Exemple #1
0
function accessLevelForPath($path)
{
    global $config;
    if (!is_dir($config['files'] . $path)) {
        return 2;
    }
    if (!is_file($config['files'] . $path . '/.acl.json')) {
        return 2;
    }
    $acl = file_get_contents($config['files'] . $path . '/.acl.json');
    $acl = json_decode($acl, true);
    // If can't parse ACL, fail just in case.
    if (!$acl) {
        return 0;
    }
    // Username, or empty string if not logged in.
    $username = Auth::getUsername();
    // Note: having write permission implies read permission.
    if (isset($acl['write']) && accessMatch($username, $acl['write'])) {
        return 2;
    }
    if (isset($acl['read']) && accessMatch($username, $acl['read'])) {
        return 1;
    }
    return 0;
}
 /**
  * Return current user id based on session or cookie
  *
  * @return mixed Integer user id or boolean false when user
  *               could not be found or is not logged on.
  */
 public function getCurrentUserId()
 {
     if (!$this->auth) {
         return parent::getCurrentUserId();
     }
     //FIXME: caching?
     $name = $this->auth->getUsername();
     if (!$name) {
         return parent::getCurrentUserId();
     }
     return $this->getIdFromUser($name);
 }
Exemple #3
0
 /**
  * Starts and verifies the PEAR::Auth login process
  *
  * @return boolean true upon success or false on failure
  *
  * @access private
  */
 function readUserData()
 {
     $this->pearAuth->start();
     // If a user was found, read data into class variables and set
     // return value to true
     if (!$this->pearAuth->getAuth()) {
         return null;
     }
     $this->propertyValues['handle'] = $this->pearAuth->getUsername();
     $this->propertyValues['passwd'] = $this->encryptPW($this->pearAuth->password);
     $this->propertyValues['is_active'] = true;
     $this->propertyValues['auth_user_id'] = $this->pearAuth->getUsername();
     $this->propertyValues['lastlogin'] = '';
     return true;
 }
Exemple #4
0
 /**
  * Reads user data from the given data source
  * Starts and verifies the PEAR::Auth login process
  *
  * @param  string user handle
  * @param  string user password
  * @param  bool|int if the user data should be read using the auth user id
  * @return bool true on success or false on failure
  *
  * @access public
  */
 function readUserData($handle = '', $passwd = '', $auth_user_id = false)
 {
     $this->pearAuth->username = $auth_user_id !== false ? $auth_user_id : $handle;
     $this->pearAuth->password = $passwd;
     $this->pearAuth->start();
     if (!$this->pearAuth->getAuth()) {
         return null;
     }
     // User was found, read data into class variables and set return value to true
     $this->propertyValues['auth_user_id'] = $this->pearAuth->getUsername();
     $this->propertyValues['handle'] = $this->pearAuth->getUsername();
     $this->propertyValues['passwd'] = $this->encryptPW($this->pearAuth->password);
     if (!array_key_exists('is_active', $this->tables['users']['fields'])) {
         $this->propertyValues['is_active'] = true;
     }
     if (!array_key_exists('lastlogin', $this->tables['users']['fields'])) {
         $this->propertyValues['lastlogin'] = null;
     }
     return true;
 }
    echo '<form method="post" action="pruebaLogin.php">';
    echo '<input type="submit" name="botonCerrarSesion" value="Cerrar sesión">';
    echo '</form>';
}
function mensajeLogout()
{
    echo '<h1>Ha cerrado sesión</h1>';
}
function mensajeLoginExitoso()
{
    echo '<h1>Ha iniciado sesión</h1>';
}
function mensajeLoginFallido()
{
    echo '<h1>No se pudo iniciar sesión</h1>';
}
$options = array("dsn" => "mysql://*****:*****@localhost/controlacceso", "table" => "usuario", "usernamecol" => "numeroDocumento", "passwordcol" => "password", "cryptType" => "sha1");
$autenticacion = new Auth("MDB2", $options, "formularioLogin");
$autenticacion->setLogoutCallback("mensajeLogout");
$autenticacion->setLoginCallback("mensajeLoginExitoso");
$autenticacion->setFailedLoginCallback("mensajeLoginFallido");
$autenticacion->start();
if ($autenticacion->checkAuth()) {
    if (isset($_POST['botonCerrarSesion'])) {
        $autenticacion->logout();
        $autenticacion->start();
    } else {
        echo '<p>Logueado como: ' . $autenticacion->getUsername() . '</p>';
        formularioLogout();
    }
}
Exemple #6
0
<!-- Produced By Ron Royston, ron@stndip.com -->
<html lang="en">
  <body class="">
    <!-- Uses a header that scrolls with the text, rather than staying locked at the top -->
    <div class="mdl-layout mdl-js-layout mdl-layout--fixed-header">
      <header class="mdl-layout__header mdl-layout__header--scroll mdl-color--white mdl-color--grey-600 ">
        <div class="mdl-layout__header-row">
          <!-- Title -->
          <span class="mdl-layout-title font1 xl">rack!</span>
          <!-- Add spacer, to align navigation to the right -->
          <div class="mdl-layout-spacer"></div>
          <!-- Navigation -->
          <nav class="mdl-navigation">
            <?php 
if ($a->getAuth()) {
    echo "<a class=\"mdl-navigation__link\" href=\"profile\">" . $a->getUsername() . "</a>";
    echo '<a class="mdl-navigation__link" href="includes/logout">logout</a>';
} else {
    echo '<a class="mdl-navigation__link" href="access">Login &#47; Register</a>';
}
?>
            <div class="mdl-textfield mdl-js-textfield mdl-textfield--expandable">
              <label class="mdl-button mdl-js-button mdl-button--icon" for="search">
                <i class="material-icons">search</i>
              </label>
              <div class="mdl-textfield__expandable-holder">
                <input class="mdl-textfield__input" type="text" id="search" />
                <label class="mdl-textfield__label" for="search">Enter your query...</label>
              </div>
            </div>
          </nav>
 public function isAllowed(Auth $auth)
 {
     return $auth != null && in_array($auth->getUsername(), $this->whitelist);
 }
     */
    echo "<form method=\"post\" action=\"{$PHP_SELF}\">";
    echo "<input type=\"text\" name=\"username\">";
    echo "<input type=\"password\" name=\"password\">";
    echo "<input type=\"submit\">";
    echo "</form>";
}
$dsn = "mysql://*****:*****@db72c.pair.com/cityg_dev";
$params = array("dsn" => $dsn, "table" => "users", "usernamecol" => "username", "passwordcol" => "password");
$a = new Auth("DB", $params, "loginFunction");
print "Breakpoint 4";
$a->setSessionname('SPU_SITE');
$a->setExpire(3600);
// 60mins in seconds
$a->start();
$username = $a->getUsername();
print "Username: {$username}";
//log_err( __FILE__, __LINE__, "Status: ". $a->getStatus());
print "Status: " . $a->getStatus();
/**
Report:
THIS IS ALL WRONG: I was setting optional to 1 or 0 not true or false.
The docs are not very clear about the behavoir of Auth under all options and conditions.
With no callback defined: GET request with optional at zero produced default internal login form. With optional at one, produced the same.
With a dummy callback defined: GET request value of zero for optional displayed the callback login. A value of one did the same.
LOGGEDIN	GET		callback	optional	result
N			Y		N			0			internal form
N			Y		N			1			internal form
N			Y		Y			0			callback form
N			Y		Y			1			callback form
The form action for the internal form is (wisely) set to PHP_SELF.
Exemple #9
0
     // password required
     require "auth.php";
     $auth = new Auth();
     if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
         $auth->prompt();
         $digest = $_SERVER['PHP_AUTH_DIGEST'];
         $verified = $auth->verifyUser($digest);
     } else {
         $digest = $_SERVER['PHP_AUTH_DIGEST'];
         $verified = $auth->verifyUser($digest);
         if ($verified == 0) {
             $auth->prompt();
             $digest = $_SERVER['PHP_AUTH_DIGEST'];
             $verified = $auth->verifyUser($digest);
         }
         $memberUsername = $auth->getUsername($digest);
     }
     if ($verified == 1) {
         // valid password, look up authorization list
         $member = $auth->verifyMembership($username, $memberUsername);
         if ($member == 1) {
             $viewer->loadUserPage($username);
         } else {
             $viewer->unauthorized($username);
         }
     }
 } else {
     if ($username != "") {
         $viewer->loadUserPage($username);
     } else {
         $viewer->loadAllPage(1);
Exemple #10
0
<!DOCTYPE html>
<html ng-app="TurboFileApp" ng-controller="TurboFileCtrl">
<head>
	<base href="/">
	<title>{{$location.path()}}</title>
	<link rel="stylesheet" type="text/css" href="/_turbofile/css/app.css">
	<link rel="stylesheet" type="text/css" href="/_turbofile/css/theme2.css">
	<link rel="stylesheet" type="text/css" href="/_turbofile/css/animations.css">
</head>
<body ng-class="{animate: animate}">
	<div class="header_bar">
		<div id="user">
<?php 
$username = Auth::getUsername();
if ($username == '') {
    echo '<a reload="true" href="' . htmlspecialchars(Auth::getLoginUrl()) . '">Log in</a>';
} else {
    echo 'Hello, ' . htmlspecialchars($username) . '! <a reload="true" href="' . htmlspecialchars(Auth::getLogoutUrl()) . '">Log out</a>';
}
?>
		</div>
		<div id="logo"></div>
	</div>
	<div class="panels">
		<div class="panel"
		     ng-repeat="panel in panels"
		     ng-class="{
			     	hasnext: !$last,
			     	panel_dir: panel.type=='dir',
			     	panel_file: panel.type=='file',
			     }">
            break;
        case -5:
            $errro = "Security Issue. Please login again";
            break;
        default:
            $error = "Authentication Issue. Please report to Admin";
    }
    if (isset($error)) {
        $templateEngine->assign("error", $error);
    }
    $templateEngine->displayPage('usermin_login.tpl');
    exit;
}
$DatabaseConnections = new DatabaseConnections();
$Usermin = new DatabaseUsermin($DatabaseConnections->getRadiusDB());
$options = array('cryptType' => 'none', 'users' => $Usermin->getUsers());
$Auth = new Auth("Array", $options, "loginForm");
$Auth->setSessionName("GRASE Usermin");
$Auth->setAdvancedSecurity(array(AUTH_ADV_USERAGENT => true, AUTH_ADV_IPCHECK => true, AUTH_ADV_CHALLENGE => false));
$Auth->setIdle(120);
$Auth->start();
if (!$Auth->checkAuth()) {
    echo "Should never get here";
    // THIS CODE SHOULD NEVER RUN
    exit;
} elseif (isset($_GET['logoff'])) {
    $Auth->logout();
    $Auth->start();
} else {
    $templateEngine->assign("LoggedInUsername", $Auth->getUsername());
}
Exemple #12
0
 /**
  * PEAR::Auth側のusernameを返す
  *
  * @return string
  */
 function getUsername()
 {
     return $this->auth->getUsername();
 }
function loginFunction()
{
}
$dsn = "mysql://*****:*****@db72c.pair.com/cityg_dev";
$params = array("dsn" => $dsn, "table" => "users", "usernamecol" => "username", "passwordcol" => "password");
$a = new Auth("DB", $params, "loginFunction", FALSE);
// need to add member var for auth
$c->auth = $a;
//print "Auth: ".$c->auth;
// this does not seem to be working
//$c->auth->setSessionname('AUTHUSER');
//$a->setSessionname('AUTHUSER');
$a->setExpire(3600);
// 60mins in seconds
$a->start();
$username = $a->getUsername();
//print "<p>Username: $username</p>";
//log_err( __FILE__, __LINE__, "Status: ". $a->getStatus());
//print "Status: ". $a->getStatus();
// assign dynamic data
// All modules on the site could benefit from having
// the name of the currently logged in user. This needs
// to be displayed on nearly every page in an application.
// this depends on auth module, should auth method name
// change, this must be changed, be nice to have a wrapper
// object around auth
// yep, fails, context is not available here
//$this->assign('AUTH_USER_NAME', $this->c->auth-getUsername());
define('AUTH_USER_NAME', $a->getUsername());
/**
 * Helper classes.
Exemple #14
0
<?php

require_once "Auth.php";
require_once "config.php";
$a = new Auth("DB", CONN_DSN);
$a->start();
if (!$a->checkAuth()) {
    exit;
}
if ($a->getUsername() == ADMIN_LOGIN) {
    include "tpls/AdminPage.php";
} else {
    include "tpls/UserPage.php";
}
Exemple #15
0
$a = new Auth("DB", $options, "loginFunction", $optional);
$a->start();
function loginFunction()
{
    // show login page
}
function loginSuccess($username, $a)
{
    // write successful login to log
}
function loginFailed($username, $a)
{
    // write failed login to log
}
if ($a->getAuth()) {
    $email = $a->getUsername();
    $firstname = $a->getAuthData('firstname');
    $lastname = $a->getAuthData('lastname');
    $street = $a->getAuthData('street');
    $city = $a->getAuthData('city');
    $state = $a->getAuthData('state');
    $zip = $a->getAuthData('zip');
    $birthday = $a->getAuthData('birthday');
    $phone = $a->getAuthData('phone');
}
include 'includes/head.php';
?>
<!-- Produced By Ron Royston, ron@stndip.com -->

<html lang="en">
  <body>