예제 #1
0
 public function beforeRoute()
 {
     parent::beforeRoute();
     $settings = \Admin\Models\Settings::fetch();
     if (empty($settings->admin_menu_id)) {
         $this->session->set('rebuild-menu.redirect', '/admin');
         return $this->app->reroute('/admin/system/rebuildAdminMenu');
     }
     if (class_exists('\\Mailer\\Factory')) {
         $mailer_settings = \Mailer\Models\Settings::fetch();
         if (!$mailer_settings->emails_registered || date('Y-m-d', time()) > date('Y-m-d', $mailer_settings->emails_registered)) {
             $result = \Dsc\System::instance()->trigger('onSystemRegisterEmails');
             $mailer_settings->{'emails_registered'} = time();
             $mailer_settings->save();
         }
     }
 }
예제 #2
0
파일: auth.php 프로젝트: bitweaver/users
 function validate($user, $pass, $challenge, $response)
 {
     parent::validate($user, $pass, $challenge, $response);
     global $gBitDb;
     if (empty($user) or empty($pass)) {
         return USER_NOT_FOUND;
     }
     $this->mInfo["real_name"] = '';
     // This needs fixing in the base code - real_name will only exist if a user has been identiied
     // Use V3, which requires UTF-8:
     $this->mConfig['version'] = 3;
     $user_utf8 = utf8_encode($user);
     if ($this->mConfig['reqcert']) {
         // Skip the SSL certificate check:
         // (This assumes PHP is using the OpenLDAP client library.)
         putenv('LDAPTLS_REQCERT=never');
     }
     if ($this->mConfig['activedirectory']) {
         $this->mConfig['attributes'] = (array) null;
         $this->mConfig['userfilter'] = '(objectClass=' . $this->mConfig['useroc'] . ')';
         $this->mConfig['groupfilter'] = '(objectClass=' . $this->mConfig['groupoc'] . ')';
         $this->mConfig['groupscope'] = $this->mConfig['userscope'];
     } else {
         // Using bitweaver groups with LDAP still needs completing so disable for now
         unset($this->mConfig['group']);
     }
     $a = new Auth('LDAP', $this->mConfig, "", false);
     $a->_loadStorage();
     // set up connection to ldap via user details
     // First, try by username.  If that fails, try by email address.
     $success = $a->storage->fetchData($user_utf8, $pass, false);
     if ($success == false) {
         // The user wasn't found.  Try again by email address:
         $this->mConfig['userattrsto'] = $this->mConfig['userattr'];
         // Keep this for later
         $this->mConfig['userattr'] = $this->mConfig['email'];
         // Tell PEAR::Auth() to look at the 'mail' attribute
         // this needs testing better, should be no need to create second instance of Auth!
         $a = new Auth('LDAP', $this->mConfig, "", false);
         $a->_loadStorage();
         // set up connection to ldap via user details
         $success = $a->storage->fetchData($user_utf8, $pass, false);
         if ($success == false) {
             $this->mErrors['login'] = isset($a->storage->options['status']) ? $a->storage->options['status'] : 'Not authenticated';
             return PASSWORD_INCORRECT;
         }
     }
     // At this point, there was a successful ldap_bind() using the
     // user's Distinguished Name (DN) and password for login.
     // The call to ldap_get_attributes() has been saved into $a->getAuthData('attributes')
     if ($this->mConfig['activedirectory']) {
         // Active Directory does some things differently - mainly in the returns
         $attributes = $a->getAuthData();
         // Warning: ldap_get_attributes() uses case-sensitive array keys
         $this->mInfo["login"] = $attributes[$this->mConfig['userattr']];
         $this->mInfo["email"] = $attributes[$this->mConfig['email']];
         $this->mInfo["real_name"] = empty($attributes[$this->mConfig['name']]) ? $this->mInfo["login"] : $attributes[$this->mConfig['name']];
     } else {
         $attributes = $a->getAuthData('attributes');
         // Warning: ldap_get_attributes() uses case-sensitive array keys
         $this->mInfo["login"] = $attributes[$this->mConfig['userattr']][0];
         $this->mInfo["email"] = $attributes[$this->mConfig['email']][0];
         $this->mInfo["real_name"] = empty($attributes[$this->mConfig['name']][0]) ? $this->mInfo["login"] : $attributes[$this->mConfig['name']][0];
     }
     // Note, the new (or updated) SQL user will be created by the calling BitUser class.
     return USER_VALID;
     // Success!
 }
예제 #3
0
파일: auth.php 프로젝트: bitweaver/users
 function validate($user, $pass, $challenge, $response)
 {
     parent::validate($user, $pass, $challenge, $response);
     global $gBitSystem;
     global $gBitDb;
     $ret = SERVER_ERROR;
     if (empty($user)) {
         $this->mErrors['login'] = '******';
     } elseif (empty($pass)) {
         $this->mErrors['login'] = '******';
     } else {
         $loginVal = strtoupper($user);
         // case insensitive login
         $loginCol = ' UPPER(`' . (strpos($user, '@') ? 'email' : 'login') . '`)';
         // first verify that the user exists
         $query = "select `email`, `login`, `user_id`, `user_password` from `" . BIT_DB_PREFIX . "users_users` where " . $gBitDb->convertBinary() . " {$loginCol} = ?";
         $result = $gBitDb->query($query, array($loginVal));
         if (!$result->numRows()) {
             $this->mErrors['login'] = '******';
         } else {
             $res = $result->fetchRow();
             $userId = $res['user_id'];
             $user = $res['login'];
             // TikiWiki 1.8+ uses this bizarro conglomeration of fields to get the hash. this sucks for many reasons
             $hash = md5(strtolower($user) . $pass . $res['email']);
             $hash2 = md5($pass);
             // next verify the password with 2 hashes methods, the old one (pass)) and the new one (login.pass;email)
             // TODO - this needs cleaning up - wolff_borg
             if (!$gBitSystem->isFeatureActive('feature_challenge') || empty($response)) {
                 $query = "select `user_id`, `hash` from `" . BIT_DB_PREFIX . "users_users` where " . $gBitDb->convertBinary() . " {$loginCol} = ? and (`hash`=? or `hash`=?)";
                 if ($row = $gBitDb->getRow($query, array($loginVal, $hash, $hash2))) {
                     // auto-update old hashes with simple and standard md5( password )
                     $hashUpdate = '';
                     if ($row['hash'] == $hash) {
                         $hashUpdate = 'hash=?, ';
                         $bindVars[] = $hash2;
                     }
                     $bindVars[] = $gBitSystem->getUTCTime();
                     $bindVars[] = $userId;
                     $query = "update `" . BIT_DB_PREFIX . "users_users` set  {$hashUpdate} `last_login`=`current_login`, `current_login`=? where `user_id`=?";
                     $result = $gBitDb->query($query, $bindVars);
                     $ret = USER_VALID;
                 } else {
                     $ret = PASSWORD_INCORRECT;
                     $this->mErrors[] = 'Password incorrect';
                 }
             } else {
                 // Use challenge-reponse method
                 // Compare pass against md5(user,challenge,hash)
                 $hash = $gBitDb->getOne("select `hash`  from `" . BIT_DB_PREFIX . "users_users` where " . $gBitDb->convertBinary() . " {$loginCol} = ?", array($user));
                 if (!isset($_SESSION["challenge"])) {
                     $this->mErrors[] = 'Invalid challenge';
                     $ret = PASSWORD_INCORRECT;
                 }
                 //print("pass: $pass user: $user hash: $hash <br/>");
                 //print("challenge: ".$_SESSION["challenge"]." challenge: $challenge<br/>");
                 //print("response : $response<br/>");
                 if ($response == md5(strtolower($user) . $hash . $_SESSION["challenge"])) {
                     $ret = USER_VALID;
                     $this->updateLastLogin($userId);
                 } else {
                     $this->mErrors[] = 'Invalid challenge';
                     $ret = PASSWORD_INCORRECT;
                 }
             }
         }
         if (!empty($userId)) {
             $this->mInfo['user_id'] = $userId;
         }
     }
     return $ret;
 }
예제 #4
0
            header('Location: ' . $url);
            exit;
        }
    } else {
        $gBitSystem->setHttpStatus(HttpStatusCodes::HTTP_BAD_REQUEST);
        $gBitSmarty->assignByRef('errors', $newUser->mErrors);
    }
    $gBitSmarty->assignByRef('reg', $reg);
} else {
    if ($gBitSystem->isFeatureActive('custom_user_fields')) {
        $fields = explode(',', $gBitSystem->getConfig('custom_user_fields'));
        trim_array($fields);
        $gBitSmarty->assign('customFields', $fields);
    }
    for ($i = 0; $i < BaseAuth::getAuthMethodCount(); $i++) {
        $instance = BaseAuth::init($i);
        if ($instance && $instance->canManageAuth()) {
            $auth_reg_fields = $instance->getRegistrationFields();
            foreach (array_keys($auth_reg_fields) as $auth_field) {
                $auth_reg_fields[$auth_field]['value'] = $auth_reg_fields[$auth_field]['default'];
            }
            $gBitSmarty->assign('auth_reg_fields', $auth_reg_fields);
            break;
        }
    }
}
$languages = array();
$languages = $gBitLanguage->listLanguages();
$gBitSmarty->assignByRef('languages', $languages);
$gBitSmarty->assignByRef('gBitLanguage', $gBitLanguage);
// Get flags here
예제 #5
0
 /**
  * validate
  *
  * @param array $pUser
  * @param array $pPass
  * @param array $pChallenge
  * @param array $pResponse
  * @access public
  * @return TRUE on success, FALSE on failure - mErrors will contain reason for failure
  * @todo rewrite this mess. this is horrible stuff. - xing - Thursday Oct 16, 2008   09:47:20 CEST
  */
 function validate($pUser, $pPass, $pChallenge, $pResponse)
 {
     global $gBitSystem;
     // these will help us keep tabs of what is going on
     $authValid = $authPresent = FALSE;
     $createAuth = $gBitSystem->getConfig("users_create_user_auth", "n") == "y";
     for ($i = 0; $i < BaseAuth::getAuthMethodCount(); $i++) {
         $instance = BaseAuth::init($i);
         if ($instance) {
             $result = $instance->validate($pUser, $pPass, $pChallenge, $pResponse);
             switch ($result) {
                 case USER_VALID:
                     unset($this->mErrors['login']);
                     $authPresent = TRUE;
                     $authValid = TRUE;
                     break;
                 case PASSWORD_INCORRECT:
                     // this mErrors assignment is CRUCIAL so that bit auth fails properly. DO NOT F**K WITH THIS unless you know what you are doing and have checked with me first. XOXOX - spiderr
                     // This might have broken other auth, but at this point, bw auth was TOTALLY busted. If you need to fix, please come find me.
                     $this->mErrors['login'] = '******';
                     $authPresent = TRUE;
                     break;
                 case USER_NOT_FOUND:
                     break;
             }
             if ($authValid) {
                 if (empty($instance->mInfo['email'])) {
                     $instance->mInfo['email'] = $pUser;
                 }
                 //If we're given a user_id then the user is already in the database:
                 if (!empty($instance->mInfo['user_id'])) {
                     $this->mUserId = $instance->mInfo['user_id'];
                     //Is the user already in the database:
                 } elseif ($this->mDb->getOne("SELECT COUNT(*) FROM `" . BIT_DB_PREFIX . "users_users` WHERE `login` = ?", array($instance->mLogin)) > 0) {
                     // Update Details
                     $authUserInfo = array('login' => $instance->mInfo['login'], 'password' => $instance->mInfo['password'], 'real_name' => $instance->mInfo['real_name'], 'email' => $instance->mInfo['email']);
                     $userInfo = $this->getUserInfo(array('login' => $pUser));
                     $this->mUserId = $userInfo['user_id'];
                     $this->store($authUserInfo);
                     $this->mErrors = array();
                 } else {
                     $authUserInfo = array('login' => $instance->mInfo['login'], 'password' => $instance->mInfo['password'], 'real_name' => $instance->mInfo['real_name'], 'email' => $instance->mInfo['email']);
                     // TODO somehow, mUserId gets set to -1 at this point - no idea how
                     // set to NULL to prevent overwriting Guest user - wolff_borg
                     $this->mUserId = NULL;
                     $this->store($authUserInfo);
                 }
                 if ($createAuth && $i > 0) {
                     // if the user was logged into this system and we should progate users down other auth methods
                     for ($j = $i; $i >= 0; $j--) {
                         $probMethodName = $gBitSystem->getConfig("users_auth_method_{$j}", $default);
                         if (!empty($probMethodName)) {
                             $probInstance = BaseAuth::init($probMethodName);
                             if ($probInstance && $probInstance->canManageAuth()) {
                                 $result = $probInstance->validate($pUser, $pPass, $pChallenge, $pResponse);
                                 if ($result == USER_VALID || $result == PASSWORD_INCORRECT) {
                                     // see if we can create a new account
                                     $userattr = $instance->getUserData();
                                     if (empty($userattr['login'])) {
                                         $userattr['login'] = $pUser;
                                     }
                                     if (empty($userattr['password'])) {
                                         $userattr['password'] = $pPass;
                                     }
                                     $probInstance->createUser($userattr);
                                 }
                             }
                             $this->mErrors = array_merge($this->mErrors, $probInstance->mErrors);
                         }
                     }
                 }
                 $this->mAuth = $instance;
                 break;
             }
             $this->mErrors = array_merge($this->mErrors, $instance->mErrors);
         }
     }
     if ($this->mUserId != ANONYMOUS_USER_ID) {
         $this->load();
         //on first time login we run the users registation service
         if ($this->mInfo['last_login'] == NULL) {
             $this->invokeServices('users_register_function');
         }
         $this->updateLastLogin($this->mUserId);
     }
     return count($this->mErrors) == 0;
 }
예제 #6
0
 public static function getConfig()
 {
     global $gBitSystem;
     $authSettings = array();
     foreach (BaseAuth::getAuthMethods() as $meth_name => $method) {
         $instance = BaseAuth::init($meth_name);
         if ($instance) {
             foreach ($instance->getSettings() as $op_id => $op) {
                 if (!empty($_REQUEST[$op_id])) {
                     if ($op['type'] == 'checkbox') {
                         simple_set_toggle($op_id, USERS_PKG_NAME);
                     } else {
                         simple_set_value($op_id, USERS_PKG_NAME);
                     }
                 }
                 $value = $gBitSystem->getConfig($op_id, $op['default']);
                 $op['value'] = $value;
                 $method['options'][$op_id] = $op;
             }
             $method['canManageAuth'] = $instance->canManageAuth();
             $authSettings['avail'][$meth_name] = $method;
         } elseif (is_object($instance)) {
             $authSettings['err'][$meth_name] = implode("<br />", $instance->mErrors);
         }
     }
     if (!empty($_REQUEST["loginprefs"])) {
         $used = array();
         for ($i = 0, $j = 0; $i < count($authSettings['avail']); $i++, $j++) {
             $gBitSystem->storeConfig("users_auth_method_{$i}", null, USERS_PKG_NAME);
             if (empty($_REQUEST["users_auth_method_{$i}"])) {
                 $j--;
             } elseif (!empty($used[$_REQUEST["users_auth_method_{$i}"]])) {
                 $j--;
             } else {
                 $used[$_REQUEST["users_auth_method_{$i}"]] = "stored_{$j}";
                 $gBitSystem->storeConfig("users_auth_method_{$j}", $_REQUEST["users_auth_method_{$i}"], USERS_PKG_NAME);
             }
         }
     }
     $canManageAuth = false;
     for ($i = 0; $i < count($authSettings['avail']); $i++) {
         $default = "";
         if ($i == 0) {
             $default = "bit";
         }
         $authSettings['avail_method'][$i]['value'] = $gBitSystem->getConfig("users_auth_method_{$i}", $default);
         if (!$canManageAuth && !empty($authSettings['avail_method'][$i]['value'])) {
             $canManageAuth = $authSettings['avail'][$authSettings['avail_method'][$i]['value']]['canManageAuth'];
         }
     }
     if ($gBitSystem->getConfig('users_allow_register', 'y') == 'y' && !$canManageAuth) {
         $authSettings['err']['bit_reg'] = "Registration is enabled but there are no Auth Methods that support this, Registration won't work!";
     }
     $method['active'] = BaseAuth::isActive($meth_name);
     return $authSettings;
 }
예제 #7
0
            simple_set_toggle($feature, USERS_PKG_NAME);
        }
    }
}
$httpSettings = array('site_https_login' => array('label' => "Allow secure (https) login", 'type' => "checkbox", 'note' => ""), 'site_https_login_required' => array('label' => "Require secure (https) login", 'type' => "checkbox", 'note' => ""), 'site_http_domain' => array('label' => "HTTP server name", 'type' => "text", 'note' => ""), 'site_http_port' => array('label' => "HTTP port", 'type' => "text", 'note' => ""), 'site_http_prefix' => array('label' => "HTTP URL prefix", 'type' => "text", 'note' => ""), 'site_https_domain' => array('label' => "HTTPS server name", 'type' => "text", 'note' => ""), 'site_https_port' => array('label' => "HTTPS port", 'type' => "text", 'note' => ""), 'site_https_prefix' => array('label' => "HTTPS URL prefix", 'type' => "text", 'note' => ""));
$gBitSmarty->assign('httpSettings', $httpSettings);
if (!empty($_REQUEST["httpprefs"])) {
    foreach (array_keys($httpSettings) as $feature) {
        if ($httpSettings[$feature]['type'] == 'text') {
            simple_set_value($feature, USERS_PKG_NAME);
        } else {
            simple_set_toggle($feature, USERS_PKG_NAME);
        }
    }
}
$listHash = array();
// This needs to be made more generic so that it picks up all plugins
// Could not see where the 'auth_ldap' was defined in the $options['avail'] array
$options = BaseAuth::getConfig();
if (!empty($_REQUEST["auth_ldap"])) {
    $option_ldap = $options['avail']['ldap']['options'];
    foreach (array_keys($option_ldap) as $feature) {
        if ($option_ldap[$feature]['type'] == 'text') {
            simple_set_value($feature, USERS_PKG_NAME);
        } else {
            simple_set_toggle($feature, USERS_PKG_NAME);
        }
    }
}
$gBitSmarty->assign('authSettings', BaseAuth::getConfig());
예제 #8
-4
파일: auth.php 프로젝트: bitweaver/users
    function validate($user, $pass, $challenge, $response)
    {
        parent::validate($user, $pass, $challenge, $response);
        $mailbox = '{' . $this->mConfig['server'];
        if ($this->mConfig["ssl"]) {
            $mailbox .= "/ssl";
            if ($this->mConfig["sslvalidate"]) {
                $mailbox .= "/validate-cert";
            } else {
                $mailbox .= "/novalidate-cert";
            }
        }
        $mailbox .= ':' . $this->mConfig["port"] . '}INBOX';
        $imapauth = @imap_open($mailbox, $user, $pass);
        if (!$imapauth) {
            $this->mErrors['login'] = imap_errors();
            $ret = USER_NOT_FOUND;
        } else {
            $ret = USER_VALID;
            $this->mInfo["real_name"] = $user;
            if (empty($this->mConfig["email"])) {
                $this->mInfo["email"] = $user;
            } else {
                $info = array('login' => $user);
                $replace_func = create_function('$matches', '$info = ' . var_export($info, true) . ';
							$m = $matches[0];
							$m = substr($m,1,strlen($m)-2);
							if(empty($info[$m])) return "";
							return strtolower($info[$m]);');
                $this->mInfo["email"] = preg_replace_callback('/%.*?%/', $replace_func, $this->mConfig["email"]);
            }
            imap_close($imapauth);
        }
        return $ret;
    }