Overview

Packages

  • Core
    • Authentication
    • Backend
    • Cache
    • CEC
    • Chain
    • ContentType
    • Database
    • Datatype
    • Debug
    • Exception
    • Frontend
      • Search
      • URI
      • Util
    • GenericDB
      • Model
    • GUI
      • HTML
    • I18N
    • LayoutHandler
    • Log
    • Security
    • Session
    • Util
    • Validation
    • Versioning
    • XML
  • Module
    • ContentSitemapHtml
    • ContentSitemapXml
    • ContentUserForum
    • NavigationTop
  • mpAutoloaderClassMap
  • None
  • Plugin
    • ContentAllocation
    • CronjobOverview
    • FormAssistant
    • FrontendLogic
    • FrontendUsers
    • Linkchecker
    • ModRewrite
    • Newsletter
    • Repository
      • FrontendNavigation
      • KeywordDensity
    • SearchSolr
    • SmartyWrapper
    • UrlShortener
    • UserForum
    • Workflow
  • PluginManager
  • Setup
    • Form
    • GUI
    • Helper
      • Environment
      • Filesystem
      • MySQL
      • PHP
    • UpgradeJob

Classes

  • cAuth
  • cAuthHandlerAbstract
  • cAuthHandlerBackend
  • cAuthHandlerFrontend
  • Overview
  • Package
  • Class
  • Tree
  • Deprecated
  • Todo 
  1: <?php
  2: /**
  3:  * This file contains the frontend authentication handler class.
  4:  *
  5:  * @package    Core
  6:  * @subpackage Authentication
  7:  * @version    SVN Revision $Rev:$
  8:  *
  9:  * @author     Dominik Ziegler
 10:  * @copyright  four for business AG <www.4fb.de>
 11:  * @license    http://www.contenido.org/license/LIZENZ.txt
 12:  * @link       http://www.4fb.de
 13:  * @link       http://www.contenido.org
 14:  */
 15: 
 16: defined('CON_FRAMEWORK') || die('Illegal call: Missing framework initialization - request aborted.');
 17: 
 18: /**
 19:  * This class contains the methods for the frontend authentication in CONTENIDO.
 20:  *
 21:  * @package    Core
 22:  * @subpackage Authentication
 23:  */
 24: class cAuthHandlerFrontend extends cAuthHandlerAbstract {
 25:     protected $_defaultNobody = true;
 26: 
 27:     public function preAuthorize() {
 28:         $password = $_POST['password'];
 29: 
 30:         if ($password == '') {
 31:             // Stay as nobody when an empty password is passed
 32:             $this->auth['uname'] = $this->auth['uid'] = self::AUTH_UID_NOBODY;
 33: 
 34:             return false;
 35:         }
 36: 
 37:         return $this->validateCredentials();
 38:     }
 39: 
 40:     public function displayLoginForm() {
 41:         include (cRegistry::getFrontendPath() . 'front_crcloginform.inc.php');
 42:     }
 43: 
 44:     public function validateCredentials() {
 45:         $username = $_POST['username'];
 46:         $password = $_POST['password'];
 47: 
 48:         $groupPerm = array();
 49: 
 50:         if (isset($username)) {
 51:             $this->auth['uname'] = $username;
 52:         } elseif ($this->_defaultNobody == true) {
 53:             $uid = $this->auth['uname'] = $this->auth['uid'] = self::AUTH_UID_NOBODY;
 54: 
 55:             return $uid;
 56:         }
 57: 
 58:         if ($password == '') {
 59:             return false;
 60:         }
 61: 
 62:         $uid = false;
 63:         $perm = false;
 64:         $pass = false;
 65:         $salt = false;
 66: 
 67:         $client = cRegistry::getClientId();
 68: 
 69:         $frontendUserColl = new cApiFrontendUserCollection();
 70:         $where = "username = '" . $username . "' AND idclient='" . $client . "' AND active=1";
 71:         $frontendUserColl->select($where);
 72: 
 73:         while (($item = $frontendUserColl->next()) !== false) {
 74:             $uid = $item->get('idfrontenduser');
 75:             $perm = 'frontend';
 76:             $pass = $item->get('password');
 77:             $salt = $item->get('salt');
 78:         }
 79: 
 80:         if ($uid == false) {
 81:             $userColl = new cApiUserCollection();
 82:             $where = "username = '" . $username . "'";
 83:             $where .= " AND (valid_from <= NOW() OR valid_from = '0000-00-00' OR valid_from is NULL)";
 84:             $where .= " AND (valid_to >= NOW() OR valid_to = '0000-00-00' OR valid_to is NULL)";
 85: 
 86:             $maintenanceMode = getSystemProperty('maintenance', 'mode');
 87:             if ($maintenanceMode == 'enabled') {
 88:                 $where .= " AND perms = 'sysadmin'";
 89:             }
 90: 
 91:             $userColl->select($where);
 92: 
 93:             while (($item = $userColl->next()) !== false) {
 94:                 $uid = $item->get('user_id');
 95:                 $perm = $item->get('perms');
 96:                 $pass = $item->get('password'); // Password is stored as a sha256 hash
 97:                 $salt = $item->get('salt');
 98:             }
 99:         }
100: 
101:         if ($uid == false || hash("sha256", md5($password) . $salt) != $pass) {
102:             sleep(5);
103: 
104:             return false;
105:         }
106: 
107:         if ($perm != '') {
108:             $groupPerm[] = $perm;
109:         }
110: 
111:         $groupColl = new cApiGroupCollection();
112:         $groups = $groupColl->fetchByUserID($uid);
113:         foreach ($groups as $group) {
114:             $groupPerm[] = $group->get('perms');
115:         }
116: 
117:         $perm = implode(',', $groupPerm);
118: 
119:         $this->auth['perm'] = $perm;
120: 
121:         return $uid;
122:     }
123: 
124:     public function logSuccessfulAuth() {
125:         return;
126:     }
127: 
128: }
129:
CMS CONTENIDO 4.9.2 API documentation generated by ApiGen 2.8.0