Overview

Packages

  • CONTENIDO
  • Core
    • Authentication
    • Backend
    • Cache
    • CEC
    • Chain
    • ContentType
    • Database
    • Debug
    • Exception
    • Frontend
      • Search
      • URI
      • Util
    • GenericDB
      • Model
    • GUI
      • HTML
    • I18N
    • LayoutHandler
    • Log
    • Security
    • Session
    • Util
    • Validation
    • Versioning
    • XML
  • Module
    • ContentRssCreator
    • ContentSitemapHtml
    • ContentSitemapXml
    • ContentUserForum
    • NavigationTop
    • ScriptCookieDirective
  • mpAutoloaderClassMap
  • None
  • Plugin
    • ContentAllocation
    • CronjobOverview
    • FormAssistant
    • FrontendLogic
    • FrontendUsers
    • Linkchecker
    • ModRewrite
    • Newsletter
    • Repository
      • FrontendNavigation
      • KeywordDensity
    • SearchSolr
    • SmartyWrapper
    • UrlShortener
    • UserForum
    • Workflow
  • PluginManager
  • Setup
    • Form
    • GUI
    • Helper
      • Environment
      • Filesystem
      • MySQL
      • PHP
    • UpgradeJob

Classes

  • cAuth
  • cAuthHandlerAbstract
  • cAuthHandlerBackend
  • cAuthHandlerFrontend
  • Overview
  • Package
  • Class
  • Tree
  • Deprecated
  • Todo 
  1: <?php
  2: 
  3: /**
  4:  * This file contains the frontend authentication handler class.
  5:  *
  6:  * @package    Core
  7:  * @subpackage Authentication
  8:  * @author     Dominik Ziegler
  9:  * @copyright  four for business AG <www.4fb.de>
 10:  * @license    http://www.contenido.org/license/LIZENZ.txt
 11:  * @link       http://www.4fb.de
 12:  * @link       http://www.contenido.org
 13:  */
 14: 
 15: defined('CON_FRAMEWORK') || die('Illegal call: Missing framework initialization - request aborted.');
 16: 
 17: /**
 18:  * This class is the frontend authentication handler for CONTENIDO.
 19:  *
 20:  * @package    Core
 21:  * @subpackage Authentication
 22:  */
 23: class cAuthHandlerFrontend extends cAuthHandlerAbstract {
 24: 
 25:     /**
 26:      *
 27:      * @var bool
 28:      */
 29:     protected $_defaultNobody = true;
 30: 
 31:     /**
 32:      * Constructor of the backend auth handler.
 33:      * Automatically sets the lifetime of the authentication to the configured
 34:      * value.
 35:      */
 36:     public function __construct() {
 37:         $cfg = cRegistry::getConfig();
 38:         $this->_lifetime = (int) $cfg['frontend']['timeout'];
 39:         if ($this->_lifetime == 0) {
 40:             $this->_lifetime = 15;
 41:         }
 42:     }
 43: 
 44:     /**
 45:      * Handle the pre authorization.
 46:      * Returns a valid user ID to be set before the login form is handled,
 47:      * otherwise false.
 48:      *
 49:      * @see cAuthHandlerAbstract::preAuthorize()
 50:      * @return string|false
 51:      */
 52:     public function preAuthorize() {
 53:         $password = $_POST['password'];
 54: 
 55:         if ($password == '') {
 56:             // Stay as nobody when an empty password is passed
 57:             $this->auth['uname'] = $this->auth['uid'] = self::AUTH_UID_NOBODY;
 58: 
 59:             return false;
 60:         }
 61: 
 62:         return $this->validateCredentials();
 63:     }
 64: 
 65:     /**
 66:      * Display the login form.
 67:      * Includes a file which displays the login form.
 68:      *
 69:      * @see cAuthHandlerAbstract::displayLoginForm()
 70:      */
 71:     public function displayLoginForm() {
 72:         include(cRegistry::getFrontendPath() . 'front_crcloginform.inc.php');
 73:     }
 74: 
 75:     /**
 76:      * Validate the credentials.
 77:      * Validate the users input against source and return a valid user ID or false.
 78:      *
 79:      * @see cAuthHandlerAbstract::validateCredentials()
 80:      * @return string|false
 81:      */
 82:     public function validateCredentials() {
 83:         $username = $_POST['username'];
 84:         $password = $_POST['password'];
 85: 
 86:         $groupPerm = array();
 87: 
 88:         if (isset($username)) {
 89:             $this->auth['uname'] = $username;
 90:         } elseif ($this->_defaultNobody == true) {
 91:             $uid = $this->auth['uname'] = $this->auth['uid'] = self::AUTH_UID_NOBODY;
 92: 
 93:             return $uid;
 94:         }
 95: 
 96:         if ($password == '') {
 97:             return false;
 98:         }
 99: 
100:         $uid = false;
101:         $perm = false;
102:         $pass = false;
103:         $salt = false;
104: 
105:         $client = cRegistry::getClientId();
106: 
107:         $frontendUserColl = new cApiFrontendUserCollection();
108:         $where = "username = '" . $username . "' AND idclient='" . $client . "' AND active=1";
109:         $frontendUserColl->select($where);
110: 
111:         while (($item = $frontendUserColl->next()) !== false) {
112:             $uid = $item->get('idfrontenduser');
113:             $perm = 'frontend';
114:             $pass = $item->get('password');
115:             $salt = $item->get('salt');
116:         }
117: 
118:         if ($uid == false) {
119:             $userColl = new cApiUserCollection();
120:             $where = "username = '" . $username . "'";
121:             $where .= " AND (valid_from <= NOW() OR valid_from = '0000-00-00 00:00:00' OR valid_from is NULL)";
122:             $where .= " AND (valid_to >= NOW() OR valid_to = '0000-00-00 00:00:00' OR valid_to is NULL)";
123: 
124:             $maintenanceMode = getSystemProperty('maintenance', 'mode');
125:             if ($maintenanceMode == 'enabled') {
126:                 $where .= " AND perms = 'sysadmin'";
127:             }
128: 
129:             $userColl->select($where);
130: 
131:             while (($item = $userColl->next()) !== false) {
132:                 $uid = $item->get('user_id');
133:                 $perm = $item->get('perms');
134:                 $pass = $item->get('password'); // Password is stored as a sha256 hash
135:                 $salt = $item->get('salt');
136:             }
137:         }
138: 
139:         if ($uid == false || hash("sha256", md5($password) . $salt) != $pass) {
140:             sleep(5);
141: 
142:             return false;
143:         }
144: 
145:         if ($perm != '') {
146:             $groupPerm[] = $perm;
147:         }
148: 
149:         $groupColl = new cApiGroupCollection();
150:         $groups = $groupColl->fetchByUserID($uid);
151:         foreach ($groups as $group) {
152:             $groupPerm[] = $group->get('perms');
153:         }
154: 
155:         $perm = implode(',', $groupPerm);
156: 
157:         $this->auth['perm'] = $perm;
158: 
159:         return $uid;
160:     }
161: 
162:     /**
163:      * Log the successful authentication.
164:      * Frontend logins won't be logged.
165:      *
166:      * @see cAuthHandlerAbstract::logSuccessfulAuth()
167:      */
168:     public function logSuccessfulAuth() {
169:         return;
170:     }
171: 
172:     /**
173:      * Returns true if a user is logged in.
174:      *
175:      * @see cAuthHandlerAbstract::isLoggedIn()
176:      * @return bool
177:      */
178:     public function isLoggedIn() {
179:         $authInfo = $this->getAuthInfo();
180: 
181:         if(isset($authInfo['uid'])) {
182:             $user = new cApiUser($authInfo['uid']);
183:             $frontendUser = new cApiFrontendUser($authInfo['uid']);
184: 
185:             return $user->get('user_id') != '' || $frontendUser->get('idfrontenduser') != '';
186:         } else {
187:             return false;
188:         }
189:     }
190: }
191:
CMS CONTENIDO 4.9.8 API documentation generated by ApiGen 2.8.0