1: <?php
2:
3: /**
4: * This file contains the frontend authentication handler class.
5: *
6: * @package Core
7: * @subpackage Authentication
8: * @author Dominik Ziegler
9: * @copyright four for business AG <www.4fb.de>
10: * @license http://www.contenido.org/license/LIZENZ.txt
11: * @link http://www.4fb.de
12: * @link http://www.contenido.org
13: */
14:
15: defined('CON_FRAMEWORK') || die('Illegal call: Missing framework initialization - request aborted.');
16:
17: /**
18: * This class is the frontend authentication handler for CONTENIDO.
19: *
20: * @package Core
21: * @subpackage Authentication
22: */
23: class cAuthHandlerFrontend extends cAuthHandlerAbstract {
24:
25: /**
26: *
27: * @var bool
28: */
29: protected $_defaultNobody = true;
30:
31: /**
32: * Constructor to create an instance of this class.
33: *
34: * Automatically sets the lifetime of the authentication to the
35: * configured value.
36: */
37: public function __construct() {
38: $cfg = cRegistry::getConfig();
39: $this->_lifetime = (int) $cfg['frontend']['timeout'];
40: if ($this->_lifetime == 0) {
41: $this->_lifetime = 15;
42: }
43: }
44:
45: /**
46: * Handle the pre authorization.
47: * Returns a valid user ID to be set before the login form is handled,
48: * otherwise false.
49: *
50: * @see cAuthHandlerAbstract::preAuthorize()
51: *
52: * @return string|false
53: *
54: * @throws cDbException
55: * @throws cException
56: */
57: public function preAuthorize() {
58: $password = isset($_POST['password']) ? $_POST['password'] : '';
59:
60: if ($password == '') {
61: // Stay as nobody when an empty password is passed
62: $this->auth['uname'] = $this->auth['uid'] = self::AUTH_UID_NOBODY;
63:
64: return false;
65: }
66:
67: return $this->validateCredentials();
68: }
69:
70: /**
71: * Display the login form.
72: * Includes a file which displays the login form.
73: *
74: * @see cAuthHandlerAbstract::displayLoginForm()
75: */
76: public function displayLoginForm() {
77: include(cRegistry::getFrontendPath() . 'front_crcloginform.inc.php');
78: }
79:
80: /**
81: * Validate the credentials.
82: *
83: * Validate the users input against source and return a valid user
84: * ID or false.
85: *
86: * @see cAuthHandlerAbstract::validateCredentials()
87: *
88: * @return string|false
89: *
90: * @throws cDbException
91: * @throws cException
92: */
93: public function validateCredentials() {
94: $frontendUserColl = new cApiFrontendUserCollection();
95:
96: $username = $frontendUserColl->escape(stripslashes(trim($_POST['username'])));
97: $password = $_POST['password'];
98:
99: $groupPerm = array();
100:
101: if (isset($username)) {
102: $this->auth['uname'] = $username;
103: } elseif ($this->_defaultNobody == true) {
104: $uid = $this->auth['uname'] = $this->auth['uid'] = self::AUTH_UID_NOBODY;
105:
106: return $uid;
107: }
108:
109: if ($password == '') {
110: return false;
111: }
112:
113: $uid = false;
114: $perm = false;
115: $pass = false;
116: $salt = false;
117:
118: $client = cRegistry::getClientId();
119:
120: $where = "username = '" . $username . "' AND idclient='" . $client . "' AND active=1";
121: $frontendUserColl->select($where);
122:
123: while (($item = $frontendUserColl->next()) !== false) {
124: $uid = $item->get('idfrontenduser');
125: $perm = 'frontend';
126: $pass = $item->get('password');
127: $salt = $item->get('salt');
128: }
129:
130: if ($uid == false) {
131: $userColl = new cApiUserCollection();
132: $where = "username = '" . $username . "'";
133: $where .= " AND (valid_from <= NOW() OR valid_from = '0000-00-00 00:00:00' OR valid_from is NULL)";
134: $where .= " AND (valid_to >= NOW() OR valid_to = '0000-00-00 00:00:00' OR valid_to is NULL)";
135:
136: $maintenanceMode = getSystemProperty('maintenance', 'mode');
137: if ($maintenanceMode == 'enabled') {
138: $where .= " AND perms = 'sysadmin'";
139: }
140:
141: $userColl->select($where);
142:
143: while (($item = $userColl->next()) !== false) {
144: $uid = $item->get('user_id');
145: $perm = $item->get('perms');
146: // password is stored as a sha256 hash
147: $pass = $item->get('password');
148: $salt = $item->get('salt');
149: }
150: }
151:
152: if ($uid == false || hash("sha256", md5($password) . $salt) != $pass) {
153: sleep(5);
154:
155: return false;
156: }
157:
158: if ($perm != '') {
159: $groupPerm[] = $perm;
160: }
161:
162: $groupColl = new cApiGroupCollection();
163: $groups = $groupColl->fetchByUserID($uid);
164: foreach ($groups as $group) {
165: $groupPerm[] = $group->get('perms');
166: }
167:
168: $perm = implode(',', $groupPerm);
169:
170: $this->auth['perm'] = $perm;
171:
172: return $uid;
173: }
174:
175: /**
176: * Log the successful authentication.
177: *
178: * Frontend logins won't be logged.
179: *
180: * @see cAuthHandlerAbstract::logSuccessfulAuth()
181: */
182: public function logSuccessfulAuth() {
183: return;
184: }
185:
186: /**
187: * Returns true if a user is logged in.
188: *
189: * @see cAuthHandlerAbstract::isLoggedIn()
190: * @return bool
191: */
192: public function isLoggedIn() {
193: $authInfo = $this->getAuthInfo();
194:
195: if(isset($authInfo['uid'])) {
196: $user = new cApiUser($authInfo['uid']);
197: $frontendUser = new cApiFrontendUser($authInfo['uid']);
198:
199: return $user->get('user_id') != '' || $frontendUser->get('idfrontenduser') != '';
200: } else {
201: return false;
202: }
203: }
204: }
205: