private function _authenticate() { $auth = new Sabre_HTTP_BasicAuth(); $auth->setRealm(item::root()->title); $authResult = $auth->getUserPass(); list($username, $password) = $authResult; if (!$username || !$password) { $auth->requireLogin(); return false; } $user = identity::lookup_user_by_name($username); if (empty($user) || !identity::is_correct_password($user, $password)) { $auth->requireLogin(); return false; } identity::set_active_user($user); return true; }
/** * Authenticates the user based on the current request. * * If authentication is succesful, true must be returned. * If authentication fails, an exception must be thrown. * * @throws Sabre_DAV_Exception_NotAuthenticated * @return bool */ public function authenticate(Sabre_DAV_Server $server, $realm) { $auth = new Sabre_HTTP_BasicAuth(); $auth->setHTTPRequest($server->httpRequest); $auth->setHTTPResponse($server->httpResponse); $auth->setRealm($realm); $userpass = $auth->getUserPass(); if (!$userpass) { $auth->requireLogin(); throw new Sabre_DAV_Exception_NotAuthenticated('No basic authentication headers were found'); } // Authenticates the user if (!$this->validateUserPass($userpass[0], $userpass[1])) { $auth->requireLogin(); throw new Sabre_DAV_Exception_NotAuthenticated('Username or password does not match'); } $this->currentUser = $userpass[0]; return true; }
/** * Handles a WebDAV request. */ public function requestAction() { if (!isset($this->_config->resources->sabredav->enabled) || 0 == $this->_config->resources->sabredav->enabled) { // Render 404 $response = $this->getResponse(); $response->clearAllHeaders(); $response->clearBody(); $response->setHttpResponseCode(404); $response->sendResponse(); return; } $baseUri = $this->view->url('@admin_webdav'); $publicDir = ROOT_PATH . '/public/uploads'; $tmpDir = ROOT_PATH . '/data/tmp'; $auth = new Sabre_HTTP_BasicAuth(); $auth->setRealm('Fizzy'); $authResult = $auth->getUserPass(); if (false === $authResult) { $auth->requireLogin(); die('Authentication required'); } list($username, $password) = $authResult; $authAdapter = new Fizzy_Doctrine_AuthAdapter($username, $password); $authResult = $authAdapter->authenticate(); if ($authResult->getCode() !== Zend_Auth_Result::SUCCESS) { $auth->requireLogin(); die('Authentication failed'); } $publicDirObj = new Sabre_DAV_FS_Directory($publicDir); $objectTree = new Sabre_DAV_ObjectTree($publicDirObj); $server = new Sabre_DAV_Server($objectTree); $server->setBaseUri($baseUri); if (isset($this->_config->resources->sabredav->browser) && false != $this->_config->resources->sabredav->browser) { $browser = new Sabre_DAV_Browser_Plugin(); $server->addPlugin($browser); } $server->exec(); }
public function authenticate(Sabre_DAV_Server $server, $realm) { $auth = new Sabre_HTTP_BasicAuth(); $auth->setHTTPRequest($server->httpRequest); $auth->setHTTPResponse($server->httpResponse); $auth->setRealm($realm); $userpass = $auth->getUserPass(); if (!$userpass) { if (in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD', 'OPTIONS'))) { $userpass = array('', ''); } else { $auth->requireLogin(); throw new Sabre_DAV_Exception_NotAuthenticated('No basic authentication headers were found'); } } // Authenticates the user if (!$this->validateUserPass($userpass[0], $userpass[1])) { $auth->requireLogin(); throw new Sabre_DAV_Exception_NotAuthenticated('Username or password does not match'); } $this->currentUser = $userpass[0]; return true; }
<?php // include autoload require_once 'static/SabreDAV/vendor/autoload.php'; // init TSunic include_once 'init.php'; // Authentication $auth = new Sabre_HTTP_BasicAuth(); $result = $auth->getUserPass(); if (!$result or !$TSunic->Usr->login($result[0], $result[1])) { $auth->requireLogin(); echo "Authentication required\n"; die; } // allowed to use webdav? if (!$TSunic->Usr->access('$$$useWebdav')) { $TSunic->Log->doLog(3, "webdav: Access denied!"); throw new Sabre_DAV_Exception_Forbidden('Permission denied to use webdav'); die; } // Get root directory object $rootDirectory = new ${${$DavCollection}}(); // get server object $server = new Sabre_DAV_Server($rootDirectory); // set base uri //$server->setBaseUri('webdav.php'); // Add lock plugin $lockBackend = new Sabre_DAV_Locks_Backend_File($TSunic->Config->get('dir_data') . '/webdavlocks'); $lockPlugin = new Sabre_DAV_Locks_Plugin($lockBackend); $server->addPlugin($lockPlugin); // We assume $server is a Sabre_DAV_Server
function __construct(ipsRegistry $registry) { $this->registry = $registry; $this->DB = $this->registry->DB(); $this->settings =& $this->registry->fetchSettings(); $this->request =& $this->registry->fetchRequest(); $this->cache = $this->registry->cache(); $this->caches =& $this->registry->cache()->fetchCaches(); /* Set require path to include sabre directory */ @set_include_path(IPS_KERNEL_PATH . 'sabre/'); /*noLibHook*/ ipsRegistry::$settings['use_friendly_urls'] = 0; /* Fetch authentication library */ $classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/handlers/han_login.php', 'han_login'); $login = new $classToLoad($registry); /* Require spl for sabre */ require_once 'Sabre.autoload.php'; /*noLibHook*/ /* Attempt authentication */ $auth = new Sabre_HTTP_BasicAuth(); $auth->setRealm("IP.Board WebDav"); /* Enabled? */ if (!$this->settings['webdav_on']) { $auth->requireLogin(); echo "Please visit your Admin CP - Look and Feel - Externally Edit Templates and CSS to enable this functionality"; exit; } /* Fetch details */ $authDetails = $auth->getUserPass(); /* Check auth */ $member = IPSMember::load(IPSText::parseCleanValue($authDetails[0]), 'all', 'username'); if (!$member['member_id']) { $auth->requireLogin(); print "Authentication Required (User doesn't exist)"; exit; } /* Internal auth only */ $result = IPSMember::authenticateMember($member['member_id'], md5(IPSText::parseCleanValue($authDetails[1]))); if ($result === false) { $auth->requireLogin(); print "Authentication Required (Username or password incorrect)"; exit; } /* Load permissions class */ $classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/classes/class_permissions.php', 'class_permissions'); $this->registry->setClass('class_permissions', new $classToLoad($this->registry)); if (!$member['g_access_cp']) { $auth->requireLogin(); print "Authentication Required (You are not an admin)"; exit; } if (!$this->registry->getClass('class_permissions')->checkPermission('settemplates_external_edit')) { $auth->requireLogin(); print "You are not permitted to edit skins externally"; exit; } /* Require some files for our sabre implementation */ require_once IPS_ROOT_PATH . 'sources/classes/sabre/root/skins.php'; /*noLibHook*/ require_once IPS_ROOT_PATH . 'sources/classes/sabre/directory/templates.php'; /*noLibHook*/ require_once IPS_ROOT_PATH . 'sources/classes/sabre/directory/groups.php'; /*noLibHook*/ require_once IPS_ROOT_PATH . 'sources/classes/sabre/files/templates.php'; /*noLibHook*/ require_once IPS_ROOT_PATH . 'sources/classes/sabre/lock/nolocks.php'; /*noLibHook*/ $tree = new Sabre_DAV_ObjectTree(new sabre_root_skins()); $server = new Sabre_DAV_Server($tree); $server->setBaseUri($this->getBaseUrl() . '/'); //$server->addPlugin( new Sabre_DAV_Browser_Plugin() ); $server->addPlugin(new Sabre_DAV_Locks_Plugin(new sabre_lock_nolocks())); /* Process */ $server->exec(); }
function testGetUserPassNothing() { $this->assertEquals(false, $this->basicAuth->getUserPass()); }
} $dependencies = new XenForo_Dependencies_Admin(); $dependencies->preLoadData(); if (!function_exists('mb_detect_encoding')) { // this is a hack to not require the mbstring functions for *1* function call function mb_detect_encoding() { return 'UTF-8'; } } require $fileDir . '/library/Sabre/Sabre.autoload.php'; $request = new Zend_Controller_Request_Http(); $baseUrl = $request->getBaseUrl(); $auth = new Sabre_HTTP_BasicAuth(); $auth->setRealm('XenForo Admin CP WebDAV'); $authData = $auth->getUserPass(); /* @var $userModel XenForo_Model_User */ $userModel = XenForo_Model::create('XenForo_Model_User'); $authValid = false; $userId = $userModel->validateAuthentication($authData[0], $authData[1]); if ($userId) { $visitor = XenForo_Visitor::setup($userId); if ($visitor['is_admin']) { $authValid = true; } } if (!$authValid) { $auth->requireLogin(); echo "Authentication required"; exit; }