1: <?php
2:
3: /**
4: * This file contains the global authentication class.
5: *
6: * @package Core
7: * @subpackage Authentication
8: * @author Dominik Ziegler
9: * @copyright four for business AG <www.4fb.de>
10: * @license http://www.contenido.org/license/LIZENZ.txt
11: * @link http://www.4fb.de
12: * @link http://www.contenido.org
13: */
14:
15: defined('CON_FRAMEWORK') || die('Illegal call: Missing framework initialization - request aborted.');
16:
17: /**
18: * This class contains functions for global authentication in CONTENIDO.
19: *
20: * @package Core
21: * @subpackage Authentication
22: */
23: class cAuth {
24:
25: /**
26: * Authentification user ID for nobody.
27: *
28: * @var string
29: */
30: const AUTH_UID_NOBODY = 'nobody';
31:
32: /**
33: * Authentification user ID for calling login form.
34: *
35: * @var string
36: */
37: const AUTH_UID_FORM = 'form';
38:
39: /**
40: * The global auth information array.
41: *
42: * @var array
43: */
44: public $auth = array();
45:
46: /**
47: * Lifetime for authenticated users in minutes.
48: * After that time the authentication expires.
49: *
50: * @var int
51: */
52: protected $_lifetime = 15;
53:
54: /**
55: * Automatic authentication as nobody.
56: *
57: * @var bool
58: */
59: protected $_defaultNobody = false;
60:
61: /**
62: * The "in flag".
63: * Nobody knows, for which reason it exists.
64: *
65: * @var bool
66: */
67: private $_in = false;
68:
69: /**
70: * Magic getter function for outdated variable names.
71: *
72: * @param string $name
73: * name of the variable
74: * @return mixed
75: */
76: public function __get($name) {
77: if ($name == 'lifetime') {
78: return $this->_lifetime;
79: }
80:
81: if ($name == 'persistent_slots') {
82: return array(
83: "auth"
84: );
85: }
86:
87: if ($name == 'classname') {
88: return get_class($this);
89: }
90: }
91:
92: /**
93: * Starts the authentication process.
94: */
95: public function start() {
96: $sess = cRegistry::getSession();
97: if (!$this->_in) {
98: $sess->register('auth');
99: $this->_in = true;
100: }
101:
102: if ($this->isAuthenticated()) {
103: $authInfo = $this->getAuthInfo();
104: $userId = $authInfo['uid'];
105: if ($userId == self::AUTH_UID_FORM) {
106: $userId = $this->validateCredentials();
107: if ($userId !== false) {
108: $this->_setAuthInfo($userId);
109: $this->logSuccessfulAuth();
110: } else {
111: $this->_fetchLoginForm();
112: }
113: } elseif ($userId != self::AUTH_UID_NOBODY) {
114: $this->_setExpiration();
115: }
116: } else {
117: $this->resetAuthInfo();
118:
119: $userId = $this->preAuthorize();
120: if ($userId !== false) {
121: $this->_setAuthInfo($userId);
122:
123: return;
124: }
125:
126: if ($this->_defaultNobody == true) {
127: $this->_setAuthInfo(self::AUTH_UID_NOBODY, 0x7fffffff);
128: } else {
129: $this->_fetchLoginForm();
130: }
131: }
132: }
133:
134: /**
135: * Restarts the authentication process.
136: */
137: public function restart() {
138: $this->resetAuthInfo();
139: $this->_defaultNobody = false;
140: $this->start();
141: }
142:
143: /**
144: * Resets the global authentication information.
145: *
146: * @param bool $nobody [optional]
147: * If flag set to true, the default authentication is
148: * switched to nobody. (optional, default: false)
149: */
150: public function resetAuthInfo($nobody = false) {
151: $this->auth['uid'] = ($nobody == false? '' : self::AUTH_UID_NOBODY);
152: $this->auth['perm'] = '';
153:
154: $this->_setExpiration($nobody == false? 0 : 0x7fffffff);
155: }
156:
157: /**
158: * Logs out the current user, resets the auth information and
159: * freezes the session.
160: *
161: * @param bool $nobody [optional]
162: * If flag set to true, nobody is recreated as user.
163: * @return bool true
164: */
165: public function logout($nobody = false) {
166: $sess = cRegistry::getSession();
167:
168: $sess->unregister('auth');
169: unset($this->auth['uname']);
170:
171: $this->resetAuthInfo($nobody == false? $this->_defaultNobody : $nobody);
172: $sess->freeze();
173:
174: return true;
175: }
176:
177: /**
178: * Getter for the auth information.
179: *
180: * @return array
181: */
182: public function getAuthInfo() {
183: return $this->auth;
184: }
185:
186: /**
187: * Checks, if user is authenticated (NOT logged in!).
188: *
189: * @return bool
190: */
191: public function isAuthenticated() {
192: $authInfo = $this->getAuthInfo();
193:
194: if (isset($authInfo['uid']) && $authInfo['uid'] && (($this->_lifetime <= 0) || (time() < $authInfo['exp']))) {
195: return $authInfo['uid'];
196: } else {
197: return false;
198: }
199: }
200:
201: /**
202: * Checks, if user is currently in login form mode.
203: *
204: * @return bool
205: */
206: public function isLoginForm() {
207: $authInfo = $this->getAuthInfo();
208:
209: return isset($authInfo['uid']) && $authInfo['uid'] == self::AUTH_UID_FORM;
210: }
211:
212: /**
213: * Returns the user id of the currently authenticated user
214: *
215: * @return string
216: */
217: public function getUserId() {
218: $authInfo = $this->getAuthInfo();
219:
220: return $authInfo['uid'];
221: }
222:
223: /**
224: * Returns the user name of the currently authenticated user
225: *
226: * @return string
227: */
228: public function getUsername() {
229: $authInfo = $this->getAuthInfo();
230:
231: return $authInfo['uname'];
232: }
233:
234: /**
235: * Returns the permission string of the currently authenticated user
236: *
237: * @return string
238: */
239: public function getPerms() {
240: $authInfo = $this->getAuthInfo();
241:
242: return $authInfo['perm'];
243: }
244:
245: /**
246: * Sets or refreshs the expiration of the authentication.
247: *
248: * @param int $expiration [optional]
249: * new expiration (optional, default: NULL = current time plus lifetime minutes)
250: */
251: protected function _setExpiration($expiration = NULL) {
252: if ($expiration === NULL) {
253: $expiration = time() + (60 * $this->_lifetime);
254: }
255:
256: $this->auth['exp'] = $expiration;
257: }
258:
259: /**
260: * Fetches the login form.
261: */
262: protected function _fetchLoginForm() {
263: $sess = cRegistry::getSession();
264:
265: $this->_setAuthInfo(self::AUTH_UID_FORM, 0x7fffffff);
266:
267: // TODO Method displayLoginForm() is declared in cAuthHandlerAbstract
268: // which is extending this class! Better declare it in this class and
269: // make it abstract!
270: $this->displayLoginForm();
271:
272: $sess->freeze();
273: exit();
274: }
275:
276: /**
277: * Sets the authentication info for a user.
278: *
279: * @param string $userId
280: * user ID to set
281: * @param int $expiration [optional]
282: * expiration (optional, default: NULL)
283: */
284: protected function _setAuthInfo($userId, $expiration = NULL) {
285: $this->auth['uid'] = $userId;
286: $this->_setExpiration($expiration);
287: }
288: }
289: