$output = "ERROR => No module specified!\n";
$type = 'DCM';
// FIXME: Add IP Auth in Later --- or just use htaccess method
// Disconnect the user if their IP address isn't in our allowed list
// $remote_ip = ip_mangle($_SERVER['REMOTE_ADDR'], 'numeric');
// if (!in_array($remote_ip, $ips)) { print "1\r\nPermission denied!\n"; exit; }
printmsg("DEBUG => DCM_USER: {$_SERVER['PHP_AUTH_USER']}", 4);
// If no user name is passed in then use dcm.pl as the login name
// be careful as this currently does not require a password.
// FIXME: this needs to go away as it is a backdoor. allow it to be configurable at least?
// Start out the session as a guest with level 0 access. This is for view only mode.
// You can enable or disable this by setting the "disable_guest" sysconfig option
if ($_SERVER['PHP_AUTH_USER'] == '' and !$conf['disable_guest']) {
$_SESSION['ona']['auth']['user']['username'] = '******';
// create new local authentication class directly
$auth = load_auth_class('local');
get_perms('dcm.pl');
printmsg("INFO => [{$type}] {$_SESSION['ona']['auth']['user']['username']} has logged in", 3);
} else {
// Set the cli user as the login user
$DCMUSER = $_SESSION['ona']['auth']['user']['username'] = $_SERVER['PHP_AUTH_USER'];
printmsg("INFO => [{$type}] Attempting login as " . $DCMUSER, 4);
list($status, $js) = get_authentication($DCMUSER, $_SERVER['PHP_AUTH_PW']);
$errmsg = substr($js, 27);
if ($status == 0) {
$PERMSTAT = get_perms($DCMUSER);
printmsg("INFO => [{$type}] {$_SESSION['ona']['auth']['user']['username']} has logged in", 3);
} else {
printmsg("ERROR => DCM: Unknown user {$DCMUSER}", 4);
print "ERROR => [{$DCMUSER}]: {$errmsg}\nSee -l and -p options within dcm.pl.\n";
// clear the session
/**
* Authenticates the username/password supplied against
* the system configured auth type.
*
*
* @author Matt Pascoe <*****@*****.**>
* @return int 1 or 0 indicating success or failure of auth
* @return string A Javascript code containint status messages
*/
function get_authentication($login_name = '', $login_password = '')
{
global $base, $conf, $self, $onadb, $auth;
$js = "el('loginmsg').innerHTML = '<span style=\"color: green;\">Success!</span>'; setTimeout('removeElement(\\'tt_loginform\\')',1000);";
// Validate the userid was passed and is "clean"
if (!preg_match('/^[A-Za-z0-9.\\-_]+$/', $login_name)) {
$js = "el('loginmsg').innerHTML = 'Bad username format';";
printmsg("ERROR => Login failure for {$login_name}: Bad username format", 0);
return array(1, $js);
}
// Force guest logins to only use local auth module
if ($login_name == 'guest') {
printmsg("DEBUG => Guest user login, forcing local auth.", 1);
// create new authentication class
$auth = load_auth_class('local');
$conf['authtype'] = 'local';
} else {
// create new authentication class
$auth = load_auth_class();
}
// Check user/pass authentication
$authresult = $auth->checkPass($login_name, $login_password);
// If we do not find a valid user, fall back to local auth
if ($auth->founduser === false) {
// Fall back to local database to see if we have something there
if ($conf['authtype'] != 'local') {
printmsg("DEBUG => Unable to find user via auth_{$conf['authtype']}, falling back to local auth_local.", 1);
$auth = load_auth_class('local');
$authresult = $auth->checkPass($login_name, $login_password);
if ($auth->founduser === false) {
$js = "el('loginmsg').innerHTML = 'Unknown user';";
printmsg("ERROR => Login failure for {$login_name}: Unknown user", 0);
return array(1, $js);
}
// override the system configured authtype for now
$conf['authtype'] = 'local';
}
}
// If we do not get a positive authentication of user/pass then fail
if ($authresult === false) {
$js = "el('loginmsg').innerHTML = 'Password incorrect';";
printmsg("ERROR => Login failure for {$login_name} using authtype {$conf['authtype']}: Password incorrect", 0);
return array(1, $js);
}
// If the password is good.. return success.
printmsg("INFO => Authentication Successful for {$login_name} using authtype: {$conf['authtype']}", 1);
return array(0, $js);
}