1: <?php
2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14:
15:
16: defined('CON_FRAMEWORK') || die('Illegal call: Missing framework initialization - request aborted.');
17:
18: 19: 20: 21: 22: 23:
24: class cAuthHandlerBackend extends cAuthHandlerAbstract {
25:
26: 27: 28: 29: 30:
31: public function __construct() {
32: $cfg = cRegistry::getConfig();
33: $this->_lifetime = (int)$cfg['backend']['timeout'];
34:
35: if ($this->_lifetime == 0) {
36: $this->_lifetime = 15;
37: }
38: }
39:
40: public function preAuthorize() {
41:
42: return false;
43: }
44:
45: public function displayLoginForm() {
46: include (cRegistry::getBackendPath() . 'main.loginform.php');
47: }
48:
49: public function validateCredentials() {
50: $username = $_POST['username'];
51: $password = $_POST['password'];
52: $formtimestamp = $_POST['formtimestamp'];
53:
54: $groupPerm = array();
55:
56: if ($password == '') {
57: return false;
58: }
59:
60: if (($formtimestamp + (60 * 15)) < time()) {
61: return false;
62: }
63:
64: if (isset($username)) {
65: $this->auth['uname'] = $username;
66: } else if ($this->_defaultNobody == true) {
67: $uid = $this->auth['uname'] = $this->auth['uid'] = self::AUTH_UID_NOBODY;
68:
69: return $uid;
70: }
71:
72: $uid = false;
73: $perm = false;
74: $pass = false;
75: $salt = false;
76:
77: $userColl = new cApiUserCollection();
78: $where = "username = '" . $username . "'";
79: $where .= " AND (valid_from <= NOW() OR valid_from = '0000-00-00' OR valid_from is NULL)";
80: $where .= " AND (valid_to >= NOW() OR valid_to = '0000-00-00' OR valid_to is NULL)";
81:
82: $maintenanceMode = getSystemProperty('maintenance', 'mode');
83: if ($maintenanceMode == 'enabled') {
84: $where .= " AND perms = 'sysadmin'";
85: }
86:
87: $userColl->select($where);
88:
89: while (($item = $userColl->next()) !== false) {
90: $uid = $item->get('user_id');
91: $perm = $item->get('perms');
92: $pass = $item->get('password');
93: $salt = $item->get("salt");
94: }
95:
96: if ($uid == false || hash("sha256", md5($password) . $salt) != $pass) {
97:
98: sleep(5);
99:
100: return false;
101: }
102:
103: if ($perm != '') {
104: $groupPerm[] = $perm;
105: }
106:
107: $groupColl = new cApiGroupCollection();
108: $groups = $groupColl->fetchByUserID($uid);
109: foreach ($groups as $group) {
110: $groupPerm[] = $group->get('perms');
111: }
112:
113: $perm = implode(',', $groupPerm);
114:
115: $this->auth['perm'] = $perm;
116:
117: return $uid;
118: }
119:
120: public function logSuccessfulAuth() {
121: global $client, $lang, $saveLoginTime;
122:
123: $perm = new cPermission();
124:
125:
126: $clientLangColl = new cApiClientLanguageCollection();
127: $clientLangColl->select();
128:
129: $bFound = false;
130: while ($bFound == false) {
131: if (($item = $clientLangColl->next()) === false) {
132: break;
133: }
134:
135: $iTmpClient = $item->get('idclient');
136: $iTmpLang = $item->get('idlang');
137:
138: if ($perm->have_perm_client_lang($iTmpClient, $iTmpLang)) {
139: $client = $iTmpClient;
140: $lang = $iTmpLang;
141: $bFound = true;
142: }
143: }
144:
145: if (!is_numeric($client) || !is_numeric($lang)) {
146: return;
147: }
148:
149: $idaction = $perm->getIDForAction('login');
150:
151: $authInfo = $this->getAuthInfo();
152: $uid = $authInfo->auth['uid'];
153:
154:
155: $actionLogCol = new cApiActionlogCollection();
156: $actionLogCol->create($uid, $client, $lang, $idaction, 0);
157:
158: $sess = cRegistry::getSession();
159: $sess->register('saveLoginTime');
160: $saveLoginTime = true;
161: }
162:
163: }
164: