/**
*
* Implements standard username/password and IP-address based user authentication. Applications
* requiring completely custom authentication methods should override this method. However, most of
* the time if you need custom authentication you can just create a custom user auth handler class ("username/password" authentication).
*
* One clean way to extend Auth is create a sub-class whose constructor calls addUserHandler() and delegates
* everything else to Auth.
*
* @access private
* @param array of login options (same as the associative option array in the class constructor)
*/
public function doAuthentication($pa_options)
{
global $AUTH_CURRENT_USER_ID;
$o_event_log = new Eventlog();
$vs_app_name = $this->config->get("app_name");
foreach (array('no_headers', 'dont_redirect_to_login', 'dont_create_new_session', 'dont_redirect_to_welcome', 'user_name', 'password', 'options', 'noPublicUsers', 'dont_redirect', 'no_headers', 'redirect') as $vs_key) {
if (!isset($pa_options[$vs_key])) {
$pa_options[$vs_key] = null;
}
}
if (!is_array($pa_options["options"])) {
$pa_options["options"] = array();
}
if ($pa_options["no_headers"]) {
$pa_options["dont_redirect_to_login"] = true;
$pa_options["dont_create_new_session"] = true;
$pa_options["dont_redirect_to_welcome"] = true;
}
if ($pa_options["dont_redirect"]) {
$pa_options["dont_redirect_to_login"] = true;
$pa_options["dont_redirect_to_welcome"] = true;
}
$vb_login_successful = false;
if (!$pa_options["user_name"]) {
// no incoming login
//
// is a user already logged in?
//
if ($vn_user_id = $this->session->getVar($vs_app_name . "_user_id")) {
// does session have a user attached to it?
// user is already logged in
$this->user = new ca_users($vn_user_id);
// add user object
if (!$this->user->isActive() || $this->user->numErrors() || $pa_options['noPublicUsers'] && $this->user->isPublicUser()) {
// error means user_id in session is invalid
$vb_login_successful = false;
} else {
$vb_login_successful = true;
}
if ($vb_login_successful) {
// Login was successful
$this->session->setVar($vs_app_name . "_lastping", time());
// set last time we heard from client in session
$this->user->setLastPing(time());
$AUTH_CURRENT_USER_ID = $vn_user_id;
//$this->user->close(); ** will be called externally **
return $vb_login_successful;
}
}
if (!$vb_login_successful) {
$this->user = new ca_users();
// add user object
$vs_tmp1 = $vs_tmp2 = null;
if ($vn_auth_type = $this->user->authenticate($vs_tmp1, $vs_tmp2, $pa_options["options"])) {
# error means user_id in session is invalid
if ($pa_options['noPublicUsers'] && $this->user->isPublicUser() || !$this->user->isActive()) {
$o_event_log->log(array("CODE" => "LOGF", "SOURCE" => "Auth", "MESSAGE" => "Failed login for user id '" . $vn_user_id . "' (" . $_SERVER['REQUEST_URI'] . "); IP=" . $_SERVER["REMOTE_ADDR"] . "; user agent='" . $_SERVER["HTTP_USER_AGENT"] . "'"));
$vb_login_successful = false;
} else {
$vb_login_successful = true;
$vn_user_id = $this->user->getUserID();
}
}
if (!$vb_login_successful) {
// throw user to login screen
if (!$pa_options["dont_redirect_to_login"]) {
$o_event_log->log(array("CODE" => "LOGF", "SOURCE" => "Auth", "MESSAGE" => "Failed login with redirect for user id '" . $vn_user_id . "' (" . $_SERVER['REQUEST_URI'] . "); IP=" . $_SERVER["REMOTE_ADDR"] . "; user agent='" . $_SERVER["HTTP_USER_AGENT"] . "'"));
$vs_redirect = $this->getRequestUrl(true);
if (strpos($vs_redirect, $this->config->get("auth_login_path") !== -1)) {
$vs_redirect = '';
} else {
$vs_redirect = '?redirect=' . urlencode($vs_redirect);
}
$this->opo_response->addHeader("Location", $this->getBaseUrlPath() . '/' . $this->getScriptName() . '/' . $this->config->get("auth_login_path") . $vs_redirect);
}
return false;
}
}
}
//
// incoming login
//
if ($pa_options["user_name"]) {
$vb_login_successful = false;
$this->user = new ca_users();
if ($vn_auth_type = $this->user->authenticate($pa_options["user_name"], $pa_options["password"], $pa_options["options"])) {
# error means user_id in session is invalid
if ($pa_options['noPublicUsers'] && $this->user->isPublicUser() || !$this->user->isActive()) {
$vb_login_successful = false;
} else {
$vb_login_successful = true;
$vn_user_id = $this->user->getUserID();
}
}
}
if (!$vb_login_successful) {
$this->user = null;
// auth failed
// throw user to login screen
if ($pa_options["user_name"]) {
$o_event_log->log(array("CODE" => "LOGF", "SOURCE" => "Auth", "MESSAGE" => "Failed login for '" . $pa_options["user_name"] . "' (" . $_SERVER['REQUEST_URI'] . "); IP=" . $_SERVER["REMOTE_ADDR"] . "; user agent='" . $_SERVER["HTTP_USER_AGENT"] . "'"));
}
if (!$pa_options["dont_redirect_to_login"]) {
$vs_auth_login_url = $this->getBaseUrlPath() . '/' . $this->getScriptName() . '/' . $this->config->get("auth_login_path");
$this->opo_response->addHeader("Location", $vs_auth_login_url);
}
return false;
} else {
$o_event_log->log(array("CODE" => "LOGN", "SOURCE" => "Auth", "MESSAGE" => "Successful login for '" . $pa_options["user_name"] . "'; IP=" . $_SERVER["REMOTE_ADDR"] . "; user agent=" . $_SERVER["HTTP_USER_AGENT"]));
$this->session->setVar($vs_app_name . "_user_auth_type", $vn_auth_type);
// type of auth used: 1=username/password; 2=ip-base auth
$this->session->setVar($vs_app_name . "_user_id", $vn_user_id);
// auth succeeded; set user_id in session
$this->session->setVar($vs_app_name . "_logintime", time());
// also set login time (unix timestamp) in session
$this->session->setVar($vs_app_name . "_lastping", time());
$this->session->setVar("screen_width", isset($_REQUEST["_screen_width"]) ? intval($_REQUEST["_screen_width"]) : 0);
$this->session->setVar("screen_height", isset($_REQUEST["_screen_height"]) ? intval($_REQUEST["_screen_height"]) : 0);
$this->session->setVar("has_pdf_plugin", isset($_REQUEST["_has_pdf_plugin"]) ? intval($_REQUEST["_has_pdf_plugin"]) : 0);
$this->user->setVar('last_login', time(), array('volatile' => true));
$this->user->setLastLogout($this->user->getLastPing(), array('volatile' => true));
//$this->user->close(); ** will be called externally **
$AUTH_CURRENT_USER_ID = $vn_user_id;
if ($pa_options['redirect']) {
// redirect to specified URL
$this->opo_response->setRedirect($pa_options['redirect']);
$this->opo_response->sendResponse();
exit;
}
if (!$pa_options["dont_redirect_to_welcome"]) {
// redirect to "welcome" page
$this->opo_response->setRedirect($this->getBaseUrlPath() . '/' . $this->getScriptName() . '/' . $this->config->get("auth_login_welcome_path"));
$this->opo_response->sendResponse();
exit;
}
return true;
}
}
