protected function clean($value)
{
if (trim($value) == '') {
$value = NULL;
} else {
$value = GPC::clean($value);
}
return $value;
}
/**
*
* _POST[user][ident]
* _POST[user][password]
* können in Formularen angegeben werden
*
* @throws NoAuthException, NoUserException, WrongPasswordException
*/
public function validate()
{
$cleartextPassword = $password = NULL;
$cookie['ident'] = $cookie['password'] = NULL;
// wegen notice
if (($ident = $this->session->get('user', 'ident')) != '') {
$password = $this->session->get('user', 'password');
} elseif (is_array($cookie = $this->cookieManager->get('login'))) {
$ident = $cookie['ident'];
$password = $cookie['password'];
} elseif (($ident = GPC::POST('ident')) != '') {
$cleartextPassword = GPC::POST('password');
} elseif (isset($_SERVER['PHP_AUTH_USER'])) {
$ident = $_SERVER['PHP_AUTH_USER'];
$cleartextPassword = $_SERVER['PHP_AUTH_PW'];
}
$debugString = $this->debug ? sprintf("\nsession[ident,pw] = '%s','%s'\n" . "cookie[ident,pw] = '%s','%s'\n" . "POST[ident,pw] = '%s','%s'\n" . "HTTP[ident,pw] = '%s','%s'\n", $this->session->get('user', 'ident'), $this->session->get('user', 'password'), $cookie['ident'], $cookie['password'], GPC::POST('ident'), GPC::POST('password'), @$_SERVER['PHP_AUTH_USER'], @$_SERVER['PHP_AUTH_PW']) : NULL;
try {
if (empty($ident) || empty($password) && empty($cleartextPassword)) {
throw new NoAuthException('Es sind keine Credentials angegeben / gespeichert. ' . $debugString);
} else {
/* wir versuchen den User zu laden */
try {
$user = $this->getUserManager()->get($ident);
} catch (NoUserException $e) {
throw $e->setMessage($e->getMessage() . ' ' . $debugString);
}
/* Wir vergleichen das Passwort */
$equals = isset($cleartextPassword) ? $user->passwordEquals($cleartextPassword) : $user->hashedPasswordEquals($password);
if (!$equals) {
throw new WrongPasswordException('Passwort ist nicht korrekt. ' . $debugString);
}
$this->user = $user;
}
} catch (AuthException $e) {
/* failure */
$this->cookieManager->del('login');
$this->reset();
throw $e;
}
}
