Пример #1
0
 /**
  * Uses the user credentials sent with the HTTP-Header to authenticate the user calling the API.
  *
  * œ@api
  *
  * @throws \FeM\sPof\exception\BasicAuthException
  *
  * @return boolean True, if user with the given password was authenticated successfully, else false.
  */
 public final function authenticate()
 {
     if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
         throw new \FeM\sPof\exception\BasicAuthException(_s('Missing authentication credentials'));
     }
     $user_id = User::getIdByCredentials($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
     if ($user_id === false) {
         throw new \FeM\sPof\exception\BasicAuthException(_s('Wrong user and/or password.'));
     }
     return $user_id;
 }
Пример #2
0
 /**
  * Login user.
  *
  * @internal
  */
 public static function login()
 {
     $config = self::getConfig();
     if (empty($config['login']) || !isset($_COOKIE[$config['login']]) || empty($config['password']) || !isset($_COOKIE[$config['password']])) {
         // return if no login cookie set
         return;
     }
     if (!Session::isLoggedIn()) {
         // try to login
         $user_id = User::getIdByCredentials($_COOKIE[$config['login']], $_COOKIE[$config['password']], true);
         if ($user_id !== false) {
             $_SESSION['thisuser'] = User::getByPk($user_id);
             Logger::getInstance()->info("login with cookies");
             LogEvent::add(['event' => 'Login.Cookie.Success', 'user_id' => $user_id, 'reference_parameters' => json_encode([]), 'description' => $_SESSION['thisuser']['name'] . ' logged in (über Cookies)']);
         } else {
             LogEvent::add(['event' => 'Login.Cookie.Failed', 'user_id' => 0, 'reference_parameters' => json_encode([]), 'description' => $_COOKIE[$config['login']] . ' hat sich vergeblich versucht einzuloggen (über Cookies)']);
             self::deleteLoginCookie();
         }
     } else {
         // renew
         Logger::getInstance()->info("renew login cookie");
         self::setLoginCookie($_COOKIE[$config['login']], $_COOKIE[$config['password']]);
     }
 }
Пример #3
0
 /**
  * Get the settings of the current user.
  *
  * @api
  *
  * @return array|null
  */
 public static function getUser()
 {
     if (isset($_SESSION['thisuser'])) {
         if (self::getConfig('impersonate') && isset($_SESSION['thisuser']['impersonated']) && $_SESSION['thisuser']['impersonated'] < time() - 600) {
             $_SESSION['thisuser'] = User::getByPk($_SESSION['thisuser']['real_id']);
             $_SESSION['thisuser']['real_id'] = $_SESSION['thisuser']['id'];
             unset($_SESSION['thisuser']['impersonated']);
         }
         return $_SESSION['thisuser'];
     }
     return null;
 }