function run_error_checks()
{
$name = trim($this->display_name);
if (empty($name)) {
$name = $this->name;
}
$name = prettify_string($name);
$username = reason_require_authentication();
$password = $this->grab_value();
$dir = new directory_service();
if (!$dir->authenticate($username, $password)) {
$this->set_error($name . ': Please check your password.');
}
}
/**
* Require authentication via http basic auth
*
* Note 1: If the user already has a session-based login, or the script is otherwise behind an
* apache-rule-based http auth, this function will return the username without forcing a second
* login.
*
* Note 2: This function currently only works properly when php is running as an Apache module. If
* Apache is running under CGI/Fast CGI, it currently simply denies access.
*
* @todo Add CGI/FastCGI support
*
* @param string $realm
* @param string $cancel_message
* @return string username
*
*/
function reason_require_http_authentication($realm = FULL_ORGANIZATION_NAME, $cancel_message = '')
{
if($username = reason_check_authentication())
return $username;
force_secure_if_available();
if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW']))
{
require_once(CARL_UTIL_INC.'dir_service/directory.php');
$dir = new directory_service();
if($dir->authenticate($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']))
return $_SERVER['PHP_AUTH_USER'];
}
$cgi_mode = (substr(php_sapi_name(), 0, 3) == 'cgi');
if(!$cgi_mode)
{
header('WWW-Authenticate: Basic realm="'.str_replace('"',"'",$realm).'"');
}
http_response_code(401);
if(empty($cancel_message))
{
$msg_str = 'This resource requires login.';
$cancel_message = '<!doctype HTML><html><title>'.$msg_str.'</title></head><body><h3>'.$msg_str.'</h3>';
if($cgi_mode && function_exists('is_developer') && is_developer())
$cancel_message .= '<p>HTTP authentication is not currently supported when PHP is running under CGI/Fast CGI.</p>';
$cancel_message .= '</body></html>';
}
echo $cancel_message;
exit;
}
protected function do_login()
{
$auth = new directory_service($this->params['auth_service']);
// succesful login
if ($auth->authenticate($this->request['username'], $this->request['password'])) {
$this->sess->start();
$this->logged_in = true;
$this->sess->set('username', strtolower(trim($this->request['username'])));
$this->log_authentication_event('login succeeded', $this->request['username']);
$this->clear_test_cookie();
// pop user back to the top of the page. this makes sure that the session
// info is available to all modules
if (!empty($this->dest_page)) {
header('Location: ' . $this->get_dest_page_link(true));
exit;
} else {
$this->do_logged_in();
}
} else {
$this->log_authentication_event('login failed', $this->request['username']);
$this->status_msg = 'The username and password you provided do not match. Please try again.';
}
}
function init($args = array())
{
$head_items =& $this->parent->head_items;
$head_items->add_javascript(JQUERY_URL, true);
$head_items->add_javascript(WEB_JAVASCRIPT_PATH . 'login/focus.js');
$this->current_url = get_current_url();
$this->on_secure_page_if_available = !HTTPS_AVAILABLE || on_secure_page();
if (empty($this->request['dest_page'])) {
// in standalone mode, once the user has successfully logged in, they will be bounced back to the page
// they came from if there was one. otherwise, they will see a successful login message
if ($this->params['login_mode'] == 'standalone') {
if (empty($this->request['popup'])) {
// we have a referer. remember for later.
if (isset($_SERVER['HTTP_REFERER']) && !empty($_SERVER['HTTP_REFERER'])) {
$this->dest_page = $_SERVER['HTTP_REFERER'];
} else {
// we have no valid information on where to go back to. this will happen if a user goes
// directly to the login page without clicking on a link. in this case, there will be no
// jumping and a message saying you are logged in will appear along side the logout link.
}
}
} else {
$this->dest_page = $this->current_url;
}
} else {
// Search engines should not be indexing versions of the index page with specific destinations
$head_items->add_head_item('meta', array('name' => 'robots', 'content' => 'none'));
$this->dest_page = $this->request['dest_page'];
}
if (!empty($this->request['redir_link_text'])) {
$this->redir_link_text = $this->request['redir_link_text'];
}
$this->dest_page = $this->localize_destination_page();
$this->sess =& get_reason_session();
$this->logged_in = false;
// A session exists
if ($this->sess->exists()) {
if (!$this->sess->has_started()) {
$this->sess->start();
}
// user is logging out
if (!empty($this->request['logout'])) {
$username = $this->sess->get('username');
$this->sess->destroy();
$this->msg = 'You are now logged out';
$this->log_authentication_event('logout succeeded', $username);
if (empty($this->request['noredirect'])) {
$parts = parse_url($this->dest_page);
$port = isset($parts['port']) && !empty($parts['port']) ? ":" . $parts['port'] : '';
$query = isset($parts['query']) && !empty($parts['query']) ? '?' . $parts['query'] : '';
$fragment = isset($parts['fragment']) ? '#' . $parts['fragment'] : '';
$loc = 'http://' . $parts['host'] . $port . $parts['path'] . $query . $fragment;
header('Location: ' . $loc);
exit;
}
} elseif (!$this->sess->get('username')) {
$this->sess->destroy();
header('Location: ' . get_current_url());
exit;
} else {
$this->logged_in = true;
$this->msg = 'You are logged in as ' . $this->sess->get('username') . '.';
if (!empty($this->dest_page)) {
if ($this->dest_page != get_current_url()) {
$dest_txt = $this->_get_dest_page_text();
$cleaned_dest_page = htmlspecialchars($this->dest_page);
$this->msg_extra = '<p>Proceed to <a href="' . $cleaned_dest_page . '" title="' . $cleaned_dest_page . '">' . htmlspecialchars($dest_txt) . '</a></p>';
}
}
}
} else {
// trying to login
if (!empty($this->request['username']) and !empty($this->request['password'])) {
if ($this->test_cookie_exists()) {
$auth = new directory_service($this->params['auth_service']);
// succesful login
if ($auth->authenticate($this->request['username'], $this->request['password'])) {
$this->sess->start();
$this->logged_in = true;
$this->sess->set('username', trim($this->request['username']));
$this->log_authentication_event('login succeeded', $this->request['username']);
// pop user back to the top of the page. this makes sure that the session
// info is available to all modules
if (!empty($this->dest_page)) {
$parts = parse_url($this->dest_page);
$port = isset($parts['port']) && !empty($parts['port']) ? ":" . $parts['port'] : '';
$query = isset($parts['query']) && !empty($parts['query']) ? '?' . $parts['query'] : '';
$fragment = isset($parts['fragment']) ? '#' . $parts['fragment'] : '';
$loc = securest_available_protocol() . '://' . $parts['host'] . $port . $parts['path'] . $query . $fragment;
header('Location: ' . $loc);
exit;
}
if (!empty($this->request['popup'])) {
$this->close_window = true;
$this->msg = 'You are now logged in. Please close this window.';
}
} else {
$this->log_authentication_event('login failed', $this->request['username']);
$this->msg = 'The username and password you provided do not match. Please try again.';
}
} else {
$this->msg = 'It appears that you do not have cookies enabled. Please enable cookies and try logging in again';
}
} else {
$this->set_test_cookie();
if (!empty($this->request['code'])) {
$s =& get_reason_session();
$this->msg = $s->get_error_msg($this->request['code']);
}
if (!empty($this->request['msg_uname'])) {
$msg_id = id_of($this->request['msg_uname'], true, false);
if (!empty($msg_id)) {
$msg_ent = new entity($msg_id);
if ($msg_ent->get_value('type') == id_of('text_blurb')) {
$this->msg .= $msg_ent->get_value('content');
}
}
}
}
}
}