1: <?php
  2: /**
  3:  * This file contains the backend authentication handler class.
  4:  *
  5:  * @package    Core
  6:  * @subpackage Authentication
  7:  * @version    SVN Revision $Rev:$
  8:  *
  9:  * @author     Dominik Ziegler
 10:  * @copyright  four for business AG <www.4fb.de>
 11:  * @license    http://www.contenido.org/license/LIZENZ.txt
 12:  * @link       http://www.4fb.de
 13:  * @link       http://www.contenido.org
 14:  */
 15: 
 16: defined('CON_FRAMEWORK') || die('Illegal call: Missing framework initialization - request aborted.');
 17: 
 18: /**
 19:  * This class contains the methods for the backend authentication in CONTENIDO.
 20:  *
 21:  * @package    Core
 22:  * @subpackage Authentication
 23:  */
 24: class cAuthHandlerBackend extends cAuthHandlerAbstract {
 25: 
 26:     /**
 27:      * Constructor of the backend auth handler.
 28:      * Automatically sets the lifetime of the authentication to the configured
 29:      * value.
 30:      */
 31:     public function __construct() {
 32:         $cfg = cRegistry::getConfig();
 33:         $this->_lifetime = (int)$cfg['backend']['timeout'];
 34: 
 35:         if ($this->_lifetime == 0) {
 36:             $this->_lifetime = 15;
 37:         }
 38:     }
 39: 
 40:     public function preAuthorize() {
 41:         // there is no pre authorization in backend
 42:         return false;
 43:     }
 44: 
 45:     public function displayLoginForm() {
 46:         include (cRegistry::getBackendPath() . 'main.loginform.php');
 47:     }
 48: 
 49:     public function validateCredentials() {
 50:         $username = $_POST['username'];
 51:         $password = $_POST['password'];
 52:         $formtimestamp = $_POST['formtimestamp'];
 53: 
 54:         $groupPerm = array();
 55: 
 56:         if ($password == '') {
 57:             return false;
 58:         }
 59: 
 60:         if (($formtimestamp + (60 * 15)) < time()) {
 61:             return false;
 62:         }
 63: 
 64:         if (isset($username)) {
 65:             $this->auth['uname'] = $username;
 66:         } else if ($this->_defaultNobody == true) {
 67:             $uid = $this->auth['uname'] = $this->auth['uid'] = self::AUTH_UID_NOBODY;
 68: 
 69:             return $uid;
 70:         }
 71: 
 72:         $uid = false;
 73:         $perm = false;
 74:         $pass = false;
 75:         $salt = false;
 76: 
 77:         $userColl = new cApiUserCollection();
 78:         $where = "username = '" . $username . "'";
 79:         $where .= " AND (valid_from <= NOW() OR valid_from = '0000-00-00' OR valid_from is NULL)";
 80:         $where .= " AND (valid_to >= NOW() OR valid_to = '0000-00-00' OR valid_to is NULL)";
 81: 
 82:         $maintenanceMode = getSystemProperty('maintenance', 'mode');
 83:         if ($maintenanceMode == 'enabled') {
 84:             $where .= " AND perms = 'sysadmin'";
 85:         }
 86: 
 87:         $userColl->select($where);
 88: 
 89:         while (($item = $userColl->next()) !== false) {
 90:             $uid = $item->get('user_id');
 91:             $perm = $item->get('perms');
 92:             $pass = $item->get('password'); // Password is stored as a sha256 hash
 93:             $salt = $item->get("salt");
 94:         }
 95: 
 96:         if ($uid == false || hash("sha256", md5($password) . $salt) != $pass) {
 97:             // No user found, sleep and exit
 98:             sleep(5);
 99: 
100:             return false;
101:         }
102: 
103:         if ($perm != '') {
104:             $groupPerm[] = $perm;
105:         }
106: 
107:         $groupColl = new cApiGroupCollection();
108:         $groups = $groupColl->fetchByUserID($uid);
109:         foreach ($groups as $group) {
110:             $groupPerm[] = $group->get('perms');
111:         }
112: 
113:         $perm = implode(',', $groupPerm);
114: 
115:         $this->auth['perm'] = $perm;
116: 
117:         return $uid;
118:     }
119: 
120:     public function logSuccessfulAuth() {
121:         global $client, $lang, $saveLoginTime;
122: 
123:         $perm = new cPermission();
124: 
125:         // Find the first accessible client and language for the user
126:         $clientLangColl = new cApiClientLanguageCollection();
127:         $clientLangColl->select();
128: 
129:         $bFound = false;
130:         while ($bFound == false) {
131:             if (($item = $clientLangColl->next()) === false) {
132:                 break;
133:             }
134: 
135:             $iTmpClient = $item->get('idclient');
136:             $iTmpLang = $item->get('idlang');
137: 
138:             if ($perm->have_perm_client_lang($iTmpClient, $iTmpLang)) {
139:                 $client = $iTmpClient;
140:                 $lang = $iTmpLang;
141:                 $bFound = true;
142:             }
143:         }
144: 
145:         if (!is_numeric($client) || !is_numeric($lang)) {
146:             return;
147:         }
148: 
149:         $idaction = $perm->getIDForAction('login');
150: 
151:         $authInfo = $this->getAuthInfo();
152:         $uid = $authInfo['uid'];
153: 
154:         // create a actionlog entry
155:         $actionLogCol = new cApiActionlogCollection();
156:         $actionLogCol->create($uid, $client, $lang, $idaction, 0);
157: 
158:         $sess = cRegistry::getSession();
159:         $sess->register('saveLoginTime');
160:         $saveLoginTime = true;
161:     }
162: 
163: }
164: