/** * Authentication & authorization middleware for routes * * Checks if User is signed in & has required privileges. Otherwise redirects to login page * * @param int $minRole Minimum required User role * * @return callable */ function authForRole($minRole) { return function () use($minRole) { $app = Slim\Slim::getInstance(); $auth = new Auth(); $signedIn = $auth->checkSession(); if (!$signedIn) { $app->flash('error', 'Sign in required'); $app->redirect('/signin'); } else { $user = unserialize($_SESSION['User']); switch ($minRole) { case User::ADMIN: if (in_array($user['role'], [User::ADMIN])) { return; } break; case User::EXTENDED: if (in_array($user['role'], [User::ADMIN, User::EXTENDED])) { return; } break; case User::NORMAL: if (in_array($user['role'], [User::ADMIN, User::EXTENDED, User::NORMAL])) { return; } break; } $app->flash('error', 'You are not authorized to view this page'); $app->redirect('/signin'); } }; }
/** * When visiting any page on the site, check if the user is already logged in, * or they are visiting a page that is allowed when logged out. Otherwise, * redirect to the login page. If visiting the login page, check the browser * supports cookies. */ public function check() { $uri = new URI(); // Skip check when accessing the data services, as it is redundant but would slow the services down. // Also no need to login when running the scheduled tasks. if ($uri->segment(1) == 'services' || $uri->segment(1) == 'scheduled_tasks') { return; } // check for setup request // if ($uri->segment(1) == 'setup_check') { // get kohana paths // $ipaths = Kohana::include_paths(); // check if indicia_setup module folder exists // clearstatcache(); foreach ($ipaths as $path) { if (preg_match("/indicia_setup/", $path) && file_exists($path)) { return; } } } // Always logged in $auth = new Auth(); if (!$auth->logged_in() and !$auth->auto_login() and $uri->segment(1) != 'login' and $uri->segment(1) != 'logout' and $uri->segment(1) != 'new_password' and $uri->segment(1) != 'forgotten_password') { $_SESSION['requested_page'] = $uri->string(); url::redirect('login'); } else { if ($auth->logged_in() and is_null($_SESSION['auth_user']->password) and $uri->segment(1) != 'new_password' and $uri->segment(1) != 'logout' and $uri->segment(1) != 'setup_check') { $_SESSION['requested_page'] = $uri->string(); url::redirect('new_password'); } } }
public function __construct() { parent::__construct(); $this->template->links = array('Home' => 'home', 'Browse' => 'folders', 'Search' => 'search', 'About' => 'about', 'Contact' => 'contact'); $this->db = Database::instance(); // makes database object available to all controllers $this->session = Session::instance(); $authentic = new Auth(); if ($authentic->logged_in() || $authentic->auto_login()) { $this->user = $authentic->get_user(); } else { $this->session->set("requested_url", "/" . url::current()); // this will redirect from the login page back to this page url::redirect('/auth/login'); } // if ($authentic->auto_login()) { // $this->user = $authentic->get_user(); // url::redirect('/document/view/1'); // } // if (!$authentic->logged_in()) { // // $this->session->set("requested_url","/".url::current()); // this will redirect from the login page back to this page // url::redirect('/auth/login'); // } else { // $this->user = $authentic->get_user(); //now you have access to user information stored in the database // } }
public function start() { $authenticator = new Auth(); if ($authenticator->auth()) { $this->startDownload(); } }
/** * Custom validation for this model - complements the default validate() * * @param array array to validate * @param Auth instance of Auth class; used for testing purposes * @return bool TRUE if validation succeeds, FALSE otherwise */ public static function custom_validate(array &$post, Auth $auth = null) { // Initalize validation $post = Validation::factory($post)->pre_filter('trim', TRUE); if ($auth === null) { $auth = new Auth(); } $post->add_rules('username', 'required', 'length[3,100]', 'alpha_numeric'); $post->add_rules('name', 'required', 'length[3,100]'); $post->add_rules('email', 'required', 'email', 'length[4,64]'); // If user id is not specified, check if the username already exists if (empty($post->user_id)) { $post->add_callbacks('username', array('User_Model', 'unique_value_exists')); $post->add_callbacks('email', array('User_Model', 'unique_value_exists')); } // Only check for the password if the user id has been specified if (empty($post->user_id)) { $post->add_rules('password', 'required', 'length[5,50]', 'alpha_numeric'); } // If Password field is not blank if (!empty($post->password) or empty($post->password) and !empty($post->password_again)) { $post->add_rules('password', 'required', 'length[5,50]', 'alpha_numeric', 'matches[password_again]'); } $post->add_rules('role', 'required', 'length[3,30]', 'alpha_numeric'); $post->add_rules('notify', 'between[0,1]'); if (!$auth->logged_in('superadmin')) { $post->add_callbacks('role', array('User_Model', 'prevent_superadmin_modification')); } // Additional validation checks Event::run('ushahidi_action.user_submit_admin', $post); // Return return $post->validate(); }
/** * */ public function Confirm() { $auth = new Auth(); $shop = new ShoppingCart(); $user = $auth->id(); $myShop = $shop->all(); $objDetails = new DetalleCompra(); $total = 0; if (empty($myShop)) { return false; } foreach ($myShop as $key => $val) { $total += $val->precio * $val->cantidad; } $result_insert = $this->create($user, $total); if ($result_insert->success) { foreach ($myShop as $k => $v) { try { $objDetails->create($result_insert->id, $v->id_prod, $v->name, $v->cantidad, $v->precio, $v->talle, $v->color); //$stock = new TempStock(); //echo $stock->removeTempStock($user,$v->id_prod,$v->id_talle,$v->id_color,$v->type); } catch (Exception $e) { echo $e->getMessage(); } } $auth->restPoints($total); $auth->sumConsumed($total); $shop->removeAll(); return true; } }
public function add(Auth $auth) { if ($auth === $this) { die('Fail add!'); } $this->_authList[$auth->getName()] = $auth; }
/** * Gets user authentication token. * * @param email - required - * The email address of the user. * @param password - required - * The password of the user. * @return An Auth object. If the call is successful, the authentication token is set. * If unsuccessful, the object contains the error code and message thrown by the server. */ public function login($email, $password) { $parameters = array('email' => $email, 'password' => $password); $urld = 'dpi/v1/auth'; $headers = array('X-Api-Key' => $this->apiKey); $this->response = $this->restTransportInstance->sendRequest($urld, $parameters, self::HTTP_POST); $responseBody = simplexml_load_string($this->response); $returnObject = new Auth(); if ($responseBody === false) { $errorCode = 'N/A'; $errorMessage = 'The server has encountered an error, please try again.'; $errorObject = new ErrorStatus($errorCode, $errorMessage); $returnObject->setErrorStatus($errorObject); } else { $errorStatus = $responseBody->errorStatus; if (empty($errorStatus)) { $authToken = (string) $responseBody->authToken; $returnObject->setAuthToken($authToken); } else { $errorCode = (string) $responseBody->errorStatus->code; $errorMessage = (string) $responseBody->errorStatus->message; $errorObject = new ErrorStatus($errorCode, $errorMessage); $returnObject->setErrorStatus($errorObject); } } return $returnObject; }
} public function __destruct() { parent::__destruct(); } /** * 转换word文档 */ public function convert() { $app_id = isset($this->input['custom_appid']) ? trim($this->input['custom_appid']) : ''; $app_key = isset($this->input['custom_appkey']) ? trim($this->input['custom_appkey']) : ''; if (empty($app_id) || empty($app_key)) { $this->errorOutput(PARAM_WRONG); } //先验证是否有权限 $auth = new Auth(); $auth_info = $auth->getAccessToken($app_id, $app_key); if (!$auth_info) { $this->errorOutput(NO_AUTH); } //处理上传的word文档 $gGlobalConfig['officeconvert'] = array('host' => '10.0.1.59:8080', 'dir' => 'officeConverter/'); $curl = new curl($gGlobalConfig['officeconvert']['host'], $gGlobalConfig['officeconvert']['dir']); $curl->setSubmitType('post'); $curl->setReturnFormat('str'); $curl->initPostData(); $curl->addFile($_FILES); $curl->addRequestData('custom_appid', $app_id); $curl->addRequestData('custom_appkey', $app_key);
private function run() { if (!empty($this->parts[0])) { $ctrl = $this->parts[0]; if (file_exists("controllers/" . $ctrl . ".php")) { include "controllers/" . $ctrl . ".php"; if (class_exists($ctrl)) { $ctrl_obj = new $ctrl(); if (!empty($this->parts[1])) { $method = $this->parts[1]; if (method_exists($ctrl_obj, $method)) { if (!empty($this->parts[2])) { $params = array_slice($this->parts, 2); call_user_func_array(array($ctrl_obj, $method), $params); } else { $ctrl_obj->{$method}(); } } else { echo "METHOD NOT FOUND!"; } } else { $ctrl_obj->index(); } } else { echo "CLASS NOT FOUND!"; } } else { echo "FILE NOT FOUND!"; } } else { include "controllers/auth.php"; $default_obj = new Auth(); $default_obj->index(); } }
/** * This method try to identicate a user * * @param $params array of options * => login_name : mandatory user name * => login_password : mandatory user password * => other : optionnal values for post action *@param $protocol the communication protocol used * * @return an response ready to be encode * => id of the user * => name of the user * => realname of the user * => firstname of the user * => session : ID of the session for future call **/ static function methodLogin($params, $protocol) { if (isset($params['help'])) { return array('login_name' => 'string,mandatory', 'login_password' => 'string,mandatory', 'help' => 'bool,optional'); } if (!isset($params['login_name']) || empty($params['login_name'])) { return self::Error($protocol, WEBSERVICES_ERROR_MISSINGPARAMETER, '', 'login_name'); } if (!isset($params['login_password']) || empty($params['login_password'])) { return self::Error($protocol, WEBSERVICES_ERROR_MISSINGPARAMETER, '', 'login_password'); } foreach ($params as $name => $value) { switch ($name) { case 'login_name': case 'login_password': break; default: // Store to Session, for post login action (retrieve_more_data_from_ldap, p.e.) $_SESSION[$name] = $value; } } $identificat = new Auth(); if ($identificat->Login($params['login_name'], $params['login_password'], true)) { session_write_close(); return array('id' => Session::getLoginUserID(), 'name' => $_SESSION['glpiname'], 'realname' => $_SESSION['glpirealname'], 'firstname' => $_SESSION['glpifirstname'], 'session' => $_SESSION['valid_id']); } return self::Error($protocol, WEBSERVICES_ERROR_LOGINFAILED, '', Html::clean($identificat->getErr())); }
function authenticationCheck() { $user = new \DB\SQL\Mapper($this->db, 'user'); $auth = new \Auth($user, array('id' => 'name', 'pw' => 'password')); $loginResult = $auth->basic(); return $loginResult; }
/** * Connect using the test user */ protected function login() { $auth = new Auth(); if (!$auth->Login(TU_USER, TU_PASS, true)) { $this->markTestSkipped('No login'); } }
function ShowModifications(&$p, $db_table, $db_id) { global $database; $m_mod = new Modification($database); $m_auth = new Auth($database); $mods = $m_mod->byTableID($db_table, $db_id); if (!false_or_null($mods)) { $data = array(); foreach ($mods as $mod) { $user = $m_auth->Get($mod['r_Auth']); $what = ''; $w = json_decode($mod['What'], true); foreach ($w as $dataset) { foreach ($dataset as $table => $change) { $what .= $table . ' #' . $change['I'] . '\'s ' . $change['F'] . (isset($change['E']) ? ' » ' . $change['E'] : ''); } } $data[] = array($user['username'], $what, $mod['Message'], human_datetime(intval($mod['Timestamp']))); } $table = new TableHelper(array('table' => "table wide", 'thead' => "tablehead", 'th' => "tablehead", 'td' => "tablecell", 'headings' => array('Who', 'What', ' ', 'When'), 'data' => $data)); $p->HTML('<div class="formgroup">'); $p->HTML('<h4>Recent Activity</h4>'); $p->Table($table); $p->HTML('</div>'); } }
/** * Registration */ public function upAction() { if ($this->request->isPost()) { $user = new Users(); $user->login = $this->request->getPost('login', 'string'); $user->password = $this->request->getPost('password', 'string'); $passwordVerify = $this->request->getPost('password-verify', 'string'); if (md5($user->password) !== md5($passwordVerify)) { $this->flashSession->error('Пароли не совпадают'); return; } if (!$user->create()) { $this->flashSession->error(implode("<br/>", $user->getMessages())); return; } $auth = new Auth(); $authSucceed = $auth->authorize($user); if ($authSucceed) { $this->response->redirect(); return; } $this->dispatcher->forward(['controller' => 'sign', 'action' => 'in']); return; } }
public function settings() { include_once ROOT_PATH . 'lib/class/auth.class.php'; $auth = new Auth(); $role_info = $auth->get_role_list(); $this->addItem_withkey('role', $role_info); parent::settings(); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * * @return mixed */ public function handle($request, Closure $next) { $response = $next($request); if ($this->auth->check() && $response instanceof Response) { $response->header('Cache-Control', 'no-cache, max-age=0, must-revalidate, no-store'); } return $response; }
/** * @return Auth|null */ protected function getUser() { if (isset($_SERVER['PHP_AUTH_USER']) and isset($_SERVER['PHP_AUTH_PW'])) { $auth = new Auth(); return $auth->set($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); } return null; }
protected function setUp() { global $DB; $DB->connect(); // Store Max(id) for each glpi tables $result = $DB->list_tables(); while ($data=$DB->fetch_row($result)) { $query = "SELECT MAX(`id`) AS MAXID FROM `".$data[0]."`"; foreach ($DB->request($query) as $row) { $this->tables[$data[0]] = (empty($row['MAXID']) ? 0 : $row['MAXID']); } } $DB->free_result($result); $tab = array(); $auth = new Auth(); // First session $auth->Login('glpi', 'glpi') ; // Create entity tree $entity = new Entity(); $tab['entity'][0] = $entity->add(array('name' => 'PHP Unit root', 'entities_id' => 0)); if (!$tab['entity'][0] // Crash detection || !FieldExists('glpi_profiles','notification') // Schema detection || countElementsInTable('glpi_rules')!=6) { // Old rules if (!$tab['entity'][0]) { echo "Couldn't run test (previous run not cleaned)\n"; } else { echo "Schema need to be updated\n"; } echo "Loading a fresh empty database:"; $DB->runFile(GLPI_ROOT ."/install/mysql/glpi-0.84-empty.sql"); die(" done\nTry again\n"); } $tab['entity'][1] = $entity->add(array('name' => 'PHP Unit Child 1', 'entities_id' => $tab['entity'][0])); $tab['entity'][2] = $entity->add(array('name' => 'PHP Unit Child 2', 'entities_id' => $tab['entity'][0])); $tab['entity'][3] = $entity->add(array('name' => 'PHP Unit Child 2.1', 'entities_id' => $tab['entity'][2])); $tab['entity'][4] = $entity->add(array('name' => 'PHP Unit Child 2.2', 'entities_id' => $tab['entity'][2])); // New session with all the entities $auth->Login('glpi', 'glpi') or die("Login glpi/glpi invalid !\n"); // Shared this with all tests $this->sharedFixture = $tab; }
public function action_logout() { if ($this->_auth->logout()) { $this->_message = __("Logout succeeded"); $this->_user = NULL; } else { $this->_message = __("Couldn't logout"); } }
public function index() { $user = new Auth(); if ($user->isUserLoggedIn()) { $this->viewAdmin('admin/index', ['site_name' => SITE_NAME, 'title' => $this->title, 'description' => 'This is the private administration area of ' . SITE_NAME . '\'s Parish Council']); } else { header('location: http://localhost/test/login'); } }
public function read() { unset($_SESSION["user"]["password"]); $auth = new Auth(); $rules = $auth->getAuthList(getCurrentUid()); // print_r($rules);exit; $data = array("authed" => reIndex($rules), "navs" => $this->makeNav()); $this->response($data); }
public function registerAction() { $Auth = new Auth(); $post = $this->request->getPost(); if (isset($post['username'])) { $Auth->register($post); header('Location:' . Url::getUrl('user', 'login')); } }
/** * @return Auth|null */ public function getUser() { $auth = Session::get($this->session_name); if ($auth) { $a = new Auth(); return $a->set($auth['user'], $auth['password']); } return null; }
public function Obj() { static $auth; if ( !$auth ) { $auth = new Auth(); $auth->Reconcile(); } return $auth; }
function initInstance() { //instance conf $instanceAuth = new Auth($this->instanceDroit); $instanceAuth->auth_deconnexion(); //test si deconnexion //set instance before return $this->setInstance($instanceAuth); return $instanceAuth; }
public function test_setCredentials() { $fs = \Mockery::mock('League\\Flysystem\\Filesystem'); $fs->shouldReceive('read')->with('/tmp/credentials.php')->andReturn('<?php $credentials = "old hash"; ?>')->once(); $fs->shouldReceive('put')->with('/tmp/credentials.php', '/new password hash/')->andReturn(true)->once(); $auth = new Auth($fs, '/tmp/credentials.php'); $this->assertTrue($auth->authenticate('old hash')); $auth->setCredentials('new password hash'); $this->assertTrue($auth->authenticate('new password hash')); }
public function eliminar($id = 0) { $auth = new Auth(); if (!$auth->check(FALSE)) { $this->load->view('panel/login'); } else { $this->configuracion->eliminar($id); $this->session->set_flashdata('message', '<div class="success message">Listo! el registro ha sido eliminado.</div>'); redirect("panel/configuracion/listado"); } }
function api_login($id, $password) { $auth = new Auth(); if (!$auth->login($id, $password)) { $canon_id = api_get_canonical_id($id); if (!$auth->login($canon_id, $password)) { return new XMLRPCFault(1, "Authentication failed: {$id}({$canon_id})"); } } return false; }
public function auth() { $auth = new Auth(); $_SESSION["login"] = $this->data["login"]; $_SESSION["password"] = $this->format->hash($this->data["password"]); if ($auth->checkAdmin($_SESSION["login"], $_SESSION["password"])) { return $this->data["r"]; } else { return $this->sm->message("ERROR_AUTH"); } }