public function checkPassword($login, $pass, $seed)
{
require_once AJXP_INSTALL_PATH . "/" . AJXP_PLUGINS_FOLDER . "/access.smb/smb.php";
$_SESSION["AJXP_SESSION_REMOTE_PASS"] = $pass;
$repoId = $this->options["REPOSITORY_ID"];
$repoObject = ConfService::getRepositoryById($repoId);
if (!isset($repoObject)) {
throw new Exception("Cannot find repository with id " . $repoId);
}
$path = "";
$basePath = $repoObject->getOption("PATH", true);
$basePath = str_replace("AJXP_USER", $login, $basePath);
$host = $repoObject->getOption("HOST");
$url = "smb://{$login}:{$pass}@" . $host . "/" . $basePath . "/";
try {
if (!is_dir($url)) {
$this->logDebug("SMB Login failure");
$_SESSION["AJXP_SESSION_REMOTE_PASS"] = '';
unset($_SESSION["COUNT"]);
unset($_SESSION["disk"]);
return false;
}
AJXP_Safe::storeCredentials($login, $pass);
} catch (Exception $e) {
return false;
}
return true;
}
public function authenticate(Sabre\DAV\Server $server, $realm)
{
//AJXP_Logger::debug("Try authentication on $realm", $server);
try {
$success = parent::authenticate($server, $realm);
} catch (Exception $e) {
$success = 0;
$errmsg = $e->getMessage();
if ($errmsg != "No digest authentication headers were found") {
$success = false;
}
}
if ($success) {
$res = AuthService::logUser($this->currentUser, null, true);
if ($res < 1) {
throw new Sabre\DAV\Exception\NotAuthenticated();
}
$this->updateCurrentUserRights(AuthService::getLoggedUser());
if (ConfService::getCoreConf("SESSION_SET_CREDENTIALS", "auth")) {
$webdavData = AuthService::getLoggedUser()->getPref("AJXP_WEBDAV_DATA");
AJXP_Safe::storeCredentials($this->currentUser, $this->_decodePassword($webdavData["PASS"], $this->currentUser));
}
} else {
if ($success === false) {
AJXP_Logger::warning(__CLASS__, "Login failed", array("user" => $this->currentUser, "error" => "Invalid WebDAV user or password"));
}
throw new Sabre\DAV\Exception\NotAuthenticated($errmsg);
}
ConfService::switchRootDir($this->repositoryId);
return true;
}
public function authenticate(Sabre\DAV\Server $server, $realm)
{
//AJXP_Logger::debug("Try authentication on $realm", $server);
$success = parent::authenticate($server, $realm);
if ($success) {
$res = AuthService::logUser($this->currentUser, null, true);
if ($res < 1) {
throw new Sabre\DAV\Exception\NotAuthenticated();
}
$this->updateCurrentUserRights(AuthService::getLoggedUser());
if (ConfService::getCoreConf("SESSION_SET_CREDENTIALS", "auth")) {
$webdavData = AuthService::getLoggedUser()->getPref("AJXP_WEBDAV_DATA");
AJXP_Safe::storeCredentials($this->currentUser, $this->_decodePassword($webdavData["PASS"], $this->currentUser));
}
}
if ($success === false) {
throw new Sabre\DAV\Exception\NotAuthenticated();
}
ConfService::switchRootDir($this->repositoryId);
return true;
}
public function checkPassword($login, $password, $seed)
{
//Our default value.
$passwordVerified = false;
try {
//Send the request.
$result = $this->apiCall('POST', 'session', array("login" => $login, "password" => $password));
//Check the returned status.
switch ($result->status) {
//Proper login.
case 201:
//Check the user is not blocked.
if ($result->body->state !== 'active') {
AJXP_Logger::warning(__CLASS__ . '.checkPassword.201', 'Blocked user attempted login [' . $login . ']', "");
} else {
$passwordVerified = true;
AJXP_Safe::storeCredentials($login, $result->body->private_token);
$_SESSION['Auth.GitLab.RemoteAdmin'] = $result->body->is_admin === true;
}
break;
//Proper failure.
//Proper failure.
case 401:
AJXP_Logger::info(__CLASS__ . '.checkPassword.401', 'Not authorized for login [' . $login . ']', "");
break;
//We're not sure.
//We're not sure.
default:
AJXP_Logger::info(__CLASS__ . '.checkPassword.###', 'Unknown status code. ' . var_export($result, true), "");
break;
}
} catch (Exception $e) {
AJXP_Logger::error(__CLASS__ . '.checkPassword.ex', $e->getMessage(), "");
}
return $passwordVerified;
}
public function checkPassword($login, $pass, $seed)
{
$wrapper = new ftpSonWrapper();
$repoId = $this->options["REPOSITORY_ID"];
try {
$wrapper->initUrl("ajxp.ftp://" . rawurlencode($login) . ":" . rawurlencode($pass) . "@{$repoId}/");
AJXP_Safe::storeCredentials($login, $pass);
} catch (Exception $e) {
return false;
}
return true;
}
/**
* @param array $data
* @param array $options
* @param ShareStore $shareStore
*/
public static function render($data, $options, $shareStore)
{
if (isset($data["SECURITY_MODIFIED"]) && $data["SECURITY_MODIFIED"] === true) {
self::renderError($data, "false");
return;
}
// create driver from $data
$className = $data["DRIVER"] . "AccessDriver";
$u = parse_url($_SERVER["REQUEST_URI"]);
$shortHash = pathinfo(basename($u["path"]), PATHINFO_FILENAME);
// Load language messages
$language = ConfService::getLanguage();
if (isset($_GET["lang"])) {
$language = basename($_GET["lang"]);
}
$messages = array();
if (is_file(dirname(__FILE__) . "/res/i18n/" . $language . ".php")) {
include dirname(__FILE__) . "/res/i18n/" . $language . ".php";
} else {
include dirname(__FILE__) . "/res/i18n/en.php";
}
if (isset($mess)) {
$messages = $mess;
}
$AJXP_LINK_HAS_PASSWORD = false;
$AJXP_LINK_BASENAME = SystemTextEncoding::toUTF8(basename($data["FILE_PATH"]));
AJXP_PluginsService::getInstance()->initActivePlugins();
ConfService::setLanguage($language);
$mess = ConfService::getMessages();
if ($shareStore->isShareExpired($shortHash, $data)) {
self::renderError(array(), $shortHash, $mess["share_center.165"]);
return;
}
$customs = array("title", "legend", "legend_pass", "background_attributes_1", "text_color", "background_color", "textshadow_color");
$images = array("button", "background_1");
$confs = $options;
$confs["CUSTOM_SHAREPAGE_BACKGROUND_ATTRIBUTES_1"] = "background-repeat:repeat;background-position:50% 50%;";
$confs["CUSTOM_SHAREPAGE_BACKGROUND_1"] = "plugins/action.share/res/hi-res/02.jpg";
$confs["CUSTOM_SHAREPAGE_TEXT_COLOR"] = "#ffffff";
$confs["CUSTOM_SHAREPAGE_TEXTSHADOW_COLOR"] = "rgba(0,0,0,5)";
foreach ($customs as $custom) {
$varName = "CUSTOM_SHAREPAGE_" . strtoupper($custom);
${$varName} = $confs[$varName];
}
$dlFolder = realpath(ConfService::getCoreConf("PUBLIC_DOWNLOAD_FOLDER"));
foreach ($images as $custom) {
$varName = "CUSTOM_SHAREPAGE_" . strtoupper($custom);
if (!empty($confs[$varName])) {
if (strpos($confs[$varName], "plugins/") === 0 && is_file(AJXP_INSTALL_PATH . "/" . $confs[$varName])) {
$realFile = AJXP_INSTALL_PATH . "/" . $confs[$varName];
copy($realFile, $dlFolder . "/binary-" . basename($realFile));
${$varName} = "binary-" . basename($realFile);
} else {
${$varName} = "binary-" . $confs[$varName];
if (is_file($dlFolder . "/binary-" . $confs[$varName])) {
continue;
}
$copiedImageName = $dlFolder . "/binary-" . $confs[$varName];
$imgFile = fopen($copiedImageName, "wb");
ConfService::getConfStorageImpl()->loadBinary(array(), $confs[$varName], $imgFile);
fclose($imgFile);
}
}
}
HTMLWriter::charsetHeader();
// Check password
if (strlen($data["PASSWORD"])) {
if (!isset($_POST['password']) || $_POST['password'] != $data["PASSWORD"]) {
$AJXP_LINK_HAS_PASSWORD = true;
$AJXP_LINK_WRONG_PASSWORD = isset($_POST['password']) && $_POST['password'] != $data["PASSWORD"];
include AJXP_INSTALL_PATH . "/plugins/action.share/res/public_links.php";
$res = '<div style="position: absolute;z-index: 10000; bottom: 0; right: 0; color: #666;font-family: HelveticaNeue-Light,Helvetica Neue Light,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size: 13px;text-align: right;padding: 6px; line-height: 20px;text-shadow: 0px 1px 0px white;" class="no_select_bg"><br>Build your own box with Pydio : <a style="color: #000000;" target="_blank" href="http://pyd.io/">http://pyd.io/</a><br/>Community - Free non supported version © C. du Jeu 2008-2014 </div>';
AJXP_Controller::applyHook("tpl.filter_html", array(&$res));
echo $res;
return;
}
} else {
if (!isset($_GET["dl"])) {
include AJXP_INSTALL_PATH . "/plugins/action.share/res/public_links.php";
$res = '<div style="position: absolute;z-index: 10000; bottom: 0; right: 0; color: #666;font-family: HelveticaNeue-Light,Helvetica Neue Light,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size: 13px;text-align: right;padding: 6px; line-height: 20px;text-shadow: 0px 1px 0px white;" class="no_select_bg"><br>Build your own box with Pydio : <a style="color: #000000;" target="_blank" href="http://pyd.io/">http://pyd.io/</a><br/>Community - Free non supported version © C. du Jeu 2008-2014 </div>';
AJXP_Controller::applyHook("tpl.filter_html", array(&$res));
echo $res;
return;
}
}
$filePath = AJXP_INSTALL_PATH . "/plugins/access." . $data["DRIVER"] . "/class." . $className . ".php";
if (!is_file($filePath)) {
die("Warning, cannot find driver for conf storage! ({$className}, {$filePath})");
}
require_once $filePath;
$driver = new $className($data["PLUGIN_ID"], $data["BASE_DIR"]);
$driver->loadManifest();
//$hash = md5(serialize($data));
$shareStore->incrementDownloadCounter($shortHash);
//AuthService::logUser($data["OWNER_ID"], "", true);
AuthService::logTemporaryUser($data["OWNER_ID"], $shortHash);
if (isset($data["SAFE_USER"]) && isset($data["SAFE_PASS"])) {
// FORCE SESSION MODE
AJXP_Safe::getInstance()->forceSessionCredentialsUsage();
AJXP_Safe::storeCredentials($data["SAFE_USER"], $data["SAFE_PASS"]);
}
$repoObject = $data["REPOSITORY"];
ConfService::switchRootDir($repoObject->getId());
ConfService::loadRepositoryDriver();
AJXP_PluginsService::getInstance()->initActivePlugins();
try {
$params = array("file" => SystemTextEncoding::toUTF8($data["FILE_PATH"]));
if (isset($data["PLUGINS_DATA"])) {
$params["PLUGINS_DATA"] = $data["PLUGINS_DATA"];
}
if (isset($_GET["ct"]) && $_GET["ct"] == "true") {
$mime = pathinfo($params["file"], PATHINFO_EXTENSION);
$editors = AJXP_PluginsService::searchAllManifests("//editor[contains(@mimes,'{$mime}') and @previewProvider='true']", "node", true, true, false);
if (count($editors)) {
foreach ($editors as $editor) {
$xPath = new DOMXPath($editor->ownerDocument);
$callbacks = $xPath->query("//action[@contentTypedProvider]", $editor);
if ($callbacks->length) {
$data["ACTION"] = $callbacks->item(0)->getAttribute("name");
if ($data["ACTION"] == "audio_proxy") {
$params["file"] = base64_encode($params["file"]);
}
break;
}
}
}
}
AJXP_Controller::findActionAndApply($data["ACTION"], $params, null);
register_shutdown_function(array("AuthService", "clearTemporaryUser"), $shortHash);
} catch (Exception $e) {
AuthService::clearTemporaryUser($shortHash);
die($e->getMessage());
}
}
/**
* Log the user from its credentials
* @static
* @param string $user_id The user id
* @param string $pwd The password
* @param bool $bypass_pwd Ignore password or not
* @param bool $cookieLogin Is it a logging from the remember me cookie?
* @param string $returnSeed The unique seed
* @return int
*/
static function logUser($user_id, $pwd, $bypass_pwd = false, $cookieLogin = false, $returnSeed = "")
{
$user_id = self::filterUserSensitivity($user_id);
if ($cookieLogin && !isset($_COOKIE["AjaXplorer-remember"])) {
return -5;
// SILENT IGNORE
}
if ($cookieLogin) {
list($user_id, $pwd) = explode(":", $_COOKIE["AjaXplorer-remember"]);
}
$confDriver = ConfService::getConfStorageImpl();
if ($user_id == null) {
if (isset($_SESSION["AJXP_USER"]) && is_object($_SESSION["AJXP_USER"])) {
return 1;
}
if (ConfService::getCoreConf("ALLOW_GUEST_BROWSING", "auth")) {
$authDriver = ConfService::getAuthDriverImpl();
if (!$authDriver->userExists("guest")) {
AuthService::createUser("guest", "");
$guest = $confDriver->createUserObject("guest");
$guest->save("superuser");
}
AuthService::logUser("guest", null);
return 1;
}
return 0;
}
$authDriver = ConfService::getAuthDriverImpl();
// CHECK USER PASSWORD HERE!
$loginAttempt = AuthService::getBruteForceLoginArray();
$bruteForceLogin = AuthService::checkBruteForceLogin($loginAttempt);
AuthService::setBruteForceLoginArray($loginAttempt);
if (!$authDriver->userExists($user_id)) {
if ($bruteForceLogin === FALSE) {
return -4;
} else {
return 0;
}
}
if (!$bypass_pwd) {
if (!AuthService::checkPassword($user_id, $pwd, $cookieLogin, $returnSeed)) {
if ($bruteForceLogin === FALSE) {
return -4;
} else {
if ($cookieLogin) {
return -5;
}
return -1;
}
}
}
// Successful login attempt
unset($loginAttempt[$_SERVER["REMOTE_ADDR"]]);
AuthService::setBruteForceLoginArray($loginAttempt);
// Setting session credentials if asked in config
if (ConfService::getCoreConf("SESSION_SET_CREDENTIALS", "auth")) {
list($authId, $authPwd) = $authDriver->filterCredentials($user_id, $pwd);
AJXP_Safe::storeCredentials($authId, $authPwd);
}
$user = $confDriver->createUserObject($user_id);
if ($authDriver->isAjxpAdmin($user_id)) {
$user->setAdmin(true);
}
if ($user->isAdmin()) {
$user = AuthService::updateAdminRights($user);
} else {
if (!$user->hasParent() && $user_id != "guest") {
//$user->setRight("ajxp_shared", "rw");
}
}
$_SESSION["AJXP_USER"] = $user;
if ($authDriver->autoCreateUser() && !$user->storageExists()) {
$user->save("superuser");
// make sure update rights now
}
AJXP_Logger::logAction("Log In");
return 1;
}
function tryToLogUser(&$httpVars, $isLast = false)
{
if (isset($_SESSION["CURRENT_MINISITE"])) {
return false;
}
$this->loadConfig();
if (isset($_SESSION['AUTHENTICATE_BY_CAS'])) {
$flag = $_SESSION['AUTHENTICATE_BY_CAS'];
} else {
$flag = 0;
}
$pgtIou = !empty($httpVars['pgtIou']);
$logged = isset($_SESSION['LOGGED_IN_BY_CAS']);
$enre = !empty($httpVars['put_action_enable_redirect']);
$ticket = !empty($httpVars['ticket']);
$pgt = !empty($_SESSION['phpCAS']['pgt']);
$clientModeTicketPendding = isset($_SESSION['AUTHENTICATE_BY_CAS_CLIENT_MOD_TICKET_PENDDING']);
if ($this->cas_modify_login_page) {
if ($flag == 0 && $enre && !$logged && !$pgtIou) {
$_SESSION['AUTHENTICATE_BY_CAS'] = 1;
} elseif ($flag == 1 && !$enre && !$logged && !$pgtIou && !$ticket && !$pgt) {
$_SESSION['AUTHENTICATE_BY_CAS'] = 0;
} elseif ($flag == 1 && $enre && !$logged && !$pgtIou) {
$_SESSION['AUTHENTICATE_BY_CAS'] = 1;
} elseif ($pgtIou || $pgt) {
$_SESSION['AUTHENTICATE_BY_CAS'] = 1;
} elseif ($ticket) {
$_SESSION['AUTHENTICATE_BY_CAS'] = 1;
$_SESSION['AUTHENTICATE_BY_CAS_CLIENT_MOD_TICKET_PENDDING'] = 1;
} elseif ($logged && $pgtIou) {
$_SESSION['AUTHENTICATE_BY_CAS'] = 2;
} else {
$_SESSION['AUTHENTICATE_BY_CAS'] = 0;
}
if ($_SESSION['AUTHENTICATE_BY_CAS'] < 1) {
if ($clientModeTicketPendding) {
unset($_SESSION['AUTHENTICATE_BY_CAS_CLIENT_MOD_TICKET_PENDDING']);
} else {
return false;
}
}
}
/**
* Depend on phpCAS mode configuration
*/
switch ($this->cas_mode) {
case PHPCAS_MODE_CLIENT:
if ($this->checkConfigurationForClientMode()) {
AJXP_Logger::info(__FUNCTION__, "Start phpCAS mode Client: ", "sucessfully");
phpCAS::client(CAS_VERSION_2_0, $this->cas_server, $this->cas_port, $this->cas_uri, false);
if (!empty($this->cas_certificate_path)) {
phpCAS::setCasServerCACert($this->cas_certificate_path);
} else {
phpCAS::setNoCasServerValidation();
}
/**
* Debug
*/
if ($this->cas_debug_mode) {
// logfile name by date:
$today = getdate();
$file_path = AJXP_DATA_PATH . '/logs/phpcas_' . $today['year'] . '-' . $today['month'] . '-' . $today['mday'] . '.txt';
empty($this->cas_debug_file) ? $file_path : ($file_path = $this->cas_debug_file);
phpCAS::setDebug($file_path);
}
phpCAS::forceAuthentication();
} else {
AJXP_Logger::error(__FUNCTION__, "Could not start phpCAS mode CLIENT, please verify the configuration", "");
return false;
}
break;
case PHPCAS_MODE_PROXY:
/**
* If in login page, user click on login via CAS, the page will be reload with manuallyredirectocas is set.
* Or force redirect to cas login page even the force redirect is set in configuration of this module
*
*/
if ($this->checkConfigurationForProxyMode()) {
AJXP_Logger::info(__FUNCTION__, "Start phpCAS mode Proxy: ", "sucessfully");
/**
* init phpCAS in mode proxy
*/
phpCAS::proxy(CAS_VERSION_2_0, $this->cas_server, $this->cas_port, $this->cas_uri, false);
if (!empty($this->cas_certificate_path)) {
phpCAS::setCasServerCACert($this->cas_certificate_path);
} else {
phpCAS::setNoCasServerValidation();
}
/**
* Debug
*/
if ($this->cas_debug_mode) {
// logfile name by date:
$today = getdate();
$file_path = AJXP_DATA_PATH . '/logs/phpcas_' . $today['year'] . '-' . $today['month'] . '-' . $today['mday'] . '.txt';
empty($this->cas_debug_file) ? $file_path : ($file_path = $this->cas_debug_file);
phpCAS::setDebug($file_path);
}
if (!empty($this->cas_setFixedCallbackURL)) {
phpCAS::setFixedCallbackURL($this->cas_setFixedCallbackURL);
}
//
/**
* PTG storage
*/
$this->setPTGStorage();
phpCAS::forceAuthentication();
/**
* Get proxy ticket (PT) for SAMBA to authentication at CAS via pam_cas
* In fact, we can use any other service. Of course, it should be enabled in CAS
*
*/
$err_code = null;
$serviceURL = $this->cas_proxied_service;
AJXP_Logger::debug(__FUNCTION__, "Try to get proxy ticket for service: ", $serviceURL);
$res = phpCAS::serviceSMB($serviceURL, $err_code);
if (!empty($res)) {
$_SESSION['PROXYTICKET'] = $res;
AJXP_Logger::info(__FUNCTION__, "Get Proxy ticket successfully ", "");
} else {
AJXP_Logger::info(__FUNCTION__, "Could not get Proxy ticket. ", "");
}
break;
} else {
AJXP_Logger::error(__FUNCTION__, "Could not start phpCAS mode PROXY, please verify the configuration", "");
return false;
}
default:
return false;
break;
}
AJXP_Logger::debug(__FUNCTION__, "Call phpCAS::getUser() after forceAuthentication ", "");
$cas_user = phpCAS::getUser();
if (!AuthService::userExists($cas_user) && $this->is_AutoCreateUser) {
AuthService::createUser($cas_user, openssl_random_pseudo_bytes(20));
}
if (AuthService::userExists($cas_user)) {
$res = AuthService::logUser($cas_user, "", true);
if ($res > 0) {
AJXP_Safe::storeCredentials($cas_user, $_SESSION['PROXYTICKET']);
$_SESSION['LOGGED_IN_BY_CAS'] = true;
if (!empty($this->cas_additional_role)) {
$userObj = ConfService::getConfStorageImpl()->createUserObject($cas_user);
$roles = $userObj->getRoles();
$cas_RoleID = $this->cas_additional_role;
$userObj->addRole(AuthService::getRole($cas_RoleID, true));
AuthService::updateUser($userObj);
}
return true;
}
}
return false;
}
/**
* Log the user from its credentials
* @static
* @param string $user_id The user id
* @param string $pwd The password
* @param bool $bypass_pwd Ignore password or not
* @param bool $cookieLogin Is it a logging from the remember me cookie?
* @param string $returnSeed The unique seed
* @return int
*/
public static function logUser($user_id, $pwd, $bypass_pwd = false, $cookieLogin = false, $returnSeed = "")
{
$user_id = self::filterUserSensitivity($user_id);
if ($cookieLogin && !isset($_COOKIE["AjaXplorer-remember"])) {
return -5;
// SILENT IGNORE
}
if ($cookieLogin) {
list($user_id, $pwd) = explode(":", $_COOKIE["AjaXplorer-remember"]);
}
$confDriver = ConfService::getConfStorageImpl();
if ($user_id == null) {
if (self::$useSession) {
if (isset($_SESSION["AJXP_USER"]) && is_object($_SESSION["AJXP_USER"])) {
/**
* @var AbstractAjxpUser $u
*/
$u = $_SESSION["AJXP_USER"];
if ($u->reloadRolesIfRequired()) {
ConfService::getInstance()->invalidateLoadedRepositories();
self::$bufferedMessage = AJXP_XMLWriter::reloadRepositoryList(false);
$_SESSION["AJXP_USER"] = $u;
}
return 1;
}
} else {
if (isset(self::$currentUser) && is_object(self::$currentUser)) {
return 1;
}
}
if (ConfService::getCoreConf("ALLOW_GUEST_BROWSING", "auth") && !isset($_SESSION["CURRENT_MINISITE"])) {
$authDriver = ConfService::getAuthDriverImpl();
if (!$authDriver->userExists("guest")) {
self::createUser("guest", "");
$guest = $confDriver->createUserObject("guest");
$guest->save("superuser");
}
self::logUser("guest", null);
return 1;
}
return -1;
}
$authDriver = ConfService::getAuthDriverImpl();
// CHECK USER PASSWORD HERE!
$loginAttempt = self::getBruteForceLoginArray();
$bruteForceLogin = self::checkBruteForceLogin($loginAttempt);
self::setBruteForceLoginArray($loginAttempt);
if (!$authDriver->userExists($user_id)) {
AJXP_Logger::warning(__CLASS__, "Login failed", array("user" => AJXP_Utils::sanitize($user_id, AJXP_SANITIZE_EMAILCHARS), "error" => "Invalid user"));
if ($bruteForceLogin === FALSE) {
return -4;
} else {
return -1;
}
}
if (!$bypass_pwd) {
if (!self::checkPassword($user_id, $pwd, $cookieLogin, $returnSeed)) {
AJXP_Logger::warning(__CLASS__, "Login failed", array("user" => AJXP_Utils::sanitize($user_id, AJXP_SANITIZE_EMAILCHARS), "error" => "Invalid password"));
if ($bruteForceLogin === FALSE) {
return -4;
} else {
if ($cookieLogin) {
return -5;
}
return -1;
}
}
}
// Successful login attempt
unset($loginAttempt[$_SERVER["REMOTE_ADDR"]]);
self::setBruteForceLoginArray($loginAttempt);
// Setting session credentials if asked in config
if (ConfService::getCoreConf("SESSION_SET_CREDENTIALS", "auth")) {
list($authId, $authPwd) = $authDriver->filterCredentials($user_id, $pwd);
AJXP_Safe::storeCredentials($authId, $authPwd);
}
$user = $confDriver->createUserObject($user_id);
if ($user->getLock() == "logout") {
AJXP_Logger::warning(__CLASS__, "Login failed", array("user" => AJXP_Utils::sanitize($user_id, AJXP_SANITIZE_EMAILCHARS), "error" => "Locked user"));
return -1;
}
if (AuthService::$useSession && ConfService::getCoreConf("ALLOW_GUEST_BROWSING", "auth")) {
ConfService::getInstance()->invalidateLoadedRepositories();
}
if ($authDriver->isAjxpAdmin($user_id)) {
$user->setAdmin(true);
}
if (self::$useSession) {
$_SESSION["AJXP_USER"] = $user;
} else {
self::$currentUser = $user;
}
if ($user->isAdmin()) {
$user = self::updateAdminRights($user);
self::updateUser($user);
}
if ($authDriver->autoCreateUser() && !$user->storageExists()) {
$user->save("superuser");
// make sure update rights now
}
AJXP_Logger::info(__CLASS__, "Log In", array("context" => self::$useSession ? "WebUI" : "API"));
return 1;
}
public function checkPassword($login, $pass, $seed)
{
if (!defined('SMB4PHP_SMBCLIENT')) {
define('SMB4PHP_SMBCLIENT', $this->options["SMBCLIENT"]);
}
require_once AJXP_INSTALL_PATH . "/" . AJXP_PLUGINS_FOLDER . "/access.smb/smb.php";
$_SESSION["AJXP_SESSION_REMOTE_PASS"] = $pass;
$repoId = $this->options["REPOSITORY_ID"];
$repoObject = ConfService::getRepositoryById($repoId);
if (!isset($repoObject)) {
throw new Exception("Cannot find repository with id " . $repoId);
}
$path = "";
$basePath = $repoObject->getOption("PATH", true);
$basePath = str_replace("AJXP_USER", $login, $basePath);
$host = $repoObject->getOption("HOST");
$domain = $repoObject->getOption("DOMAIN", true);
$smbPath = $repoObject->getOption("PATH", true);
if (!empty($domain)) {
$login = $domain . $login;
}
$strTmp = "{$login}:{$pass}@" . $host . "/" . $basePath . "/";
$strTmp = str_replace("//", "/", $strTmp);
$url = "smbclient://" . $strTmp;
try {
if (!is_dir($url)) {
$this->logDebug("SMB Login failure");
$_SESSION["AJXP_SESSION_REMOTE_PASS"] = '';
foreach ($_SESSION as $key => $val) {
if (substr($key, -4) === "disk" && substr($key, 0, 4) == "smb_") {
unset($_SESSION[$key]);
}
}
return false;
}
AJXP_Safe::storeCredentials($login, $pass);
} catch (Exception $e) {
return false;
}
return true;
}
public function authenticate(Sabre\DAV\Server $server, $realm)
{
$auth = new Sabre\HTTP\BasicAuth();
$auth->setHTTPRequest($server->httpRequest);
$auth->setHTTPResponse($server->httpResponse);
$auth->setRealm($realm);
$userpass = $auth->getUserPass();
if (!$userpass) {
$auth->requireLogin();
throw new Sabre\DAV\Exception\NotAuthenticated('No basic authentication headers were found');
}
// Authenticates the user
//AJXP_Logger::info(__CLASS__,"authenticate",$userpass[0]);
$confDriver = ConfService::getConfStorageImpl();
$userObject = $confDriver->createUserObject($userpass[0]);
$webdavData = $userObject->getPref("AJXP_WEBDAV_DATA");
if (empty($webdavData) || !isset($webdavData["ACTIVE"]) || $webdavData["ACTIVE"] !== true) {
AJXP_Logger::warning(__CLASS__, "Login failed", array("user" => $userpass[0], "error" => "WebDAV user not found or disabled"));
throw new Sabre\DAV\Exception\NotAuthenticated();
}
// check if there are cached credentials. prevents excessive authentication calls to external
// auth mechanism.
$cachedPasswordValid = 0;
$secret = defined("AJXP_SECRET_KEY") ? AJXP_SECRET_KEY : "CDAFx¨op#";
$encryptedPass = md5($userpass[1] . $secret . date('YmdHi'));
if (isset($webdavData["TMP_PASS"]) && $encryptedPass == $webdavData["TMP_PASS"]) {
$cachedPasswordValid = true;
//AJXP_Logger::debug("Using Cached Password");
}
if (!$cachedPasswordValid && !$this->validateUserPass($userpass[0], $userpass[1])) {
AJXP_Logger::warning(__CLASS__, "Login failed", array("user" => $userpass[0], "error" => "Invalid WebDAV user or password"));
$auth->requireLogin();
throw new Sabre\DAV\Exception\NotAuthenticated('Username or password does not match');
}
$this->currentUser = $userpass[0];
$res = AuthService::logUser($this->currentUser, $userpass[1], true);
if ($res < 1) {
throw new Sabre\DAV\Exception\NotAuthenticated();
}
$this->updateCurrentUserRights(AuthService::getLoggedUser());
if (ConfService::getCoreConf("SESSION_SET_CREDENTIALS", "auth")) {
AJXP_Safe::storeCredentials($this->currentUser, $userpass[1]);
}
if (isset($this->repositoryId) && ConfService::getRepositoryById($this->repositoryId)->getOption("AJXP_WEBDAV_DISABLED") === true) {
throw new Sabre\DAV\Exception\NotAuthenticated('You are not allowed to access this workspace');
}
ConfService::switchRootDir($this->repositoryId);
// the method used here will invalidate the cached password every minute on the minute
if (!$cachedPasswordValid) {
$webdavData["TMP_PASS"] = $encryptedPass;
$userObject->setPref("AJXP_WEBDAV_DATA", $webdavData);
$userObject->save("user");
AuthService::updateUser($userObject);
}
return true;
}
protected function _performAuthentication($data, $method = "BASIC")
{
if (!AuthService::userExists($data->username)) {
AJXP_Logger::debug("not exists! " . $data->username);
return false;
}
$confDriver = ConfService::getConfStorageImpl();
$user = $confDriver->createUserObject($data->username);
$webdavData = $user->getPref("AJXP_WEBDAV_DATA");
if (empty($webdavData) || !isset($webdavData["ACTIVE"]) || $webdavData["ACTIVE"] !== true || !isset($webdavData["PASS"])) {
return false;
}
//$webdavData = array("PASS" => $this->_encodePassword("admin", "admin"));
$passCheck = false;
if ($method == "BASIC") {
if ($this->_decodePassword($webdavData["PASS"], $data->username) == $data->password) {
$passCheck = true;
}
} else {
if ($method == "DIGEST") {
$passCheck = $this->checkDigest($data, $this->_decodePassword($webdavData["PASS"], $data->username));
}
}
if ($passCheck) {
AuthService::logUser($data->username, null, true);
$res = $this->updateCurrentUserRights(AuthService::getLoggedUser());
if ($res === false) {
return false;
}
if (ConfService::getCoreConf("SESSION_SET_CREDENTIALS", "auth")) {
AJXP_Safe::storeCredentials($data->username, $this->_decodePassword($webdavData["PASS"], $data->username));
}
return true;
} else {
return false;
}
}
/**
* @static
* @param Array $data
* @return void
*/
static function loadPubliclet($data)
{
// create driver from $data
$className = $data["DRIVER"] . "AccessDriver";
$hash = md5(serialize($data));
if ($data["EXPIRE_TIME"] && time() > $data["EXPIRE_TIME"] || $data["DOWNLOAD_LIMIT"] && $data["DOWNLOAD_LIMIT"] > 0 && $data["DOWNLOAD_LIMIT"] <= PublicletCounter::getCount($hash)) {
// Remove the publiclet, it's done
if (strstr(realpath($_SERVER["SCRIPT_FILENAME"]), realpath(ConfService::getCoreConf("PUBLIC_DOWNLOAD_FOLDER"))) !== FALSE) {
PublicletCounter::delete($hash);
unlink($_SERVER["SCRIPT_FILENAME"]);
}
echo "Link is expired, sorry.";
exit;
}
// Load language messages
$language = "en";
if (isset($_GET["lang"])) {
$language = $_GET["lang"];
}
$messages = array();
if (is_file(dirname(__FILE__) . "/res/i18n/" . $language . ".php")) {
include dirname(__FILE__) . "/res/i18n/" . $language . ".php";
$messages = $mess;
} else {
include dirname(__FILE__) . "/res/i18n/en.php";
}
$AJXP_LINK_HAS_PASSWORD = false;
$AJXP_LINK_BASENAME = SystemTextEncoding::toUTF8(basename($data["FILE_PATH"]));
// Check password
if (strlen($data["PASSWORD"])) {
if (!isset($_POST['password']) || $_POST['password'] != $data["PASSWORD"]) {
$AJXP_LINK_HAS_PASSWORD = true;
$AJXP_LINK_WRONG_PASSWORD = isset($_POST['password']) && $_POST['password'] != $data["PASSWORD"];
include AJXP_INSTALL_PATH . "/plugins/action.share/res/public_links.php";
return;
}
} else {
if (!isset($_GET["dl"])) {
include AJXP_INSTALL_PATH . "/plugins/action.share/res/public_links.php";
return;
}
}
$filePath = AJXP_INSTALL_PATH . "/plugins/access." . $data["DRIVER"] . "/class." . $className . ".php";
if (!is_file($filePath)) {
die("Warning, cannot find driver for conf storage! ({$className}, {$filePath})");
}
require_once $filePath;
$driver = new $className($data["PLUGIN_ID"], $data["BASE_DIR"]);
$driver->loadManifest();
$hash = md5(serialize($data));
PublicletCounter::increment($hash);
AuthService::logUser($data["OWNER_ID"], "", true);
if ($driver->hasMixin("credentials_consumer") && isset($data["SAFE_USER"]) && isset($data["SAFE_PASS"])) {
// FORCE SESSION MODE
AJXP_Safe::getInstance()->forceSessionCredentialsUsage();
AJXP_Safe::storeCredentials($data["SAFE_USER"], $data["SAFE_PASS"]);
}
$repoObject = $data["REPOSITORY"];
ConfService::switchRootDir($repoObject->getId());
ConfService::loadRepositoryDriver();
ConfService::initActivePlugins();
try {
$params = array("file" => SystemTextEncoding::toUTF8($data["FILE_PATH"]));
if (isset($data["PLUGINS_DATA"])) {
$params["PLUGINS_DATA"] = $data["PLUGINS_DATA"];
}
AJXP_Controller::findActionAndApply($data["ACTION"], $params, null);
} catch (Exception $e) {
die($e->getMessage());
}
}
