Subversion Repositories Applications.gtt

Compare Revisions

Ignore whitespace Rev 94 → Rev 149

/tags/v1.0-Homere/bibliotheque/pear/Auth/Container.php
New file
0,0 → 1,177
<?php
//
// +----------------------------------------------------------------------+
// | PHP Version 4 |
// +----------------------------------------------------------------------+
// | Copyright (c) 1997-2003 The PHP Group |
// +----------------------------------------------------------------------+
// | This source file is subject to version 2.02 of the PHP license, |
// | that is bundled with this package in the file LICENSE, and is |
// | available at through the world-wide-web at |
// | http://www.php.net/license/2_02.txt. |
// | If you did not receive a copy of the PHP license and are unable to |
// | obtain it through the world-wide-web, please send a note to |
// | license@php.net so we can mail you a copy immediately. |
// +----------------------------------------------------------------------+
// | Authors: Martin Jansen <mj@php.net> |
// +----------------------------------------------------------------------+
//
// $Id: Container.php,v 1.15 2003/10/19 14:03:19 yavo Exp $
//
 
define("AUTH_METHOD_NOT_SUPPORTED", -4);
 
/**
* Storage class for fetching login data
*
* @author Martin Jansen <mj@php.net>
* @package Auth
*/
class Auth_Container
{
 
/**
* User that is currently selected from the storage container.
*
* @access public
*/
var $activeUser = "";
 
// {{{ Constructor
 
/**
* Constructor
*
* Has to be overwritten by each storage class
*
* @access public
*/
function Auth_Container()
{
}
 
// }}}
// {{{ fetchData()
 
/**
* Fetch data from storage container
*
* Has to be overwritten by each storage class
*
* @access public
*/
function fetchData()
{
}
 
// }}}
// {{{ verifyPassword()
 
/**
* Crypt and verfiy the entered password
*
* @param string Entered password
* @param string Password from the data container (usually this password
* is already encrypted.
* @param string Type of algorithm with which the password from
* the container has been crypted. (md5, crypt etc.)
* Defaults to "md5".
* @return bool True, if the passwords match
*/
function verifyPassword($password1, $password2, $cryptType = "md5")
{
switch ($cryptType) {
case "crypt" :
return (($password2 == "**" . $password1) ||
(crypt($password1, $password2) == $password2)
);
break;
 
case "none" :
return ($password1 == $password2);
break;
 
case "md5" :
return (md5($password1) == $password2);
break;
 
default :
if (function_exists($cryptType)) {
return ($cryptType($password1) == $password2);
}
else if (method_exists($this,$cryptType)) {
return ($this->$cryptType($password1) == $password2);
} else {
return false;
}
break;
}
}
 
// }}}
// {{{ listUsers()
 
/**
* List all users that are available from the storage container
*/
function listUsers()
{
return AUTH_METHOD_NOT_SUPPORTED;
}
 
/**
* Returns a user assoc array
*
* Containers which want should overide this
*
* @param string The username
*/
function getUser($username)
{
$users = $this->listUsers();
if($users === AUTH_METHOD_NOT_SUPPORTED){
return(AUTH_METHOD_NOT_SUPPORTED);
}
for($i=0;$c = count($users),$i<$c;$i++){
if($users[$i]['username'] == $username){
return($users[$i]);
}
}
return(false);
}
 
// }}}
// {{{ addUser()
 
/**
* Add a new user to the storage container
*
* @param string Username
* @param string Password
* @param array Additional information
*
* @return boolean
*/
function addUser($username, $password, $additional=null)
{
return AUTH_METHOD_NOT_SUPPORTED;
}
 
// }}}
// {{{ removeUser()
 
/**
* Remove user from the storage container
*
* @param string Username
*/
function removeUser($username)
{
return AUTH_METHOD_NOT_SUPPORTED;
}
 
// }}}
 
}
?>
/tags/v1.0-Homere/bibliotheque/pear/Auth/SASL.php
New file
0,0 → 1,99
<?php
// +-----------------------------------------------------------------------+
// | Copyright (c) 2002-2003 Richard Heyes |
// | All rights reserved. |
// | |
// | Redistribution and use in source and binary forms, with or without |
// | modification, are permitted provided that the following conditions |
// | are met: |
// | |
// | o Redistributions of source code must retain the above copyright |
// | notice, this list of conditions and the following disclaimer. |
// | o Redistributions in binary form must reproduce the above copyright |
// | notice, this list of conditions and the following disclaimer in the |
// | documentation and/or other materials provided with the distribution.|
// | o The names of the authors may not be used to endorse or promote |
// | products derived from this software without specific prior written |
// | permission. |
// | |
// | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
// | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
// | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
// | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
// | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
// | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
// | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
// | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
// | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
// | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
// | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
// | |
// +-----------------------------------------------------------------------+
// | Author: Richard Heyes <richard@php.net> |
// +-----------------------------------------------------------------------+
//
// $Id: SASL.php,v 1.5 2006/03/22 05:20:11 amistry Exp $
 
/**
* Client implementation of various SASL mechanisms
*
* @author Richard Heyes <richard@php.net>
* @access public
* @version 1.0
* @package Auth_SASL
*/
 
require_once('PEAR.php');
 
class Auth_SASL
{
/**
* Factory class. Returns an object of the request
* type.
*
* @param string $type One of: Anonymous
* Plain
* CramMD5
* DigestMD5
* Types are not case sensitive
*/
function &factory($type)
{
switch (strtolower($type)) {
case 'anonymous':
$filename = 'Auth/SASL/Anonymous.php';
$classname = 'Auth_SASL_Anonymous';
break;
 
case 'login':
$filename = 'Auth/SASL/Login.php';
$classname = 'Auth_SASL_Login';
break;
 
case 'plain':
$filename = 'Auth/SASL/Plain.php';
$classname = 'Auth_SASL_Plain';
break;
 
case 'crammd5':
$filename = 'Auth/SASL/CramMD5.php';
$classname = 'Auth_SASL_CramMD5';
break;
 
case 'digestmd5':
$filename = 'Auth/SASL/DigestMD5.php';
$classname = 'Auth_SASL_DigestMD5';
break;
 
default:
return PEAR::raiseError('Invalid SASL mechanism type');
break;
}
 
require_once($filename);
$obj = new $classname();
return $obj;
}
}
 
?>
/tags/v1.0-Homere/bibliotheque/pear/Auth/PrefManager.php
New file
0,0 → 1,426
<?php
require_once("DB.php");
 
/**
* A simple preference manager, takes userid, preference name pairs and returns the value
* of that preference.
*
* CREATE TABLE `preferences` (
* `user_id` varchar( 255 ) NOT NULL default '',
* `pref_id` varchar( 32 ) NOT NULL default '',
* `pref_value` longtext NOT NULL ,
* PRIMARY KEY ( `user_id` , `pref_id` )
* )
*
* @author Jon Wood <jon@jellybob.co.uk>
* @package Auth_PrefManager
* @category Authentication
*/
class Auth_PrefManager
{
/**
* The database object.
* @var object
* @access private
*/
var $_db;
 
/**
* The user name to get preferences from if the user specified doesn't
* have that preference set.
* @var string
* @access private
*/
var $_defaultUser = "__default__";
 
/**
* Should we search for default values, or just fail when we find out that
* the specified user didn't have it set.
*
* @var bool
* @access private
*/
var $_returnDefaults = true;
 
/**
* The table containing the preferences.
* @var string
* @access private
*/
var $_table = "preferences";
 
/**
* The column containing user ids.
* @var string
* @access private
*/
var $_userColumn = "user_id";
 
/**
* The column containing preference names.
* @var string
* @access private
*/
var $_nameColumn = "pref_id";
 
/**
* The column containing preference values.
* @var string
* @access private
*/
var $_valueColumn = "pref_value";
 
/**
* The quoted value column.
* @var string
* @access private
*/
var $_valueColumnQuoted = "pref_value";
/**
* The session variable that the cache array is stored in.
* @var string
* @access private
*/
var $_cacheName = "prefCache";
 
/**
* The last error given.
* @var string
* @access private
*/
var $_lastError;
 
/**
* Defines whether the cache should be used or not.
* @var bool
* @access private
*/
var $_useCache = true;
/**
* Defines whether values should be serialized before saving.
* @var bool
* @access private
*/
var $_serialize = false;
/**
* Constructor
*
* Options:
* table: The table to get prefs from. [preferences]
* userColumn: The field name to search for userid's [user_id]
* nameColumn: The field name to search for preference names [pref_name]
* valueColumn: The field name to search for preference values [pref_value]
* defaultUser: The userid assigned to default values [__default__]
* cacheName: The name of cache in the session variable ($_SESSION[cacheName]) [prefsCache]
* useCache: Whether or not values should be cached.
* serialize: Should preference values be serialzed before saving?
*
* @param string $dsn The DSN of the database connection to make, or a DB object.
* @param array $properties An array of properties to set.
* @param string $defaultUser The default user to manage for.
* @return bool Success or failure.
* @access public
*/
function Auth_PrefManager($dsn, $properties = NULL)
{
// Connect to the database.
if (isset($dsn)) {
if (is_string($dsn)) {
$this->_db = DB::Connect($dsn);
if (DB::isError($this->_db)) {
$this->_lastError = "DB Error: ".$this->_db->getMessage();
}
} else if (is_subclass_of($dsn, 'db_common')) {
$this->_db = &$dsn;
} else {
$this->_lastError = "Invalid DSN specified.";
return false;
}
} else {
$this->_lastError = "No DSN specified.";
return false;
}
 
if (is_array($properties)) {
if (isset($properties["table"])) { $this->_table = $this->_db->quoteIdentifier($properties["table"]); }
if (isset($properties["userColumn"])) { $this->_userColumn = $this->_db->quoteIdentifier($properties["userColumn"]); }
if (isset($properties["nameColumn"])) { $this->_nameColumn = $this->_db->quoteIdentifier($properties["nameColumn"]); }
if (isset($properties["valueColumn"])) { $this->_valueColumn = $properties["valueColumn"]; }
if (isset($properties["valueColumn"])) { $this->_valueColumnQuoted = $this->_db->quoteIdentifier($properties["valueColumn"]); }
if (isset($properties["defaultUser"])) { $this->_defaultUser = $properties["defaultUser"]; }
if (isset($properties["cacheName"])) { $this->_cacheName = $properties["cacheName"]; }
if (isset($properties["useCache"])) { $this->_useCache = $properties["useCache"]; }
if (isset($properties["serialize"])) { $this->_serialize = $properties["serialize"]; }
}
 
return true;
}
 
function setReturnDefaults($returnDefaults = true)
{
if (is_bool($returnDefaults)) {
$this->_returnDefaults = $returnDefaults;
}
}
 
/**
* Sets whether the cache should be used.
*
* @param bool $use Should the cache be used.
* @access public
*/
function useCache($use = true)
{
$this->_useCache = $use;
}
/**
* Cleans out the cache.
*
* @access public
*/
function clearCache()
{
unset($_SESSION[$this->_cacheName]);
}
 
/**
* Get a preference for the specified user, or, if returning default values
* is enabled, the default.
*
* @param string $user_id The user to get the preference for.
* @param string $pref_id The preference to get.
* @param bool $showDefaults Should default values be searched (overrides the global setting).
* @return mixed The value if it's found, or NULL if it isn't.
* @access public
*/
function getPref($user_id, $pref_id, $showDefaults = true)
{
if (isset($_SESSION[$this->_cacheName][$user_id][$pref_id]) && $this->_useCache) {
// Value is cached for the specified user, so give them the cached copy.
return $_SESSION[$this->_cacheName][$user_id][$pref_id];
} else {
// Not cached, search the database for this user's preference.
$query = sprintf("SELECT * FROM %s WHERE %s=%s AND %s=%s", $this->_table,
$this->_userColumn,
$this->_db->quote($user_id),
$this->_nameColumn,
$this->_db->quote($pref_id));
$result = $this->_db->query($query);
if (DB::isError($result)) {
// Ouch! The query failed!
$this->_lastError = "DB Error: ".$result->getMessage();
return NULL;
} else if ($result->numRows()) {
// The query found a value, so we can cache that, and then return it.
$row = $result->fetchRow(DB_FETCHMODE_ASSOC);
$_SESSION[$this->_cacheName][$user_id][$pref_id] = $this->_unpack($row[$this->_valueColumn]);
return $_SESSION[$this->_cacheName][$user_id][$pref_id];
} else if ($this->_returnDefaults && $showDefaults) {
// I was doing this with a call to getPref again, but it threw things into an
// infinite loop if the default value didn't exist. If you can fix that, it would
// be great ;)
if (isset($_SESSION[$this->_cacheName][$this->_defaultUser][$pref_id]) && $this->_useCache) {
$_SESSION[$this->_cacheName][$user_id][$pref_id] = $_SESSION[$this->_cacheName][$this->_defaultUser][$pref_id];
return $_SESSION[$this->_cacheName][$this->_defaultUser][$pref_id];
} else {
$query = sprintf("SELECT * FROM %s WHERE %s=%s AND %s=%s", $this->_table,
$this->_userColumn,
$this->_db->quote($this->_defaultUser),
$this->_nameColumn,
$this->_db->quote($pref_id));
$result = $this->_db->query($query);
if (DB::isError($result)) {
$this->_lastError = "DB Error: ".$result->getMessage();
return NULL;
} else {
if ($result->numRows()) {
$row = $result->fetchRow(DB_FETCHMODE_ASSOC);
$_SESSION[$this->_cacheName][$this->_defaultUser][$pref_id] = $this->_unpack($row[$this->_valueColumn]);
$_SESSION[$this->_cacheName][$user_id][$pref_id] = $_SESSION[$this->_cacheName][$this->_defaultUser][$pref_id];
return $_SESSION[$this->_cacheName][$user_id][$pref_id];
} else {
return NULL;
}
}
}
} else {
// We've used up all the resources we're allowed to search, so return a NULL.
return NULL;
}
}
}
 
/**
* A shortcut function for getPref($this->_defaultUser, $pref_id, $value),
* useful if you have a logged in user, but want to get defaults anyway.
*
* @param string $pref_id The name of the preference to get.
* @return mixed The value if it's found, or NULL if it isn't.
* @access public
*/
function getDefaultPref($pref_id)
{
return $this->getPref($this->_defaultUser, $pref_id);
}
 
/**
* Set a preference for the specified user.
*
* @param string $user_id The user to set for.
* @param string $pref_id The preference to set.
* @param mixed $value The value it should be set to.
* @return bool Sucess or failure.
* @access public
*/
function setPref($user_id, $pref_id, $value)
{
// Start off by checking if the preference is already set (if it is we need to do
// an UPDATE, if not, it's an INSERT.
if ($this->_exists($user_id, $pref_id, false)) {
$query = sprintf("UPDATE %s SET %s=%s WHERE %s=%s AND %s=%s", $this->_table,
$this->_valueColumnQuoted,
$this->_db->quote($this->_pack($value)),
$this->_userColumn,
$this->_db->quote($user_id),
$this->_nameColumn,
$this->_db->quote($pref_id));
} else {
$query = sprintf("INSERT INTO %s (%s, %s, %s) VALUES(%s, %s, %s)", $this->_table,
$this->_userColumn,
$this->_nameColumn,
$this->_valueColumnQuoted,
$this->_db->quote($user_id),
$this->_db->quote($pref_id),
$this->_db->quote($this->_pack($value)));
}
$result = $this->_db->query($query);
if (DB::isError($result)) {
$this->_lastError = "DB Error: ".$result->getMessage();
return false;
} else {
if ($this->_useCache) {
$_SESSION[$this->_cacheName][$user_id][$pref_id] = $value;
}
return true;
}
}
 
/**
* A shortcut function for setPref($this->_defaultUser, $pref_id, $value)
*
* @param string $pref_id The name of the preference to set.
* @param mixed $value The value to set it to.
* @return bool Sucess or failure.
* @access public
*/
function setDefaultPref($pref_id, $value)
{
return $this->setPref($this->_defaultUser, $pref_id, $value);
}
 
/**
* Deletes a preference for the specified user.
*
* @param string $user_id The userid of the user to delete from.
* @param string $pref_id The preference to delete.
* @return bool Success/Failure
* @access public
*/
function deletePref($user_id, $pref_id)
{
if ($this->getPref($user_id, $pref_id) == NULL) {
// The user doesn't have this variable anyway ;)
return true;
} else {
$query = sprintf("DELETE FROM %s WHERE %s=%s AND %s=%s", $this->_table,
$this->_userColumn,
$this->_db->quote($user_id),
$this->_nameColumn,
$this->_db->quote($pref_id));
$result = $this->_db->query($query);
if (DB::isError($result)) {
$this->_lastError = "DB Error: ".$result->getMessage();
return false;
} else {
if ($this->_useCache) {
unset($_SESSION[$this->_cacheName][$user_id][$pref_id]);
}
return true;
}
}
}
 
/**
* Deletes a preference for the default user.
*
* @param string $pref_id The preference to delete.
* @return bool Success/Failure
* @access public
*/
function deleteDefaultPref($pref_id)
{
return $this->deletePref($this->_defaultUser, $pref_id);
}
/**
* Checks if a preference exists in the database.
*
* @param string $user_id The userid of the preference owner.
* @param string $pref_id The preference to check for.
* @return bool True if the preference exists.
* @access private
*/
function _exists($user_id, $pref_id)
{
$query = sprintf("SELECT COUNT(%s) FROM %s WHERE %s=%s AND %s=%s", $this->_nameColumn,
$this->_table,
$this->_userColumn,
$this->_db->quoteSmart($user_id),
$this->_nameColumn,
$this->_db->quote($pref_id));
$result = $this->_db->getOne($query);
if (DB::isError($result)) {
$this->_lastError = "DB Error: ".$result->getMessage();
return false;
} else {
return (bool)$result;
}
}
 
/**
* Does anything needed to prepare a value for saving in the database.
*
* @param mixed $value The value to be saved.
* @return string The value in a format valid for saving to the database.
* @access private
*/
function _pack($value)
{
if ($this->_serialize) {
return serialize($value);
} else {
return $value;
}
}
/**
* Does anything needed to create a value of the preference, such as unserializing.
*
* @param string $value The value of the preference.
* @return mixed The unpacked version of the preference.
* @access private
*/
function _unpack($value)
{
if ($this->_serialize) {
return unserialize($value);
} else {
return $value;
}
}
}
?>
/tags/v1.0-Homere/bibliotheque/pear/Auth/RADIUS.php
New file
0,0 → 1,964
<?php
/* vim: set expandtab tabstop=4 shiftwidth=4: */
/*
Copyright (c) 2003, Michael Bretterklieber <michael@bretterklieber.com>
All rights reserved.
 
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
 
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. The names of the authors may not be used to endorse or promote products
derived from this software without specific prior written permission.
 
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
This code cannot simply be copied and put under the GNU Public License or
any other GPL-like (LGPL, GPL2) License.
 
$Id: RADIUS.php,v 1.3 2003/05/02 11:04:02 mbretter Exp $
*/
 
require_once 'PEAR.php';
 
/**
* Client implementation of RADIUS. This are wrapper classes for
* the RADIUS PECL.
* Provides RADIUS Authentication (RFC2865) and RADIUS Accounting (RFC2866).
*
* @package Auth_RADIUS
* @author Michael Bretterklieber <michael@bretterklieber.com>
* @access public
* @version $Revision: 1.3 $
*/
 
/**
* class Auth_RADIUS
*
* Abstract base class for RADIUS
*
* @package Auth_RADIUS
*/
class Auth_RADIUS extends PEAR {
 
/**
* List of RADIUS servers.
* @var array
* @see addServer(), putServer()
*/
var $_servers = array();
/**
* Path to the configuration-file.
* @var string
* @see setConfigFile()
*/
var $_configfile = null;
/**
* Resource.
* @var resource
* @see open(), close()
*/
var $res = null;
/**
* Username for authentication and accounting requests.
* @var string
*/
var $username = null;
 
/**
* Password for plaintext-authentication (PAP).
* @var string
*/
var $password = null;
/**
* List of known attributes.
* @var array
* @see dumpAttributes(), getAttributes()
*/
var $attributes = array();
/**
* List of raw attributes.
* @var array
* @see dumpAttributes(), getAttributes()
*/
var $rawAttributes = array();
 
/**
* List of raw vendor specific attributes.
* @var array
* @see dumpAttributes(), getAttributes()
*/
var $rawVendorAttributes = array();
/**
* Constructor
*
* Loads the RADIUS PECL/extension
*
* @return void
*/
function Auth_RADIUS()
{
$this->PEAR();
$this->loadExtension('radius');
}
/**
* Adds a RADIUS server to the list of servers for requests.
*
* At most 10 servers may be specified. When multiple servers
* are given, they are tried in round-robin fashion until a
* valid response is received
*
* @access public
* @param string $servername Servername or IP-Address
* @param integer $port Portnumber
* @param string $sharedSecret Shared secret
* @param integer $timeout Timeout for each request
* @param integer $maxtries Max. retries for each request
* @return void
*/
function addServer($servername = 'localhost', $port = 0, $sharedSecret = 'testing123', $timeout = 3, $maxtries = 3)
{
$this->_servers[] = array($servername, $port, $sharedSecret, $timeout, $maxtries);
}
/**
* Returns an error message, if an error occurred.
*
* @access public
* @return string
*/
function getError()
{
return radius_strerror($this->res);
}
/**
* Sets the configuration-file.
*
* @access public
* @param string $file Path to the configuration file
* @return void
*/
function setConfigfile($file)
{
$this->_configfile = $file;
}
 
/**
* Puts an attribute.
*
* @access public
* @param integer $attrib Attribute-number
* @param mixed $port Attribute-value
* @param type $type Attribute-type
* @return bool true on success, false on error
*/
function putAttribute($attrib, $value, $type = null)
{
if ($type == null) {
$type = gettype($value);
}
switch ($type) {
case 'integer':
return radius_put_int($this->res, $attrib, $value);
case 'addr':
return radius_put_addr($this->res, $attrib, $value);
case 'string':
default:
return radius_put_attr($this->res, $attrib, $value);
}
}
/**
* Puts a vendor-specific attribute.
*
* @access public
* @param integer $vendor Vendor (MSoft, Cisco, ...)
* @param integer $attrib Attribute-number
* @param mixed $port Attribute-value
* @param type $type Attribute-type
* @return bool true on success, false on error
*/
function putVendorAttribute($vendor, $attrib, $value, $type = null)
{
if ($type == null) {
$type = gettype($value);
}
switch ($type) {
case 'integer':
return radius_put_vendor_int($this->res, $vendor, $attrib, $value);
case 'addr':
return radius_put_vendor_addr($this->res, $vendor,$attrib, $value);
case 'string':
default:
return radius_put_vendor_attr($this->res, $vendor, $attrib, $value);
}
}
 
/**
* Prints known attributes received from the server.
*
* @access public
*/
function dumpAttributes()
{
foreach ($this->attributes as $name => $data) {
echo "$name:$data<br>\n";
}
}
/**
* Overwrite this.
*
* @access public
*/
function open()
{
}
 
/**
* Overwrite this.
*
* @access public
*/
function createRequest()
{
}
/**
* Puts standard attributes.
*
* @access public
*/
function putStandardAttributes()
{
if (isset($_SERVER)) {
$var = &$_SERVER;
} else {
$var = &$GLOBALS['HTTP_SERVER_VARS'];
}
$this->putAttribute(RADIUS_NAS_IDENTIFIER, isset($var['HTTP_HOST']) ? $var['HTTP_HOST'] : 'localhost');
$this->putAttribute(RADIUS_NAS_PORT_TYPE, RADIUS_VIRTUAL);
$this->putAttribute(RADIUS_SERVICE_TYPE, RADIUS_FRAMED);
$this->putAttribute(RADIUS_FRAMED_PROTOCOL, RADIUS_PPP);
$this->putAttribute(RADIUS_CALLING_STATION_ID, isset($var['REMOTE_HOST']) ? $var['REMOTE_HOST'] : '127.0.0.1');
}
/**
* Puts custom attributes.
*
* @access public
*/
function putAuthAttributes()
{
if (isset($this->username)) {
$this->putAttribute(RADIUS_USER_NAME, $this->username);
}
}
/**
* Configures the radius library.
*
* @access public
* @param string $servername Servername or IP-Address
* @param integer $port Portnumber
* @param string $sharedSecret Shared secret
* @param integer $timeout Timeout for each request
* @param integer $maxtries Max. retries for each request
* @return bool true on success, false on error
* @see addServer()
*/
function putServer($servername, $port = 0, $sharedsecret = 'testing123', $timeout = 3, $maxtries = 3)
{
if (!radius_add_server($this->res, $servername, $port, $sharedsecret, $timeout, $maxtries)) {
return false;
}
return true;
}
/**
* Configures the radius library via external configurationfile
*
* @access public
* @param string $servername Servername or IP-Address
* @return bool true on success, false on error
*/
function putConfigfile($file)
{
if (!radius_config($this->res, $file)) {
return false;
}
return true;
}
/**
* Initiates a RADIUS request.
*
* @access public
* @return bool true on success, false on errors
*/
function start()
{
if (!$this->open()) {
return false;
}
foreach ($this->_servers as $s) {
// Servername, port, sharedsecret, timeout, retries
if (!$this->putServer($s[0], $s[1], $s[2], $s[3], $s[4])) {
return false;
}
}
if (!empty($this->_configfile)) {
if (!$this->putConfigfile($this->_configfile)) {
return false;
}
}
$this->createRequest();
$this->putStandardAttributes();
$this->putAuthAttributes();
return true;
}
/**
* Sends a prepared RADIUS request and waits for a response
*
* @access public
* @return mixed true on success, false on reject, PEAR_Error on error
*/
function send()
{
$req = radius_send_request($this->res);
if (!$req) {
return $this->raiseError('Error sending request: ' . $this->getError());
}
 
switch($req) {
case RADIUS_ACCESS_ACCEPT:
if (is_subclass_of($this, 'auth_radius_acct')) {
return $this->raiseError('RADIUS_ACCESS_ACCEPT is unexpected for accounting');
}
return true;
 
case RADIUS_ACCESS_REJECT:
return false;
case RADIUS_ACCOUNTING_RESPONSE:
if (is_subclass_of($this, 'auth_radius_pap')) {
return $this->raiseError('RADIUS_ACCOUNTING_RESPONSE is unexpected for authentication');
}
return true;
 
default:
return $this->raiseError("Unexpected return value: $req");
}
}
 
/**
* Reads all received attributes after sending the request.
*
* This methos stores know attributes in the property attributes,
* all attributes (including known attibutes) are stored in rawAttributes
* or rawVendorAttributes.
* NOTE: call this functio also even if the request was rejected, because the
* Server returns usualy an errormessage
*
* @access public
* @return bool true on success, false on error
*/
function getAttributes()
{
 
while ($attrib = radius_get_attr($this->res)) {
 
if (!is_array($attrib)) {
return false;
}
 
$attr = $attrib['attr'];
$data = $attrib['data'];
 
$this->rawAttributes[$attr] = $data;
 
switch ($attr) {
case RADIUS_FRAMED_IP_ADDRESS:
$this->attributes['framed_ip'] = radius_cvt_addr($data);
break;
 
case RADIUS_FRAMED_IP_NETMASK:
$this->attributes['framed_mask'] = radius_cvt_addr($data);
break;
 
case RADIUS_FRAMED_MTU:
$this->attributes['framed_mtu'] = radius_cvt_int($data);
break;
 
case RADIUS_FRAMED_COMPRESSION:
$this->attributes['framed_compression'] = radius_cvt_int($data);
break;
 
case RADIUS_SESSION_TIMEOUT:
$this->attributes['session_timeout'] = radius_cvt_int($data);
break;
 
case RADIUS_IDLE_TIMEOUT:
$this->attributes['idle_timeout'] = radius_cvt_int($data);
break;
 
case RADIUS_SERVICE_TYPE:
$this->attributes['service_type'] = radius_cvt_int($data);
break;
 
case RADIUS_CLASS:
$this->attributes['class'] = radius_cvt_int($data);
break;
 
case RADIUS_FRAMED_PROTOCOL:
$this->attributes['framed_protocol'] = radius_cvt_int($data);
break;
 
case RADIUS_FRAMED_ROUTING:
$this->attributes['framed_routing'] = radius_cvt_int($data);
break;
 
case RADIUS_FILTER_ID:
$this->attributes['filter_id'] = radius_cvt_string($data);
break;
 
case RADIUS_VENDOR_SPECIFIC:
$attribv = radius_get_vendor_attr($data);
if (!is_array($attribv)) {
return false;
}
$vendor = $attribv['vendor'];
$attrv = $attribv['attr'];
$datav = $attribv['data'];
$this->rawVendorAttributes[$vendor][$attrv] = $datav;
 
if ($vendor == RADIUS_VENDOR_MICROSOFT) {
 
switch ($attrv) {
case RADIUS_MICROSOFT_MS_CHAP2_SUCCESS:
$this->attributes['ms_chap2_success'] = radius_cvt_string($datav);
break;
 
case RADIUS_MICROSOFT_MS_CHAP_ERROR:
$this->attributes['ms_chap_error'] = radius_cvt_string(substr($datav,1));
break;
 
case RADIUS_MICROSOFT_MS_CHAP_DOMAIN:
$this->attributes['ms_chap_domain'] = radius_cvt_string($datav);
break;
 
case RADIUS_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY:
$this->attributes['ms_mppe_encryption_policy'] = radius_cvt_int($datav);
break;
 
case RADIUS_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES:
$this->attributes['ms_mppe_encryption_types'] = radius_cvt_int($datav);
break;
 
case RADIUS_MICROSOFT_MS_CHAP_MPPE_KEYS:
$demangled = radius_demangle($this->res, $datav);
$this->attributes['ms_chap_mppe_lm_key'] = substr($demangled, 0, 8);
$this->attributes['ms_chap_mppe_nt_key'] = substr($demangled, 8, RADIUS_MPPE_KEY_LEN);
break;
 
case RADIUS_MICROSOFT_MS_MPPE_SEND_KEY:
$this->attributes['ms_chap_mppe_send_key'] = radius_demangle_mppe_key($this->res, $datav);
break;
 
case RADIUS_MICROSOFT_MS_MPPE_RECV_KEY:
$this->attributes['ms_chap_mppe_recv_key'] = radius_demangle_mppe_key($this->res, $datav);
break;
 
case RADIUS_MICROSOFT_MS_PRIMARY_DNS_SERVER:
$this->attributes['ms_primary_dns_server'] = radius_cvt_string($datav);
break;
}
}
break;
}
}
 
return true;
}
/**
* Frees resources.
*
* Calling this method is always a good idea, because all security relevant
* attributes are filled with Nullbytes to leave nothing in the mem.
*
* @access public
*/
function close()
{
if ($this->res != null) {
radius_close($this->res);
$this->res = null;
}
$this->username = str_repeat("\0", strlen($this->username));
$this->password = str_repeat("\0", strlen($this->password));
}
}
 
/**
* class Auth_RADIUS_PAP
*
* Class for authenticating using PAP (Plaintext)
*
* @package Auth_RADIUS
*/
class Auth_RADIUS_PAP extends Auth_RADIUS
{
 
/**
* Constructor
*
* @param string $username Username
* @param string $password Password
* @return void
*/
function Auth_RADIUS_PAP($username = null, $password = null)
{
$this->Auth_RADIUS();
$this->username = $username;
$this->password = $password;
}
/**
* Creates a RADIUS resource
*
* Creates a RADIUS resource for authentication. This should be the first
* call before you make any other things with the library.
*
* @return bool true on success, false on error
*/
function open()
{
$this->res = radius_auth_open();
if (!$this->res) {
return false;
}
return true;
}
/**
* Creates an authentication request
*
* Creates an authentication request.
* You MUST call this method before you can put any attribute
*
* @return bool true on success, false on error
*/
function createRequest()
{
if (!radius_create_request($this->res, RADIUS_ACCESS_REQUEST)) {
return false;
}
return true;
}
 
/**
* Put authentication specific attributes
*
* @return void
*/
function putAuthAttributes()
{
if (isset($this->username)) {
$this->putAttribute(RADIUS_USER_NAME, $this->username);
}
if (isset($this->password)) {
$this->putAttribute(RADIUS_USER_PASSWORD, $this->password);
}
}
 
}
 
/**
* class Auth_RADIUS_CHAP_MD5
*
* Class for authenticating using CHAP-MD5 see RFC1994.
* Instead og the plaintext password the challenge and
* the response are needed.
*
* @package Auth_RADIUS
*/
class Auth_RADIUS_CHAP_MD5 extends Auth_RADIUS_PAP
{
/**
* 8 Bytes binary challenge
* @var string
*/
var $challenge = null;
 
/**
* 16 Bytes MD5 response binary
* @var string
*/
var $response = null;
/**
* Id of the authentication request. Should incremented after every request.
* @var integer
*/
var $chapid = 1;
/**
* Constructor
*
* @param string $username Username
* @param string $challenge 8 Bytes Challenge (binary)
* @param integer $chapid Requestnumber
* @return void
*/
function Auth_RADIUS_CHAP_MD5($username = null, $challenge = null, $chapid = 1)
{
$this->Auth_RADIUS_PAP();
$this->username = $username;
$this->challenge = $challenge;
$this->chapid = $chapid;
}
/**
* Put CHAP-MD5 specific attributes
*
* For authenticating using CHAP-MD5 via RADIUS you have to put the challenge
* and the response. The chapid is inserted in the first byte of the response.
*
* @return void
*/
function putAuthAttributes()
{
if (isset($this->username)) {
$this->putAttribute(RADIUS_USER_NAME, $this->username);
}
if (isset($this->response)) {
$response = pack('C', $this->chapid) . $this->response;
$this->putAttribute(RADIUS_CHAP_PASSWORD, $response);
}
if (isset($this->challenge)) {
$this->putAttribute(RADIUS_CHAP_CHALLENGE, $this->challenge);
}
}
/**
* Frees resources.
*
* Calling this method is always a good idea, because all security relevant
* attributes are filled with Nullbytes to leave nothing in the mem.
*
* @access public
*/
function close()
{
Auth_RADIUS_PAP::close();
$this->challenge = str_repeat("\0", strlen($this->challenge));
$this->response = str_repeat("\0", strlen($this->response));
}
}
 
/**
* class Auth_RADIUS_MSCHAPv1
*
* Class for authenticating using MS-CHAPv1 see RFC2433
*
* @package Auth_RADIUS
*/
class Auth_RADIUS_MSCHAPv1 extends Auth_RADIUS_CHAP_MD5
{
/**
* LAN-Manager-Response
* @var string
*/
var $lmResponse = null;
 
/**
* Wether using deprecated LM-Responses or not.
* 0 = use LM-Response, 1 = use NT-Response
* @var bool
*/
var $flags = 1;
/**
* Put MS-CHAPv1 specific attributes
*
* For authenticating using MS-CHAPv1 via RADIUS you have to put the challenge
* and the response. The response has this structure:
* struct rad_mschapvalue {
* u_char ident;
* u_char flags;
* u_char lm_response[24];
* u_char response[24];
* };
*
* @return void
*/
function putAuthAttributes()
{
if (isset($this->username)) {
$this->putAttribute(RADIUS_USER_NAME, $this->username);
}
if (isset($this->response) || isset($this->lmResponse)) {
$lmResp = isset($this->lmResponse) ? $this->lmResponse : str_repeat ("\0", 24);
$ntResp = isset($this->response) ? $this->response : str_repeat ("\0", 24);
$resp = pack('CC', $this->chapid, $this->flags) . $lmResp . $ntResp;
$this->putVendorAttribute(RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP_RESPONSE, $resp);
}
if (isset($this->challenge)) {
$this->putVendorAttribute(RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP_CHALLENGE, $this->challenge);
}
}
}
 
/**
* class Auth_RADIUS_MSCHAPv2
*
* Class for authenticating using MS-CHAPv2 see RFC2759
*
* @package Auth_RADIUS
*/
class Auth_RADIUS_MSCHAPv2 extends Auth_RADIUS_MSCHAPv1
{
/**
* 16 Bytes binary challenge
* @var string
*/
var $challenge = null;
/**
* 16 Bytes binary Peer Challenge
* @var string
*/
var $peerChallenge = null;
 
/**
* Put MS-CHAPv2 specific attributes
*
* For authenticating using MS-CHAPv1 via RADIUS you have to put the challenge
* and the response. The response has this structure:
* struct rad_mschapv2value {
* u_char ident;
* u_char flags;
* u_char pchallenge[16];
* u_char reserved[8];
* u_char response[24];
* };
* where pchallenge is the peer challenge. Like for MS-CHAPv1 we set the flags field to 1.
* @return void
*/
function putAuthAttributes()
{
if (isset($this->username)) {
$this->putAttribute(RADIUS_USER_NAME, $this->username);
}
if (isset($this->response) && isset($this->peerChallenge)) {
// Response: chapid, flags (1 = use NT Response), Peer challenge, reserved, Response
$resp = pack('CCa16a8a24',$this->chapid , 1, $this->peerChallenge, str_repeat("\0", 8), $this->response);
$this->putVendorAttribute(RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP2_RESPONSE, $resp);
}
if (isset($this->challenge)) {
$this->putVendorAttribute(RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP_CHALLENGE, $this->challenge);
}
}
/**
* Frees resources.
*
* Calling this method is always a good idea, because all security relevant
* attributes are filled with Nullbytes to leave nothing in the mem.
*
* @access public
*/
function close()
{
Auth_RADIUS_MSCHAPv1::close();
$this->peerChallenge = str_repeat("\0", strlen($this->peerChallenge));
}
}
 
/**
* class Auth_RADIUS_Acct
*
* Class for RADIUS accounting
*
* @package Auth_RADIUS
*/
class Auth_RADIUS_Acct extends Auth_RADIUS
{
/**
* Defines where the Authentication was made, possible values are:
* RADIUS_AUTH_RADIUS, RADIUS_AUTH_LOCAL, RADIUS_AUTH_REMOTE
* @var integer
*/
var $authentic = null;
 
/**
* Defines the type of the accounting request, on of:
* RADIUS_START, RADIUS_STOP, RADIUS_ACCOUNTING_ON, RADIUS_ACCOUNTING_OFF
* @var integer
*/
var $status_type = null;
 
/**
* The time the user was logged in in seconds
* @var integer
*/
var $session_time = null;
 
/**
* A uniq identifier for the session of the user, maybe the PHP-Session-Id
* @var string
*/
var $session_id = null;
/**
* Constructor
*
* Generates a predefined session_id. We use the Remote-Address, the PID, and the Current user.
* @return void
*/
function Auth_RADIUS_Acct()
{
$this->Auth_RADIUS();
if (isset($_SERVER)) {
$var = &$_SERVER;
} else {
$var = &$GLOBALS['HTTP_SERVER_VARS'];
}
 
$this->session_id = sprintf("%s:%d-%s", isset($var['REMOTE_ADDR']) ? $var['REMOTE_ADDR'] : '127.0.0.1' , getmypid(), get_current_user());
}
 
/**
* Creates a RADIUS resource
*
* Creates a RADIUS resource for accounting. This should be the first
* call before you make any other things with the library.
*
* @return bool true on success, false on error
*/
function open()
{
$this->res = radius_acct_open();
if (!$this->res) {
return false;
}
return true;
}
 
/**
* Creates an accounting request
*
* Creates an accounting request.
* You MUST call this method before you can put any attribute.
*
* @return bool true on success, false on error
*/
function createRequest()
{
if (!radius_create_request($this->res, RADIUS_ACCOUNTING_REQUEST)) {
return false;
}
return true;
}
/**
* Put attributes for accounting.
*
* Here we put some accounting values. There many more attributes for accounting,
* but for web-applications only certain attributes make sense.
* @return void
*/
function putAuthAttributes()
{
$this->putAttribute(RADIUS_ACCT_SESSION_ID, $this->session_id);
$this->putAttribute(RADIUS_ACCT_STATUS_TYPE, $this->status_type);
if (isset($this->session_time) && $this->status_type == RADIUS_STOP) {
$this->putAttribute(RADIUS_ACCT_SESSION_TIME, $this->session_time);
}
if (isset($this->authentic)) {
$this->putAttribute(RADIUS_ACCT_AUTHENTIC, $this->authentic);
}
}
}
 
/**
* class Auth_RADIUS_Acct_Start
*
* Class for RADIUS accounting. Its usualy used, after the user has logged in.
*
* @package Auth_RADIUS
*/
class Auth_RADIUS_Acct_Start extends Auth_RADIUS_Acct
{
/**
* Defines the type of the accounting request.
* It is set to RADIUS_START by default in this class.
* @var integer
*/
var $status_type = Auth_RADIUS_Acct_Stop;
}
 
/**
* class Auth_RADIUS_Acct_Start
*
* Class for RADIUS accounting. Its usualy used, after the user has logged out.
*
* @package Auth_RADIUS
*/
class Auth_RADIUS_Acct_Stop extends Auth_RADIUS_Acct
{
/**
* Defines the type of the accounting request.
* It is set to RADIUS_STOP by default in this class.
* @var integer
*/
var $status_type = RADIUS_STOP;
}
 
?>
/tags/v1.0-Homere/bibliotheque/pear/Auth/Container/DB.php
New file
0,0 → 1,409
<?php
//
// +----------------------------------------------------------------------+
// | PHP Version 4 |
// +----------------------------------------------------------------------+
// | |
// +----------------------------------------------------------------------+
// | This source file is subject to version 2.02 of the PHP license, |
// | that is bundled with this package in the file LICENSE, and is |
// | available at through the world-wide-web at |
// | http://www.php.net/license/2_02.txt. |
// | If you did not receive a copy of the PHP license and are unable to |
// | obtain it through the world-wide-web, please send a note to |
// | license@php.net so we can mail you a copy immediately. |
// +----------------------------------------------------------------------+
// | Authors: Martin Jansen <mj@php.net> |
// +----------------------------------------------------------------------+
//
// $Id: DB.php,v 1.40 2003/11/15 13:37:26 yavo Exp $
//
 
require_once 'Auth/Container.php';
require_once 'DB.php';
 
/**
* Storage driver for fetching login data from a database
*
* This storage driver can use all databases which are supported
* by the PEAR DB abstraction layer to fetch login data.
*
* @author Martin Jansen <mj@php.net>
* @package Auth
* @version $Revision: 1.40 $
*/
class Auth_Container_DB extends Auth_Container
{
 
/**
* Additional options for the storage container
* @var array
*/
var $options = array();
 
/**
* DB object
* @var object
*/
var $db = null;
var $dsn = '';
 
/**
* User that is currently selected from the DB.
* @var string
*/
var $activeUser = '';
 
// {{{ Constructor
 
/**
* Constructor of the container class
*
* Initate connection to the database via PEAR::DB
*
* @param string Connection data or DB object
* @return object Returns an error object if something went wrong
*/
function Auth_Container_DB($dsn)
{
$this->_setDefaults();
 
if (is_array($dsn)) {
$this->_parseOptions($dsn);
 
if (empty($this->options['dsn'])) {
PEAR::raiseError('No connection parameters specified!');
}
} else {
$this->options['dsn'] = $dsn;
}
}
 
// }}}
// {{{ _connect()
 
/**
* Connect to database by using the given DSN string
*
* @access private
* @param string DSN string
* @return mixed Object on error, otherwise bool
*/
function _connect($dsn)
{
if (is_string($dsn) || is_array($dsn)) {
$this->db = DB::Connect($dsn);
} elseif (get_parent_class($dsn) == "db_common") {
$this->db = $dsn;
} elseif (DB::isError($dsn)) {
return PEAR::raiseError($dsn->getMessage(), $dsn->getCode());
} else {
return PEAR::raiseError('The given dsn was not valid in file ' . __FILE__ . ' at line ' . __LINE__,
41,
PEAR_ERROR_RETURN,
null,
null
);
}
 
if (DB::isError($this->db) || PEAR::isError($this->db)) {
return PEAR::raiseError($this->db->getMessage(), $this->db->getCode());
} else {
return true;
}
}
 
// }}}
// {{{ _prepare()
 
/**
* Prepare database connection
*
* This function checks if we have already opened a connection to
* the database. If that's not the case, a new connection is opened.
*
* @access private
* @return mixed True or a DB error object.
*/
function _prepare()
{
if (!DB::isConnection($this->db)) {
$res = $this->_connect($this->options['dsn']);
if(DB::isError($res) || PEAR::isError($res)){
return $res;
}
}
return true;
}
 
// }}}
// {{{ query()
 
/**
* Prepare query to the database
*
* This function checks if we have already opened a connection to
* the database. If that's not the case, a new connection is opened.
* After that the query is passed to the database.
*
* @access public
* @param string Query string
* @return mixed a DB_result object or DB_OK on success, a DB
* or PEAR error on failure
*/
function query($query)
{
$err = $this->_prepare();
if ($err !== true) {
return $err;
}
return $this->db->query($query);
}
 
// }}}
// {{{ _setDefaults()
 
/**
* Set some default options
*
* @access private
* @return void
*/
function _setDefaults()
{
$this->options['table'] = 'auth';
$this->options['usernamecol'] = 'username';
$this->options['passwordcol'] = 'password';
$this->options['dsn'] = '';
$this->options['db_fields'] = '';
$this->options['cryptType'] = 'md5';
}
 
// }}}
// {{{ _parseOptions()
 
/**
* Parse options passed to the container class
*
* @access private
* @param array
*/
function _parseOptions($array)
{
foreach ($array as $key => $value) {
if (isset($this->options[$key])) {
$this->options[$key] = $value;
}
}
 
/* Include additional fields if they exist */
if(!empty($this->options['db_fields'])){
if(is_array($this->options['db_fields'])){
$this->options['db_fields'] = join($this->options['db_fields'], ', ');
}
$this->options['db_fields'] = ', '.$this->options['db_fields'];
}
}
 
// }}}
// {{{ fetchData()
 
/**
* Get user information from database
*
* This function uses the given username to fetch
* the corresponding login data from the database
* table. If an account that matches the passed username
* and password is found, the function returns true.
* Otherwise it returns false.
*
* @param string Username
* @param string Password
* @return mixed Error object or boolean
*/
function fetchData($username, $password)
{
// Prepare for a database query
$err = $this->_prepare();
if ($err !== true) {
return PEAR::raiseError($err->getMessage(), $err->getCode());
}
 
// Find if db_fileds contains a *, i so assume all col are selected
if(strstr($this->options['db_fields'], '*')){
$sql_from = "*";
}
else{
$sql_from = $this->options['usernamecol'] . ", ".$this->options['passwordcol'].$this->options['db_fields'];
}
/**
Old Style, removed to go around the oci8
problem
See bug 206
http://pear.php.net/bugs/bug.php?id=206
$query = "SELECT ! FROM ! WHERE ! = ?";
$query_params = array(
$sql_from,
$this->options['table'],
$this->options['usernamecol'],
$username
);
*/
$query = "SELECT ".$sql_from.
" FROM ".$this->options['table'].
" WHERE ".$this->options['usernamecol']." = '".$this->db->quoteString($username)."'";
$res = $this->db->getRow($query, null, DB_FETCHMODE_ASSOC);
 
if (DB::isError($res)) {
return PEAR::raiseError($res->getMessage(), $res->getCode());
}
if (!is_array($res)) {
$this->activeUser = '';
return false;
}
if ($this->verifyPassword(trim($password, "\r\n"),
trim($res[$this->options['passwordcol']], "\r\n"),
$this->options['cryptType'])) {
// Store additional field values in the session
foreach ($res as $key => $value) {
if ($key == $this->options['passwordcol'] ||
$key == $this->options['usernamecol']) {
continue;
}
// Use reference to the auth object if exists
// This is because the auth session variable can change so a static call to setAuthData does not make sence
if(is_object($this->_auth_obj)){
$this->_auth_obj->setAuthData($key, $value);
} else {
Auth::setAuthData($key, $value);
}
}
 
return true;
}
 
$this->activeUser = $res[$this->options['usernamecol']];
return false;
}
 
// }}}
// {{{ listUsers()
 
function listUsers()
{
$err = $this->_prepare();
if ($err !== true) {
return PEAR::raiseError($err->getMessage(), $err->getCode());
}
 
$retVal = array();
 
// Find if db_fileds contains a *, i so assume all col are selected
if(strstr($this->options['db_fields'], '*')){
$sql_from = "*";
}
else{
$sql_from = $this->options['usernamecol'] . ", ".$this->options['passwordcol'].$this->options['db_fields'];
}
 
$query = sprintf("SELECT %s FROM %s",
$sql_from,
$this->options['table']
);
$res = $this->db->getAll($query, null, DB_FETCHMODE_ASSOC);
 
if (DB::isError($res)) {
return PEAR::raiseError($res->getMessage(), $res->getCode());
} else {
foreach ($res as $user) {
$user['username'] = $user[$this->options['usernamecol']];
$retVal[] = $user;
}
}
return $retVal;
}
 
// }}}
// {{{ addUser()
 
/**
* Add user to the storage container
*
* @access public
* @param string Username
* @param string Password
* @param mixed Additional information that are stored in the DB
*
* @return mixed True on success, otherwise error object
*/
function addUser($username, $password, $additional = "")
{
if (function_exists($this->options['cryptType'])) {
$cryptFunction = $this->options['cryptType'];
} else {
$cryptFunction = 'md5';
}
 
$additional_key = '';
$additional_value = '';
 
if (is_array($additional)) {
foreach ($additional as $key => $value) {
$additional_key .= ', ' . $key;
$additional_value .= ", '" . $value . "'";
}
}
 
$query = sprintf("INSERT INTO %s (%s, %s%s) VALUES ('%s', '%s'%s)",
$this->options['table'],
$this->options['usernamecol'],
$this->options['passwordcol'],
$additional_key,
$username,
$cryptFunction($password),
$additional_value
);
 
$res = $this->query($query);
 
if (DB::isError($res)) {
return PEAR::raiseError($res->getMessage(), $res->getCode());
} else {
return true;
}
}
 
// }}}
// {{{ removeUser()
 
/**
* Remove user from the storage container
*
* @access public
* @param string Username
*
* @return mixed True on success, otherwise error object
*/
function removeUser($username)
{
$query = sprintf("DELETE FROM %s WHERE %s = '%s'",
$this->options['table'],
$this->options['usernamecol'],
$username
);
 
$res = $this->query($query);
 
if (DB::isError($res)) {
return PEAR::raiseError($res->getMessage(), $res->getCode());
} else {
return true;
}
}
 
// }}}
}
?>
/tags/v1.0-Homere/bibliotheque/pear/Auth/Container/IMAP.php
New file
0,0 → 1,170
<?php
//
// +----------------------------------------------------------------------+
// | PHP Version 4 |
// +----------------------------------------------------------------------+
// | Copyright (c) 1997-2003 The PHP Group |
// +----------------------------------------------------------------------+
// | This source file is subject to version 2.02 of the PHP license, |
// | that is bundled with this package in the file LICENSE, and is |
// | available at through the world-wide-web at |
// | http://www.php.net/license/2_02.txt. |
// | If you did not receive a copy of the PHP license and are unable to |
// | obtain it through the world-wide-web, please send a note to |
// | license@php.net so we can mail you a copy immediately. |
// +----------------------------------------------------------------------+
// | Authors: Jeroen Houben <jeroen@terena.nl> |
// +----------------------------------------------------------------------+
//
// $Id: IMAP.php,v 1.7 2003/10/20 09:38:29 yavo Exp $
//
 
require_once "Auth/Container.php";
require_once "PEAR.php";
 
/**
* Storage driver for fetching login data from an IMAP server
*
* This class is based on LDAP containers, but it very simple.
* By default it connects to localhost:143
* The constructor will first check if the host:port combination is
* actually reachable. This behaviour can be disabled.
* It then tries to create an IMAP stream (without opening a mailbox)
* If you wish to pass extended options to the connections, you may
* do so by specifying protocol options.
*
* To use this storage containers, you have to use the
* following syntax:
*
* <?php
* ...
* $params = array(
* 'host' => 'mail.example.com',
* 'port' => 143,
* );
* $myAuth = new Auth('IMAP', $params);
* ....
*
* By default we connect without any protocol options set. However, some
* servers require you to connect with the notls or norsh options set.
* To do this you need to add the following value to the params array:
* 'baseDSN' => '/imap/notls/norsh'
*
* To connect to an SSL IMAP server:
* 'baseDSN' => '/imap/ssl'
*
* To connect to an SSL IMAP server with a self-signed certificate:
* 'baseDSN' => '/imap/ssl/novalidate-cert'
*
* Further options may be available and can be found on the php site at
* http://www.php.net/manual/function.imap-open.php
*
*/
 
/*
*
* @author Jeroen Houben <jeroen@terena.nl>, Cipriano Groenendal <cipri@campai.nl>
* @package Auth
* @version $Revision: 1.7 $
*/
class Auth_Container_IMAP extends Auth_Container
{
/**
* Options for the class
* @var array
*/
var $options = array();
 
/**
* Constructor of the container class
*
* @param $params, associative hash with host,port,basedn and userattr key
* @param $params, associative array with host, port, baseDSN, checkServer key.
* @return object Returns an error object if something went wrong
*/
function Auth_Container_IMAP($params)
{
if (!extension_loaded('imap')) {
return PEAR::raiseError("Cannot use IMAP authentication, IMAP extension not loaded!",
41, PEAR_ERROR_DIE);
}
$this->_setDefaults();
// set parameters (if any)
if (is_array($params)) {
$this->_parseOptions($params);
}
if ($this->options['checkServer']) {
$this->_checkServer($this->options['timeout']);
}
return true;
}
 
/**
* Set some default options
*
* @access private
*/
function _setDefaults()
{
$this->options['host'] = 'localhost';
$this->options['port'] = 143;
$this->options['baseDSN'] = '';
$this->options['checkServer'] = true;
$this->options['timeout'] = 20;
}
 
 
/**
* Check if the given server and port are reachable
*
* @access private
*/
function _checkServer() {
$fp = @fsockopen ($this->options['host'], $this->options['port'],
$errno, $errstr, $timeout);
if (is_resource($fp)) {
@fclose($fp);
} else {
$message = "Error connecting to IMAP server "
. $this->options['host']
. ":" . $this->options['port'];
return PEAR::raiseError($message, 41, PEAR_ERROR_DIE);
}
}
 
/**
* Parse options passed to the container class
*
* @access private
* @param array
*/
function _parseOptions($array)
{
foreach ($array as $key => $value) {
$this->options[$key] = $value;
}
}
 
/**
* Try to open a IMAP stream using $username / $password
*
* @param string Username
* @param string Password
* @return boolean
*/
function fetchData($username, $password)
{
$dsn = '{'.$this->options['host'].':'.$this->options['port'].$this->options['baseDSN'].'}';
$conn = @imap_open ($dsn, $username, $password, OP_HALFOPEN);
if (is_resource($conn)){
$this->activeUser = $username;
@imap_close($conn);
return true;
} else {
$this->activeUser = '';
return false;
}
}
}
?>
/tags/v1.0-Homere/bibliotheque/pear/Auth/Container/RADIUS.php
New file
0,0 → 1,154
<?php
//
// +----------------------------------------------------------------------+
// | PHP Version 4 |
// +----------------------------------------------------------------------+
// | Copyright (c) 1997-2003 The PHP Group |
// +----------------------------------------------------------------------+
// | This source file is subject to version 2.02 of the PHP license, |
// | that is bundled with this package in the file LICENSE, and is |
// | available at through the world-wide-web at |
// | http://www.php.net/license/2_02.txt. |
// | If you did not receive a copy of the PHP license and are unable to |
// | obtain it through the world-wide-web, please send a note to |
// | license@php.net so we can mail you a copy immediately. |
// +----------------------------------------------------------------------+
// | Authors: Michael Bretterklieber <michael@bretterklieber.com> |
// +----------------------------------------------------------------------+
//
// $Id: RADIUS.php,v 1.7 2003/05/13 19:27:35 mbretter Exp $
//
 
require_once "Auth/Container.php";
require_once "Auth/RADIUS.php";
 
/**
* Storage driver for authenticating users against RADIUS servers.
*
* @author Michael Bretterklieber <michael@bretterklieber.com>
* @access public
* @version $Revision: 1.7 $
*/
class Auth_Container_RADIUS extends Auth_Container
{
 
/**
* Contains a RADIUS object
* @var object
*/
var $radius;
/**
* Contains the authentication type
* @var string
*/
var $authtype;
 
/**
* Constructor of the container class.
*
* $options can have these keys:
* 'servers' an array containing an array: servername, port,
* sharedsecret, timeout, maxtries
* 'configfile' The filename of the configuration file
* 'authtype' The type of authentication, one of: PAP, CHAP_MD5,
* MSCHAPv1, MSCHAPv2, default is PAP
*
* @param $options associative array
* @return object Returns an error object if something went wrong
*/
function Auth_Container_RADIUS($options)
{
$this->authtype = 'PAP';
if (isset($options['authtype'])) {
$this->authtype = $options['authtype'];
}
$classname = 'Auth_RADIUS_' . $this->authtype;
if (!class_exists($classname)) {
PEAR::raiseError("Unknown Authtype, please use on of: PAP, CHAP_MD5, MSCHAPv1, MSCHAPv2!",
41, PEAR_ERROR_DIE);
}
$this->radius = new $classname;
 
if (isset($options['configfile'])) {
$this->radius->setConfigfile($options['configfile']);
}
 
$servers = $options['servers'];
if (is_array($servers)) {
foreach ($servers as $server) {
$servername = $server[0];
$port = isset($server[1]) ? $server[1] : 0;
$sharedsecret = isset($server[2]) ? $server[2] : 'testing123';
$timeout = isset($server[3]) ? $server[3] : 3;
$maxtries = isset($server[4]) ? $server[4] : 3;
$this->radius->addServer($servername, $port, $sharedsecret, $timeout, $maxtries);
}
}
if (!$this->radius->start()) {
PEAR::raiseError($this->radius->getError(), 41, PEAR_ERROR_DIE);
}
}
 
/**
* Authenticate
*
* @param string Username
* @param string Password
* @return bool true on success, false on reject
*/
function fetchData($username, $password, $challenge = null)
{
switch($this->authtype) {
case 'CHAP_MD5':
case 'MSCHAPv1':
if (isset($challenge)) {
echo $password;
$this->radius->challenge = $challenge;
$this->radius->chapid = 1;
$this->radius->response = pack('H*', $password);
} else {
require_once 'Crypt_CHAP/CHAP.php';
$classname = 'Crypt_' . $this->authtype;
$crpt = new $classname;
$crpt->password = $password;
$this->radius->challenge = $crpt->challenge;
$this->radius->chapid = $crpt->chapid;
$this->radius->response = $crpt->challengeResponse();
break;
}
 
case 'MSCHAPv2':
require_once 'Crypt_CHAP/CHAP.php';
$crpt = new Crypt_MSCHAPv2;
$crpt->username = $username;
$crpt->password = $password;
$this->radius->challenge = $crpt->authChallenge;
$this->radius->peerChallenge = $crpt->peerChallenge;
$this->radius->chapid = $crpt->chapid;
$this->radius->response = $crpt->challengeResponse();
break;
 
default:
$this->radius->password = $password;
break;
}
 
$this->radius->username = $username;
 
$this->radius->putAuthAttributes();
$result = $this->radius->send();
if (PEAR::isError($result)) {
return false;
}
 
$this->radius->getAttributes();
// just for debugging
// $this->radius->dumpAttributes();
 
return $result;
}
}
?>
/tags/v1.0-Homere/bibliotheque/pear/Auth/Container/vpopmail.php
New file
0,0 → 1,66
<?PHP
/* vim: set expandtab tabstop=4 shiftwidth=4: */
// +----------------------------------------------------------------------+
// | PHP Version 4 |
// +----------------------------------------------------------------------+
// | Copyright (c) 1997-2003 The PHP Group |
// +----------------------------------------------------------------------+
// | This source file is subject to version 2.02 of the PHP license, |
// | that is bundled with this package in the file LICENSE, and is |
// | available at through the world-wide-web at |
// | http://www.php.net/license/2_02.txt. |
// | If you did not receive a copy of the PHP license and are unable to |
// | obtain it through the world-wide-web, please send a note to |
// | license@php.net so we can mail you a copy immediately. |
// +----------------------------------------------------------------------+
// | Author: Stanislav Grozev <tacho@orbitel.bg> |
// +----------------------------------------------------------------------+
//
// $Id: vpopmail.php,v 1.3 2003/09/08 11:24:05 yavo Exp $
//
 
require_once "Auth/Container.php";
 
/**
* Storage driver for fetching login data from vpopmail
*
* @author Stanislav Grozev <tacho@orbitel.bg>
* @package Auth
* @version $Revision: 1.3 $
*/
class Auth_Container_vpopmail extends Auth_Container {
 
// {{{ Constructor
 
/**
* Constructor of the container class
*
* @return integer Always returns 1.
*/
function Auth_Container_vpopmail()
{
return 1;
}
 
// }}}
// {{{ fetchData()
 
/**
* Get user information from vpopmail
*
* @param string Username - has to be valid email address
* @param string Password
* @return boolean
*/
function fetchData($username, $password)
{
$userdata = array();
$userdata = preg_split("/@/", $username, 2);
$result = @vpopmail_auth_user($userdata[0], $userdata[1], $password);
 
return $result;
}
 
// }}}
}
?>
/tags/v1.0-Homere/bibliotheque/pear/Auth/Container/File.php
New file
0,0 → 1,200
<?php
/* vim: set expandtab tabstop=4 shiftwidth=4: */
// +----------------------------------------------------------------------+
// | PHP Version 4 |
// +----------------------------------------------------------------------+
// | Copyright (c) 1997-2003 The PHP Group |
// +----------------------------------------------------------------------+
// | This source file is subject to version 2.02 of the PHP license, |
// | that is bundled with this package in the file LICENSE, and is |
// | available at through the world-wide-web at |
// | http://www.php.net/license/2_02.txt. |
// | If you did not receive a copy of the PHP license and are unable to |
// | obtain it through the world-wide-web, please send a note to |
// | license@php.net so we can mail you a copy immediately. |
// +----------------------------------------------------------------------+
// | Authors: Stefan Ekman <stekman@sedata.org> |
// | Martin Jansen <mj@php.net> |
// | Mika Tuupola <tuupola@appelsiini.net> |
// +----------------------------------------------------------------------+
//
// $Id: File.php,v 1.14 2003/10/29 13:42:40 mike Exp $
//
 
require_once "File/Passwd.php";
require_once "Auth/Container.php";
require_once "PEAR.php";
 
/**
* Storage driver for fetching login data from an encrypted password file.
*
* This storage container can handle CVS pserver style passwd files.
*
* @author Stefan Ekman <stekman@sedata.org>
* @author Michael Wallner <mike@php.net>
* @package Auth
* @version $Revision: 1.14 $
*/
class Auth_Container_File extends Auth_Container
{
/**
* Path to passwd file
*
* @var string
*/
var $pwfile = '';
 
// {{{ Constructor
 
/**
* Constructor of the container class
*
* @param string $filename path to passwd file
* @return object Auth_Container_File new Auth_Container_File object
*/
function Auth_Container_File($filename)
{
$this->pwfile = $filename;
}
 
// }}}
// {{{ fetchData()
 
/**
* Authenticate an user
*
* @param string username
* @param string password
* @return mixed boolean|PEAR_Error
*/
function fetchData($user, $pass)
{
return File_Passwd::staticAuth('Cvs', $this->pwfile, $user, $pass);
}
 
// }}}
// {{{ listUsers()
/**
* List all available users
*
* @return array
*/
function listUsers()
{
$pw_obj = &$this->_load();
if (PEAR::isError($pw_obj)) {
return array();
}
 
$users = $pw_obj->listUser();
if (!is_array($users)) {
return array();
}
 
foreach ($users as $key => $value) {
$retVal[] = array("username" => $key,
"password" => $value['passwd'],
"cvsuser" => $value['system']);
}
 
return $retVal;
}
 
// }}}
// {{{ addUser()
 
/**
* Add a new user to the storage container
*
* @param string username
* @param string password
* @param mixed CVS username
*
* @return boolean
*/
function addUser($user, $pass, $additional='')
{
$cvs = (string) (is_array($additional) && isset($additional['cvsuser'])) ?
$additional['cvsuser'] : $additional;
 
$pw_obj = &$this->_load();
if (PEAR::isError($pw_obj)) {
return false;
}
$res = $pw_obj->addUser($user, $pass, $cvs);
if(PEAR::isError($res)){
return false;
}
$res = $pw_obj->save();
if (PEAR::isError($res)) {
return false;
}
return true;
}
 
// }}}
// {{{ removeUser()
 
/**
* Remove user from the storage container
*
* @param string Username
* @return boolean
*/
function removeUser($user)
{
$pw_obj = &$this->_load();
if (PEAR::isError($pw_obj)) {
return false;
}
$res = $pw_obj->delUser($user);
if(PEAR::isError($res)){
return false;
}
$res = $pw_obj->save();
if (PEAR::isError($res)) {
return false;
}
return true;
}
 
// }}}
// {{{ _load()
/**
* Load and initialize the File_Passwd object
*
* @return object File_Passwd_Cvs|PEAR_Error
*/
function &_load()
{
static $pw_obj;
if (!isset($pw_obj)) {
$pw_obj = File_Passwd::factory('Cvs');
if (PEAR::isError($pw_obj)) {
return $pw_obj;
}
$pw_obj->setFile($this->pwfile);
$res = $pw_obj->load();
if (PEAR::isError($res)) {
return $res;
}
}
return $pw_obj;
}
 
// }}}
}
?>
/tags/v1.0-Homere/bibliotheque/pear/Auth/Container/LDAP.php
New file
0,0 → 1,472
<?php
//
// +----------------------------------------------------------------------+
// | PHP Version 4 |
// +----------------------------------------------------------------------+
// | Copyright (c) 1997-2003 The PHP Group |
// +----------------------------------------------------------------------+
// | This source file is subject to version 2.02 of the PHP license, |
// | that is bundled with this package in the file LICENSE, and is |
// | available at through the world-wide-web at |
// | http://www.php.net/license/2_02.txt. |
// | If you did not receive a copy of the PHP license and are unable to |
// | obtain it through the world-wide-web, please send a note to |
// | license@php.net so we can mail you a copy immediately. |
// +----------------------------------------------------------------------+
// | Authors: Jan Wagner <wagner@netsols.de> |
// +----------------------------------------------------------------------+
//
// $Id: LDAP.php,v 1.14 2003/06/02 16:55:10 mj Exp $
//
 
require_once "Auth/Container.php";
require_once "PEAR.php";
 
/**
* Storage driver for fetching login data from LDAP
*
* This class is heavily based on the DB and File containers. By default it
* connects to localhost:389 and searches for uid=$username with the scope
* "sub". If no search base is specified, it will try to determine it via
* the namingContexts attribute. It takes its parameters in a hash, connects
* to the ldap server, binds anonymously, searches for the user, and tries
* to bind as the user with the supplied password. When a group was set, it
* will look for group membership of the authenticated user. If all goes
* well the authentication was successful.
*
* Parameters:
*
* host: localhost (default), ldap.netsols.de or 127.0.0.1
* port: 389 (default) or 636 or whereever your server runs
* url: ldap://localhost:389/
* useful for ldaps://, works only with openldap2 ?
* it will be preferred over host and port
* binddn: If set, searching for user will be done after binding
* as this user, if not set the bind will be anonymous.
* This is reported to make the container work with MS
* Active Directory, but should work with any server that
* is configured this way.
* This has to be a complete dn for now (basedn and
* userdn will not be appended).
* bindpw: The password to use for binding with binddn
* scope: one, sub (default), or base
* basedn: the base dn of your server
* userdn: gets prepended to basedn when searching for user
* userattr: the user attribute to search for (default: uid)
* useroc: objectclass of user (for the search filter)
* (default: posixAccount)
* groupdn: gets prepended to basedn when searching for group
* groupattr : the group attribute to search for (default: cn)
* groupoc : objectclass of group (for the search filter)
* (default: groupOfUniqueNames)
* memberattr : the attribute of the group object where the user dn
* may be found (default: uniqueMember)
* memberisdn: whether the memberattr is the dn of the user (default)
* or the value of userattr (usually uid)
* group: the name of group to search for
* debug: Enable/Disable debugging output (default: false)
*
* To use this storage container, you have to use the following syntax:
*
* <?php
* ...
*
* $a = new Auth("LDAP", array(
* 'host' => 'localhost',
* 'port' => '389',
* 'basedn' => 'o=netsols,c=de',
* 'userattr' => 'uid'
* 'binddn' => 'cn=admin,o=netsols,c=de',
* 'bindpw' => 'password'));
*
* $a2 = new Auth('LDAP', array(
* 'url' => 'ldaps://ldap.netsols.de',
* 'basedn' => 'o=netsols,c=de',
* 'scope' => 'one',
* 'userdn' => 'ou=People',
* 'groupdn' => 'ou=Groups',
* 'groupoc' => 'posixGroup',
* 'memberattr' => 'memberUid',
* 'memberisdn' => false,
* 'group' => 'admin'
* ));
*
* $a3 = new Auth('LDAP', array(
* 'host' => 'ad.netsols.de',
* 'basedn' => 'dc=netsols,dc=de',
* 'userdn' => 'ou=Users',
* 'binddn' => 'cn=Jan Wagner,ou=Users,dc=netsols,dc=de',
* 'bindpw' => '*******',
* 'userattr' => 'samAccountName',
* 'useroc' => 'user',
* 'debug' => true
* ));
*
* The parameter values have to correspond
* to the ones for your LDAP server of course.
*
* When talking to a Microsoft ActiveDirectory server you have to
* use 'samaccountname' as the 'userattr' and follow special rules
* to translate the ActiveDirectory directory names into 'basedn'.
* The 'basedn' for the default 'Users' folder on an ActiveDirectory
* server for the ActiveDirectory Domain (which is not related to
* its DNS name) "win2000.example.org" would be:
* "CN=Users, DC=win2000, DC=example, DC=org'
* where every component of the domain name becomes a DC attribute
* of its own. If you want to use a custom users folder you have to
* replace "CN=Users" with a sequence of "OU" attributes that specify
* the path to your custom folder in reverse order.
* So the ActiveDirectory folder
* "win2000.example.org\Custom\Accounts"
* would become
* "OU=Accounts, OU=Custom, DC=win2000, DC=example, DC=org'
*
* It seems that binding anonymously to an Active Directory
* is not allowed, so you have to set binddn and bindpw for
* user searching,
*
* Example a3 shows a tested example for connenction to Windows 2000
* Active Directory
*
* @author Jan Wagner <wagner@netsols.de>
* @package Auth
* @version $Revision: 1.14 $
*/
class Auth_Container_LDAP extends Auth_Container
{
/**
* Options for the class
* @var array
*/
var $options = array();
 
/**
* Connection ID of LDAP Link
* @var string
*/
var $conn_id = false;
 
/**
* LDAP search function to use
* @var string
*/
var $ldap_search_func;
 
/**
* Constructor of the container class
*
* @param $params, associative hash with host,port,basedn and userattr key
* @return object Returns an error object if something went wrong
*/
function Auth_Container_LDAP($params)
{
$this->_setDefaults();
 
if (is_array($params)) {
$this->_parseOptions($params);
}
}
 
// }}}
// {{{ _connect()
 
/**
* Connect to the LDAP server using the global options
*
* @access private
* @return object Returns a PEAR error object if an error occurs.
*/
function _connect()
{
// connect
if (isset($this->options['url']) && $this->options['url'] != '') {
$this->_debug('Connecting with URL', __LINE__);
$conn_params = array($this->options['url']);
} else {
$this->_debug('Connecting with host:port', __LINE__);
$conn_params = array($this->options['host'], $this->options['port']);
}
 
if(($this->conn_id = @call_user_func_array('ldap_connect', $conn_params)) === false) {
return PEAR::raiseError('Auth_Container_LDAP: Could not connect to server.', 41, PEAR_ERROR_DIE);
}
$this->_debug('Successfully connected to server', __LINE__);
 
// try switchig to LDAPv3
$ver = 0;
if(@ldap_get_option($this->conn_id, LDAP_OPT_PROTOCOL_VERSION, $ver) && $ver >= 2) {
$this->_debug('Switching to LDAPv3', __LINE__);
@ldap_set_option($this->conn_id, LDAP_OPT_PROTOCOL_VERSION, 3);
}
 
// bind with credentials or anonymously
if($this->options['binddn'] && $this->options['bindpw']) {
$this->_debug('Binding with credentials', __LINE__);
$bind_params = array($this->conn_id, $this->options['binddn'], $this->options['bindpw']);
} else {
$this->_debug('Binding anonymously', __LINE__);
$bind_params = array($this->conn_id);
}
// bind for searching
if ((@call_user_func_array('ldap_bind', $bind_params)) == false) {
$this->_debug();
$this->_disconnect();
return PEAR::raiseError("Auth_Container_LDAP: Could not bind to LDAP server.", 41, PEAR_ERROR_DIE);
}
$this->_debug('Binding was successful', __LINE__);
}
 
/**
* Disconnects (unbinds) from ldap server
*
* @access private
*/
function _disconnect()
{
if($this->_isValidLink()) {
$this->_debug('disconnecting from server');
@ldap_unbind($this->conn_id);
}
}
 
/**
* Tries to find Basedn via namingContext Attribute
*
* @access private
*/
function _getBaseDN()
{
if ($this->options['basedn'] == "" && $this->_isValidLink()) {
$this->_debug("basedn not set, searching via namingContexts.", __LINE__);
 
$result_id = @ldap_read($this->conn_id, "", "(objectclass=*)", array("namingContexts"));
if (ldap_count_entries($this->conn_id, $result_id) == 1) {
$this->_debug("got result for namingContexts", __LINE__);
$entry_id = ldap_first_entry($this->conn_id, $result_id);
$attrs = ldap_get_attributes($this->conn_id, $entry_id);
$basedn = $attrs['namingContexts'][0];
 
if ($basedn != "") {
$this->_debug("result for namingContexts was $basedn", __LINE__);
$this->options['basedn'] = $basedn;
}
}
ldap_free_result($result_id);
}
 
// if base ist still not set, raise error
if ($this->options['basedn'] == "") {
return PEAR::raiseError("Auth_Container_LDAP: LDAP search base not specified!", 41, PEAR_ERROR_DIE);
}
return true;
}
 
/**
* determines whether there is a valid ldap conenction or not
*
* @accessd private
* @return boolean
*/
function _isValidLink()
{
if(is_resource($this->conn_id)) {
if(get_resource_type($this->conn_id) == 'ldap link') {
return true;
}
}
return false;
}
 
/**
* Set some default options
*
* @access private
*/
function _setDefaults()
{
$this->options['host'] = 'localhost';
$this->options['port'] = '389';
$this->options['binddn'] = '';
$this->options['bindpw'] = '';
$this->options['scope'] = 'sub';
$this->options['basedn'] = '';
$this->options['userdn'] = '';
$this->options['userattr'] = "uid";
$this->options['useroc'] = 'posixAccount';
$this->options['groupdn'] = '';
$this->options['groupattr'] = 'cn';
$this->options['groupoc'] = 'groupOfUniqueNames';
$this->options['memberattr'] = 'uniqueMember';
$this->options['memberisdn'] = true;
$this->options['debug'] = false;
}
 
/**
* Parse options passed to the container class
*
* @access private
* @param array
*/
function _parseOptions($array)
{
foreach ($array as $key => $value) {
$this->options[$key] = $value;
}
 
// get the according search function for selected scope
switch($this->options['scope']) {
case 'one':
$this->ldap_search_func = 'ldap_list';
break;
case 'base':
$this->ldap_search_func = 'ldap_read';
break;
default:
$this->ldap_search_func = 'ldap_search';
break;
}
$this->_debug("LDAP search function will be: {$this->ldap_search_func}", __LINE__);
}
 
/**
* Fetch data from LDAP server
*
* Searches the LDAP server for the given username/password
* combination.
*
* @param string Username
* @param string Password
* @return boolean
*/
function fetchData($username, $password)
{
 
$this->_connect();
$this->_getBaseDN();
// make search filter
$filter = sprintf('(&(objectClass=%s)(%s=%s))', $this->options['useroc'], $this->options['userattr'], $username);
 
// make search base dn
$search_basedn = $this->options['userdn'];
if ($search_basedn != '' && substr($search_basedn, -1) != ',') {
$search_basedn .= ',';
}
$search_basedn .= $this->options['basedn'];
// make functions params array
$func_params = array($this->conn_id, $search_basedn, $filter, array($this->options['userattr']));
 
$this->_debug("Searching with $filter in $search_basedn", __LINE__);
 
// search
if (($result_id = @call_user_func_array($this->ldap_search_func, $func_params)) == false) {
$this->_debug('User not found', __LINE__);
} elseif (ldap_count_entries($this->conn_id, $result_id) == 1) { // did we get just one entry?
 
$this->_debug('User was found', __LINE__);
// then get the user dn
$entry_id = ldap_first_entry($this->conn_id, $result_id);
$user_dn = ldap_get_dn($this->conn_id, $entry_id);
 
ldap_free_result($result_id);
 
// need to catch an empty password as openldap seems to return TRUE
// if anonymous binding is allowed
if ($password != "") {
$this->_debug("Bind as $user_dn", __LINE__);
 
// try binding as this user with the supplied password
if (@ldap_bind($this->conn_id, $user_dn, $password)) {
$this->_debug('Bind successful', __LINE__);
 
// check group if appropiate
if(isset($this->options['group'])) {
// decide whether memberattr value is a dn or the username
$this->_debug('Checking group membership', __LINE__);
return $this->checkGroup(($this->options['memberisdn']) ? $user_dn : $username);
} else {
$this->_debug('Authenticated', __LINE__);
$this->_disconnect();
return true; // user authenticated
} // checkGroup
} // bind
} // non-empty password
} // one entry
// default
$this->_debug('NOT authenticated!', __LINE__);
$this->_disconnect();
return false;
}
 
/**
* Validate group membership
*
* Searches the LDAP server for group membership of the
* authenticated user
*
* @param string Distinguished Name of the authenticated User
* @return boolean
*/
function checkGroup($user)
{
// make filter
$filter = sprintf('(&(%s=%s)(objectClass=%s)(%s=%s))',
$this->options['groupattr'],
$this->options['group'],
$this->options['groupoc'],
$this->options['memberattr'],
$user
);
 
// make search base dn
$search_basedn = $this->options['groupdn'];
if($search_basedn != '' && substr($search_basedn, -1) != ',') {
$search_basedn .= ',';
}
$search_basedn .= $this->options['basedn'];
$func_params = array($this->conn_id, $search_basedn, $filter, array($this->options['memberattr']));
 
$this->_debug("Searching with $filter in $search_basedn", __LINE__);
// search
if(($result_id = @call_user_func_array($this->ldap_search_func, $func_params)) != false) {
if(ldap_count_entries($this->conn_id, $result_id) == 1) {
ldap_free_result($result_id);
$this->_debug('User is member of group', __LINE__);
$this->_disconnect();
return true;
}
}
 
// default
$this->_debug('User is NOT member of group', __LINE__);
$this->_disconnect();
return false;
}
 
/**
* Outputs debugging messages
*
* @access private
* @param string Debugging Message
* @param integer Line number
*/
function _debug($msg = '', $line = 0)
{
if($this->options['debug'] === true) {
if($msg == '' && $this->_isValidLink()) {
$msg = 'LDAP_Error: ' . @ldap_err2str(@ldap_errno($this->_conn_id));
}
print("$line: $msg <br />");
}
}
}
 
?>
/tags/v1.0-Homere/bibliotheque/pear/Auth/Container/POP3.php
New file
0,0 → 1,107
<?php
/* vim: set expandtab tabstop=4 shiftwidth=4: */
// +----------------------------------------------------------------------+
// | PHP Version 4 |
// +----------------------------------------------------------------------+
// | Copyright (c) 1997-2002 The PHP Group |
// +----------------------------------------------------------------------+
// | This source file is subject to version 2.02 of the PHP license, |
// | that is bundled with this package in the file LICENSE, and is |
// | available at through the world-wide-web at |
// | http://www.php.net/license/2_02.txt. |
// | If you did not receive a copy of the PHP license and are unable to |
// | obtain it through the world-wide-web, please send a note to |
// | license@php.net so we can mail you a copy immediately. |
// +----------------------------------------------------------------------+
// | Authors: Stefan Ekman <stekman@sedata.org> |
// | Martin Jansen <mj@php.net> |
// | Mika Tuupola <tuupola@appelsiini.net> |
// +----------------------------------------------------------------------+
//
// $Id: POP3.php,v 1.3 2003/07/28 21:39:39 yavo Exp $
//
 
 
require_once('Auth/Container.php');
require_once('PEAR.php');
require_once('Net/POP3.php');
 
/**
* Storage driver for Authentication on a POP3 server.
*
* @author Yavor Shahpasov <yavo@netsmart.com.cy>
* @package Auth
* @version $Revision: 1.3 $
*/
class Auth_Container_POP3 extends Auth_Container
{
/**
* POP3 Server
* @var string
*/
var $server='localhost';
 
/**
* POP3 Server port
* @var string
*/
var $port='110';
 
// {{{ Constructor
 
/**
* Constructor of the container class
*
* @param $server string server or server:port combination
* @return object Returns an error object if something went wrong
*/
function Auth_Container_POP3($server=null)
{
if(isset($server)){
if(is_array($server)){
if(isset($server['host'])){
$this->server = $server['host'];
}
if(isset($server['port'])){
$this->port = $server['port'];
}
}
else{
if(strstr($server, ':')){
$serverparts = explode(':', trim($server));
$this->server = $serverparts[0];
$this->port = $serverparts[1];
}
else
{
$this->server = $server;
}
}
}
}
 
// }}}
// {{{ fetchData()
 
/**
* Try to login to the POP3 server
*
* @param string Username
* @param string Password
* @return boolean
*/
function fetchData($username, $password)
{
$pop3 =& new Net_POP3();
$res = $pop3->connect($this->server, $this->port);
if(!$res){
return($res);
}
$result = $pop3->login($username, $password);
$pop3->disconnect();
return $result;
}
 
// }}}
}
?>
/tags/v1.0-Homere/bibliotheque/pear/Auth/Container/MDB.php
New file
0,0 → 1,392
<?php
//
// +----------------------------------------------------------------------+
// | PHP Version 4 |
// +----------------------------------------------------------------------+
// | |
// +----------------------------------------------------------------------+
// | This source file is subject to version 2.02 of the PHP license, |
// | that is bundled with this package in the file LICENSE, and is |
// | available at through the world-wide-web at |
// | http://www.php.net/license/2_02.txt. |
// | If you did not receive a copy of the PHP license and are unable to |
// | obtain it through the world-wide-web, please send a note to |
// | license@php.net so we can mail you a copy immediately. |
// +----------------------------------------------------------------------+
// | Author: Lorenzo Alberton <l.alberton@quipo.it> |
// +----------------------------------------------------------------------+
//
// $Id: MDB.php,v 1.12 2003/10/13 08:08:45 yavo Exp $
//
 
require_once 'Auth/Container.php';
require_once 'MDB.php';
 
/**
* Storage driver for fetching login data from a database
*
* This storage driver can use all databases which are supported
* by the PEAR MDB abstraction layer to fetch login data.
*
* @author Lorenzo Alberton <l.alberton@quipo.it>
* @package Auth
* @version $Revision: 1.12 $
*/
class Auth_Container_MDB extends Auth_Container
{
 
/**
* Additional options for the storage container
* @var array
*/
var $options = array();
 
/**
* DB object
* @var object
*/
var $db = null;
var $dsn = '';
 
/**
* User that is currently selected from the DB.
* @var string
*/
var $activeUser = '';
 
// {{{ Constructor
 
/**
* Constructor of the container class
*
* Initate connection to the database via PEAR::DB
*
* @param string Connection data or DB object
* @return object Returns an error object if something went wrong
*/
function Auth_Container_MDB($dsn)
{
$this->_setDefaults();
 
if (is_array($dsn)) {
$this->_parseOptions($dsn);
if (empty($this->options['dsn'])) {
PEAR::raiseError('No connection parameters specified!');
}
} else {
$this->options['dsn'] = $dsn;
}
}
 
// }}}
// {{{ _connect()
 
/**
* Connect to database by using the given DSN string
*
* @access private
* @param string DSN string
* @return mixed Object on error, otherwise bool
*/
function _connect($dsn)
{
if (is_string($dsn) || is_array($dsn)) {
$this->db =& MDB::Connect($dsn);
} elseif (get_parent_class($dsn) == "mdb_common") {
$this->db = $dsn;
} elseif (is_object($dsn) && MDB::isError($dsn)) {
return PEAR::raiseError($dsn->getMessage(), $dsn->code);
} else {
return PEAR::raiseError('The given dsn was not valid in file ' . __FILE__ . ' at line ' . __LINE__,
41,
PEAR_ERROR_RETURN,
null,
null
);
 
}
 
if (MDB::isError($this->db) || PEAR::isError($this->db)) {
return PEAR::raiseError($this->db->getMessage(), $this->db->code);
} else {
return true;
}
}
 
// }}}
// {{{ _prepare()
 
/**
* Prepare database connection
*
* This function checks if we have already opened a connection to
* the database. If that's not the case, a new connection is opened.
*
* @access private
* @return mixed True or a DB error object.
*/
function _prepare()
{
return $this->_connect($this->options['dsn']);
}
 
// }}}
// {{{ query()
 
/**
* Prepare query to the database
*
* This function checks if we have already opened a connection to
* the database. If that's not the case, a new connection is opened.
* After that the query is passed to the database.
*
* @access public
* @param string Query string
* @return mixed a MDB_result object or MDB_OK on success, a MDB
* or PEAR error on failure
*/
function query($query)
{
$err = $this->_prepare();
if ($err !== true) {
return $err;
}
return $this->db->query($query);
}
 
// }}}
// {{{ _setDefaults()
 
/**
* Set some default options
*
* @access private
* @return void
*/
function _setDefaults()
{
$this->options['table'] = 'auth';
$this->options['usernamecol'] = 'username';
$this->options['passwordcol'] = 'password';
$this->options['dsn'] = '';
$this->options['db_fields'] = '';
$this->options['cryptType'] = 'md5';
}
 
// }}}
// {{{ _parseOptions()
 
/**
* Parse options passed to the container class
*
* @access private
* @param array
*/
function _parseOptions($array)
{
foreach ($array as $key => $value) {
if (isset($this->options[$key])) {
$this->options[$key] = $value;
}
}
 
// Include additional fields if they exist
if (!empty($this->options['db_fields'])) {
if (is_array($this->options['db_fields'])) {
$this->options['db_fields'] = join($this->options['db_fields'], ', ');
}
$this->options['db_fields'] = ', ' . $this->options['db_fields'];
}
 
}
 
// }}}
// {{{ fetchData()
 
/**
* Get user information from database
*
* This function uses the given username to fetch
* the corresponding login data from the database
* table. If an account that matches the passed username
* and password is found, the function returns true.
* Otherwise it returns false.
*
* @param string Username
* @param string Password
* @return mixed Error object or boolean
*/
function fetchData($username, $password)
{
// Prepare for a database query
$err = $this->_prepare();
if ($err !== true) {
return PEAR::raiseError($err->getMessage(), $err->getCode());
}
 
// Find if db_fileds contains a *, i so assume all col are selected
if (strstr($this->options['db_fields'], '*')) {
$sql_from = '*';
} else{
$sql_from = $this->options['usernamecol'] . ', '. $this->options['passwordcol'] . $this->options['db_fields'];
}
 
$query = sprintf("SELECT %s FROM %s WHERE %s = %s",
$sql_from,
$this->options['table'],
$this->options['usernamecol'],
$this->db->getTextValue($username)
);
 
$res = $this->db->getRow($query, null, null, null, MDB_FETCHMODE_ASSOC);
 
if (MDB::isError($res) || PEAR::isError($res)) {
return PEAR::raiseError($res->getMessage(), $res->getCode());
}
if (!is_array($res)) {
$this->activeUser = '';
return false;
}
if ($this->verifyPassword(trim($password, "\r\n"),
trim($res[$this->options['passwordcol']], "\r\n"),
$this->options['cryptType'])) {
// Store additional field values in the session
foreach ($res as $key => $value) {
if ($key == $this->options['passwordcol'] ||
$key == $this->options['usernamecol']) {
continue;
}
// Use reference to the auth object if exists
// This is because the auth session variable can change so a static call to setAuthData does not make sence
if(is_object($this->_auth_obj)){
$this->_auth_obj->setAuthData($key, $value);
} else {
Auth::setAuthData($key, $value);
}
}
 
return true;
}
 
$this->activeUser = $res[$this->options['usernamecol']];
return false;
}
 
// }}}
// {{{ listUsers()
 
function listUsers()
{
$err = $this->_prepare();
if ($err !== true) {
return PEAR::raiseError($err->getMessage(), $err->getCode());
}
 
$retVal = array();
 
// Find if db_fileds contains a *, i so assume all col are selected
if (strstr($this->options['db_fields'], '*')) {
$sql_from = '*';
} else{
$sql_from = $this->options['db_fields'];
}
 
$query = sprintf('SELECT %s FROM %s',
$sql_from,
$this->options['table']
);
 
$res = $this->db->getAll($query, null, null, null, MDB_FETCHMODE_ASSOC);
 
if (MDB::isError($res)) {
return PEAR::raiseError($res->getMessage(), $res->getCode());
} else {
foreach ($res as $user) {
$user['username'] = $user[$this->options['usernamecol']];
$retVal[] = $user;
}
}
return $retVal;
}
 
// }}}
// {{{ addUser()
 
/**
* Add user to the storage container
*
* @access public
* @param string Username
* @param string Password
* @param mixed Additional information that are stored in the DB
*
* @return mixed True on success, otherwise error object
*/
function addUser($username, $password, $additional = "")
{
if (function_exists($this->options['cryptType'])) {
$cryptFunction = $this->options['cryptType'];
} else {
$cryptFunction = 'md5';
}
 
$additional_key = '';
$additional_value = '';
 
if (is_array($additional)) {
foreach ($additional as $key => $value) {
$additional_key .= ', ' . $key;
$additional_value .= ', ' . $this->db->getTextValue($value);
}
}
 
$query = sprintf("INSERT INTO %s (%s, %s%s) VALUES (%s, %s%s)",
$this->options['table'],
$this->options['usernamecol'],
$this->options['passwordcol'],
$additional_key,
$this->db->getTextValue($username),
$this->db->getTextValue($cryptFunction($password)),
$additional_value
);
 
$res = $this->query($query);
 
if (MDB::isError($res)) {
return PEAR::raiseError($res->getMessage(), $res->code);
} else {
return true;
}
}
 
// }}}
// {{{ removeUser()
 
/**
* Remove user from the storage container
*
* @access public
* @param string Username
*
* @return mixed True on success, otherwise error object
*/
function removeUser($username)
{
$query = sprintf("DELETE FROM %s WHERE %s = %s",
$this->options['table'],
$this->options['usernamecol'],
$this->db->getTextValue($username)
);
 
$res = $this->query($query);
 
if (MDB::isError($res)) {
return PEAR::raiseError($res->getMessage(), $res->code);
} else {
return true;
}
}
 
// }}}
}
?>
/tags/v1.0-Homere/bibliotheque/pear/Auth/Container/SOAP.php
New file
0,0 → 1,170
<?php
//
// +----------------------------------------------------------------------+
// | PHP Version 4 |
// +----------------------------------------------------------------------+
// | Copyright (c) 1997-2002 The PHP Group |
// +----------------------------------------------------------------------+
// | This source file is subject to version 2.02 of the PHP license, |
// | that is bundled with this package in the file LICENSE, and is |
// | available at through the world-wide-web at |
// | http://www.php.net/license/2_02.txt. |
// | If you did not receive a copy of the PHP license and are unable to |
// | obtain it through the world-wide-web, please send a note to |
// | license@php.net so we can mail you a copy immediately. |
// +----------------------------------------------------------------------+
// | Authors: Bruno Pedro <bpedro@co.sapo.pt> |
// +----------------------------------------------------------------------+
//
// $Id: SOAP.php,v 1.6 2003/09/08 11:24:05 yavo Exp $
//
 
require_once "Auth/Container.php";
require_once "PEAR.php";
require_once 'SOAP/Client.php';
 
/**
* Storage driver for fetching login data from SOAP
*
* This class takes one parameter (options), where
* you specify the following fields: endpoint, namespace,
* method, encoding, usernamefield and passwordfield.
*
* You can use specify features of your SOAP service
* by providing its parameters in an associative manner by
* using the '_features' array through the options parameter.
*
* The 'matchpassword' option should be set to false if your
* webservice doesn't return (username,password) pairs, but
* instead returns error when the login is invalid.
*
* Example usage:
*
* <?php
*
* ...
*
* $options = array (
* 'endpoint' => 'http://your.soap.service/endpoint',
* 'namespace' => 'urn:/Your/Namespace',
* 'method' => 'get',
* 'encoding' => 'UTF-8',
* 'usernamefield' => 'login',
* 'passwordfield' => 'password',
* 'matchpasswords' => false,
* '_features' => array (
* 'example_feature' => 'example_value',
* 'another_example' => ''
* )
* );
* $auth = new Auth('SOAP', $options, 'loginFunction');
* $auth->start();
*
* ...
*
* ?>
*
* @author Bruno Pedro <bpedro@co.sapo.pt>
* @package Auth
* @version $Revision: 1.6 $
*/
class Auth_Container_SOAP extends Auth_Container
{
 
/**
* Required options for the class
* @var array
* @access private
*/
var $_requiredOptions = array('endpoint', 'namespace', 'method', 'encoding', 'usernamefield', 'passwordfield');
 
/**
* Options for the class
* @var array
* @access private
*/
var $_options = array();
 
/**
* Optional SOAP features
* @var array
* @access private
*/
var $_features = array();
 
/**
* The SOAP response
* @var array
* @access public
*/
var $soapResponse = array();
 
/**
* Constructor of the container class
*
* @param $options, associative array with endpoint, namespace, method,
* usernamefield, passwordfield and optional features
*/
function Auth_Container_SOAP($options)
{
$this->_options = $options;
if (!isset($this->_options['matchpasswords'])) {
$this->_options['matchpasswords'] = true;
}
if (!empty($this->_options['_features'])) {
$this->_features = $this->_options['_features'];
unset($this->_options['_features']);
}
}
 
/**
* Fetch data from SOAP service
*
* Requests the SOAP service for the given username/password
* combination.
*
* @param string Username
* @param string Password
* @return mixed Returns the SOAP response or false if something went wrong
*/
function fetchData($username, $password)
{
// check if all required options are set
if (array_intersect($this->_requiredOptions, array_keys($this->_options)) != $this->_requiredOptions) {
return false;
} else {
// create a SOAP client and set encoding
$soapClient = new SOAP_Client($this->_options['endpoint']);
$soapClient->setEncoding($this->_options['encoding']);
}
// assign username and password fields
$usernameField = new SOAP_Value($this->_options['usernamefield'],'string', $username);
$passwordField = new SOAP_Value($this->_options['passwordfield'],'string', $password);
$SOAPParams = array($usernameField, $passwordField);
// assign optional features
foreach ($this->_features as $fieldName => $fieldValue) {
$SOAPParams[] = new SOAP_Value($fieldName, 'string', $fieldValue);
}
// make SOAP call
$this->soapResponse = $soapClient->call(
$this->_options['method'],
$SOAPParams,
array('namespace' => $this->_options['namespace'])
);
if (!PEAR::isError($this->soapResponse)) {
if ($this->_options['matchpasswords']) {
// check if passwords match
if ($password == $this->soapResponse->{$this->_options['passwordfield']}) {
return true;
} else {
return false;
}
} else {
return true;
}
} else {
return false;
}
}
}
?>
/tags/v1.0-Homere/bibliotheque/pear/Auth/Container/SMBPasswd.php
New file
0,0 → 1,134
<?php
/* vim: set expandtab tabstop=4 shiftwidth=4: */
// +----------------------------------------------------------------------+
// | PHP Version 4 |
// +----------------------------------------------------------------------+
// | Copyright (c) 1997-2003 The PHP Group |
// +----------------------------------------------------------------------+
// | This source file is subject to version 2.02 of the PHP license, |
// | that is bundled with this package in the file LICENSE, and is |
// | available at through the world-wide-web at |
// | http://www.php.net/license/2_02.txt. |
// | If you did not receive a copy of the PHP license and are unable to |
// | obtain it through the world-wide-web, please send a note to |
// | license@php.net so we can mail you a copy immediately. |
// +----------------------------------------------------------------------+
// | Authors: Michael Bretterklieber <michael@bretterklieber.com> |
// +----------------------------------------------------------------------+
//
// $Id: SMBPasswd.php,v 1.1 2003/05/13 19:23:54 mbretter Exp $
//
 
require_once "File/SMBPasswd.php";
require_once "Auth/Container.php";
require_once "PEAR.php";
 
/**
* Storage driver for fetching login data from an SAMBA smbpasswd file.
*
* This storage container can handle SAMBA smbpasswd files.
*
* Example:
* $a = new Auth("SMBPasswd", '/usr/local/private/smbpasswd');
* $a->start();
* if ($a->getAuth()) {
* printf ("AUTH OK<br>\n");
* $a->logout();
* }
*
* @author Michael Bretterklieber <michael@bretterklieber.com>
* @package Auth
* @version $Revision: 1.1 $
*/
class Auth_Container_SMBPasswd extends Auth_Container
{
/**
* File_SMBPasswd object
* @var object
*/
var $pwfile;
 
// {{{ Constructor
 
/**
* Constructor of the container class
*
* @param $filename string filename for a passwd type file
* @return object Returns an error object if something went wrong
*/
function Auth_Container_SMBPasswd($filename)
{
$this->pwfile = new File_SMBPasswd($filename,0);
 
if (!$this->pwfile->load()) {
PEAR::raiseError("Error while reading file contents.", 41, PEAR_ERROR_DIE);
return;
}
 
}
 
// }}}
// {{{ fetchData()
 
/**
* Get user information from pwfile
*
* @param string Username
* @param string Password
* @return boolean
*/
function fetchData($username, $password)
{
return $this->pwfile->verifyAccount($username, $password);
}
 
// }}}
// {{{ listUsers()
function listUsers()
{
return $this->pwfile->getAccounts();
}
 
// }}}
// {{{ addUser()
 
/**
* Add a new user to the storage container
*
* @param string Username
* @param string Password
* @param array Additional information
*
* @return boolean
*/
function addUser($username, $password, $additional = '')
{
$res = $this->pwfile->addUser($user, $additional['userid'], $pass);
if ($res === true) {
return $this->pwfile->save();
}
return $res;
}
 
// }}}
// {{{ removeUser()
 
/**
* Remove user from the storage container
*
* @param string Username
*/
function removeUser($username)
{
$res = $this->pwfile->delUser($username);
if ($res === true) {
return $this->pwfile->save();
}
return $res;
}
 
// }}}
 
}
?>
/tags/v1.0-Homere/bibliotheque/pear/Auth/SASL/Plain.php
New file
0,0 → 1,63
<?php
// +-----------------------------------------------------------------------+
// | Copyright (c) 2002-2003 Richard Heyes |
// | All rights reserved. |
// | |
// | Redistribution and use in source and binary forms, with or without |
// | modification, are permitted provided that the following conditions |
// | are met: |
// | |
// | o Redistributions of source code must retain the above copyright |
// | notice, this list of conditions and the following disclaimer. |
// | o Redistributions in binary form must reproduce the above copyright |
// | notice, this list of conditions and the following disclaimer in the |
// | documentation and/or other materials provided with the distribution.|
// | o The names of the authors may not be used to endorse or promote |
// | products derived from this software without specific prior written |
// | permission. |
// | |
// | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
// | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
// | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
// | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
// | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
// | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
// | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
// | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
// | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
// | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
// | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
// | |
// +-----------------------------------------------------------------------+
// | Author: Richard Heyes <richard@php.net> |
// +-----------------------------------------------------------------------+
//
// $Id: Plain.php,v 1.6 2003/09/11 18:53:56 mbretter Exp $
 
/**
* Implmentation of PLAIN SASL mechanism
*
* @author Richard Heyes <richard@php.net>
* @access public
* @version 1.0
* @package Auth_SASL
*/
 
require_once('Auth/SASL/Common.php');
 
class Auth_SASL_Plain extends Auth_SASL_Common
{
/**
* Returns PLAIN response
*
* @param string $authcid Authentication id (username)
* @param string $pass Password
* @param string $authzid Autorization id
* @return string PLAIN Response
*/
function getResponse($authcid, $pass, $authzid = '')
{
return $authzid . chr(0) . $authcid . chr(0) . $pass;
}
}
?>
/tags/v1.0-Homere/bibliotheque/pear/Auth/SASL/DigestMD5.php
New file
0,0 → 1,198
<?php
// +-----------------------------------------------------------------------+
// | Copyright (c) 2002-2003 Richard Heyes |
// | All rights reserved. |
// | |
// | Redistribution and use in source and binary forms, with or without |
// | modification, are permitted provided that the following conditions |
// | are met: |
// | |
// | o Redistributions of source code must retain the above copyright |
// | notice, this list of conditions and the following disclaimer. |
// | o Redistributions in binary form must reproduce the above copyright |
// | notice, this list of conditions and the following disclaimer in the |
// | documentation and/or other materials provided with the distribution.|
// | o The names of the authors may not be used to endorse or promote |
// | products derived from this software without specific prior written |
// | permission. |
// | |
// | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
// | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
// | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
// | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
// | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
// | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
// | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
// | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
// | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
// | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
// | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
// | |
// +-----------------------------------------------------------------------+
// | Author: Richard Heyes <richard@php.net> |
// +-----------------------------------------------------------------------+
//
// $Id: DigestMD5.php,v 1.8 2006/03/22 05:20:11 amistry Exp $
 
/**
* Implmentation of DIGEST-MD5 SASL mechanism
*
* @author Richard Heyes <richard@php.net>
* @access public
* @version 1.0
* @package Auth_SASL
*/
 
require_once('Auth/SASL/Common.php');
 
class Auth_SASL_DigestMD5 extends Auth_SASL_Common
{
/**
* Provides the (main) client response for DIGEST-MD5
* requires a few extra parameters than the other
* mechanisms, which are unavoidable.
*
* @param string $authcid Authentication id (username)
* @param string $pass Password
* @param string $challenge The digest challenge sent by the server
* @param string $hostname The hostname of the machine you're connecting to
* @param string $service The servicename (eg. imap, pop, acap etc)
* @param string $authzid Authorization id (username to proxy as)
* @return string The digest response (NOT base64 encoded)
* @access public
*/
function getResponse($authcid, $pass, $challenge, $hostname, $service, $authzid = '')
{
$challenge = $this->_parseChallenge($challenge);
$authzid_string = '';
if ($authzid != '') {
$authzid_string = ',authzid="' . $authzid . '"';
}
 
if (!empty($challenge)) {
$cnonce = $this->_getCnonce();
$digest_uri = sprintf('%s/%s', $service, $hostname);
$response_value = $this->_getResponseValue($authcid, $pass, $challenge['realm'], $challenge['nonce'], $cnonce, $digest_uri, $authzid);
 
if ($challenge['realm']) {
return sprintf('username="%s",realm="%s"' . $authzid_string .
',nonce="%s",cnonce="%s",nc=00000001,qop=auth,digest-uri="%s",response=%s,maxbuf=%d', $authcid, $challenge['realm'], $challenge['nonce'], $cnonce, $digest_uri, $response_value, $challenge['maxbuf']);
} else {
return sprintf('username="%s"' . $authzid_string . ',nonce="%s",cnonce="%s",nc=00000001,qop=auth,digest-uri="%s",response=%s,maxbuf=%d', $authcid, $challenge['nonce'], $cnonce, $digest_uri, $response_value, $challenge['maxbuf']);
}
} else {
return PEAR::raiseError('Invalid digest challenge');
}
}
/**
* Parses and verifies the digest challenge*
*
* @param string $challenge The digest challenge
* @return array The parsed challenge as an assoc
* array in the form "directive => value".
* @access private
*/
function _parseChallenge($challenge)
{
$tokens = array();
while (preg_match('/^([a-z-]+)=("[^"]+(?<!\\\)"|[^,]+)/i', $challenge, $matches)) {
 
// Ignore these as per rfc2831
if ($matches[1] == 'opaque' OR $matches[1] == 'domain') {
$challenge = substr($challenge, strlen($matches[0]) + 1);
continue;
}
 
// Allowed multiple "realm" and "auth-param"
if (!empty($tokens[$matches[1]]) AND ($matches[1] == 'realm' OR $matches[1] == 'auth-param')) {
if (is_array($tokens[$matches[1]])) {
$tokens[$matches[1]][] = preg_replace('/^"(.*)"$/', '\\1', $matches[2]);
} else {
$tokens[$matches[1]] = array($tokens[$matches[1]], preg_replace('/^"(.*)"$/', '\\1', $matches[2]));
}
 
// Any other multiple instance = failure
} elseif (!empty($tokens[$matches[1]])) {
$tokens = array();
break;
 
} else {
$tokens[$matches[1]] = preg_replace('/^"(.*)"$/', '\\1', $matches[2]);
}
 
// Remove the just parsed directive from the challenge
$challenge = substr($challenge, strlen($matches[0]) + 1);
}
 
/**
* Defaults and required directives
*/
// Realm
if (empty($tokens['realm'])) {
$tokens['realm'] = "";
}
 
// Maxbuf
if (empty($tokens['maxbuf'])) {
$tokens['maxbuf'] = 65536;
}
 
// Required: nonce, algorithm
if (empty($tokens['nonce']) OR empty($tokens['algorithm'])) {
return array();
}
 
return $tokens;
}
 
/**
* Creates the response= part of the digest response
*
* @param string $authcid Authentication id (username)
* @param string $pass Password
* @param string $realm Realm as provided by the server
* @param string $nonce Nonce as provided by the server
* @param string $cnonce Client nonce
* @param string $digest_uri The digest-uri= value part of the response
* @param string $authzid Authorization id
* @return string The response= part of the digest response
* @access private
*/
function _getResponseValue($authcid, $pass, $realm, $nonce, $cnonce, $digest_uri, $authzid = '')
{
if ($authzid == '') {
$A1 = sprintf('%s:%s:%s', pack('H32', md5(sprintf('%s:%s:%s', $authcid, $realm, $pass))), $nonce, $cnonce);
} else {
$A1 = sprintf('%s:%s:%s:%s', pack('H32', md5(sprintf('%s:%s:%s', $authcid, $realm, $pass))), $nonce, $cnonce, $authzid);
}
$A2 = 'AUTHENTICATE:' . $digest_uri;
return md5(sprintf('%s:%s:00000001:%s:auth:%s', md5($A1), $nonce, $cnonce, md5($A2)));
}
 
/**
* Creates the client nonce for the response
*
* @return string The cnonce value
* @access private
*/
function _getCnonce()
{
if (file_exists('/dev/urandom') && $fd = @fopen('/dev/urandom', 'r')) {
return base64_encode(fread($fd, 32));
 
} elseif (file_exists('/dev/random') && $fd = @fopen('/dev/random', 'r')) {
return base64_encode(fread($fd, 32));
 
} else {
$str = '';
mt_srand((double)microtime()*10000000);
for ($i=0; $i<32; $i++) {
$str .= chr(mt_rand(0, 255));
}
return base64_encode($str);
}
}
}
?>
/tags/v1.0-Homere/bibliotheque/pear/Auth/SASL/Anonymous.php
New file
0,0 → 1,71
<?php
// +-----------------------------------------------------------------------+
// | Copyright (c) 2002-2003 Richard Heyes |
// | All rights reserved. |
// | |
// | Redistribution and use in source and binary forms, with or without |
// | modification, are permitted provided that the following conditions |
// | are met: |
// | |
// | o Redistributions of source code must retain the above copyright |
// | notice, this list of conditions and the following disclaimer. |
// | o Redistributions in binary form must reproduce the above copyright |
// | notice, this list of conditions and the following disclaimer in the |
// | documentation and/or other materials provided with the distribution.|
// | o The names of the authors may not be used to endorse or promote |
// | products derived from this software without specific prior written |
// | permission. |
// | |
// | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
// | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
// | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
// | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
// | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
// | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
// | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
// | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
// | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
// | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
// | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
// | |
// +-----------------------------------------------------------------------+
// | Author: Richard Heyes <richard@php.net> |
// +-----------------------------------------------------------------------+
//
// $Id: Anonymous.php,v 1.4 2003/02/21 16:07:17 mj Exp $
 
/**
* Implmentation of ANONYMOUS SASL mechanism
*
* @author Richard Heyes <richard@php.net>
* @access public
* @version 1.0
* @package Auth_SASL
*/
 
require_once('Auth/SASL/Common.php');
 
class Auth_SASL_Anonymous extends Auth_SASL_Common
{
/**
* Not much to do here except return the token supplied.
* No encoding, hashing or encryption takes place for this
* mechanism, simply one of:
* o An email address
* o An opaque string not containing "@" that can be interpreted
* by the sysadmin
* o Nothing
*
* We could have some logic here for the second option, but this
* would by no means create something interpretable.
*
* @param string $token Optional email address or string to provide
* as trace information.
* @return string The unaltered input token
*/
function getResponse($token = '')
{
return $token;
}
}
?>
/tags/v1.0-Homere/bibliotheque/pear/Auth/SASL/Common.php
New file
0,0 → 1,74
<?php
// +-----------------------------------------------------------------------+
// | Copyright (c) 2002-2003 Richard Heyes |
// | All rights reserved. |
// | |
// | Redistribution and use in source and binary forms, with or without |
// | modification, are permitted provided that the following conditions |
// | are met: |
// | |
// | o Redistributions of source code must retain the above copyright |
// | notice, this list of conditions and the following disclaimer. |
// | o Redistributions in binary form must reproduce the above copyright |
// | notice, this list of conditions and the following disclaimer in the |
// | documentation and/or other materials provided with the distribution.|
// | o The names of the authors may not be used to endorse or promote |
// | products derived from this software without specific prior written |
// | permission. |
// | |
// | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
// | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
// | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
// | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
// | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
// | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
// | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
// | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
// | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
// | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
// | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
// | |
// +-----------------------------------------------------------------------+
// | Author: Richard Heyes <richard@php.net> |
// +-----------------------------------------------------------------------+
//
// $Id: Common.php,v 1.6 2003/02/21 16:07:17 mj Exp $
 
/**
* Common functionality to SASL mechanisms
*
* @author Richard Heyes <richard@php.net>
* @access public
* @version 1.0
* @package Auth_SASL
*/
 
class Auth_SASL_Common
{
/**
* Function which implements HMAC MD5 digest
*
* @param string $key The secret key
* @param string $data The data to protect
* @return string The HMAC MD5 digest
*/
function _HMAC_MD5($key, $data)
{
if (strlen($key) > 64) {
$key = pack('H32', md5($key));
}
 
if (strlen($key) < 64) {
$key = str_pad($key, 64, chr(0));
}
 
$k_ipad = substr($key, 0, 64) ^ str_repeat(chr(0x36), 64);
$k_opad = substr($key, 0, 64) ^ str_repeat(chr(0x5C), 64);
 
$inner = pack('H32', md5($k_ipad . $data));
$digest = md5($k_opad . $inner);
 
return $digest;
}
}
?>
/tags/v1.0-Homere/bibliotheque/pear/Auth/SASL/CramMD5.php
New file
0,0 → 1,68
<?php
// +-----------------------------------------------------------------------+
// | Copyright (c) 2002-2003 Richard Heyes |
// | All rights reserved. |
// | |
// | Redistribution and use in source and binary forms, with or without |
// | modification, are permitted provided that the following conditions |
// | are met: |
// | |
// | o Redistributions of source code must retain the above copyright |
// | notice, this list of conditions and the following disclaimer. |
// | o Redistributions in binary form must reproduce the above copyright |
// | notice, this list of conditions and the following disclaimer in the |
// | documentation and/or other materials provided with the distribution.|
// | o The names of the authors may not be used to endorse or promote |
// | products derived from this software without specific prior written |
// | permission. |
// | |
// | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
// | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
// | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
// | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
// | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
// | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
// | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
// | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
// | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
// | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
// | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
// | |
// +-----------------------------------------------------------------------+
// | Author: Richard Heyes <richard@php.net> |
// +-----------------------------------------------------------------------+
//
// $Id: CramMD5.php,v 1.4 2003/02/21 16:07:17 mj Exp $
 
/**
* Implmentation of CRAM-MD5 SASL mechanism
*
* @author Richard Heyes <richard@php.net>
* @access public
* @version 1.0
* @package Auth_SASL
*/
 
require_once('Auth/SASL/Common.php');
 
class Auth_SASL_CramMD5 extends Auth_SASL_Common
{
/**
* Implements the CRAM-MD5 SASL mechanism
* This DOES NOT base64 encode the return value,
* you will need to do that yourself.
*
* @param string $user Username
* @param string $pass Password
* @param string $challenge The challenge supplied by the server.
* this should be already base64_decoded.
*
* @return string The string to pass back to the server, of the form
* "<user> <digest>". This is NOT base64_encoded.
*/
function getResponse($user, $pass, $challenge)
{
return $user . ' ' . $this->_HMAC_MD5($pass, $challenge);
}
}
?>
/tags/v1.0-Homere/bibliotheque/pear/Auth/SASL/Login.php
New file
0,0 → 1,65
<?php
// +-----------------------------------------------------------------------+
// | Copyright (c) 2002-2003 Richard Heyes |
// | All rights reserved. |
// | |
// | Redistribution and use in source and binary forms, with or without |
// | modification, are permitted provided that the following conditions |
// | are met: |
// | |
// | o Redistributions of source code must retain the above copyright |
// | notice, this list of conditions and the following disclaimer. |
// | o Redistributions in binary form must reproduce the above copyright |
// | notice, this list of conditions and the following disclaimer in the |
// | documentation and/or other materials provided with the distribution.|
// | o The names of the authors may not be used to endorse or promote |
// | products derived from this software without specific prior written |
// | permission. |
// | |
// | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
// | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
// | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
// | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
// | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
// | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
// | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
// | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
// | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
// | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
// | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
// | |
// +-----------------------------------------------------------------------+
// | Author: Richard Heyes <richard@php.net> |
// +-----------------------------------------------------------------------+
//
// $Id: Login.php,v 1.4 2003/02/21 16:07:17 mj Exp $
 
/**
* This is technically not a SASL mechanism, however
* it's used by Net_Sieve, Net_Cyrus and potentially
* other protocols , so here is a good place to abstract
* it.
*
* @author Richard Heyes <richard@php.net>
* @access public
* @version 1.0
* @package Auth_SASL
*/
 
require_once('Auth/SASL/Common.php');
 
class Auth_SASL_Login extends Auth_SASL_Common
{
/**
* Pseudo SASL LOGIN mechanism
*
* @param string $user Username
* @param string $pass Password
* @return string LOGIN string
*/
function getResponse($user, $pass)
{
return sprintf('LOGIN %s %s', $user, $pass);
}
}
?>
/tags/v1.0-Homere/bibliotheque/pear/Auth/HTTP.php
New file
0,0 → 1,795
<?php
//
// +----------------------------------------------------------------------+
// | PHP Version 4 |
// +----------------------------------------------------------------------+
// | Copyright (c) 1997-2004 The PHP Group |
// +----------------------------------------------------------------------+
// | This source file is subject to version 2.02 of the PHP license, |
// | that is bundled with this package in the file LICENSE, and is |
// | available at through the world-wide-web at |
// | http://www.php.net/license/2_02.txt. |
// | If you did not receive a copy of the PHP license and are unable to |
// | obtain it through the world-wide-web, please send a note to |
// | license@php.net so we can mail you a copy immediately. |
// +----------------------------------------------------------------------+
// | Authors: Martin Jansen <mj@php.net> |
// | Rui Hirokawa <hirokawa@php.net> |
// | David Costa <gurugeek@php.net> |
// +----------------------------------------------------------------------+
//
// $Id: Auth_HTTP.php,v 1.27 2005/04/04 12:48:33 hirokawa Exp $
//
 
require_once "Auth/Auth.php";
 
define('AUTH_HTTP_NONCE_TIME_LEN', 16);
define('AUTH_HTTP_NONCE_HASH_LEN', 32);
 
// {{{ class Auth_HTTP
 
/**
* PEAR::Auth_HTTP
*
* The PEAR::Auth_HTTP class provides methods for creating an
* HTTP authentication system based on RFC-2617 using PHP.
*
* Instead of generating an HTML driven form like PEAR::Auth
* does, this class sends header commands to the clients which
* cause them to present a login box like they are e.g. used
* in Apache's .htaccess mechanism.
*
* This class requires the PEAR::Auth package.
*
* @notes The HTTP Digest Authentication part is based on
* authentication class written by Tom Pike <tom.pike@xiven.com>
*
* @author Martin Jansen <mj@php.net>
* @author Rui Hirokawa <hirokawa@php.net>
* @author David Costa <gurugeek@php.net>
* @package Auth_HTTP
* @extends Auth
* @version $Revision: 1.27 $
*/
class Auth_HTTP extends Auth
{
// {{{ properties
 
/**
* Authorization method: 'basic' or 'digest'
*
* @access public
* @var string
*/
var $authType = 'basic';
/**
* Name of the realm for Basic Authentication
*
* @access public
* @var string
* @see drawLogin()
*/
var $realm = "protected area";
 
/**
* Text to send if user hits cancel button
*
* @access public
* @var string
* @see drawLogin()
*/
var $CancelText = "Error 401 - Access denied";
 
/**
* option array
*
* @access public
* @var array
*/
var $options = array();
 
/**
* flag to indicate the nonce was stale.
*
* @access public
* @var bool
*/
var $stale = false;
 
/**
* opaque string for digest authentication
*
* @access public
* @var string
*/
var $opaque = 'dummy';
 
/**
* digest URI
*
* @access public
* @var string
*/
var $uri = '';
 
/**
* authorization info returned by the client
*
* @access public
* @var array
*/
var $auth = array();
 
/**
* next nonce value
*
* @access public
* @var string
*/
var $nextNonce = '';
 
/**
* nonce value
*
* @access public
* @var string
*/
var $nonce = '';
 
/**
* Holds a reference to the global server variable
* @var array
*/
var $server;
 
/**
* Holds a reference to the global post variable
* @var array
*/
var $post;
 
/**
* Holds a reference to the global cookie variable
* @var array
*/
var $cookie;
 
 
// }}}
// {{{ Constructor
 
/**
* Constructor
*
* @param string Type of the storage driver
* @param mixed Additional options for the storage driver
* (example: if you are using DB as the storage
* driver, you have to pass the dsn string here)
*
* @return void
*/
function Auth_HTTP($storageDriver, $options = '')
{
/* set default values for options */
$this->options = array('cryptType' => 'md5',
'algorithm' => 'MD5',
'qop' => 'auth-int,auth',
'opaquekey' => 'moo',
'noncekey' => 'moo',
'digestRealm' => 'protected area',
'forceDigestOnly' => false,
'nonceLife' => 300,
'sessionSharing' => true,
);
if (!empty($options['authType'])) {
$this->authType = strtolower($options['authType']);
}
if (is_array($options)) {
foreach($options as $key => $value) {
if (array_key_exists( $key, $this->options)) {
$this->options[$key] = $value;
}
}
if (!empty($this->options['opaquekey'])) {
$this->opaque = md5($this->options['opaquekey']);
}
}
$this->Auth($storageDriver, $options);
}
// }}}
// {{{ assignData()
 
/**
* Assign values from $PHP_AUTH_USER and $PHP_AUTH_PW or 'Authorization' header
* to internal variables and sets the session id based
* on them
*
* @access public
* @return void
*/
function assignData()
{
if (method_exists($this, '_importGlobalVariable')) {
$this->server = &$this->_importGlobalVariable('server');
}
if ($this->authType == 'basic') {
if (!empty($this->server['PHP_AUTH_USER'])) {
$this->username = $this->server['PHP_AUTH_USER'];
}
if (!empty($this->server['PHP_AUTH_PW'])) {
$this->password = $this->server['PHP_AUTH_PW'];
}
/**
* Try to get authentication information from IIS
*/
if (empty($this->username) && empty($this->password)) {
if (!empty($this->server['HTTP_AUTHORIZATION'])) {
list($this->username, $this->password) =
explode(':', base64_decode(substr($this->server['HTTP_AUTHORIZATION'], 6)));
}
}
} elseif ($this->authType == 'digest') {
$this->username = '';
$this->password = '';
 
$this->digest_header = null;
if (!empty($this->server['PHP_AUTH_DIGEST'])) {
$this->digest_header = substr($this->server['PHP_AUTH_DIGEST'],
strpos($this->server['PHP_AUTH_DIGEST'],' ')+1);
} else {
$headers = getallheaders();
if(isset($headers['Authorization']) && !empty($headers['Authorization'])) {
$this->digest_header = substr($headers['Authorization'],
strpos($headers['Authorization'],' ')+1);
}
}
 
if($this->digest_header) {
$authtemp = explode(',', $this->digest_header);
$auth = array();
foreach($authtemp as $key => $value) {
$value = trim($value);
if(strpos($value,'=') !== false) {
$lhs = substr($value,0,strpos($value,'='));
$rhs = substr($value,strpos($value,'=')+1);
if(substr($rhs,0,1) == '"' && substr($rhs,-1,1) == '"') {
$rhs = substr($rhs,1,-1);
}
$auth[$lhs] = $rhs;
}
}
}
if (!isset($auth['uri']) || !isset($auth['realm'])) {
return;
}
if ($this->selfURI() == $auth['uri']) {
$this->uri = $auth['uri'];
if (substr($headers['Authorization'],0,7) == 'Digest ') {
$this->authType = 'digest';
 
if (!isset($auth['nonce']) || !isset($auth['username']) ||
!isset($auth['response']) || !isset($auth['qop']) ||
!isset($auth['nc']) || !isset($auth['cnonce'])){
return;
}
 
if ($auth['qop'] != 'auth' && $auth['qop'] != 'auth-int') {
return;
}
$this->stale = $this->_judgeStale($auth['nonce']);
 
if ($this->nextNonce == false) {
return;
}
 
$this->username = $auth['username'];
$this->password = $auth['response'];
$this->auth['nonce'] = $auth['nonce'];
$this->auth['qop'] = $auth['qop'];
$this->auth['nc'] = $auth['nc'];
$this->auth['cnonce'] = $auth['cnonce'];
 
if (isset($auth['opaque'])) {
$this->auth['opaque'] = $auth['opaque'];
}
} elseif (substr($headers['Authorization'],0,6) == 'Basic ') {
if ($this->options['forceDigestOnly']) {
return; // Basic authentication is not allowed.
}
$this->authType = 'basic';
list($username, $password) =
explode(':',base64_decode(substr($headers['Authorization'],6)));
$this->username = $username;
$this->password = $password;
}
}
} else {
return PEAR::raiseError('authType is invalid.');
}
 
if ($this->options['sessionSharing'] &&
isset($this->username) && isset($this->password)) {
session_id(md5('Auth_HTTP' . $this->username . $this->password));
}
/**
* set sessionName for AUTH, so that the sessionName is different
* for distinct realms
*/
$this->_sessionName = "_authhttp".md5($this->realm);
}
 
// }}}
// {{{ login()
 
/**
* Login function
*
* @access private
* @return void
*/
function login()
{
$login_ok = false;
if (method_exists($this, '_loadStorage')) {
$this->_loadStorage();
}
$this->storage->_auth_obj->_sessionName =& $this->_sessionName;
 
/**
* When the user has already entered a username,
* we have to validate it.
*/
if (!empty($this->username) && !empty($this->password)) {
if ($this->authType == 'basic' && !$this->options['forceDigestOnly']) {
if (true === $this->storage->fetchData($this->username, $this->password)) {
$login_ok = true;
}
} else { /* digest authentication */
 
if (!$this->getAuth() || $this->getAuthData('a1') == null) {
/*
* note:
* - only PEAR::DB is supported as container.
* - password should be stored in container as plain-text
* (if $options['cryptType'] == 'none') or
* A1 hashed form (md5('username:realm:password'))
* (if $options['cryptType'] == 'md5')
*/
$dbs = $this->storage;
if (!DB::isConnection($dbs->db)) {
$dbs->_connect($dbs->options['dsn']);
}
$query = 'SELECT '.$dbs->options['passwordcol']." FROM ".$dbs->options['table'].
' WHERE '.$dbs->options['usernamecol']." = '".
$dbs->db->quoteString($this->username)."' ";
$pwd = $dbs->db->getOne($query); // password stored in container.
if (DB::isError($pwd)) {
return PEAR::raiseError($pwd->getMessage(), $pwd->getCode());
}
if ($this->options['cryptType'] == 'none') {
$a1 = md5($this->username.':'.$this->options['digestRealm'].':'.$pwd);
} else {
$a1 = $pwd;
}
$this->setAuthData('a1', $a1, true);
} else {
$a1 = $this->getAuthData('a1');
}
$login_ok = $this->validateDigest($this->password, $a1);
if ($this->nextNonce == false) {
$login_ok = false;
}
}
if (!$login_ok && is_callable($this->loginFailedCallback)) {
call_user_func($this->loginFailedCallback,$this->username, $this);
}
}
if (!empty($this->username) && $login_ok) {
$this->setAuth($this->username);
if (is_callable($this->loginCallback)) {
call_user_func($this->loginCallback,$this->username, $this);
}
}
/**
* If the login failed or the user entered no username,
* output the login screen again.
*/
if (!empty($this->username) && !$login_ok) {
$this->status = AUTH_WRONG_LOGIN;
}
if ((empty($this->username) || !$login_ok) && $this->showLogin) {
$this->drawLogin($this->storage->activeUser);
return;
}
 
if (!empty($this->username) && $login_ok && $this->authType == 'digest'
&& $this->auth['qop'] == 'auth') {
$this->authenticationInfo();
}
}
// }}}
// {{{ drawLogin()
 
/**
* Launch the login box
*
* @param string $username Username
* @return void
* @access private
*/
function drawLogin($username = "")
{
/**
* Send the header commands
*/
if ($this->authType == 'basic') {
header("WWW-Authenticate: Basic realm=\"".$this->realm."\"");
header('HTTP/1.0 401 Unauthorized');
} else if ($this->authType == 'digest') {
$this->nonce = $this->_getNonce();
 
$wwwauth = 'WWW-Authenticate: Digest ';
$wwwauth .= 'qop="'.$this->options['qop'].'", ';
$wwwauth .= 'algorithm='.$this->options['algorithm'].', ';
$wwwauth .= 'realm="'.$this->options['digestRealm'].'", ';
$wwwauth .= 'nonce="'.$this->nonce.'", ';
if ($this->stale) {
$wwwauth .= 'stale=true, ';
}
if (!empty($this->opaque)) {
$wwwauth .= 'opaque="'.$this->opaque.'"' ;
}
$wwwauth .= "\r\n";
if (!$this->options['forceDigestOnly']) {
$wwwauth .= 'WWW-Authenticate: Basic realm="'.$this->realm.'"';
}
header($wwwauth);
header('HTTP/1.0 401 Unauthorized');
}
 
/**
* This code is only executed if the user hits the cancel
* button or if he enters wrong data 3 times.
*/
if ($this->stale) {
echo 'Stale nonce value, please re-authenticate.';
} else {
echo $this->CancelText;
}
exit;
}
 
// }}}
// {{{ setRealm()
 
/**
* Set name of the current realm
*
* @access public
* @param string $realm Name of the realm
* @param string $digestRealm Name of the realm for digest authentication
* @return void
*/
function setRealm($realm, $digestRealm = '')
{
$this->realm = $realm;
if (!empty($digestRealm)) {
$this->options['digestRealm'] = $digestRealm;
}
}
 
// }}}
// {{{ setCancelText()
 
/**
* Set the text to send if user hits the cancel button
*
* @access public
* @param string $text Text to send
* @return void
*/
function setCancelText($text)
{
$this->CancelText = $text;
}
 
// }}}
// {{{ validateDigest()
/**
* judge if the client response is valid.
*
* @access private
* @param string $response client response
* @param string $a1 password or hashed password stored in container
* @return bool true if success, false otherwise
*/
function validateDigest($response, $a1)
{
if (method_exists($this, '_importGlobalVariable')) {
$this->server = &$this->_importGlobalVariable('server');
}
 
$a2unhashed = $this->server['REQUEST_METHOD'].":".$this->selfURI();
if($this->auth['qop'] == 'auth-int') {
if(isset($GLOBALS["HTTP_RAW_POST_DATA"])) {
// In PHP < 4.3 get raw POST data from this variable
$body = $GLOBALS["HTTP_RAW_POST_DATA"];
} else if($lines = @file('php://input')) {
// In PHP >= 4.3 get raw POST data from this file
$body = implode("\n", $lines);
} else {
if (method_exists($this, '_importGlobalVariable')) {
$this->post = &$this->_importGlobalVariable('post');
}
$body = '';
foreach($this->post as $key => $value) {
if($body != '') $body .= '&';
$body .= rawurlencode($key) . '=' . rawurlencode($value);
}
}
 
$a2unhashed .= ':'.md5($body);
}
$a2 = md5($a2unhashed);
$combined = $a1.':'.
$this->auth['nonce'].':'.
$this->auth['nc'].':'.
$this->auth['cnonce'].':'.
$this->auth['qop'].':'.
$a2;
$expectedResponse = md5($combined);
if(!isset($this->auth['opaque']) || $this->auth['opaque'] == $this->opaque) {
if($response == $expectedResponse) { // password is valid
if(!$this->stale) {
return true;
} else {
$this->drawLogin();
}
}
}
return false;
}
// }}}
// {{{ _judgeStale()
/**
* judge if nonce from client is stale.
*
* @access private
* @param string $nonce nonce value from client
* @return bool stale
*/
function _judgeStale($nonce)
{
$stale = false;
if(!$this->_decodeNonce($nonce, $time, $hash_cli)) {
$this->nextNonce = false;
$stale = true;
return $stale;
}
 
if ($time < time() - $this->options['nonceLife']) {
$this->nextNonce = $this->_getNonce();
$stale = true;
} else {
$this->nextNonce = $nonce;
}
 
return $stale;
}
// }}}
// {{{ _nonceDecode()
/**
* decode nonce string
*
* @access private
* @param string $nonce nonce value from client
* @param string $time decoded time
* @param string $hash decoded hash
* @return bool false if nonce is invalid
*/
function _decodeNonce($nonce, &$time, &$hash)
{
if (method_exists($this, '_importGlobalVariable')) {
$this->server = &$this->_importGlobalVariable('server');
}
 
if (strlen($nonce) != AUTH_HTTP_NONCE_TIME_LEN + AUTH_HTTP_NONCE_HASH_LEN) {
return false;
}
 
$time = base64_decode(substr($nonce, 0, AUTH_HTTP_NONCE_TIME_LEN));
$hash_cli = substr($nonce, AUTH_HTTP_NONCE_TIME_LEN, AUTH_HTTP_NONCE_HASH_LEN);
 
$hash = md5($time . $this->server['HTTP_USER_AGENT'] . $this->options['noncekey']);
 
if ($hash_cli != $hash) {
return false;
}
return true;
}
 
// }}}
// {{{ _getNonce()
/**
* return nonce to detect timeout
*
* @access private
* @return string nonce value
*/
function _getNonce()
{
if (method_exists($this, '_importGlobalVariable')) {
$this->server = &$this->_importGlobalVariable('server');
}
 
$time = time();
$hash = md5($time . $this->server['HTTP_USER_AGENT'] . $this->options['noncekey']);
 
return base64_encode($time) . $hash;
}
 
// }}}
// {{{ authenticationInfo()
/**
* output HTTP Authentication-Info header
*
* @notes md5 hash of contents is required if 'qop' is 'auth-int'
*
* @access private
* @param string MD5 hash of content
*/
function authenticationInfo($contentMD5 = '') {
if($this->getAuth() && ($this->getAuthData('a1') != null)) {
$a1 = $this->getAuthData('a1');
 
// Work out authorisation response
$a2unhashed = ":".$this->selfURI();
if($this->auth['qop'] == 'auth-int') {
$a2unhashed .= ':'.$contentMD5;
}
$a2 = md5($a2unhashed);
$combined = $a1.':'.
$this->nonce.':'.
$this->auth['nc'].':'.
$this->auth['cnonce'].':'.
$this->auth['qop'].':'.
$a2;
// Send authentication info
$wwwauth = 'Authentication-Info: ';
if($this->nonce != $this->nextNonce) {
$wwwauth .= 'nextnonce="'.$this->nextNonce.'", ';
}
$wwwauth .= 'qop='.$this->auth['qop'].', ';
$wwwauth .= 'rspauth="'.md5($combined).'", ';
$wwwauth .= 'cnonce="'.$this->auth['cnonce'].'", ';
$wwwauth .= 'nc='.$this->auth['nc'].'';
header($wwwauth);
}
}
// }}}
// {{{ setOption()
/**
* set authentication option
*
* @access public
* @param mixed $name key of option
* @param mixed $value value of option
* @return void
*/
function setOption($name, $value = null)
{
if (is_array($name)) {
foreach($name as $key => $value) {
if (array_key_exists( $key, $this->options)) {
$this->options[$key] = $value;
}
}
} else {
if (array_key_exists( $name, $this->options)) {
$this->options[$name] = $value;
}
}
}
 
// }}}
// {{{ getOption()
/**
* get authentication option
*
* @access public
* @param string $name key of option
* @return mixed option value
*/
function getOption($name)
{
if (array_key_exists( $name, $this->options)) {
return $this->options[$name];
}
if ($name == 'CancelText') {
return $this->CancelText;
}
if ($name == 'Realm') {
return $this->realm;
}
return false;
}
 
// }}}
// {{{ selfURI()
/**
* get self URI
*
* @access public
* @return string self URI
*/
function selfURI()
{
if (method_exists($this, '_importGlobalVariable')) {
$this->server = &$this->_importGlobalVariable('server');
}
 
if (preg_match("/MSIE/",$this->server['HTTP_USER_AGENT'])) {
// query string should be removed for MSIE
$uri = preg_replace("/^(.*)\?/","\\1",$this->server['REQUEST_URI']);
} else {
$uri = $this->server['REQUEST_URI'];
}
return $uri;
}
 
// }}}
 
}
 
// }}}
 
/*
* Local variables:
* tab-width: 4
* c-basic-offset: 4
* End:
*/
?>
/tags/v1.0-Homere/bibliotheque/pear/Auth/Auth.php
New file
0,0 → 1,5
<?php
 
include_once('Auth.php');
 
?>