/** * Test for issue #16322: eZTextFileUser makes user names with newline (with patch) */ public function testLoginWrongUsername() { $userClass = eZUserLoginHandler::instance('textfile'); $user = $userClass->loginUser('wrong username', 'wrong password'); // the username and password were not accepted $this->assertEquals(false, $user instanceof eZUser); }
/** * Checks authentication for the given $user. * * This method checks the given user/password credentials encapsulated in * $data. Returns true if the user was succesfully recognized and the * password is valid for him, false otherwise. In case no username and/or * password was provided in the request, empty strings are provided as the * parameters of this method. * * @param ezcWebdavBasicAuth $data * @return bool */ public function authenticateBasic(ezcWebdavBasicAuth $data) { $loginHandler = 'standard'; eZWebDAVContentBackend::appendLogEntry("Got username: {$data->username}"); // added by @ds to fix problems with IE6 SP2 if (preg_match('(^' . preg_quote($_SERVER['SERVER_NAME']) . '(.+))', $data->username, $matches) > 0) { $data->username = $matches[1]; } eZWebDAVContentBackend::appendLogEntry("Processed to username: {$data->username}"); $userClass = eZUserLoginHandler::instance($loginHandler); $user = $userClass->loginUser($data->username, $data->password); if (!$user instanceof eZUser) { return false; } eZWebDAVContentBackend::appendLogEntry("AuthenticatedBasic"); return true; }
/** * Check if user login is required. If so, use login handler to redirect user. * * @deprecated As of 4.4, moved to {@link eZUserLoginHandler::preCheck()} * @param array $siteBasics * @param eZURI $uri * @return array|true|false|null An associative array on redirect with 'module' and 'function' keys, true on successful * and false/null on #fail. */ function eZCheckUser(array &$siteBasics, eZURI $uri) { if (!$siteBasics['user-object-required']) { return null; } $ini = eZINI::instance(); $requireUserLogin = $ini->variable('SiteAccessSettings', 'RequireUserLogin') == 'true'; $forceLogin = false; if (eZSession::hasStarted()) { $http = eZHTTPTool::instance(); $forceLogin = $http->hasSessionVariable(eZUserLoginHandler::FORCE_LOGIN); } if (!$requireUserLogin && !$forceLogin) { return null; } return eZUserLoginHandler::checkUser($siteBasics, $uri); }
/** * Check if user login is required. If so, use login handler to redirect user. * * @deprecated As of 4.4, moved to {@link eZUserLoginHandler::preCheck()} * @param array $siteBasics * @param eZURI $uri * @return array|true|false|null An associative array on redirect with 'module' and 'function' keys, true on successful * and false/null on #fail. */ function eZCheckUser(array &$siteBasics, eZURI $uri) { eZDebug::writeStrict('Function eZCheckUser() has been deprecated in 4.4 in favor of eZUserLoginHandler::preCheck()', 'Deprecation'); if (!$siteBasics['user-object-required']) { return null; } $ini = eZINI::instance(); $requireUserLogin = $ini->variable('SiteAccessSettings', 'RequireUserLogin') == 'true'; $forceLogin = false; if (eZSession::hasStarted()) { $http = eZHTTPTool::instance(); $forceLogin = $http->hasSessionVariable(eZUserLoginHandler::FORCE_LOGIN); } if (!$requireUserLogin && !$forceLogin) { return null; } return eZUserLoginHandler::checkUser($siteBasics, $uri); }
function ezp_authandexec($user, $password, $functionName, $params) { $server = $GLOBALS['ggws_server']; // replicate here logic found in user/login $ini = eZINI::instance(); if ($ini->hasVariable('UserSettings', 'LoginHandler')) { $loginHandlers = $ini->variable('UserSettings', 'LoginHandler'); } else { $loginHandlers = array('standard'); } foreach ($loginHandlers as $loginHandler) { $userClass = eZUserLoginHandler::instance($loginHandler); $user = $userClass->loginUser($user, $password); if ($user instanceof eZUser) { // do we need to check this, really? //$hasAccessToSite = $user->canLoginToSiteAccess( $GLOBALS['eZCurrentAccess'] ); //if ( $hasAccessToSite ) //{ // check if new user has access to the actual ws $access = ggeZWebservices::checkAccess($functionName, $user); if (!$access) { return new ggWebservicesFault(ggWebservicesServer::INVALIDAUTHERROR, ggWebservicesServer::INVALIDAUTHSTRING); } if ($server->isInternalRequest($functionName)) { return $server->handleInternalRequest($functionName, $params); } else { return $server->handleRequest($functionName, $params); } //} //else //{ // $user->logoutCurrent(); // // @todo ... // //return $module->handleError( eZError::KERNEL_ACCESS_DENIED, 'kernel' ); // return new ggWebservicesFault( ggWebservicesServer::INVALIDAUTHERROR, ggWebservicesServer::INVALIDAUTHSTRING ); //} } } return new ggWebservicesFault(ggWebservicesServer::INVALIDAUTHERROR, ggWebservicesServer::INVALIDAUTHSTRING); }
/** * Test for issue #16328: Wrong hash stored in database on hash update in ezUser.php */ public function testPasswordHashSamePasswordToUser() { // Get the password_hash $db = eZDB::instance(); $rows = $db->arrayQuery("SELECT * FROM ezuser where login = '******'"); if (count($rows) !== 1) { $this->fail("User {$this->username} is not in database."); } // Not used in this test $passwordHashMD5Password = $rows[0]['password_hash']; // Above it was only the setup for the test, the real test begins now // Set HashType to md5_user (password_hash in the ezuser table is updated again) ezpINIHelper::setINISetting('site.ini', 'UserSettings', 'HashType', 'md5_user'); // Login the user with email instead of username $userClass = eZUserLoginHandler::instance('standard'); $user = $userClass->loginUser($this->email, $this->password); // Verify that the email and password were accepted if (!$user instanceof eZUser) { $this->fail("User {$this->email} is not in database."); } // Get the password_hash $db = eZDB::instance(); $rows = $db->arrayQuery("SELECT * FROM ezuser where login = '******'"); $passwordHashMD5User = $rows[0]['password_hash']; // The value that is expected to be saved in the ezuser table after updating the HashType to md5_user // (using the username and not the email address, which caused issue #16328) $hashMD5Expected = md5("{$this->username}\n{$this->password}"); // Verify that the 2 password hashes saved above are the same $this->assertEquals($hashMD5Expected, $passwordHashMD5User); // Verify that the user can still login with username $userClass = eZUserLoginHandler::instance('standard'); $user = $userClass->loginUser($this->username, $this->password); // Verify that the username and password were accepted if (!$user instanceof eZUser) { $this->fail("User {$this->username} is not in database."); } }
static function checkUser(&$siteBasics, &$url) { $http = eZHTTPTool::instance(); if (!$http->hasSessionVariable(self::STEP)) { $http->setSessionVariable(self::STEP, self::STEP_PRE_CHECK_USER_INFO); } $loginStep =& $http->sessionVariable(self::STEP); if ($http->hasSessionVariable(self::FORCE_LOGIN) && $loginStep < self::STEP_PRE_COLLECT_USER_INFO) { $loginStep = self::STEP_PRE_COLLECT_USER_INFO; } switch ($loginStep) { case self::STEP_PRE_CHECK_USER_INFO: $ini = eZINI::instance(); $handlerList = array('standard'); if ($ini->hasVariable('UserSettings', 'LoginHandler')) { $handlerList = $ini->variable('UserSettings', 'LoginHandler'); } if ($http->hasSessionVariable(self::LAST_HANDLER_NAME)) { $http->removeSessionVariable(self::LAST_HANDLER_NAME); } foreach ($handlerList as $handler) { $userObject = eZUserLoginHandler::instance($handler); if ($userObject) { $check = $userObject->checkUser($siteBasics, $url); if ($check === null) { eZUserLoginHandler::sessionCleanup(); return null; } $http->setSessionVariable(self::LAST_CHECK_REDIRECT, $check); $http->setSessionVariable(self::LAST_HANDLER_NAME, $handler); } } $http->setSessionVariable(self::STEP, self::STEP_PRE_COLLECT_USER_INFO); return eZUserLoginHandler::checkUser($siteBasics, $url); break; case self::STEP_PRE_COLLECT_USER_INFO: $http->setSessionVariable(self::STEP, self::STEP_POST_COLLECT_USER_INFO); $handler = null; if ($http->hasSessionVariable(self::LAST_HANDLER_NAME)) { $handlerName = $http->sessionVariable(self::LAST_HANDLER_NAME); $handler = eZUserLoginHandler::instance($handlerName); } if ($handler) { return $handler->preCollectUserInfo(); } else { $redirect =& $http->sessionVariable(self::LAST_CHECK_REDIRECT); if (!$redirect) { $redirect = array('module' => 'user', 'function' => 'login'); } return $redirect; } break; case self::STEP_POST_COLLECT_USER_INFO: $http->setSessionVariable(self::STEP, self::STEP_LOGIN_USER); $handler = null; if ($http->hasSessionVariable(self::LAST_HANDLER_NAME)) { $handlerName = $http->sessionVariable(self::LAST_HANDLER_NAME); $handler = eZUserLoginHandler::instance($handlerName); } if ($handler) { // Use specified login handler to handle Login info input if (!$handler->postCollectUserInfo()) { eZUserLoginHandler::sessionCleanup(); eZHTTPTool::redirect('/'); eZExecution::cleanExit(); } } return eZUserLoginHandler::checkUser($siteBasics, $url); break; case self::STEP_LOGIN_USER: $ini = eZINI::instance(); $handlerList = array('standard'); if ($ini->hasVariable('UserSettings', 'LoginHandler')) { $handlerList = $ini->variable('UserSettings', 'LoginHandler'); } $userInfoArray =& $http->sessionVariable(self::USER_INFO); $http->removeSessionVariable(self::USER_INFO); if ($http->hasSessionVariable(self::FORCE_LOGIN)) { $http->removeSessionVariable(self::FORCE_LOGIN); } $user = null; if (is_array($userInfoArray) and $userInfoArray['login'] and $userInfoArray['password']) { foreach ($handlerList as $handler) { $userObject = eZUserLoginHandler::instance($handler); if ($userObject) { $user = $userObject->loginUser($userInfoArray['login'], $userInfoArray['password']); if (is_subclass_of($user, 'eZUser')) { eZUserLoginHandler::sessionCleanup(); return null; } else { if (is_array($user)) { eZUserLoginHandler::sessionCleanup(); return $user; } } } } } $http->setSessionVariable(self::STEP, self::STEP_PRE_CHECK_USER_INFO); return eZUserLoginHandler::checkUser($siteBasics, $url); break; } }
if ($userLogin != '') { if ($http->hasSessionVariable("RedirectAfterLogin", false)) { $http->removeSessionVariable('RedirectAfterLogin'); } if ($ini->hasVariable('UserSettings', 'LoginHandler')) { $loginHandlers = $ini->variable('UserSettings', 'LoginHandler'); } else { $loginHandlers = array('standard'); } $hasAccessToSite = true; if ($http->hasPostVariable('Cookie') && $ini->hasVariable('Session', 'RememberMeTimeout') && ($rememberMeTimeout = $ini->variable('Session', 'RememberMeTimeout'))) { eZSession::setCookieParams($rememberMeTimeout); } foreach (array_keys($loginHandlers) as $key) { $loginHandler = $loginHandlers[$key]; $userClass = eZUserLoginHandler::instance($loginHandler); if (!is_object($userClass)) { continue; } $user = $userClass->loginUser($userLogin, $userPassword); if ($user instanceof eZUser) { $hasAccessToSite = $user->canLoginToSiteAccess($GLOBALS['eZCurrentAccess']); if (!$hasAccessToSite) { $user->logoutCurrent(); $user = null; $siteAccessName = $GLOBALS['eZCurrentAccess']['name']; $siteAccessAllowed = false; } break; } }
protected function requestInit() { if ($this->isInitialized) { return; } eZExecution::setCleanExit(false); $scriptStartTime = microtime(true); $GLOBALS['eZRedirection'] = false; $this->access = eZSiteAccess::current(); eZDebug::setScriptStart($scriptStartTime); eZDebug::addTimingPoint("Script start"); $this->uri = eZURI::instance(eZSys::requestURI()); $GLOBALS['eZRequestedURI'] = $this->uri; // Be able to do general events early in process ezpEvent::getInstance()->notify('request/preinput', array($this->uri)); // Initialize module loading $this->siteBasics['module-repositories'] = eZModule::activeModuleRepositories(); eZModule::setGlobalPathList($this->siteBasics['module-repositories']); // make sure we get a new $ini instance now that it has been reset $ini = eZINI::instance(); // start: eZCheckValidity // pre check, setup wizard related so needs to be before session/db init // TODO: Move validity check in the constructor? Setup is not meant to be launched at each (sub)request is it? if ($ini->variable('SiteAccessSettings', 'CheckValidity') === 'true') { $this->check = array('module' => 'setup', 'function' => 'init'); // Turn off some features that won't bee needed yet $this->siteBasics['policy-check-omit-list'][] = 'setup'; $this->siteBasics['show-page-layout'] = $ini->variable('SetupSettings', 'PageLayout'); $this->siteBasics['validity-check-required'] = true; $this->siteBasics['session-required'] = $this->siteBasics['user-object-required'] = false; $this->siteBasics['db-required'] = $this->siteBasics['no-cache-adviced'] = $this->siteBasics['url-translator-allowed'] = false; $this->siteBasics['site-design-override'] = $ini->variable('SetupSettings', 'OverrideSiteDesign'); $this->access = eZSiteAccess::change(array('name' => 'setup', 'type' => eZSiteAccess::TYPE_URI)); eZTranslatorManager::enableDynamicTranslations(); } // stop: eZCheckValidity if ($this->siteBasics['session-required']) { // Check if this should be run in a cronjob if ($ini->variable('Session', 'BasketCleanup') !== 'cronjob') { eZSession::addCallback('destroy_pre', function (eZDBInterface $db, $key, $escapedKey) { $basket = eZBasket::fetch($key); if ($basket instanceof eZBasket) { $basket->remove(); } }); eZSession::addCallback('gc_pre', function (eZDBInterface $db, $time) { eZBasket::cleanupExpired($time); }); eZSession::addCallback('cleanup_pre', function (eZDBInterface $db) { eZBasket::cleanup(); }); } // addCallBack to update session id for shop basket on session regenerate eZSession::addCallback('regenerate_post', function (eZDBInterface $db, $escNewKey, $escOldKey) { $db->query("UPDATE ezbasket SET session_id='{$escNewKey}' WHERE session_id='{$escOldKey}'"); }); // TODO: Session starting should be made only once in the constructor $this->sessionInit(); } // if $this->siteBasics['db-required'], open a db connection and check that db is connected if ($this->siteBasics['db-required'] && !eZDB::instance()->isConnected()) { $this->warningList[] = array('error' => array('type' => 'kernel', 'number' => eZError::KERNEL_NO_DB_CONNECTION), 'text' => 'No database connection could be made, the system might not behave properly.'); } // eZCheckUser: pre check, RequireUserLogin & FORCE_LOGIN related so needs to be after session init if (!isset($this->check)) { $this->check = eZUserLoginHandler::preCheck($this->siteBasics, $this->uri); } ezpEvent::getInstance()->notify('request/input', array($this->uri)); // Initialize with locale settings // TODO: Move to constructor? Is it relevant to init the locale/charset for each (sub)requests? $this->languageCode = eZLocale::instance()->httpLocaleCode(); $phpLocale = trim($ini->variable('RegionalSettings', 'SystemLocale')); if ($phpLocale != '') { setlocale(LC_ALL, explode(',', $phpLocale)); } $this->httpCharset = eZTextCodec::httpCharset(); // TODO: are these parameters supposed to vary across potential sub-requests? $this->site = array('title' => $ini->variable('SiteSettings', 'SiteName'), 'design' => $ini->variable('DesignSettings', 'SiteDesign'), 'http_equiv' => array('Content-Type' => 'text/html; charset=' . $this->httpCharset, 'Content-language' => $this->languageCode)); // Read role settings $this->siteBasics['policy-check-omit-list'] = array_merge($this->siteBasics['policy-check-omit-list'], $ini->variable('RoleSettings', 'PolicyOmitList')); $this->isInitialized = true; }
eZSession::addCallback('regenerate_post', 'eZSessionBasketRegenerate'); if ($ini->variable('Session', 'ForceStart') === 'enabled') { eZSession::start(); } else { eZSession::lazyStart(); } // let session specify if db is required $dbRequired = eZSession::getHandlerInstance()->dbRequired(); } // if $dbRequired, open a db connection and check that db is connected if ($dbRequired && !eZDB::instance()->isConnected()) { $warningList[] = array('error' => array('type' => 'kernel', 'number' => eZError::KERNEL_NO_DB_CONNECTION), 'text' => 'No database connection could be made, the system might not behave properly.'); } // eZCheckUser: pre check, RequireUserLogin & FORCE_LOGIN related so needs to be after session init if (!isset($check)) { $check = eZUserLoginHandler::preCheck($siteBasics, $uri); } /** * Check for activating Debug by user ID (Final checking. The first was in eZDebug::updateSettings()) * @uses eZUser::instance() So needs to be executed after eZSession::start()|lazyStart() */ eZDebug::checkDebugByUser(); ezpEvent::getInstance()->notify('request/input', array($uri)); // Initialize with locale settings $locale = eZLocale::instance(); $languageCode = $locale->httpLocaleCode(); $phpLocale = trim($ini->variable('RegionalSettings', 'SystemLocale')); if ($phpLocale != '') { setlocale(LC_ALL, explode(',', $phpLocale)); } // send header information
/** * Logins with $username and $password and returns the userID. * * @param string $username * @param string $password * @return int */ public function loginEZPUser($username, $password) { $userClass = eZUserLoginHandler::instance('standard'); $user = $userClass->loginUser('admin', 'publish'); if (!$user instanceof eZUser) { return false; } $user = eZUser::currentUser(); $userId = $user->attribute("contentobject_id"); return $userId; }