public static function verify() { $user_id = false; if (isset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) { $username = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW']; $check = StudipAuthAbstract::CheckAuthentication($username, $password); if (!$check['uid'] || $check['uid'] == 'nobody') { throw new Exception(trim(strip_tags($check['error'])), 401); } $user_id = $check['uid']; } return $user_id; }
/** * Handles the download the calendar data as iCalendar for the * user identified by $key. * * * @global Seminar_User $user * @global Seminar_Perm $perm * @param string $key * @param string $type type of export */ function index_action($key = '') { if (strlen($key)) { $user_id = IcalExport::getUserIdByKey($key); } else { $username = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW']; if (isset($username) && isset($password)) { $result = StudipAuthAbstract::CheckAuthentication($username, $password); } if (isset($result) && $result['uid'] !== false) { $user_id = $result['uid']; } else { $this->response->add_header('WWW-Authenticate', 'Basic realm="Stud.IP Login"'); $this->set_status(401); $this->render_text('authentication failed'); return; } } if ($user_id) { $GLOBALS['user'] = new Seminar_User($user_id); $GLOBALS['perm'] = new Seminar_Perm(); $extype = 'ALL_EVENTS'; $export = new CalendarExport(new CalendarWriterICalendar()); $export->exportFromDatabase($user_id, strtotime('-4 week'), 2114377200, 'ALL_EVENTS'); if ($GLOBALS['_calendar_error']->getMaxStatus(ErrorHandler::ERROR_CRITICAL)) { $this->set_status(500); $this->render_nothing(); return; } $content = join($export->getExport()); if (stripos($_SERVER['HTTP_USER_AGENT'], 'google-calendar') !== false) { $content = str_replace(array('CLASS:PRIVATE', 'CLASS:CONFIDENTIAL'), 'CLASS:PUBLIC', $content); } $this->response->add_header('Content-Type', 'text/calendar;charset=utf-8'); $this->response->add_header('Content-Disposition', 'attachment; filename="studip.ics"'); $this->response->add_header('Content-Transfer-Encoding', 'binary'); $this->response->add_header('Pragma', 'public'); $this->response->add_header('Cache-Control', 'private'); $this->response->add_header('Content-Length', strlen($content)); $this->render_text($content); } else { // delayed response to prevent brute force attacks ??? $this->set_status(400); $this->render_nothing(); } }
function create_action() { $username = strtolower(Request::get("username")); $password = Request::get("password"); if (isset($username) && isset($password)) { $result = StudipAuthAbstract::CheckAuthentication($username, $password); } if (!isset($result) || $result['uid'] === false) { $this->flash["notice"] = "login unsuccessful!"; $this->redirect("session/new"); return; } $user_id = get_userid($username); if (isset($user_id)) { $this->start_session($user_id); } $this->flash["notice"] = "login successful!"; $this->redirect("quickdial"); }
/** * check authentication for a user. * * @param string the api key. * @param string the user's username. * @param string the user's username. * * @return boolean returns TRUE if authentication was successful or a fault * otherwise. */ function check_credentials_action($api_key, $username, $password) { list($user_id, $error_msg, $is_new_user) = array_values(StudipAuthAbstract::CheckAuthentication($username, $password)); if ($user_id === false) { return new Studip_Ws_Fault(strip_tags($error_msg)); } else { return true; } }
/** * @return bool */ function auth_validatelogin() { global $_language_path; //prevent replay attack if (!Seminar_Session::check_ticket(Request::option('login_ticket'))) { return false; } // check for direct link if (!$_SESSION['_language'] || $_SESSION['_language'] == "") { $_SESSION['_language'] = get_accepted_languages(); } $_language_path = init_i18n($_SESSION['_language']); include 'config.inc.php'; $this->auth["uname"] = Request::get('loginname'); // This provides access for "loginform.ihtml" $this->auth["jscript"] = Request::get('resolution') != ""; $this->auth['devicePixelRatio'] = Request::float('device_pixel_ratio'); $check_auth = StudipAuthAbstract::CheckAuthentication(Request::get('loginname'), Request::get('password')); if ($check_auth['uid']) { $uid = $check_auth['uid']; if ($check_auth['need_email_activation'] == $uid) { $this->need_email_activation = $uid; $_SESSION['semi_logged_in'] = $uid; return false; } $user = $check_auth['user']; $this->auth["perm"] = $user->perms; $this->auth["uname"] = $user->username; $this->auth["auth_plugin"] = $user->auth_plugin; $this->auth_set_user_settings($user); Metrics::increment('core.login.succeeded'); return $uid; } else { Metrics::increment('core.login.failed'); $this->error_msg = $check_auth['error']; return false; } }