Exemplo n.º 1
0
 /**
  * Implements the webservice call from remote websites to check user credentials and
  * obtain matching warehouse user_id.
  * Does not support requests from users on the warehouse itself (website_id < 0)
  * Expects HTTP POST with username, password, options and usual service credentials.
  * Catches any Exceptions and passes them to handle_error()
  *
  * @return string (encrypted array) with user_id and optional user profile array
  */
 public function authenticate_user()
 {
     try {
         // authenticate requesting website for this service
         $this->authenticate('read');
         // decrypt and check the input
         $input = secure_msg::unseal_request($_POST, $this->website_password);
         if (array_key_exists(secure_msg::ERROR_MSG, $input)) {
             throw new ServiceError($input[secure_msg::ERROR_MSG], 3001);
         }
         kohana::log('debug', 'Site_User_Controller::authenticate_user, unsealed input is ' . print_r($input, true));
         $options = array_key_exists('options', $input) ? $input['options'] : array();
         // authenticate user
         $this->auth = new Auth();
         $user_id = $this->auth->site_login($input['username'], $input['password'], $options, $this->website_id);
         $response = array('user_id' => $user_id);
         // get profile if user has been authenticated and profile has been requested
         $getprofile = array_key_exists('getprofile', $options) ? $options['getprofile'] : false;
         if ($user_id > 0 && $getprofile) {
             $response['profile'] = $this->_get_user_profile($user_id);
         }
         // seal response to secure it from prying or tampering
         kohana::log('debug', 'Site_User_Controller::authenticate_user, unsealed response is ' . print_r($response, true));
         $sealed = secure_msg::SEALED . secure_msg::seal($response, $this->website_password);
         kohana::log('debug', 'Site_User_Controller::authenticate_user, sealed response is ' . print_r($sealed, true));
         echo $sealed;
     } catch (Exception $e) {
         $this->handle_error($e);
     }
 }
Exemplo n.º 2
0
 /**
  * Sends a request to the indicia core module to ask if the login credentials
  * are valid for this website.
  *
  * @param string $username Required.
  * The username value entered by the authenticating user.
  * @param string $password Required.
  * The password value entered by the authenticating user.
  * @param array $readAuth Required.
  * Array containing service authentication data obtained from get_read_auth().
  * @param string $website_password Required.
  * The client website password value to be supplied by the site administrator.
  * @param array $options Optional.
  * Options array with the following possibilities:<ul>
  * <li><b>namecase</b><br/>
  * Optional. Boolean defining if the username value should be treated as case sensitive when looking
  * the user up on indicia core. Defaults to true.</li>
  * <li><b>nameormail</b><br/>
  * Optional. String defining if the username value represents the user's name or their e-mail address when looking
  * the user up on indicia core. Allowed values are 'name' or 'mail'. Defaults to 'name'.</li>
  * <li><b>getprofile</b><br/>
  * Optional. Boolean for whether to retrieve the profile data for this user if successfully authenticated.
  * If true, the profile will be returned in the 'profile' key on the response array.
  * Defaults to false.</li>
  * </ul>
  *
  * @return array containing:<ul>
  * <li>The 'user_id' key hold the user_id for the authenticated user,
  * or '0' if the login credentials are not valid for this website.</li>
  * <li>The 'profile' as an array containing:-<ul>
  * <li>title</li>
  * <li>first_name</li>
  * <li>surname</li>
  * <li>initials</li>
  * <li>email_address</li>
  * <li>website_url</li>
  * <li>address</li>
  * <li>home_entered_sref</li>
  * <li>home_entered_sref_system</li>
  * <li>interests</li>
  * <li>location_name</li>
  * <li>email_visible</li>
  * <li>view_common_names</li>
  * <li>username</li>
  * <li>default_digest_mode</li>
  * <li>activated</li>
  * <li>banned</li>
  * <li>site_role</li>
  * <li>registration_datetime</li>
  * <li>last_login_datetime</li>
  * <li>preferred_sref_system</li>
  * </ul> 
  * This is only returned if the 'getprofile' option is true in the request options.</li>
  * </ul>
  */
 public static function authenticate_user($username, $password, $readAuth, $website_password, $options = array())
 {
     // encrypt and seal the sensitive data
     $secrets = array("username" => $username, "password" => $password, "options" => $options);
     $sealed = secure_msg::seal($secrets, $website_password);
     // send authentication request to indicia core
     $url = self::$base_url . "index.php/services/site_user/authenticate_user";
     $postargs = array(secure_msg::SEALED => $sealed, "auth_token" => $readAuth['auth_token'], "nonce" => $readAuth['nonce']);
     $response = self::http_post($url, $postargs);
     // decrypt response
     $output = secure_msg::unseal_response($response['output'], $website_password);
     // return result
     return $output;
 }