public static function redirect($location, $exit = true)
{
// The actual redirect.
if (Config::getGlobal('debug') >= 2) {
$debugger = Debugger::getInstance();
$debugger->setRedirectUrl($location);
self::atkdebug('Non-debug version would have redirected to <a href="' . $location . '">' . $location . '</a>');
if ($exit) {
$output = Output::getInstance();
$output->outputFlush();
exit;
}
} else {
self::atkdebug('redirecting to: ' . $location);
if (substr($location, -1) == '&') {
$location = substr($location, 0, -1);
}
if (substr($location, -1) == '?') {
$location = substr($location, 0, -1);
}
header('Location: ' . $location);
if ($exit) {
exit;
}
}
}
/**
* Perform user authentication.
*/
public function authenticate()
{
global $ATK_VARS;
$session =& SessionManager::getSession();
$sessionManager = SessionManager::getInstance();
$response = self::AUTH_UNVERIFIED;
if (Config::getGlobal('auth_loginform') == true) {
// form login
$auth_user = isset($ATK_VARS['auth_user']) ? $ATK_VARS['auth_user'] : null;
$auth_pw = isset($ATK_VARS['auth_pw']) ? $ATK_VARS['auth_pw'] : null;
} else {
// HTTP login
$auth_user = isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : null;
$auth_pw = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : null;
}
// throw post login event?
$throwPostLoginEvent = false;
// first check if we want to logout
if (isset($ATK_VARS['atklogout']) && (!isset($session['relogin']) || $session['relogin'] != 1)) {
$this->notifyListeners('preLogout', isset($currentUser['name']) ? $currentUser['name'] : $auth_user);
$currentUser = self::atkGetUser();
// Let the authentication plugin know about logout too.
foreach ($this->m_authentication as $class => $auth) {
$auth->logout($currentUser);
}
$this->notifyListeners('postLogout', isset($currentUser['name']) ? $currentUser['name'] : $auth_user);
if (Config::getGlobal('auth_enable_rememberme')) {
$this->rememberMeClearCookie();
if (isset($session['remembermeTokenId'])) {
$this->rememberMeDeleteToken($session['remembermeTokenId']);
}
}
$session = [];
$session['relogin'] = 1;
// do we need to login?
} else {
if (!isset($session['login']) || $session['login'] != 1) {
// sometimes we manually have to set the PHP_AUTH vars
// old style http_authorization
if (empty($auth_user) && empty($auth_pw) && array_key_exists('HTTP_AUTHORIZATION', $_SERVER) && preg_match('/^Basic /', $_SERVER['HTTP_AUTHORIZATION'])) {
list($auth_user, $auth_pw) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
} elseif (empty($auth_user) && empty($auth_pw) && !empty($_SERVER['PHP_AUTH_USER'])) {
$auth_user = $_SERVER['PHP_AUTH_USER'];
$auth_pw = $_SERVER['PHP_AUTH_PW'];
}
$authenticated = false;
if (Config::getGlobal('auth_enable_rememberme')) {
$remember_user = $this->rememberMeVerifyCookie();
if ($remember_user) {
//autententhicated!
$throwPostLoginEvent = true;
$this->notifyListeners('preLogin', $remember_user);
$session['remembermeTokenId'] = $this->rememberMeStore($remember_user);
$this->storeAuth($remember_user, 'rememberme');
$authenticated = true;
}
}
if (!$authenticated) {
// Check if a username was entered
if (Tools::atkArrayNvl($ATK_VARS, 'login', '') != '' && empty($auth_user) && !strstr(Config::getGlobal('authentication'), 'none')) {
$response = self::AUTH_MISSINGUSERNAME;
} else {
if (!empty($auth_user) && Config::getGlobal('auth_loginform') == true && $this->get_enablepasswordmailer() && Tools::atkArrayNvl($ATK_VARS, 'login', '') == Tools::atktext('password_forgotten')) {
$this->mailPassword($auth_user);
$response = self::AUTH_PASSWORDSENT;
} else {
$throwPostLoginEvent = true;
$this->notifyListeners('preLogin', $auth_user);
// check administrator and guest user
if ($auth_user == 'administrator' || $auth_user == 'guest') {
$config_pw = Config::getGlobal($auth_user . 'password');
if (!empty($config_pw) && $this->verify($auth_pw, $config_pw)) {
$authenticated = true;
$response = self::AUTH_SUCCESS;
if ($auth_user == 'administrator') {
$this->m_user = array('name' => 'administrator', 'level' => -1, 'access_level' => 9999999);
} else {
$this->m_user = array('name' => 'guest', 'level' => -2, 'access_level' => 0);
}
} else {
$response = self::AUTH_MISMATCH;
}
} else {
if ($auth_user != 'administrator' && $auth_user != 'guest') {
// We have a username, which we must now validate against several
// checks. If all of these fail, we have a status of SecurityManager::AUTH_MISMATCH.
$error = '';
foreach ($this->m_authentication as $class => $obj) {
$response = $obj->validateUser($auth_user, $auth_pw);
if ($response == self::AUTH_SUCCESS) {
Tools::atkdebug("SecurityManager::authenticate() using {$class} authentication");
$authname = $class;
break;
} else {
$error = $obj->m_fatalError;
}
}
if ($response == self::AUTH_SUCCESS) {
// succesful login
// We store the username + securitylevel of the logged in user.
$this->storeAuth($auth_user, $authname);
$authenticated = true;
} else {
// login was incorrect. Either the supplied username/password combination is
// incorrect (we just try again) or there was an error (we display an error
// message)
if ($response == self::AUTH_ERROR) {
$this->m_fatalError = $error;
}
}
//store remember me cookie?
if ($authenticated && Config::getGlobal('auth_enable_rememberme') && isset($_REQUEST['auth_rememberme']) && $_REQUEST['auth_rememberme'] == '1') {
$session['remembermeTokenId'] = $this->rememberMeStore($auth_user);
}
}
}
}
}
}
// we are logged in
if ($authenticated) {
$session['login'] = 1;
}
} else {
// using session for authentication, because "login" was registered.
// but we double check with some more data from the session to see
// if the login is really valid.
$session_auth = $sessionManager->getValue('authentication', 'globals');
if (Config::getGlobal('authentication_session') && $session['login'] == 1 && $session_auth['authenticated'] == 1 && !empty($session_auth['user'])) {
$this->m_user = $session_auth['user'];
Tools::atkdebug('Using session for authentication / user = '******'name']);
}
}
}
// if there was an error, drop out.
if ($this->m_fatalError != '') {
return false;
}
// still not logged in?!
if (!isset($session['login']) || $session['login'] != 1) {
$location = Config::getGlobal('auth_loginpage', '');
if ($location) {
$location .= strpos($location, '?') === false ? '?' : '&';
$location .= 'login='******'&error=' . $response;
if (Config::getGlobal('debug') >= 2) {
$debugger = Debugger::getInstance();
$debugger->setRedirectUrl($location);
Tools::atkdebug('Non-debug version would have redirected to <a href="' . $location . '">' . $location . '</a>');
$output = Output::getInstance();
$output->outputFlush();
exit;
} else {
header('Location: ' . $location);
exit;
}
} elseif (Config::getGlobal('auth_loginform')) {
$this->loginForm($auth_user, $response);
$output = Output::getInstance();
$output->outputFlush();
exit;
} else {
header('WWW-Authenticate: Basic realm="' . Tools::atktext('app_title') . (Config::getGlobal('auth_changerealm', true) ? ' - ' . strftime('%c', time()) : '') . '"');
if (preg_match('/Microsoft/', $_SERVER['SERVER_SOFTWARE'])) {
header('Status: 401 Unauthorized');
} else {
header('HTTP/1.0 401 Unauthorized');
}
return false;
}
} else {
if (isset($ATK_VARS['atklogout'])) {
header('Location: ' . Config::getGlobal('dispatcher') . '?');
} else {
if (!isset($ATK_VARS['atklogout']) && isset($session['relogin']) && $session['relogin'] == 1) {
$session['relogin'] = 0;
}
}
}
// return
// g_user always lowercase
// $this->m_user["name"] = $this->m_user["name"];
//Send the username with the header
//This way we can always retrieve the user from apache logs
header('user: '******'name']);
$GLOBALS['g_user'] =& $this->m_user;
$sm = SessionManager::getInstance();
$sm->globalVar('authentication', array('authenticated' => 1, 'user' => $this->m_user), true);
if ($throwPostLoginEvent) {
$this->notifyListeners('postLogin', $auth_user);
}
return true;
}