/** * Effectively logs the user in * @param string $login * @param string $passwd */ function user_login($login, $passwd) { global $input; global $template_folder; global $error; global $ezplayer_url; // 0) Sanity checks if (empty($login) || empty($passwd)) { $error = template_get_message('empty_username_password', get_lang()); view_login_form(); die; } $login_parts = explode("/", $login); // checks if runas if (count($login_parts) == 2) { if (!file_exists('admin.inc')) { $error = "Not admin. runas login failed"; view_login_form(); die; } include 'admin.inc'; //file containing an assoc array of admin users if (!isset($admin[$login_parts[0]])) { $error = "Not admin. runas login failed"; view_login_form(); die; } $_SESSION['user_is_admin'] = true; $_SESSION['user_runas'] = true; } else { if (file_exists('admin.inc')) { include 'admin.inc'; //file containing an assoc array of admin users if (isset($admin[$login])) { $_SESSION['user_is_admin'] = true; } } } $res = checkauth(strtolower($login), $passwd); if (!$res) { $error = checkauth_last_error(); view_login_form(); die; } // 1) Initializing session vars $_SESSION['ezplayer_logged'] = "user_logged"; // "boolean" stating that we're logged $_SESSION['user_login'] = $res['login']; $_SESSION['user_real_login'] = $res['real_login']; $_SESSION['user_full_name'] = $res['full_name']; $_SESSION['user_email'] = $res['email']; $_SESSION['admin_enabled'] = false; //check flash plugin or GET parameter no_flash if (!isset($_SESSION['has_flash'])) { //no noflash param when login //check flash plugin if ($input['has_flash'] == 'N') { $_SESSION['has_flash'] = false; } else { $_SESSION['has_flash'] = true; } } // 2) Initializing the ACLs acl_init($login); // 3) Setting correct language set_lang($input['lang']); // 4) Resetting the template path to the one of the language chosen template_repository_path($template_folder . get_lang()); // 5) Logging the login operation log_append("login"); log_append("user's browser : " . $_SESSION['browser_full']); // lvl, action, browser_name, browser_version, user_os, browser_full_info trace_append(array("1", "login", $_SESSION['browser_name'], $_SESSION['browser_version'], $_SESSION['user_os'], $_SESSION['browser_full'], session_id())); // 6) Displaying the page // view_main(); if (count($_SESSION['first_input']) > 0) { $ezplayer_url .= '/index.php?'; } foreach ($_SESSION['first_input'] as $key => $value) { $ezplayer_url .= "{$key}={$value}&"; } header("Location: " . $ezplayer_url); load_page(); }
/** * Determines whether the user to authenticate is a simple user * or a 'runas' (admin). * Tries to authenticate the user and returns user's information * in case of success. * @global type $auth_methods various methods used for authentication (may be file / ldap / ...) * @param type $login user's login (can be user or admin/user with admin authenticated as user) * @param type $passwd user's password * @return user's information if the user has been authenticated; false otherwise */ function checkauth($login, $passwd) { global $auth_methods; $auth_methods_length = count($auth_methods); $login = trim($login); //check if runas admin login $login_parts = explode("/", $login); //simple login if (count($login_parts) == 1) { $index = 0; $auth_user = false; // authenticates user (fallback on every available methods) while ($index < $auth_methods_length && $auth_user === false) { $check_auth = $auth_methods[$index] . "_checkauth"; $auth_user = $check_auth($login, $passwd); $index++; } // user has not been authenticated using all available methods if ($auth_user === false) { checkauth_last_error("Authentication failure"); } // returns user info or false if user has not been found return $auth_user; // admin run as login } else { //runas_login identification where user <login> wants to act as another one $real_login = $login_parts[0]; $runas_login = $login_parts[1]; $index = 0; $auth_admin = false; // loops on every available methods to authenticate the admin while ($index < $auth_methods_length && $auth_admin === false) { $check_auth = $auth_methods[$index] . "_checkauth"; $auth_admin = $check_auth($real_login, $passwd); $index++; } // admin has not been authenticated if ($auth_admin === false) { checkauth_last_error("Authentication failure"); return false; // admin has been authenticated } else { $index = 0; $auth_user = false; // loops on every available methods to get user info while ($index < $auth_methods_length && $auth_user === false) { $getinfo = $auth_methods[$index] . "_getinfo"; $auth_user = $getinfo($runas_login); $index++; } // user does not exit if ($auth_user === false) { checkauth_last_error("Authentication failure"); } else { $auth_user["real_login"] = $real_login; } // returns user info or false if user has not been found return $auth_user; } } }
/** * Effectively logs the user in * @param string $login * @param string $passwd */ function user_login($login, $passwd) { global $input; global $template_folder; global $error; global $ezmanager_url; // 0) Sanity checks if (empty($login) || empty($passwd)) { $error = template_get_message('empty_username_password', get_lang()); view_login_form(); die; } $login_parts = explode("/", $login); // checks if runas if (count($login_parts) == 2) { if (!file_exists('admin.inc')) { $error = "Not admin. runas login failed"; view_login_form(); die; } include 'admin.inc'; //file containing an assoc array of admin users if (!isset($admin[$login_parts[0]])) { $error = "Not admin. runas login failed"; view_login_form(); die; } } $res = checkauth(strtolower($login), $passwd); if (!$res) { $error = checkauth_last_error(); view_login_form(); die; } // 1) Initializing session vars $_SESSION['podman_logged'] = "LEtimin"; // "boolean" stating that we're logged $_SESSION['user_login'] = $res['login']; $_SESSION['user_real_login'] = $res['real_login']; $_SESSION['user_full_name'] = $res['full_name']; $_SESSION['user_email'] = $res['email']; //check flash plugin or GET parameter no_flash if (!isset($_SESSION['has_flash'])) { //no noflash param when login //check flash plugin if ($input['has_flash'] == 'N') { $_SESSION['has_flash'] = false; } else { $_SESSION['has_flash'] = true; } } // 2) Initializing the ACLs acl_init($login); // 3) Setting correct language set_lang($input['lang']); if (count(acl_authorized_albums_list()) == 0) { error_print_message(template_get_message('not_registered', get_lang()), false); log_append('warning', $res['login'] . ' tried to access ezmanager but doesn\'t have permission to manage any album.'); session_destroy(); view_login_form(); die; } // 4) Resetting the template path to the one of the language chosen template_repository_path($template_folder . get_lang()); // 5) Logging the login operation log_append("login"); // 6) Displaying the page header("Location: " . $ezmanager_url); view_main(); }
/** * Effectively logs the user in * @param string $login * @param string $passwd */ function user_login($login, $passwd) { global $input; global $template_folder; global $error; global $ezadmin_url; // 0) Sanity checks if (empty($login) || empty($passwd)) { $error = template_get_message('empty_username_password', get_lang()); view_login_form(); die; } $login_parts = explode("/", $login); // checks if runas if (count($login_parts) >= 2) { $error = "No runas here !"; view_login_form(); die; } if (!file_exists('admin.inc')) { $error = "User not authorized"; view_login_form(); die; } include 'admin.inc'; //file containing an assoc array of admin users if (!isset($users[$login_parts[0]])) { $error = "User not authorized"; view_login_form(); die; } $res = checkauth(strtolower($login), $passwd); if (!$res) { $error = checkauth_last_error(); view_login_form(); die; } // 1) Initializing session vars $_SESSION['podcastcours_logged'] = "LEtimin"; // "boolean" stating that we're logged $_SESSION['user_login'] = $login; $_SESSION['user_real_login'] = $res['real_login']; $_SESSION['user_full_name'] = $res['full_name']; $_SESSION['user_email'] = $res['email']; // 3) Setting correct language set_lang($input['lang']); // 4) Resetting the template path to the one of the language chosen template_repository_path($template_folder . get_lang()); // 5) Logging the login operation log_append("login"); // 6) Displaying the page header("Location: " . $ezadmin_url); view_main(); }
/** * Tries to establish a connection to ldap server. Loops on all available servers while the * connection has not been established * @param type $ldap_servers array containing the available servers * @param int $index position in the array where the search starts * @param type $login * @param type $password * @return boolean */ function private_ldap_connect($ldap_servers, &$index = 0, $login = "", $password = "") { $ldap_servers_count = count($ldap_servers); if (!isset($index)) { $index = 0; } while ($index < $ldap_servers_count) { $rdn = str_replace("!LOGIN", $login, $ldap_servers[$index]["rdn"]); if (!isset($password) || $password == "") { $password = $ldap_servers[$index]["password"]; } //try to connect to ldap server if (isset($ldap_servers[$index]["port"]) && trim($ldap_servers[$index]["port"]) != "") { $link_identifier = ldap_connect($ldap_servers[$index]["hostname"], $ldap_servers[$index]["port"]); } else { $link_identifier = ldap_connect($ldap_servers[$index]["hostname"]); } ldap_set_option($link_identifier, LDAP_OPT_PROTOCOL_VERSION, 3); //try to bind with login and password @($res = ldap_bind($link_identifier, $rdn, $password)); //check ldap branch if ($res) { return $link_identifier; } else { ldap_close($link_identifier); } $index++; } //if not sucessfull show reason: $errno = ldap_errno($link_identifier); $errstring = ldap_error($link_identifier); checkauth_last_error("{$errno}:{$errstring}:Bind to ldap failed"); return false; }