/**
* Verifies security for the incoming request (but does not check user access).
* Initially ensures that the request is coming in on a valid and enabled course/controller (rejects it if not).
* The password is then checked, and it can handle prim-passwords and object-specific passwords.
*
* @param bool $require If true, the function will NOT return on authentication failure. Rather, it will terminate the script with an error message.
* @return bool true if successful in authenticating the request, or false if not.
*/
function authenticate_request($require = true)
{
// Make sure that the request data has been processed
if (!$this->request->is_request_data_processed()) {
$this->request->process_request_data();
}
// Make sure the controller ID parameter was specified
if ($this->request->get_controller_id($require) === null) {
return false;
}
// Make sure we've got a valid course and controller object
if (!$this->course->controller->is_loaded()) {
if ($require) {
$this->response->quick_output(-514, 'COURSE', 'Course controller could not be accessed.', false);
exit;
}
return false;
}
if (!$this->course->is_loaded()) {
if ($require) {
$this->response->quick_output(-512, 'COURSE', 'Course could not be accessed.', false);
exit;
}
return false;
}
// Make sure the course is available
if (!$this->course->is_available()) {
if ($require) {
$this->response->quick_output(-513, 'COURSE', 'Course not available.', false);
exit;
}
return false;
}
// Make sure the contrller is available
if (!$this->course->controller->is_available()) {
if ($require) {
$this->response->quick_output(-514, 'COURSE', 'Course controller not available.', false);
exit;
}
return false;
}
// Make sure the controller is enabled
if (!$this->course->controller->is_enabled()) {
if ($require) {
$this->response->quick_output(-514, 'COURSE', 'Course controller disabled.', false);
exit;
}
return false;
}
// Get the password parameter
$password = $this->request->get_password($require);
if ($password == null) {
if ($require) {
$this->response->quick_output(-212, 'OBJECT_AUTH', 'Prim Password cannot be empty.', false);
exit;
}
return false;
}
// Does the password contain an object UUID?
$parts = explode('|', $password);
if (count($parts) >= 2) {
$objuuid = $parts[0];
$objpwd = $parts[1];
// Make sure the password was provided
if (empty($objpwd)) {
if ($require) {
$this->response->quick_output(-212, 'OBJECT_AUTH', 'Object-specific password not specified.', false);
exit;
}
return false;
}
// Verify the object's authorisation
if ($this->course->controller->check_authorisation($objuuid, $objpwd)) {
// Passed authorisation - make sure the object is registered as being still active
$this->course->controller->ping_object($objuuid);
return true;
}
if ($require) {
$this->response->quick_output(-213, 'OBJECT_AUTH', 'Object-specific password was invalid.', false);
exit;
}
return false;
}
// Get the controller password
$controllerpwd = $this->course->controller->get_password();
// Prim Password access is disabled if no password has been specified
if (strlen($controllerpwd) == 0) {
if ($require) {
$this->response->quick_output(-213, 'OBJECT_AUTH', 'Access to this Controller by prim password has been disabled.', false);
exit;
}
return false;
}
// Check that the passwords match
if ($password != $this->course->controller->get_password()) {
if ($require) {
$this->response->quick_output(-213, 'OBJECT_AUTH', 'Prim password was invalid.', false);
exit;
}
return false;
}
return true;
}
