/** * Used to vaidate a user's credentials. (uname, pass) * @param array $creds the uname and password passed in as an array. * @return bool */ function validateCredentials($creds) { $pwent = posix_getpwnam(strtolower($creds['uname'])); if ($pwent == false) { API::Error("Invalid Username/Password"); } $cryptpw = crypt($creds['password'], $pwent['passwd']); if ($cryptpw == $pwent['passwd']) { API::DEBUG("[Auth_NIS::validateCredentials] returning TRUE", 8); $_SESSION['authed_user'] = $pwent['uid']; $this->authed_user = $pwent['uid']; $names = explode(" ", $pwent['gecos'], 2); $names['fname'] = $names[0]; $names['lname'] = $names[1]; unset($names[1]); unset($names[0]); $prefs = new Prefs(); if ($prefs->checkUID($this->authed_user, $this->config->prefs_auto, NULL, $names)) { return TRUE; } else { API::Error("Username Not Valid in system. Error: 3304"); } } return FALSE; }
/** * checks the input for validity according to what should be in the table * returning an array of errors or NULL if no errors occur. * NOTE: This function may modify it's argument. * *@access public *@param array $data the array of data to check *@return array */ public function check_input(&$data) { $errors = array(); if ($this->action != 'edit') { /* if(preg_match('/![a-zA-Z0-9.-_]/', $data['uname'])) { $errors[] = "Invalid User Name!"; } $this->where_clause(new WhereClause('uname', $data['uname'])); if($this->getAll() != NULL) { $errors[] = "Username already exists!."; } if(strlen($data['uname']) > 32) { $errors[] = "Username too long!"; }*/ } $security_violation = false; if ($this->action == 'edit') { if (isset($data['set_perms'])) { if (!self::$CertisInst->Perms->checkPerm($this->authed_user, 'perms_admin')) { $errors[] = "You do not have permissions to change permissions."; $security_violation = true; error_log("[Prefs::check_input()] Security Violation (perms_admin) ERR_SEC. "); } } elseif ($data['uid'] != $this->authed_user) { if (!self::$CertisInst->Perms->checkPerm($this->authed_user, 'user_admin')) { $errors[] = "You do not have permissions to change other user's info."; $security_violation = true; error_log("[Prefs::check_input()] Security Violation (user_admin) ERR_SEC. "); } } } if (count($errors) > 0) { // slightly different redirect here, because security issues redirect // us to index. if ($security_violation === TRUE) { // security violation, log some info. error_log(" - IP " . $_SERVER['REMOTE_ADDR']); error_log(" - user " . $this->authed_user); error_log(" - session destroyed.(ERR_SEC_DESTROY)"); // effectively log off the user $_SESSION['authed_user'] = NULL; $this->authed_user = NULL; // set display messages to the user. API::Error($errors); // redirect them to the home page. API::Redirect("/"); } return $errors; } else { return NULL; } }
public function loginAction() { if (isset($_POST['login'])) { $creds = array(); $creds['uname'] = $_POST['uname']; $creds['password'] = md5($_POST['password']); if ($this->_model->validateCredentials($creds)) { API::Redirect("/"); } else { API::Error("Invalid Username/Passord for login."); } } $this->addModuleTemplate('auth', 'login_frm'); }
public function loginAction() { if (isset($_POST['login'])) { $creds = array(); $creds['uname'] = $_POST['uname']; $creds['password'] = $_POST['password']; if ($this->_model->validateCredentials($creds)) { API::DEBUG("[Auth_LDAPController::loginAction] PHPSESSID = " . session_id(), 8); API::Redirect("/"); } else { API::Error("Invalid Username/Password"); } } API::DEBUG("[Auth_LDAPController::loginAction] adding login form to template stack"); $this->addModuleTemplate(strtolower(self::$config->auth_class), 'login_frm'); }
/** * default action processing new requests passed in from the display action. Does * not use a template. Uses the 'set_data' function on the model object of the implementing * class to do data verification. * * @return none */ public function newAction() { # process the new entry form. # check the post data and filter it. if (isset($_POST['cancel'])) { API::Redirect(API::printUrl($this->_redirect)); } $input_check = $this->_model->check_input($_POST); if (is_array($input_check)) { API::Error($input_check); // redirect to index and displayed an error there. API::redirect(API::printUrl($this->_redirect)); } // all hooks will stack their errors onto the API::Error stack // but WILL NOT redirect. API::callHooks(self::$module, 'validate', 'controller', $_POST); if (API::hasErrors()) { API::redirect(API::printUrl($this->_redirect)); } // set the id into the post var for any hooks. $_POST['id'] = $this->_model->set_data($_POST, TRUE); // auto call the hooks for this module/action API::callHooks(self::$module, 'save', 'controller', $_POST); if (isset($this->params['redir'])) { API::Redirect($this->params['redir']); } API::redirect(API::printUrl($this->_redirect)); }
// only run this code if the class specified in config // for authentication is present. And if the request // coming in is not for the auth_class module itself. // The second part keeps things from going crazy. if (class_exists($CertisInst->config->auth_class) && $CertisInst->module != strtolower($CertisInst->config->auth_class)) { // include the authentication module's controller.php file include _SYSTEM_ . "/modules/" . strtolower($CertisInst->config->auth_class) . "/controller.php"; // instantiate the auth controller class $classname = $CertisInst->config->auth_class . "Controller"; $auth_controller = new $classname(); $auth_controller->authCheckAction(); } if (!class_exists($CertisInst->config->auth_class)) { $CertisInst->module = ''; $CertisInst->action = 'error'; API::Error('FATAL ERROR: Unable to find Authentication Class'); } } API::DEBUG("[__SYSTEM__] index.php: authentication check done."); $controller = null; if (!empty($CertisInst->module)) { if (preg_match("/\\.\\./", $CertisInst->module)) { error_log("[index.php] FATAL ERROR! SOMEONE TRIED TO ESCAPE! " . $CertisInst->module); print "UNAUTHORIZED!!!!!!"; exit(1); } // first check to see if the module exists. if (!file_exists(_SYSTEM_ . "/modules/" . $CertisInst->module)) { error_log("[index.php] Unable to find requested module: " . $CertisInst->module); API::Redirect("/"); }
/** * Used to vaidate a user's credentials. (uname, password) * @param array $creds the uname and password passed in as an array. * @return bool */ function validateCredentials($creds) { global $conf; if (!$this->_connectLDAP()) { return false; } else { # see if you can find the user $search_res = $this->_searchUser($creds['uname']); if ($search_res != NULL) { if (!is_array($search_res)) { error_log("LDAP - Something went wrong with the LDAP search."); return false; } # get the user attributs $userdn = $search_res[0]; $user_attrs = $search_res[1]; # Bind with old password error_log("UserDN: " . $userdn); $bind = ldap_bind($this->ldap, $userdn, $creds['password']); $errno = ldap_errno($this->ldap); if ($errno == 49 && $ad_mode) { if (ldap_get_option($this->ldap, 0x32, $extended_error)) { error_log("LDAP - Bind user extended_error {$extended_error} (" . ldap_error($this->ldap) . ")"); $extended_error = explode(', ', $extended_error); if (strpos($extended_error[2], '773')) { error_log("LDAP - Bind user password needs to be changed"); $errno = 0; return false; } if (strpos($extended_error[2], '532') and $ad_options['change_expired_password']) { error_log("LDAP - Bind user password is expired"); $errno = 0; return false; } unset($extended_error); } } if ($errno) { error_log("LDAP - Bind user error {$errno} (" . ldap_error($this->ldap) . ")"); return false; } else { // got a good bind, user is valid. Let's populate some stuff $this->authed_user = $user_attrs[$conf->auth_ldap->uid_attr]; $names = array(); $names['fname'] = $user_attrs[$conf->auth_ldap->fname_attr]; $names['lname'] = $user_attrs[$conf->auth_ldap->lname_attr]; $prefs = new Prefs(); if ($prefs->checkUID($this->authed_user, $conf->prefs_auto, NULL, $names)) { $_SESSION['authed_user'] = $this->authed_user; API::Debug("auth_ldap: checkUID passed"); return true; } else { API::Error("Username Not Valid in system. Error: 3304"); } } } } return FALSE; }