| [ Index ] |
PHP Cross Reference of MantisBT |
[Summary view] [Print] [Text view]
1 <?php 2 # MantisBT - A PHP based bugtracking system 3 4 # MantisBT is free software: you can redistribute it and/or modify 5 # it under the terms of the GNU General Public License as published by 6 # the Free Software Foundation, either version 2 of the License, or 7 # (at your option) any later version. 8 # 9 # MantisBT is distributed in the hope that it will be useful, 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 # GNU General Public License for more details. 13 # 14 # You should have received a copy of the GNU General Public License 15 # along with MantisBT. If not, see <http://www.gnu.org/licenses/>. 16 17 /** 18 * Authentication API 19 * 20 * @package CoreAPI 21 * @subpackage AuthenticationAPI 22 * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org 23 * @copyright Copyright (C) 2002 - 2011 MantisBT Team - mantisbt-dev@lists.sourceforge.net 24 * @link http://www.mantisbt.org 25 * 26 * @uses access_api.php 27 * @uses config_api.php 28 * @uses constant_inc.php 29 * @uses crypto_api.php 30 * @uses current_user_api.php 31 * @uses database_api.php 32 * @uses error_api.php 33 * @uses gpc_api.php 34 * @uses helper_api.php 35 * @uses html_api.php 36 * @uses lang_api.php 37 * @uses ldap_api.php 38 * @uses print_api.php 39 * @uses session_api.php 40 * @uses string_api.php 41 * @uses tokens_api.php 42 * @uses user_api.php 43 * @uses utility_api.php 44 */ 45 46 require_api( 'access_api.php' ); 47 require_api( 'config_api.php' ); 48 require_api( 'constant_inc.php' ); 49 require_api( 'crypto_api.php' ); 50 require_api( 'current_user_api.php' ); 51 require_api( 'database_api.php' ); 52 require_api( 'error_api.php' ); 53 require_api( 'gpc_api.php' ); 54 require_api( 'helper_api.php' ); 55 require_api( 'html_api.php' ); 56 require_api( 'lang_api.php' ); 57 require_api( 'ldap_api.php' ); 58 require_api( 'print_api.php' ); 59 require_api( 'session_api.php' ); 60 require_api( 'string_api.php' ); 61 require_api( 'tokens_api.php' ); 62 require_api( 'user_api.php' ); 63 require_api( 'utility_api.php' ); 64 65 /** 66 * 67 * @global array $g_script_login_cookie 68 */ 69 $g_script_login_cookie = null; 70 71 /** 72 * 73 * @global array $g_cache_anonymous_user_cookie_string 74 */ 75 $g_cache_anonymous_user_cookie_string = null; 76 77 /** 78 * 79 * @global array $g_cache_cookie_valid 80 */ 81 $g_cache_cookie_valid = null; 82 83 /** 84 * 85 * @global array $g_cache_current_user_id 86 */ 87 $g_cache_current_user_id = null; 88 89 /** 90 * Check that there is a user logged-in and authenticated 91 * If the user's account is disabled they will be logged out 92 * If there is no user logged in, redirect to the login page 93 * If parameter is given it is used as a URL to redirect to following 94 * successful login. If none is given, the URL of the current page is used 95 * @param string $p_return_page Page to redirect to following successful logon, defaults to current page 96 * @access public 97 */ 98 function auth_ensure_user_authenticated( $p_return_page = '' ) { 99 # if logged in 100 if( auth_is_user_authenticated() ) { 101 # check for access enabled 102 # This also makes sure the cookie is valid 103 if( OFF == current_user_get_field( 'enabled' ) ) { 104 print_header_redirect( 'logout_page.php' ); 105 } 106 } else { 107 # not logged in 108 if( is_blank( $p_return_page ) ) { 109 if( !isset( $_SERVER['REQUEST_URI'] ) ) { 110 $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING']; 111 } 112 $p_return_page = $_SERVER['REQUEST_URI']; 113 } 114 $p_return_page = string_url( $p_return_page ); 115 print_header_redirect( 'login_page.php?return=' . $p_return_page ); 116 } 117 } 118 119 /** 120 * Return true if there is a currently logged in and authenticated user, false otherwise 121 * 122 * @param boolean auto-login anonymous user 123 * @return bool 124 * @access public 125 */ 126 function auth_is_user_authenticated() { 127 global $g_cache_cookie_valid, $g_login_anonymous; 128 if( $g_cache_cookie_valid == true ) { 129 return $g_cache_cookie_valid; 130 } 131 $g_cache_cookie_valid = auth_is_cookie_valid( auth_get_current_user_cookie( $g_login_anonymous ) ); 132 return $g_cache_cookie_valid; 133 } 134 135 /** 136 * prepare/override the username provided from logon form (if necessary) 137 * @todo when we rewrite authentication api for plugins, this should be merged with prepare_password and return some object 138 * @param string $p_username 139 * @return string prepared username 140 * @access public 141 */ 142 function auth_prepare_username( $p_username ) { 143 switch( config_get( 'login_method' ) ) { 144 case BASIC_AUTH: 145 $f_username = $_SERVER['REMOTE_USER']; 146 break; 147 case HTTP_AUTH: 148 if( !auth_http_is_logout_pending() ) { 149 if( isset( $_SERVER['PHP_AUTH_USER'] ) ) { 150 $f_username = $_SERVER['PHP_AUTH_USER']; 151 } 152 } else { 153 auth_http_set_logout_pending( false ); 154 auth_http_prompt(); 155 156 /* calls exit */ 157 return; 158 } 159 break; 160 default: 161 $f_username = $p_username; 162 break; 163 } 164 return $f_username; 165 } 166 167 /** 168 * prepare/override the password provided from logon form (if necessary) 169 * @todo when we rewrite authentication api for plugins, this should be merged with prepare_username and return some object 170 * @param string $p_password 171 * @return string prepared password 172 * @access public 173 */ 174 function auth_prepare_password( $p_password ) { 175 switch( config_get( 'login_method' ) ) { 176 case BASIC_AUTH: 177 $f_password = $_SERVER['PHP_AUTH_PW']; 178 break; 179 case HTTP_AUTH: 180 if( !auth_http_is_logout_pending() ) { 181 182 /* this will never get hit - see auth_prepare_username */ 183 if( isset( $_SERVER['PHP_AUTH_PW'] ) ) { 184 $f_password = $_SERVER['PHP_AUTH_PW']; 185 } 186 } else { 187 auth_http_set_logout_pending( false ); 188 auth_http_prompt(); 189 190 /* calls exit */ 191 return; 192 } 193 break; 194 default: 195 $f_password = $p_password; 196 break; 197 } 198 return $f_password; 199 } 200 201 /** 202 * Attempt to login the user with the given password 203 * If the user fails validation, false is returned 204 * If the user passes validation, the cookies are set and 205 * true is returned. If $p_perm_login is true, the long-term 206 * cookie is created. 207 * @param string $p_username a prepared username 208 * @param string $p_password a prepared password 209 * @param bool $p_perm_login whether to create a long-term cookie 210 * @return bool indicates if authentication was successful 211 * @access public 212 */ 213 function auth_attempt_login( $p_username, $p_password, $p_perm_login = false ) { 214 $t_user_id = user_get_id_by_name( $p_username ); 215 216 $t_login_method = config_get( 'login_method' ); 217 218 if ( false === $t_user_id ) { 219 if ( BASIC_AUTH == $t_login_method ) { 220 $t_auto_create = true; 221 } else if ( LDAP == $t_login_method && ldap_authenticate_by_username( $p_username, $p_password ) ) { 222 $t_auto_create = true; 223 } else { 224 $t_auto_create = false; 225 } 226 227 if ( $t_auto_create ) { 228 # attempt to create the user 229 $t_cookie_string = user_create( $p_username, md5( $p_password ) ); 230 231 if ( false === $t_cookie_string ) { 232 # it didn't work 233 return false; 234 } 235 236 # ok, we created the user, get the row again 237 $t_user_id = user_get_id_by_name( $p_username ); 238 239 if( false === $t_user_id ) { 240 # uh oh, something must be really wrong 241 # @@@ trigger an error here? 242 return false; 243 } 244 } else { 245 return false; 246 } 247 } 248 249 # check for disabled account 250 if( !user_is_enabled( $t_user_id ) ) { 251 return false; 252 } 253 254 # max. failed login attempts achieved... 255 if( !user_is_login_request_allowed( $t_user_id ) ) { 256 return false; 257 } 258 259 # check for anonymous login 260 if( !user_is_anonymous( $t_user_id ) ) { 261 # anonymous login didn't work, so check the password 262 263 if( !auth_does_password_match( $t_user_id, $p_password ) ) { 264 user_increment_failed_login_count( $t_user_id ); 265 return false; 266 } 267 } 268 269 # ok, we're good to login now 270 # increment login count 271 user_increment_login_count( $t_user_id ); 272 273 user_reset_failed_login_count_to_zero( $t_user_id ); 274 user_reset_lost_password_in_progress_count_to_zero( $t_user_id ); 275 276 # set the cookies 277 auth_set_cookies( $t_user_id, $p_perm_login ); 278 auth_set_tokens( $t_user_id ); 279 280 return true; 281 } 282 283 /** 284 * Allows scripts to login using a login name or ( login name + password ) 285 * @param string $p_username username 286 * @param string $p_password username 287 * @return bool indicates if authentication was successful 288 * @access public 289 */ 290 function auth_attempt_script_login( $p_username, $p_password = null ) { 291 global $g_script_login_cookie, $g_cache_current_user_id; 292 293 $t_user_id = user_get_id_by_name( $p_username ); 294 295 if( false === $t_user_id ) { 296 return false; 297 } 298 299 $t_user = user_get_row( $t_user_id ); 300 301 # check for disabled account 302 if( OFF == $t_user['enabled'] ) { 303 return false; 304 } 305 306 # validate password if supplied 307 if( null !== $p_password ) { 308 if( !auth_does_password_match( $t_user_id, $p_password ) ) { 309 return false; 310 } 311 } 312 313 # ok, we're good to login now 314 # With cases like RSS feeds and MantisConnect there is a login per operation, hence, there is no 315 # real significance of incrementing login count. 316 # increment login count 317 # user_increment_login_count( $t_user_id ); 318 # set the cookies 319 $g_script_login_cookie = $t_user['cookie_string']; 320 321 # cache user id for future reference 322 $g_cache_current_user_id = $t_user_id; 323 324 return true; 325 } 326 327 /** 328 * Logout the current user and remove any remaining cookies from their browser 329 * Returns true on success, false otherwise 330 * @access public 331 */ 332 function auth_logout() { 333 global $g_cache_current_user_id, $g_cache_cookie_valid; 334 335 # clear cached userid 336 user_clear_cache( $g_cache_current_user_id ); 337 $g_cache_current_user_id = null; 338 $g_cache_cookie_valid = null; 339 340 # clear cookies, if they were set 341 if( auth_clear_cookies() ) { 342 helper_clear_pref_cookies(); 343 } 344 345 if( HTTP_AUTH == config_get( 'login_method' ) ) { 346 auth_http_set_logout_pending( true ); 347 } 348 349 session_clean(); 350 } 351 352 /** 353 * Identicates whether to bypass logon form e.g. when using http auth 354 * @return bool 355 * @access public 356 */ 357 function auth_automatic_logon_bypass_form() { 358 switch( config_get( 'login_method' ) ) { 359 case HTTP_AUTH: 360 return true; 361 } 362 return false; 363 } 364 365 /** 366 * Return true if the password for the user id given matches the given 367 * password (taking into account the global login method) 368 * @param int $p_user_id User id to check password against 369 * @param string $p_test_password Password 370 * @return bool indicating whether password matches given the user id 371 * @access public 372 */ 373 function auth_does_password_match( $p_user_id, $p_test_password ) { 374 $t_configured_login_method = config_get( 'login_method' ); 375 376 if( LDAP == $t_configured_login_method ) { 377 return ldap_authenticate( $p_user_id, $p_test_password ); 378 } 379 380 $t_password = user_get_field( $p_user_id, 'password' ); 381 $t_login_methods = Array( 382 MD5, 383 CRYPT, 384 PLAIN, 385 ); 386 foreach( $t_login_methods as $t_login_method ) { 387 388 # pass the stored password in as the salt 389 if( auth_process_plain_password( $p_test_password, $t_password, $t_login_method ) == $t_password ) { 390 391 # Do not support migration to PLAIN, since this would be a crazy thing to do. 392 # Also if we do, then a user will be able to login by providing the MD5 value 393 # that is copied from the database. See #8467 for more details. 394 if( $t_configured_login_method != PLAIN && $t_login_method == PLAIN ) { 395 continue; 396 } 397 398 # Check for migration to another login method and test whether the password was encrypted 399 # with our previously insecure implemention of the CRYPT method 400 if(( $t_login_method != $t_configured_login_method ) || (( CRYPT == $t_configured_login_method ) && utf8_substr( $t_password, 0, 2 ) == utf8_substr( $p_test_password, 0, 2 ) ) ) { 401 user_set_password( $p_user_id, $p_test_password, true ); 402 } 403 404 return true; 405 } 406 } 407 408 return false; 409 } 410 411 /** 412 * Encrypt and return the plain password given, as appropriate for the current 413 * global login method. 414 * 415 * When generating a new password, no salt should be passed in. 416 * When encrypting a password to compare to a stored password, the stored 417 * password should be passed in as salt. If the auth method is CRYPT then 418 * crypt() will extract the appropriate portion of the stored password as its salt 419 * 420 * @param string $p_password 421 * @param string $p_salt salt, defaults to null 422 * @param string $p_method logon method, defaults to null (use config login method) 423 * @return string processed password, maximum PASSLEN chars in length 424 * @access public 425 */ 426 function auth_process_plain_password( $p_password, $p_salt = null, $p_method = null ) { 427 $t_login_method = config_get( 'login_method' ); 428 if( $p_method !== null ) { 429 $t_login_method = $p_method; 430 } 431 432 switch( $t_login_method ) { 433 case CRYPT: 434 435 # a null salt is the same as no salt, which causes a salt to be generated 436 # otherwise, use the salt given 437 $t_processed_password = crypt( $p_password, $p_salt ); 438 break; 439 case MD5: 440 $t_processed_password = md5( $p_password ); 441 break; 442 case BASIC_AUTH: 443 case PLAIN: 444 default: 445 $t_processed_password = $p_password; 446 break; 447 } 448 449 # cut this off to PASSLEN cahracters which the largest possible string in the database 450 return utf8_substr( $t_processed_password, 0, PASSLEN ); 451 } 452 453 /** 454 * Generate a random 16 character password. 455 * @todo Review use of $p_email within mantis 456 * @param string $p_email unused 457 * @return string 16 character random password 458 * @access public 459 */ 460 function auth_generate_random_password( $p_email ) { 461 # !TODO: create memorable passwords? 462 return crypto_generate_uri_safe_nonce( 16 ); 463 } 464 465 /** 466 * Generate a confirmation code to validate password reset requests. 467 * @param int $p_user_id User ID to generate a confirmation code for 468 * @return string Confirmation code (384bit) encoded according to the base64 with URI safe alphabet approach described in RFC4648 469 * @access public 470 */ 471 function auth_generate_confirm_hash( $p_user_id ) { 472 $t_password = user_get_field( $p_user_id, 'password' ); 473 $t_last_visit = user_get_field( $p_user_id, 'last_visit' ); 474 475 $t_confirm_hash_raw = hash( 'whirlpool', 'confirm_hash' . config_get_global( 'crypto_master_salt' ) . $t_password . $t_last_visit, true ); 476 # Note: We truncate the last 8 bits from the hash output so that base64 477 # encoding can be performed without any trailing padding. 478 $t_confirm_hash_base64_encoded = base64_encode( substr( $t_confirm_hash_raw, 0, 63 ) ); 479 $t_confirm_hash = strtr( $t_confirm_hash_base64_encoded, '+/', '-_' ); 480 481 return $t_confirm_hash; 482 } 483 484 /** 485 * Set login cookies for the user 486 * If $p_perm_login is true, a long-term cookie is created 487 * @param int $p_user_id user id 488 * @param bool $p_perm_login indicates whether to generate a long-term cookie 489 * @access public 490 */ 491 function auth_set_cookies( $p_user_id, $p_perm_login = false ) { 492 $t_cookie_string = user_get_field( $p_user_id, 'cookie_string' ); 493 494 $t_cookie_name = config_get( 'string_cookie' ); 495 496 if( $p_perm_login ) { 497 # set permanent cookie (1 year) 498 gpc_set_cookie( $t_cookie_name, $t_cookie_string, true ); 499 } else { 500 # set temp cookie, cookie dies after browser closes 501 gpc_set_cookie( $t_cookie_name, $t_cookie_string, false ); 502 } 503 } 504 505 /** 506 * Clear login cookies, return true if they were cleared 507 * @return bool indicating whether cookies were cleared 508 * @access public 509 */ 510 function auth_clear_cookies() { 511 global $g_script_login_cookie, $g_cache_cookie_valid; 512 513 $t_cookies_cleared = false; 514 $g_cache_cookie_valid = null; 515 516 # clear cookie, if not logged in from script 517 if( $g_script_login_cookie == null ) { 518 $t_cookie_name = config_get( 'string_cookie' ); 519 $t_cookie_path = config_get( 'cookie_path' ); 520 521 gpc_clear_cookie( $t_cookie_name, $t_cookie_path ); 522 $t_cookies_cleared = true; 523 } else { 524 $g_script_login_cookie = null; 525 } 526 return $t_cookies_cleared; 527 } 528 529 /** 530 * Generate a random and unique string to use as the identifier for the login 531 * cookie. 532 * @return string Random and unique 384bit cookie string of encoded according to the base64 with URI safe alphabet approach described in RFC4648 533 * @access public 534 */ 535 function auth_generate_unique_cookie_string() { 536 do { 537 $t_cookie_string = crypto_generate_uri_safe_nonce( 64 ); 538 } 539 while( !auth_is_cookie_string_unique( $t_cookie_string ) ); 540 541 return $t_cookie_string; 542 } 543 544 /** 545 * Return true if the cookie login identifier is unique, false otherwise 546 * @param string $p_cookie_string 547 * @return bool indicating whether cookie string is unique 548 * @access public 549 */ 550 function auth_is_cookie_string_unique( $p_cookie_string ) { 551 $t_user_table = db_get_table( 'user' ); 552 553 $query = "SELECT COUNT(*) 554 FROM $t_user_table 555 WHERE cookie_string=" . db_param(); 556 $result = db_query_bound( $query, Array( $p_cookie_string ) ); 557 $t_count = db_result( $result ); 558 559 if( $t_count > 0 ) { 560 return false; 561 } else { 562 return true; 563 } 564 } 565 566 /** 567 * Return the current user login cookie string, 568 * note that the cookie cached by a script login superceeds the cookie provided by 569 * the browser. This shouldn't normally matter, except that the password verification uses 570 * this routine to bypass the normal authentication, and can get confused when a normal user 571 * logs in, then runs the verify script. the act of fetching config variables may get the wrong 572 * userid. 573 * if no user is logged in and anonymous login is enabled, returns cookie for anonymous user 574 * otherwise returns '' (an empty string) 575 * 576 * @param boolean auto-login anonymous user 577 * @return string current user login cookie string 578 * @access public 579 */ 580 function auth_get_current_user_cookie( $p_login_anonymous=true ) { 581 global $g_script_login_cookie, $g_cache_anonymous_user_cookie_string; 582 583 # if logging in via a script, return that cookie 584 if( $g_script_login_cookie !== null ) { 585 return $g_script_login_cookie; 586 } 587 588 # fetch user cookie 589 $t_cookie_name = config_get( 'string_cookie' ); 590 $t_cookie = gpc_get_cookie( $t_cookie_name, '' ); 591 592 # if cookie not found, and anonymous login enabled, use cookie of anonymous account. 593 if( is_blank( $t_cookie ) ) { 594 if( $p_login_anonymous && ON == config_get( 'allow_anonymous_login' ) ) { 595 if( $g_cache_anonymous_user_cookie_string === null ) { 596 if( function_exists( 'db_is_connected' ) && db_is_connected() ) { 597 598 # get anonymous information if database is available 599 $query = 'SELECT id, cookie_string FROM ' . db_get_table( 'user' ) . ' WHERE username = ' . db_param(); 600 $result = db_query_bound( $query, Array( config_get( 'anonymous_account' ) ) ); 601 602 if( 1 == db_num_rows( $result ) ) { 603 $row = db_fetch_array( $result ); 604 $t_cookie = $row['cookie_string']; 605 606 $g_cache_anonymous_user_cookie_string = $t_cookie; 607 $g_cache_current_user_id = $row['id']; 608 } 609 } 610 } else { 611 $t_cookie = $g_cache_anonymous_user_cookie_string; 612 } 613 } 614 } 615 616 return $t_cookie; 617 } 618 619 /** 620 * Set authentication tokens for secure session. 621 * @param integer User ID 622 * @access public 623 */ 624 function auth_set_tokens( $p_user_id ) { 625 $t_auth_token = token_get( TOKEN_AUTHENTICATED, $p_user_id ); 626 if( null == $t_auth_token ) { 627 token_set( TOKEN_AUTHENTICATED, true, config_get_global( 'reauthentication_expiry' ), $p_user_id ); 628 } else { 629 token_touch( $t_auth_token['id'], config_get_global( 'reauthentication_expiry' ) ); 630 } 631 } 632 633 /** 634 * Check for authentication tokens, and display re-authentication page if needed. 635 * Currently, if using BASIC or HTTP authentication methods, or if logged in anonymously, 636 * this function will always "authenticate" the user (do nothing). 637 * 638 * @return bool 639 * @access public 640 */ 641 function auth_reauthenticate() { 642 if( config_get_global( 'reauthentication' ) == OFF || BASIC_AUTH == config_get( 'login_method' ) || HTTP_AUTH == config_get( 'login_method' ) ) { 643 return true; 644 } 645 646 $t_auth_token = token_get( TOKEN_AUTHENTICATED ); 647 if( null != $t_auth_token ) { 648 token_touch( $t_auth_token['id'], config_get_global( 'reauthentication_expiry' ) ); 649 return true; 650 } else { 651 $t_anon_account = config_get( 'anonymous_account' ); 652 $t_anon_allowed = config_get( 'allow_anonymous_login' ); 653 654 $t_user_id = auth_get_current_user_id(); 655 $t_username = user_get_field( $t_user_id, 'username' ); 656 657 # check for anonymous login 658 if( ON == $t_anon_allowed && $t_anon_account == $t_username ) { 659 return true; 660 } 661 662 return auth_reauthenticate_page( $t_user_id, $t_username ); 663 } 664 } 665 666 /** 667 * Generate the intermediate authentication page. 668 * @param integer User ID 669 * @param string Username 670 * @return bool 671 * @access public 672 */ 673 function auth_reauthenticate_page( $p_user_id, $p_username ) { 674 $t_error = false; 675 676 if( true == gpc_get_bool( '_authenticate' ) ) { 677 $f_password = gpc_get_string( 'password', '' ); 678 679 if( auth_attempt_login( $p_username, $f_password ) ) { 680 auth_set_tokens( $p_user_id ); 681 return true; 682 } else { 683 $t_error = true; 684 } 685 } 686 687 html_page_top(); 688 689 ?> 690 <div class="important-msg"> 691 <?php 692 echo lang_get( 'reauthenticate_message' ); 693 if( $t_error != false ) { 694 echo '<br /><span class="error-msg">', lang_get( 'login_error' ), '</span>'; 695 } 696 ?> 697 </div> 698 <div id="reauth-div" class="form-container"> 699 <form id="reauth-form" method="post" action=""> 700 <fieldset> 701 <legend><span><?php echo lang_get( 'reauthenticate_title' ); ?></span></legend> 702 703 <?php 704 # CSRF protection not required here - user needs to enter password 705 # (confirmation step) before the form is accepted. 706 print_hidden_inputs( gpc_strip_slashes( $_POST ) ); 707 print_hidden_inputs( gpc_strip_slashes( $_GET ) ); 708 ?> 709 710 <input type="hidden" name="_authenticate" value="1" /> 711 <div class="field-container <?php echo helper_alternate_class_no_attribute(); ?>"> 712 <label for="username"><span><?php echo lang_get( 'username' );?></span></label> 713 <span class="input"><input id="username" type="text" disabled="disabled" size="32" maxlength="<?php echo USERLEN;?>" value="<?php echo string_attribute( $p_username );?>" /></span> 714 <span class="label-style"></span> 715 </div> 716 <div class="field-container <?php echo helper_alternate_class_no_attribute(); ?>"> 717 <label for="password"><span><?php echo lang_get( 'password' );?></span></label> 718 <span class="input"><input id="password" type="password" name="password" size="16" maxlength="<?php echo PASSLEN;?>" class="autofocus" /></span> 719 <span class="label-style"></span> 720 </div> 721 <span class="submit-button"><input type="submit" class="button" value="<?php echo lang_get( 'login_button' );?>" /></span> 722 </fieldset> 723 </form> 724 </div> 725 726 <?php 727 html_page_bottom(); 728 exit; 729 } 730 731 /** 732 * is cookie valid? 733 * @param string $p_cookie_string 734 * @return bool 735 * @access public 736 */ 737 function auth_is_cookie_valid( $p_cookie_string ) { 738 global $g_cache_current_user_id; 739 740 # fail if DB isn't accessible 741 if( !db_is_connected() ) { 742 return false; 743 } 744 745 # fail if cookie is blank 746 if( '' === $p_cookie_string ) { 747 return false; 748 } 749 750 # succeeed if user has already been authenticated 751 if( null !== $g_cache_current_user_id ) { 752 return true; 753 } 754 755 if( user_search_cache( 'cookie_string', $p_cookie_string ) ) { 756 return true; 757 } 758 759 # look up cookie in the database to see if it is valid 760 $t_user_table = db_get_table( 'user' ); 761 762 $query = "SELECT * 763 FROM $t_user_table 764 WHERE cookie_string=" . db_param(); 765 $result = db_query_bound( $query, Array( $p_cookie_string ) ); 766 767 # return true if a matching cookie was found 768 if( 1 == db_num_rows( $result ) ) { 769 user_cache_database_result( db_fetch_array( $result ) ); 770 return true; 771 } else { 772 return false; 773 } 774 } 775 776 /** 777 * Retrieve user id of current user 778 * @return int user id 779 * @access public 780 */ 781 function auth_get_current_user_id() { 782 global $g_cache_current_user_id; 783 784 if( null !== $g_cache_current_user_id ) { 785 return $g_cache_current_user_id; 786 } 787 788 $t_cookie_string = auth_get_current_user_cookie(); 789 790 if( $t_result = user_search_cache( 'cookie_string', $t_cookie_string ) ) { 791 $t_user_id = (int) $t_result['id']; 792 $g_cache_current_user_id = $t_user_id; 793 return $t_user_id; 794 } 795 796 $t_user_table = db_get_table( 'user' ); 797 798 /** @todo error with an error saying they aren't logged in? Or redirect to the login page maybe? */ 799 $query = "SELECT id 800 FROM $t_user_table 801 WHERE cookie_string=" . db_param(); 802 $result = db_query_bound( $query, Array( $t_cookie_string ) ); 803 804 # The cookie was invalid. Clear the cookie (to allow people to log in again) 805 # and give them an Access Denied message. 806 if( db_num_rows( $result ) < 1 ) { 807 auth_clear_cookies(); 808 access_denied(); 809 exit(); 810 } 811 812 $t_user_id = (int) db_result( $result ); 813 $g_cache_current_user_id = $t_user_id; 814 815 return $t_user_id; 816 } 817 818 819 /** 820 * 821 * @access public 822 */ 823 function auth_http_prompt() { 824 header( 'HTTP/1.0 401 Authorization Required' ); 825 header( 'WWW-Authenticate: Basic realm="' . lang_get( 'http_auth_realm' ) . '"' ); 826 header( 'status: 401 Unauthorized' ); 827 828 echo '<p class="center error-msg">' . error_string( ERROR_ACCESS_DENIED ) . '</p>'; 829 print_bracket_link( 'main_page.php', lang_get( 'proceed' ) ); 830 831 exit; 832 } 833 834 /** 835 * 836 * @param bool $p_pending 837 * @access public 838 */ 839 function auth_http_set_logout_pending( $p_pending ) { 840 $t_cookie_name = config_get( 'logout_cookie' ); 841 842 if( $p_pending ) { 843 gpc_set_cookie( $t_cookie_name, '1', false ); 844 } else { 845 $t_cookie_path = config_get( 'cookie_path' ); 846 gpc_clear_cookie( $t_cookie_name, $t_cookie_path ); 847 } 848 } 849 850 /** 851 * 852 * @return bool 853 * @access public 854 */ 855 function auth_http_is_logout_pending() { 856 $t_cookie_name = config_get( 'logout_cookie' ); 857 $t_cookie = gpc_get_cookie( $t_cookie_name, '' ); 858 859 return( $t_cookie > '' ); 860 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Thu Jul 28 15:48:31 2011 | Cross-referenced by PHPXref 0.7 |