| [ Index ] |
|
Code source de Plume CMS 1.2.2 |
1 <?php 2 /* -*- tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ 3 /* 4 # ***** BEGIN LICENSE BLOCK ***** 5 # This file is part of Plume CMS, a website management application. 6 # Copyright (C) 2001-2005 Loic d'Anterroches and contributors. 7 # 8 # Plume CMS is free software; you can redistribute it and/or modify 9 # it under the terms of the GNU General Public License as published by 10 # the Free Software Foundation; either version 2 of the License, or 11 # (at your option) any later version. 12 # 13 # Plume CMS is distributed in the hope that it will be useful, 14 # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 # GNU General Public License for more details. 17 # 18 # You should have received a copy of the GNU General Public License 19 # along with this program; if not, write to the Free Software 20 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 21 # 22 # ***** END LICENSE BLOCK ***** */ 23 24 /** 25 * Authentication levels. 26 */ 27 define('PX_AUTH_ROOT', 10); 28 define('PX_AUTH_ADMIN', 9); 29 define('PX_AUTH_ADVANCED', 5); 30 define('PX_AUTH_NORMAL', 1); 31 define('PX_AUTH_DISABLE', 0); 32 33 /** 34 * Authentication class. 35 * Manage the login of a user. 36 * 37 * Note: This class is only composed of static methods thus 38 * the "lib" in the filename. 39 */ 40 class auth 41 { 42 43 /** 44 * Check the authentification level and website. 45 * If the authentication is not ok, the user is sent to the login page 46 * If the authentication is ok, the configuration of the website is loaded, 47 * a cookie to remember the website is set and the execution continues. 48 * The check is only done on the $_SESSION data. 49 * 50 * @return void 51 * @param int Level of rights (PX_AUTH_NORMAL) 52 */ 53 function checkAuth($level=PX_AUTH_NORMAL) 54 { 55 if (isset($_GET['wid'])) { 56 $website = $_GET['wid']; 57 } elseif (isset($_SESSION['website_id'])) { 58 $website = $_SESSION['website_id']; 59 } elseif (isset($_COOKIE['website_id'])) { 60 $website = $_COOKIE['website_id']; 61 } else { 62 $website = 'default'; 63 } 64 if (empty($_SESSION['webs']) || empty($_SESSION['user_id'])) { 65 // No standard session anymore, get from cookie 66 if (!auth::getFromCookie()) 67 auth::goToLoginPage(); 68 } 69 if (!isset($_SESSION['webs'][$website]) or ($_SESSION['webs'][$website] < $level && $_SESSION['user_id'] != 1)) 70 auth::goToLoginPage(); 71 72 //Here the session is considered as valid. 73 if (!config::loadWebsite($website)) { 74 // problem loading the website configuration 75 auth::goToLoginPage(); 76 } 77 config::setContext('manager'); 78 setcookie('website_id', $website, time()+31536000); 79 } 80 81 /** 82 * Get the session from the cookie. 83 * 84 * @return bool success 85 */ 86 function getFromCookie() 87 { 88 if (!isset($_COOKIE['px_session'])) { 89 return false; 90 } 91 $check = substr($_COOKIE['px_session'], -32); 92 $session_data = substr($_COOKIE['px_session'], 0, strlen($_COOKIE['px_session'])-32); 93 if (md5($session_data.config::f('secret_key')) != $check) { 94 return false; 95 } 96 $session_data = base64_decode($session_data); 97 list($id, $login, $website, $name) = explode('|', $session_data, 4); 98 //logon the user 99 if (!auth::login($login, 'dummy', $website, false)) { 100 auth::logout(); 101 return false; 102 } 103 return true; 104 } 105 106 /** 107 * Logout a user 108 */ 109 function logout() 110 { 111 setcookie('px_session', '', time()-3600); 112 $_SESSION = array(); 113 $_SESSION['user_id'] = ''; 114 $_SESSION['webs'] = array(); 115 } 116 117 /** 118 * Check if a user as a given level for a website access. 119 * If no website given, get from the session, if not in the session, use 120 * 'default' as it is the id of the first website. 121 * 122 * @param int Right level (PX_AUTH_NORMAL) 123 * @param string Website id (false) 124 * @param object User ('') if none given, the current session user is tested 125 * @return bool Success 126 */ 127 function asLevel($level=PX_AUTH_NORMAL, $website=false, $user='') 128 { 129 if (false === $website) { 130 $website = (!empty($_SESSION['website_id'])) ? $_SESSION['website_id'] : 'default'; 131 } 132 if (empty($user)) { 133 if ($level == PX_AUTH_ROOT) 134 return ($_SESSION['user_id'] == 1); 135 136 if (!isset( $_SESSION['webs'][$website])) return false; 137 return ($_SESSION['webs'][$website] >= $level); 138 139 } else { 140 // direct check of a user 141 if ($user->f('user_id') > 0) { 142 $user->loadWebsites(); 143 } 144 if ($level == PX_AUTH_ROOT) 145 return ($user->f('user_id') == 1); 146 if (!isset( $user->webs[$website])) return false; 147 return ($user->webs[$website] >= $level); 148 149 } 150 } 151 152 /** 153 * Send a "Location:" header to redirect the user 154 * to the login page. Abort the script execution. 155 */ 156 function goToLoginPage() 157 { 158 header('Location: '.www::getCurrentFullUrl().'login.php'); 159 exit; 160 } 161 162 /** 163 * Log a user to the system. 164 * If the user has the rights to access the system 165 * user data are saved in the session. Some cookies are also set like the 166 * language, the website. To be used if the session timeout, so the user is 167 * sent back with the right language in the last website. 168 * 169 * The login scheme is: 170 * 171 * - check if login/password ok, if not return false 172 * - get the authorized websites if no websites return false 173 * - get the default website for the user, if not set to the first of the 174 * authorized websites and return true 175 * - check if the default website is in the list of authorized, if not, 176 * remove it from the user prefs and set the default as the first 177 * authorized website and return true. 178 * 179 * @see auth::asLevel() to check if the user as the right level afterwards 180 * 181 * @return bool success 182 * @param string Username 183 * @param string Password 184 * @param string Website id ('') 185 * @param bool Password check (true) 186 */ 187 function login($user, $pswd, $website='', $checkpass=true) 188 { 189 if (0 == strlen($user) || 0 == strlen($pswd)) return false; 190 if (preg_match('/[^A-Za-z0-9]/', $user)) return false; 191 $ok = false; 192 193 if ($checkpass == false or User::checkUser($user, $pswd)) { 194 $u = new User($user); //load user 195 if (!is_array($u->webs)) { 196 // no authorized web 197 return false; 198 } 199 if (strlen($website) > 0 && !isset($u->webs[$website])) { 200 // the one provided is not good, it can be a fake cookie 201 $website = ''; 202 } 203 if (strlen($website) == 0) { 204 $website = $u->getPref('default_website', '#all#'); 205 //default website for the user 206 if (strlen($website) > 0 && !isset($u->webs[$website])) { 207 // current default is not authorized! remove from prefs 208 $u->removePref('default_website','#all#'); 209 $website = ''; 210 } 211 } 212 if (strlen($website) == 0) { 213 // get a website for the user 214 $_tmp = array_keys($u->webs); 215 if (count($_tmp) == 0) { 216 return false; 217 } 218 $website = array_pop($_tmp); 219 } 220 $u->setWebsite($website); 221 //Only after the call of the synchronize function the 222 //user is effectively logged in the manager. 223 $u->synchronize(PX_USER_SYNCHRO_TO_SESSION); 224 $ok = true; 225 $session_data = $u->f('user_id').'|'.$u->f('user_username') 226 .'|'.$website.'|'.$u->f('user_realname'); 227 $check = md5(base64_encode($session_data).config::f('secret_key')); 228 $session_data = base64_encode($session_data); 229 setcookie('px_session', $session_data.$check, time()+1296000); 230 } 231 return $ok; 232 } 233 } 234 235 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Mon Nov 26 11:57:01 2007 | par Balluche grâce à PHPXref 0.7 |
|
|