protected function initializeForPage() { if (!$this->getSiteVar('AUTHENTICATION_ENABLED')) { throw new Exception("Authentication is not enabled on this site"); } $url = $this->getArg('url', ''); //return url $this->assign('url', $url); $session = $this->getSession(); $authenticationAuthorities = array(); $authenticationAuthorityLinks = array(); foreach (AuthenticationAuthority::getDefinedAuthenticationAuthorities() as $authorityIndex=>$authorityData) { $USER_LOGIN = $this->argVal($authorityData, 'USER_LOGIN', 'NONE'); if ($USER_LOGIN=='FORM') { $authenticationAuthorities[$authorityIndex] = $authorityData; } elseif ($USER_LOGIN=='LINK') { $authenticationAuthorityLinks[$authorityIndex] = $authorityData; } } if (count($authenticationAuthorities)==0 && count($authenticationAuthorityLinks)==0) { throw new Exception("No authentication authorities have been defined"); } $this->assign('authenticationAuthorities', $authenticationAuthorities); $this->assign('authenticationAuthorityLinks', $authenticationAuthorityLinks); $this->assign('allowRemainLoggedIn', $this->getSiteVar('AUTHENTICATION_REMAIN_LOGGED_IN_TIME')); if ($forgetPasswordURL = $this->getModuleVar('FORGET_PASSWORD_URL')) { $this->assign('FORGET_PASSWORD_URL', $this->buildBreadcrumbURL('forgotpassword', array())); } $multipleAuthorities = count($authenticationAuthorities) + count($authenticationAuthorityLinks) > 1; switch ($this->page) { case 'logoutConfirm': $authorityIndex = $this->getArg('authority'); if (!$this->isLoggedIn($authorityIndex)) { $this->redirectTo('index', array()); } elseif ($user = $this->getUser($authorityIndex)) { $authority = $user->getAuthenticationAuthority(); $this->assign('message', sprintf("You are logged in as %s %s", $user->getFullName(), $multipleAuthorities ? '(' . $authority->getAuthorityTitle() . ')' : '')); $this->assign('url', $this->buildURL('logout', array('authority'=>$authorityIndex))); $this->assign('linkText', 'Logout'); $this->setTemplatePage('message'); } else { $this->redirectTo('index', array()); } break; case 'logout': $this->setTemplatePage('message'); $authorityIndex = $this->getArg('authority'); $hard = $this->getArg('hard', false); if (!$this->isLoggedIn($authorityIndex)) { $this->redirectTo('index', array()); } elseif ($authority = AuthenticationAuthority::getAuthenticationAuthority($authorityIndex)) { $result = $session->logout($authority, $hard); } else { $this->redirectTo('index', array()); } $this->assign('message', $result ? 'Logout Successful' : 'Logout failed'); break; case 'login': $login = $this->argVal($_POST, 'loginUser', ''); $password = $this->argVal($_POST, 'loginPassword', ''); $options = array( 'url'=>$url ); $referrer = $this->argVal($_SERVER, 'HTTP_REFERER', ''); $session = $this->getSession(); $session->setRemainLoggedIn($this->getArg('remainLoggedIn', 0)); if ($this->argVal($_POST, 'login_link')) { $authorityIndex = key($this->argVal($_POST, 'login_link')); } else { $authorityIndex = $this->getArg('authority', AuthenticationAuthority::getDefaultAuthenticationAuthorityIndex()); } $this->assign('authority', $authorityIndex); if ($this->isLoggedIn($authorityIndex)) { $this->redirectTo('index', $options); } if ($this->argVal($_POST, 'login_submit') && empty($login)) { $this->redirectTo('index', $options); } if ($authority = AuthenticationAuthority::getAuthenticationAuthority($authorityIndex)) { $authority->setDebugMode($this->getSiteVar('DATA_DEBUG')); $result = $authority->login($login, $password, $session, $options); } else { error_log("Invalid authority $authorityIndex"); $this->redirectTo('index', $options); } switch ($result) { case AUTH_OK: if ($url) { header("Location: $url"); exit(); } $this->setTemplatePage('message'); $this->assign('message', 'Login Successful'); break; case AUTH_FAILED: case AUTH_USER_NOT_FOUND: $this->setTemplatePage('login'); $this->assign('message', 'Login Failed. Please check your login and password'); break; default: $this->setTemplatePage('login'); $this->assign('message', "Login Failed. An unknown error occurred $result"); } break; case 'forgotpassword': if ($forgetPasswordURL = $this->getModuleVar('FORGET_PASSWORD_URL')) { header("Location: $forgetPasswordURL"); exit(); } else { $this->redirectTo('index', array()); } break; case 'index': if ($this->isLoggedIn()) { if ($url) { header("Location: $url"); exit(); } if (!$multipleAuthorities) { $user = $this->getUser(); $this->redirectTo('logoutConfirm', array('authority'=>$user->getAuthenticationAuthorityIndex())); } $sessionUsers = $session->getUsers(); $users = array(); foreach ($sessionUsers as $authority=>$user) { $users[] = array( 'title'=>sprintf("%s", $user->getFullName()), 'subtitle'=>$user->getAuthenticationAuthorityIndex(), 'url' =>$this->buildBreadcrumbURL('logoutConfirm', array('authority'=>$user->getAuthenticationAuthorityIndex()), false) ); if (isset($authenticationAuthorities[$authority])) { unset($authenticationAuthorities[$authority]); } if (isset($authenticationAuthorityLinks[$authority])) { unset($authenticationAuthorityLinks[$authority]); } } $this->assign('users', $users); $this->assign('authenticationAuthorities', $authenticationAuthorities); $this->assign('authenticationAuthorityLinks', $authenticationAuthorityLinks); $this->setTemplatePage('loggedin'); } else { $this->setTemplatePage('login'); } break; } }
protected function initializeForPage() { if (!Kurogo::getSiteVar('AUTHENTICATION_ENABLED')) { throw new Exception("Authentication is not enabled on this site"); } $session = $this->getSession(); $url = $this->getArg('url',''); $allowRemainLoggedIn = Kurogo::getOptionalSiteVar('AUTHENTICATION_REMAIN_LOGGED_IN_TIME'); if ($allowRemainLoggedIn) { $remainLoggedIn = $this->getArg('remainLoggedIn', 0); } else { $remainLoggedIn = 0; } $authenticationAuthorities = array( 'direct'=>array(), 'indirect'=>array() ); $invalidAuthorities = array(); foreach (AuthenticationAuthority::getDefinedAuthenticationAuthorities() as $authorityIndex=>$authorityData) { $USER_LOGIN = $this->argVal($authorityData, 'USER_LOGIN', 'NONE'); try { $authority = AuthenticationAuthority::getAuthenticationAuthority($authorityIndex); $authorityData['listclass'] = $authority->getAuthorityClass(); $authorityData['title'] = $authorityData['TITLE']; $authorityData['url'] = $this->buildURL('login', array( 'authority'=>$authorityIndex, 'url'=>$url, 'remainLoggedIn'=>$remainLoggedIn, 'startOver'=>1 )); if ($USER_LOGIN=='FORM') { $authenticationAuthorities['direct'][$authorityIndex] = $authorityData; } elseif ($USER_LOGIN=='LINK') { $authenticationAuthorities['indirect'][$authorityIndex] = $authorityData; } } catch (Exception $e) { error_log(sprintf("Invalid authority data for %s: %s", $authorityIndex, $e->getMessage())); $invalidAuthorities[$authorityIndex] = $e->getMessage(); } } if (count($authenticationAuthorities['direct'])==0 && count($authenticationAuthorities['indirect'])==0) { $message = "No authentication authorities have been defined."; if (count($invalidAuthorities)>0) { $message .= sprintf(" %s invalid authorit%s found:\n", count($invalidAuthorities), count($invalidAuthorities)>1 ?'ies':'y'); foreach ($invalidAuthorities as $authorityIndex=>$invalidAuthority) { $message .= sprintf("%s: %s\n", $authorityIndex, $invalidAuthority); } } throw new Exception($message); } $this->assign('authenticationAuthorities', $authenticationAuthorities); $this->assign('allowRemainLoggedIn', $allowRemainLoggedIn); if ($forgetPasswordURL = $this->getOptionalModuleVar('FORGET_PASSWORD_URL')) { $this->assign('FORGET_PASSWORD_URL', $this->buildBreadcrumbURL('forgotpassword', array())); } $multipleAuthorities = count($authenticationAuthorities['direct']) + count($authenticationAuthorities['indirect']) > 1; switch ($this->page) { case 'logoutConfirm': $authorityIndex = $this->getArg('authority'); if (!$this->isLoggedIn($authorityIndex)) { $this->redirectTo('index', array()); } elseif ($user = $this->getUser($authorityIndex)) { $authority = $user->getAuthenticationAuthority(); $this->assign('message', sprintf("You are signed in to %s %s as %s", Kurogo::getSiteString('SITE_NAME'), $multipleAuthorities ? "(using ". $authority->getAuthorityTitle() . ")" : '', $user->getFullName())); $this->assign('url', $this->buildURL('logout', array('authority'=>$authorityIndex))); $this->assign('linkText', 'Sign out'); $this->setTemplatePage('message'); } else { $this->redirectTo('index', array()); } break; case 'logout': $authorityIndex = $this->getArg('authority'); $hard = $this->getArg('hard', false); if (!$this->isLoggedIn($authorityIndex)) { $this->redirectTo('index', array()); } elseif ($authority = AuthenticationAuthority::getAuthenticationAuthority($authorityIndex)) { $result = $session->logout($authority, $hard); } else { $this->redirectTo('index', array()); } if ($result) { if ($this->isLoggedIn()) { $this->redirectTo('index', array('logout'=>$authorityIndex)); } else { $this->redirectToModule('home','',array('logout'=>$authorityIndex)); } } else { $this->setTemplatePage('message'); $this->assign('message', 'Sign out failed'); } break; case 'forgotpassword': if ($forgetPasswordURL = $this->getOptionalModuleVar('FORGET_PASSWORD_URL')) { header("Location: $forgetPasswordURL"); exit(); } else { $this->redirectTo('index', array()); } break; case 'login': $login = $this->argVal($_POST, 'loginUser', ''); $password = $this->argVal($_POST, 'loginPassword', ''); $options = array( 'url'=>$url, 'remainLoggedIn'=>$remainLoggedIn ); $session = $this->getSession(); $session->setRemainLoggedIn($remainLoggedIn); $authorityIndex = $this->getArg('authority', ''); if (!$authorityData = AuthenticationAuthority::getAuthenticationAuthorityData($authorityIndex)) { $this->redirectTo('index', $options); } if ($this->isLoggedIn($authorityIndex)) { $this->redirectTo('index', $options); } $this->assign('authority', $authorityIndex); $this->assign('remainLoggedIn', $remainLoggedIn); $this->assign('authorityTitle', $authorityData['TITLE']); if ($authorityData['USER_LOGIN']=='FORM' && empty($login)) { break; } elseif ($authority = AuthenticationAuthority::getAuthenticationAuthority($authorityIndex)) { $authority->setDebugMode(Kurogo::getSiteVar('DATA_DEBUG')); $result = $authority->login($login, $password, $session, $options); } else { $this->redirectTo('index', $options); } switch ($result) { case AUTH_OK: if ($url) { header("Location: $url"); exit(); } else { $this->redirectToModule('home','',array('login'=>$authorityIndex)); } break; case AUTH_OAUTH_VERIFY: $this->assign('verifierKey',$authority->getVerifierKey()); $this->setTemplatePage('oauth_verify.tpl'); break; default: if ($authorityData['USER_LOGIN']=='FORM') { $this->assign('message', "We're sorry, but there was a problem with your sign-in. Please check your username and password and try again."); $this->setTemplatePage('index'); } else { $this->redirectTo('index', array_merge( array('message'=>"We're sorry, but there was a problem with your sign-in."), $options)); } } case 'index': if ($message = $this->getArg('message')) { $this->assign('message', $message); } if ($this->isLoggedIn()) { if ($url) { header("Location: $url"); exit(); } if (!$multipleAuthorities) { $user = $this->getUser(); $this->redirectTo('logoutConfirm', array('authority'=>$user->getAuthenticationAuthorityIndex())); } $sessionUsers = $session->getUsers(); $users = array(); foreach ($sessionUsers as $authorityIndex=>$user) { $authority = $user->getAuthenticationAuthority(); $users[] = array( 'class'=>$authority->getAuthorityClass(), 'title'=>count($sessionUsers)>1 ? $authority->getAuthorityTitle() . " as " . $user->getFullName() : 'Sign out', 'subtitle'=>count($sessionUsers)>1 ? 'Sign out' : '', 'url' =>$this->buildBreadcrumbURL('logout', array('authority'=>$authorityIndex), false) ); if (isset($authenticationAuthorities['direct'][$authorityIndex])) { unset($authenticationAuthorities['direct'][$authorityIndex]); } if (isset($authenticationAuthorities['indirect'][$authorityIndex])) { unset($authenticationAuthorities['indirect'][$authorityIndex]); } } $this->assign('users', $users); $this->assign('authenticationAuthorities', $authenticationAuthorities); $this->assign('moreAuthorities', count($authenticationAuthorities['direct']) + count($authenticationAuthorities['indirect'])); $this->setTemplatePage('loggedin'); } else { if (!$multipleAuthorities && count($authenticationAuthorities['direct'])) { $this->redirectTo('login', array('authority'=>AuthenticationAuthority::getDefaultAuthenticationAuthorityIndex())); } $this->assign('multipleAuthorities', $multipleAuthorities); } break; } }
protected function initializeForPage() { if (!$this->getSiteVar('AUTHENTICATION_ENABLED')) { throw new Exception("Authentication is not enabled on this site"); } $url = $this->getArg('url', ''); //return url $this->assign('url', $url); $session = $this->getSession(); $authenticationAuthorities = array(); $authenticationAuthorityLinks = array(); foreach (AuthenticationAuthority::getDefinedAuthenticationAuthorities() as $authorityIndex=>$authorityData) { $USER_LOGIN = $this->argVal($authorityData, 'USER_LOGIN', 'NONE'); if ($USER_LOGIN=='FORM') { $authenticationAuthorities[$authorityIndex] = $authorityData; } elseif ($USER_LOGIN=='LINK') { $authorityData['LINK'] = $this->buildBreadcrumbURL('login', array( 'url'=>$url, 'authority'=>$authorityIndex, 'startOver'=>true), false); $authenticationAuthorityLinks[$authorityIndex] = $authorityData; } } if (count($authenticationAuthorities)==0 && count($authenticationAuthorityLinks)==0) { throw new Exception("No authentication authorities have been defined"); } $this->assign('authenticationAuthorities', $authenticationAuthorities); $this->assign('authenticationAuthorityLinks', $authenticationAuthorityLinks); $multipleAuthorities = count($authenticationAuthorities) + count($authenticationAuthorityLinks) > 1; switch ($this->page) { case 'logout': $this->setTemplatePage('message'); if (!$this->isLoggedIn()) { $this->redirectTo('login'); } else { $user = $this->getUser(); $authority = $user->getAuthenticationAuthority(); $authority->logout($this); $this->assign('message', 'Logout Successful'); } break; case 'login': $login = $this->argVal($_POST, 'loginUser', ''); $password = $this->argVal($_POST, 'loginPassword', ''); $authorityIndex = $this->getArg('authority', AuthenticationAuthority::getDefaultAuthenticationAuthorityIndex()); $this->assign('authority', $authorityIndex); if ($this->isLoggedIn()) { $this->redirectTo('index'); } if ($this->argVal($_POST, 'login_submit') && empty($login)) { $this->redirectTo('index'); } if ($authority = AuthenticationAuthority::getAuthenticationAuthority($authorityIndex)) { $result = $authority->login($login, $password, $this); } else { error_log("Invalid authority $authorityIndex"); $this->redirectTo('index'); } switch ($result) { case AUTH_OK: if ($url) { header("Location: $url"); exit(); } $this->setTemplatePage('message'); $this->assign('message', 'Login Successful'); break; case AUTH_FAILED: case AUTH_USER_NOT_FOUND: $this->setTemplatePage('index'); $this->assign('message', 'Login Failed. Please check your login and password'); break; default: $this->setTemplatePage('index'); $this->assign('message', "Login Failed. An unknown error occurred $result"); } break; case 'index': if ($this->isLoggedIn()) { $user = $this->getUser(); $authority = $user->getAuthenticationAuthority(); $this->setTemplatePage('message'); $this->assign('message', sprintf("You are logged in as %s %s", $user->getFullName(), $multipleAuthorities ? '(' . $authority->getAuthorityTitle() . ')' : '')); $this->assign('url', $this->buildURL('logout')); $this->assign('linkText', 'Logout'); } else { $this->assign('loginMessage', $this->getModuleVar('LOGIN_MESSAGE')); $this->assign('loginLabel', $this->getModuleVar('LOGIN_LABEL')); $this->assign('passwordLabel', $this->getModuleVar('PASSWORD_LABEL')); } break; } }
/** * Sees if the given user matches the rule * @param User $user a valid user object * @return mixed, the action if the user matches the rule or false if the rule did not match */ public function evaluateForUser(User $user) { switch ($this->ruleType) { case self::RULE_TYPE_AUTHORITY: /* if the value is all then see if the userID and authority are set and it's a MATCH this will NOT match an anonymous user */ if ($this->ruleValue==self::RULE_VALUE_ALL) { if ($user->getUserID() && $user->getAuthenticationAuthority()) { return $this->ruleAction; } /* Otherwise see if the userID is set and the authority matches the rule value */ } elseif ($user->getUserID() && $user->getAuthenticationAuthorityIndex()==$this->ruleValue) { return $this->ruleAction; } break; case self::RULE_TYPE_USER: /* if the value is all then see if the userID is set this will NOT match an anonymous user */ if ($this->ruleValue==self::RULE_VALUE_ALL) { if ($user->getUserID()) { return $this->ruleAction; } } else { /* user values are specified as AUTHORITY|userID */ $values = explode("|", $this->ruleValue); switch (count($values)) { case 1: $authority = AuthenticationAuthority::getDefaultAuthenticationAuthorityIndex(); $userID = $values[0]; break; case 2: $authority = $values[0]; $userID = $values[1]; break; } /* see if the userID/email and authority match */ if ($user->getAuthenticationAuthorityIndex()==$authority) { /* can match either userID or email */ if ($userID==self::RULE_VALUE_ALL) { if ($user->getUserID()) { return $this->ruleAction; } } else if ($user->getUserID()==$userID || (Validator::isValidEmail($userID) && $user->getEmail()==$userID)) { return $this->ruleAction; } } } break; case self::RULE_TYPE_GROUP: /* Note: a group value of ALL is not valid */ /* group values are specified as AUTHORITY|group */ $values = explode("|", $this->ruleValue); switch (count($values)) { case 1: $authority = AuthenticationAuthority::getDefaultAuthenticationAuthorityIndex(); $group = $values[0]; break; case 2: $authority = $values[0]; $group = $values[1]; break; } /* attempt to load the authority, then get the group */ if ($authority = AuthenticationAuthority::getAuthenticationAuthority($authority)) { if ($group = $authority->getGroup($group)) { /* see if the user is a member of the group */ if ($group->userIsMember($user)) { return $this->ruleAction; } } } break; case self::RULE_TYPE_EVERYONE: /* always matches */ return $this->ruleAction; break; } return false; }