WebSVN – Applications.papyrus – Diff – /trunk/api/pear/Auth.php

-<?php
-/* vim: set expandtab tabstop=4 shiftwidth=4: */
-// +----------------------------------------------------------------------+
-// | PHP Version 4                                                        |
-// +----------------------------------------------------------------------+
-// | Copyright (c) 1997-2003 The PHP Group                                |
-// +----------------------------------------------------------------------+
-// | This source file is subject to version 2.02 of the PHP license,      |
-// | that is bundled with this package in the file LICENSE, and is        |
-// | available at through the world-wide-web at                           |
-// | http://www.php.net/license/2_02.txt.                                 |
-// | If you did not receive a copy of the PHP license and are unable to   |
-// | obtain it through the world-wide-web, please send a note to          |
-// | license@php.net so we can mail you a copy immediately.               |
-// +----------------------------------------------------------------------+
-// | Authors: Martin Jansen <mj@php.net>                                  |
-// +----------------------------------------------------------------------+
-//
-// $Id: Auth.php,v 1.1 2005-03-30 08:50:19 jpm Exp $
-//
-require_once 'PEAR.php';
-define('AUTH_IDLED',       -1);
-define('AUTH_EXPIRED',     -2);
-define('AUTH_WRONG_LOGIN', -3);
-/**
- * PEAR::Auth
- *
- * The PEAR::Auth class provides methods for creating an
- * authentication system using PHP.
- *
- * @author  Martin Jansen <mj@php.net>
- * @package Auth
- * @version $Revision: 1.1 $
- */
-class Auth {
-    /**
-     * Auth lifetime in seconds
-     *
-     * If this variable is set to 0, auth never expires
-     *
-     * @var  integer
-     * @see  setExpire(), checkAuth()
-     */
-    var $expire = 0;
-    /**
-     * Has the auth session expired?
-     *
-     * @var   bool
-     * @see   checkAuth(), drawLogin()
-     */
-    var $expired = false;
-    /**
-     * Maximum time of idleness in seconds
-     *
-     * The difference to $expire is, that the idletime gets
-     * refreshed each time, checkAuth() is called. If this
-     * variable is set to 0, idle time is never checked.
-     *
-     * @var integer
-     * @see setIdle(), checkAuth()
-     */
-    var $idle = 0;
-    /**
-     * Is the maximum idletime over?
-     *
-     * @var boolean
-     * @see checkAuth(), drawLogin();
-     */
-    var $idled = false;
-    /**
-     * Storage object
-     *
-     * @var object
-     * @see Auth(), validateLogin()
-     */
-    var $storage = '';
-    /**
-     * Function defined by the user, that creates the login screen
-     *
-     * @var string
-     */
-    var $loginFunction = '';
-    /**
-     * Should the login form be displayed?
-     *
-     * @var   bool
-     * @see   setShowlogin()
-     */
-    var $showLogin = true;
-    /**
-     * Current authentication status
-     *
-     * @var string
-     */
-    var $status = '';
-    /**
-     * Username
-     *
-     * @var string
-     */
-    var $username = '';
-    /**
-     * Password
-     *
-     * @var string
-     */
-    var $password = '';
-    /**
-     * Login callback function name
-     *
-     * @var string
-     * @see setLoginCallback()
-     */
-    var $loginCallback = '';
-    /**
-     * Failed Login callback function name
-     *
-     * @var string
-     * @see setLoginFailedCallback()
-     */
-    var $loginFailedCallback = '';
-    /**
-     * Logout callback function name
-     *
-     * @var string
-     * @see setLogoutCallback()
-     */
-    var $logoutCallback = '';
-    /**
-     * Auth session-array name
-     *
-     * @var string
-     */
-    var $_sessionName = '_authsession';
-    /**
-     * Package Version
-     *
-     * @var string
-     */
-    var $version = "1.2.3";
-    // {{{ Constructor
-    /**
-     * Constructor
-     *
-     * Set up the storage driver.
-     *
-     * @param string    Type of the storage driver
-     * @param mixed     Additional options for the storage driver
-     *                  (example: if you are using DB as the storage
-     *                   driver, you have to pass the dsn string here)
-     *
-     * @param string    Name of the function that creates the login form
-     * @param boolean   Should the login form be displayed if neccessary?
-     * @return void
-     */
-    function Auth($storageDriver, $options = '', $loginFunction = '', $showLogin = true)
-    {
-        if (!empty($options['sessionName'])) {
-            $this->_sessionName = $options['sessionName'];
-            unset($options['sessionName']);
-        }
-        if ($loginFunction != '' && is_callable($loginFunction)) {
-            $this->loginFunction = $loginFunction;
-        }
-        if (is_bool($showLogin)) {
-            $this->showLogin = $showLogin;
-        }
-        if (is_object($storageDriver)) {
-            $this->storage =& $storageDriver;
-        } else {
-            $this->storage = $this->_factory($storageDriver, $options);
-        }
-        // Pass a reference to auth to the container, ugly but works
-        // this is used by the DB container to use method setAuthData not staticaly.
-        $this->storage->_auth_obj =& $this;
-    }
-    // }}}
-    // {{{ _factory()
-    /**
-     * Return a storage driver based on $driver and $options
-     *
-     * @access private
-     * @static
-     * @param  string $driver  Type of storage class to return
-     * @param  string $options Optional parameters for the storage class
-     * @return object Object   Storage object
-     */
-    function _factory($driver, $options = '')
-    {
-        $storage_path = 'Auth/Container/' . $driver . '.php';
-        $storage_class = 'Auth_Container_' . $driver;
-        require_once $storage_path;
-        return new $storage_class($options);
-    }
-    // }}}
-    // {{{ assignData()
-    /**
-     * Assign data from login form to internal values
-     *
-     * This function takes the values for username and password
-     * from $HTTP_POST_VARS and assigns them to internal variables.
-     * If you wish to use another source apart from $HTTP_POST_VARS,
-     * you have to derive this function.
-     *
-     * @access private
-     * @global $HTTP_POST_VARS
-     * @see    Auth
-     * @return void
-     */
-    function assignData()
-    {
-        $post = &$this->_importGlobalVariable('post');
-        if (isset($post['username']) && $post['username'] != '') {
-            $this->username = (get_magic_quotes_gpc() == 1 ? stripslashes($post['username']) : $post['username']);
-        }
-        if (isset($post['password']) && $post['password'] != '') {
-            $this->password = (get_magic_quotes_gpc() == 1 ? stripslashes($post['password']) : $post['password'] );
-        }
-    }
-    // }}}
-    // {{{ start()
-    /**
-     * Start new auth session
-     *
-     * @access public
-     * @return void
-     */
-    function start()
-    {
-        $this->assignData();
-        @session_start();
-        if (!$this->checkAuth()) {
-            $this->login();
-        }
-    }
-    // }}}
-    // {{{ login()
-    /**
-     * Login function
-     *
-     * @access private
-     * @return void
-     */
-    function login()
-    {
-        $login_ok = false;
-        /**
-         * When the user has already entered a username,
-         * we have to validate it.
-         */
-        if (!empty($this->username)) {
-            if (true === $this->storage->fetchData($this->username, $this->password)) {
-                $login_ok = true;
-            } else {
-                if (is_callable($this->loginFailedCallback)) {
-                    call_user_func($this->loginFailedCallback,$this->username, $this);
-                }
-            }
-        }
-        if (!empty($this->username) && $login_ok) {
-            $this->setAuth($this->username);
-            if (is_callable($this->loginCallback)) {
-                call_user_func($this->loginCallback,$this->username, $this);
-            }
-        }
-        /**
-         * If the login failed or the user entered no username,
-         * output the login screen again.
-         */
-        if (!empty($this->username) && !$login_ok) {
-            $this->status = AUTH_WRONG_LOGIN;
-        }
-        if ((empty($this->username) || !$login_ok) && $this->showLogin) {
-            $this->drawLogin($this->storage->activeUser);
-            return;
-        }
-    }
-    // }}}
-    // {{{ setExpire()
-    /**
-     * Set the maximum expire time
-     *
-     * @access public
-     * @param  integer time in seconds
-     * @param  bool    add time to current expire time or not
-     * @return void
-     */
-    function setExpire($time, $add = false)
-    {
-        if ($add) {
-            $this->expire += $time;
-        } else {
-            $this->expire = $time;
-        }
-    }
-    // }}}
-    // {{{ setIdle()
-    /**
-     * Set the maximum idle time
-     *
-     * @access public
-     * @param  integer time in seconds
-     * @param  bool    add time to current maximum idle time or not
-     * @return void
-     */
-    function setIdle($time, $add = false)
-    {
-        if ($add) {
-            $this->idle += $time;
-        } else {
-            $this->idle = $time;
-        }
-    }
-    // }}}
-    // {{{ setSessionname()
-    /**
-     * Set name of the session to a customized value.
-     *
-     * If you are using multiple instances of PEAR::Auth
-     * on the same domain, you can change the name of
-     * session per application via this function.
-     *
-     * @access public
-     * @param  string New name for the session
-     * @return void
-     */
-    function setSessionname($name = 'PHPSESSID')
-    {
-        @session_name($name);
-    }
-    // }}}
-    // {{{ setShowLogin()
-    /**
-     * Should the login form be displayed if neccessary?
-     *
-     * @access public
-     * @param  bool    show login form or not
-     * @return void
-     */
-    function setShowLogin($showLogin = true)
-    {
-        $this->showLogin = $showLogin;
-    }
-    /**
-     * Register a callback function to be called on user login.
-     * The function will receive two parameters, the username and a reference to the auth object.
-     *
-     * @access public
-     * @param  string  callback function name
-     * @return void
-     * @see    setLogoutCallback()
-     */
-    function setLoginCallback($loginCallback)
-    {
-        $this->loginCallback = $loginCallback;
-    }
-    /**
-     * Register a callback function to be called on failed user login.
-     * The function will receive a single parameter, the username and a reference to the auth object.
-     *
-     * @access public
-     * @param  string  callback function name
-     * @return void
-     */
-    function setFailedLoginCallback($loginFailedCallback)
-    {
-        $this->loginFailedCallback = $loginFailedCallback;
-    }
-    /**
-     * Register a callback function to be called on user logout.
-     * The function will receive three parameters, the username and a reference to the auth object.
-     *
-     * @access public
-     * @param  string  callback function name
-     * @return void
-     * @see    setLoginCallback()
-     */
-    function setLogoutCallback($logoutCallback)
-    {
-        $this->logoutCallback = $logoutCallback;
-    }
-    // }}}
-    // {{{ setAuthData()
-    /**
-     * Register additional information that is to be stored
-     * in the session.
-     *
-     * @access public
-     * @param  string  Name of the data field
-     * @param  mixed   Value of the data field
-     * @param  boolean Should existing data be overwritten? (default
-     *                 is true)
-     * @return void
-     */
-    function setAuthData($name, $value, $overwrite = true)
-    {
-        $session = &Auth::_importGlobalVariable('session');
-        if (!empty($session[$this->_sessionName]['data'][$name]) && $overwrite == false) {
-            return;
-        }
-        $session[$this->_sessionName]['data'][$name] = $value;
-    }
-    // }}}
-    // {{{ getAuthData()
-    /**
-     * Get additional information that is stored in the session.
-     *
-     * If no value for the first parameter is passed, the method will
-     * return all data that is currently stored.
-     *
-     * @access public
-     * @param  string Name of the data field
-     * @return mixed  Value of the data field.
-     */
-    function getAuthData($name = null)
-    {
-        $session = &Auth::_importGlobalVariable('session');
-        if(!isset($session[$this->_sessionName]['data'])){
-            return(null);
-        }
-        if (is_null($name)) {
-            if(isset($session[$this->_sessionName]['data'])) {
-                return $session[$this->_sessionName]['data'];
-            } else {
-                return null;
-            }
-        }
-        if (isset($session[$this->_sessionName]['data'][$name])) {
-            return $session[$this->_sessionName]['data'][$name];
-        } else {
-            return null;
-        }
-    }
-    // }}}
-    // {{{ setAuth()
-    /**
-     * Register variable in a session telling that the user
-     * has logged in successfully
-     *
-     * @access public
-     * @param  string Username
-     * @return void
-     */
-    function setAuth($username)
-    {
-        $session = &Auth::_importGlobalVariable('session');
-        if (!isset($session[$this->_sessionName]) && !isset($_SESSION)) {
-            session_register($this->_sessionName);
-        }
-        if (!isset($session[$this->_sessionName]) || !is_array($session[$this->_sessionName])) {
-            $session[$this->_sessionName] = array();
-        }
-        if(!isset($session[$this->_sessionName]['data'])){
-            $session[$this->_sessionName]['data']       = array();
-        }
-        $session[$this->_sessionName]['registered'] = true;
-        $session[$this->_sessionName]['username']   = $username;
-        $session[$this->_sessionName]['timestamp']  = time();
-        $session[$this->_sessionName]['idle']       = time();
-    }
-    // }}}
-    // {{{ checkAuth()
-    /**
-     * Checks if there is a session with valid auth information.
-     *
-     * @access private
-     * @return boolean  Whether or not the user is authenticated.
-     */
-    function checkAuth()
-    {
-        $session = &$this->_importGlobalVariable('session');
-        if (isset($session[$this->_sessionName])) {
-            // Check if authentication session is expired
-            if ($this->expire > 0 &&
-                isset($session[$this->_sessionName]['timestamp']) &&
-                ($session[$this->_sessionName]['timestamp'] + $this->expire) < time()) {
-                $this->logout();
-                $this->expired = true;
-                $this->status = AUTH_EXPIRED;
-                return false;
-            }
-            // Check if maximum idle time is reached
-            if ($this->idle > 0 &&
-                isset($session[$this->_sessionName]['idle']) &&
-                ($session[$this->_sessionName]['idle'] + $this->idle) < time()) {
-                $this->logout();
-                $this->idled = true;
-                $this->status = AUTH_IDLED;
-                return false;
-            }
-            if (isset($session[$this->_sessionName]['registered']) &&
-                isset($session[$this->_sessionName]['username']) &&
-                $session[$this->_sessionName]['registered'] == true &&
-                $session[$this->_sessionName]['username'] != '') {
-                Auth::updateIdle();
-                return true;
-            }
-        }
-        return false;
-    }
-    // }}}
-    // {{{ getAuth()
-    /**
-     * Has the user been authenticated?
-     *
-     * @access public
-     * @return bool  True if the user is logged in, otherwise false.
-     */
-    function getAuth()
-    {
-        $session = &$this->_importGlobalVariable('session');
-        if (!empty($session) &&
-            (isset($session[$this->_sessionName]['registered']) &&
-             $session[$this->_sessionName]['registered'] === true))
-        {
-            return true;
-        } else {
-            return false;
-        }
-    }
-    // }}}
-    // {{{ drawLogin()
-    /**
-     * Draw the login form
-     *
-     * Normally you will not use this output in your application,
-     * because you can pass a different function name to the
-     * constructor. For more information on this, please
-     * consult the documentation.
-     *
-     * @access private
-     * @param  string  Username if already entered
-     * @return void
-     */
-    function drawLogin($username = '')
-    {
-        if (is_callable($this->loginFunction)) {
-            call_user_func($this->loginFunction, $username, $this->status, $this);
-        } else {
-            $server = &$this->_importGlobalVariable('server');
-            echo '<center>'."\n";
-            if (!empty($this->status) && $this->status == AUTH_EXPIRED) {
-                echo '<i>Your session expired. Please login again!</i>'."\n";
-            } else if (!empty($this->status) && $this->status == AUTH_IDLED) {
-                echo '<i>You have been idle for too long. Please login again!</i>'."\n";
-            } else if (!empty ($this->status) && $this->status == AUTH_WRONG_LOGIN) {
-                echo '<i>Wrong login data!</i>'."\n";
-            }
-            PEAR::raiseError('You are using the built-in login screen of PEAR::Auth.<br />See the <a href="http://pear.php.net/manual/">manual</a> for details on how to create your own login function.', null);
-            echo '<form method="post" action="' . $server['PHP_SELF'] . '">'."\n";
-            echo '<table border="0" cellpadding="2" cellspacing="0" summary="login form">'."\n";
-            echo '<tr>'."\n";
-            echo '    <td colspan="2" bgcolor="#eeeeee"><b>Login:</b></td>'."\n";
-            echo '</tr>'."\n";
-            echo '<tr>'."\n";
-            echo '    <td>Username:</td>'."\n";
-            echo '    <td><input type="text" name="username" value="' . $username . '" /></td>'."\n";
-            echo '</tr>'."\n";
-            echo '<tr>'."\n";
-            echo '    <td>Password:</td>'."\n";
-            echo '    <td><input type="password" name="password" /></td>'."\n";
-            echo '</tr>'."\n";
-            echo '<tr>'."\n";
-            echo '    <td colspan="2" bgcolor="#eeeeee"><input type="submit" /></td>'."\n";
-            echo '</tr>'."\n";
-            echo '</table>'."\n";
-            echo '</form>'."\n";
-            echo '</center>'."\n\n";
-        }
-    }
-    // }}}
-    // {{{ logout()
-    /**
-     * Logout function
-     *
-     * This function clears any auth tokens in the currently
-     * active session and executes the logout callback function,
-     * if any
-     *
-     * @access public
-     * @return void
-     */
-    function logout()
-    {
-        $session = &$this->_importGlobalVariable('session');
-        if (is_callable($this->logoutCallback)) {
-            call_user_func($this->logoutCallback, $session[$this->_sessionName]['username'], $this);
-        }
-        $this->username = '';
-        $this->password = '';
-        $session[$this->_sessionName] = array();
-        if (isset($_SESSION)) {
-            unset($session[$this->_sessionName]);
-        } else {
-            session_unregister($this->_sessionName);
-        }
-    }
-    // }}}
-    // {{{ updateIdle()
-    /**
-     * Update the idletime
-     *
-     * @access private
-     * @return void
-     */
-    function updateIdle()
-    {
-        $session = &$this->_importGlobalVariable('session');
-       $session[$this->_sessionName]['idle'] = time();
-    }
-    // }}}
-    // {{{ getUsername()
-    /**
-     * Get the username
-     *
-     * @access public
-     * @return string
-     */
-    function getUsername()
-    {
-        $session = &$this->_importGlobalVariable('session');
-        if (!isset($session[$this->_sessionName]['username'])) {
-            return '';
-        }
-        return $session[$this->_sessionName]['username'];
-    }
-    // }}}
-    // {{{ getStatus()
-    /**
-     * Get the current status
-     *
-     * @access public
-     * @return string
-     */
-    function getStatus()
-    {
-        return $this->status;
-    }
-    // }}}
-    // {{{ sessionValidThru()
-    /**
-     * Returns the time up to the session is valid
-     *
-     * @access public
-     * @return integer
-     */
-    function sessionValidThru()
-    {
-        $session = &$this->_importGlobalVariable('session');
-        if (!isset($session[$this->_sessionName]['idle'])) {
-            return 0;
-        }
-        return ($session[$this->_sessionName]['idle'] + $this->idle);
-    }
-    // }}}
-    // {{{ listUsers()
-    /**
-     * List all users that are currently available in the storage
-     * container
-     *
-     * @access public
-     * @return array
-     */
-    function listUsers()
-    {
-        return $this->storage->listUsers();
-    }
-    // }}}
-    // {{{ addUser()
-    /**
-     * Add user to the storage container
-     *
-     * @access public
-     * @param  string Username
-     * @param  string Password
-     * @param  mixed  Additional parameters
-     * @return mixed  True on success, PEAR error object on error
-     *                and AUTH_METHOD_NOT_SUPPORTED otherwise.
-     */
-    function addUser($username, $password, $additional = '')
-    {
-        return $this->storage->addUser($username, $password, $additional);
-    }
-    // }}}
-    // {{{ removeUser()
-    /**
-     * Remove user from the storage container
-     *
-     * @access public
-     * @param  string Username
-     * @return mixed  True on success, PEAR error object on error
-     *                and AUTH_METHOD_NOT_SUPPORTED otherwise.
-     */
-    function removeUser($username)
-    {
-        return $this->storage->removeUser($username);
-    }
-    // }}}
-    // {{{ _importGlobalVariable()
-    /**
-     * Import variables from special namespaces.
-     *
-     * @access private
-     * @param string Type of variable (server, session, post)
-     * @return array
-     */
-    function &_importGlobalVariable($variable)
-    {
-        $var = null;
-        switch (strtolower($variable)) {
-            case 'server' :
-                if (isset($_SERVER)) {
-                    $var = &$_SERVER;
-                } else {
-                    $var = &$GLOBALS['HTTP_SERVER_VARS'];
-                }
-                break;
-            case 'session' :
-                if (isset($_SESSION)) {
-                    $var = &$_SESSION;
-                } else {
-                    $var = &$GLOBALS['HTTP_SESSION_VARS'];
-                }
-                break;
-            case 'post' :
-                if (isset($_POST)) {
-                    $var = &$_POST;
-                } else {
-                    $var = &$GLOBALS['HTTP_POST_VARS'];
-                }
-                break;
-            case 'cookie' :
-                if (isset($_COOKIE)) {
-                    $var = &$_COOKIE;
-                } else {
-                    $var = &$GLOBALS['HTTP_COOKIE_VARS'];
-                }
-                break;
-            case 'get' :
-                if (isset($_GET)) {
-                    $var = &$_GET;
-                } else {
-                    $var = &$GLOBALS['HTTP_GET_VARS'];
-                }
-                break;
-            default:
-                break;
-        }
-        return $var;
-    }
-    // }}}
-}
-?>
 <?php
+/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4 foldmethod=marker: */
+/**
+ * The main include file for Auth package
+ *
+ * PHP versions 4 and 5
+ *
+ * LICENSE: This source file is subject to version 3.01 of the PHP license
+ * that is available through the world-wide-web at the following URI:
+ * http://www.php.net/license/3_01.txt.  If you did not receive a copy of
+ * the PHP License and are unable to obtain it through the web, please
+ * send a note to license@php.net so we can mail you a copy immediately.
+ *
+ * @category   Authentication
+ * @package    Auth
+ * @author     Martin Jansen <mj@php.net>
+ * @author     Adam Ashley <aashley@php.net>
+ * @copyright  2001-2006 The PHP Group
+ * @license    http://www.php.net/license/3_01.txt  PHP License 3.01
+ * @version    CVS: $Id: Auth.php,v 1.2 2006-12-14 15:04:29 jp_milcent Exp $
+ * @link       http://pear.php.net/package/Auth
+ */
+/**
+ * Returned if session exceeds idle time
+ */
+define('AUTH_IDLED',                    -1);
+/**
+ * Returned if session has expired
+ */
+define('AUTH_EXPIRED',                  -2);
+/**
+ * Returned if container is unable to authenticate user/password pair
+ */
+define('AUTH_WRONG_LOGIN',              -3);
+/**
+ * Returned if a container method is not supported.
+ */
+define('AUTH_METHOD_NOT_SUPPORTED',     -4);
+/**
+ * Returned if new Advanced security system detects a breach
+ */
+define('AUTH_SECURITY_BREACH',          -5);
+/**
+ * Returned if checkAuthCallback says session should not continue.
+ */
+define('AUTH_CALLBACK_ABORT',           -6);
+/**
+ * PEAR::Auth
+ *
+ * The PEAR::Auth class provides methods for creating an
+ * authentication system using PHP.
+ *
+ * @category   Authentication
+ * @package    Auth
+ * @author     Martin Jansen <mj@php.net>
+ * @author     Adam Ashley <aashley@php.net>
+ * @copyright  2001-2006 The PHP Group
+ * @license    http://www.php.net/license/3_01.txt  PHP License 3.01
+ * @version    Release: 1.4.3  File: $Revision: 1.2 $
+ * @link       http://pear.php.net/package/Auth
+ */
+class Auth {
+    // {{{ properties
+    /**
+     * Auth lifetime in seconds
+     *
+     * If this variable is set to 0, auth never expires
+     *
+     * @var  integer
+     * @see  setExpire(), checkAuth()
+     */
+    var $expire = 0;
+    /**
+     * Has the auth session expired?
+     *
+     * @var   bool
+     * @see   checkAuth()
+     */
+    var $expired = false;
+    /**
+     * Maximum idletime in seconds
+     *
+     * The difference to $expire is, that the idletime gets
+     * refreshed each time checkAuth() is called. If this
+     * variable is set to 0, idletime is never checked.
+     *
+     * @var integer
+     * @see setIdle(), checkAuth()
+     */
+    var $idle = 0;
+    /**
+     * Is the maximum idletime over?
+     *
+     * @var boolean
+     * @see checkAuth()
+     */
+    var $idled = false;
+    /**
+     * Storage object
+     *
+     * @var object
+     * @see Auth(), validateLogin()
+     */
+    var $storage = '';
+    /**
+     * User-defined function that creates the login screen
+     *
+     * @var string
+     */
+    var $loginFunction = '';
+    /**
+     * Should the login form be displayed
+     *
+     * @var   bool
+     * @see   setShowlogin()
+     */
+    var $showLogin = true;
+    /**
+      * Is Login Allowed from this page
+      *
+      * @var  bool
+      * @see setAllowLogin
+      */
+    var $allowLogin = true;
+    /**
+     * Current authentication status
+     *
+     * @var string
+     */
+    var $status = '';
+    /**
+     * Username
+     *
+     * @var string
+     */
+    var $username = '';
+    /**
+     * Password
+     *
+     * @var string
+     */
+    var $password = '';
+    /**
+     * checkAuth callback function name
+     *
+     * @var string
+     * @see setCheckAuthCallback()
+     */
+    var $checkAuthCallback = '';
+    /**
+     * Login callback function name
+     *
+     * @var string
+     * @see setLoginCallback()
+     */
+    var $loginCallback = '';
+    /**
+     * Failed Login callback function name
+     *
+     * @var string
+     * @see setFailedLoginCallback()
+     */
+    var $loginFailedCallback = '';
+    /**
+     * Logout callback function name
+     *
+     * @var string
+     * @see setLogoutCallback()
+     */
+    var $logoutCallback = '';
+    /**
+     * Auth session-array name
+     *
+     * @var string
+     */
+    var $_sessionName = '_authsession';
+    /**
+     * Package Version
+     *
+     * @var string
+     */
+    var $version = "@version@";
+    /**
+     * Flag to use advanced security
+     * When set extra checks will be made to see if the
+     * user's IP or useragent have changed across requests.
+     * Turned off by default to preserve BC.
+     *
+     * @var boolean
+     */
+    var $advancedsecurity = false;
+    /**
+     * Username key in POST array
+     *
+     * @var string
+     */
+    var $_postUsername = 'username';
+    /**
+     * Password key in POST array
+     *
+     * @var string
+     */
+    var $_postPassword = 'password';
+    /**
+     * Holds a reference to the session auth variable
+     * @var array
+     */
+    var $session;
+    /**
+     * Holds a reference to the global server variable
+     * @var array
+     */
+    var $server;
+    /**
+     * Holds a reference to the global post variable
+     * @var array
+     */
+    var $post;
+    /**
+     * Holds a reference to the global cookie variable
+     * @var array
+     */
+    var $cookie;
+    /**
+     * A hash to hold various superglobals as reference
+     * @var array
+     */
+    var $authdata;
+    /**
+      * How many times has checkAuth been called
+      * var int
+      */
+    var $authChecks = 0;
+    // }}}
+    // {{{ Auth() [constructor]
+    /**
+     * Constructor
+     *
+     * Set up the storage driver.
+     *
+     * @param string    Type of the storage driver
+     * @param mixed     Additional options for the storage driver
+     *                  (example: if you are using DB as the storage
+     *                   driver, you have to pass the dsn string here)
+     *
+     * @param string    Name of the function that creates the login form
+     * @param boolean   Should the login form be displayed if neccessary?
+     * @return void
+     */
+    function Auth($storageDriver, $options = '', $loginFunction = '', $showLogin = true)
+    {
+        $this->applyAuthOptions($options);
+        // Start the session suppress error if already started
+        if(!session_id()){
+            @session_start();
+            if(!session_id()) {
+                // Throw error
+                include_once 'PEAR.php';
+                PEAR::throwError('Session could not be started by Auth, '
+                        .'possibly headers are already sent, try putting '
+                        .'ob_start in the beginning of your script');
+            }
+        }
+        // Make Sure Auth session variable is there
+        if(!isset($_SESSION[$this->_sessionName])) {
+            $_SESSION[$this->_sessionName] = array();
+        }
+        // Assign Some globals to internal references, this will replace _importGlobalVariable
+        $this->session =& $_SESSION[$this->_sessionName];
+        $this->server =& $_SERVER;
+        $this->post =& $_POST;
+        $this->cookie =& $_COOKIE;
+        if ($loginFunction != '' && is_callable($loginFunction)) {
+            $this->loginFunction = $loginFunction;
+        }
+        if (is_bool($showLogin)) {
+            $this->showLogin = $showLogin;
+        }
+        if (is_object($storageDriver)) {
+            $this->storage =& $storageDriver;
+            // Pass a reference to auth to the container, ugly but works
+            // this is used by the DB container to use method setAuthData not staticaly.
+            $this->storage->_auth_obj =& $this;
+        } else {
+            // $this->storage = $this->_factory($storageDriver, $options);
+            //
+            $this->storage_driver = $storageDriver;
+            $this->storage_options =& $options;
+        }
+    }
+    // }}}
+    // {{{ applyAuthOptions()
+    /**
+      * Set the Auth options
+      *
+      * Some options which are Auth specific will be applied
+      * the rest will be left for usage by the container
+      *
+      * @param array    An array of Auth options
+      * @return array   The options which were not applied
+      * @access private
+      */
+    function &applyAuthOptions(&$options)
+    {
+        if(is_array($options)){
+            if (!empty($options['sessionName'])) {
+                $this->_sessionName = $options['sessionName'];
+                unset($options['sessionName']);
+            }
+            if (isset($options['allowLogin'])) {
+                $this->allowLogin = $options['allowLogin'];
+                unset($options['allowLogin']);
+            }
+            if (!empty($options['postUsername'])) {
+                $this->_postUsername = $options['postUsername'];
+                unset($options['postUsername']);
+            }
+            if (!empty($options['postPassword'])) {
+                $this->_postPassword = $options['postPassword'];
+                unset($options['postPassword']);
+            }
+            if (isset($options['advancedsecurity'])) {
+                $this->advancedsecurity = $options['advancedsecurity'];
+                unset($options['advancedsecurity']);
+            }
+        }
+        return($options);
+    }
+    // }}}
+    // {{{ _loadStorage()
+    /**
+      * Load Storage Driver if not already loaded
+      *
+      * Suspend storage instantiation to make Auth lighter to use
+      * for calls which do not require login
+      *
+      * @return bool    True if the conainer is loaded, false if the container
+      *                 is already loaded
+      * @access private
+      */
+    function _loadStorage()
+    {
+        if(!is_object($this->storage)) {
+            $this->storage =& $this->_factory($this->storage_driver,
+                    $this->storage_options);
+            $this->storage->_auth_obj =& $this;
+            return(true);
+        }
+        return(false);
+    }
+    // }}}
+    // {{{ _factory()
+    /**
+     * Return a storage driver based on $driver and $options
+     *
+     * @static
+     * @param  string $driver  Type of storage class to return
+     * @param  string $options Optional parameters for the storage class
+     * @return object Object   Storage object
+     * @access private
+     */
+    function &_factory($driver, $options = '')
+    {
+        $storage_class = 'Auth_Container_' . $driver;
+        include_once 'Auth/Container/' . $driver . '.php';
+        $obj =& new $storage_class($options);
+        return $obj;
+    }
+    // }}}
+    // {{{ assignData()
+    /**
+     * Assign data from login form to internal values
+     *
+     * This function takes the values for username and password
+     * from $HTTP_POST_VARS/$_POST and assigns them to internal variables.
+     * If you wish to use another source apart from $HTTP_POST_VARS/$_POST,
+     * you have to derive this function.
+     *
+     * @global $HTTP_POST_VARS, $_POST
+     * @see    Auth
+     * @return void
+     * @access private
+     */
+    function assignData()
+    {
+        if (   isset($this->post[$this->_postUsername])
+            && $this->post[$this->_postUsername] != '') {
+            $this->username = (get_magic_quotes_gpc() == 1
+                    ? stripslashes($this->post[$this->_postUsername])
+                    : $this->post[$this->_postUsername]);
+        }
+        if (   isset($this->post[$this->_postPassword])
+            && $this->post[$this->_postPassword] != '') {
+            $this->password = (get_magic_quotes_gpc() == 1
+                    ? stripslashes($this->post[$this->_postPassword])
+                    : $this->post[$this->_postPassword] );
+        }
+    }
+    // }}}
+    // {{{ start()
+    /**
+     * Start new auth session
+     *
+     * @return void
+     * @access public
+     */
+    function start()
+    {
+        $this->assignData();
+        if (!$this->checkAuth() && $this->allowLogin) {
+            $this->login();
+        }
+    }
+    // }}}
+    // {{{ login()
+    /**
+     * Login function
+     *
+     * @return void
+     * @access private
+     */
+    function login()
+    {
+        $login_ok = false;
+        $this->_loadStorage();
+        // Check if using challenge response
+        (isset($this->post['authsecret']) && $this->post['authsecret'] == 1)
+            ? $usingChap = true
+            : $usingChap = false;
+        // When the user has already entered a username, we have to validate it.
+        if (!empty($this->username)) {
+            if (true === $this->storage->fetchData($this->username, $this->password, $usingChap)) {
+                $this->session['challengekey'] = md5($this->username.$this->password);
+                $login_ok = true;
+            }
+        }
+        if (!empty($this->username) && $login_ok) {
+            $this->setAuth($this->username);
+            if (is_callable($this->loginCallback)) {
+                call_user_func_array($this->loginCallback, array($this->username, &$this));
+            }
+        }
+        // If the login failed or the user entered no username,
+        // output the login screen again.
+        if (!empty($this->username) && !$login_ok) {
+            $this->status = AUTH_WRONG_LOGIN;
+            if (is_callable($this->loginFailedCallback)) {
+                call_user_func_array($this->loginFailedCallback, array($this->username, &$this));
+            }
+        }
+        if ((empty($this->username) || !$login_ok) && $this->showLogin) {
+            if (is_callable($this->loginFunction)) {
+                call_user_func_array($this->loginFunction, array($this->username, $this->status, &$this));
+            } else {
+                // BC fix Auth used to use drawLogin for this
+                // call is sub classes implement this
+                if (is_callable(array($this, 'drawLogin'))) {
+                    return $this->drawLogin($this->username, $this);
+                }
+                // New Login form
+                include_once 'Auth/Frontend/Html.php';
+                return Auth_Frontend_Html::render($this, $this->username);
+            }
+        } else {
+            return;
+        }
+    }
+    // }}}
+    // {{{ setExpire()
+    /**
+     * Set the maximum expire time
+     *
+     * @param  integer time in seconds
+     * @param  bool    add time to current expire time or not
+     * @return void
+     * @access public
+     */
+    function setExpire($time, $add = false)
+    {
+        $add ? $this->expire += $time : $this->expire = $time;
+    }
+    // }}}
+    // {{{ setIdle()
+    /**
+     * Set the maximum idle time
+     *
+     * @param  integer time in seconds
+     * @param  bool    add time to current maximum idle time or not
+     * @return void
+     * @access public
+     */
+    function setIdle($time, $add = false)
+    {
+        $add ? $this->idle += $time : $this->idle = $time;
+    }
+    // }}}
+    // {{{ setSessionName()
+    /**
+     * Set name of the session to a customized value.
+     *
+     * If you are using multiple instances of PEAR::Auth
+     * on the same domain, you can change the name of
+     * session per application via this function.
+     * This will chnage the name of the session variable
+     * auth uses to store it's data in the session
+     *
+     * @param  string New name for the session
+     * @return void
+     * @access public
+     */
+    function setSessionName($name = 'session')
+    {
+        $this->_sessionName = '_auth_'.$name;
+        $this->session =& $_SESSION[$this->_sessionName];
+    }
+    // }}}
+    // {{{ setShowLogin()
+    /**
+     * Should the login form be displayed if neccessary?
+     *
+     * @param  bool    show login form or not
+     * @return void
+     * @access public
+     */
+    function setShowLogin($showLogin = true)
+    {
+        $this->showLogin = $showLogin;
+    }
+    // }}}
+    // {{{ setAllowLogin()
+    /**
+     * Should the login form be displayed if neccessary?
+     *
+     * @param  bool    show login form or not
+     * @return void
+     * @access public
+     */
+    function setAllowLogin($allowLogin = true)
+    {
+        $this->allowLogin = $allowLogin;
+    }
+    // }}}
+    // {{{ setCheckAuthCallback()
+    /**
+     * Register a callback function to be called whenever the validity of the login is checked
+     * The function will receive two parameters, the username and a reference to the auth object.
+     *
+     * @param  string  callback function name
+     * @return void
+     * @access public
+     * @since Method available since Release 1.4.3
+     */
+    function setCheckAuthCallback($checkAuthCallback)
+    {
+        $this->checkAuthCallback = $checkAuthCallback;
+    }
+    // }}}
+    // {{{ setLoginCallback()
+    /**
+     * Register a callback function to be called on user login.
+     * The function will receive two parameters, the username and a reference to the auth object.
+     *
+     * @param  string  callback function name
+     * @return void
+     * @see    setLogoutCallback()
+     * @access public
+     */
+    function setLoginCallback($loginCallback)
+    {
+        $this->loginCallback = $loginCallback;
+    }
+    // }}}
+    // {{{ setFailedLoginCallback()
+    /**
+     * Register a callback function to be called on failed user login.
+     * The function will receive two parameters, the username and a reference to the auth object.
+     *
+     * @param  string  callback function name
+     * @return void
+     * @access public
+     */
+    function setFailedLoginCallback($loginFailedCallback)
+    {
+        $this->loginFailedCallback = $loginFailedCallback;
+    }
+    // }}}
+    // {{{ setLogoutCallback()
+    /**
+     * Register a callback function to be called on user logout.
+     * The function will receive three parameters, the username and a reference to the auth object.
+     *
+     * @param  string  callback function name
+     * @return void
+     * @see    setLoginCallback()
+     * @access public
+     */
+    function setLogoutCallback($logoutCallback)
+    {
+        $this->logoutCallback = $logoutCallback;
+    }
+    // }}}
+    // {{{ setAuthData()
+    /**
+     * Register additional information that is to be stored
+     * in the session.
+     *
+     * @param  string  Name of the data field
+     * @param  mixed   Value of the data field
+     * @param  boolean Should existing data be overwritten? (default
+     *                 is true)
+     * @return void
+     * @access public
+     */
+    function setAuthData($name, $value, $overwrite = true)
+    {
+        if (!empty($this->session['data'][$name]) && $overwrite == false) {
+            return;
+        }
+        $this->session['data'][$name] = $value;
+    }
+    // }}}
+    // {{{ getAuthData()
+    /**
+     * Get additional information that is stored in the session.
+     *
+     * If no value for the first parameter is passed, the method will
+     * return all data that is currently stored.
+     *
+     * @param  string Name of the data field
+     * @return mixed  Value of the data field.
+     * @access public
+     */
+    function getAuthData($name = null)
+    {
+        if (!isset($this->session['data'])) {
+            return null;
+        }
+        if(!isset($name)) {
+            return $this->session['data'];
+        }
+        if (isset($name) && isset($this->session['data'][$name])) {
+            return $this->session['data'][$name];
+        }
+        return null;
+    }
+    // }}}
+    // {{{ setAuth()
+    /**
+     * Register variable in a session telling that the user
+     * has logged in successfully
+     *
+     * @param  string Username
+     * @return void
+     * @access public
+     */
+    function setAuth($username)
+    {
+        // #2021 - Change the session id to avoid session fixation attacks php 4.3.3 >
+        session_regenerate_id(true);
+        if (!isset($this->session) || !is_array($this->session)) {
+            $this->session = array();
+        }
+        if (!isset($this->session['data'])) {
+            $this->session['data'] = array();
+        }
+        $this->session['sessionip'] = isset($this->server['REMOTE_ADDR'])
+            ? $this->server['REMOTE_ADDR']
+            : '';
+        $this->session['sessionuseragent'] = isset($this->server['HTTP_USER_AGENT'])
+            ? $this->server['HTTP_USER_AGENT']
+            : '';
+        // This should be set by the container to something more safe
+        // Like md5(passwd.microtime)
+        if(empty($this->session['challengekey'])) {
+            $this->session['challengekey'] = md5($username.microtime());
+        }
+        $this->session['challengecookie'] = md5($this->session['challengekey'].microtime());
+        setcookie('authchallenge', $this->session['challengecookie']);
+        $this->session['registered'] = true;
+        $this->session['username']   = $username;
+        $this->session['timestamp']  = time();
+        $this->session['idle']       = time();
+    }
+    // }}}
+    // {{{ setAdvancedSecurity()
+    /**
+      * Enables advanced security checks
+      *
+      * Currently only ip change and useragent change
+      * are detected
+      * @todo Add challenge cookies - Create a cookie which changes every time
+      *       and contains some challenge key which the server can verify with
+      *       a session var cookie might need to be crypted (user pass)
+      * @param bool Enable or disable
+      * @return void
+      * @access public
+      */
+    function setAdvancedSecurity($flag=true)
+    {
+        $this->advancedsecurity = $flag;
+    }
+    // }}}
+    // {{{ checkAuth()
+    /**
+     * Checks if there is a session with valid auth information.
+     *
+     * @access public
+     * @return boolean  Whether or not the user is authenticated.
+     */
+    function checkAuth()
+    {
+        $this->authChecks++;
+        if (isset($this->session)) {
+            // Check if authentication session is expired
+            if (   $this->expire > 0
+                && isset($this->session['timestamp'])
+                && ($this->session['timestamp'] + $this->expire) < time()) {
+                $this->expired = true;
+                $this->status = AUTH_EXPIRED;
+                $this->logout();
+                return false;
+            }
+            // Check if maximum idle time is reached
+            if (   $this->idle > 0
+                && isset($this->session['idle'])
+                && ($this->session['idle'] + $this->idle) < time()) {
+                $this->idled = true;
+                $this->status = AUTH_IDLED;
+                $this->logout();
+                return false;
+            }
+            if (   isset($this->session['registered'])
+                && isset($this->session['username'])
+                && $this->session['registered'] == true
+                && $this->session['username'] != '') {
+                Auth::updateIdle();
+                if ($this->advancedsecurity) {
+                    // Only Generate the challenge once
+                    if($this->authChecks == 1) {
+                        $this->session['challengecookieold'] = $this->session['challengecookie'];
+                        $this->session['challengecookie'] = md5($this->session['challengekey'].microtime());
+                        setcookie('authchallenge', $this->session['challengecookie']);
+                    }
+                    // Check for ip change
+                    if (   isset($this->server['REMOTE_ADDR'])
+                        && $this->session['sessionip'] != $this->server['REMOTE_ADDR']) {
+                        // Check if the IP of the user has changed, if so we
+                        // assume a man in the middle attack and log him out
+                        $this->expired = true;
+                        $this->status = AUTH_SECURITY_BREACH;
+                        $this->logout();
+                        return false;
+                    }
+                    // Check for useragent change
+                    if (   isset($this->server['HTTP_USER_AGENT'])
+                        && $this->session['sessionuseragent'] != $this->server['HTTP_USER_AGENT']) {
+                        // Check if the User-Agent of the user has changed, if
+                        // so we assume a man in the middle attack and log him out
+                        $this->expired = true;
+                        $this->status = AUTH_SECURITY_BREACH;
+                        $this->logout();
+                        return false;
+                    }
+                    // Check challenge cookie here, if challengecookieold is not set
+                    // this is the first time and check is skipped
+                    // TODO when user open two pages similtaneuly (open in new window,open
+                    // in tab) auth breach is caused find out a way around that if possible
+                    if (   isset($this->session['challengecookieold'])
+                        && $this->session['challengecookieold'] != $this->cookie['authchallenge']) {
+                        $this->expired = true;
+                        $this->status = AUTH_SECURITY_BREACH;
+                        $this->logout();
+                        $this->login();
+                        return false;
+                    }
+                }
+                if (is_callable($this->checkAuthCallback)) {
+                    $checkCallback = call_user_func_array($this->checkAuthCallback, array($this->username, &$this));
+                    if ($checkCallback == false) {
+                        $this->expired = true;
+                        $this->status = AUTH_CALLBACK_ABORT;
+                        $this->logout();
+                        return false;
+                    }
+                }
+                return true;
+            }
+        }
+        return false;
+    }
+    // }}}
+    // {{{ staticCheckAuth() [static]
+    /**
+     * Statically checks if there is a session with valid auth information.
+     *
+     * @access public
+     * @see checkAuth
+     * @return boolean  Whether or not the user is authenticated.
+     * @static
+     */
+    function staticCheckAuth($options = null)
+    {
+        static $staticAuth;
+        if(!isset($staticAuth)) {
+            $staticAuth = new Auth('null', $options);
+        }
+        return $staticAuth->checkAuth();
+    }
+    // }}}
+    // {{{ getAuth()
+    /**
+     * Has the user been authenticated?
+     *
+     * @access public
+     * @return bool  True if the user is logged in, otherwise false.
+     */
+    function getAuth()
+    {
+        return $this->checkAuth();
+    }
+    // }}}
+    // {{{ logout()
+    /**
+     * Logout function
+     *
+     * This function clears any auth tokens in the currently
+     * active session and executes the logout callback function,
+     * if any
+     *
+     * @access public
+     * @return void
+     */
+    function logout()
+    {
+        if (is_callable($this->logoutCallback)) {
+            call_user_func_array($this->logoutCallback, array($this->session['username'], &$this));
+        }
+        $this->username = '';
+        $this->password = '';
+        $this->session = null;
+    }
+    // }}}
+    // {{{ updateIdle()
+    /**
+     * Update the idletime
+     *
+     * @access private
+     * @return void
+     */
+    function updateIdle()
+    {
+        $this->session['idle'] = time();
+    }
+    // }}}
+    // {{{ getUsername()
+    /**
+     * Get the username
+     *
+     * @return string
+     * @access public
+     */
+    function getUsername()
+    {
+        if (isset($this->session['username'])) {
+            return($this->session['username']);
+        }
+        return('');
+    }
+    // }}}
+    // {{{ getStatus()
+    /**
+     * Get the current status
+     *
+     * @return string
+     * @access public
+     */
+    function getStatus()
+    {
+        return $this->status;
+    }
+    // }}}
+    // {{{ getPostUsernameField()
+    /**
+     * Gets the post varible used for the username
+     *
+     * @return string
+     * @access public
+     */
+    function getPostUsernameField()
+    {
+        return($this->_postUsername);
+    }
+    // }}}
+    // {{{ getPostPasswordField()
+    /**
+     * Gets the post varible used for the username
+     *
+     * @return string
+     * @access public
+     */
+    function getPostPasswordField()
+    {
+        return($this->_postPassword);
+    }
+    // }}}
+    // {{{ sessionValidThru()
+    /**
+     * Returns the time up to the session is valid
+     *
+     * @access public
+     * @return integer
+     */
+    function sessionValidThru()
+    {
+        if (!isset($this->session['idle'])) {
+            return 0;
+        }
+        if ($this->idle == 0) {
+            return 0;
+        }
+        return ($this->session['idle'] + $this->idle);
+    }
+    // }}}
+    // {{{ listUsers()
+    /**
+     * List all users that are currently available in the storage
+     * container
+     *
+     * @access public
+     * @return array
+     */
+    function listUsers()
+    {
+        $this->_loadStorage();
+        return $this->storage->listUsers();
+    }
+    // }}}
+    // {{{ addUser()
+    /**
+     * Add user to the storage container
+     *
+     * @access public
+     * @param  string Username
+     * @param  string Password
+     * @param  mixed  Additional parameters
+     * @return mixed  True on success, PEAR error object on error
+     *                and AUTH_METHOD_NOT_SUPPORTED otherwise.
+     */
+    function addUser($username, $password, $additional = '')
+    {
+        $this->_loadStorage();
+        return $this->storage->addUser($username, $password, $additional);
+    }
+    // }}}
+    // {{{ removeUser()
+    /**
+     * Remove user from the storage container
+     *
+     * @access public
+     * @param  string Username
+     * @return mixed  True on success, PEAR error object on error
+     *                and AUTH_METHOD_NOT_SUPPORTED otherwise.
+     */
+    function removeUser($username)
+    {
+        $this->_loadStorage();
+        return $this->storage->removeUser($username);
+    }
+    // }}}
+    // {{{ changePassword()
+    /**
+     * Change password for user in the storage container
+     *
+     * @access public
+     * @param string Username
+     * @param string The new password
+     * @return mixed True on success, PEAR error object on error
+     *               and AUTH_METHOD_NOT_SUPPORTED otherwise.
+     */
+    function changePassword($username, $password)
+    {
+        $this->_loadStorage();
+        return $this->storage->changePassword($username, $password);
+    }
+    // }}}
+}
+?>

Subversion Repositories Applications.papyrus

(root)/trunk/api/pear/Auth.php @ 1713 – Rev 320 → 1173