function authenticate_and_cache($ip_radius_server, $shared_secret, $username, $password, $timeout = 900)
{
$result = FALSE;
$cache_unique_id = isset($_SESSION['authentication_unique_id']) ? $_SESSION['authentication_unique_id'] : '';
if ($cache_unique_id != '') {
$cache_timestamp = $_SESSION[$cache_unique_id . '_authentication_timestamp'];
$cache_remote_addr = $_SESSION[$cache_unique_id . '_authentication_remote_addr'];
$cache_username = $_SESSION[$cache_unique_id . '_authentication_username'];
}
if ($cache_timestamp == 0 or $cache_timestamp + $timeout < time() or $cache_remote_addr != $_SERVER['REMOTE_ADDR'] or $cache_username != $username) {
$radius = new Radius($ip_radius_server, $shared_secret);
$radius->SetDebugMode($php_debug_mode);
$result = $radius->AccessRequest($username, $password);
if ($result === TRUE) {
if ($cache_unique_id == '') {
$cache_unique_id = md5(uniqid(rand(), true));
}
$_SESSION['authentication_unique_id'] = $cache_unique_id;
$_SESSION[$cache_unique_id . '_authentication_timestamp'] = time();
$_SESSION[$cache_unique_id . '_authentication_remote_addr'] = $_SERVER['REMOTE_ADDR'];
$_SESSION[$cache_unique_id . '_authentication_username'] = $username;
} else {
$_SESSION['authentication_unique_id'] = '';
}
} else {
$_SESSION[$cache_unique_id . '_authentication_timestamp'] = time();
$result = TRUE;
}
return $result;
}
/**
* Authenticates user on radius server
*
* @access private
* @param mixed $username
* @param mixed $password
* @return void
*/
private function auth_radius($username, $password)
{
# decode radius parameters
$params = json_decode($this->authmethodparams);
# check for socket support !
if (!in_array("sockets", get_loaded_extensions())) {
$this->Log->write("Radius login", "php Socket extension missing", 2);
$this->Result->show("danger", _("php Socket extension missing"), true);
}
# initialize radius class
require dirname(__FILE__) . '/class.Radius.php';
$Radius = new Radius($params->hostname, $params->secret, $params->suffix, $params->timeout, $params->port);
$Radius->SetNasIpAddress($params->hostname);
//debugging
$this->debugging !== true ?: $Radius->SetDebugMode(TRUE);
# authenticate
$auth = $Radius->AccessRequest($username, $password);
# debug?
if ($this->debugging) {
print "<pre style='width:700px;margin:auto;margin-top:10px;'>";
print implode("<br>", $Radius->debug_text);
print "</pre>";
}
# authenticate user
if ($auth) {
# save to session
$this->write_session_parameters();
$this->Log->write("Radius login", "User " . $this->user->real_name . " logged in via radius", 0, $username);
$this->Result->show("success", _("Radius login successful"));
# write last logintime
$this->update_login_time();
# remove possible blocked IP
$this->block_remove_entry();
} else {
# add blocked count
$this->block_ip();
$this->Log->write("Radius login", "Failed to authenticate user on radius server", 2, $username);
$this->Result->show("danger", _("Invalid username or password"), true);
}
}
