示例#1
0
 protected function clean($value)
 {
     if (trim($value) == '') {
         $value = NULL;
     } else {
         $value = GPC::clean($value);
     }
     return $value;
 }
示例#2
0
文件: Auth.php 项目: pscheit/psc-cms
 /**
  *
  * _POST[user][ident]
  * _POST[user][password]
  * können in Formularen angegeben werden
  *
  * @throws NoAuthException, NoUserException, WrongPasswordException
  */
 public function validate()
 {
     $cleartextPassword = $password = NULL;
     $cookie['ident'] = $cookie['password'] = NULL;
     // wegen notice
     if (($ident = $this->session->get('user', 'ident')) != '') {
         $password = $this->session->get('user', 'password');
     } elseif (is_array($cookie = $this->cookieManager->get('login'))) {
         $ident = $cookie['ident'];
         $password = $cookie['password'];
     } elseif (($ident = GPC::POST('ident')) != '') {
         $cleartextPassword = GPC::POST('password');
     } elseif (isset($_SERVER['PHP_AUTH_USER'])) {
         $ident = $_SERVER['PHP_AUTH_USER'];
         $cleartextPassword = $_SERVER['PHP_AUTH_PW'];
     }
     $debugString = $this->debug ? sprintf("\nsession[ident,pw] = '%s','%s'\n" . "cookie[ident,pw] = '%s','%s'\n" . "POST[ident,pw] = '%s','%s'\n" . "HTTP[ident,pw] = '%s','%s'\n", $this->session->get('user', 'ident'), $this->session->get('user', 'password'), $cookie['ident'], $cookie['password'], GPC::POST('ident'), GPC::POST('password'), @$_SERVER['PHP_AUTH_USER'], @$_SERVER['PHP_AUTH_PW']) : NULL;
     try {
         if (empty($ident) || empty($password) && empty($cleartextPassword)) {
             throw new NoAuthException('Es sind keine Credentials angegeben / gespeichert. ' . $debugString);
         } else {
             /* wir versuchen den User zu laden */
             try {
                 $user = $this->getUserManager()->get($ident);
             } catch (NoUserException $e) {
                 throw $e->setMessage($e->getMessage() . ' ' . $debugString);
             }
             /* Wir vergleichen das Passwort */
             $equals = isset($cleartextPassword) ? $user->passwordEquals($cleartextPassword) : $user->hashedPasswordEquals($password);
             if (!$equals) {
                 throw new WrongPasswordException('Passwort ist nicht korrekt. ' . $debugString);
             }
             $this->user = $user;
         }
     } catch (AuthException $e) {
         /* failure */
         $this->cookieManager->del('login');
         $this->reset();
         throw $e;
     }
 }