/** * * Implements standard username/password and IP-address based user authentication. Applications * requiring completely custom authentication methods should override this method. However, most of * the time if you need custom authentication you can just create a custom user auth handler class ("username/password" authentication). * * One clean way to extend Auth is create a sub-class whose constructor calls addUserHandler() and delegates * everything else to Auth. * * @access private * @param array of login options (same as the associative option array in the class constructor) */ public function doAuthentication($pa_options) { global $AUTH_CURRENT_USER_ID; $o_event_log = new Eventlog(); $vs_app_name = $this->config->get("app_name"); foreach (array('no_headers', 'dont_redirect_to_login', 'dont_create_new_session', 'dont_redirect_to_welcome', 'user_name', 'password', 'options', 'noPublicUsers', 'dont_redirect', 'no_headers', 'redirect') as $vs_key) { if (!isset($pa_options[$vs_key])) { $pa_options[$vs_key] = null; } } if (!is_array($pa_options["options"])) { $pa_options["options"] = array(); } if ($pa_options["no_headers"]) { $pa_options["dont_redirect_to_login"] = true; $pa_options["dont_create_new_session"] = true; $pa_options["dont_redirect_to_welcome"] = true; } if ($pa_options["dont_redirect"]) { $pa_options["dont_redirect_to_login"] = true; $pa_options["dont_redirect_to_welcome"] = true; } $vb_login_successful = false; if (!$pa_options["user_name"]) { // no incoming login // // is a user already logged in? // if ($vn_user_id = $this->session->getVar($vs_app_name . "_user_id")) { // does session have a user attached to it? // user is already logged in $this->user = new ca_users($vn_user_id); // add user object if (!$this->user->isActive() || $this->user->numErrors() || $pa_options['noPublicUsers'] && $this->user->isPublicUser()) { // error means user_id in session is invalid $vb_login_successful = false; } else { $vb_login_successful = true; } if ($vb_login_successful) { // Login was successful $this->session->setVar($vs_app_name . "_lastping", time()); // set last time we heard from client in session $this->user->setLastPing(time()); $AUTH_CURRENT_USER_ID = $vn_user_id; //$this->user->close(); ** will be called externally ** return $vb_login_successful; } } if (!$vb_login_successful) { $this->user = new ca_users(); // add user object $vs_tmp1 = $vs_tmp2 = null; if ($vn_auth_type = $this->user->authenticate($vs_tmp1, $vs_tmp2, $pa_options["options"])) { # error means user_id in session is invalid if ($pa_options['noPublicUsers'] && $this->user->isPublicUser() || !$this->user->isActive()) { $o_event_log->log(array("CODE" => "LOGF", "SOURCE" => "Auth", "MESSAGE" => "Failed login for user id '" . $vn_user_id . "' (" . $_SERVER['REQUEST_URI'] . "); IP=" . $_SERVER["REMOTE_ADDR"] . "; user agent='" . $_SERVER["HTTP_USER_AGENT"] . "'")); $vb_login_successful = false; } else { $vb_login_successful = true; $vn_user_id = $this->user->getUserID(); } } if (!$vb_login_successful) { // throw user to login screen if (!$pa_options["dont_redirect_to_login"]) { $o_event_log->log(array("CODE" => "LOGF", "SOURCE" => "Auth", "MESSAGE" => "Failed login with redirect for user id '" . $vn_user_id . "' (" . $_SERVER['REQUEST_URI'] . "); IP=" . $_SERVER["REMOTE_ADDR"] . "; user agent='" . $_SERVER["HTTP_USER_AGENT"] . "'")); $vs_redirect = $this->getRequestUrl(true); if (strpos($vs_redirect, $this->config->get("auth_login_path") !== -1)) { $vs_redirect = ''; } else { $vs_redirect = '?redirect=' . urlencode($vs_redirect); } $this->opo_response->addHeader("Location", $this->getBaseUrlPath() . '/' . $this->getScriptName() . '/' . $this->config->get("auth_login_path") . $vs_redirect); } return false; } } } // // incoming login // if ($pa_options["user_name"]) { $vb_login_successful = false; $this->user = new ca_users(); if ($vn_auth_type = $this->user->authenticate($pa_options["user_name"], $pa_options["password"], $pa_options["options"])) { # error means user_id in session is invalid if ($pa_options['noPublicUsers'] && $this->user->isPublicUser() || !$this->user->isActive()) { $vb_login_successful = false; } else { $vb_login_successful = true; $vn_user_id = $this->user->getUserID(); } } } if (!$vb_login_successful) { $this->user = null; // auth failed // throw user to login screen if ($pa_options["user_name"]) { $o_event_log->log(array("CODE" => "LOGF", "SOURCE" => "Auth", "MESSAGE" => "Failed login for '" . $pa_options["user_name"] . "' (" . $_SERVER['REQUEST_URI'] . "); IP=" . $_SERVER["REMOTE_ADDR"] . "; user agent='" . $_SERVER["HTTP_USER_AGENT"] . "'")); } if (!$pa_options["dont_redirect_to_login"]) { $vs_auth_login_url = $this->getBaseUrlPath() . '/' . $this->getScriptName() . '/' . $this->config->get("auth_login_path"); $this->opo_response->addHeader("Location", $vs_auth_login_url); } return false; } else { $o_event_log->log(array("CODE" => "LOGN", "SOURCE" => "Auth", "MESSAGE" => "Successful login for '" . $pa_options["user_name"] . "'; IP=" . $_SERVER["REMOTE_ADDR"] . "; user agent=" . $_SERVER["HTTP_USER_AGENT"])); $this->session->setVar($vs_app_name . "_user_auth_type", $vn_auth_type); // type of auth used: 1=username/password; 2=ip-base auth $this->session->setVar($vs_app_name . "_user_id", $vn_user_id); // auth succeeded; set user_id in session $this->session->setVar($vs_app_name . "_logintime", time()); // also set login time (unix timestamp) in session $this->session->setVar($vs_app_name . "_lastping", time()); $this->session->setVar("screen_width", isset($_REQUEST["_screen_width"]) ? intval($_REQUEST["_screen_width"]) : 0); $this->session->setVar("screen_height", isset($_REQUEST["_screen_height"]) ? intval($_REQUEST["_screen_height"]) : 0); $this->session->setVar("has_pdf_plugin", isset($_REQUEST["_has_pdf_plugin"]) ? intval($_REQUEST["_has_pdf_plugin"]) : 0); $this->user->setVar('last_login', time(), array('volatile' => true)); $this->user->setLastLogout($this->user->getLastPing(), array('volatile' => true)); //$this->user->close(); ** will be called externally ** $AUTH_CURRENT_USER_ID = $vn_user_id; if ($pa_options['redirect']) { // redirect to specified URL $this->opo_response->setRedirect($pa_options['redirect']); $this->opo_response->sendResponse(); exit; } if (!$pa_options["dont_redirect_to_welcome"]) { // redirect to "welcome" page $this->opo_response->setRedirect($this->getBaseUrlPath() . '/' . $this->getScriptName() . '/' . $this->config->get("auth_login_welcome_path")); $this->opo_response->sendResponse(); exit; } return true; } }
public function processSearchForms() { require_once __CA_MODELS_DIR__ . "/ca_search_forms.php"; require_once __CA_MODELS_DIR__ . "/ca_search_form_placements.php"; $o_config = Configuration::load(); $vo_dm = Datamodel::load(); if ($this->ops_base_name) { // "merge" profile and its base $va_forms = array(); if ($this->opo_base->searchForms) { foreach ($this->opo_base->searchForms->children() as $vo_form) { $va_forms[self::getAttribute($vo_form, "code")] = $vo_form; } } if ($this->opo_profile->searchForms) { foreach ($this->opo_profile->searchForms->children() as $vo_form) { $va_forms[self::getAttribute($vo_form, "code")] = $vo_form; } } } else { if ($this->opo_profile->searchForms) { foreach ($this->opo_profile->searchForms->children() as $vo_form) { $va_forms[self::getAttribute($vo_form, "code")] = $vo_form; } } } if (!is_array($va_forms) || sizeof($va_forms) == 0) { return true; } foreach ($va_forms as $vo_form) { $vs_form_code = self::getAttribute($vo_form, "code"); $vb_system = self::getAttribute($vo_form, "system"); $vs_table = self::getAttribute($vo_form, "type"); if (!($t_instance = $vo_dm->getInstanceByTableName($vs_table, true))) { continue; } if (method_exists($t_instance, 'getTypeList') && !sizeof($t_instance->getTypeList())) { continue; } // no types configured if ($o_config->get($vs_table . '_disable')) { continue; } $vn_table_num = (int) $vo_dm->getTableNum($vs_table); $t_form = $this->opb_updating ? ca_search_forms::find(array('form_code' => (string) $vs_form_code, 'table_num' => $vn_table_num), array('returnAs' => 'firstModelInstance')) : false; $t_form = $t_form ? $t_form : new ca_search_forms(); $t_form->setMode(ACCESS_WRITE); $t_form->set("form_code", (string) $vs_form_code); $t_form->set("is_system", (int) $vb_system); $t_form->set("table_num", $vn_table_num); $va_settings = $this->_processSettings($t_form, $vo_form->settings); if ($t_form->getPrimaryKey()) { $t_form->update(); } else { $t_form->set("user_id", 1); // let administrative user own these $t_form->insert(); } if ($t_form->numErrors()) { $this->addError("There was an error while inserting search form {$vs_form_code}: " . join(" ", $t_form->getErrors())); } else { self::addLabelsFromXMLElement($t_form, $vo_form->labels, $this->opa_locales); if ($t_form->numErrors()) { $this->addError("There was an error while inserting search form label for {$vs_form_code}: " . join(" ", $t_form->getErrors())); } if (!$this->processSearchFormPlacements($t_form, $vo_form->bundlePlacements, null)) { return false; } } // set user and group access if ($vo_form->userAccess) { $t_user = new ca_users(); $va_form_users = array(); foreach ($vo_form->userAccess->children() as $vo_permission) { $vs_user = trim((string) self::getAttribute($vo_permission, "user")); $vn_access = $this->_convertUserGroupAccessStringToInt(self::getAttribute($vo_permission, 'access')); if ($vn_access && $t_user->load(array('user_name' => $vs_user))) { $va_form_users[$t_user->getUserID()] = $vn_access; } else { $this->addError("User name or access value invalid for search form {$vs_form_code} (permission item with user name '{$vs_user}')"); } } if (sizeof($va_form_users) > 0) { $t_form->addUsers($va_form_users); } } if ($vo_form->groupAccess) { $t_group = new ca_user_groups(); $va_form_groups = array(); foreach ($vo_form->groupAccess->children() as $vo_permission) { $vs_group = trim((string) self::getAttribute($vo_permission, "group")); $vn_access = $this->_convertUserGroupAccessStringToInt(self::getAttribute($vo_permission, 'access')); if ($vn_access && $t_group->load(array('code' => $vs_group))) { $va_form_groups[$t_group->getPrimaryKey()] = $vn_access; } else { $this->addError("Group code or access value invalid for search form {$vs_form_code} (permission item with group code '{$vs_group}')"); } } if (sizeof($va_form_groups) > 0) { $t_form->addUserGroups($va_form_groups); } } } return true; }