/** * This method try to identicate a user * * @param $params array of options * => login_name : mandatory user name * => login_password : mandatory user password * => other : optionnal values for post action *@param $protocol the communication protocol used * * @return an response ready to be encode * => id of the user * => name of the user * => realname of the user * => firstname of the user * => session : ID of the session for future call **/ static function methodLogin($params, $protocol) { if (isset($params['help'])) { return array('login_name' => 'string,mandatory', 'login_password' => 'string,mandatory', 'help' => 'bool,optional'); } if (!isset($params['login_name']) || empty($params['login_name'])) { return self::Error($protocol, WEBSERVICES_ERROR_MISSINGPARAMETER, '', 'login_name'); } if (!isset($params['login_password']) || empty($params['login_password'])) { return self::Error($protocol, WEBSERVICES_ERROR_MISSINGPARAMETER, '', 'login_password'); } foreach ($params as $name => $value) { switch ($name) { case 'login_name': case 'login_password': break; default: // Store to Session, for post login action (retrieve_more_data_from_ldap, p.e.) $_SESSION[$name] = $value; } } $identificat = new Auth(); if ($identificat->Login($params['login_name'], $params['login_password'], true)) { session_write_close(); return array('id' => Session::getLoginUserID(), 'name' => $_SESSION['glpiname'], 'realname' => $_SESSION['glpirealname'], 'firstname' => $_SESSION['glpifirstname'], 'session' => $_SESSION['valid_id']); } return self::Error($protocol, WEBSERVICES_ERROR_LOGINFAILED, '', Html::clean($identificat->getErr())); }
/** * Connect using the test user */ protected function login() { $auth = new Auth(); if (!$auth->Login(TU_USER, TU_PASS, true)) { $this->markTestSkipped('No login'); } }
protected function setUp() { global $DB; $DB->connect(); // Store Max(id) for each glpi tables $result = $DB->list_tables(); while ($data=$DB->fetch_row($result)) { $query = "SELECT MAX(`id`) AS MAXID FROM `".$data[0]."`"; foreach ($DB->request($query) as $row) { $this->tables[$data[0]] = (empty($row['MAXID']) ? 0 : $row['MAXID']); } } $DB->free_result($result); $tab = array(); $auth = new Auth(); // First session $auth->Login('glpi', 'glpi') ; // Create entity tree $entity = new Entity(); $tab['entity'][0] = $entity->add(array('name' => 'PHP Unit root', 'entities_id' => 0)); if (!$tab['entity'][0] // Crash detection || !FieldExists('glpi_profiles','notification') // Schema detection || countElementsInTable('glpi_rules')!=6) { // Old rules if (!$tab['entity'][0]) { echo "Couldn't run test (previous run not cleaned)\n"; } else { echo "Schema need to be updated\n"; } echo "Loading a fresh empty database:"; $DB->runFile(GLPI_ROOT ."/install/mysql/glpi-0.84-empty.sql"); die(" done\nTry again\n"); } $tab['entity'][1] = $entity->add(array('name' => 'PHP Unit Child 1', 'entities_id' => $tab['entity'][0])); $tab['entity'][2] = $entity->add(array('name' => 'PHP Unit Child 2', 'entities_id' => $tab['entity'][0])); $tab['entity'][3] = $entity->add(array('name' => 'PHP Unit Child 2.1', 'entities_id' => $tab['entity'][2])); $tab['entity'][4] = $entity->add(array('name' => 'PHP Unit Child 2.2', 'entities_id' => $tab['entity'][2])); // New session with all the entities $auth->Login('glpi', 'glpi') or die("Login glpi/glpi invalid !\n"); // Shared this with all tests $this->sharedFixture = $tab; }
function Check() { if (isset($_GET['auth']) and $_GET['auth'] == 'logout') { Auth::Logout(); return false; } else { return Auth::Login(); } }
$_POST['login_password'] = unclean_cross_side_scripting_deep($_POST['login_password']); } else { $_POST['login_password'] = ''; } // Redirect management $REDIRECT = ""; if (isset($_POST['redirect']) && strlen($_POST['redirect']) > 0) { $REDIRECT = "?redirect=" . $_POST['redirect']; } else { if (isset($_GET['redirect']) && strlen($_GET['redirect']) > 0) { $REDIRECT = "?redirect=" . $_GET['redirect']; } } $auth = new Auth(); // now we can continue with the process... if ($auth->Login($_POST['login_name'], $_POST['login_password'], isset($_REQUEST["noAUTO"]) ? $_REQUEST["noAUTO"] : false)) { // Redirect to Command Central if not post-only if ($_SESSION["glpiactiveprofile"]["interface"] == "helpdesk") { glpi_header($CFG_GLPI['root_doc'] . "/front/helpdesk.public.php{$REDIRECT}"); } else { glpi_header($CFG_GLPI['root_doc'] . "/front/central.php{$REDIRECT}"); } } else { // we have done at least a good login? No, we exit. nullHeader("Login", $CFG_GLPI["root_doc"] . '/index.php'); echo '<div class="center b">' . $auth->getErr() . '<br><br>'; // Logout whit noAUto to manage auto_login with errors echo '<a href="' . $CFG_GLPI["root_doc"] . '/logout.php?noAUTO=1' . str_replace("?", "&", $REDIRECT) . '">' . $LANG['login'][1] . '</a></div>'; nullFooter(); exit; }
/** * Init GLPI Session * * @param $params array with theses options : * - a couple 'name' & 'password' : 2 parameters to login with user auhentication * OR * - an 'user_token' defined in User Configuration * * @return array with session_token **/ protected function initSession($params = array()) { global $CFG_GLPI; $this->checkAppToken(); $this->logEndpointUsage(__FUNCTION__); if ((!isset($params['login']) || empty($params['login']) || !isset($params['password']) || empty($params['password'])) && (!isset($params['user_token']) || empty($params['user_token']))) { $this->returnError(__("parameter(s) login, password or user_token are missing"), 400, "ERROR_LOGIN_PARAMETERS_MISSING"); } $auth = new Auth(); // fill missing params (in case of user_token) if (!isset($params['login'])) { $params['login'] = ''; } if (!isset($params['password'])) { $params['password'] = ''; } $noAuto = true; if (isset($params['user_token']) && !empty($params['user_token'])) { $_REQUEST['user_token'] = $params['user_token']; $noAuto = false; } else { if (!$CFG_GLPI['enable_api_login_credentials']) { $this->returnError(__("usage of initSession resource with credentials is disabled"), 400, "ERROR_LOGIN_WITH_CREDENTIALS_DISABLED", false); } } // login on glpi if (!$auth->Login($params['login'], $params['password'], $noAuto)) { $err = Html::clean($auth->getErr()); if (isset($params['user_token']) && !empty($params['user_token'])) { return $this->returnError(__("parameter user_token seems invalid"), 401, "ERROR_GLPI_LOGIN_USER_TOKEN", false); } return $this->returnError($err, 401, "ERROR_GLPI_LOGIN", false); } // stop session and return session key session_write_close(); return array('session_token' => $_SESSION['valid_id']); }
exit; } $token = $_SESSION['facebook_access_token']; try { // Returns a `Facebook\FacebookResponse` object $response = $fb->get('/me?fields=id,name,first_name,last_name,gender,link,birthday,location,picture', $token); } catch (Facebook\Exceptions\FacebookResponseException $e) { echo 'Graph returned an error: ' . $e->getMessage(); session_destroy(); header("Location: index.php"); exit; } catch (Facebook\Exceptions\FacebookSDKException $e) { echo 'Facebook SDK returned an error: ' . $e->getMessage(); exit; } $user = $response->getGraphUser(); $body = ""; $head = ""; $pg = "search"; if (isset($_GET['pg'])) { $pg = $_GET['pg']; } if (!file_exists("pages/{$pg}.php")) { $pg = "search"; } $user_data = Auth::Login($user->getId()); if ($user_data == null) { $pg = "register"; } require_once "pages/{$pg}.php"; require_once "template/body.php";
$password = Toolbox::unclean_cross_side_scripting_deep($_POST[$_SESSION['pwdfield']]); } else { $password = ''; } // Redirect management $REDIRECT = ""; if (isset($_POST['redirect']) && strlen($_POST['redirect']) > 0) { $REDIRECT = "?redirect=" . rawurlencode($_POST['redirect']); } else { if (isset($_GET['redirect']) && strlen($_GET['redirect']) > 0) { $REDIRECT = "?redirect=" . rawurlencode($_GET['redirect']); } } $auth = new Auth(); // now we can continue with the process... if ($auth->Login($login, $password, isset($_REQUEST["noAUTO"]) ? $_REQUEST["noAUTO"] : false)) { // Redirect to Command Central if not post-only if ($_SESSION["glpiactiveprofile"]["interface"] == "helpdesk") { if ($_SESSION['glpiactiveprofile']['create_ticket_on_login'] && empty($REDIRECT)) { Html::redirect($CFG_GLPI['root_doc'] . "/front/helpdesk.public.php?create_ticket=1"); } Html::redirect($CFG_GLPI['root_doc'] . "/front/helpdesk.public.php{$REDIRECT}"); } else { if ($_SESSION['glpiactiveprofile']['create_ticket_on_login'] && empty($REDIRECT)) { Html::redirect($CFG_GLPI['root_doc'] . "/front/ticket.form.php"); } Html::redirect($CFG_GLPI['root_doc'] . "/front/central.php{$REDIRECT}"); } } else { // we have done at least a good login? No, we exit. Html::nullHeader("Login", $CFG_GLPI["root_doc"] . '/index.php');
if (is_dir($dir . DIRECTORY_SEPARATOR . $node)) { # Add directory recursively, be sure to pass a valid path # to the function, not just the folder's name $contents[$node] = dirToArray($dir . DIRECTORY_SEPARATOR . $node); } else { # Add node, the keys will be updated automatically $contents[] = $node; } } # done return $contents; } $app->post('/api/connect', function (Request $request) use($app, $db, $auth) { $login = $request->get('username'); $password = $request->get('password'); if ($auth->Login($login, $password)) { return $_COOKIE['session']; } return ''; }); $app->post('/api/disconnect', function (Request $request) use($app, $db, $auth) { if ($auth->Check($_COOKIE['session'])) { $date = new DateTime(); $hash = sha1(rand() * 992301230 . $date->getTimestamp()); setcookie('session', null, -1, '/'); $results = $db->query('UPDATE accounts SET hash="' . $hash . '" WHERE hash="' . $_COOKIE['session'] . '"'); session_destroy(); return '1'; } return ''; });