protected function setUser(User $user) { $this->user = $user; $_SESSION['userID'] = $user->getUserID(); $_SESSION['auth_userID'] = $user->getUserID(); $_SESSION['auth'] = $user->getAuthenticationAuthorityIndex(); $_SESSION['ping'] = time(); }
/** * sets the active user * @param User $user */ private function setUser(User $user) { if ($auth = $user->getAuthenticationAuthorityIndex()) { $this->users[$auth] = $user; $this->setSessionVars(); } }
public function userIsMember(User $user) { //by definition LDAP groups can only contain users from the same authority if ($user->getAuthenticationAuthorityIndex() == $this->getAuthenticationAuthorityIndex()) { if (in_array($user->getAttribute($this->AuthenticationAuthority->getField('memberuid')), $this->members)) { return true; } } return false; }
/** * Sees if the given user matches the rule * @param User $user a valid user object * @return mixed, the action if the user matches the rule or false if the rule did not match */ public function evaluateForUser(User $user) { switch ($this->ruleScope) { case self::RULE_SCOPE_USER: /* if the value is all then see if the userID is set this will NOT match an anonymous user */ if ($this->ruleAuthority) { if ($user->getAuthenticationAuthorityIndex() == $this->ruleAuthority) { /* can match either userID or email */ if ($this->ruleValue == self::RULE_VALUE_ALL) { if ($user->getUserID()) { return $this->ruleAction; } } else { if ($user->getUserID() == $this->ruleValue || Validator::isValidEmail($this->ruleValue) && $user->getEmail() == $this->ruleValue) { return $this->ruleAction; } } } } elseif ($this->ruleValue == self::RULE_VALUE_ALL) { if ($user->getUserID()) { return $this->ruleAction; } } else { if ($user->getUserID() == $this->ruleValue || Validator::isValidEmail($this->ruleValue) && $user->getEmail() == $this->ruleValue) { return $this->ruleAction; } } break; case self::RULE_SCOPE_GROUP: /* Note: a group value of ALL is not valid */ if ($authority = AuthenticationAuthority::getAuthenticationAuthority($this->ruleAuthority)) { if ($group = $authority->getGroup($this->ruleValue)) { /* see if the user is a member of the group */ if ($group->userIsMember($user)) { return $this->ruleAction; } } } break; case self::RULE_SCOPE_EVERYONE: /* always matches */ return $this->ruleAction; break; } return false; }
/** * Logs in the user * @param User $user * @return User */ public function login(User $user) { Kurogo::log(LOG_NOTICE, sprintf("Logging in user %s:%s", $user->getAuthenticationAuthorityIndex(), $user->getUserID()), 'session'); session_regenerate_id(true); $this->setUser($user); $this->setLoginCookie(); return $user; }
public function userIsMember(User $user) { $property = $this->AuthenticationAuthority->getField('group_groupmember'); if ($this->AuthenticationAuthority->getField('groupmember_authority')) { $sql = sprintf("SELECT * FROM `%s` WHERE %s=? AND %s=? AND %s=?", $this->AuthenticationAuthority->getTable('groupmembers'), $this->AuthenticationAuthority->getField('groupmember_group'), $this->AuthenticationAuthority->getField('groupmember_authority'), $this->AuthenticationAuthority->getField('groupmember_user')); $parameters = array($this->{$property}, $user->getAuthenticationAuthorityIndex(), $user->getUserID()); } elseif ($user->getAuthenticationAuthorityIndex() == $this->getAuthenticationAuthorityIndex()) { //if we don't use authorities in this database then make sure the user is from the same authority $sql = sprintf("SELECT * FROM `%s` WHERE %s=? AND %s=?", $this->AuthenticationAuthority->getTable('groupmembers'), $this->AuthenticationAuthority->getField('groupmember_group'), $this->AuthenticationAuthority->getField('groupmember_user')); $parameters = array($this->{$property}, $user->getUserID()); } else { //user is from another authority return false; } $connection = $this->AuthenticationAuthority->connection(); $result = $connection->query($sql, $parameters); if ($row = $result->fetch()) { return true; } return false; }
/** * Sees if the given user matches the rule * @param User $user a valid user object * @return mixed, the action if the user matches the rule or false if the rule did not match */ public function evaluateForUser(User $user) { switch ($this->ruleType) { case self::RULE_TYPE_AUTHORITY: /* if the value is all then see if the userID and authority are set and it's a MATCH this will NOT match an anonymous user */ if ($this->ruleValue==self::RULE_VALUE_ALL) { if ($user->getUserID() && $user->getAuthenticationAuthority()) { return $this->ruleAction; } /* Otherwise see if the userID is set and the authority matches the rule value */ } elseif ($user->getUserID() && $user->getAuthenticationAuthorityIndex()==$this->ruleValue) { return $this->ruleAction; } break; case self::RULE_TYPE_USER: /* if the value is all then see if the userID is set this will NOT match an anonymous user */ if ($this->ruleValue==self::RULE_VALUE_ALL) { if ($user->getUserID()) { return $this->ruleAction; } } else { /* user values are specified as AUTHORITY|userID */ $values = explode("|", $this->ruleValue); switch (count($values)) { case 1: $authority = AuthenticationAuthority::getDefaultAuthenticationAuthorityIndex(); $userID = $values[0]; break; case 2: $authority = $values[0]; $userID = $values[1]; break; } /* see if the userID/email and authority match */ if ($user->getAuthenticationAuthorityIndex()==$authority) { /* can match either userID or email */ if ($userID==self::RULE_VALUE_ALL) { if ($user->getUserID()) { return $this->ruleAction; } } else if ($user->getUserID()==$userID || (Validator::isValidEmail($userID) && $user->getEmail()==$userID)) { return $this->ruleAction; } } } break; case self::RULE_TYPE_GROUP: /* Note: a group value of ALL is not valid */ /* group values are specified as AUTHORITY|group */ $values = explode("|", $this->ruleValue); switch (count($values)) { case 1: $authority = AuthenticationAuthority::getDefaultAuthenticationAuthorityIndex(); $group = $values[0]; break; case 2: $authority = $values[0]; $group = $values[1]; break; } /* attempt to load the authority, then get the group */ if ($authority = AuthenticationAuthority::getAuthenticationAuthority($authority)) { if ($group = $authority->getGroup($group)) { /* see if the user is a member of the group */ if ($group->userIsMember($user)) { return $this->ruleAction; } } } break; case self::RULE_TYPE_EVERYONE: /* always matches */ return $this->ruleAction; break; } return false; }