if (strlen($userName)) {
$newSession = new SessionSwitcher("AjaXplorer");
AuthService::deleteUser($userName);
$result = TRUE;
}
break;
case 'updateUser':
global $user;
if (is_array($user)) {
$newSession = new SessionSwitcher("AjaXplorer");
if (AuthService::updatePassword($user["name"], $user["password"])) {
//@TODO Change this to match your CMS code
if ($user["right"] == "admin") {
$userObj = getLoggedUser();
if ($user["name"] == $userObj->getId()) {
AuthService::updateAdminRights($userObj);
}
}
$result = TRUE;
} else {
$result = FALSE;
}
}
break;
case 'installDB':
global $user, $reset;
$result = TRUE;
break;
default:
$result = FALSE;
}
/**
* Specific operations to perform at boot time
* @static
* @param array $START_PARAMETERS A HashTable of parameters to send back to the client
* @return void
*/
public static function bootSequence(&$START_PARAMETERS)
{
if (AJXP_Utils::detectApplicationFirstRun()) {
return;
}
if (file_exists(AJXP_CACHE_DIR . "/admin_counted")) {
return;
}
$rootRole = AuthService::getRole("ROOT_ROLE", false);
if ($rootRole === false) {
$rootRole = new AJXP_Role("ROOT_ROLE");
$rootRole->setLabel("Root Role");
$rootRole->setAutoApplies(array("standard", "admin"));
$dashId = "";
foreach (ConfService::getRepositoriesList("all") as $repositoryId => $repoObject) {
if ($repoObject->isTemplate) {
continue;
}
if ($repoObject->getAccessType() == "ajxp_user") {
$dashId = $repositoryId;
}
$gp = $repoObject->getGroupPath();
if (empty($gp) || $gp == "/") {
if ($repoObject->getDefaultRight() != "") {
$rootRole->setAcl($repositoryId, $repoObject->getDefaultRight());
}
}
}
if (!empty($dashId)) {
$rootRole->setParameterValue("core.conf", "DEFAULT_START_REPOSITORY", $dashId);
}
$paramNodes = AJXP_PluginsService::searchAllManifests("//server_settings/param[@scope]", "node", false, false, true);
if (is_array($paramNodes) && count($paramNodes)) {
foreach ($paramNodes as $xmlNode) {
$default = $xmlNode->getAttribute("default");
if (empty($default)) {
continue;
}
$parentNode = $xmlNode->parentNode->parentNode;
$pluginId = $parentNode->getAttribute("id");
if (empty($pluginId)) {
$pluginId = $parentNode->nodeName . "." . $parentNode->getAttribute("name");
}
$rootRole->setParameterValue($pluginId, $xmlNode->getAttribute("name"), $default);
}
}
AuthService::updateRole($rootRole);
}
$miniRole = AuthService::getRole("MINISITE", false);
if ($miniRole === false) {
$rootRole = new AJXP_Role("MINISITE");
$rootRole->setLabel("Minisite Users");
$actions = array("access.fs" => array("ajxp_link", "chmod", "purge"), "meta.watch" => array("toggle_watch"), "conf.serial" => array("get_bookmarks"), "conf.sql" => array("get_bookmarks"), "index.lucene" => array("index"), "action.share" => array("share"), "gui.ajax" => array("bookmark"), "auth.serial" => array("pass_change"), "auth.sql" => array("pass_change"));
foreach ($actions as $pluginId => $acts) {
foreach ($acts as $act) {
$rootRole->setActionState($pluginId, $act, AJXP_REPO_SCOPE_SHARED, false);
}
}
AuthService::updateRole($rootRole);
}
$miniRole = AuthService::getRole("MINISITE_NODOWNLOAD", false);
if ($miniRole === false) {
$rootRole = new AJXP_Role("MINISITE_NODOWNLOAD");
$rootRole->setLabel("Minisite Users - No Download");
$actions = array("access.fs" => array("download", "download_chunk", "prepare_chunk_dl", "download_all"));
foreach ($actions as $pluginId => $acts) {
foreach ($acts as $act) {
$rootRole->setActionState($pluginId, $act, AJXP_REPO_SCOPE_SHARED, false);
}
}
AuthService::updateRole($rootRole);
}
$miniRole = AuthService::getRole("GUEST", false);
if ($miniRole === false) {
$rootRole = new AJXP_Role("GUEST");
$rootRole->setLabel("Guest user role");
$actions = array("access.fs" => array("purge"), "meta.watch" => array("toggle_watch"), "index.lucene" => array("index"));
$rootRole->setAutoApplies(array("guest"));
foreach ($actions as $pluginId => $acts) {
foreach ($acts as $act) {
$rootRole->setActionState($pluginId, $act, AJXP_REPO_SCOPE_ALL);
}
}
AuthService::updateRole($rootRole);
}
$adminCount = AuthService::countAdminUsers();
if ($adminCount == 0) {
$authDriver = ConfService::getAuthDriverImpl();
$adminPass = ADMIN_PASSWORD;
if ($authDriver->getOption("TRANSMIT_CLEAR_PASS") !== true) {
$adminPass = md5(ADMIN_PASSWORD);
}
AuthService::createUser("admin", $adminPass, true);
if (ADMIN_PASSWORD == INITIAL_ADMIN_PASSWORD) {
$userObject = ConfService::getConfStorageImpl()->createUserObject("admin");
$userObject->setAdmin(true);
AuthService::updateAdminRights($userObject);
if (AuthService::changePasswordEnabled()) {
$userObject->setLock("pass_change");
}
$userObject->save("superuser");
$START_PARAMETERS["ALERT"] .= "Warning! User 'admin' was created with the initial password '" . INITIAL_ADMIN_PASSWORD . "'. \\nPlease log in as admin and change the password now!";
}
AuthService::updateUser($userObject);
} else {
if ($adminCount == -1) {
// Here we may come from a previous version! Check the "admin" user and set its right as admin.
$confStorage = ConfService::getConfStorageImpl();
$adminUser = $confStorage->createUserObject("admin");
$adminUser->setAdmin(true);
$adminUser->save("superuser");
$START_PARAMETERS["ALERT"] .= "There is an admin user, but without admin right. Now any user can have the administration rights, \\n your 'admin' user was set with the admin rights. Please check that this suits your security configuration.";
}
}
file_put_contents(AJXP_CACHE_DIR . "/admin_counted", "true");
}
/**
* Log the user from its credentials
* @static
* @param string $user_id The user id
* @param string $pwd The password
* @param bool $bypass_pwd Ignore password or not
* @param bool $cookieLogin Is it a logging from the remember me cookie?
* @param string $returnSeed The unique seed
* @return int
*/
static function logUser($user_id, $pwd, $bypass_pwd = false, $cookieLogin = false, $returnSeed = "")
{
$user_id = self::filterUserSensitivity($user_id);
if ($cookieLogin && !isset($_COOKIE["AjaXplorer-remember"])) {
return -5;
// SILENT IGNORE
}
if ($cookieLogin) {
list($user_id, $pwd) = explode(":", $_COOKIE["AjaXplorer-remember"]);
}
$confDriver = ConfService::getConfStorageImpl();
if ($user_id == null) {
if (isset($_SESSION["AJXP_USER"]) && is_object($_SESSION["AJXP_USER"])) {
return 1;
}
if (ConfService::getCoreConf("ALLOW_GUEST_BROWSING", "auth")) {
$authDriver = ConfService::getAuthDriverImpl();
if (!$authDriver->userExists("guest")) {
AuthService::createUser("guest", "");
$guest = $confDriver->createUserObject("guest");
$guest->save("superuser");
}
AuthService::logUser("guest", null);
return 1;
}
return 0;
}
$authDriver = ConfService::getAuthDriverImpl();
// CHECK USER PASSWORD HERE!
$loginAttempt = AuthService::getBruteForceLoginArray();
$bruteForceLogin = AuthService::checkBruteForceLogin($loginAttempt);
AuthService::setBruteForceLoginArray($loginAttempt);
if (!$authDriver->userExists($user_id)) {
if ($bruteForceLogin === FALSE) {
return -4;
} else {
return 0;
}
}
if (!$bypass_pwd) {
if (!AuthService::checkPassword($user_id, $pwd, $cookieLogin, $returnSeed)) {
if ($bruteForceLogin === FALSE) {
return -4;
} else {
if ($cookieLogin) {
return -5;
}
return -1;
}
}
}
// Successful login attempt
unset($loginAttempt[$_SERVER["REMOTE_ADDR"]]);
AuthService::setBruteForceLoginArray($loginAttempt);
// Setting session credentials if asked in config
if (ConfService::getCoreConf("SESSION_SET_CREDENTIALS", "auth")) {
list($authId, $authPwd) = $authDriver->filterCredentials($user_id, $pwd);
AJXP_Safe::storeCredentials($authId, $authPwd);
}
$user = $confDriver->createUserObject($user_id);
if ($authDriver->isAjxpAdmin($user_id)) {
$user->setAdmin(true);
}
if ($user->isAdmin()) {
$user = AuthService::updateAdminRights($user);
} else {
if (!$user->hasParent() && $user_id != "guest") {
//$user->setRight("ajxp_shared", "rw");
}
}
$_SESSION["AJXP_USER"] = $user;
if ($authDriver->autoCreateUser() && !$user->storageExists()) {
$user->save("superuser");
// make sure update rights now
}
AJXP_Logger::logAction("Log In");
return 1;
}
function logUser($user_id, $pwd, $bypass_pwd = false, $cookieLogin = false, $returnSeed = "")
{
$confDriver = ConfService::getConfStorageImpl();
if ($user_id == null) {
if (isset($_SESSION["AJXP_USER"]) && is_object($_SESSION["AJXP_USER"])) {
return 1;
}
if (ALLOW_GUEST_BROWSING) {
$authDriver = ConfService::getAuthDriverImpl();
if (!$authDriver->userExists("guest")) {
AuthService::createUser("guest", "");
$guest = $confDriver->createUserObject("guest");
$guest->save();
}
AuthService::logUser("guest", null);
return 1;
}
return 0;
}
$authDriver = ConfService::getAuthDriverImpl();
// CHECK USER PASSWORD HERE!
$loginAttempt = AuthService::getBruteForceLoginArray();
$bruteForceLogin = AuthService::checkBruteForceLogin($loginAttempt);
AuthService::setBruteForceLoginArray($loginAttempt);
if ($bruteForceLogin === FALSE) {
return -1;
}
if (!$authDriver->userExists($user_id)) {
return 0;
}
if (!$bypass_pwd) {
if (!AuthService::checkPassword($user_id, $pwd, $cookieLogin, $returnSeed)) {
return -1;
}
}
// Successful login attempt
unset($loginAttempt[$_SERVER["REMOTE_ADDR"]]);
AuthService::setBruteForceLoginArray($loginAttempt);
$user = $confDriver->createUserObject($user_id);
if ($authDriver->isAjxpAdmin($user_id)) {
$user->setAdmin(true);
}
if ($user->isAdmin()) {
$user = AuthService::updateAdminRights($user);
}
$_SESSION["AJXP_USER"] = $user;
if ($authDriver->autoCreateUser() && !$user->storageExists()) {
$user->save();
}
AJXP_Logger::logAction("Log In");
return 1;
}
