/**
* Format is "auth user@example.com password"
*
* @param Net_SmartIRC $irc
* @param Net_SmartIRC_data $data
*/
public final function auth(Net_SmartIRC $irc, Net_SmartIRC_data $data)
{
if (count($data->messageex) != 3) {
$this->sendResponse($data->nick, 'Error: wrong parameter count for "AUTH" command. Format is "!auth user@example.com password".');
return;
}
$email = $data->messageex[1];
$password = $data->messageex[2];
// check if the email exists
if (!Auth::userExists($email)) {
$this->sendResponse($data->nick, 'Error: could not find a user account for the given email address "$email".');
return;
}
// check if the given password is correct
if (!Auth::isCorrectPassword($email, $password)) {
$this->sendResponse($data->nick, 'Error: The email address / password combination could not be found in the system.');
return;
}
// check if the user account is activated
if (!Auth::isActiveUser($email)) {
$this->sendResponse($data->nick, 'Error: Your user status is currently set as inactive. Please contact your local system administrator for further information.');
return;
}
$this->bot->addUser($data, $email);
$this->sendResponse($data->nick, 'Thank you, you have been successfully authenticated.');
}
/**
* Import a user from ldap
* Check all the directories. When the user is found, then import it
*
* @param $options array containing condition:
* array('name'=>'glpi') or array('email' => 'test at test.com')
**/
static function importUserFromServers($options = array())
{
$auth = new Auth();
$params = array();
if (isset($options['name'])) {
$params['value'] = $options['name'];
$params['method'] = self::IDENTIFIER_LOGIN;
}
if (isset($options['email'])) {
$params['value'] = $options['email'];
$params['method'] = self::IDENTIFIER_EMAIL;
}
$auth->user_present = $auth->userExists($options);
//If the user does not exists
if ($auth->user_present == 0) {
$auth->getAuthMethods();
$ldap_methods = $auth->authtypes["ldap"];
$userid = -1;
foreach ($ldap_methods as $ldap_method) {
if ($ldap_method['is_active']) {
$result = self::ldapImportUserByServerId($params, 0, $ldap_method["id"], true);
if ($result != false) {
return $result;
}
}
}
Session::addMessageAfterRedirect(__('User not found or several users found'), false, ERROR);
} else {
Session::addMessageAfterRedirect(__('Unable to add. The user already exist.'), false, ERROR);
}
return false;
}
/**
* Method used to create a new user account with pending status and send a
* confirmation email to the prospective user.
*
* @param string $role The user role
* @param array $projects The list of projects that this user will be associated with
* @return integer 1 if the creation worked, -1 otherwise
*/
public static function createVisitorAccount($role, $projects)
{
// check for double submits
if (Auth::userExists($_POST['email'])) {
return -2;
}
$stmt = 'INSERT INTO
{{%user}}
(
usr_created_date,
usr_password,
usr_full_name,
usr_email,
usr_status
) VALUES (?, ?, ?, ?, ?)';
try {
DB_Helper::getInstance()->query($stmt, array(Date_Helper::getCurrentDateGMT(), Auth::hashPassword($_POST['passwd']), $_POST['full_name'], $_POST['email'], 'pending'));
} catch (DbException $e) {
return -1;
}
$new_usr_id = DB_Helper::get_last_insert_id();
// add the project associations!
foreach ($projects as $prj_id) {
Project::associateUser($prj_id, $new_usr_id, $role);
}
Prefs::set($new_usr_id, Prefs::getDefaults($projects));
// send confirmation email to user
$hash = md5($_POST['full_name'] . $_POST['email'] . Auth::privateKey());
$tpl = new Template_Helper();
$tpl->setTemplate('notifications/visitor_account.tpl.text');
$tpl->assign(array('app_title' => Misc::getToolCaption(), 'email' => $_POST['email'], 'hash' => $hash));
$text_message = $tpl->getTemplateContents();
$setup = Setup::load();
$mail = new Mail_Helper();
// need to make this message MIME based
$mail->setTextBody($text_message);
$mail->send($setup['smtp']['from'], $_POST['email'], APP_SHORT_NAME . ': New Account - Confirmation Required');
return 1;
}
/**
* Import a user from ldap
* Check all the directories. When the user is found, then import it
* @param $options array containing condition :
*
* array('name'=>'glpi') or array('email' => 'test at test.com')
**/
static function importUserFromServers($options = array())
{
global $LANG;
$auth = new Auth();
$params = array();
if (isset($options['name'])) {
$params['value'] = $options['name'];
$params['method'] = self::IDENTIFIER_LOGIN;
}
if (isset($options['email'])) {
$params['value'] = $options['email'];
$params['method'] = self::IDENTIFIER_EMAIL;
}
$auth->user_present = $auth->userExists($options);
//If the user does not exists
if ($auth->user_present == 0) {
$auth->getAuthMethods();
$ldap_methods = $auth->authtypes["ldap"];
$userid = -1;
foreach ($ldap_methods as $ldap_method) {
if ($ldap_method['is_active']) {
$result = self::ldapImportUserByServerId($params, 0, $ldap_method["id"], true);
if ($result != false) {
return $result;
}
}
}
addMessageAfterRedirect($LANG['login'][15], false, ERROR);
} else {
addMessageAfterRedirect($LANG['setup'][606], false, ERROR);
}
return false;
}
public static function createNewUser($username, $password = null, $email)
{
$db = Database::getDatabase();
if (Auth::userExists($username)) {
return false;
}
if (is_null($password)) {
$password = Auth::generateStrongPassword();
}
srand(time());
$u = new User();
$u->username = $username;
$u->nid = self::newNid();
$u->password = self::hashedPassword($password);
$u->email = $email;
$u->insert();
// Create the activation code
Activation::generate($u->id, 20);
return $u;
}
// +----------------------------------------------------------------------+
// | Authors: João Prado Maia <*****@*****.**> |
// | Authors: Elan Ruusamäe <*****@*****.**> |
// +----------------------------------------------------------------------+
require_once dirname(__FILE__) . '/../init.php';
$login = isset($_POST['email']) ? (string) $_POST['email'] : null;
if (Validation::isWhitespace($login)) {
Auth::redirect('index.php?err=1');
}
$passwd = isset($_POST['passwd']) ? (string) $_POST['passwd'] : null;
if (Validation::isWhitespace($passwd)) {
Auth::saveLoginAttempt($login, 'failure', 'empty password');
Auth::redirect('index.php?err=2&email=' . rawurlencode($login));
}
// check if user exists
if (!Auth::userExists($login)) {
Auth::saveLoginAttempt($login, 'failure', 'unknown user');
Auth::redirect('index.php?err=3');
}
// check if user is locked
if (Auth::isUserBackOffLocked(Auth::getUserIDByLogin($login))) {
Auth::saveLoginAttempt($login, 'failure', 'account back-off locked');
Auth::redirect('index.php?err=13');
}
// check if the password matches
if (!Auth::isCorrectPassword($login, $passwd)) {
Auth::saveLoginAttempt($login, 'failure', 'wrong password');
Auth::redirect('index.php?err=3&email=' . rawurlencode($login));
}
Auth::login($login);
if (!empty($_POST['url'])) {
public function authenticate(&$irc, &$data)
{
global $auth;
$pieces = explode(' ', $data->message);
if (count($pieces) != 3) {
$this->sendResponse($irc, $data->nick, 'Error: wrong parameter count for "AUTH" command. Format is "!auth user@example.com password".');
return;
}
$email = $pieces[1];
$password = $pieces[2];
// check if the email exists
if (!Auth::userExists($email)) {
$this->sendResponse($irc, $data->nick, 'Error: could not find a user account for the given email address "$email".');
return;
}
// check if the given password is correct
if (!Auth::isCorrectPassword($email, $password)) {
$this->sendResponse($irc, $data->nick, 'Error: The email address / password combination could not be found in the system.');
return;
}
// check if the user account is activated
if (!Auth::isActiveUser($email)) {
$this->sendResponse($irc, $data->nick, 'Error: Your user status is currently set as inactive. Please contact your local system administrator for further information.');
return;
} else {
$auth[$data->nick] = $email;
$this->sendResponse($irc, $data->nick, 'Thank you, you have been successfully authenticated.');
return;
}
}
Auth::updateAccess($_SESSION['gw_user_en_ID'], 4, 6);
Auth::updateAccess($_SESSION['gw_user_en_ID'], 5, 6);
Auth::updateAccess($_SESSION['gw_user_en_ID'], 6, 6);
break;
}
}
// END ETEL MODIFIED
if (Validation::isWhitespace($HTTP_POST_VARS["email"])) {
Auth::redirect(APP_RELATIVE_URL . "index.php?err=1");
}
if (Validation::isWhitespace($HTTP_POST_VARS["passwd"])) {
Auth::saveLoginAttempt($HTTP_POST_VARS["email"], 'failure', 'empty password');
Auth::redirect(APP_RELATIVE_URL . "index.php?err=2&email=" . $HTTP_POST_VARS["email"]);
}
// check if user exists
if (!Auth::userExists($HTTP_POST_VARS["email"])) {
Auth::saveLoginAttempt($HTTP_POST_VARS["email"], 'failure', 'unknown user');
Auth::redirect(APP_RELATIVE_URL . "index.php?err=3");
}
// check if the password matches
if (!Auth::isCorrectPassword($HTTP_POST_VARS["email"], $HTTP_POST_VARS["passwd"])) {
Auth::saveLoginAttempt($HTTP_POST_VARS["email"], 'failure', 'wrong password');
Auth::redirect(APP_RELATIVE_URL . "index.php?err=3&email=" . $HTTP_POST_VARS["email"]);
}
// check if this user did already confirm his account
if (Auth::isPendingUser($HTTP_POST_VARS["email"])) {
Auth::saveLoginAttempt($HTTP_POST_VARS["email"], 'failure', 'pending user');
Auth::redirect(APP_RELATIVE_URL . "index.php?err=9", $is_popup);
}
// check if this user is really an active one
if (!Auth::isActiveUser($HTTP_POST_VARS["email"])) {
/**
* Test deleting a user
*
* @test
*/
public function testDeleteUser()
{
\Auth::deleteUser(2, false);
$output = \Auth::userExists(2, false);
$this->assertFalse($output);
$output = \Auth::userExists(2, true);
$this->assertTrue($output);
\Auth::deleteUser(2, true);
$output = \Auth::userExists(2, true);
$this->assertFalse($output);
}
/**
* Authorize request.
* TODO: translations
* TODO: ip based control
*/
function authorizeRequest()
{
// try current auth cookie
$usr_id = Auth::getUserID();
if (!$usr_id) {
// otherwise setup HTTP Auth headers
$authData = getAuthData();
if ($authData === null) {
sendAuthenticateHeader();
echo 'Error: You are required to authenticate in order to access the requested RSS feed.';
exit;
}
list($authUser, $authPassword) = $authData;
// check the authentication
if (Validation::isWhitespace($authUser)) {
sendAuthenticateHeader();
echo 'Error: Please provide your email address.';
exit;
}
if (Validation::isWhitespace($authPassword)) {
sendAuthenticateHeader();
echo 'Error: Please provide your password.';
exit;
}
// check if user exists
if (!Auth::userExists($authUser)) {
sendAuthenticateHeader();
echo 'Error: The user specified does not exist.';
exit;
}
// check if the password matches
if (!Auth::isCorrectPassword($authUser, $authPassword)) {
sendAuthenticateHeader();
echo 'Error: The provided email address/password combo is not correct.';
exit;
}
// check if this user did already confirm his account
if (Auth::isPendingUser($authUser)) {
sendAuthenticateHeader();
echo 'Error: The provided user still needs to have its account confirmed.';
exit;
}
// check if this user is really an active one
if (!Auth::isActiveUser($authUser)) {
sendAuthenticateHeader();
echo 'Error: The provided user is currently set as an inactive user.';
exit;
}
$usr_id = User::getUserIDByEmail($authUser);
Auth::createFakeCookie($usr_id);
}
// check if the required parameter 'custom_id' is really being passed
if (empty($_GET['custom_id'])) {
rssError("Error: The required 'custom_id' parameter was not provided.");
exit;
}
// check if the passed 'custom_id' parameter is associated with the usr_id
if (!Filter::isGlobal($_GET['custom_id']) && !Filter::isOwner($_GET['custom_id'], $usr_id)) {
rssError('Error: The provided custom filter ID is not associated with the given email address.');
exit;
}
}
public function username($username)
{
if (!Auth::userExists($username)) {
return true;
} else {
$this->add('error', 'The username is already taken.');
return false;
}
}
echo 'Error: You are required to authenticate in order to access the requested RSS feed.';
exit;
} else {
// check the authentication
if (Validation::isWhitespace($HTTP_SERVER_VARS['PHP_AUTH_USER'])) {
authenticate();
echo 'Error: Please provide your email address.';
exit;
}
if (Validation::isWhitespace($HTTP_SERVER_VARS['PHP_AUTH_PW'])) {
authenticate();
echo 'Error: Please provide your password.';
exit;
}
// check if user exists
if (!Auth::userExists($HTTP_SERVER_VARS['PHP_AUTH_USER'])) {
authenticate();
echo 'Error: The user specified does not exist.';
exit;
}
// check if the password matches
if (!Auth::isCorrectPassword($HTTP_SERVER_VARS['PHP_AUTH_USER'], $HTTP_SERVER_VARS['PHP_AUTH_PW'])) {
authenticate();
echo 'Error: The provided email address/password combo is not correct.';
exit;
}
// check if this user did already confirm his account
if (Auth::isPendingUser($HTTP_SERVER_VARS['PHP_AUTH_USER'])) {
authenticate();
echo 'Error: The provided user still needs to have its account confirmed.';
exit;
/**
* Method used to create a new user account with pending status and send a
* confirmation email to the prospective user.
*
* @access public
* @param string $role The user role
* @param array $projects The list of projects that this user will be associated with
* @return integer 1 if the creation worked, -1 otherwise
*/
function createVisitorAccount($role, $projects)
{
global $HTTP_POST_VARS;
// check for double submits
if (Auth::userExists($HTTP_POST_VARS["email"])) {
return -2;
}
$username = preg_split('/@/', $HTTP_POST_VARS["email"], 2) . '_' . rand(100, 999);
$fn = preg_split('/\\s+/', $HTTP_POST_VARS["full_name"], 2);
$prefs = Prefs::getDefaults($projects);
$stmt = "INSERT INTO\n " . ETEL_USER_TABLE_NOSUB . "\n\t\t\t\tSET\n en_ev_customer_id = NULL,\n en_ev_contact_id = NULL,\n en_signup = '" . Date_API::getCurrentDateGMT() . "',\n en_username = '******',\n en_password = '******',\n en_firstname = '" . Misc::escapeString($fn[0]) . "',\n en_lastname = '" . Misc::escapeString($fn[1]) . "',\n en_email = '" . Misc::escapeString($HTTP_POST_VARS["email"]) . "',\n en_ev_pref = '" . Misc::escapeString($prefs) . "'\n ";
$res = $GLOBALS["db_api"]->dbh->query($stmt);
if (PEAR::isError($res)) {
Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
return -1;
} else {
$new_usr_id = $GLOBALS["db_api"]->get_last_insert_id();
// add the project associations!
for ($i = 0; $i < count($projects); $i++) {
Project::associateUser($projects[$i], $new_usr_id, $role);
}
// send confirmation email to user
$hash = md5($HTTP_POST_VARS["full_name"] . md5($HTTP_POST_VARS["email"]) . $GLOBALS["private_key"]);
$msg = "Hello,\n\n";
$msg .= "We just received a request to create a new account in our issue tracking system. ";
$msg .= "For security reasons we need you to confirm this request so we can finish the account creation process.\n\n";
$msg .= "If this is not a real request from you, or you are not interested in creating a new account anymore, ";
$msg .= "please disregard this email. In a week the request will be erased automatically.\n\n";
$msg .= "However, if you would like to confirm the new account, please do so by visiting the URL below:\n\n";
$msg .= APP_BASE_URL . "confirm.php?cat=newuser&email=" . $HTTP_POST_VARS["email"] . "&hash=" . $hash . "\n\n";
$setup = Setup::load();
$mail = new Mail_API();
// need to make this message MIME based
$mail->setTextBody($msg);
$mail->send($setup["smtp"]["from"], $HTTP_POST_VARS["email"], APP_SHORT_NAME . ": New Account - Confirmation Required");
return 1;
}
}
