Overview

Packages

  • CONTENIDO
  • Core
    • Authentication
    • Backend
    • Cache
    • CEC
    • Chain
    • ContentType
    • Database
    • Debug
    • Exception
    • Frontend
      • Search
      • URI
      • Util
    • GenericDB
      • Model
    • GUI
      • HTML
    • I18N
    • LayoutHandler
    • Log
    • Security
    • Session
    • Util
    • Validation
    • Versioning
    • XML
  • Module
    • ContentSitemapHtml
    • ContentSitemapXml
    • ContentUserForum
    • NavigationTop
    • ScriptCookieDirective
  • mpAutoloaderClassMap
  • None
  • PHP
  • Plugin
    • ContentAllocation
    • CronjobOverview
    • FormAssistant
    • FrontendLogic
    • FrontendUsers
    • Linkchecker
    • ModRewrite
    • Newsletter
    • Repository
      • FrontendNavigation
      • KeywordDensity
    • SIWECOS
    • SmartyWrapper
    • UrlShortener
    • UserForum
    • Workflow
  • PluginManager
  • Setup
    • Form
    • GUI
    • Helper
      • Environment
      • Filesystem
      • MySQL
      • PHP
    • UpgradeJob

Classes

  • cAuth
  • cAuthHandlerAbstract
  • cAuthHandlerBackend
  • cAuthHandlerFrontend
  • Overview
  • Package
  • Class
  • Tree
  • Deprecated
  • Todo
  1: <?php
  2: 
  3: /**
  4:  * This file contains the backend authentication handler class.
  5:  *
  6:  * @package    Core
  7:  * @subpackage Authentication
  8:  * @author     Dominik Ziegler
  9:  * @copyright  four for business AG <www.4fb.de>
 10:  * @license    http://www.contenido.org/license/LIZENZ.txt
 11:  * @link       http://www.4fb.de
 12:  * @link       http://www.contenido.org
 13:  */
 14: 
 15: defined('CON_FRAMEWORK') || die('Illegal call: Missing framework initialization - request aborted.');
 16: 
 17: /**
 18:  * This class is the backend authentication handler for CONTENIDO.
 19:  *
 20:  * @package    Core
 21:  * @subpackage Authentication
 22:  */
 23: class cAuthHandlerBackend extends cAuthHandlerAbstract {
 24: 
 25:     /**
 26:      * Constructor to create an instance of this class.
 27:      *
 28:      * Automatically sets the lifetime of the authentication to the
 29:      * configured value.
 30:      */
 31:     public function __construct() {
 32:         $cfg = cRegistry::getConfig();
 33:         $this->_lifetime = (int) $cfg['backend']['timeout'];
 34:         if ($this->_lifetime == 0) {
 35:             $this->_lifetime = 15;
 36:         }
 37:     }
 38: 
 39:     /**
 40:      * Handle the pre authentication.
 41:      *
 42:      * There is no pre authentication in backend so false is returned.
 43:      *
 44:      * @see cAuthHandlerAbstract::preAuthorize()
 45:      * @return false
 46:      */
 47:     public function preAuthorize() {
 48:         return false;
 49:     }
 50: 
 51:     /**
 52:      * Display the login form.
 53:      * Includes a file which displays the login form.
 54:      *
 55:      * @see cAuthHandlerAbstract::displayLoginForm()
 56:      * 
 57:      * @throws cDbException
 58:      * @throws cException
 59:      * @throws cInvalidArgumentException
 60:      */
 61:     public function displayLoginForm() {
 62:         // @TODO  We need a better solution for this.
 63:         //        One idea could be to set the request/response type in
 64:         //        global $cfg array instead of checking $_REQUEST['ajax']
 65:         //        everywhere...
 66:         if (isset($_REQUEST['ajax']) && $_REQUEST['ajax'] != '') {
 67:             $oAjax = new cAjaxRequest();
 68:             $sReturn = $oAjax->handle('authentication_fail');
 69:             echo $sReturn;
 70:         } else {
 71:             include(cRegistry::getBackendPath() . 'main.loginform.php');
 72:         }
 73:     }
 74: 
 75:     /**
 76:      * Validate the credentials.
 77:      *
 78:      * Validate the users input against source and return a valid user
 79:      * ID or false.
 80:      *
 81:      * @see cAuthHandlerAbstract::validateCredentials()
 82:      *
 83:      * @return string|false
 84:      *
 85:      * @throws cDbException
 86:      * @throws cException
 87:      */
 88:     public function validateCredentials() {
 89:         $username = isset($_POST['username']) ? $_POST['username'] : '';
 90:         $password = isset($_POST['password']) ? $_POST['password'] : '';
 91:         $formtimestamp = isset($_POST['formtimestamp']) ? $_POST['formtimestamp'] : '';
 92: 
 93:         // add slashes if they are not automatically added
 94:         if (cRegistry::getConfigValue('simulate_magic_quotes') !== true) {
 95:             // backward compatiblity of passwords
 96:             $password = addslashes($password);
 97:             // avoid sql injection in query by username on cApiUserCollection select string
 98:             $username = addslashes($username);
 99:         }
100: 
101:         $groupPerm = array();
102: 
103:         if ($password == '') {
104:             return false;
105:         }
106: 
107:         if (($formtimestamp + (60 * 15)) < time()) {
108:             return false;
109:         }
110: 
111:         if (isset($username)) {
112:             $this->auth['uname'] = $username;
113:         } else if ($this->_defaultNobody == true) {
114:             $uid = $this->auth['uname'] = $this->auth['uid'] = self::AUTH_UID_NOBODY;
115: 
116:             return $uid;
117:         }
118: 
119:         $uid = false;
120:         $perm = false;
121:         $pass = false;
122:         $salt = false;
123: 
124:         $userColl = new cApiUserCollection();
125:         $where = "username = '" . $username . "'";
126:         $where .= " AND (valid_from <= NOW() OR valid_from = '0000-00-00 00:00:00' OR valid_from is NULL)";
127:         $where .= " AND (valid_to >= NOW() OR valid_to = '0000-00-00 00:00:00' OR valid_to is NULL)";
128: 
129:         $maintenanceMode = getSystemProperty('maintenance', 'mode');
130:         if ($maintenanceMode == 'enabled') {
131:             $where .= " AND perms = 'sysadmin'";
132:         }
133: 
134:         $userColl->select($where);
135: 
136:         while (($item = $userColl->next()) !== false) {
137:             $uid = $item->get('user_id');
138:             $perm = $item->get('perms');
139:             // password is stored as a sha256 hash
140:             $pass = $item->get('password');
141:             $salt = $item->get("salt");
142:         }
143: 
144:         if ($uid == false || hash("sha256", md5($password) . $salt) != $pass) {
145:             // No user found, sleep and exit
146:             sleep(5);
147: 
148:             return false;
149:         }
150: 
151:         if ($perm != '') {
152:             $groupPerm[] = $perm;
153:         }
154: 
155:         $groupColl = new cApiGroupCollection();
156:         $groups = $groupColl->fetchByUserID($uid);
157:         foreach ($groups as $group) {
158:             $groupPerm[] = $group->get('perms');
159:         }
160: 
161:         $perm = implode(',', $groupPerm);
162: 
163:         $this->auth['perm'] = $perm;
164: 
165:         return $uid;
166:     }
167: 
168:     /**
169:      * Log the successful authentication.
170:      *
171:      * Switches the globals $client & $lang to the first client/language for which the current user has permissions.
172:      * If a client/language combination is found the action "login" is added to the actionlog.
173:      * Eventually the global $saveLoginTime is set to true which will trigger the update of the user properties
174:      * "currentlogintime" and "lastlogintime" in mycontenido.
175:      *
176:      * @see cAuthHandlerAbstract::logSuccessfulAuth()
177:      * 
178:      * @throws cDbException
179:      * @throws cException
180:      */
181:     public function logSuccessfulAuth() {
182:         global $client, $lang, $saveLoginTime;
183: 
184:         $perm = new cPermission();
185: 
186:         // Find the first accessible client and language for the user
187:         $clientLangColl = new cApiClientLanguageCollection();
188:         $clientLangColl->select();
189: 
190:         $bFound = false;
191:         while ($bFound == false) {
192:             if (($item = $clientLangColl->next()) === false) {
193:                 break;
194:             }
195: 
196:             $iTmpClient = $item->get('idclient');
197:             $iTmpLang = $item->get('idlang');
198: 
199:             if ($perm->have_perm_client_lang($iTmpClient, $iTmpLang)) {
200:                 $client = $iTmpClient;
201:                 $lang = $iTmpLang;
202:                 $bFound = true;
203:             }
204:         }
205: 
206:         if (!is_numeric($client) || !is_numeric($lang)) {
207:             return;
208:         }
209: 
210:         $idaction = $perm->getIDForAction('login');
211: 
212:         $authInfo = $this->getAuthInfo();
213:         $uid = $authInfo['uid'];
214: 
215:         // create a actionlog entry
216:         $actionLogCol = new cApiActionlogCollection();
217:         $actionLogCol->create($uid, $client, $lang, $idaction, 0);
218: 
219:         $sess = cRegistry::getSession();
220:         $sess->register('saveLoginTime');
221:         $saveLoginTime = true;
222:     }
223: 
224:     /**
225:      * Returns true if a user is logged in.
226:      *
227:      * @see cAuthHandlerAbstract::isLoggedIn()
228:      * @return bool
229:      */
230:     public function isLoggedIn() {
231:         $authInfo = $this->getAuthInfo();
232: 
233:         if(isset($authInfo['uid'])) {
234:             $user = new cApiUser($authInfo['uid']);
235: 
236:             return $user->get('user_id') != '';
237:         } else {
238:             return false;
239:         }
240:     }
241: 
242: }
243: 
CMS CONTENIDO 4.10.1 API documentation generated by ApiGen 2.8.0