/**
* Try to authenticate user from :
* SSO
* COOKIE
* Given parameters
* SESSION
*
* @return Zend_Auth_Result
*/
public function authenticate()
{
if (isset($this->_params['authType'])) {
switch ($this->_params['authType']) {
case 'credentials':
if (isset($this->_params['login']) && isset($this->_params['password']) && $this->_params['login'] && $this->_params['password']) {
//check token
if (isset($this->_params['tokenName']) && $this->_params['tokenName'] && (!isset($this->_params['token']) || !$this->_params['token'] || !CMS_session::checkToken($this->_params['tokenName'], $this->_params['token']))) {
$this->_messages[] = self::AUTH_INVALID_TOKEN;
$this->_result = new Zend_Auth_Result(Zend_Auth_Result::FAILURE, null, $this->_messages);
} else {
//check user credentials from DB
$sql = "\n\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\tid_pru\n\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\tprofilesUsers\n\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\tlogin_pru = '" . SensitiveIO::sanitizeSQLString($this->_params['login']) . "'\n\t\t\t\t\t\t\t\t\tand (\n\t\t\t\t\t\t\t\t\t\tpassword_pru = '" . SensitiveIO::sanitizeSQLString(md5($this->_params['password'])) . "'\n\t\t\t\t\t\t\t\t\t\tor password_pru = '{sha}" . SensitiveIO::sanitizeSQLString(sha1($this->_params['password'])) . "'\n\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\tand password_pru != ''\n\t\t\t\t\t\t\t\t\tand active_pru = 1\n\t\t\t\t\t\t\t\t\tand deleted_pru = 0\n\t\t\t\t\t\t\t";
$q = new CMS_query($sql);
if ($q->getNumRows()) {
$userId = $q->getValue("id_pru");
$this->_user = CMS_profile_usersCatalog::getByID($userId);
if ($this->_user && !$this->_user->hasError() && !$this->_user->isDeleted() && $this->_user->isActive()) {
$this->_messages[] = self::AUTH_VALID_CREDENTIALS;
$this->_result = new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $this->_user->getUserId(), $this->_messages);
//remove previous autologin cookie if exists
if (isset($_COOKIE[CMS_session::getAutoLoginCookieName()])) {
CMS_session::setCookie(CMS_session::getAutoLoginCookieName());
}
return $this->_result;
} else {
$this->_messages[] = self::AUTH_INVALID_USER;
$this->_result = new Zend_Auth_Result(Zend_Auth_Result::FAILURE, null, $this->_messages);
$this->raiseError("user_id found don't instanciate a valid user object. ID : " . $userId);
}
} else {
$this->_messages[] = self::AUTH_INVALID_CREDENTIALS;
$this->_result = new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, null, $this->_messages);
//wait a little (5 seconds) to avoid multiple simultaneous attempts
sleep(5);
}
}
}
break;
case 'session':
$authStorage = new Zend_Auth_Storage_Session('atm-auth');
$userId = $authStorage->read();
if (io::isPositiveInteger($userId)) {
if (!isset($this->_params['disconnect']) || !$this->_params['disconnect']) {
//check user from session table
if ($this->_checkSession($userId)) {
$this->_user = CMS_profile_usersCatalog::getByID($userId);
if ($this->_user && !$this->_user->hasError() && !$this->_user->isDeleted() && $this->_user->isActive()) {
$this->_messages[] = self::AUTH_VALID_USER_SESSION;
$this->_result = new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $this->_user->getUserId(), $this->_messages);
return $this->_result;
} else {
$this->_messages[] = self::AUTH_INVALID_USER_SESSION;
$this->_result = new Zend_Auth_Result(Zend_Auth_Result::FAILURE, null, $this->_messages);
//clear session content
CMS_session::deleteSession(true);
}
} else {
//clear session content
CMS_session::deleteSession();
}
}
}
break;
case 'cookie':
if (isset($_COOKIE[CMS_session::getAutoLoginCookieName()])) {
if (!isset($this->_params['disconnect']) || !$this->_params['disconnect']) {
if (!$this->_autoLogin()) {
//remove cookie
CMS_session::setCookie(CMS_session::getAutoLoginCookieName());
} else {
return $this->_result;
}
}
}
break;
case 'sso':
if (!(isset($this->_params['login']) && isset($this->_params['password']) && $this->_params['login'] && $this->_params['password'])) {
if (defined('MOD_STANDARD_SSO_LOGIN') && MOD_STANDARD_SSO_LOGIN) {
$this->_user = CMS_profile_usersCatalog::getByLogin(MOD_STANDARD_SSO_LOGIN);
if ($this->_user && !$this->_user->hasError()) {
$this->_messages[] = self::AUTH_SSOLOGIN_VALID;
$this->_result = new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $this->_user->getUserId(), $this->_messages);
return $this->_result;
} else {
$this->_messages[] = self::AUTH_SSOLOGIN_INVALID_USER;
$this->_result = new Zend_Auth_Result(Zend_Auth_Result::FAILURE, null, $this->_messages);
}
} elseif (defined('MOD_STANDARD_SSO_FUNCTION') && MOD_STANDARD_SSO_FUNCTION) {
if (is_callable(MOD_STANDARD_SSO_FUNCTION, false)) {
//check if function/method name exists.
$login = '';
if (io::strpos(MOD_STANDARD_SSO_FUNCTION, '::') !== false) {
//static method call
$method = explode('::', MOD_STANDARD_SSO_FUNCTION);
$login = call_user_func(array($method[0], $method[1]));
} else {
//function call
$login = call_user_func(MOD_STANDARD_SSO_FUNCTION);
}
if ($login) {
$this->_user = CMS_profile_usersCatalog::getByLogin($login);
if ($this->_user && !$this->_user->hasError()) {
$this->_messages[] = self::AUTH_SSOLOGIN_VALID;
$this->_result = new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $this->_user->getUserId(), $this->_messages);
return $this->_result;
} else {
$this->_messages[] = self::AUTH_SSOLOGIN_INVALID_USER;
$this->_result = new Zend_Auth_Result(Zend_Auth_Result::FAILURE, null, $this->_messages);
}
}
} else {
$this->raiseError('Cannot call SSO method/function: ' . MOD_STANDARD_SSO_FUNCTION);
}
}
}
break;
default:
CMS_grandFather::raiseError('Unknown authType: ' . $this->_params['authType']);
break;
}
}
//Nothing found
if (!$this->_result) {
$this->_messages[] = self::AUTH_MISSING_CREDENTIALS;
$this->_result = new Zend_Auth_Result(Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND, null, $this->_messages);
}
return $this->_result;
}
/**
* Check a session token value for a given token name
*
* @param string $name, token name to check
* @param string $token, token value to check
* @return boolean : true if token is valid or false otherwise
* @access public
*/
static function checkToken($name, $token)
{
return CMS_session::checkToken($name, $token);
}
/**
* This function is called to catch and launch all FE forms actions
*
* @param array $formIDs : the forms ids to check for actions
* @param integer $pageID : the current page id
* @param boolean $public : the data status
* @param string $languageCode : the language code used
* @param reference array $polymodFormsError : the forms error status to return
* @param reference array $polymodFormsItem : reference to the forms item
* @return boolean : true on success, false on failure
* @access public
* @static
*/
static function formActions($formIDs, $pageID, $languageCode, $public, &$polymodFormsError, &$polymodFormsItems)
{
global $cms_language, $cms_user;
if (!is_array($formIDs)) {
return false;
}
foreach ($formIDs as $formID) {
if (io::request('formID') && io::request('formID') == $formID) {
if (!isset($cms_language) || $cms_language->getCode() != $languageCode) {
$cms_language = new CMS_language($languageCode);
}
//instanciate item
$item = '';
if (io::request('object', 'io::isPositiveInteger', '')) {
//check user rights on module
$module = CMS_poly_object_catalog::getModuleCodenameForObjectType(io::request('object'));
//Check user rights
//here assume than user should only need the view right on module, because admin right allow Automne administration access
if (!is_object($cms_user) || !$cms_user->hasModuleClearance($module, CLEARANCE_MODULE_VIEW)) {
CMS_grandFather::raiseError('No user found or user has no administration rights on module ' . $module);
return false;
}
//instanciate object
$object = CMS_poly_object_catalog::getObjectDefinition(io::request('object'));
if ($object && io::request('item', 'io::isPositiveInteger', '')) {
$search = new CMS_object_search($object, false);
$search->addWhereCondition('item', io::request('item'));
$items = $search->search();
if (isset($items[io::request('item')])) {
$item = $items[io::request('item')];
} else {
$item = new CMS_poly_object($object->getID());
}
} else {
$item = new CMS_poly_object($object->getID());
}
}
if (is_object($item) && !$item->hasError()) {
//get item fieldsObjects
$fieldsObjects =& $item->getFieldsObjects();
//checks and assignments
$item->setDebug(false);
//first, check mandatory values
foreach ($fieldsObjects as $fieldID => $aFieldObject) {
//if field is part of formular
if (isset($_REQUEST['polymodFields'][$fieldID])) {
if (!$item->checkMandatory($fieldID, $_REQUEST, '')) {
$polymodFormsError[$formID]['required'][$fieldID] = $fieldID;
}
}
}
//second, set values for all fields
foreach ($fieldsObjects as $fieldID => $aFieldObject) {
//if field is part of formular
if (isset($_REQUEST['polymodFields'][$fieldID])) {
//if form use a callback, call it
//do not use call_user_function here
$funcName = 'form_' . $formID . '_' . $fieldID;
if (!$item->setValues($fieldID, $_REQUEST, '')) {
$polymodFormsError[$formID]['malformed'][] = $fieldID;
} elseif (!isset($polymodFormsError[$formID]['required'][$fieldID]) && function_exists('form_' . $formID . '_' . $fieldID) && !$funcName($formID, $fieldID, $item)) {
$polymodFormsError[$formID]['malformed'][] = $fieldID;
}
}
}
//set publication dates if needed
if (isset($_REQUEST['polymodFields']) && $_REQUEST['polymodFields']) {
if ($object->isPrimaryResource()) {
// Dates management
$dt_beg = new CMS_date();
$dt_beg->setDebug(false);
$dt_beg->setFormat($cms_language->getDateFormat());
$dt_end = new CMS_date();
$dt_end->setDebug(false);
$dt_end->setFormat($cms_language->getDateFormat());
if (!($dt_set_1 = $dt_beg->setLocalizedDate(@$_REQUEST["pub_start"], true))) {
$polymodFormsError[$formID]['malformed'][] = 'pub_start';
}
if (!($dt_set_2 = $dt_end->setLocalizedDate(@$_REQUEST["pub_end"], true))) {
$polymodFormsError[$formID]['malformed'][] = 'pub_end';
}
//if $dt_beg && $dt_end, $dt_beg must be lower than $dt_end
if (!$dt_beg->isNull() && !$dt_end->isNull()) {
if (CMS_date::compare($dt_beg, $dt_end, '>')) {
$polymodFormsError[$formID]['malformed'][] = 'pub_start';
$polymodFormsError[$formID]['malformed'][] = 'pub_end';
$dt_set_1 = $dt_set_2 = false;
}
}
if ($dt_set_1 && $dt_set_2) {
$item->setPublicationDates($dt_beg, $dt_end);
}
}
}
//Check form token
if (!isset($_POST["atm-token"]) || !CMS_session::checkToken(MOD_POLYMOD_CODENAME . '-' . $formID, $_POST["atm-token"])) {
$polymodFormsError[$formID]['error'][] = 'form-token';
return false;
} else {
//Token is used so expire it
CMS_session::expireToken(MOD_POLYMOD_CODENAME . '-' . $formID);
}
if (!$polymodFormsError[$formID]) {
//save the data
if (!$item->writeToPersistence()) {
$polymodFormsError[$formID]['error'][] = 'write';
$polymodFormsError[$formID]['filled'] = 0;
} else {
$polymodFormsError[$formID]['filled'] = 1;
//if form use a callback, call it
//do not use call_user_function here
$funcName = 'form_' . $formID;
if (function_exists('form_' . $formID) && !$funcName($formID, $item)) {
$polymodFormsError[$formID]['filled'] = 0;
$polymodFormsError[$formID]['error'][] = 'callback';
}
}
//if item is a primary resource, unlock it
if ($object->isPrimaryResource()) {
$item->unlock();
}
} else {
$polymodFormsError[$formID]['filled'] = 0;
}
//save item for later use
$polymodFormsItems[$formID] = $item;
} else {
$polymodFormsError[$formID]['filled'] = 0;
$polymodFormsError[$formID]['error'][] = 'right';
CMS_grandFather::raiseError('No item found or user has no administration rights on item... ');
return false;
}
}
}
return true;
}
/**
* Set interface secure. Check request is made from a valid Automne Ajax
* Use http header
*
* @return string : the copyright to add
* @access public
*/
function setSecure($secure = true)
{
$this->_secure = $secure ? true : false;
if ($this->_secure) {
if (isset($_SERVER['HTTP_X_POWERED_BY']) && $_SERVER['HTTP_X_POWERED_BY'] == 'Automne' && isset($_SERVER['HTTP_X_ATM_TOKEN'])) {
if (CMS_session::checkToken('admin', $_SERVER['HTTP_X_ATM_TOKEN'])) {
return true;
}
}
$this->raiseError('Unautorized query on a secure interface : Query on ' . $_SERVER['SCRIPT_NAME'] . ' - from ' . @$_SERVER['HTTP_REFERER']);
$this->setDisconnected(true);
$this->show();
}
}
