1: <?php
2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14:
15:
16: defined('CON_FRAMEWORK') || die('Illegal call: Missing framework initialization - request aborted.');
17:
18: 19: 20: 21: 22: 23:
24: class cAuthHandlerFrontend extends cAuthHandlerAbstract {
25: protected $_defaultNobody = true;
26:
27: public function preAuthorize() {
28: $password = $_POST['password'];
29:
30: if ($password == '') {
31:
32: $this->auth['uname'] = $this->auth['uid'] = self::AUTH_UID_NOBODY;
33:
34: return false;
35: }
36:
37: return $this->validateCredentials();
38: }
39:
40: public function displayLoginForm() {
41: include(cRegistry::getFrontendPath() . 'front_crcloginform.inc.php');
42: }
43:
44: public function validateCredentials() {
45: $username = $_POST['username'];
46: $password = $_POST['password'];
47:
48: $groupPerm = array();
49:
50: if (isset($username)) {
51: $this->auth['uname'] = $username;
52: } elseif ($this->_defaultNobody == true) {
53: $uid = $this->auth['uname'] = $this->auth['uid'] = self::AUTH_UID_NOBODY;
54:
55: return $uid;
56: }
57:
58: if ($password == '') {
59: return false;
60: }
61:
62: $uid = false;
63: $perm = false;
64: $pass = false;
65: $salt = false;
66:
67: $client = cRegistry::getClientId();
68:
69: $frontendUserColl = new cApiFrontendUserCollection();
70: $where = "username = '" . $username . "' AND idclient='" . $client . "' AND active=1";
71: $frontendUserColl->select($where);
72:
73: while (($item = $frontendUserColl->next()) !== false) {
74: $uid = $item->get('idfrontenduser');
75: $perm = 'frontend';
76: $pass = $item->get('password');
77: $salt = $item->get('salt');
78: }
79:
80: if ($uid == false) {
81: $userColl = new cApiUserCollection();
82: $where = "username = '" . $username . "'";
83: $where .= " AND (valid_from <= NOW() OR valid_from = '0000-00-00' OR valid_from is NULL)";
84: $where .= " AND (valid_to >= NOW() OR valid_to = '0000-00-00' OR valid_to is NULL)";
85:
86: $maintenanceMode = getSystemProperty('maintenance', 'mode');
87: if ($maintenanceMode == 'enabled') {
88: $where .= " AND perms = 'sysadmin'";
89: }
90:
91: $userColl->select($where);
92:
93: while (($item = $userColl->next()) !== false) {
94: $uid = $item->get('user_id');
95: $perm = $item->get('perms');
96: $pass = $item->get('password');
97: $salt = $item->get('salt');
98: }
99: }
100:
101: if ($uid == false || hash("sha256", md5($password) . $salt) != $pass) {
102: sleep(5);
103:
104: return false;
105: }
106:
107: if ($perm != '') {
108: $groupPerm[] = $perm;
109: }
110:
111: $groupColl = new cApiGroupCollection();
112: $groups = $groupColl->fetchByUserID($uid);
113: foreach ($groups as $group) {
114: $groupPerm[] = $group->get('perms');
115: }
116:
117: $perm = implode(',', $groupPerm);
118:
119: $this->auth['perm'] = $perm;
120:
121: return $uid;
122: }
123:
124: public function logSuccessfulAuth() {
125: return;
126: }
127:
128: }
129: