| [ Index ] |
|
Code source de Dolibarr 2.0.1 |
1 <?php 2 /* vim: set expandtab tabstop=4 shiftwidth=4: */ 3 // +----------------------------------------------------------------------+ 4 // | PHP Version 4 | 5 // +----------------------------------------------------------------------+ 6 // | Copyright (c) 1997-2003 The PHP Group | 7 // +----------------------------------------------------------------------+ 8 // | This source file is subject to version 2.02 of the PHP license, | 9 // | that is bundled with this package in the file LICENSE, and is | 10 // | available at through the world-wide-web at | 11 // | http://www.php.net/license/2_02.txt. | 12 // | If you did not receive a copy of the PHP license and are unable to | 13 // | obtain it through the world-wide-web, please send a note to | 14 // | license@php.net so we can mail you a copy immediately. | 15 // +----------------------------------------------------------------------+ 16 // | Authors: Martin Jansen <mj@php.net> | 17 // +----------------------------------------------------------------------+ 18 // 19 // $Id: Auth.php,v 1.4 2005/09/04 19:10:18 eldy Exp $ 20 // 21 require_once DOL_DOCUMENT_ROOT."/includes/pear/PEAR.php"; 22 //require_once "PEAR.php"; 23 24 define("AUTH_IDLED", -1); 25 define("AUTH_EXPIRED", -2); 26 define("AUTH_WRONG_LOGIN", -3); 27 28 /** 29 * PEAR::Auth 30 * 31 * The PEAR::Auth class provides methods for creating an 32 * authentication system using PHP. 33 * 34 * @author Martin Jansen <mj@php.net> 35 * @package Auth 36 * @version $Revision: 1.4 $ 37 */ 38 class DOLIAuth { 39 40 /** 41 * Auth lifetime in seconds 42 * 43 * If this variable is set to 0, auth never expires 44 * 45 * @var integer 46 * @see setExpire(), checkAuth() 47 */ 48 var $expire = 0; 49 50 /** 51 * Has the auth session expired? 52 * 53 * @var bool 54 * @see checkAuth(), drawLogin() 55 */ 56 var $expired = false; 57 58 /** 59 * Maximum time of idleness in seconds 60 * 61 * The difference to $expire is, that the idletime gets 62 * refreshed each time, checkAuth() is called. If this 63 * variable is set to 0, idle time is never checked. 64 * 65 * @var integer 66 * @see setIdle(), checkAuth() 67 */ 68 var $idle = 0; 69 70 /** 71 * Is the maximum idletime over? 72 * 73 * @var boolean 74 * @see checkAuth(), drawLogin(); 75 */ 76 var $idled = false; 77 78 /** 79 * Storage object 80 * 81 * @var object 82 * @see Auth(), validateLogin() 83 */ 84 var $storage = ""; 85 86 /** 87 * function defined by the user, that creates the login screen 88 * 89 * @var string 90 */ 91 var $loginfunction = ""; 92 93 /** 94 * Should the login form be displayed? 95 * 96 * @var bool 97 * @see setShowlogin() 98 */ 99 var $showLogin = true; 100 101 /** 102 * Current authentication status 103 * 104 * @var string 105 */ 106 var $status = ""; 107 108 /** 109 * Username 110 * 111 * @var string 112 */ 113 var $username = ""; 114 115 /** 116 * Password 117 * 118 * @var string 119 */ 120 var $password = ""; 121 122 /** 123 * Login callback function name 124 * 125 * @var string 126 * @see setLoginCallback() 127 */ 128 var $loginCallback = ""; 129 130 /** 131 * Logout callback function name 132 * 133 * @var string 134 * @see setLogoutCallback() 135 */ 136 var $logoutCallback = ""; 137 138 // {{{ Constructor 139 140 /** 141 * Constructor 142 * 143 * Set up the storage driver. 144 * 145 * @param string Type of the storage driver 146 * @param mixed Additional options for the storage driver 147 * (example: if you are using DB as the storage 148 * driver, you have to pass the dsn string here) 149 * 150 * @param string Name of the function that creates the login form 151 * @param boolean Should the login form be displayed if neccessary? 152 * @return void 153 */ 154 function DOLIAuth($storageDriver, $options = "", $loginfunction = "", $showLogin = true) 155 { 156 if ($loginfunction != "" && function_exists($loginfunction)) { 157 $this->loginfunction = $loginfunction; 158 } 159 160 if (is_bool($showLogin)) { 161 $this->showLogin = $showLogin; 162 } 163 164 if (is_object($storageDriver)) { 165 $this->storage =& $storageDriver; 166 } 167 else{ 168 $this->storage = $this->_factory($storageDriver, $options); 169 } 170 } 171 172 // }}} 173 // {{{ _factory() 174 175 /** 176 * Return a storage driver based on $driver and $options 177 * 178 * @access private 179 * @static 180 * @param string $driver Type of storage class to return 181 * @param string $options Optional parameters for the storage class 182 * @return object Object Storage object 183 */ 184 function _factory($driver, $options = "") 185 { 186 $storage_path = "Auth/Container/" . $driver . ".php"; 187 $storage_class = "Auth_Container_" . $driver; 188 189 require_once DOL_DOCUMENT_ROOT."/includes/pear/".$storage_path; 190 191 return new $storage_class($options); 192 } 193 194 // }}} 195 // {{{ assignData() 196 197 /** 198 * Assign data from login form to internal values 199 * 200 * This function takes the values for username and password 201 * from $HTTP_POST_VARS and assigns them to internal variables. 202 * If you wish to use another source apart from $HTTP_POST_VARS, 203 * you have to derive this function. 204 * 205 * @access private 206 * @global $HTTP_POST_VARS 207 * @see Auth 208 * @return void 209 */ 210 function assignData() 211 { 212 $post = &$this->_importGlobalVariable("post"); 213 214 if (isset($post['username']) && $post['username'] != "") { 215 $this->username = (get_magic_quotes_gpc() == 1 ? stripslashes($post['username']) : $post['username']); 216 } 217 218 if (isset($post['password']) && $post['password'] != "") { 219 $this->password = (get_magic_quotes_gpc() == 1 ? stripslashes($post['password']) : $post['password'] ); 220 } 221 222 } 223 224 // }}} 225 // {{{ start() 226 227 /** 228 * Start new auth session 229 * 230 * @access public 231 * @return void 232 */ 233 function start() 234 { 235 $this->assignData(); 236 237 session_start(); 238 239 if (!$this->checkAuth()) { 240 $this->login(); 241 } 242 } 243 244 // }}} 245 // {{{ login() 246 247 /** 248 * Login function 249 * 250 * @access private 251 * @return void 252 */ 253 function login() 254 { 255 $login_ok = false; 256 257 /** 258 * When the user has already entered a username, 259 * we have to validate it. 260 */ 261 if (!empty($this->username)) { 262 if (true === $this->storage->fetchData($this->username, $this->password)) { 263 $login_ok = true; 264 } 265 } 266 267 if (!empty($this->username) && $login_ok) { 268 $this->setAuth($this->username); 269 if (!empty($this->loginCallback)) { 270 call_user_func($this->loginCallback,$this->username); 271 } 272 } 273 274 /** 275 * If the login failed or the user entered no username, 276 * output the login screen again. 277 */ 278 if (!empty($this->username) && !$login_ok) { 279 $this->status = AUTH_WRONG_LOGIN; 280 } 281 282 if ((empty($this->username) || !$login_ok) && $this->showLogin) { 283 $this->drawLogin($this->storage->activeUser); 284 return; 285 } 286 } 287 288 // }}} 289 // {{{ setExpire() 290 291 /** 292 * Set the maximum expire time 293 * 294 * @access public 295 * @param integer time in seconds 296 * @param bool add time to current expire time or not 297 * @return void 298 */ 299 function setExpire($time, $add = false) 300 { 301 if ($add) { 302 $this->expire += $time; 303 } else { 304 $this->expire = $time; 305 } 306 } 307 308 // }}} 309 // {{{ setIdle() 310 311 /** 312 * Set the maximum idle time 313 * 314 * @access public 315 * @param integer time in seconds 316 * @param bool add time to current maximum idle time or not 317 * @return void 318 */ 319 function setIdle($time, $add = false) 320 { 321 if ($add) { 322 $this->idle += $time; 323 } else { 324 $this->idle = $time; 325 } 326 } 327 328 // }}} 329 // {{{ setSessionname() 330 331 /** 332 * Set name of the session to a customized value. 333 * 334 * If you are using multiple instances of PEAR::Auth 335 * on the same domain, you can change the name of 336 * session per application via this function. 337 * 338 * @access public 339 * @param string New name for the session 340 * @return void 341 */ 342 function setSessionname($name = "PHPSESSID") 343 { 344 @session_name($name); 345 } 346 347 // }}} 348 // {{{ setShowLogin() 349 350 /** 351 * Should the login form be displayed if neccessary? 352 * 353 * @access public 354 * @param bool show login form or not 355 * @return void 356 */ 357 function setShowLogin($showLogin = true) 358 { 359 $this->showLogin = $showLogin; 360 } 361 362 /** 363 * Register a callback function to be called on user login. 364 * The function will receive a single parameter, the username. 365 * 366 * @access public 367 * @param string callback function name 368 * @return void 369 * @see setLogoutCallback() 370 */ 371 function setLoginCallback($loginCallback) 372 { 373 $this->loginCallback = $loginCallback; 374 } 375 376 /** 377 * Register a callback function to be called on user logout. 378 * The function will receive a single parameter, the username. 379 * 380 * @access public 381 * @param string callback function name 382 * @return void 383 * @see setLoginCallback() 384 */ 385 function setLogoutCallback($logoutCallback) 386 { 387 $this->logoutCallback = $logoutCallback; 388 } 389 390 // }}} 391 // {{{ setAuthData() 392 393 /** 394 * Register additional information that is to be stored 395 * in the session. 396 * 397 * @access public 398 * @param string Name of the data field 399 * @param mixed Value of the data field 400 * @param boolean Should existing data be overwritten? (default 401 * is true) 402 * @return void 403 */ 404 function setAuthData($name, $value, $overwrite = true) 405 { 406 $session = &DOLIAuth::_importGlobalVariable("session"); 407 408 if (!empty($session['auth']['data'][$name]) && $overwrite == false) { 409 return; 410 } 411 $session['auth']['data'][$name] = $value; 412 } 413 414 // }}} 415 // {{{ getAuthData() 416 417 /** 418 * Get additional information that is stored in the session. 419 * 420 * If no value for the first parameter is passed, the method will 421 * return all data that is currently stored. 422 * 423 * @access public 424 * @param string Name of the data field 425 * @return mixed Value of the data field. 426 */ 427 function getAuthData($name = null) 428 { 429 $session = &DOLIAuth::_importGlobalVariable("session"); 430 431 if (is_null($name)) { 432 return $session['auth']['data']; 433 } 434 if (isset($session['auth']['data'][$name])) { 435 return $session['auth']['data'][$name]; 436 } else { 437 return null; 438 } 439 } 440 441 // }}} 442 // {{{ setAuth() 443 444 /** 445 * Register variable in a session telling that the user 446 * has logged in successfully 447 * 448 * @access public 449 * @param string Username 450 * @return void 451 */ 452 function setAuth($username) 453 { 454 $session = &DOLIAuth::_importGlobalVariable("session"); 455 456 if (!isset($session['auth']) && !isset($_SESSION)) { 457 session_register("auth"); 458 } 459 460 if (!isset($session['auth']) || !is_array($session['auth'])) { 461 $session['auth'] = array(); 462 } 463 464 if(!isset($session['auth']['data'])){ 465 $session['auth']['data'] = array(); 466 } 467 $session['auth']['registered'] = true; 468 $session['auth']['username'] = $username; 469 $session['auth']['timestamp'] = time(); 470 $session['auth']['idle'] = time(); 471 } 472 473 // }}} 474 // {{{ checkAuth() 475 476 /** 477 * Checks if there is a session with valid auth information. 478 * 479 * @access private 480 * @return boolean Whether or not the user is authenticated. 481 */ 482 function checkAuth() 483 { 484 $session = &$this->_importGlobalVariable("session"); 485 486 if (isset($session['auth'])) { 487 /** Check if authentication session is expired */ 488 if ($this->expire > 0 && 489 isset($session['auth']['timestamp']) && 490 ($session['auth']['timestamp'] + $this->expire) < time()) { 491 492 $this->logout(); 493 $this->expired = true; 494 $this->status = AUTH_EXPIRED; 495 496 return false; 497 } 498 499 /** Check if maximum idle time is reached */ 500 if ($this->idle > 0 && 501 isset($session['auth']['idle']) && 502 ($session['auth']['idle'] + $this->idle) < time()) { 503 504 $this->logout(); 505 $this->idled = true; 506 $this->status = AUTH_IDLED; 507 508 return false; 509 } 510 511 if (isset($session['auth']['registered']) && 512 isset($session['auth']['username']) && 513 $session['auth']['registered'] == true && 514 $session['auth']['username'] != "") { 515 516 DOLIAuth::updateIdle(); 517 518 return true; 519 } 520 } 521 522 return false; 523 } 524 525 // }}} 526 // {{{ getAuth() 527 528 /** 529 * Has the user been authenticated? 530 * 531 * @access public 532 * @return bool True if the user is logged in, otherwise false. 533 */ 534 function getAuth() 535 { 536 $session = &$this->_importGlobalVariable("session"); 537 538 if (!empty($session) && 539 (isset($session['auth']['registered']) && 540 $session['auth']['registered'] === true)) 541 { 542 return true; 543 } else { 544 return false; 545 } 546 } 547 548 // }}} 549 // {{{ drawLogin() 550 551 /** 552 * Draw the login form 553 * 554 * Normally you will not use this output in your application, 555 * because you can pass a different function name to the 556 * constructor. For more information on this, please 557 * consult the documentation. 558 * 559 * @access private 560 * @param string Username if already entered 561 * @return void 562 */ 563 function drawLogin($username = "") 564 { 565 if ($this->loginfunction != "") { 566 call_user_func($this->loginfunction, $username, $this->status); 567 } else { 568 $server = &$this->_importGlobalVariable("server"); 569 570 echo "<center>\n"; 571 572 if (!empty($this->status) && $this->status == AUTH_EXPIRED) { 573 echo "<i>Your session expired. Please login again!</i>\n"; 574 } else if (!empty($this->status) && $this->status == AUTH_IDLED) { 575 echo "<i>You have been idle for too long. Please login again!</i>\n"; 576 } else if (!empty ($this->status) && $this->status == AUTH_WRONG_LOGIN) { 577 echo "<i>Wrong login data!</i>\n"; 578 } 579 580 DOLIPEAR::raiseError("You are using the built-in login screen of PEAR::Auth.<br/>See the <a href=\"http://pear.php.net/manual/\">manual</a> for details on how to create your own login function.", null); 581 582 echo "<form method=\"post\" action=\"" . $server['PHP_SELF'] . "\">\n"; 583 echo "<table border=\"0\" cellpadding=\"2\" cellspacing=\"0\">\n"; 584 echo "<tr>\n"; 585 echo " <td colspan=\"2\" bgcolor=\"#eeeeee\"><b>Login:</b></td>\n"; 586 echo "</tr>\n"; 587 echo "<tr>\n"; 588 echo " <td>Username:</td>\n"; 589 echo " <td><input type=\"text\" name=\"username\" value=\"" . $username . "\"></td>\n"; 590 echo "</tr>\n"; 591 echo "<tr>\n"; 592 echo " <td>Password:</td>\n"; 593 echo " <td><input type=\"password\" name=\"password\"></td>\n"; 594 echo "</tr>\n"; 595 echo "<tr>\n"; 596 echo " <td colspan=\"2\" bgcolor=\"#eeeeee\"><input type=\"submit\"></td>\n"; 597 echo "</tr>\n"; 598 echo "</table>\n"; 599 echo "</form>\n"; 600 echo "</center>\n\n"; 601 } 602 } 603 604 // }}} 605 // {{{ logout() 606 607 /** 608 * Logout function 609 * 610 * This function clears any auth tokens in the currently 611 * active session and executes the logout callback function, 612 * if any 613 * 614 * @access public 615 * @return void 616 */ 617 function logout() 618 { 619 $session = &$this->_importGlobalVariable("session"); 620 621 if (!empty($this->logoutCallback)) { 622 call_user_func($this->logoutCallback, $session['auth']['username']); 623 } 624 625 $this->username = ""; 626 $this->password = ""; 627 628 $session['auth'] = array(); 629 if (isset($_SESSION)) { 630 unset($session['auth']); 631 } else { 632 session_unregister("auth"); 633 } 634 } 635 636 // }}} 637 // {{{ updateIdle() 638 639 /** 640 * Update the idletime 641 * 642 * @access private 643 * @return void 644 */ 645 function updateIdle() 646 { 647 $session = &$this->_importGlobalVariable("session"); 648 $session['auth']['idle'] = time(); 649 } 650 651 // }}} 652 // {{{ getUsername() 653 654 /** 655 * Get the username 656 * 657 * @access public 658 * @return string 659 */ 660 function getUsername() 661 { 662 $session = &$this->_importGlobalVariable("session"); 663 if (!isset($session['auth']['username'])) { 664 return ""; 665 } 666 return $session['auth']['username']; 667 } 668 669 // }}} 670 // {{{ getStatus() 671 672 /** 673 * Get the current status 674 * 675 * @access public 676 * @return string 677 */ 678 function getStatus() 679 { 680 return $this->status; 681 } 682 683 // }}} 684 // {{{ sessionValidThru() 685 686 /** 687 * Returns the time up to the session is valid 688 * 689 * @access public 690 * @return integer 691 */ 692 function sessionValidThru() 693 { 694 $session = &$this->_importGlobalVariable("session"); 695 if (!isset($session['auth']['idle'])) { 696 return 0; 697 } 698 return ($session['auth']['idle'] + $this->idle); 699 } 700 701 // }}} 702 // {{{ listUsers() 703 704 /** 705 * List all users that are currently available in the storage 706 * container 707 * 708 * @access public 709 * @return array 710 */ 711 function listUsers() 712 { 713 return $this->storage->listUsers(); 714 } 715 716 // }}} 717 // {{{ addUser() 718 719 /** 720 * Add user to the storage container 721 * 722 * @access public 723 * @param string Username 724 * @param string Password 725 * @param mixed Additional parameters 726 * @return mixed True on success, PEAR error object on error 727 * and AUTH_METHOD_NOT_SUPPORTED otherwise. 728 */ 729 function addUser($username, $password, $additional = "") 730 { 731 return $this->storage->addUser($username, $password, $additional); 732 } 733 734 // }}} 735 // {{{ removeUser() 736 737 /** 738 * Remove user from the storage container 739 * 740 * @access public 741 * @param string Username 742 * @return mixed True on success, PEAR error object on error 743 * and AUTH_METHOD_NOT_SUPPORTED otherwise. 744 */ 745 function removeUser($username) 746 { 747 return $this->storage->removeUser($username); 748 } 749 750 // }}} 751 // {{{ _importGlobalVariable() 752 753 /** 754 * Import variables from special namespaces. 755 * 756 * @access private 757 * @param string Type of variable (server, session, post) 758 * @return array 759 */ 760 function &_importGlobalVariable($variable) 761 { 762 $var = null; 763 764 switch (strtolower($variable)) { 765 766 case "server" : 767 if (isset($_SERVER)) { 768 $var = &$_SERVER; 769 } else { 770 $var = &$GLOBALS['HTTP_SERVER_VARS']; 771 } 772 break; 773 774 case "session" : 775 if (isset($_SESSION)) { 776 $var = &$_SESSION; 777 } else { 778 $var = &$GLOBALS['HTTP_SESSION_VARS']; 779 } 780 break; 781 782 case "post" : 783 if (isset($_POST)) { 784 $var = &$_POST; 785 } else { 786 $var = &$GLOBALS['HTTP_POST_VARS']; 787 } 788 break; 789 790 case "cookie" : 791 if (isset($_COOKIE)) { 792 $var = &$_COOKIE; 793 } else { 794 $var = &$GLOBALS['HTTP_COOKIE_VARS']; 795 } 796 break; 797 798 case "get" : 799 if (isset($_GET)) { 800 $var = &$_GET; 801 } else { 802 $var = &$GLOBALS['HTTP_GET_VARS']; 803 } 804 break; 805 806 default: 807 break; 808 809 } 810 811 return $var; 812 } 813 814 // }}} 815 } 816 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Mon Nov 26 12:29:37 2007 | par Balluche grâce à PHPXref 0.7 |
|
|