Exemplo n.º 1
0
 /**
  * Used to vaidate a user's credentials. (uname, pass)
  * @param	array	$creds	the uname and password passed in as an array.
  * @return 	bool
  */
 function validateCredentials($creds)
 {
     $pwent = posix_getpwnam(strtolower($creds['uname']));
     if ($pwent == false) {
         API::Error("Invalid Username/Password");
     }
     $cryptpw = crypt($creds['password'], $pwent['passwd']);
     if ($cryptpw == $pwent['passwd']) {
         API::DEBUG("[Auth_NIS::validateCredentials] returning TRUE", 8);
         $_SESSION['authed_user'] = $pwent['uid'];
         $this->authed_user = $pwent['uid'];
         $names = explode(" ", $pwent['gecos'], 2);
         $names['fname'] = $names[0];
         $names['lname'] = $names[1];
         unset($names[1]);
         unset($names[0]);
         $prefs = new Prefs();
         if ($prefs->checkUID($this->authed_user, $this->config->prefs_auto, NULL, $names)) {
             return TRUE;
         } else {
             API::Error("Username Not Valid in system. Error: 3304");
         }
     }
     return FALSE;
 }
Exemplo n.º 2
0
 /**
  * checks the input for validity according to what should be in the table
  * returning an array of errors or NULL if no errors occur.
  * NOTE: This function may modify it's argument.
  *
  *@access    public
  *@param     array   $data   the array of data to check
  *@return    array
  */
 public function check_input(&$data)
 {
     $errors = array();
     if ($this->action != 'edit') {
         /*
                     	if(preg_match('/![a-zA-Z0-9.-_]/', $data['uname'])) {
                         	$errors[] = "Invalid User Name!";
                     	}
         
         	            $this->where_clause(new WhereClause('uname', $data['uname']));
             	        if($this->getAll() != NULL) {
                 	    	$errors[] = "Username already exists!.";
                     	}
         
         				if(strlen($data['uname']) > 32) {
         					$errors[] = "Username too long!";
         				}*/
     }
     $security_violation = false;
     if ($this->action == 'edit') {
         if (isset($data['set_perms'])) {
             if (!self::$CertisInst->Perms->checkPerm($this->authed_user, 'perms_admin')) {
                 $errors[] = "You do not have permissions to change permissions.";
                 $security_violation = true;
                 error_log("[Prefs::check_input()] Security Violation (perms_admin) ERR_SEC.  ");
             }
         } elseif ($data['uid'] != $this->authed_user) {
             if (!self::$CertisInst->Perms->checkPerm($this->authed_user, 'user_admin')) {
                 $errors[] = "You do not have permissions to change other user's info.";
                 $security_violation = true;
                 error_log("[Prefs::check_input()] Security Violation (user_admin) ERR_SEC.  ");
             }
         }
     }
     if (count($errors) > 0) {
         // slightly different redirect here, because security issues redirect
         // us to index.
         if ($security_violation === TRUE) {
             // security violation, log some info.
             error_log("                         - IP " . $_SERVER['REMOTE_ADDR']);
             error_log("                         - user " . $this->authed_user);
             error_log("                         - session destroyed.(ERR_SEC_DESTROY)");
             // effectively log off the user
             $_SESSION['authed_user'] = NULL;
             $this->authed_user = NULL;
             // set display messages to the user.
             API::Error($errors);
             // redirect them to the home page.
             API::Redirect("/");
         }
         return $errors;
     } else {
         return NULL;
     }
 }
Exemplo n.º 3
0
 public function loginAction()
 {
     if (isset($_POST['login'])) {
         $creds = array();
         $creds['uname'] = $_POST['uname'];
         $creds['password'] = md5($_POST['password']);
         if ($this->_model->validateCredentials($creds)) {
             API::Redirect("/");
         } else {
             API::Error("Invalid Username/Passord for login.");
         }
     }
     $this->addModuleTemplate('auth', 'login_frm');
 }
Exemplo n.º 4
0
 public function loginAction()
 {
     if (isset($_POST['login'])) {
         $creds = array();
         $creds['uname'] = $_POST['uname'];
         $creds['password'] = $_POST['password'];
         if ($this->_model->validateCredentials($creds)) {
             API::DEBUG("[Auth_LDAPController::loginAction] PHPSESSID = " . session_id(), 8);
             API::Redirect("/");
         } else {
             API::Error("Invalid Username/Password");
         }
     }
     API::DEBUG("[Auth_LDAPController::loginAction] adding login form to template stack");
     $this->addModuleTemplate(strtolower(self::$config->auth_class), 'login_frm');
 }
 /**
  * default action processing new requests passed in from the display action.  Does
  * not use a template. Uses the 'set_data' function on the model object of the implementing
  * class to do data verification.
  *
  * @return none
  */
 public function newAction()
 {
     # process the new entry form.
     # check the post data and filter it.
     if (isset($_POST['cancel'])) {
         API::Redirect(API::printUrl($this->_redirect));
     }
     $input_check = $this->_model->check_input($_POST);
     if (is_array($input_check)) {
         API::Error($input_check);
         // redirect to index and displayed an error there.
         API::redirect(API::printUrl($this->_redirect));
     }
     // all hooks will stack their errors onto the API::Error stack
     // but WILL NOT redirect.
     API::callHooks(self::$module, 'validate', 'controller', $_POST);
     if (API::hasErrors()) {
         API::redirect(API::printUrl($this->_redirect));
     }
     // set the id into the post var for any hooks.
     $_POST['id'] = $this->_model->set_data($_POST, TRUE);
     // auto call the hooks for this module/action
     API::callHooks(self::$module, 'save', 'controller', $_POST);
     if (isset($this->params['redir'])) {
         API::Redirect($this->params['redir']);
     }
     API::redirect(API::printUrl($this->_redirect));
 }
Exemplo n.º 6
0
    // only run this code if the class specified in config
    // for authentication is present.  And if the request
    // coming in is not for the auth_class module itself.
    // The second part keeps things from going crazy.
    if (class_exists($CertisInst->config->auth_class) && $CertisInst->module != strtolower($CertisInst->config->auth_class)) {
        // include the authentication module's controller.php file
        include _SYSTEM_ . "/modules/" . strtolower($CertisInst->config->auth_class) . "/controller.php";
        // instantiate the auth controller class
        $classname = $CertisInst->config->auth_class . "Controller";
        $auth_controller = new $classname();
        $auth_controller->authCheckAction();
    }
    if (!class_exists($CertisInst->config->auth_class)) {
        $CertisInst->module = '';
        $CertisInst->action = 'error';
        API::Error('FATAL ERROR: Unable to find Authentication Class');
    }
}
API::DEBUG("[__SYSTEM__] index.php: authentication check done.");
$controller = null;
if (!empty($CertisInst->module)) {
    if (preg_match("/\\.\\./", $CertisInst->module)) {
        error_log("[index.php] FATAL ERROR! SOMEONE TRIED TO ESCAPE! " . $CertisInst->module);
        print "UNAUTHORIZED!!!!!!";
        exit(1);
    }
    // first check to see if the module exists.
    if (!file_exists(_SYSTEM_ . "/modules/" . $CertisInst->module)) {
        error_log("[index.php] Unable to find requested module: " . $CertisInst->module);
        API::Redirect("/");
    }
Exemplo n.º 7
0
 /**
  * Used to vaidate a user's credentials. (uname, password)
  * @param	array	$creds	the uname and password passed in as an array.
  * @return 	bool
  */
 function validateCredentials($creds)
 {
     global $conf;
     if (!$this->_connectLDAP()) {
         return false;
     } else {
         # see if you can find the user
         $search_res = $this->_searchUser($creds['uname']);
         if ($search_res != NULL) {
             if (!is_array($search_res)) {
                 error_log("LDAP - Something went wrong with the LDAP search.");
                 return false;
             }
             # get the user attributs
             $userdn = $search_res[0];
             $user_attrs = $search_res[1];
             # Bind with old password
             error_log("UserDN: " . $userdn);
             $bind = ldap_bind($this->ldap, $userdn, $creds['password']);
             $errno = ldap_errno($this->ldap);
             if ($errno == 49 && $ad_mode) {
                 if (ldap_get_option($this->ldap, 0x32, $extended_error)) {
                     error_log("LDAP - Bind user extended_error {$extended_error}  (" . ldap_error($this->ldap) . ")");
                     $extended_error = explode(', ', $extended_error);
                     if (strpos($extended_error[2], '773')) {
                         error_log("LDAP - Bind user password needs to be changed");
                         $errno = 0;
                         return false;
                     }
                     if (strpos($extended_error[2], '532') and $ad_options['change_expired_password']) {
                         error_log("LDAP - Bind user password is expired");
                         $errno = 0;
                         return false;
                     }
                     unset($extended_error);
                 }
             }
             if ($errno) {
                 error_log("LDAP - Bind user error {$errno}  (" . ldap_error($this->ldap) . ")");
                 return false;
             } else {
                 // got a good bind, user is valid.  Let's populate some stuff
                 $this->authed_user = $user_attrs[$conf->auth_ldap->uid_attr];
                 $names = array();
                 $names['fname'] = $user_attrs[$conf->auth_ldap->fname_attr];
                 $names['lname'] = $user_attrs[$conf->auth_ldap->lname_attr];
                 $prefs = new Prefs();
                 if ($prefs->checkUID($this->authed_user, $conf->prefs_auto, NULL, $names)) {
                     $_SESSION['authed_user'] = $this->authed_user;
                     API::Debug("auth_ldap: checkUID passed");
                     return true;
                 } else {
                     API::Error("Username Not Valid in system. Error: 3304");
                 }
             }
         }
     }
     return FALSE;
 }