/** * Try to authenticate user from : * SSO * COOKIE * Given parameters * SESSION * * @return Zend_Auth_Result */ public function authenticate() { if (isset($this->_params['authType'])) { switch ($this->_params['authType']) { case 'credentials': if (isset($this->_params['login']) && isset($this->_params['password']) && $this->_params['login'] && $this->_params['password']) { //check token if (isset($this->_params['tokenName']) && $this->_params['tokenName'] && (!isset($this->_params['token']) || !$this->_params['token'] || !CMS_session::checkToken($this->_params['tokenName'], $this->_params['token']))) { $this->_messages[] = self::AUTH_INVALID_TOKEN; $this->_result = new Zend_Auth_Result(Zend_Auth_Result::FAILURE, null, $this->_messages); } else { //check user credentials from DB $sql = "\n\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\tid_pru\n\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\tprofilesUsers\n\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\tlogin_pru = '" . SensitiveIO::sanitizeSQLString($this->_params['login']) . "'\n\t\t\t\t\t\t\t\t\tand (\n\t\t\t\t\t\t\t\t\t\tpassword_pru = '" . SensitiveIO::sanitizeSQLString(md5($this->_params['password'])) . "'\n\t\t\t\t\t\t\t\t\t\tor password_pru = '{sha}" . SensitiveIO::sanitizeSQLString(sha1($this->_params['password'])) . "'\n\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\tand password_pru != ''\n\t\t\t\t\t\t\t\t\tand active_pru = 1\n\t\t\t\t\t\t\t\t\tand deleted_pru = 0\n\t\t\t\t\t\t\t"; $q = new CMS_query($sql); if ($q->getNumRows()) { $userId = $q->getValue("id_pru"); $this->_user = CMS_profile_usersCatalog::getByID($userId); if ($this->_user && !$this->_user->hasError() && !$this->_user->isDeleted() && $this->_user->isActive()) { $this->_messages[] = self::AUTH_VALID_CREDENTIALS; $this->_result = new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $this->_user->getUserId(), $this->_messages); //remove previous autologin cookie if exists if (isset($_COOKIE[CMS_session::getAutoLoginCookieName()])) { CMS_session::setCookie(CMS_session::getAutoLoginCookieName()); } return $this->_result; } else { $this->_messages[] = self::AUTH_INVALID_USER; $this->_result = new Zend_Auth_Result(Zend_Auth_Result::FAILURE, null, $this->_messages); $this->raiseError("user_id found don't instanciate a valid user object. ID : " . $userId); } } else { $this->_messages[] = self::AUTH_INVALID_CREDENTIALS; $this->_result = new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, null, $this->_messages); //wait a little (5 seconds) to avoid multiple simultaneous attempts sleep(5); } } } break; case 'session': $authStorage = new Zend_Auth_Storage_Session('atm-auth'); $userId = $authStorage->read(); if (io::isPositiveInteger($userId)) { if (!isset($this->_params['disconnect']) || !$this->_params['disconnect']) { //check user from session table if ($this->_checkSession($userId)) { $this->_user = CMS_profile_usersCatalog::getByID($userId); if ($this->_user && !$this->_user->hasError() && !$this->_user->isDeleted() && $this->_user->isActive()) { $this->_messages[] = self::AUTH_VALID_USER_SESSION; $this->_result = new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $this->_user->getUserId(), $this->_messages); return $this->_result; } else { $this->_messages[] = self::AUTH_INVALID_USER_SESSION; $this->_result = new Zend_Auth_Result(Zend_Auth_Result::FAILURE, null, $this->_messages); //clear session content CMS_session::deleteSession(true); } } else { //clear session content CMS_session::deleteSession(); } } } break; case 'cookie': if (isset($_COOKIE[CMS_session::getAutoLoginCookieName()])) { if (!isset($this->_params['disconnect']) || !$this->_params['disconnect']) { if (!$this->_autoLogin()) { //remove cookie CMS_session::setCookie(CMS_session::getAutoLoginCookieName()); } else { return $this->_result; } } } break; case 'sso': if (!(isset($this->_params['login']) && isset($this->_params['password']) && $this->_params['login'] && $this->_params['password'])) { if (defined('MOD_STANDARD_SSO_LOGIN') && MOD_STANDARD_SSO_LOGIN) { $this->_user = CMS_profile_usersCatalog::getByLogin(MOD_STANDARD_SSO_LOGIN); if ($this->_user && !$this->_user->hasError()) { $this->_messages[] = self::AUTH_SSOLOGIN_VALID; $this->_result = new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $this->_user->getUserId(), $this->_messages); return $this->_result; } else { $this->_messages[] = self::AUTH_SSOLOGIN_INVALID_USER; $this->_result = new Zend_Auth_Result(Zend_Auth_Result::FAILURE, null, $this->_messages); } } elseif (defined('MOD_STANDARD_SSO_FUNCTION') && MOD_STANDARD_SSO_FUNCTION) { if (is_callable(MOD_STANDARD_SSO_FUNCTION, false)) { //check if function/method name exists. $login = ''; if (io::strpos(MOD_STANDARD_SSO_FUNCTION, '::') !== false) { //static method call $method = explode('::', MOD_STANDARD_SSO_FUNCTION); $login = call_user_func(array($method[0], $method[1])); } else { //function call $login = call_user_func(MOD_STANDARD_SSO_FUNCTION); } if ($login) { $this->_user = CMS_profile_usersCatalog::getByLogin($login); if ($this->_user && !$this->_user->hasError()) { $this->_messages[] = self::AUTH_SSOLOGIN_VALID; $this->_result = new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $this->_user->getUserId(), $this->_messages); return $this->_result; } else { $this->_messages[] = self::AUTH_SSOLOGIN_INVALID_USER; $this->_result = new Zend_Auth_Result(Zend_Auth_Result::FAILURE, null, $this->_messages); } } } else { $this->raiseError('Cannot call SSO method/function: ' . MOD_STANDARD_SSO_FUNCTION); } } } break; default: CMS_grandFather::raiseError('Unknown authType: ' . $this->_params['authType']); break; } } //Nothing found if (!$this->_result) { $this->_messages[] = self::AUTH_MISSING_CREDENTIALS; $this->_result = new Zend_Auth_Result(Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND, null, $this->_messages); } return $this->_result; }
/** * Check a session token value for a given token name * * @param string $name, token name to check * @param string $token, token value to check * @return boolean : true if token is valid or false otherwise * @access public */ static function checkToken($name, $token) { return CMS_session::checkToken($name, $token); }
/** * This function is called to catch and launch all FE forms actions * * @param array $formIDs : the forms ids to check for actions * @param integer $pageID : the current page id * @param boolean $public : the data status * @param string $languageCode : the language code used * @param reference array $polymodFormsError : the forms error status to return * @param reference array $polymodFormsItem : reference to the forms item * @return boolean : true on success, false on failure * @access public * @static */ static function formActions($formIDs, $pageID, $languageCode, $public, &$polymodFormsError, &$polymodFormsItems) { global $cms_language, $cms_user; if (!is_array($formIDs)) { return false; } foreach ($formIDs as $formID) { if (io::request('formID') && io::request('formID') == $formID) { if (!isset($cms_language) || $cms_language->getCode() != $languageCode) { $cms_language = new CMS_language($languageCode); } //instanciate item $item = ''; if (io::request('object', 'io::isPositiveInteger', '')) { //check user rights on module $module = CMS_poly_object_catalog::getModuleCodenameForObjectType(io::request('object')); //Check user rights //here assume than user should only need the view right on module, because admin right allow Automne administration access if (!is_object($cms_user) || !$cms_user->hasModuleClearance($module, CLEARANCE_MODULE_VIEW)) { CMS_grandFather::raiseError('No user found or user has no administration rights on module ' . $module); return false; } //instanciate object $object = CMS_poly_object_catalog::getObjectDefinition(io::request('object')); if ($object && io::request('item', 'io::isPositiveInteger', '')) { $search = new CMS_object_search($object, false); $search->addWhereCondition('item', io::request('item')); $items = $search->search(); if (isset($items[io::request('item')])) { $item = $items[io::request('item')]; } else { $item = new CMS_poly_object($object->getID()); } } else { $item = new CMS_poly_object($object->getID()); } } if (is_object($item) && !$item->hasError()) { //get item fieldsObjects $fieldsObjects =& $item->getFieldsObjects(); //checks and assignments $item->setDebug(false); //first, check mandatory values foreach ($fieldsObjects as $fieldID => $aFieldObject) { //if field is part of formular if (isset($_REQUEST['polymodFields'][$fieldID])) { if (!$item->checkMandatory($fieldID, $_REQUEST, '')) { $polymodFormsError[$formID]['required'][$fieldID] = $fieldID; } } } //second, set values for all fields foreach ($fieldsObjects as $fieldID => $aFieldObject) { //if field is part of formular if (isset($_REQUEST['polymodFields'][$fieldID])) { //if form use a callback, call it //do not use call_user_function here $funcName = 'form_' . $formID . '_' . $fieldID; if (!$item->setValues($fieldID, $_REQUEST, '')) { $polymodFormsError[$formID]['malformed'][] = $fieldID; } elseif (!isset($polymodFormsError[$formID]['required'][$fieldID]) && function_exists('form_' . $formID . '_' . $fieldID) && !$funcName($formID, $fieldID, $item)) { $polymodFormsError[$formID]['malformed'][] = $fieldID; } } } //set publication dates if needed if (isset($_REQUEST['polymodFields']) && $_REQUEST['polymodFields']) { if ($object->isPrimaryResource()) { // Dates management $dt_beg = new CMS_date(); $dt_beg->setDebug(false); $dt_beg->setFormat($cms_language->getDateFormat()); $dt_end = new CMS_date(); $dt_end->setDebug(false); $dt_end->setFormat($cms_language->getDateFormat()); if (!($dt_set_1 = $dt_beg->setLocalizedDate(@$_REQUEST["pub_start"], true))) { $polymodFormsError[$formID]['malformed'][] = 'pub_start'; } if (!($dt_set_2 = $dt_end->setLocalizedDate(@$_REQUEST["pub_end"], true))) { $polymodFormsError[$formID]['malformed'][] = 'pub_end'; } //if $dt_beg && $dt_end, $dt_beg must be lower than $dt_end if (!$dt_beg->isNull() && !$dt_end->isNull()) { if (CMS_date::compare($dt_beg, $dt_end, '>')) { $polymodFormsError[$formID]['malformed'][] = 'pub_start'; $polymodFormsError[$formID]['malformed'][] = 'pub_end'; $dt_set_1 = $dt_set_2 = false; } } if ($dt_set_1 && $dt_set_2) { $item->setPublicationDates($dt_beg, $dt_end); } } } //Check form token if (!isset($_POST["atm-token"]) || !CMS_session::checkToken(MOD_POLYMOD_CODENAME . '-' . $formID, $_POST["atm-token"])) { $polymodFormsError[$formID]['error'][] = 'form-token'; return false; } else { //Token is used so expire it CMS_session::expireToken(MOD_POLYMOD_CODENAME . '-' . $formID); } if (!$polymodFormsError[$formID]) { //save the data if (!$item->writeToPersistence()) { $polymodFormsError[$formID]['error'][] = 'write'; $polymodFormsError[$formID]['filled'] = 0; } else { $polymodFormsError[$formID]['filled'] = 1; //if form use a callback, call it //do not use call_user_function here $funcName = 'form_' . $formID; if (function_exists('form_' . $formID) && !$funcName($formID, $item)) { $polymodFormsError[$formID]['filled'] = 0; $polymodFormsError[$formID]['error'][] = 'callback'; } } //if item is a primary resource, unlock it if ($object->isPrimaryResource()) { $item->unlock(); } } else { $polymodFormsError[$formID]['filled'] = 0; } //save item for later use $polymodFormsItems[$formID] = $item; } else { $polymodFormsError[$formID]['filled'] = 0; $polymodFormsError[$formID]['error'][] = 'right'; CMS_grandFather::raiseError('No item found or user has no administration rights on item... '); return false; } } } return true; }
/** * Set interface secure. Check request is made from a valid Automne Ajax * Use http header * * @return string : the copyright to add * @access public */ function setSecure($secure = true) { $this->_secure = $secure ? true : false; if ($this->_secure) { if (isset($_SERVER['HTTP_X_POWERED_BY']) && $_SERVER['HTTP_X_POWERED_BY'] == 'Automne' && isset($_SERVER['HTTP_X_ATM_TOKEN'])) { if (CMS_session::checkToken('admin', $_SERVER['HTTP_X_ATM_TOKEN'])) { return true; } } $this->raiseError('Unautorized query on a secure interface : Query on ' . $_SERVER['SCRIPT_NAME'] . ' - from ' . @$_SERVER['HTTP_REFERER']); $this->setDisconnected(true); $this->show(); } }