/**
* add an entry to the menu nav
*
* @static
* @param int $priority a numberic priority to allow for ordering
* @param string $link_txt text of the link that's going to be added
* @param string $module name of the module we are going to add to the left nav
* @param string $action (opitonal) the name of the action within the module to link to.
* @access public
*/
public static function addMenuItem($priority, $link_txt, $module, $action = NULL)
{
$linkClass = self::$module == $module && $module != strtolower(self::$config->auth_class) ? "leftNavLinkActive" : "leftNavLink";
self::$activeSection = (self::$module == $module || self::$activeSection) && $module != strtolower(self::$config->auth_class) ? TRUE : FALSE;
// if the auth class exists, instantiate it.
if (class_exists(self::$CertisInst->config->auth_class)) {
if (!in_array($module, self::$CertisInst->authless)) {
$classname = self::$CertisInst->config->auth_class;
$auth_mod = new $classname();
if (isset(self::$CertisInst->authed_user)) {
if ($auth_mod->validateUID(self::$CertisInst->authed_user)) {
$GLOBALS['leftNav'][$priority] = '<a class="' . $linkClass . '" href="' . API::printUrl($module, $action) . '">' . $link_txt . '</a>';
} else {
API::DEBUG("[API::addMenuItem()] Unable to validate uid '" . self::$CertisInst->authed_user . "'");
}
} else {
API::DEBUG("[API::addMenuItem()] Non-Authless module {$module} and no authed_user set.");
}
//API::DEBUG("[API::addMenuItem()] leftNav now equals: " . print_r($GLOBALS['leftNav'][$priority] , true));
unset($auth_mod);
return;
}
}
$GLOBALS['leftNav'][$priority] = '<a class="' . $linkClass . '" href="' . API::printUrl($module, $action) . '">' . $link_txt . '</a>';
API::DEBUG("[API::addMenuItem()] leftNav now equals: " . print_r($GLOBALS['leftNav'][$priority], true));
}
function gc($maxlifetime)
{
API::DEBUG("[SessionDB::gc()] In Function", 8);
$max_timestamp = date("c", time() - $maxlifetime);
$tmp_where = new WhereClause('mod_time', $max_timestamp, "<");
$this->where_clause($tmp_where);
$this->deleteRow($this->_table, false);
}
/**
* Validate a given UID as existing in the DB
* @param integer $uid the uid to validate
* @return bool
*/
function validateUID($uid)
{
if ($uid == 0) {
return FALSE;
}
API::DEBUG("[Auth_NIS::validateUID] \$uid = {$uid}");
$pwent = posix_getpwuid($uid);
if ($pwent != false) {
return TRUE;
}
return FALSE;
}
public function loginAction()
{
if (isset($_POST['login'])) {
$creds = array();
$creds['uname'] = $_POST['uname'];
$creds['password'] = $_POST['password'];
if ($this->_model->validateCredentials($creds)) {
API::DEBUG("[Auth_LDAPController::loginAction] PHPSESSID = " . session_id(), 8);
API::Redirect("/");
} else {
API::Error("Invalid Username/Password");
}
}
API::DEBUG("[Auth_LDAPController::loginAction] adding login form to template stack");
$this->addModuleTemplate(strtolower(self::$config->auth_class), 'login_frm');
}
public function validatePerms()
{
API::DEBUG("[Prefs::validatePerms()] Action is " . $this->action, 8);
// validate permissions for the prefs module.
switch ($this->action) {
case 'index':
// index action is always allowed because it will only pull information
// for the currently authenticated user, which is 'safe'
return TRUE;
default:
// if the current user is trying to save info for a different user
// other than themselves, check their permissions to do so.
if ($this->authed_user != $this->params['uid']) {
return $this->CertisInst->Perms->checkPerm($this->authed_user, "user_admin");
} else {
return TRUE;
}
}
}
/**
* sets the proper elements from $data into the fields on this instance of the model
*
*@access public
*@param array $data the array of data to set
*@param bool $insert Is this an insert or an update?
*@param string $auth_mod The authmod this person should be updated for.
*/
public function set_data($data, $insert = 0, $auth_mod = NULL)
{
if ($auth_mod == NULL) {
$auth_mod = self::$config->auth_class;
}
if ($insert === TRUE) {
return $this->insert($data);
} else {
$where_tmp = new WhereClause('uid', $data['id']);
$this->where_clause($where_tmp);
API::DEBUG("[Prefs::set_data()] data is " . print_r($data, true), 8);
$this->update($data);
API::Message("User Authentication Information Saved!");
if (isset($do_redirect)) {
API::Redirect($do_redirect);
}
return NULL;
}
}
<?php
// add the logut menu if authed_user is set
API::DEBUG("[Auth_NIS] init.php: authed_user = "******"[Auth_NIS] init.php: adding menu item.");
API::addMenuItem(9999, 'Logout', 'auth_nis', 'logout');
}
/**
* check to see if this user has a prefs entry, and optionally create
* one if they don't
*
*@access public
*@param int $uid the uid to look for
*@param bool $create automagically create prefs entry? (default:false)
*@param string $auth_mod the auth mod they should be found under
*@param array initial_data the initial stuff to populate prefs with.
*@return bool
*/
public function checkUID($uid, $create = false, $auth_mod = NULL, $initial_data = NULL)
{
if ($auth_mod == NULL) {
$auth_mod = self::$config->auth_class;
}
$data = array('fname' => '', 'lname' => '', 'perms' => 0, 'auth_mod' => $auth_mod, 'uid' => $uid);
// for now, only set fname and lname, perms should remain 0 until set by an admin.
if (is_array($initial_data)) {
$data['fname'] = $initial_data['fname'];
$data['lname'] = $initial_data['lname'];
}
API::DEBUG("[Prefs::checkUID()] " . print_r($data, true), 1);
$where_tmp = new WhereClause('uid', $uid);
$where_tmp->w_and('auth_mod', $auth_mod);
$this->where_clause($where_tmp);
$results = $this->getUsingWhere();
if (count($results) > 1) {
API::DEBUG("[Prefs::checkUID()] Multiple results returned for '{$uid}' and '{$auth_mod}'.");
API::DEBUG("[Prefs::checkUID()] This is bad because I am using the first one.");
}
if (count($results) < 1) {
if ($create === TRUE) {
// create the entry.
$this->set_data($data, true);
return TRUE;
}
return FALSE;
}
return TRUE;
}
function __get($name)
{
// if the static version exists, return that
if (isset(self::${$name})) {
return self::${$name};
} elseif (isset($this->ol_data[$name])) {
// if the non-static version exists, return that.
return $this->ol_data[$name];
}
// otherwise trigger a NOTICE error and return NULL
trigger_error("Undefined Property via Certis->__get(): {$name}");
API::DEBUG("ol_data dump: " . print_r($this->ol_data, true), 1);
API::DEBUG("PHP Bactrace:" . print_r(debug_backtrace(false), true), 1);
return null;
}
function getUserPerms($uid, $auth_mod = NULL)
{
if ($auth_mod == NULL) {
$auth_mod = self::$config->auth_class;
}
$prefs = new Prefs($uid);
API::DEBUG("[Perms::getUserPerms()] uid = {$uid}, auth_mod = {$auth_mod}");
$tmp_where = new WhereClause('uid', $uid);
$tmp_where->w_and('auth_mod', $auth_mod);
$prefs->where_clause($tmp_where);
$perms = $prefs->getUsingWhere();
return $perms;
}
<?php
// add the logut menu if authed_user is set
API::DEBUG("[Auth_LDAP] init.php: authed_user = "******"[Auth_LDAP] init.php: adding menu item.");
API::addMenuItem(9999, 'Logout', 'auth_ldap', 'logout');
}
/**
* Generate and execute a SELECT query using the given information.
*
* @param string $table Table to retrieve row(s) from
* @return mixed
*/
public function getWhere($table = NULL, $just_count = FALSE)
{
$this->_connect('read');
if (!isset($table) || empty($table)) {
$table = $this->_table;
}
if ($just_count === TRUE) {
$sql = 'SELECT count(*) as count FROM ' . $table . ' ';
} else {
$sql = 'SELECT ' . $this->_fields . ' FROM ' . $table . ' ';
}
if (is_object($this->_join_clause)) {
$sql .= $this->_join_clause->build_clause();
}
// we still want to allow hand coded where clauses,
// so let's do this the right way...
$tmp_where = " WHERE ";
if (!empty($this->_where)) {
if (is_array($this->_where)) {
throw new Exception("Use of array based where clauses no longer supported.");
} else {
$tmp_where .= $this->_where;
}
}
// now for the stuff from our WhereClause class
if (is_object($this->_where_clause)) {
$tmp_where .= $this->_where_clause->build_clause();
}
if ($tmp_where != " WHERE ") {
$sql .= $tmp_where;
}
unset($tmp_where);
# Check for grouping
if (@count($this->_groupby) > 0) {
$sql .= 'GROUP BY ' . join(',', $this->_groupby) . ' ';
}
# Check for sort order
if (@count($this->_orderby) > 0) {
foreach ($this->_orderby as $field => $direction) {
$orders[] = $field . ' ' . $direction;
}
$sql .= 'ORDER BY ' . join(',', $orders) . ' ';
}
# Check for limit and offset
if (is_numeric($this->_limit)) {
$sql .= 'LIMIT ' . $this->_limit;
if (is_numeric($this->_offset)) {
$sql .= ' OFFSET ' . $this->_offset;
}
}
try {
API::DEBUG("[DB::getWhere] {$sql}", 9);
$stmt = $this->_dbr->prepare($sql);
// use the WhereClause class to bind the values.
if (is_object($this->_where_clause)) {
$this->_where_clause->bind_values($stmt);
}
// use the JoinCluase class to bind the values
if (is_object($this->_join_clause)) {
$this->_join_clause->bind_values($stmt);
}
//API::DEBUG("[DB::getWhere()] sql = $sql",1);
if ($stmt->execute()) {
if ($stmt->columnCount() == 1) {
while ($col = $stmt->fetchColumn()) {
$rows[] = $col;
}
} else {
$rows = $stmt->fetchAll();
}
/*
if (@count($rows) == 1) {
return $rows[0];
} elseif (@count($rows) == 0 ){
return NULL;
}*/
//error_log(var_export($rows,true));
if (isset($rows)) {
return $rows;
} else {
API::DEBUG("[DB::getWhere()] Returning NULL as a result");
return NULL;
}
}
} catch (PDOException $e) {
error_log('[System] Failed Generated Query: ' . $sql);
throw new Exception($e->getMessage());
}
}
// The second part keeps things from going crazy.
if (class_exists($CertisInst->config->auth_class) && $CertisInst->module != strtolower($CertisInst->config->auth_class)) {
// include the authentication module's controller.php file
include _SYSTEM_ . "/modules/" . strtolower($CertisInst->config->auth_class) . "/controller.php";
// instantiate the auth controller class
$classname = $CertisInst->config->auth_class . "Controller";
$auth_controller = new $classname();
$auth_controller->authCheckAction();
}
if (!class_exists($CertisInst->config->auth_class)) {
$CertisInst->module = '';
$CertisInst->action = 'error';
API::Error('FATAL ERROR: Unable to find Authentication Class');
}
}
API::DEBUG("[__SYSTEM__] index.php: authentication check done.");
$controller = null;
if (!empty($CertisInst->module)) {
if (preg_match("/\\.\\./", $CertisInst->module)) {
error_log("[index.php] FATAL ERROR! SOMEONE TRIED TO ESCAPE! " . $CertisInst->module);
print "UNAUTHORIZED!!!!!!";
exit(1);
}
// first check to see if the module exists.
if (!file_exists(_SYSTEM_ . "/modules/" . $CertisInst->module)) {
error_log("[index.php] Unable to find requested module: " . $CertisInst->module);
API::Redirect("/");
}
// use this module's controller
// to create a new instance of it's controller to work with for
// this request.
/**
* Get user info from Uname
* @param int $uname the username to get info for.
* @return array|bool false on error, array of info
*/
function getUserByName($uname)
{
global $conf;
API::DEBUG("[Auth_LDAP::getUserByName] \$uname = {$uname}");
if (!$this->_connectLDAP()) {
return false;
} else {
# see if you can find the user
$search_res = $this->_searchUser($uname);
if ($search_res != NULL) {
if (!is_array($search_res)) {
error_log("LDAP - Something went wrong with the LDAP search.");
return false;
}
# get the user attributs
$userdn = $search_res[0];
$user_attrs = $search_res[1];
$userPosixAttrs = array();
$userPosixAttrs['name'] = $user_attrs[$conf->auth_ldap->username_attr];
$userPosixAttrs['passwd'] = "";
// always empty
$userPosixAttrs['uid'] = $user_attrs[$conf->auth_ldap->uid_attr];
$userPosixAttrs['gid'] = $user_attrs[$conf->auth_ldap->gid_attr];
$userPosixAttrs['gecos'] = $user_attrs[$conf->auth_ldap->fname_attr] . " " . $user_attrs[$conf->auth_ldap->lname_attr];
$userPosixAttrs['dir'] = $user_attrs[$conf->auth_ldap->hdir_attr];
$userPosixAttrs['shell'] = $user_attrs[$conf->auth_ldap->shell_attr];
return $userPosixAttrs;
}
}
return false;
}
/**
* Retrieve a set of rows based on the "page" they would be on.
*
* @access public
* @param int $page Page number to retrieve items for
* @param int $items Number of items per page
* @return array
*/
public function getPage($page = 1, $items = 25)
{
if (!is_numeric($page)) {
$page = 1;
}
$this->limit($items);
API::DEBUG("[Model::getPage() page is {$page}, items is {$items}", 7);
$this->offset($items * ($page - 1));
$tmp = $this->getWhere($this->_table);
return $tmp;
}