Overview

Packages

  • Core
    • Authentication
    • Backend
    • Cache
    • CEC
    • Chain
    • ContentType
    • Database
    • Datatype
    • Debug
    • Exception
    • Frontend
      • Search
      • URI
      • Util
    • GenericDB
      • Model
    • GUI
      • HTML
    • I18N
    • LayoutHandler
    • Log
    • Security
    • Session
    • Util
    • Validation
    • Versioning
    • XML
  • Module
    • ContentSitemapHtml
    • ContentSitemapXml
    • ContentUserForum
    • NavigationTop
  • mpAutoloaderClassMap
  • None
  • Plugin
    • ContentAllocation
    • CronjobOverview
    • FormAssistant
    • FrontendLogic
    • FrontendUsers
    • Linkchecker
    • ModRewrite
    • Newsletter
    • Repository
      • FrontendNavigation
      • KeywordDensity
    • SearchSolr
    • SmartyWrapper
    • UrlShortener
    • UserForum
    • Workflow
  • PluginManager
  • Setup
    • Form
    • GUI
    • Helper
      • Environment
      • Filesystem
      • MySQL
      • PHP
    • UpgradeJob

Classes

  • cAuth
  • cAuthHandlerAbstract
  • cAuthHandlerBackend
  • cAuthHandlerFrontend
  • Overview
  • Package
  • Class
  • Tree
  • Deprecated
  • Todo 
  1: <?php
  2: /**
  3:  * This file contains the frontend authentication handler class.
  4:  *
  5:  * @package    Core
  6:  * @subpackage Authentication
  7:  * @version    SVN Revision $Rev:$
  8:  *
  9:  * @author     Dominik Ziegler
 10:  * @copyright  four for business AG <www.4fb.de>
 11:  * @license    http://www.contenido.org/license/LIZENZ.txt
 12:  * @link       http://www.4fb.de
 13:  * @link       http://www.contenido.org
 14:  */
 15: 
 16: defined('CON_FRAMEWORK') || die('Illegal call: Missing framework initialization - request aborted.');
 17: 
 18: /**
 19:  * This class contains the methods for the frontend authentication in CONTENIDO.
 20:  *
 21:  * @package    Core
 22:  * @subpackage Authentication
 23:  */
 24: class cAuthHandlerFrontend extends cAuthHandlerAbstract {
 25:     protected $_defaultNobody = true;
 26: 
 27:     public function __construct() {
 28:         $cfg = cRegistry::getConfig();
 29:         $this->_lifetime = (int)$cfg['frontend']['timeout'];
 30: 
 31:         if ($this->_lifetime == 0) {
 32:             $this->_lifetime = 15;
 33:         }
 34:     }
 35: 
 36:     public function preAuthorize() {
 37:         $password = $_POST['password'];
 38: 
 39:         if ($password == '') {
 40:             // Stay as nobody when an empty password is passed
 41:             $this->auth['uname'] = $this->auth['uid'] = self::AUTH_UID_NOBODY;
 42: 
 43:             return false;
 44:         }
 45: 
 46:         return $this->validateCredentials();
 47:     }
 48: 
 49:     public function displayLoginForm() {
 50:         include(cRegistry::getFrontendPath() . 'front_crcloginform.inc.php');
 51:     }
 52: 
 53:     public function validateCredentials() {
 54:         $username = $_POST['username'];
 55:         $password = $_POST['password'];
 56: 
 57:         $groupPerm = array();
 58: 
 59:         if (isset($username)) {
 60:             $this->auth['uname'] = $username;
 61:         } elseif ($this->_defaultNobody == true) {
 62:             $uid = $this->auth['uname'] = $this->auth['uid'] = self::AUTH_UID_NOBODY;
 63: 
 64:             return $uid;
 65:         }
 66: 
 67:         if ($password == '') {
 68:             return false;
 69:         }
 70: 
 71:         $uid = false;
 72:         $perm = false;
 73:         $pass = false;
 74:         $salt = false;
 75: 
 76:         $client = cRegistry::getClientId();
 77: 
 78:         $frontendUserColl = new cApiFrontendUserCollection();
 79:         $where = "username = '" . $username . "' AND idclient='" . $client . "' AND active=1";
 80:         $frontendUserColl->select($where);
 81: 
 82:         while (($item = $frontendUserColl->next()) !== false) {
 83:             $uid = $item->get('idfrontenduser');
 84:             $perm = 'frontend';
 85:             $pass = $item->get('password');
 86:             $salt = $item->get('salt');
 87:         }
 88: 
 89:         if ($uid == false) {
 90:             $userColl = new cApiUserCollection();
 91:             $where = "username = '" . $username . "'";
 92:             $where .= " AND (valid_from <= NOW() OR valid_from = '0000-00-00' OR valid_from is NULL)";
 93:             $where .= " AND (valid_to >= NOW() OR valid_to = '0000-00-00' OR valid_to is NULL)";
 94: 
 95:             $maintenanceMode = getSystemProperty('maintenance', 'mode');
 96:             if ($maintenanceMode == 'enabled') {
 97:                 $where .= " AND perms = 'sysadmin'";
 98:             }
 99: 
100:             $userColl->select($where);
101: 
102:             while (($item = $userColl->next()) !== false) {
103:                 $uid = $item->get('user_id');
104:                 $perm = $item->get('perms');
105:                 $pass = $item->get('password'); // Password is stored as a sha256 hash
106:                 $salt = $item->get('salt');
107:             }
108:         }
109: 
110:         if ($uid == false || hash("sha256", md5($password) . $salt) != $pass) {
111:             sleep(5);
112: 
113:             return false;
114:         }
115: 
116:         if ($perm != '') {
117:             $groupPerm[] = $perm;
118:         }
119: 
120:         $groupColl = new cApiGroupCollection();
121:         $groups = $groupColl->fetchByUserID($uid);
122:         foreach ($groups as $group) {
123:             $groupPerm[] = $group->get('perms');
124:         }
125: 
126:         $perm = implode(',', $groupPerm);
127: 
128:         $this->auth['perm'] = $perm;
129: 
130:         return $uid;
131:     }
132: 
133:     public function logSuccessfulAuth() {
134:         return;
135:     }
136: 
137: }
138:
CMS CONTENIDO 4.9.4 API documentation generated by ApiGen 2.8.0