예제 #1
0
 /**
  * 
  * Implements standard username/password and IP-address based user authentication. Applications
  * requiring completely custom authentication methods should override this method. However, most of
  * the time if you need custom authentication you can just create a custom user auth handler class ("username/password" authentication).
  *
  * One clean way to extend Auth is create a sub-class whose constructor calls addUserHandler() and delegates
  * everything else to Auth.
  *
  * @access private 
  * @param array of login options (same as the associative option array in the class constructor)
  */
 public function doAuthentication($pa_options)
 {
     global $AUTH_CURRENT_USER_ID;
     $o_event_log = new Eventlog();
     $vs_app_name = $this->config->get("app_name");
     foreach (array('no_headers', 'dont_redirect_to_login', 'dont_create_new_session', 'dont_redirect_to_welcome', 'user_name', 'password', 'options', 'noPublicUsers', 'dont_redirect', 'no_headers', 'redirect') as $vs_key) {
         if (!isset($pa_options[$vs_key])) {
             $pa_options[$vs_key] = null;
         }
     }
     if (!is_array($pa_options["options"])) {
         $pa_options["options"] = array();
     }
     if ($pa_options["no_headers"]) {
         $pa_options["dont_redirect_to_login"] = true;
         $pa_options["dont_create_new_session"] = true;
         $pa_options["dont_redirect_to_welcome"] = true;
     }
     if ($pa_options["dont_redirect"]) {
         $pa_options["dont_redirect_to_login"] = true;
         $pa_options["dont_redirect_to_welcome"] = true;
     }
     $vb_login_successful = false;
     if (!$pa_options["user_name"]) {
         // no incoming login
         //
         // is a user already logged in?
         //
         if ($vn_user_id = $this->session->getVar($vs_app_name . "_user_id")) {
             // does session have a user attached to it?
             // user is already logged in
             $this->user = new ca_users($vn_user_id);
             // add user object
             if (!$this->user->isActive() || $this->user->numErrors() || $pa_options['noPublicUsers'] && $this->user->isPublicUser()) {
                 // error means user_id in session is invalid
                 $vb_login_successful = false;
             } else {
                 $vb_login_successful = true;
             }
             if ($vb_login_successful) {
                 // Login was successful
                 $this->session->setVar($vs_app_name . "_lastping", time());
                 // set last time we heard from client in session
                 $this->user->setLastPing(time());
                 $AUTH_CURRENT_USER_ID = $vn_user_id;
                 //$this->user->close(); ** will be called externally **
                 return $vb_login_successful;
             }
         }
         if (!$vb_login_successful) {
             $this->user = new ca_users();
             // add user object
             $vs_tmp1 = $vs_tmp2 = null;
             if ($vn_auth_type = $this->user->authenticate($vs_tmp1, $vs_tmp2, $pa_options["options"])) {
                 # error means user_id in session is invalid
                 if ($pa_options['noPublicUsers'] && $this->user->isPublicUser() || !$this->user->isActive()) {
                     $o_event_log->log(array("CODE" => "LOGF", "SOURCE" => "Auth", "MESSAGE" => "Failed login for user id '" . $vn_user_id . "' (" . $_SERVER['REQUEST_URI'] . "); IP=" . $_SERVER["REMOTE_ADDR"] . "; user agent='" . $_SERVER["HTTP_USER_AGENT"] . "'"));
                     $vb_login_successful = false;
                 } else {
                     $vb_login_successful = true;
                     $vn_user_id = $this->user->getUserID();
                 }
             }
             if (!$vb_login_successful) {
                 // throw user to login screen
                 if (!$pa_options["dont_redirect_to_login"]) {
                     $o_event_log->log(array("CODE" => "LOGF", "SOURCE" => "Auth", "MESSAGE" => "Failed login with redirect for user id '" . $vn_user_id . "' (" . $_SERVER['REQUEST_URI'] . "); IP=" . $_SERVER["REMOTE_ADDR"] . "; user agent='" . $_SERVER["HTTP_USER_AGENT"] . "'"));
                     $vs_redirect = $this->getRequestUrl(true);
                     if (strpos($vs_redirect, $this->config->get("auth_login_path") !== -1)) {
                         $vs_redirect = '';
                     } else {
                         $vs_redirect = '?redirect=' . urlencode($vs_redirect);
                     }
                     $this->opo_response->addHeader("Location", $this->getBaseUrlPath() . '/' . $this->getScriptName() . '/' . $this->config->get("auth_login_path") . $vs_redirect);
                 }
                 return false;
             }
         }
     }
     //
     // incoming login
     //
     if ($pa_options["user_name"]) {
         $vb_login_successful = false;
         $this->user = new ca_users();
         if ($vn_auth_type = $this->user->authenticate($pa_options["user_name"], $pa_options["password"], $pa_options["options"])) {
             # error means user_id in session is invalid
             if ($pa_options['noPublicUsers'] && $this->user->isPublicUser() || !$this->user->isActive()) {
                 $vb_login_successful = false;
             } else {
                 $vb_login_successful = true;
                 $vn_user_id = $this->user->getUserID();
             }
         }
     }
     if (!$vb_login_successful) {
         $this->user = null;
         // auth failed
         // throw user to login screen
         if ($pa_options["user_name"]) {
             $o_event_log->log(array("CODE" => "LOGF", "SOURCE" => "Auth", "MESSAGE" => "Failed login for '" . $pa_options["user_name"] . "' (" . $_SERVER['REQUEST_URI'] . "); IP=" . $_SERVER["REMOTE_ADDR"] . "; user agent='" . $_SERVER["HTTP_USER_AGENT"] . "'"));
         }
         if (!$pa_options["dont_redirect_to_login"]) {
             $vs_auth_login_url = $this->getBaseUrlPath() . '/' . $this->getScriptName() . '/' . $this->config->get("auth_login_path");
             $this->opo_response->addHeader("Location", $vs_auth_login_url);
         }
         return false;
     } else {
         $o_event_log->log(array("CODE" => "LOGN", "SOURCE" => "Auth", "MESSAGE" => "Successful login for '" . $pa_options["user_name"] . "'; IP=" . $_SERVER["REMOTE_ADDR"] . "; user agent=" . $_SERVER["HTTP_USER_AGENT"]));
         $this->session->setVar($vs_app_name . "_user_auth_type", $vn_auth_type);
         // type of auth used: 1=username/password; 2=ip-base auth
         $this->session->setVar($vs_app_name . "_user_id", $vn_user_id);
         // auth succeeded; set user_id in session
         $this->session->setVar($vs_app_name . "_logintime", time());
         // also set login time (unix timestamp) in session
         $this->session->setVar($vs_app_name . "_lastping", time());
         $this->session->setVar("screen_width", isset($_REQUEST["_screen_width"]) ? intval($_REQUEST["_screen_width"]) : 0);
         $this->session->setVar("screen_height", isset($_REQUEST["_screen_height"]) ? intval($_REQUEST["_screen_height"]) : 0);
         $this->session->setVar("has_pdf_plugin", isset($_REQUEST["_has_pdf_plugin"]) ? intval($_REQUEST["_has_pdf_plugin"]) : 0);
         $this->user->setVar('last_login', time(), array('volatile' => true));
         $this->user->setLastLogout($this->user->getLastPing(), array('volatile' => true));
         //$this->user->close(); ** will be called externally **
         $AUTH_CURRENT_USER_ID = $vn_user_id;
         if ($pa_options['redirect']) {
             // redirect to specified URL
             $this->opo_response->setRedirect($pa_options['redirect']);
             $this->opo_response->sendResponse();
             exit;
         }
         if (!$pa_options["dont_redirect_to_welcome"]) {
             // redirect to "welcome" page
             $this->opo_response->setRedirect($this->getBaseUrlPath() . '/' . $this->getScriptName() . '/' . $this->config->get("auth_login_welcome_path"));
             $this->opo_response->sendResponse();
             exit;
         }
         return true;
     }
 }