Index: /temp/trunk/html/test/kakinaka/pear/Auth/Auth.php
===================================================================
--- /temp/trunk/html/test/kakinaka/pear/Auth/Auth.php (revision 10040)
+++ /temp/trunk/html/test/kakinaka/pear/Auth/Auth.php (revision 10040)
@@ -0,0 +1,1079 @@
+
+ * @author Adam Ashley
+ * @copyright 2001-2006 The PHP Group
+ * @license http://www.php.net/license/3_01.txt PHP License 3.01
+ * @version CVS: $Id$
+ * @link http://pear.php.net/package/Auth
+ */
+
+/**
+ * Returned if session exceeds idle time
+ */
+define('AUTH_IDLED', -1);
+/**
+ * Returned if session has expired
+ */
+define('AUTH_EXPIRED', -2);
+/**
+ * Returned if container is unable to authenticate user/password pair
+ */
+define('AUTH_WRONG_LOGIN', -3);
+/**
+ * Returned if a container method is not supported.
+ */
+define('AUTH_METHOD_NOT_SUPPORTED', -4);
+/**
+ * Returned if new Advanced security system detects a breach
+ */
+define('AUTH_SECURITY_BREACH', -5);
+
+/**
+ * PEAR::Auth
+ *
+ * The PEAR::Auth class provides methods for creating an
+ * authentication system using PHP.
+ *
+ * @category Authentication
+ * @package Auth
+ * @author Martin Jansen
+ * @author Adam Ashley
+ * @copyright 2001-2006 The PHP Group
+ * @license http://www.php.net/license/3_01.txt PHP License 3.01
+ * @version Release: 1.4.2 File: $Revision$
+ * @link http://pear.php.net/package/Auth
+ */
+class Auth {
+
+ // {{{ properties
+
+ /**
+ * Auth lifetime in seconds
+ *
+ * If this variable is set to 0, auth never expires
+ *
+ * @var integer
+ * @see setExpire(), checkAuth()
+ */
+ var $expire = 0;
+
+ /**
+ * Has the auth session expired?
+ *
+ * @var bool
+ * @see checkAuth()
+ */
+ var $expired = false;
+
+ /**
+ * Maximum idletime in seconds
+ *
+ * The difference to $expire is, that the idletime gets
+ * refreshed each time checkAuth() is called. If this
+ * variable is set to 0, idletime is never checked.
+ *
+ * @var integer
+ * @see setIdle(), checkAuth()
+ */
+ var $idle = 0;
+
+ /**
+ * Is the maximum idletime over?
+ *
+ * @var boolean
+ * @see checkAuth()
+ */
+ var $idled = false;
+
+ /**
+ * Storage object
+ *
+ * @var object
+ * @see Auth(), validateLogin()
+ */
+ var $storage = '';
+
+ /**
+ * User-defined function that creates the login screen
+ *
+ * @var string
+ */
+ var $loginFunction = '';
+
+ /**
+ * Should the login form be displayed
+ *
+ * @var bool
+ * @see setShowlogin()
+ */
+ var $showLogin = true;
+
+ /**
+ * Is Login Allowed from this page
+ *
+ * @var bool
+ * @see setAllowLogin
+ */
+ var $allowLogin = true;
+
+ /**
+ * Current authentication status
+ *
+ * @var string
+ */
+ var $status = '';
+
+ /**
+ * Username
+ *
+ * @var string
+ */
+ var $username = '';
+
+ /**
+ * Password
+ *
+ * @var string
+ */
+ var $password = '';
+
+ /**
+ * Login callback function name
+ *
+ * @var string
+ * @see setLoginCallback()
+ */
+ var $loginCallback = '';
+
+ /**
+ * Failed Login callback function name
+ *
+ * @var string
+ * @see setFailedLoginCallback()
+ */
+ var $loginFailedCallback = '';
+
+ /**
+ * Logout callback function name
+ *
+ * @var string
+ * @see setLogoutCallback()
+ */
+ var $logoutCallback = '';
+
+ /**
+ * Auth session-array name
+ *
+ * @var string
+ */
+ var $_sessionName = '_authsession';
+
+ /**
+ * Package Version
+ *
+ * @var string
+ */
+ var $version = "@version@";
+
+ /**
+ * Flag to use advanced security
+ * When set extra checks will be made to see if the
+ * user's IP or useragent have changed across requests.
+ * Turned off by default to preserve BC.
+ *
+ * @var boolean
+ */
+ var $advancedsecurity = false;
+
+ /**
+ * Username key in POST array
+ *
+ * @var string
+ */
+ var $_postUsername = 'username';
+
+ /**
+ * Password key in POST array
+ *
+ * @var string
+ */
+ var $_postPassword = 'password';
+
+ /**
+ * Holds a reference to the session auth variable
+ * @var array
+ */
+ var $session;
+
+ /**
+ * Holds a reference to the global server variable
+ * @var array
+ */
+ var $server;
+
+ /**
+ * Holds a reference to the global post variable
+ * @var array
+ */
+ var $post;
+
+ /**
+ * Holds a reference to the global cookie variable
+ * @var array
+ */
+ var $cookie;
+
+ /**
+ * A hash to hold various superglobals as reference
+ * @var array
+ */
+ var $authdata;
+
+ /**
+ * How many times has checkAuth been called
+ * var int
+ */
+ var $authChecks = 0;
+
+ // }}}
+ // {{{ Auth() [constructor]
+
+ /**
+ * Constructor
+ *
+ * Set up the storage driver.
+ *
+ * @param string Type of the storage driver
+ * @param mixed Additional options for the storage driver
+ * (example: if you are using DB as the storage
+ * driver, you have to pass the dsn string here)
+ *
+ * @param string Name of the function that creates the login form
+ * @param boolean Should the login form be displayed if neccessary?
+ * @return void
+ */
+ function Auth($storageDriver, $options = '', $loginFunction = '', $showLogin = true)
+ {
+ $this->applyAuthOptions($options);
+
+ // Start the session suppress error if already started
+ if(!session_id()){
+ @session_start();
+ if(!session_id()) {
+ // Throw error
+ include_once 'PEAR.php';
+ PEAR::throwError('Session could not be started by Auth, '
+ .'possibly headers are already sent, try putting '
+ .'ob_start in the beginning of your script');
+ }
+ }
+
+ // Make Sure Auth session variable is there
+ if(!isset($_SESSION[$this->_sessionName])) {
+ $_SESSION[$this->_sessionName] = array();
+ }
+
+ // Assign Some globals to internal references, this will replace _importGlobalVariable
+ $this->session =& $_SESSION[$this->_sessionName];
+ $this->server =& $_SERVER;
+ $this->post =& $_POST;
+ $this->cookie =& $_COOKIE;
+
+ if ($loginFunction != '' && is_callable($loginFunction)) {
+ $this->loginFunction = $loginFunction;
+ }
+
+ if (is_bool($showLogin)) {
+ $this->showLogin = $showLogin;
+ }
+
+ if (is_object($storageDriver)) {
+ $this->storage =& $storageDriver;
+ // Pass a reference to auth to the container, ugly but works
+ // this is used by the DB container to use method setAuthData not staticaly.
+ $this->storage->_auth_obj =& $this;
+ } else {
+ // $this->storage = $this->_factory($storageDriver, $options);
+ //
+ $this->storage_driver = $storageDriver;
+ $this->storage_options =& $options;
+ }
+ }
+
+ // }}}
+ // {{{ applyAuthOptions()
+
+ /**
+ * Set the Auth options
+ *
+ * Some options which are Auth specific will be applied
+ * the rest will be left for usage by the container
+ *
+ * @param array An array of Auth options
+ * @return array The options which were not applied
+ * @access private
+ */
+ function &applyAuthOptions(&$options)
+ {
+ if(is_array($options)){
+ if (!empty($options['sessionName'])) {
+ $this->_sessionName = $options['sessionName'];
+ unset($options['sessionName']);
+ }
+ if (isset($options['allowLogin'])) {
+ $this->allowLogin = $options['allowLogin'];
+ unset($options['allowLogin']);
+ }
+ if (!empty($options['postUsername'])) {
+ $this->_postUsername = $options['postUsername'];
+ unset($options['postUsername']);
+ }
+ if (!empty($options['postPassword'])) {
+ $this->_postPassword = $options['postPassword'];
+ unset($options['postPassword']);
+ }
+ if (isset($options['advancedsecurity'])) {
+ $this->advancedsecurity = $options['advancedsecurity'];
+ unset($options['advancedsecurity']);
+ }
+ }
+ return($options);
+ }
+
+ // }}}
+ // {{{ _loadStorage()
+
+ /**
+ * Load Storage Driver if not already loaded
+ *
+ * Suspend storage instantiation to make Auth lighter to use
+ * for calls which do not require login
+ *
+ * @return bool True if the conainer is loaded, false if the container
+ * is already loaded
+ * @access private
+ */
+ function _loadStorage()
+ {
+ if(!is_object($this->storage)) {
+ $this->storage =& $this->_factory($this->storage_driver,
+ $this->storage_options);
+ $this->storage->_auth_obj =& $this;
+ return(true);
+ }
+ return(false);
+ }
+
+ // }}}
+ // {{{ _factory()
+
+ /**
+ * Return a storage driver based on $driver and $options
+ *
+ * @static
+ * @param string $driver Type of storage class to return
+ * @param string $options Optional parameters for the storage class
+ * @return object Object Storage object
+ * @access private
+ */
+ function &_factory($driver, $options = '')
+ {
+ $storage_class = 'Auth_Container_' . $driver;
+ include_once 'Auth/Container/' . $driver . '.php';
+ $obj =& new $storage_class($options);
+ return $obj;
+ }
+
+ // }}}
+ // {{{ assignData()
+
+ /**
+ * Assign data from login form to internal values
+ *
+ * This function takes the values for username and password
+ * from $HTTP_POST_VARS/$_POST and assigns them to internal variables.
+ * If you wish to use another source apart from $HTTP_POST_VARS/$_POST,
+ * you have to derive this function.
+ *
+ * @global $HTTP_POST_VARS, $_POST
+ * @see Auth
+ * @return void
+ * @access private
+ */
+ function assignData()
+ {
+ if ( isset($this->post[$this->_postUsername])
+ && $this->post[$this->_postUsername] != '') {
+ $this->username = (get_magic_quotes_gpc() == 1
+ ? stripslashes($this->post[$this->_postUsername])
+ : $this->post[$this->_postUsername]);
+ }
+ if ( isset($this->post[$this->_postPassword])
+ && $this->post[$this->_postPassword] != '') {
+ $this->password = (get_magic_quotes_gpc() == 1
+ ? stripslashes($this->post[$this->_postPassword])
+ : $this->post[$this->_postPassword] );
+ }
+ }
+
+ // }}}
+ // {{{ start()
+
+ /**
+ * Start new auth session
+ *
+ * @return void
+ * @access public
+ */
+ function start()
+ {
+ $this->assignData();
+ if (!$this->checkAuth() && $this->allowLogin) {
+ $this->login();
+ }
+ }
+
+ // }}}
+ // {{{ login()
+
+ /**
+ * Login function
+ *
+ * @return void
+ * @access private
+ */
+ function login()
+ {
+ $login_ok = false;
+ $this->_loadStorage();
+
+ // Check if using challenge response
+ (isset($this->post['authsecret']) && $this->post['authsecret'] == 1)
+ ? $usingChap = true
+ : $usingChap = false;
+
+
+ // When the user has already entered a username, we have to validate it.
+ if (!empty($this->username)) {
+ if (true === $this->storage->fetchData($this->username, $this->password, $usingChap)) {
+ $this->session['challengekey'] = md5($this->username.$this->password);
+ $login_ok = true;
+ }
+ }
+
+ if (!empty($this->username) && $login_ok) {
+ $this->setAuth($this->username);
+ if (is_callable($this->loginCallback)) {
+ call_user_func_array($this->loginCallback, array($this->username, &$this));
+ }
+ }
+
+ // If the login failed or the user entered no username,
+ // output the login screen again.
+ if (!empty($this->username) && !$login_ok) {
+ $this->status = AUTH_WRONG_LOGIN;
+ if (is_callable($this->loginFailedCallback)) {
+ call_user_func_array($this->loginFailedCallback, array($this->username, &$this));
+ }
+ }
+
+ if ((empty($this->username) || !$login_ok) && $this->showLogin) {
+ if (is_callable($this->loginFunction)) {
+ call_user_func_array($this->loginFunction, array($this->username, $this->status, &$this));
+ } else {
+ // BC fix Auth used to use drawLogin for this
+ // call is sub classes implement this
+ if (is_callable(array($this, 'drawLogin'))) {
+ return $this->drawLogin($this->username, $this);
+ }
+
+ // New Login form
+ include_once 'Auth/Frontend/Html.php';
+ return Auth_Frontend_Html::render($this, $this->username);
+ }
+ } else {
+ return;
+ }
+ }
+
+ // }}}
+ // {{{ setExpire()
+
+ /**
+ * Set the maximum expire time
+ *
+ * @param integer time in seconds
+ * @param bool add time to current expire time or not
+ * @return void
+ * @access public
+ */
+ function setExpire($time, $add = false)
+ {
+ $add ? $this->expire += $time : $this->expire = $time;
+ }
+
+ // }}}
+ // {{{ setIdle()
+
+ /**
+ * Set the maximum idle time
+ *
+ * @param integer time in seconds
+ * @param bool add time to current maximum idle time or not
+ * @return void
+ * @access public
+ */
+ function setIdle($time, $add = false)
+ {
+ $add ? $this->idle += $time : $this->idle = $time;
+ }
+
+ // }}}
+ // {{{ setSessionName()
+
+ /**
+ * Set name of the session to a customized value.
+ *
+ * If you are using multiple instances of PEAR::Auth
+ * on the same domain, you can change the name of
+ * session per application via this function.
+ * This will chnage the name of the session variable
+ * auth uses to store it's data in the session
+ *
+ * @param string New name for the session
+ * @return void
+ * @access public
+ */
+ function setSessionName($name = 'session')
+ {
+ $this->_sessionName = '_auth_'.$name;
+ $this->session =& $_SESSION[$this->_sessionName];
+ }
+
+ // }}}
+ // {{{ setShowLogin()
+
+ /**
+ * Should the login form be displayed if neccessary?
+ *
+ * @param bool show login form or not
+ * @return void
+ * @access public
+ */
+ function setShowLogin($showLogin = true)
+ {
+ $this->showLogin = $showLogin;
+ }
+
+ // }}}
+ // {{{ setAllowLogin()
+
+ /**
+ * Should the login form be displayed if neccessary?
+ *
+ * @param bool show login form or not
+ * @return void
+ * @access public
+ */
+ function setAllowLogin($allowLogin = true)
+ {
+ $this->allowLogin = $allowLogin;
+ }
+
+ // }}}
+ // {{{ setLoginCallback()
+
+ /**
+ * Register a callback function to be called on user login.
+ * The function will receive two parameters, the username and a reference to the auth object.
+ *
+ * @param string callback function name
+ * @return void
+ * @see setLogoutCallback()
+ * @access public
+ */
+ function setLoginCallback($loginCallback)
+ {
+ $this->loginCallback = $loginCallback;
+ }
+
+ // }}}
+ // {{{ setFailedLoginCallback()
+
+ /**
+ * Register a callback function to be called on failed user login.
+ * The function will receive a single parameter, the username and a reference to the auth object.
+ *
+ * @param string callback function name
+ * @return void
+ * @access public
+ */
+ function setFailedLoginCallback($loginFailedCallback)
+ {
+ $this->loginFailedCallback = $loginFailedCallback;
+ }
+
+ // }}}
+ // {{{ setLogoutCallback()
+
+ /**
+ * Register a callback function to be called on user logout.
+ * The function will receive three parameters, the username and a reference to the auth object.
+ *
+ * @param string callback function name
+ * @return void
+ * @see setLoginCallback()
+ * @access public
+ */
+ function setLogoutCallback($logoutCallback)
+ {
+ $this->logoutCallback = $logoutCallback;
+ }
+
+ // }}}
+ // {{{ setAuthData()
+
+ /**
+ * Register additional information that is to be stored
+ * in the session.
+ *
+ * @param string Name of the data field
+ * @param mixed Value of the data field
+ * @param boolean Should existing data be overwritten? (default
+ * is true)
+ * @return void
+ * @access public
+ */
+ function setAuthData($name, $value, $overwrite = true)
+ {
+ if (!empty($this->session['data'][$name]) && $overwrite == false) {
+ return;
+ }
+ $this->session['data'][$name] = $value;
+ }
+
+ // }}}
+ // {{{ getAuthData()
+
+ /**
+ * Get additional information that is stored in the session.
+ *
+ * If no value for the first parameter is passed, the method will
+ * return all data that is currently stored.
+ *
+ * @param string Name of the data field
+ * @return mixed Value of the data field.
+ * @access public
+ */
+ function getAuthData($name = null)
+ {
+ if (!isset($this->session['data'])) {
+ return null;
+ }
+ if(!isset($name)) {
+ return $this->session['data'];
+ }
+ if (isset($name) && isset($this->session['data'][$name])) {
+ return $this->session['data'][$name];
+ }
+ return null;
+ }
+
+ // }}}
+ // {{{ setAuth()
+
+ /**
+ * Register variable in a session telling that the user
+ * has logged in successfully
+ *
+ * @param string Username
+ * @return void
+ * @access public
+ */
+ function setAuth($username)
+ {
+
+ // #2021 - Change the session id to avoid session fixation attacks php 4.3.3 >
+ session_regenerate_id(true);
+
+ if (!isset($this->session) || !is_array($this->session)) {
+ $this->session = array();
+ }
+
+ if (!isset($this->session['data'])) {
+ $this->session['data'] = array();
+ }
+
+ $this->session['sessionip'] = isset($this->server['REMOTE_ADDR'])
+ ? $this->server['REMOTE_ADDR']
+ : '';
+ $this->session['sessionuseragent'] = isset($this->server['HTTP_USER_AGENT'])
+ ? $this->server['HTTP_USER_AGENT']
+ : '';
+
+ // This should be set by the container to something more safe
+ // Like md5(passwd.microtime)
+ if(empty($this->session['challengekey'])) {
+ $this->session['challengekey'] = md5($username.microtime());
+ }
+
+ $this->session['challengecookie'] = md5($this->session['challengekey'].microtime());
+ setcookie('authchallenge', $this->session['challengecookie']);
+
+ $this->session['registered'] = true;
+ $this->session['username'] = $username;
+ $this->session['timestamp'] = time();
+ $this->session['idle'] = time();
+ }
+
+ // }}}
+ // {{{ setAdvancedSecurity()
+
+ /**
+ * Enables advanced security checks
+ *
+ * Currently only ip change and useragent change
+ * are detected
+ * @todo Add challenge cookies - Create a cookie which changes every time
+ * and contains some challenge key which the server can verify with
+ * a session var cookie might need to be crypted (user pass)
+ * @param bool Enable or disable
+ * @return void
+ * @access public
+ */
+ function setAdvancedSecurity($flag=true)
+ {
+ $this->advancedsecurity = $flag;
+ }
+
+ // }}}
+ // {{{ checkAuth()
+
+ /**
+ * Checks if there is a session with valid auth information.
+ *
+ * @access public
+ * @return boolean Whether or not the user is authenticated.
+ */
+ function checkAuth()
+ {
+ $this->authChecks++;
+ if (isset($this->session)) {
+ // Check if authentication session is expired
+ if ( $this->expire > 0
+ && isset($this->session['timestamp'])
+ && ($this->session['timestamp'] + $this->expire) < time()) {
+ $this->expired = true;
+ $this->status = AUTH_EXPIRED;
+ $this->logout();
+ return false;
+ }
+
+ // Check if maximum idle time is reached
+ if ( $this->idle > 0
+ && isset($this->session['idle'])
+ && ($this->session['idle'] + $this->idle) < time()) {
+ $this->idled = true;
+ $this->status = AUTH_IDLED;
+ $this->logout();
+ return false;
+ }
+
+ if ( isset($this->session['registered'])
+ && isset($this->session['username'])
+ && $this->session['registered'] == true
+ && $this->session['username'] != '') {
+ Auth::updateIdle();
+
+ if ($this->advancedsecurity) {
+
+ // Only Generate the challenge once
+ if($this->authChecks == 1) {
+ $this->session['challengecookieold'] = $this->session['challengecookie'];
+ $this->session['challengecookie'] = md5($this->session['challengekey'].microtime());
+ setcookie('authchallenge', $this->session['challengecookie']);
+ }
+
+ // Check for ip change
+ if ( isset($this->server['REMOTE_ADDR'])
+ && $this->session['sessionip'] != $this->server['REMOTE_ADDR']) {
+ // Check if the IP of the user has changed, if so we
+ // assume a man in the middle attack and log him out
+ $this->expired = true;
+ $this->status = AUTH_SECURITY_BREACH;
+ $this->logout();
+ return false;
+ }
+
+ // Check for useragent change
+ if ( isset($this->server['HTTP_USER_AGENT'])
+ && $this->session['sessionuseragent'] != $this->server['HTTP_USER_AGENT']) {
+ // Check if the User-Agent of the user has changed, if
+ // so we assume a man in the middle attack and log him out
+ $this->expired = true;
+ $this->status = AUTH_SECURITY_BREACH;
+ $this->logout();
+ return false;
+ }
+
+ // Check challenge cookie here, if challengecookieold is not set
+ // this is the first time and check is skipped
+ // TODO when user open two pages similtaneuly (open in new window,open
+ // in tab) auth breach is caused find out a way around that if possible
+ if ( isset($this->session['challengecookieold'])
+ && $this->session['challengecookieold'] != $this->cookie['authchallenge']) {
+ $this->expired = true;
+ $this->status = AUTH_SECURITY_BREACH;
+ $this->logout();
+ $this->login();
+ return false;
+ }
+ }
+
+ return true;
+ }
+ }
+ return false;
+ }
+
+ // }}}
+ // {{{ staticCheckAuth() [static]
+
+ /**
+ * Statically checks if there is a session with valid auth information.
+ *
+ * @access public
+ * @see checkAuth
+ * @return boolean Whether or not the user is authenticated.
+ * @static
+ */
+ function staticCheckAuth($options = null)
+ {
+ static $staticAuth;
+ if(!isset($staticAuth)) {
+ $staticAuth = new Auth('null', $options);
+ }
+ return $staticAuth->checkAuth();
+ }
+
+ // }}}
+ // {{{ getAuth()
+
+ /**
+ * Has the user been authenticated?
+ *
+ * @access public
+ * @return bool True if the user is logged in, otherwise false.
+ */
+ function getAuth()
+ {
+ return $this->checkAuth();
+ }
+
+ // }}}
+ // {{{ logout()
+
+ /**
+ * Logout function
+ *
+ * This function clears any auth tokens in the currently
+ * active session and executes the logout callback function,
+ * if any
+ *
+ * @access public
+ * @return void
+ */
+ function logout()
+ {
+ if (is_callable($this->logoutCallback)) {
+ call_user_func_array($this->logoutCallback, array($this->session['username'], &$this));
+ }
+
+ $this->username = '';
+ $this->password = '';
+
+ $this->session = null;
+ }
+
+ // }}}
+ // {{{ updateIdle()
+
+ /**
+ * Update the idletime
+ *
+ * @access private
+ * @return void
+ */
+ function updateIdle()
+ {
+ $this->session['idle'] = time();
+ }
+
+ // }}}
+ // {{{ getUsername()
+
+ /**
+ * Get the username
+ *
+ * @return string
+ * @access public
+ */
+ function getUsername()
+ {
+ if (isset($this->session['username'])) {
+ return($this->session['username']);
+ }
+ return('');
+ }
+
+ // }}}
+ // {{{ getStatus()
+
+ /**
+ * Get the current status
+ *
+ * @return string
+ * @access public
+ */
+ function getStatus()
+ {
+ return $this->status;
+ }
+
+ // }}}
+ // {{{ getPostUsernameField()
+
+ /**
+ * Gets the post varible used for the username
+ *
+ * @return string
+ * @access public
+ */
+ function getPostUsernameField()
+ {
+ return($this->_postUsername);
+ }
+
+ // }}}
+ // {{{ getPostPasswordField()
+
+ /**
+ * Gets the post varible used for the username
+ *
+ * @return string
+ * @access public
+ */
+ function getPostPasswordField()
+ {
+ return($this->_postPassword);
+ }
+
+ // }}}
+ // {{{ sessionValidThru()
+
+ /**
+ * Returns the time up to the session is valid
+ *
+ * @access public
+ * @return integer
+ */
+ function sessionValidThru()
+ {
+ if (!isset($this->session['idle'])) {
+ return 0;
+ }
+ if ($this->idle == 0) {
+ return 0;
+ }
+ return ($this->session['idle'] + $this->idle);
+ }
+
+ // }}}
+ // {{{ listUsers()
+
+ /**
+ * List all users that are currently available in the storage
+ * container
+ *
+ * @access public
+ * @return array
+ */
+ function listUsers()
+ {
+ $this->_loadStorage();
+ return $this->storage->listUsers();
+ }
+
+ // }}}
+ // {{{ addUser()
+
+ /**
+ * Add user to the storage container
+ *
+ * @access public
+ * @param string Username
+ * @param string Password
+ * @param mixed Additional parameters
+ * @return mixed True on success, PEAR error object on error
+ * and AUTH_METHOD_NOT_SUPPORTED otherwise.
+ */
+ function addUser($username, $password, $additional = '')
+ {
+ $this->_loadStorage();
+ return $this->storage->addUser($username, $password, $additional);
+ }
+
+ // }}}
+ // {{{ removeUser()
+
+ /**
+ * Remove user from the storage container
+ *
+ * @access public
+ * @param string Username
+ * @return mixed True on success, PEAR error object on error
+ * and AUTH_METHOD_NOT_SUPPORTED otherwise.
+ */
+ function removeUser($username)
+ {
+ $this->_loadStorage();
+ return $this->storage->removeUser($username);
+ }
+
+ // }}}
+ // {{{ changePassword()
+
+ /**
+ * Change password for user in the storage container
+ *
+ * @access public
+ * @param string Username
+ * @param string The new password
+ * @return mixed True on success, PEAR error object on error
+ * and AUTH_METHOD_NOT_SUPPORTED otherwise.
+ */
+ function changePassword($username, $password)
+ {
+ $this->_loadStorage();
+ return $this->storage->changePassword($username, $password);
+ }
+
+ // }}}
+
+}
+?>
Index: /temp/trunk/html/test/kakinaka/pear/Auth/Container.php
===================================================================
--- /temp/trunk/html/test/kakinaka/pear/Auth/Container.php (revision 10040)
+++ /temp/trunk/html/test/kakinaka/pear/Auth/Container.php (revision 10040)
@@ -0,0 +1,224 @@
+
+ * @author Adam Ashley
+ * @copyright 2001-2006 The PHP Group
+ * @license http://www.php.net/license/3_01.txt PHP License 3.01
+ * @version CVS: $Id$
+ * @link http://pear.php.net/package/Auth
+ */
+
+/**
+ * Storage class for fetching login data
+ *
+ * @category Authentication
+ * @package Auth
+ * @author Martin Jansen
+ * @author Adam Ashley
+ * @copyright 2001-2006 The PHP Group
+ * @license http://www.php.net/license/3_01.txt PHP License 3.01
+ * @version Release: 1.4.2 File: $Revision$
+ * @link http://pear.php.net/package/Auth
+ */
+class Auth_Container
+{
+
+ // {{{ properties
+
+ /**
+ * User that is currently selected from the storage container.
+ *
+ * @access public
+ */
+ var $activeUser = "";
+
+ // }}}
+ // {{{ Auth_Container() [constructor]
+
+ /**
+ * Constructor
+ *
+ * Has to be overwritten by each storage class
+ *
+ * @access public
+ */
+ function Auth_Container()
+ {
+ }
+
+ // }}}
+ // {{{ fetchData()
+
+ /**
+ * Fetch data from storage container
+ *
+ * Has to be overwritten by each storage class
+ *
+ * @access public
+ */
+ function fetchData($username, $password, $isChallengeResponse=false)
+ {
+ }
+
+ // }}}
+ // {{{ verifyPassword()
+
+ /**
+ * Crypt and verfiy the entered password
+ *
+ * @param string Entered password
+ * @param string Password from the data container (usually this password
+ * is already encrypted.
+ * @param string Type of algorithm with which the password from
+ * the container has been crypted. (md5, crypt etc.)
+ * Defaults to "md5".
+ * @return bool True, if the passwords match
+ */
+ function verifyPassword($password1, $password2, $cryptType = "md5")
+ {
+ switch ($cryptType) {
+ case "crypt" :
+ return ((string)crypt($password1, $password2) === (string)$password2);
+ break;
+ case "none" :
+ case "" :
+ return ((string)$password1 === (string)$password2);
+ break;
+ case "md5" :
+ return ((string)md5($password1) === (string)$password2);
+ break;
+ default :
+ if (function_exists($cryptType)) {
+ return ((string)$cryptType($password1) === (string)$password2);
+ } elseif (method_exists($this,$cryptType)) {
+ return ((string)$this->$cryptType($password1) === (string)$password2);
+ } else {
+ return false;
+ }
+ break;
+ }
+ }
+
+ // }}}
+ // {{{ supportsChallengeResponse()
+
+ /**
+ * Returns true if the container supports Challenge Response
+ * password authentication
+ */
+ function supportsChallengeResponse()
+ {
+ return(false);
+ }
+
+ // }}}
+ // {{{ getCryptType()
+
+ /**
+ * Returns the crypt current crypt type of the container
+ *
+ * @return string
+ */
+ function getCryptType()
+ {
+ return('');
+ }
+
+ // }}}
+ // {{{ listUsers()
+
+ /**
+ * List all users that are available from the storage container
+ */
+ function listUsers()
+ {
+ return AUTH_METHOD_NOT_SUPPORTED;
+ }
+
+ // }}}
+ // {{{ getUser()
+
+ /**
+ * Returns a user assoc array
+ *
+ * Containers which want should overide this
+ *
+ * @param string The username
+ */
+ function getUser($username)
+ {
+ $users = $this->listUsers();
+ if ($users === AUTH_METHOD_NOT_SUPPORTED) {
+ return AUTH_METHOD_NOT_SUPPORTED;
+ }
+ for ($i=0; $c = count($users), $i<$c; $i++) {
+ if ($users[$i]['username'] == $username) {
+ return $users[$i];
+ }
+ }
+ return false;
+ }
+
+ // }}}
+ // {{{ addUser()
+
+ /**
+ * Add a new user to the storage container
+ *
+ * @param string Username
+ * @param string Password
+ * @param array Additional information
+ *
+ * @return boolean
+ */
+ function addUser($username, $password, $additional=null)
+ {
+ return AUTH_METHOD_NOT_SUPPORTED;
+ }
+
+ // }}}
+ // {{{ removeUser()
+
+ /**
+ * Remove user from the storage container
+ *
+ * @param string Username
+ */
+ function removeUser($username)
+ {
+ return AUTH_METHOD_NOT_SUPPORTED;
+ }
+
+ // }}}
+ // {{{ changePassword()
+
+ /**
+ * Change password for user in the storage container
+ *
+ * @param string Username
+ * @param string The new password
+ */
+ function changePassword($username, $password)
+ {
+ return AUTH_METHOD_NOT_SUPPORTED;
+ }
+
+ // }}}
+
+}
+
+?>
Index: /temp/trunk/html/test/kakinaka/pear/Auth/Frontend/Html.php
===================================================================
--- /temp/trunk/html/test/kakinaka/pear/Auth/Frontend/Html.php (revision 10040)
+++ /temp/trunk/html/test/kakinaka/pear/Auth/Frontend/Html.php (revision 10040)
@@ -0,0 +1,142 @@
+
+ * @author Adam Ashley
+ * @copyright 2001-2006 The PHP Group
+ * @license http://www.php.net/license/3_01.txt PHP License 3.01
+ * @version CVS: $Id$
+ * @link http://pear.php.net/package/Auth
+ * @since File available since Release 1.3.0
+ */
+
+/**
+ * Standard Html Login form
+ *
+ * @category Authentication
+ * @package Auth
+ * @author Yavor Shahpasov
+ * @author Adam Ashley
+ * @copyright 2001-2006 The PHP Group
+ * @license http://www.php.net/license/3_01.txt PHP License 3.01
+ * @version Release: 1.4.2 File: $Revision$
+ * @link http://pear.php.net/package/Auth
+ * @since Class available since Release 1.3.0
+ */
+class Auth_Frontend_Html {
+
+ // {{{ render()
+
+ /**
+ * Displays the login form
+ *
+ * @param object The calling auth instance
+ * @param string The previously used username
+ * @return void
+ */
+ function render(&$caller, $username = '') {
+ $loginOnClick = 'return true;';
+
+ // Try To Use Challene response
+ // TODO javascript might need some improvement for work on other browsers
+ if($caller->advancedsecurity && $caller->storage->supportsChallengeResponse() ) {
+
+ // Init the secret cookie
+ $caller->session['loginchallenege'] = md5(microtime());
+
+ print "\n";
+ print ''."\n";;
+ print "\n";
+
+ $loginOnClick = ' return securePassword(); ';
+ }
+
+ print ''."\n";
+
+ $status = '';
+ if (!empty($caller->status) && $caller->status == AUTH_EXPIRED) {
+ $status = 'Your session has expired. Please login again!'."\n";
+ } else if (!empty($caller->status) && $caller->status == AUTH_IDLED) {
+ $status = 'You have been idle for too long. Please login again!'."\n";
+ } else if (!empty ($caller->status) && $caller->status == AUTH_WRONG_LOGIN) {
+ $status = 'Wrong login data!'."\n";
+ } else if (!empty ($caller->status) && $caller->status == AUTH_SECURITY_BREACH) {
+ $status = 'Security problem detected. '."\n";
+ }
+
+ print ''."\n";
+ print ''."\n";
+ }
+
+ // }}}
+
+}
+
+?>
Index: /temp/trunk/html/test/kakinaka/pear/Auth/Frontend/md5.js
===================================================================
--- /temp/trunk/html/test/kakinaka/pear/Auth/Frontend/md5.js (revision 10040)
+++ /temp/trunk/html/test/kakinaka/pear/Auth/Frontend/md5.js (revision 10040)
@@ -0,0 +1,256 @@
+/*
+ * A JavaScript implementation of the RSA Data Security, Inc. MD5 Message
+ * Digest Algorithm, as defined in RFC 1321.
+ * Version 2.1 Copyright (C) Paul Johnston 1999 - 2002.
+ * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
+ * Distributed under the BSD License
+ * See http://pajhome.org.uk/crypt/md5 for more info.
+ */
+
+/*
+ * Configurable variables. You may need to tweak these to be compatible with
+ * the server-side, but the defaults work in most cases.
+ */
+var hexcase = 0; /* hex output format. 0 - lowercase; 1 - uppercase */
+var b64pad = ""; /* base-64 pad character. "=" for strict RFC compliance */
+var chrsz = 8; /* bits per input character. 8 - ASCII; 16 - Unicode */
+
+/*
+ * These are the functions you'll usually want to call
+ * They take string arguments and return either hex or base-64 encoded strings
+ */
+function hex_md5(s){ return binl2hex(core_md5(str2binl(s), s.length * chrsz));}
+function b64_md5(s){ return binl2b64(core_md5(str2binl(s), s.length * chrsz));}
+function str_md5(s){ return binl2str(core_md5(str2binl(s), s.length * chrsz));}
+function hex_hmac_md5(key, data) { return binl2hex(core_hmac_md5(key, data)); }
+function b64_hmac_md5(key, data) { return binl2b64(core_hmac_md5(key, data)); }
+function str_hmac_md5(key, data) { return binl2str(core_hmac_md5(key, data)); }
+
+/*
+ * Perform a simple self-test to see if the VM is working
+ */
+function md5_vm_test()
+{
+ return hex_md5("abc") == "900150983cd24fb0d6963f7d28e17f72";
+}
+
+/*
+ * Calculate the MD5 of an array of little-endian words, and a bit length
+ */
+function core_md5(x, len)
+{
+ /* append padding */
+ x[len >> 5] |= 0x80 << ((len) % 32);
+ x[(((len + 64) >>> 9) << 4) + 14] = len;
+
+ var a = 1732584193;
+ var b = -271733879;
+ var c = -1732584194;
+ var d = 271733878;
+
+ for(var i = 0; i < x.length; i += 16)
+ {
+ var olda = a;
+ var oldb = b;
+ var oldc = c;
+ var oldd = d;
+
+ a = md5_ff(a, b, c, d, x[i+ 0], 7 , -680876936);
+ d = md5_ff(d, a, b, c, x[i+ 1], 12, -389564586);
+ c = md5_ff(c, d, a, b, x[i+ 2], 17, 606105819);
+ b = md5_ff(b, c, d, a, x[i+ 3], 22, -1044525330);
+ a = md5_ff(a, b, c, d, x[i+ 4], 7 , -176418897);
+ d = md5_ff(d, a, b, c, x[i+ 5], 12, 1200080426);
+ c = md5_ff(c, d, a, b, x[i+ 6], 17, -1473231341);
+ b = md5_ff(b, c, d, a, x[i+ 7], 22, -45705983);
+ a = md5_ff(a, b, c, d, x[i+ 8], 7 , 1770035416);
+ d = md5_ff(d, a, b, c, x[i+ 9], 12, -1958414417);
+ c = md5_ff(c, d, a, b, x[i+10], 17, -42063);
+ b = md5_ff(b, c, d, a, x[i+11], 22, -1990404162);
+ a = md5_ff(a, b, c, d, x[i+12], 7 , 1804603682);
+ d = md5_ff(d, a, b, c, x[i+13], 12, -40341101);
+ c = md5_ff(c, d, a, b, x[i+14], 17, -1502002290);
+ b = md5_ff(b, c, d, a, x[i+15], 22, 1236535329);
+
+ a = md5_gg(a, b, c, d, x[i+ 1], 5 , -165796510);
+ d = md5_gg(d, a, b, c, x[i+ 6], 9 , -1069501632);
+ c = md5_gg(c, d, a, b, x[i+11], 14, 643717713);
+ b = md5_gg(b, c, d, a, x[i+ 0], 20, -373897302);
+ a = md5_gg(a, b, c, d, x[i+ 5], 5 , -701558691);
+ d = md5_gg(d, a, b, c, x[i+10], 9 , 38016083);
+ c = md5_gg(c, d, a, b, x[i+15], 14, -660478335);
+ b = md5_gg(b, c, d, a, x[i+ 4], 20, -405537848);
+ a = md5_gg(a, b, c, d, x[i+ 9], 5 , 568446438);
+ d = md5_gg(d, a, b, c, x[i+14], 9 , -1019803690);
+ c = md5_gg(c, d, a, b, x[i+ 3], 14, -187363961);
+ b = md5_gg(b, c, d, a, x[i+ 8], 20, 1163531501);
+ a = md5_gg(a, b, c, d, x[i+13], 5 , -1444681467);
+ d = md5_gg(d, a, b, c, x[i+ 2], 9 , -51403784);
+ c = md5_gg(c, d, a, b, x[i+ 7], 14, 1735328473);
+ b = md5_gg(b, c, d, a, x[i+12], 20, -1926607734);
+
+ a = md5_hh(a, b, c, d, x[i+ 5], 4 , -378558);
+ d = md5_hh(d, a, b, c, x[i+ 8], 11, -2022574463);
+ c = md5_hh(c, d, a, b, x[i+11], 16, 1839030562);
+ b = md5_hh(b, c, d, a, x[i+14], 23, -35309556);
+ a = md5_hh(a, b, c, d, x[i+ 1], 4 , -1530992060);
+ d = md5_hh(d, a, b, c, x[i+ 4], 11, 1272893353);
+ c = md5_hh(c, d, a, b, x[i+ 7], 16, -155497632);
+ b = md5_hh(b, c, d, a, x[i+10], 23, -1094730640);
+ a = md5_hh(a, b, c, d, x[i+13], 4 , 681279174);
+ d = md5_hh(d, a, b, c, x[i+ 0], 11, -358537222);
+ c = md5_hh(c, d, a, b, x[i+ 3], 16, -722521979);
+ b = md5_hh(b, c, d, a, x[i+ 6], 23, 76029189);
+ a = md5_hh(a, b, c, d, x[i+ 9], 4 , -640364487);
+ d = md5_hh(d, a, b, c, x[i+12], 11, -421815835);
+ c = md5_hh(c, d, a, b, x[i+15], 16, 530742520);
+ b = md5_hh(b, c, d, a, x[i+ 2], 23, -995338651);
+
+ a = md5_ii(a, b, c, d, x[i+ 0], 6 , -198630844);
+ d = md5_ii(d, a, b, c, x[i+ 7], 10, 1126891415);
+ c = md5_ii(c, d, a, b, x[i+14], 15, -1416354905);
+ b = md5_ii(b, c, d, a, x[i+ 5], 21, -57434055);
+ a = md5_ii(a, b, c, d, x[i+12], 6 , 1700485571);
+ d = md5_ii(d, a, b, c, x[i+ 3], 10, -1894986606);
+ c = md5_ii(c, d, a, b, x[i+10], 15, -1051523);
+ b = md5_ii(b, c, d, a, x[i+ 1], 21, -2054922799);
+ a = md5_ii(a, b, c, d, x[i+ 8], 6 , 1873313359);
+ d = md5_ii(d, a, b, c, x[i+15], 10, -30611744);
+ c = md5_ii(c, d, a, b, x[i+ 6], 15, -1560198380);
+ b = md5_ii(b, c, d, a, x[i+13], 21, 1309151649);
+ a = md5_ii(a, b, c, d, x[i+ 4], 6 , -145523070);
+ d = md5_ii(d, a, b, c, x[i+11], 10, -1120210379);
+ c = md5_ii(c, d, a, b, x[i+ 2], 15, 718787259);
+ b = md5_ii(b, c, d, a, x[i+ 9], 21, -343485551);
+
+ a = safe_add(a, olda);
+ b = safe_add(b, oldb);
+ c = safe_add(c, oldc);
+ d = safe_add(d, oldd);
+ }
+ return Array(a, b, c, d);
+
+}
+
+/*
+ * These functions implement the four basic operations the algorithm uses.
+ */
+function md5_cmn(q, a, b, x, s, t)
+{
+ return safe_add(bit_rol(safe_add(safe_add(a, q), safe_add(x, t)), s),b);
+}
+function md5_ff(a, b, c, d, x, s, t)
+{
+ return md5_cmn((b & c) | ((~b) & d), a, b, x, s, t);
+}
+function md5_gg(a, b, c, d, x, s, t)
+{
+ return md5_cmn((b & d) | (c & (~d)), a, b, x, s, t);
+}
+function md5_hh(a, b, c, d, x, s, t)
+{
+ return md5_cmn(b ^ c ^ d, a, b, x, s, t);
+}
+function md5_ii(a, b, c, d, x, s, t)
+{
+ return md5_cmn(c ^ (b | (~d)), a, b, x, s, t);
+}
+
+/*
+ * Calculate the HMAC-MD5, of a key and some data
+ */
+function core_hmac_md5(key, data)
+{
+ var bkey = str2binl(key);
+ if(bkey.length > 16) bkey = core_md5(bkey, key.length * chrsz);
+
+ var ipad = Array(16), opad = Array(16);
+ for(var i = 0; i < 16; i++)
+ {
+ ipad[i] = bkey[i] ^ 0x36363636;
+ opad[i] = bkey[i] ^ 0x5C5C5C5C;
+ }
+
+ var hash = core_md5(ipad.concat(str2binl(data)), 512 + data.length * chrsz);
+ return core_md5(opad.concat(hash), 512 + 128);
+}
+
+/*
+ * Add integers, wrapping at 2^32. This uses 16-bit operations internally
+ * to work around bugs in some JS interpreters.
+ */
+function safe_add(x, y)
+{
+ var lsw = (x & 0xFFFF) + (y & 0xFFFF);
+ var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
+ return (msw << 16) | (lsw & 0xFFFF);
+}
+
+/*
+ * Bitwise rotate a 32-bit number to the left.
+ */
+function bit_rol(num, cnt)
+{
+ return (num << cnt) | (num >>> (32 - cnt));
+}
+
+/*
+ * Convert a string to an array of little-endian words
+ * If chrsz is ASCII, characters >255 have their hi-byte silently ignored.
+ */
+function str2binl(str)
+{
+ var bin = Array();
+ var mask = (1 << chrsz) - 1;
+ for(var i = 0; i < str.length * chrsz; i += chrsz)
+ bin[i>>5] |= (str.charCodeAt(i / chrsz) & mask) << (i%32);
+ return bin;
+}
+
+/*
+ * Convert an array of little-endian words to a string
+ */
+function binl2str(bin)
+{
+ var str = "";
+ var mask = (1 << chrsz) - 1;
+ for(var i = 0; i < bin.length * 32; i += chrsz)
+ str += String.fromCharCode((bin[i>>5] >>> (i % 32)) & mask);
+ return str;
+}
+
+/*
+ * Convert an array of little-endian words to a hex string.
+ */
+function binl2hex(binarray)
+{
+ var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";
+ var str = "";
+ for(var i = 0; i < binarray.length * 4; i++)
+ {
+ str += hex_tab.charAt((binarray[i>>2] >> ((i%4)*8+4)) & 0xF) +
+ hex_tab.charAt((binarray[i>>2] >> ((i%4)*8 )) & 0xF);
+ }
+ return str;
+}
+
+/*
+ * Convert an array of little-endian words to a base-64 string
+ */
+function binl2b64(binarray)
+{
+ var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+ var str = "";
+ for(var i = 0; i < binarray.length * 4; i += 3)
+ {
+ var triplet = (((binarray[i >> 2] >> 8 * ( i %4)) & 0xFF) << 16)
+ | (((binarray[i+1 >> 2] >> 8 * ((i+1)%4)) & 0xFF) << 8 )
+ | ((binarray[i+2 >> 2] >> 8 * ((i+2)%4)) & 0xFF);
+ for(var j = 0; j < 4; j++)
+ {
+ if(i * 8 + j * 6 > binarray.length * 32) str += b64pad;
+ else str += tab.charAt((triplet >> 6*(3-j)) & 0x3F);
+ }
+ }
+ return str;
+}
Index: /temp/trunk/html/test/kakinaka/pear/Auth/Auth/Anonymous.php
===================================================================
--- /temp/trunk/html/test/kakinaka/pear/Auth/Auth/Anonymous.php (revision 10040)
+++ /temp/trunk/html/test/kakinaka/pear/Auth/Auth/Anonymous.php (revision 10040)
@@ -0,0 +1,138 @@
+
+ * @author Adam Ashley
+ * @copyright 2001-2006 The PHP Group
+ * @license http://www.php.net/license/3_01.txt PHP License 3.01
+ * @version CVS: $Id$
+ * @link http://pear.php.net/package/Auth
+ * @since File available since Release 1.3.0
+ */
+
+/**
+ * Include Auth package
+ */
+require_once 'Auth.php';
+
+/**
+ * Anonymous Authentication
+ *
+ * This class provides anonymous authentication if username and password
+ * were not supplied
+ *
+ * @category Authentication
+ * @package Auth
+ * @author Yavor Shahpasov
+ * @author Adam Ashley
+ * @copyright 2001-2006 The PHP Group
+ * @license http://www.php.net/license/3_01.txt PHP License 3.01
+ * @version Release: 1.4.2 File: $Revision$
+ * @link http://pear.php.net/package/Auth
+ * @since Class available since Release 1.3.0
+ */
+class Auth_Anonymous extends Auth
+{
+
+ // {{{ properties
+
+ /**
+ * Whether to allow anonymous authentication
+ *
+ * @var boolean
+ */
+ var $allow_anonymous = true;
+
+ /**
+ * Username to use for anonymous user
+ *
+ * @var string
+ */
+ var $anonymous_username = 'anonymous';
+
+ // }}}
+ // {{{ Auth_Anonymous() [constructor]
+
+ /**
+ * Pass all parameters to Parent Auth class
+ *
+ * Set up the storage driver.
+ *
+ * @param string Type of the storage driver
+ * @param mixed Additional options for the storage driver
+ * (example: if you are using DB as the storage
+ * driver, you have to pass the dsn string here)
+ *
+ * @param string Name of the function that creates the login form
+ * @param boolean Should the login form be displayed if neccessary?
+ * @return void
+ * @see Auth::Auth()
+ */
+ function Auth_Anonymous($storageDriver, $options = '', $loginFunction = '', $showLogin = true) {
+ parent::Auth($storageDriver, $options, $loginFunction, $showLogin);
+ }
+
+ // }}}
+ // {{{ login()
+
+ /**
+ * Login function
+ *
+ * If no username & password is passed then login as the username
+ * provided in $this->anonymous_username else call standard login()
+ * function.
+ *
+ * @return void
+ * @access private
+ * @see Auth::login()
+ */
+ function login() {
+ if ( $this->allow_anonymous
+ && empty($this->username)
+ && empty($this->password) ) {
+ $this->setAuth($this->anonymous_username);
+ if (is_callable($this->loginCallback)) {
+ call_user_func_array($this->loginCallback, array($this->username, $this) );
+ }
+ } else {
+ // Call normal login system
+ parent::login();
+ }
+ }
+
+ // }}}
+ // {{{ forceLogin()
+
+ /**
+ * Force the user to login
+ *
+ * Calling this function forces the user to provide a real username and
+ * password before continuing.
+ *
+ * @return void
+ */
+ function forceLogin() {
+ $this->allow_anonymous = false;
+ if( !empty($this->session['username']) && $this->session['username'] == $this->anonymous_username ) {
+ $this->logout();
+ }
+ }
+
+ // }}}
+
+}
+
+?>
Index: /temp/trunk/html/test/kakinaka/pear/Auth/Auth/Auth.php
===================================================================
--- /temp/trunk/html/test/kakinaka/pear/Auth/Auth/Auth.php (revision 10040)
+++ /temp/trunk/html/test/kakinaka/pear/Auth/Auth/Auth.php (revision 10040)
@@ -0,0 +1,30 @@
+
+ * @copyright 2001-2006 The PHP Group
+ * @license http://www.php.net/license/3_01.txt PHP License 3.01
+ * @version CVS: $Id$
+ * @link http://pear.php.net/package/Auth
+ * @deprecated File deprecated since Release 1.2.0
+ */
+
+/**
+ * Include Auth package
+ */
+require_once 'Auth.php';
+
+?>
Index: /temp/trunk/html/test/kakinaka/pear/Auth/Auth/Controller.php
===================================================================
--- /temp/trunk/html/test/kakinaka/pear/Auth/Auth/Controller.php (revision 10040)
+++ /temp/trunk/html/test/kakinaka/pear/Auth/Auth/Controller.php (revision 10040)
@@ -0,0 +1,302 @@
+
+ * @author Adam Ashley
+ * @copyright 2001-2006 The PHP Group
+ * @license http://www.php.net/license/3_01.txt PHP License 3.01
+ * @version CVS: $Id$
+ * @link http://pear.php.net/package/Auth
+ * @since File available since Release 1.3.0
+ */
+
+/**
+ * Controlls access to a group of php access
+ * and redirects to a predefined login page as
+ * needed
+ *
+ * In all pages
+ *
+ * include_once('Auth.php');
+ * include_once('Auth/Controller.php');
+ * $_auth = new Auth('File', 'passwd');
+ * $authController = new Auth_Controller($_auth, 'login.php', 'index.php');
+ * $authController->start();
+ *
+ *
+ * In login.php
+ *
+ * include_once('Auth.php');
+ * include_once('Auth/Controller.php');
+ * $_auth = new Auth('File', 'passwd');
+ * $authController = new Auth_Controller($_auth, 'login.php', 'index.php');
+ * $authController->start();
+ * if( $authController->isAuthorised() ){
+ * $authController->redirectBack();
+ * }
+ *
+ *
+ * @category Authentication
+ * @author Yavor Shahpasov
+ * @author Adam Ashley
+ * @copyright 2001-2006 The PHP Group
+ * @license http://www.php.net/license/3_01.txt PHP License 3.01
+ * @version Release: 1.4.2 File: $Revision$
+ * @link http://pear.php.net/package/Auth
+ * @since Class available since Release 1.3.0
+ */
+class Auth_Controller
+{
+
+ // {{{ properties
+
+ /**
+ * The Auth instance this controller is managing
+ *
+ * @var object Auth
+ */
+ var $auth = null;
+
+ /**
+ * The login URL
+ * @var string
+ * */
+ var $login = null;
+
+ /**
+ * The default index page to use when the caller page is not set
+ *
+ * @var string
+ */
+ var $default = null;
+
+ /**
+ * If this is set to true after a succesfull login the
+ * Auth_Controller::redirectBack() is invoked automatically
+ *
+ * @var boolean
+ */
+ var $autoRedirectBack = false;
+
+ // }}}
+ // {{{ Auth_Controller() [constructor]
+
+ /**
+ * Constructor
+ *
+ * @param Auth An auth instance
+ * @param string The login page
+ * @param string The default page to go to if return page is not set
+ * @param array Some rules about which urls need to be sent to the login page
+ * @return void
+ * @todo Add a list of urls which need redirection
+ */
+ function Auth_Controller(&$auth_obj, $login='login.php', $default='index.php', $accessList=array())
+ {
+ $this->auth =& $auth_obj;
+ $this->_loginPage = $login;
+ $this->_defaultPage = $default;
+ @session_start();
+ if (!empty($_GET['return']) && $_GET['return'] && !strstr($_GET['return'], $this->_loginPage)) {
+ $this->auth->setAuthData('returnUrl', $_GET['return']);
+ }
+
+ if(!empty($_GET['authstatus']) && $this->auth->status == '') {
+ $this->auth->status = $_GET['authstatus'];
+ }
+ }
+
+ // }}}
+ // {{{ setAutoRedirectBack()
+
+ /**
+ * Enables auto redirection when login is done
+ *
+ * @param bool Sets the autoRedirectBack flag to this
+ * @see Auth_Controller::autoRedirectBack
+ * @return void
+ */
+ function setAutoRedirectBack($flag = true)
+ {
+ $this->autoRedirectBack = $flag;
+ }
+
+ // }}}
+ // {{{ redirectBack()
+
+ /**
+ * Redirects Back to the calling page
+ *
+ * @return void
+ */
+ function redirectBack()
+ {
+ // If redirectback go there
+ // else go to the default page
+
+ $returnUrl = $this->auth->getAuthData('returnUrl');
+ if(!$returnUrl) {
+ $returnUrl = $this->_defaultPage;
+ }
+
+ // Add some entropy to the return to make it unique
+ // avoind problems with cached pages and proxies
+ if(strpos($returnUrl, '?') === false) {
+ $returnUrl .= '?';
+ }
+ $returnUrl .= uniqid('');
+
+ // Track the auth status
+ if($this->auth->status != '') {
+ $url .= '&authstatus='.$this->auth->status;
+ }
+ header('Location:'.$returnUrl);
+ print("You could not be redirected to $returnUrl");
+ }
+
+ // }}}
+ // {{{ redirectLogin()
+
+ /**
+ * Redirects to the login Page if not authorised
+ *
+ * put return page on the query or in auth
+ *
+ * @return void
+ */
+ function redirectLogin()
+ {
+ // Go to the login Page
+
+ // For Auth, put some check to avoid infinite redirects, this should at least exclude
+ // the login page
+
+ $url = $this->_loginPage;
+ if(strpos($url, '?') === false) {
+ $url .= '?';
+ }
+
+ if(!strstr($_SERVER['PHP_SELF'], $this->_loginPage)) {
+ $url .= 'return='.urlencode($_SERVER['PHP_SELF']);
+ }
+
+ // Track the auth status
+ if($this->auth->status != '') {
+ $url .= '&authstatus='.$this->auth->status;
+ }
+
+ header('Location:'.$url);
+ print("You could not be redirected to $url");
+ }
+
+ // }}}
+ // {{{ start()
+
+ /**
+ * Starts the Auth Procedure
+ *
+ * If the page requires login the user is redirected to the login page
+ * otherwise the Auth::start is called to initialize Auth
+ *
+ * @return void
+ * @todo Implement an access list which specifies which urls/pages need login and which do not
+ */
+ function start()
+ {
+ // Check the accessList here
+ // ACL should be a list of urls with allow/deny
+ // If allow set allowLogin to false
+ // Some wild card matching should be implemented ?,*
+ if(!strstr($_SERVER['PHP_SELF'], $this->_loginPage) && !$this->auth->checkAuth()) {
+ $this->redirectLogin();
+ } else {
+ $this->auth->start();
+ // Logged on and on login page
+ if(strstr($_SERVER['PHP_SELF'], $this->_loginPage) && $this->auth->checkAuth()){
+ $this->autoRedirectBack ?
+ $this->redirectBack() :
+ null ;
+ }
+ }
+
+
+ }
+
+ // }}}
+ // {{{ isAuthorised()
+
+ /**
+ * Checks is the user is logged on
+ * @see Auth::checkAuth()
+ */
+ function isAuthorised()
+ {
+ return($this->auth->checkAuth());
+ }
+
+ // }}}
+ // {{{ checkAuth()
+
+ /**
+ * Proxy call to auth
+ * @see Auth::checkAuth()
+ */
+ function checkAuth()
+ {
+ return($this->auth->checkAuth());
+ }
+
+ // }}}
+ // {{{ logout()
+
+ /**
+ * Proxy call to auth
+ * @see Auth::logout()
+ */
+ function logout()
+ {
+ return($this->auth->logout());
+ }
+
+ // }}}
+ // {{{ getUsername()
+
+ /**
+ * Proxy call to auth
+ * @see Auth::getUsername()
+ */
+ function getUsername()
+ {
+ return($this->auth->getUsername());
+ }
+
+ // }}}
+ // {{{ getStatus()
+
+ /**
+ * Proxy call to auth
+ * @see Auth::getStatus()
+ */
+ function getStatus()
+ {
+ return($this->auth->getStatus());
+ }
+
+ // }}}
+
+}
+
+?>
Index: mp/trunk/html/test/kakinaka/pear/Auth.php
===================================================================
--- /temp/trunk/html/test/kakinaka/pear/Auth.php (revision 10038)
+++ (revision )
@@ -1,1079 +1,0 @@
-
- * @author Adam Ashley
- * @copyright 2001-2006 The PHP Group
- * @license http://www.php.net/license/3_01.txt PHP License 3.01
- * @version CVS: $Id$
- * @link http://pear.php.net/package/Auth
- */
-
-/**
- * Returned if session exceeds idle time
- */
-define('AUTH_IDLED', -1);
-/**
- * Returned if session has expired
- */
-define('AUTH_EXPIRED', -2);
-/**
- * Returned if container is unable to authenticate user/password pair
- */
-define('AUTH_WRONG_LOGIN', -3);
-/**
- * Returned if a container method is not supported.
- */
-define('AUTH_METHOD_NOT_SUPPORTED', -4);
-/**
- * Returned if new Advanced security system detects a breach
- */
-define('AUTH_SECURITY_BREACH', -5);
-
-/**
- * PEAR::Auth
- *
- * The PEAR::Auth class provides methods for creating an
- * authentication system using PHP.
- *
- * @category Authentication
- * @package Auth
- * @author Martin Jansen
- * @author Adam Ashley
- * @copyright 2001-2006 The PHP Group
- * @license http://www.php.net/license/3_01.txt PHP License 3.01
- * @version Release: 1.4.2 File: $Revision$
- * @link http://pear.php.net/package/Auth
- */
-class Auth {
-
- // {{{ properties
-
- /**
- * Auth lifetime in seconds
- *
- * If this variable is set to 0, auth never expires
- *
- * @var integer
- * @see setExpire(), checkAuth()
- */
- var $expire = 0;
-
- /**
- * Has the auth session expired?
- *
- * @var bool
- * @see checkAuth()
- */
- var $expired = false;
-
- /**
- * Maximum idletime in seconds
- *
- * The difference to $expire is, that the idletime gets
- * refreshed each time checkAuth() is called. If this
- * variable is set to 0, idletime is never checked.
- *
- * @var integer
- * @see setIdle(), checkAuth()
- */
- var $idle = 0;
-
- /**
- * Is the maximum idletime over?
- *
- * @var boolean
- * @see checkAuth()
- */
- var $idled = false;
-
- /**
- * Storage object
- *
- * @var object
- * @see Auth(), validateLogin()
- */
- var $storage = '';
-
- /**
- * User-defined function that creates the login screen
- *
- * @var string
- */
- var $loginFunction = '';
-
- /**
- * Should the login form be displayed
- *
- * @var bool
- * @see setShowlogin()
- */
- var $showLogin = true;
-
- /**
- * Is Login Allowed from this page
- *
- * @var bool
- * @see setAllowLogin
- */
- var $allowLogin = true;
-
- /**
- * Current authentication status
- *
- * @var string
- */
- var $status = '';
-
- /**
- * Username
- *
- * @var string
- */
- var $username = '';
-
- /**
- * Password
- *
- * @var string
- */
- var $password = '';
-
- /**
- * Login callback function name
- *
- * @var string
- * @see setLoginCallback()
- */
- var $loginCallback = '';
-
- /**
- * Failed Login callback function name
- *
- * @var string
- * @see setFailedLoginCallback()
- */
- var $loginFailedCallback = '';
-
- /**
- * Logout callback function name
- *
- * @var string
- * @see setLogoutCallback()
- */
- var $logoutCallback = '';
-
- /**
- * Auth session-array name
- *
- * @var string
- */
- var $_sessionName = '_authsession';
-
- /**
- * Package Version
- *
- * @var string
- */
- var $version = "@version@";
-
- /**
- * Flag to use advanced security
- * When set extra checks will be made to see if the
- * user's IP or useragent have changed across requests.
- * Turned off by default to preserve BC.
- *
- * @var boolean
- */
- var $advancedsecurity = false;
-
- /**
- * Username key in POST array
- *
- * @var string
- */
- var $_postUsername = 'username';
-
- /**
- * Password key in POST array
- *
- * @var string
- */
- var $_postPassword = 'password';
-
- /**
- * Holds a reference to the session auth variable
- * @var array
- */
- var $session;
-
- /**
- * Holds a reference to the global server variable
- * @var array
- */
- var $server;
-
- /**
- * Holds a reference to the global post variable
- * @var array
- */
- var $post;
-
- /**
- * Holds a reference to the global cookie variable
- * @var array
- */
- var $cookie;
-
- /**
- * A hash to hold various superglobals as reference
- * @var array
- */
- var $authdata;
-
- /**
- * How many times has checkAuth been called
- * var int
- */
- var $authChecks = 0;
-
- // }}}
- // {{{ Auth() [constructor]
-
- /**
- * Constructor
- *
- * Set up the storage driver.
- *
- * @param string Type of the storage driver
- * @param mixed Additional options for the storage driver
- * (example: if you are using DB as the storage
- * driver, you have to pass the dsn string here)
- *
- * @param string Name of the function that creates the login form
- * @param boolean Should the login form be displayed if neccessary?
- * @return void
- */
- function Auth($storageDriver, $options = '', $loginFunction = '', $showLogin = true)
- {
- $this->applyAuthOptions($options);
-
- // Start the session suppress error if already started
- if(!session_id()){
- @session_start();
- if(!session_id()) {
- // Throw error
- include_once 'PEAR.php';
- PEAR::throwError('Session could not be started by Auth, '
- .'possibly headers are already sent, try putting '
- .'ob_start in the beginning of your script');
- }
- }
-
- // Make Sure Auth session variable is there
- if(!isset($_SESSION[$this->_sessionName])) {
- $_SESSION[$this->_sessionName] = array();
- }
-
- // Assign Some globals to internal references, this will replace _importGlobalVariable
- $this->session =& $_SESSION[$this->_sessionName];
- $this->server =& $_SERVER;
- $this->post =& $_POST;
- $this->cookie =& $_COOKIE;
-
- if ($loginFunction != '' && is_callable($loginFunction)) {
- $this->loginFunction = $loginFunction;
- }
-
- if (is_bool($showLogin)) {
- $this->showLogin = $showLogin;
- }
-
- if (is_object($storageDriver)) {
- $this->storage =& $storageDriver;
- // Pass a reference to auth to the container, ugly but works
- // this is used by the DB container to use method setAuthData not staticaly.
- $this->storage->_auth_obj =& $this;
- } else {
- // $this->storage = $this->_factory($storageDriver, $options);
- //
- $this->storage_driver = $storageDriver;
- $this->storage_options =& $options;
- }
- }
-
- // }}}
- // {{{ applyAuthOptions()
-
- /**
- * Set the Auth options
- *
- * Some options which are Auth specific will be applied
- * the rest will be left for usage by the container
- *
- * @param array An array of Auth options
- * @return array The options which were not applied
- * @access private
- */
- function &applyAuthOptions(&$options)
- {
- if(is_array($options)){
- if (!empty($options['sessionName'])) {
- $this->_sessionName = $options['sessionName'];
- unset($options['sessionName']);
- }
- if (isset($options['allowLogin'])) {
- $this->allowLogin = $options['allowLogin'];
- unset($options['allowLogin']);
- }
- if (!empty($options['postUsername'])) {
- $this->_postUsername = $options['postUsername'];
- unset($options['postUsername']);
- }
- if (!empty($options['postPassword'])) {
- $this->_postPassword = $options['postPassword'];
- unset($options['postPassword']);
- }
- if (isset($options['advancedsecurity'])) {
- $this->advancedsecurity = $options['advancedsecurity'];
- unset($options['advancedsecurity']);
- }
- }
- return($options);
- }
-
- // }}}
- // {{{ _loadStorage()
-
- /**
- * Load Storage Driver if not already loaded
- *
- * Suspend storage instantiation to make Auth lighter to use
- * for calls which do not require login
- *
- * @return bool True if the conainer is loaded, false if the container
- * is already loaded
- * @access private
- */
- function _loadStorage()
- {
- if(!is_object($this->storage)) {
- $this->storage =& $this->_factory($this->storage_driver,
- $this->storage_options);
- $this->storage->_auth_obj =& $this;
- return(true);
- }
- return(false);
- }
-
- // }}}
- // {{{ _factory()
-
- /**
- * Return a storage driver based on $driver and $options
- *
- * @static
- * @param string $driver Type of storage class to return
- * @param string $options Optional parameters for the storage class
- * @return object Object Storage object
- * @access private
- */
- function &_factory($driver, $options = '')
- {
- $storage_class = 'Auth_Container_' . $driver;
- include_once 'Auth/Container/' . $driver . '.php';
- $obj =& new $storage_class($options);
- return $obj;
- }
-
- // }}}
- // {{{ assignData()
-
- /**
- * Assign data from login form to internal values
- *
- * This function takes the values for username and password
- * from $HTTP_POST_VARS/$_POST and assigns them to internal variables.
- * If you wish to use another source apart from $HTTP_POST_VARS/$_POST,
- * you have to derive this function.
- *
- * @global $HTTP_POST_VARS, $_POST
- * @see Auth
- * @return void
- * @access private
- */
- function assignData()
- {
- if ( isset($this->post[$this->_postUsername])
- && $this->post[$this->_postUsername] != '') {
- $this->username = (get_magic_quotes_gpc() == 1
- ? stripslashes($this->post[$this->_postUsername])
- : $this->post[$this->_postUsername]);
- }
- if ( isset($this->post[$this->_postPassword])
- && $this->post[$this->_postPassword] != '') {
- $this->password = (get_magic_quotes_gpc() == 1
- ? stripslashes($this->post[$this->_postPassword])
- : $this->post[$this->_postPassword] );
- }
- }
-
- // }}}
- // {{{ start()
-
- /**
- * Start new auth session
- *
- * @return void
- * @access public
- */
- function start()
- {
- $this->assignData();
- if (!$this->checkAuth() && $this->allowLogin) {
- $this->login();
- }
- }
-
- // }}}
- // {{{ login()
-
- /**
- * Login function
- *
- * @return void
- * @access private
- */
- function login()
- {
- $login_ok = false;
- $this->_loadStorage();
-
- // Check if using challenge response
- (isset($this->post['authsecret']) && $this->post['authsecret'] == 1)
- ? $usingChap = true
- : $usingChap = false;
-
-
- // When the user has already entered a username, we have to validate it.
- if (!empty($this->username)) {
- if (true === $this->storage->fetchData($this->username, $this->password, $usingChap)) {
- $this->session['challengekey'] = md5($this->username.$this->password);
- $login_ok = true;
- }
- }
-
- if (!empty($this->username) && $login_ok) {
- $this->setAuth($this->username);
- if (is_callable($this->loginCallback)) {
- call_user_func_array($this->loginCallback, array($this->username, &$this));
- }
- }
-
- // If the login failed or the user entered no username,
- // output the login screen again.
- if (!empty($this->username) && !$login_ok) {
- $this->status = AUTH_WRONG_LOGIN;
- if (is_callable($this->loginFailedCallback)) {
- call_user_func_array($this->loginFailedCallback, array($this->username, &$this));
- }
- }
-
- if ((empty($this->username) || !$login_ok) && $this->showLogin) {
- if (is_callable($this->loginFunction)) {
- call_user_func_array($this->loginFunction, array($this->username, $this->status, &$this));
- } else {
- // BC fix Auth used to use drawLogin for this
- // call is sub classes implement this
- if (is_callable(array($this, 'drawLogin'))) {
- return $this->drawLogin($this->username, $this);
- }
-
- // New Login form
- include_once 'Auth/Frontend/Html.php';
- return Auth_Frontend_Html::render($this, $this->username);
- }
- } else {
- return;
- }
- }
-
- // }}}
- // {{{ setExpire()
-
- /**
- * Set the maximum expire time
- *
- * @param integer time in seconds
- * @param bool add time to current expire time or not
- * @return void
- * @access public
- */
- function setExpire($time, $add = false)
- {
- $add ? $this->expire += $time : $this->expire = $time;
- }
-
- // }}}
- // {{{ setIdle()
-
- /**
- * Set the maximum idle time
- *
- * @param integer time in seconds
- * @param bool add time to current maximum idle time or not
- * @return void
- * @access public
- */
- function setIdle($time, $add = false)
- {
- $add ? $this->idle += $time : $this->idle = $time;
- }
-
- // }}}
- // {{{ setSessionName()
-
- /**
- * Set name of the session to a customized value.
- *
- * If you are using multiple instances of PEAR::Auth
- * on the same domain, you can change the name of
- * session per application via this function.
- * This will chnage the name of the session variable
- * auth uses to store it's data in the session
- *
- * @param string New name for the session
- * @return void
- * @access public
- */
- function setSessionName($name = 'session')
- {
- $this->_sessionName = '_auth_'.$name;
- $this->session =& $_SESSION[$this->_sessionName];
- }
-
- // }}}
- // {{{ setShowLogin()
-
- /**
- * Should the login form be displayed if neccessary?
- *
- * @param bool show login form or not
- * @return void
- * @access public
- */
- function setShowLogin($showLogin = true)
- {
- $this->showLogin = $showLogin;
- }
-
- // }}}
- // {{{ setAllowLogin()
-
- /**
- * Should the login form be displayed if neccessary?
- *
- * @param bool show login form or not
- * @return void
- * @access public
- */
- function setAllowLogin($allowLogin = true)
- {
- $this->allowLogin = $allowLogin;
- }
-
- // }}}
- // {{{ setLoginCallback()
-
- /**
- * Register a callback function to be called on user login.
- * The function will receive two parameters, the username and a reference to the auth object.
- *
- * @param string callback function name
- * @return void
- * @see setLogoutCallback()
- * @access public
- */
- function setLoginCallback($loginCallback)
- {
- $this->loginCallback = $loginCallback;
- }
-
- // }}}
- // {{{ setFailedLoginCallback()
-
- /**
- * Register a callback function to be called on failed user login.
- * The function will receive a single parameter, the username and a reference to the auth object.
- *
- * @param string callback function name
- * @return void
- * @access public
- */
- function setFailedLoginCallback($loginFailedCallback)
- {
- $this->loginFailedCallback = $loginFailedCallback;
- }
-
- // }}}
- // {{{ setLogoutCallback()
-
- /**
- * Register a callback function to be called on user logout.
- * The function will receive three parameters, the username and a reference to the auth object.
- *
- * @param string callback function name
- * @return void
- * @see setLoginCallback()
- * @access public
- */
- function setLogoutCallback($logoutCallback)
- {
- $this->logoutCallback = $logoutCallback;
- }
-
- // }}}
- // {{{ setAuthData()
-
- /**
- * Register additional information that is to be stored
- * in the session.
- *
- * @param string Name of the data field
- * @param mixed Value of the data field
- * @param boolean Should existing data be overwritten? (default
- * is true)
- * @return void
- * @access public
- */
- function setAuthData($name, $value, $overwrite = true)
- {
- if (!empty($this->session['data'][$name]) && $overwrite == false) {
- return;
- }
- $this->session['data'][$name] = $value;
- }
-
- // }}}
- // {{{ getAuthData()
-
- /**
- * Get additional information that is stored in the session.
- *
- * If no value for the first parameter is passed, the method will
- * return all data that is currently stored.
- *
- * @param string Name of the data field
- * @return mixed Value of the data field.
- * @access public
- */
- function getAuthData($name = null)
- {
- if (!isset($this->session['data'])) {
- return null;
- }
- if(!isset($name)) {
- return $this->session['data'];
- }
- if (isset($name) && isset($this->session['data'][$name])) {
- return $this->session['data'][$name];
- }
- return null;
- }
-
- // }}}
- // {{{ setAuth()
-
- /**
- * Register variable in a session telling that the user
- * has logged in successfully
- *
- * @param string Username
- * @return void
- * @access public
- */
- function setAuth($username)
- {
-
- // #2021 - Change the session id to avoid session fixation attacks php 4.3.3 >
- session_regenerate_id(true);
-
- if (!isset($this->session) || !is_array($this->session)) {
- $this->session = array();
- }
-
- if (!isset($this->session['data'])) {
- $this->session['data'] = array();
- }
-
- $this->session['sessionip'] = isset($this->server['REMOTE_ADDR'])
- ? $this->server['REMOTE_ADDR']
- : '';
- $this->session['sessionuseragent'] = isset($this->server['HTTP_USER_AGENT'])
- ? $this->server['HTTP_USER_AGENT']
- : '';
-
- // This should be set by the container to something more safe
- // Like md5(passwd.microtime)
- if(empty($this->session['challengekey'])) {
- $this->session['challengekey'] = md5($username.microtime());
- }
-
- $this->session['challengecookie'] = md5($this->session['challengekey'].microtime());
- setcookie('authchallenge', $this->session['challengecookie']);
-
- $this->session['registered'] = true;
- $this->session['username'] = $username;
- $this->session['timestamp'] = time();
- $this->session['idle'] = time();
- }
-
- // }}}
- // {{{ setAdvancedSecurity()
-
- /**
- * Enables advanced security checks
- *
- * Currently only ip change and useragent change
- * are detected
- * @todo Add challenge cookies - Create a cookie which changes every time
- * and contains some challenge key which the server can verify with
- * a session var cookie might need to be crypted (user pass)
- * @param bool Enable or disable
- * @return void
- * @access public
- */
- function setAdvancedSecurity($flag=true)
- {
- $this->advancedsecurity = $flag;
- }
-
- // }}}
- // {{{ checkAuth()
-
- /**
- * Checks if there is a session with valid auth information.
- *
- * @access public
- * @return boolean Whether or not the user is authenticated.
- */
- function checkAuth()
- {
- $this->authChecks++;
- if (isset($this->session)) {
- // Check if authentication session is expired
- if ( $this->expire > 0
- && isset($this->session['timestamp'])
- && ($this->session['timestamp'] + $this->expire) < time()) {
- $this->expired = true;
- $this->status = AUTH_EXPIRED;
- $this->logout();
- return false;
- }
-
- // Check if maximum idle time is reached
- if ( $this->idle > 0
- && isset($this->session['idle'])
- && ($this->session['idle'] + $this->idle) < time()) {
- $this->idled = true;
- $this->status = AUTH_IDLED;
- $this->logout();
- return false;
- }
-
- if ( isset($this->session['registered'])
- && isset($this->session['username'])
- && $this->session['registered'] == true
- && $this->session['username'] != '') {
- Auth::updateIdle();
-
- if ($this->advancedsecurity) {
-
- // Only Generate the challenge once
- if($this->authChecks == 1) {
- $this->session['challengecookieold'] = $this->session['challengecookie'];
- $this->session['challengecookie'] = md5($this->session['challengekey'].microtime());
- setcookie('authchallenge', $this->session['challengecookie']);
- }
-
- // Check for ip change
- if ( isset($this->server['REMOTE_ADDR'])
- && $this->session['sessionip'] != $this->server['REMOTE_ADDR']) {
- // Check if the IP of the user has changed, if so we
- // assume a man in the middle attack and log him out
- $this->expired = true;
- $this->status = AUTH_SECURITY_BREACH;
- $this->logout();
- return false;
- }
-
- // Check for useragent change
- if ( isset($this->server['HTTP_USER_AGENT'])
- && $this->session['sessionuseragent'] != $this->server['HTTP_USER_AGENT']) {
- // Check if the User-Agent of the user has changed, if
- // so we assume a man in the middle attack and log him out
- $this->expired = true;
- $this->status = AUTH_SECURITY_BREACH;
- $this->logout();
- return false;
- }
-
- // Check challenge cookie here, if challengecookieold is not set
- // this is the first time and check is skipped
- // TODO when user open two pages similtaneuly (open in new window,open
- // in tab) auth breach is caused find out a way around that if possible
- if ( isset($this->session['challengecookieold'])
- && $this->session['challengecookieold'] != $this->cookie['authchallenge']) {
- $this->expired = true;
- $this->status = AUTH_SECURITY_BREACH;
- $this->logout();
- $this->login();
- return false;
- }
- }
-
- return true;
- }
- }
- return false;
- }
-
- // }}}
- // {{{ staticCheckAuth() [static]
-
- /**
- * Statically checks if there is a session with valid auth information.
- *
- * @access public
- * @see checkAuth
- * @return boolean Whether or not the user is authenticated.
- * @static
- */
- function staticCheckAuth($options = null)
- {
- static $staticAuth;
- if(!isset($staticAuth)) {
- $staticAuth = new Auth('null', $options);
- }
- return $staticAuth->checkAuth();
- }
-
- // }}}
- // {{{ getAuth()
-
- /**
- * Has the user been authenticated?
- *
- * @access public
- * @return bool True if the user is logged in, otherwise false.
- */
- function getAuth()
- {
- return $this->checkAuth();
- }
-
- // }}}
- // {{{ logout()
-
- /**
- * Logout function
- *
- * This function clears any auth tokens in the currently
- * active session and executes the logout callback function,
- * if any
- *
- * @access public
- * @return void
- */
- function logout()
- {
- if (is_callable($this->logoutCallback)) {
- call_user_func_array($this->logoutCallback, array($this->session['username'], &$this));
- }
-
- $this->username = '';
- $this->password = '';
-
- $this->session = null;
- }
-
- // }}}
- // {{{ updateIdle()
-
- /**
- * Update the idletime
- *
- * @access private
- * @return void
- */
- function updateIdle()
- {
- $this->session['idle'] = time();
- }
-
- // }}}
- // {{{ getUsername()
-
- /**
- * Get the username
- *
- * @return string
- * @access public
- */
- function getUsername()
- {
- if (isset($this->session['username'])) {
- return($this->session['username']);
- }
- return('');
- }
-
- // }}}
- // {{{ getStatus()
-
- /**
- * Get the current status
- *
- * @return string
- * @access public
- */
- function getStatus()
- {
- return $this->status;
- }
-
- // }}}
- // {{{ getPostUsernameField()
-
- /**
- * Gets the post varible used for the username
- *
- * @return string
- * @access public
- */
- function getPostUsernameField()
- {
- return($this->_postUsername);
- }
-
- // }}}
- // {{{ getPostPasswordField()
-
- /**
- * Gets the post varible used for the username
- *
- * @return string
- * @access public
- */
- function getPostPasswordField()
- {
- return($this->_postPassword);
- }
-
- // }}}
- // {{{ sessionValidThru()
-
- /**
- * Returns the time up to the session is valid
- *
- * @access public
- * @return integer
- */
- function sessionValidThru()
- {
- if (!isset($this->session['idle'])) {
- return 0;
- }
- if ($this->idle == 0) {
- return 0;
- }
- return ($this->session['idle'] + $this->idle);
- }
-
- // }}}
- // {{{ listUsers()
-
- /**
- * List all users that are currently available in the storage
- * container
- *
- * @access public
- * @return array
- */
- function listUsers()
- {
- $this->_loadStorage();
- return $this->storage->listUsers();
- }
-
- // }}}
- // {{{ addUser()
-
- /**
- * Add user to the storage container
- *
- * @access public
- * @param string Username
- * @param string Password
- * @param mixed Additional parameters
- * @return mixed True on success, PEAR error object on error
- * and AUTH_METHOD_NOT_SUPPORTED otherwise.
- */
- function addUser($username, $password, $additional = '')
- {
- $this->_loadStorage();
- return $this->storage->addUser($username, $password, $additional);
- }
-
- // }}}
- // {{{ removeUser()
-
- /**
- * Remove user from the storage container
- *
- * @access public
- * @param string Username
- * @return mixed True on success, PEAR error object on error
- * and AUTH_METHOD_NOT_SUPPORTED otherwise.
- */
- function removeUser($username)
- {
- $this->_loadStorage();
- return $this->storage->removeUser($username);
- }
-
- // }}}
- // {{{ changePassword()
-
- /**
- * Change password for user in the storage container
- *
- * @access public
- * @param string Username
- * @param string The new password
- * @return mixed True on success, PEAR error object on error
- * and AUTH_METHOD_NOT_SUPPORTED otherwise.
- */
- function changePassword($username, $password)
- {
- $this->_loadStorage();
- return $this->storage->changePassword($username, $password);
- }
-
- // }}}
-
-}
-?>