1: <?php
2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14:
15:
16: defined('CON_FRAMEWORK') || die('Illegal call: Missing framework initialization - request aborted.');
17:
18: 19: 20: 21: 22: 23:
24: class cAuthHandlerBackend extends cAuthHandlerAbstract {
25:
26: 27: 28: 29: 30:
31: public function __construct() {
32: $cfg = cRegistry::getConfig();
33: $this->_lifetime = (int)$cfg['backend']['timeout'];
34:
35: if ($this->_lifetime == 0) {
36: $this->_lifetime = 15;
37: }
38: }
39:
40: public function preAuthorize() {
41:
42: return false;
43: }
44:
45: public function displayLoginForm() {
46:
47:
48: if (isset($_REQUEST['ajax']) && $_REQUEST['ajax'] != '') {
49: $oAjax = new cAjaxRequest();
50: $sReturn = $oAjax->handle('authentication_fail');
51: echo $sReturn;
52: } else {
53: include(cRegistry::getBackendPath() . 'main.loginform.php');
54: }
55: }
56:
57: public function validateCredentials() {
58: $username = $_POST['username'];
59: $password = $_POST['password'];
60: $formtimestamp = $_POST['formtimestamp'];
61:
62: $groupPerm = array();
63:
64: if ($password == '') {
65: return false;
66: }
67:
68: if (($formtimestamp + (60 * 15)) < time()) {
69: return false;
70: }
71:
72: if (isset($username)) {
73: $this->auth['uname'] = $username;
74: } else if ($this->_defaultNobody == true) {
75: $uid = $this->auth['uname'] = $this->auth['uid'] = self::AUTH_UID_NOBODY;
76:
77: return $uid;
78: }
79:
80: $uid = false;
81: $perm = false;
82: $pass = false;
83: $salt = false;
84:
85: $userColl = new cApiUserCollection();
86: $where = "username = '" . $username . "'";
87: $where .= " AND (valid_from <= NOW() OR valid_from = '0000-00-00 00:00:00' OR valid_from is NULL)";
88: $where .= " AND (valid_to >= NOW() OR valid_to = '0000-00-00 00:00:00' OR valid_to is NULL)";
89:
90: $maintenanceMode = getSystemProperty('maintenance', 'mode');
91: if ($maintenanceMode == 'enabled') {
92: $where .= " AND perms = 'sysadmin'";
93: }
94:
95: $userColl->select($where);
96:
97: while (($item = $userColl->next()) !== false) {
98: $uid = $item->get('user_id');
99: $perm = $item->get('perms');
100: $pass = $item->get('password');
101: $salt = $item->get("salt");
102: }
103:
104: if ($uid == false || hash("sha256", md5($password) . $salt) != $pass) {
105:
106: sleep(5);
107:
108: return false;
109: }
110:
111: if ($perm != '') {
112: $groupPerm[] = $perm;
113: }
114:
115: $groupColl = new cApiGroupCollection();
116: $groups = $groupColl->fetchByUserID($uid);
117: foreach ($groups as $group) {
118: $groupPerm[] = $group->get('perms');
119: }
120:
121: $perm = implode(',', $groupPerm);
122:
123: $this->auth['perm'] = $perm;
124:
125: return $uid;
126: }
127:
128: public function logSuccessfulAuth() {
129: global $client, $lang, $saveLoginTime;
130:
131: $perm = new cPermission();
132:
133:
134: $clientLangColl = new cApiClientLanguageCollection();
135: $clientLangColl->select();
136:
137: $bFound = false;
138: while ($bFound == false) {
139: if (($item = $clientLangColl->next()) === false) {
140: break;
141: }
142:
143: $iTmpClient = $item->get('idclient');
144: $iTmpLang = $item->get('idlang');
145:
146: if ($perm->have_perm_client_lang($iTmpClient, $iTmpLang)) {
147: $client = $iTmpClient;
148: $lang = $iTmpLang;
149: $bFound = true;
150: }
151: }
152:
153: if (!is_numeric($client) || !is_numeric($lang)) {
154: return;
155: }
156:
157: $idaction = $perm->getIDForAction('login');
158:
159: $authInfo = $this->getAuthInfo();
160: $uid = $authInfo['uid'];
161:
162:
163: $actionLogCol = new cApiActionlogCollection();
164: $actionLogCol->create($uid, $client, $lang, $idaction, 0);
165:
166: $sess = cRegistry::getSession();
167: $sess->register('saveLoginTime');
168: $saveLoginTime = true;
169: }
170:
171:
172: public function isLoggedIn() {
173: $authInfo = $this->getAuthInfo();
174:
175: if(isset($authInfo['uid'])) {
176: $user = new cApiUser($authInfo['uid']);
177:
178: return $user->get('user_id') != '';
179: } else {
180: return false;
181: }
182: }
183:
184: }
185: