1: <?php
2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14:
15:
16: defined('CON_FRAMEWORK') || die('Illegal call: Missing framework initialization - request aborted.');
17:
18: 19: 20: 21: 22: 23:
24: class cAuthHandlerFrontend extends cAuthHandlerAbstract {
25: protected $_defaultNobody = true;
26:
27: public function __construct() {
28: $cfg = cRegistry::getConfig();
29: $this->_lifetime = (int)$cfg['frontend']['timeout'];
30:
31: if ($this->_lifetime == 0) {
32: $this->_lifetime = 15;
33: }
34: }
35:
36: public function preAuthorize() {
37: $password = $_POST['password'];
38:
39: if ($password == '') {
40:
41: $this->auth['uname'] = $this->auth['uid'] = self::AUTH_UID_NOBODY;
42:
43: return false;
44: }
45:
46: return $this->validateCredentials();
47: }
48:
49: public function displayLoginForm() {
50: include(cRegistry::getFrontendPath() . 'front_crcloginform.inc.php');
51: }
52:
53: public function validateCredentials() {
54: $username = $_POST['username'];
55: $password = $_POST['password'];
56:
57: $groupPerm = array();
58:
59: if (isset($username)) {
60: $this->auth['uname'] = $username;
61: } elseif ($this->_defaultNobody == true) {
62: $uid = $this->auth['uname'] = $this->auth['uid'] = self::AUTH_UID_NOBODY;
63:
64: return $uid;
65: }
66:
67: if ($password == '') {
68: return false;
69: }
70:
71: $uid = false;
72: $perm = false;
73: $pass = false;
74: $salt = false;
75:
76: $client = cRegistry::getClientId();
77:
78: $frontendUserColl = new cApiFrontendUserCollection();
79: $where = "username = '" . $username . "' AND idclient='" . $client . "' AND active=1";
80: $frontendUserColl->select($where);
81:
82: while (($item = $frontendUserColl->next()) !== false) {
83: $uid = $item->get('idfrontenduser');
84: $perm = 'frontend';
85: $pass = $item->get('password');
86: $salt = $item->get('salt');
87: }
88:
89: if ($uid == false) {
90: $userColl = new cApiUserCollection();
91: $where = "username = '" . $username . "'";
92: $where .= " AND (valid_from <= NOW() OR valid_from = '0000-00-00 00:00:00' OR valid_from is NULL)";
93: $where .= " AND (valid_to >= NOW() OR valid_to = '0000-00-00 00:00:00' OR valid_to is NULL)";
94:
95: $maintenanceMode = getSystemProperty('maintenance', 'mode');
96: if ($maintenanceMode == 'enabled') {
97: $where .= " AND perms = 'sysadmin'";
98: }
99:
100: $userColl->select($where);
101:
102: while (($item = $userColl->next()) !== false) {
103: $uid = $item->get('user_id');
104: $perm = $item->get('perms');
105: $pass = $item->get('password');
106: $salt = $item->get('salt');
107: }
108: }
109:
110: if ($uid == false || hash("sha256", md5($password) . $salt) != $pass) {
111: sleep(5);
112:
113: return false;
114: }
115:
116: if ($perm != '') {
117: $groupPerm[] = $perm;
118: }
119:
120: $groupColl = new cApiGroupCollection();
121: $groups = $groupColl->fetchByUserID($uid);
122: foreach ($groups as $group) {
123: $groupPerm[] = $group->get('perms');
124: }
125:
126: $perm = implode(',', $groupPerm);
127:
128: $this->auth['perm'] = $perm;
129:
130: return $uid;
131: }
132:
133: public function logSuccessfulAuth() {
134: return;
135: }
136:
137:
138: public function isLoggedIn() {
139: $authInfo = $this->getAuthInfo();
140:
141: if(isset($authInfo['uid'])) {
142: $user = new cApiUser($authInfo['uid']);
143: $frontendUser = new cApiFrontendUser($authInfo['uid']);
144:
145: return $user->get('user_id') != '' || $frontendUser->get('idfrontenduser') != '';
146: } else {
147: return false;
148: }
149: }
150: }
151: