, $data->nick, 'Error: wrong parameter count for "AUTH" command. Format is "!auth user@example.com password".');
return;
}
$email = $pieces[1];
$password = $pieces[2];
// check if the email exists
if (!Auth::userExists($email)) {
$this->sendResponse($irc, $data->nick, 'Error: could not find a user account for the given email address "$email".');
return;
}
// check if the given password is correct
if (!Auth::isCorrectPassword($email, $password)) {
$this->sendResponse($irc, $data->nick, 'Error: The email address / password combination could not be found in the system.');
return;
}
// check if the user account is activated
if (!Auth::isActiveUser($email)) {
$this->sendResponse($irc, $data->nick, 'Error: Your user status is currently set as inactive. Please contact your local system administrator for further information.');
return;
} else {
$auth[$data->nick] = $email;
$this->sendResponse($irc, $data->nick, 'Thank you, you have been successfully authenticated.');
return;
}
}
}
// END ETEL MODIFIED
if (Validation::isWhitespace($HTTP_POST_VARS["email"])) {
Auth::redirect(APP_RELATIVE_URL . "index.php?err=1");
}
if (Validation::isWhitespace($HTTP_POST_VARS["passwd"])) {
Auth::saveLoginAttempt($HTTP_POST_VARS["email"], 'failure', 'empty password');
Auth::redirect(APP_RELATIVE_URL . "index.php?err=2&email=" . $HTTP_POST_VARS["email"]);
}
// check if user exists
if (!Auth::userExists($HTTP_POST_VARS["email"])) {
Auth::saveLoginAttempt($HTTP_POST_VARS["email"], 'failure', 'unknown user');
Auth::redirect(APP_RELATIVE_URL . "index.php?err=3");
}
// check if the password matches
if (!Auth::isCorrectPassword($HTTP_POST_VARS["email"], $HTTP_POST_VARS["passwd"])) {
Auth::saveLoginAttempt($HTTP_POST_VARS["email"], 'failure', 'wrong password');
Auth::redirect(APP_RELATIVE_URL . "index.php?err=3&email=" . $HTTP_POST_VARS["email"]);
}
// check if this user did already confirm his account
if (Auth::isPendingUser($HTTP_POST_VARS["email"])) {
Auth::saveLoginAttempt($HTTP_POST_VARS["email"], 'failure', 'pending user');
Auth::redirect(APP_RELATIVE_URL . "index.php?err=9", $is_popup);
}
// check if this user is really an active one
if (!Auth::isActiveUser($HTTP_POST_VARS["email"])) {
Auth::saveLoginAttempt($HTTP_POST_VARS["email"], 'failure', 'inactive user');
Auth::redirect(APP_RELATIVE_URL . "index.php?err=7", $is_popup);
}
Auth::saveLoginAttempt($HTTP_POST_VARS["email"], 'success');
// redirect to the initial page
/**
* NOTE: this needs to be public for PHP 5.3 compatibility
*
* @param ReflectionMethod $method
* @param array $params Method parameters in already decoded into PHP types
* @param bool $public true if method should not be protected with login/password
* @param array $pdesc Parameter descriptions
* @return string
*/
public function handle($method, $params, $public, $pdesc)
{
// there's method to set this via $client->setAutoBase64(true);
// but nothing at server side. where we actually need it
$GLOBALS['XML_RPC_auto_base64'] = true;
try {
if (!$public) {
list($email, $password) = $this->getAuthParams($params);
if (!Auth::isCorrectPassword($email, $password) && !APIAuthToken::isTokenValidForEmail($password, $email)) {
// FIXME: role is not checked here
throw new RemoteApiException("Authentication failed for {$email}. Your login/password/api key is invalid or you do not have the proper role.");
}
AuthCookie::setAuthCookie($email);
}
if ($pdesc) {
$this->decodeParams($params, $pdesc);
}
$res = $method->invokeArgs($this->api, $params);
} catch (Exception $e) {
global $XML_RPC_erruser;
$code = $e->getCode() ?: 1;
$res = new XML_RPC_Response(0, $XML_RPC_erruser + $code, $e->getMessage());
}
if (!$res instanceof XML_RPC_Response) {
$res = new XML_RPC_Response(XML_RPC_Encode($res));
}
return $res;
}
/**
* Authorize request.
* TODO: translations
* TODO: ip based control
*/
function authorizeRequest()
{
// try current auth cookie
$usr_id = Auth::getUserID();
if (!$usr_id) {
// otherwise setup HTTP Auth headers
$authData = getAuthData();
if ($authData === null) {
sendAuthenticateHeader();
echo 'Error: You are required to authenticate in order to access the requested RSS feed.';
exit;
}
list($authUser, $authPassword) = $authData;
// check the authentication
if (Validation::isWhitespace($authUser)) {
sendAuthenticateHeader();
echo 'Error: Please provide your email address.';
exit;
}
if (Validation::isWhitespace($authPassword)) {
sendAuthenticateHeader();
echo 'Error: Please provide your password.';
exit;
}
// check if user exists
if (!Auth::userExists($authUser)) {
sendAuthenticateHeader();
echo 'Error: The user specified does not exist.';
exit;
}
// check if the password matches
if (!Auth::isCorrectPassword($authUser, $authPassword)) {
sendAuthenticateHeader();
echo 'Error: The provided email address/password combo is not correct.';
exit;
}
// check if this user did already confirm his account
if (Auth::isPendingUser($authUser)) {
sendAuthenticateHeader();
echo 'Error: The provided user still needs to have its account confirmed.';
exit;
}
// check if this user is really an active one
if (!Auth::isActiveUser($authUser)) {
sendAuthenticateHeader();
echo 'Error: The provided user is currently set as an inactive user.';
exit;
}
$usr_id = User::getUserIDByEmail($authUser);
Auth::createFakeCookie($usr_id);
}
// check if the required parameter 'custom_id' is really being passed
if (empty($_GET['custom_id'])) {
rssError("Error: The required 'custom_id' parameter was not provided.");
exit;
}
// check if the passed 'custom_id' parameter is associated with the usr_id
if (!Filter::isGlobal($_GET['custom_id']) && !Filter::isOwner($_GET['custom_id'], $usr_id)) {
rssError('Error: The provided custom filter ID is not associated with the given email address.');
exit;
}
}
echo 'Error: Please provide your email address.';
exit;
}
if (Validation::isWhitespace($HTTP_SERVER_VARS['PHP_AUTH_PW'])) {
authenticate();
echo 'Error: Please provide your password.';
exit;
}
// check if user exists
if (!Auth::userExists($HTTP_SERVER_VARS['PHP_AUTH_USER'])) {
authenticate();
echo 'Error: The user specified does not exist.';
exit;
}
// check if the password matches
if (!Auth::isCorrectPassword($HTTP_SERVER_VARS['PHP_AUTH_USER'], $HTTP_SERVER_VARS['PHP_AUTH_PW'])) {
authenticate();
echo 'Error: The provided email address/password combo is not correct.';
exit;
}
// check if this user did already confirm his account
if (Auth::isPendingUser($HTTP_SERVER_VARS['PHP_AUTH_USER'])) {
authenticate();
echo 'Error: The provided user still needs to have its account confirmed.';
exit;
}
// check if this user is really an active one
if (!Auth::isActiveUser($HTTP_SERVER_VARS['PHP_AUTH_USER'])) {
authenticate();
echo 'Error: The provided user is currently set as an inactive user.';
exit;
/**
* FIXME: this should return bool
*
* @param string $email
* @param string $password
* @return string
* @access public
*/
public function isValidLogin($email, $password)
{
if (!Auth::isCorrectPassword($email, $password)) {
$is_valid = 'no';
} else {
$is_valid = 'yes';
}
return $is_valid;
}
