mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-12 09:34:54 +02:00
Code Issues Releases Wiki Activity

Renormalized all text file line endings

Browse Source
This commit is contained in:
Deltik
2019-03-29 19:13:32 -05:00
parent 6fd0a6a8a2
commit 1f824faa69
180 changed files with 77527 additions and 77527 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1166
e107_plugins/alt_auth/alt_auth_adminmenu.php
View File

File diff suppressed because it is too large Load Diff

488
e107_plugins/alt_auth/alt_auth_conf.php
View File

@@ -1,245 +1,245 @@
<?php
/*
* e107 website system
*
* Copyright (C) 2008-2011 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Alt_auth plugin - general configuration
*
* $URL$
* $Id$
*
*/
/**
* e107 Alternate authorisation plugin
*
* @package e107_plugins
* @subpackage alt_auth
* @version $Id$;
*/
/*
@todo:
1. Change prefs handling
2. Change admin log references
*/
$eplug_admin = true;
require_once('../../class2.php');
if(!getperms('P') || !e107::isInstalled('alt_auth'))
{
e107::redirect('admin');
exit();
}
require_once(e_HANDLER.'form_handler.php');
$frm = e107::getForm();
require_once(e_ADMIN.'auth.php');
e107::includeLan(e_PLUGIN.'alt_auth/languages/'.e_LANGUAGE.'/admin_alt_auth.php');
define('ALT_AUTH_ACTION', 'main');
require_once(e_PLUGIN.'alt_auth/alt_auth_adminmenu.php');
require_once(e_HANDLER.'user_extended_class.php');
$euf = new e107_user_extended;
$pref = e107::pref('core');
if(isset($_POST['updateprefs']))
{
unset($temp);
$temp['auth_method'] = $tp->toDB($_POST['auth_method']);
$temp['auth_noconn'] = intval($_POST['auth_noconn']);
$temp['auth_method2'] = $tp->toDB($_POST['auth_method2']);
$temp['auth_badpassword'] = intval($_POST['auth_badpassword']);
if ($admin_log->logArrayDiffs($temp, $pref, 'AUTH_01'))
{
e107::getConfig('core')->setPref($temp)->save(false);
header('location:'.e_SELF);
exit;
}
}
if(isset($_POST['updateeufs']))
{
$authExtended = array();
foreach ($_POST['auth_euf_include'] as $au)
{
$authExtended[] = trim($tp->toDB($au));
}
$au = implode(',',$authExtended);
if ($au != $pref['auth_extended'])
{
$pref['auth_extended'] = $au; // @TODO:
save_prefs();
e107::getLog()->add('AUTH_02',$au,'');
}
}
// Avoid need for lots of checks later
if (!isset($pref['auth_badpassword'])) $pref['auth_badpassword'] = 0;
if (!isset($pref['auth_noconn'])) $pref['auth_noconn'] = 0;
// Convert prefs
if (isset($pref['auth_nouser']))
{
$pref['auth_method2'] = 'none'; // Default to no fallback
if ($pref['auth_nouser'])
{
$pref['auth_method2'] = 'e107';
}
unset($pref['auth_nouser']);
if (!isset($pref['auth_badpassword'])) $pref['auth_badpassword'] = 0;
save_prefs(); // @TODO
}
$authlist = alt_auth_admin::alt_auth_get_authlist();
if (isset($pref['auth_extended']))
{
$authExtended = explode(',',$pref['auth_extended']);
}
else
{
$pref['auth_extended'] = '';
$authExtended = array();
}
if(e107::getDb()->getPDO() === false)
{
$mess = "PDO is required to use alt-auth. To enable add: <code>define('e_PDO', true);</code> to e107_config.php.<br />
<small>Warning: If PDO is not correctly configured on your server then your site may fail to connect with the database.</small>";
echo e107::getMessage()->addInfo($mess)->render();
}
if(!empty($message))
{
echo e107::getMessage()->addSuccess($message)->render();
}
$altAuthAdmin = new alt_auth_admin();
$text = "
<div>
<form method='post' action='".e_SELF."'>
<table class='table adminform'>
<colgroup span='2'>
<col class='col-label' />
<col class='col-control' />
</colgroup>
<tr>
<td>".LAN_ALT_1.": </td>
<td>".
$altAuthAdmin->alt_auth_get_dropdown('auth_method', $pref['auth_method'], 'e107')."
</td>
</tr>
<tr>
<td>".LAN_ALT_78.":<br /></td>
<td>
<select class='tbox' name='auth_badpassword'>";
$sel = (!$pref['auth_badpassword'] ? "" : " selected = 'selected' ");
$text .= "<option value='0' {$sel} >".LAN_ALT_FAIL."</option>";
$sel = ($pref['auth_badpassword'] ? " selected = 'selected' " : "");
$text .= "<option value='1' {$sel} >".LAN_ALT_FALLBACK."</option>
</select><div class='smalltext field-help'>".LAN_ALT_79."</div>
</td>
</tr>
<tr>
<td>".LAN_ALT_6.":<br /></td>
<td>
<select class='tbox' name='auth_noconn'>";
$sel = (!$pref['auth_noconn'] ? '' : " selected = 'selected' ");
$text .= "<option value='0' {$sel} >".LAN_ALT_FAIL."</option>";
$sel = ($pref['auth_noconn'] ? " selected = 'selected' " : '');
$text .= "<option value='1' {$sel} >".LAN_ALT_FALLBACK."</option>
</select><div class='smalltext field-help'>".LAN_ALT_7."</div>
</td>
</tr>
<tr>
<td>".LAN_ALT_8.":<br />
</td>
<td>".$altAuthAdmin->alt_auth_get_dropdown('auth_method2', $pref['auth_method2'], 'none')."
<div class='smalltext field-help'>".LAN_ALT_9."</div>
</td>
</tr>
</table>
<div class='buttons-bar center'>".
$frm->admin_button('updateprefs',LAN_UPDATE,'update')."
</div>
</form>
</div>";
$ns = e107::getRender();
$ns->tablerender(LAN_ALT_3, $text);
if ($euf->userCount)
{
e107::includeLan(e_LANGUAGEDIR.e_LANGUAGE.'/lan_user_extended.php');
$fl = &$euf->fieldDefinitions;
$text = "<div>
<form method='post' action='".e_SELF."'>
<table class='table adminlist'>
<colgroup>
<col style='width:10%' />
<col style='width:30%' />
<col style='width:40%' />
<col style='width:20%' />
</colgroup>\n";
$text .= "<thead><tr>
<th class='center'>".LAN_ALT_61."</th>
<th>".LAN_ALT_62."</th>
<th>".LAN_ALT_63."</th>
<th>".LAN_ALT_64."</th>
</tr>
</thead>
<tbody>";
foreach ($fl as $f)
{
$checked = (in_array($f['user_extended_struct_name'], $authExtended) ? " checked='checked'" : '');
$text .= "<tr>
<td class='center'><input type='checkbox' name='auth_euf_include[]' value='{$f['user_extended_struct_name']}'{$checked} /></td>
<td>{$f['user_extended_struct_name']}</td>
<td>".$tp->toHTML($f['user_extended_struct_text'],FALSE,'TITLE')."</td>
<td>{$euf->user_extended_types[$f['user_extended_struct_type']]}</td></tr>\n";
}
$text .= "</tbody>
</table><div class='buttons-bar center'>
".$frm->admin_button('updateeufs',LAN_UPDATE,'update')."
</div>
</form>
</div>";
e107::getRender()->tablerender(LAN_ALT_60, $text);
}
require_once(e_ADMIN.'footer.php');
function alt_auth_conf_adminmenu()
{
alt_auth_adminmenu();
}
<?php
/*
* e107 website system
*
* Copyright (C) 2008-2011 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Alt_auth plugin - general configuration
*
* $URL$
* $Id$
*
*/
/**
* e107 Alternate authorisation plugin
*
* @package e107_plugins
* @subpackage alt_auth
* @version $Id$;
*/
/*
@todo:
1. Change prefs handling
2. Change admin log references
*/
$eplug_admin = true;
require_once('../../class2.php');
if(!getperms('P') || !e107::isInstalled('alt_auth'))
{
e107::redirect('admin');
exit();
}
require_once(e_HANDLER.'form_handler.php');
$frm = e107::getForm();
require_once(e_ADMIN.'auth.php');
e107::includeLan(e_PLUGIN.'alt_auth/languages/'.e_LANGUAGE.'/admin_alt_auth.php');
define('ALT_AUTH_ACTION', 'main');
require_once(e_PLUGIN.'alt_auth/alt_auth_adminmenu.php');
require_once(e_HANDLER.'user_extended_class.php');
$euf = new e107_user_extended;
$pref = e107::pref('core');
if(isset($_POST['updateprefs']))
{
unset($temp);
$temp['auth_method'] = $tp->toDB($_POST['auth_method']);
$temp['auth_noconn'] = intval($_POST['auth_noconn']);
$temp['auth_method2'] = $tp->toDB($_POST['auth_method2']);
$temp['auth_badpassword'] = intval($_POST['auth_badpassword']);
if ($admin_log->logArrayDiffs($temp, $pref, 'AUTH_01'))
{
e107::getConfig('core')->setPref($temp)->save(false);
header('location:'.e_SELF);
exit;
}
}
if(isset($_POST['updateeufs']))
{
$authExtended = array();
foreach ($_POST['auth_euf_include'] as $au)
{
$authExtended[] = trim($tp->toDB($au));
}
$au = implode(',',$authExtended);
if ($au != $pref['auth_extended'])
{
$pref['auth_extended'] = $au; // @TODO:
save_prefs();
e107::getLog()->add('AUTH_02',$au,'');
}
}
// Avoid need for lots of checks later
if (!isset($pref['auth_badpassword'])) $pref['auth_badpassword'] = 0;
if (!isset($pref['auth_noconn'])) $pref['auth_noconn'] = 0;
// Convert prefs
if (isset($pref['auth_nouser']))
{
$pref['auth_method2'] = 'none'; // Default to no fallback
if ($pref['auth_nouser'])
{
$pref['auth_method2'] = 'e107';
}
unset($pref['auth_nouser']);
if (!isset($pref['auth_badpassword'])) $pref['auth_badpassword'] = 0;
save_prefs(); // @TODO
}
$authlist = alt_auth_admin::alt_auth_get_authlist();
if (isset($pref['auth_extended']))
{
$authExtended = explode(',',$pref['auth_extended']);
}
else
{
$pref['auth_extended'] = '';
$authExtended = array();
}
if(e107::getDb()->getPDO() === false)
{
$mess = "PDO is required to use alt-auth. To enable add: <code>define('e_PDO', true);</code> to e107_config.php.<br />
<small>Warning: If PDO is not correctly configured on your server then your site may fail to connect with the database.</small>";
echo e107::getMessage()->addInfo($mess)->render();
}
if(!empty($message))
{
echo e107::getMessage()->addSuccess($message)->render();
}
$altAuthAdmin = new alt_auth_admin();
$text = "
<div>
<form method='post' action='".e_SELF."'>
<table class='table adminform'>
<colgroup span='2'>
<col class='col-label' />
<col class='col-control' />
</colgroup>
<tr>
<td>".LAN_ALT_1.": </td>
<td>".
$altAuthAdmin->alt_auth_get_dropdown('auth_method', $pref['auth_method'], 'e107')."
</td>
</tr>
<tr>
<td>".LAN_ALT_78.":<br /></td>
<td>
<select class='tbox' name='auth_badpassword'>";
$sel = (!$pref['auth_badpassword'] ? "" : " selected = 'selected' ");
$text .= "<option value='0' {$sel} >".LAN_ALT_FAIL."</option>";
$sel = ($pref['auth_badpassword'] ? " selected = 'selected' " : "");
$text .= "<option value='1' {$sel} >".LAN_ALT_FALLBACK."</option>
</select><div class='smalltext field-help'>".LAN_ALT_79."</div>
</td>
</tr>
<tr>
<td>".LAN_ALT_6.":<br /></td>
<td>
<select class='tbox' name='auth_noconn'>";
$sel = (!$pref['auth_noconn'] ? '' : " selected = 'selected' ");
$text .= "<option value='0' {$sel} >".LAN_ALT_FAIL."</option>";
$sel = ($pref['auth_noconn'] ? " selected = 'selected' " : '');
$text .= "<option value='1' {$sel} >".LAN_ALT_FALLBACK."</option>
</select><div class='smalltext field-help'>".LAN_ALT_7."</div>
</td>
</tr>
<tr>
<td>".LAN_ALT_8.":<br />
</td>
<td>".$altAuthAdmin->alt_auth_get_dropdown('auth_method2', $pref['auth_method2'], 'none')."
<div class='smalltext field-help'>".LAN_ALT_9."</div>
</td>
</tr>
</table>
<div class='buttons-bar center'>".
$frm->admin_button('updateprefs',LAN_UPDATE,'update')."
</div>
</form>
</div>";
$ns = e107::getRender();
$ns->tablerender(LAN_ALT_3, $text);
if ($euf->userCount)
{
e107::includeLan(e_LANGUAGEDIR.e_LANGUAGE.'/lan_user_extended.php');
$fl = &$euf->fieldDefinitions;
$text = "<div>
<form method='post' action='".e_SELF."'>
<table class='table adminlist'>
<colgroup>
<col style='width:10%' />
<col style='width:30%' />
<col style='width:40%' />
<col style='width:20%' />
</colgroup>\n";
$text .= "<thead><tr>
<th class='center'>".LAN_ALT_61."</th>
<th>".LAN_ALT_62."</th>
<th>".LAN_ALT_63."</th>
<th>".LAN_ALT_64."</th>
</tr>
</thead>
<tbody>";
foreach ($fl as $f)
{
$checked = (in_array($f['user_extended_struct_name'], $authExtended) ? " checked='checked'" : '');
$text .= "<tr>
<td class='center'><input type='checkbox' name='auth_euf_include[]' value='{$f['user_extended_struct_name']}'{$checked} /></td>
<td>{$f['user_extended_struct_name']}</td>
<td>".$tp->toHTML($f['user_extended_struct_text'],FALSE,'TITLE')."</td>
<td>{$euf->user_extended_types[$f['user_extended_struct_type']]}</td></tr>\n";
}
$text .= "</tbody>
</table><div class='buttons-bar center'>
".$frm->admin_button('updateeufs',LAN_UPDATE,'update')."
</div>
</form>
</div>";
e107::getRender()->tablerender(LAN_ALT_60, $text);
}
require_once(e_ADMIN.'footer.php');
function alt_auth_conf_adminmenu()
{
alt_auth_adminmenu();
}
?>

590
e107_plugins/alt_auth/alt_auth_login_class.php
View File

@@ -1,296 +1,296 @@
<?php
/*
* e107 website system
*
* Copyright (C) 2008-2011 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Alternate login
*
* $URL$
* $Id$
*
*/
/**
* e107 Alternate authorisation plugin
*
* @package e107_plugins
* @subpackage alt_auth
* @version $Id$;
*/
define('AA_DEBUG',FALSE);
define('AA_DEBUG1',FALSE);
//TODO convert to class constants (but may be more useful as globals, perhaps within a general login manager scheme)
define('AUTH_SUCCESS', -1);
define('AUTH_NOUSER', 1);
define('AUTH_BADPASSWORD', 2);
define('AUTH_NOCONNECT', 3);
define('AUTH_UNKNOWN', 4);
define('AUTH_NOT_AVAILABLE', 5);
define('AUTH_NORESOURCE', 6); // Used to indicate, for example, that a required PHP module isn't loaded
/**
* Methods used by a number of alt_auth classes.
* The login authorisation classes are descendants of this one.
* Admin functions also use it - a little extra overhead by including this file, but less of a problem for admin
*/
class alt_auth_base
{
public function __construct()
{
}
/**
* Get configuration parameters for an authentication method
*
* @param string $prefix - the method
*
* @return array
*/
public function altAuthGetParams($prefix)
{
$sql = e107::getDb();
$sql->db_Select('alt_auth', '*', "auth_type = '".$prefix."' ");
$parm = array();
while($row = $sql->db_Fetch())
{
$parm[$row['auth_parmname']] = base64_decode(base64_decode($row['auth_parmval']));
}
return $parm;
}
}
class alt_login
{
protected $e107;
public $loginResult = false;
public function __construct($method, &$username, &$userpass)
{
$this->e107 = e107::getInstance();
$newvals=array();
if ($method == 'none')
{
$this->loginResult = AUTH_NOCONNECT;
return;
}
require_once(e_PLUGIN.'alt_auth/'.$method.'_auth.php');
$_login = new auth_login;
if(isset($_login->Available) && ($_login->Available === FALSE))
{ // Relevant auth method not available (e.g. PHP extension not loaded)
$this->loginResult = AUTH_NOT_AVAILABLE;
return;
}
$login_result = $_login->login($username, $userpass, $newvals, FALSE);
if($login_result === AUTH_SUCCESS )
{
require_once (e_HANDLER.'user_handler.php');
require_once(e_HANDLER.'validator_class.php');
if (MAGIC_QUOTES_GPC == FALSE)
{
$username = mysql_real_escape_string($username);
}
$username = preg_replace("/\sOR\s|\=|\#/", "", $username);
$username = substr($username, 0, e107::getPref('loginname_maxlength'));
$aa_sql = e107::getDb('aa');
$userMethods = new UserHandler;
$db_vals = array('user_password' => $aa_sql->escape($userMethods->HashPassword($userpass,$username)));
$xFields = array(); // Possible extended user fields
// See if any of the fields need processing before save
if (isset($_login->copyMethods) && count($_login->copyMethods))
{
foreach ($newvals as $k => $v)
{
if (isset($_login->copyMethods[$k]))
{
$newvals[$k] = $this->translate($_login->copyMethods[$k], $v);
if (AA_DEBUG1) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth convert",$k.': '.$v.'=>'.$newvals[$k],FALSE,LOG_TO_ROLLING);
}
}
}
foreach ($newvals as $k => $v)
{
if (strpos($k,'x_') === 0)
{ // Extended field
$k = substr($k,2);
$xFields['user_'.$k] = $v;
}
else
{ // Normal user table
if (strpos($k,'user_' !== 0)) $k = 'user_'.$k; // translate the field names (but latest handlers don't need translation)
$db_vals[$k] = $v;
}
}
$ulogin = new userlogin();
if (count($xFields))
{ // We're going to have to do something with extended fields as well - make sure there's an object
require_once (e_HANDLER.'user_extended_class.php');
$ue = new e107_user_extended;
$q =
$qry = "SELECT u.user_id,u.".implode(',u.',array_keys($db_vals)).", ue.user_extended_id, ue.".implode(',ue.',array_keys($xFields))." FROM `#user` AS u
LEFT JOIN `#user_extended` AS ue ON ue.user_extended_id = u.user_id
WHERE ".$ulogin->getLookupQuery($username, FALSE, 'u.');
if (AA_DEBUG) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth login","Query: {$qry}[!br!]".print_r($xFields,TRUE),FALSE,LOG_TO_ROLLING);
}
else
{
$qry = "SELECT * FROM `#user` WHERE ".$ulogin->getLookupQuery($username, FALSE);
}
if($aa_sql -> db_Select_gen($qry))
{ // Existing user - get current data, see if any changes
$row = $aa_sql->db_Fetch();
foreach ($db_vals as $k => $v)
{
if ($row[$k] == $v) unset($db_vals[$k]);
}
if (count($db_vals))
{
$newUser = array();
$newUser['data'] = $db_vals;
validatorClass::addFieldTypes($userMethods->userVettingInfo,$newUser);
$newUser['WHERE'] = '`user_id`='.$row['user_id'];
$aa_sql->db_Update('user',$newUser);
if (AA_DEBUG1) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth login","User data update: ".print_r($newUser,TRUE),FALSE,LOG_TO_ROLLING);
}
foreach ($xFields as $k => $v)
{
if ($row[$k] == $v) unset($xFields[$k]);
}
if (AA_DEBUG1) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth login","User data read: ".print_r($row,TRUE)."[!br!]".print_r($xFields,TRUE),FALSE,LOG_TO_ROLLING);
if (AA_DEBUG) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth login","User xtnd read: ".print_r($xFields,TRUE),FALSE,LOG_TO_ROLLING);
if (count($xFields))
{
$xArray = array();
$xArray['data'] = $xFields;
if ($row['user_extended_id'])
{
$ue->addFieldTypes($xArray); // Add in the data types for storage
$xArray['WHERE'] = '`user_extended_id`='.intval($row['user_id']);
if (AA_DEBUG) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth login","User xtnd update: ".print_r($xFields,TRUE),FALSE,LOG_TO_ROLLING);
$aa_sql->db_Update('user_extended',$xArray );
}
else
{ // Never been an extended user fields record for this user
$xArray['data']['user_extended_id'] = $row['user_id'];
$ue->addDefaultFields($xArray); // Add in the data types for storage, plus any default values
if (AA_DEBUG) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth login","Write new extended record".print_r($xFields,TRUE),FALSE,LOG_TO_ROLLING);
$aa_sql->db_Insert('user_extended',$xArray);
}
}
}
else
{ // Just add a new user
if (AA_DEBUG) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth login","Add new user: ".print_r($db_vals,TRUE)."[!br!]".print_r($xFields,TRUE),FALSE,LOG_TO_ROLLING);
if (!isset($db_vals['user_name'])) $db_vals['user_name'] = $username;
if (!isset($db_vals['user_loginname'])) $db_vals['user_loginname'] = $username;
if (!isset($db_vals['user_join'])) $db_vals['user_join'] = time();
$db_vals['user_class'] = e107::getPref('initial_user_classes');
if (!isset($db_vals['user_signature'])) $db_vals['user_signature'] = '';
if (!isset($db_vals['user_prefs'])) $db_vals['user_prefs'] = '';
if (!isset($db_vals['user_perms'])) $db_vals['user_perms'] = '';
$userMethods->userClassUpdate($db_vals, 'userall');
$newUser = array();
$newUser['data'] = $db_vals;
$userMethods->addNonDefaulted($newUser);
validatorClass::addFieldTypes($userMethods->userVettingInfo,$newUser);
$newID = $aa_sql->insert('user',$newUser);
if ($newID !== FALSE)
{
if (count($xFields))
{
$xFields['user_extended_id'] = $newID;
$xArray = array();
$xArray['data'] = $xFields;
e107::getUserExt()->addDefaultFields($xArray); // Add in the data types for storage, plus any default values
$result = $aa_sql->insert('user_extended',$xArray);
if (AA_DEBUG) e107::getLog()->e_log_event(10,debug_backtrace(),'DEBUG','Alt auth login',"Add extended: UID={$newID} result={$result}",FALSE,LOG_TO_ROLLING);
}
}
else
{ // Error adding user to database - possibly a conflict on unique fields
$this->e107->admin_log->e_log_event(10,__FILE__.'|'.__FUNCTION__.'@'.__LINE__,'ALT_AUTH','Alt auth login','Add user fail: DB Error '.$aa_sql->getLastErrorText()."[!br!]".print_r($db_vals,TRUE),FALSE,LOG_TO_ROLLING);
$this->loginResult = LOGIN_DB_ERROR;
return;
}
}
$this->loginResult = LOGIN_CONTINUE;
return;
}
else
{ // Failure modes
switch($login_result)
{
case AUTH_NOCONNECT:
if(varset(e107::getPref('auth_noconn'), TRUE))
{
$this->loginResult = LOGIN_TRY_OTHER;
return;
}
$username=md5('xx_noconn_xx');
$this->loginResult = LOGIN_ABORT;
return;
case AUTH_BADPASSWORD:
if(varset(e107::getPref('auth_badpassword'), TRUE))
{
$this->loginResult = LOGIN_TRY_OTHER;
return;
}
$userpass=md5('xx_badpassword_xx');
$this->loginResult = LOGIN_ABORT; // Not going to magically be able to log in!
return;
}
}
$this->loginResult = LOGIN_ABORT; // catch-all just in case
return;
}
// Function to implement copy methods
public function translate($method, $word)
{
$tp = e107::getParser();
switch ($method)
{
case 'bool1' :
switch ($tp->ustrtoupper($word))
{
case 'TRUE' : return TRUE;
case 'FALSE' : return FALSE;
}
return $word;
case 'ucase' :
return $tp->ustrtoupper($word);
case 'lcase' :
return $tp->ustrtolower($word);
case 'ucfirst' :
return ucfirst($word); // TODO: Needs changing to utf-8 function
case 'ucwords' :
return ucwords($word); // TODO: Needs changing to utf-8 function
case 'none' :
return $word;
}
}
}
<?php
/*
* e107 website system
*
* Copyright (C) 2008-2011 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Alternate login
*
* $URL$
* $Id$
*
*/
/**
* e107 Alternate authorisation plugin
*
* @package e107_plugins
* @subpackage alt_auth
* @version $Id$;
*/
define('AA_DEBUG',FALSE);
define('AA_DEBUG1',FALSE);
//TODO convert to class constants (but may be more useful as globals, perhaps within a general login manager scheme)
define('AUTH_SUCCESS', -1);
define('AUTH_NOUSER', 1);
define('AUTH_BADPASSWORD', 2);
define('AUTH_NOCONNECT', 3);
define('AUTH_UNKNOWN', 4);
define('AUTH_NOT_AVAILABLE', 5);
define('AUTH_NORESOURCE', 6); // Used to indicate, for example, that a required PHP module isn't loaded
/**
* Methods used by a number of alt_auth classes.
* The login authorisation classes are descendants of this one.
* Admin functions also use it - a little extra overhead by including this file, but less of a problem for admin
*/
class alt_auth_base
{
public function __construct()
{
}
/**
* Get configuration parameters for an authentication method
*
* @param string $prefix - the method
*
* @return array
*/
public function altAuthGetParams($prefix)
{
$sql = e107::getDb();
$sql->db_Select('alt_auth', '*', "auth_type = '".$prefix."' ");
$parm = array();
while($row = $sql->db_Fetch())
{
$parm[$row['auth_parmname']] = base64_decode(base64_decode($row['auth_parmval']));
}
return $parm;
}
}
class alt_login
{
protected $e107;
public $loginResult = false;
public function __construct($method, &$username, &$userpass)
{
$this->e107 = e107::getInstance();
$newvals=array();
if ($method == 'none')
{
$this->loginResult = AUTH_NOCONNECT;
return;
}
require_once(e_PLUGIN.'alt_auth/'.$method.'_auth.php');
$_login = new auth_login;
if(isset($_login->Available) && ($_login->Available === FALSE))
{ // Relevant auth method not available (e.g. PHP extension not loaded)
$this->loginResult = AUTH_NOT_AVAILABLE;
return;
}
$login_result = $_login->login($username, $userpass, $newvals, FALSE);
if($login_result === AUTH_SUCCESS )
{
require_once (e_HANDLER.'user_handler.php');
require_once(e_HANDLER.'validator_class.php');
if (MAGIC_QUOTES_GPC == FALSE)
{
$username = mysql_real_escape_string($username);
}
$username = preg_replace("/\sOR\s|\=|\#/", "", $username);
$username = substr($username, 0, e107::getPref('loginname_maxlength'));
$aa_sql = e107::getDb('aa');
$userMethods = new UserHandler;
$db_vals = array('user_password' => $aa_sql->escape($userMethods->HashPassword($userpass,$username)));
$xFields = array(); // Possible extended user fields
// See if any of the fields need processing before save
if (isset($_login->copyMethods) && count($_login->copyMethods))
{
foreach ($newvals as $k => $v)
{
if (isset($_login->copyMethods[$k]))
{
$newvals[$k] = $this->translate($_login->copyMethods[$k], $v);
if (AA_DEBUG1) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth convert",$k.': '.$v.'=>'.$newvals[$k],FALSE,LOG_TO_ROLLING);
}
}
}
foreach ($newvals as $k => $v)
{
if (strpos($k,'x_') === 0)
{ // Extended field
$k = substr($k,2);
$xFields['user_'.$k] = $v;
}
else
{ // Normal user table
if (strpos($k,'user_' !== 0)) $k = 'user_'.$k; // translate the field names (but latest handlers don't need translation)
$db_vals[$k] = $v;
}
}
$ulogin = new userlogin();
if (count($xFields))
{ // We're going to have to do something with extended fields as well - make sure there's an object
require_once (e_HANDLER.'user_extended_class.php');
$ue = new e107_user_extended;
$q =
$qry = "SELECT u.user_id,u.".implode(',u.',array_keys($db_vals)).", ue.user_extended_id, ue.".implode(',ue.',array_keys($xFields))." FROM `#user` AS u
LEFT JOIN `#user_extended` AS ue ON ue.user_extended_id = u.user_id
WHERE ".$ulogin->getLookupQuery($username, FALSE, 'u.');
if (AA_DEBUG) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth login","Query: {$qry}[!br!]".print_r($xFields,TRUE),FALSE,LOG_TO_ROLLING);
}
else
{
$qry = "SELECT * FROM `#user` WHERE ".$ulogin->getLookupQuery($username, FALSE);
}
if($aa_sql -> db_Select_gen($qry))
{ // Existing user - get current data, see if any changes
$row = $aa_sql->db_Fetch();
foreach ($db_vals as $k => $v)
{
if ($row[$k] == $v) unset($db_vals[$k]);
}
if (count($db_vals))
{
$newUser = array();
$newUser['data'] = $db_vals;
validatorClass::addFieldTypes($userMethods->userVettingInfo,$newUser);
$newUser['WHERE'] = '`user_id`='.$row['user_id'];
$aa_sql->db_Update('user',$newUser);
if (AA_DEBUG1) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth login","User data update: ".print_r($newUser,TRUE),FALSE,LOG_TO_ROLLING);
}
foreach ($xFields as $k => $v)
{
if ($row[$k] == $v) unset($xFields[$k]);
}
if (AA_DEBUG1) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth login","User data read: ".print_r($row,TRUE)."[!br!]".print_r($xFields,TRUE),FALSE,LOG_TO_ROLLING);
if (AA_DEBUG) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth login","User xtnd read: ".print_r($xFields,TRUE),FALSE,LOG_TO_ROLLING);
if (count($xFields))
{
$xArray = array();
$xArray['data'] = $xFields;
if ($row['user_extended_id'])
{
$ue->addFieldTypes($xArray); // Add in the data types for storage
$xArray['WHERE'] = '`user_extended_id`='.intval($row['user_id']);
if (AA_DEBUG) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth login","User xtnd update: ".print_r($xFields,TRUE),FALSE,LOG_TO_ROLLING);
$aa_sql->db_Update('user_extended',$xArray );
}
else
{ // Never been an extended user fields record for this user
$xArray['data']['user_extended_id'] = $row['user_id'];
$ue->addDefaultFields($xArray); // Add in the data types for storage, plus any default values
if (AA_DEBUG) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth login","Write new extended record".print_r($xFields,TRUE),FALSE,LOG_TO_ROLLING);
$aa_sql->db_Insert('user_extended',$xArray);
}
}
}
else
{ // Just add a new user
if (AA_DEBUG) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth login","Add new user: ".print_r($db_vals,TRUE)."[!br!]".print_r($xFields,TRUE),FALSE,LOG_TO_ROLLING);
if (!isset($db_vals['user_name'])) $db_vals['user_name'] = $username;
if (!isset($db_vals['user_loginname'])) $db_vals['user_loginname'] = $username;
if (!isset($db_vals['user_join'])) $db_vals['user_join'] = time();
$db_vals['user_class'] = e107::getPref('initial_user_classes');
if (!isset($db_vals['user_signature'])) $db_vals['user_signature'] = '';
if (!isset($db_vals['user_prefs'])) $db_vals['user_prefs'] = '';
if (!isset($db_vals['user_perms'])) $db_vals['user_perms'] = '';
$userMethods->userClassUpdate($db_vals, 'userall');
$newUser = array();
$newUser['data'] = $db_vals;
$userMethods->addNonDefaulted($newUser);
validatorClass::addFieldTypes($userMethods->userVettingInfo,$newUser);
$newID = $aa_sql->insert('user',$newUser);
if ($newID !== FALSE)
{
if (count($xFields))
{
$xFields['user_extended_id'] = $newID;
$xArray = array();
$xArray['data'] = $xFields;
e107::getUserExt()->addDefaultFields($xArray); // Add in the data types for storage, plus any default values
$result = $aa_sql->insert('user_extended',$xArray);
if (AA_DEBUG) e107::getLog()->e_log_event(10,debug_backtrace(),'DEBUG','Alt auth login',"Add extended: UID={$newID} result={$result}",FALSE,LOG_TO_ROLLING);
}
}
else
{ // Error adding user to database - possibly a conflict on unique fields
$this->e107->admin_log->e_log_event(10,__FILE__.'|'.__FUNCTION__.'@'.__LINE__,'ALT_AUTH','Alt auth login','Add user fail: DB Error '.$aa_sql->getLastErrorText()."[!br!]".print_r($db_vals,TRUE),FALSE,LOG_TO_ROLLING);
$this->loginResult = LOGIN_DB_ERROR;
return;
}
}
$this->loginResult = LOGIN_CONTINUE;
return;
}
else
{ // Failure modes
switch($login_result)
{
case AUTH_NOCONNECT:
if(varset(e107::getPref('auth_noconn'), TRUE))
{
$this->loginResult = LOGIN_TRY_OTHER;
return;
}
$username=md5('xx_noconn_xx');
$this->loginResult = LOGIN_ABORT;
return;
case AUTH_BADPASSWORD:
if(varset(e107::getPref('auth_badpassword'), TRUE))
{
$this->loginResult = LOGIN_TRY_OTHER;
return;
}
$userpass=md5('xx_badpassword_xx');
$this->loginResult = LOGIN_ABORT; // Not going to magically be able to log in!
return;
}
}
$this->loginResult = LOGIN_ABORT; // catch-all just in case
return;
}
// Function to implement copy methods
public function translate($method, $word)
{
$tp = e107::getParser();
switch ($method)
{
case 'bool1' :
switch ($tp->ustrtoupper($word))
{
case 'TRUE' : return TRUE;
case 'FALSE' : return FALSE;
}
return $word;
case 'ucase' :
return $tp->ustrtoupper($word);
case 'lcase' :
return $tp->ustrtolower($word);
case 'ucfirst' :
return ucfirst($word); // TODO: Needs changing to utf-8 function
case 'ucwords' :
return ucwords($word); // TODO: Needs changing to utf-8 function
case 'none' :
return $word;
}
}
}
?>

8
e107_plugins/alt_auth/alt_auth_sql.php
View File

@@ -1,5 +1,5 @@
CREATE TABLE alt_auth (
auth_type varchar(20) NOT NULL default '',
auth_parmname varchar(30) NOT NULL default '',
auth_parmval varchar(120) NOT NULL default ''
CREATE TABLE alt_auth (
auth_type varchar(20) NOT NULL default '',
auth_parmname varchar(30) NOT NULL default '',
auth_parmval varchar(120) NOT NULL default ''
) ENGINE=MyISAM;

394
e107_plugins/alt_auth/e107db_auth.php
View File

@@ -1,198 +1,198 @@
<?php
/*
* e107 website system
*
* Copyright (C) 2008-2012 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* e107 DB authorisation for alt_auth plugin
*
* $URL$
* $Id$
*/
/**
* e107 Alternate authorisation plugin
*
* @package e107_plugins
* @subpackage alt_auth
* @version $Id$;
*
* This connects to a 'foreign' e107 user database to validate the user
*/
/*
return values
AUTH_NOCONNECT = unable to connect to db
AUTH_NOUSER = user not found
AUTH_BADPASSWORD = supplied password incorrect
AUTH_SUCCESS = valid login
*/
class auth_login extends alt_auth_base
{
public $Available = FALSE; // Flag indicates whether DB connection available
public $ErrorText; // e107 error string on exit
private $conf; // Configuration parameters
/**
* Read configuration, initialise connection to remote e107 database
*
* @return AUTH_xxxx result code
*/
public function __construct()
{
$this->ErrorText = '';
$this->conf = $this->altAuthGetParams('e107db');
$this->Available = TRUE;
}
/**
* Retrieve and construct error strings
*
* @todo - test whether reconnect to DB is required (shouldn't be)
*/
private function makeErrorText($extra = '')
{
$this->ErrorText = $extra;
//global $mySQLserver, $mySQLuser, $mySQLpassword, $mySQLdefaultdb, $sql;
//$sql->db_Connect($mySQLserver, $mySQLuser, $mySQLpassword, $mySQLdefaultdb);
}
/**
* Validate login credentials
*
* @param string $uname - The user name requesting access
* @param string $pass - Password to use (usually plain text)
* @param pointer &$newvals - pointer to array to accept other data read from database
* @param boolean $connect_only - TRUE to simply connect to the database
*
* @return integer result (AUTH_xxxx)
*
* On a successful login, &$newvals array is filled with the requested data from the server
*/
public function login($uname, $pword, &$newvals, $connect_only = FALSE)
{
//Attempt to open connection to sql database
/* if(!$res = mysql_connect($this->conf['e107db_server'], $this->conf['e107db_username'], $this->conf['e107db_password']))
{
$this->makeErrorText('Cannot connect to remote server');
return AUTH_NOCONNECT;
}
if(!mysql_select_db($this->conf['e107db_database'], $res))
{
mysql_close($res);
$this->makeErrorText('Cannot connect to remote DB');
return AUTH_NOCONNECT;
}
if ($connect_only) return AUTH_SUCCESS; // Test mode may just want to connect to the DB
*/
// $dsn = 'mysql:dbname=' . $this->conf['e107db_database'] . ';host=' . $this->conf['e107db_server'];
$dsn = "mysql:host=".$this->conf['e107db_server'].";port=".varset($this->conf['e107db_port'],3306).";dbname=".$this->conf['e107db_database'];
try
{
$dbh = new PDO($dsn, $this->conf['e107db_username'], $this->conf['e107db_password']);
}
catch (PDOException $e)
{
$this->makeErrorText('Cannot connect to remote DB; PDOException message: ' . $e->getMessage());
return AUTH_NOCONNECT;
}
$sel_fields = array();
// Make an array of the fields we want from the source DB
foreach($this->conf as $k => $v)
{
if ($v && (strpos($k,'e107db_xf_') === 0))
{
$sel_fields[] = substr($k,strlen('e107db_xf_'));
}
}
$filterClass = intval(varset($this->conf['e107db_filter_class'], e_UC_PUBLIC));
if (($filterClass != e_UC_PUBLIC) && (!in_array('user_class',$sel_fields)))
{
$sel_fields[] = 'user_class';
}
$sel_fields[] = 'user_password';
$user_field = 'user_loginname';
//Get record containing supplied login name
$qry = 'SELECT '.implode(',',$sel_fields)." FROM ".$this->conf['e107db_prefix']."user WHERE {$user_field} = '{$uname}' AND `user_ban` = 0";
// echo "Query: {$qry}<br />";
if(!$r1 = $dbh->query($qry))
{
$this->makeErrorText('Lookup query failed');
e107::getMessage()->addDebug($qry);
return AUTH_NOCONNECT;
}
if (!$row = $r1->fetch(PDO::FETCH_BOTH))
{
$this->makeErrorText('User not found');
return AUTH_NOUSER;
}
// mysql_close($res); // Finished with 'foreign' DB now
// Got something from the DB - see whether password valid
require_once(e_PLUGIN.'alt_auth/extended_password_handler.php'); // This auto-loads the 'standard' password handler as well
$pass_check = new ExtendedPasswordHandler();
$passMethod = $pass_check->passwordMapping($this->conf['e107db_password_method']);
if ($passMethod === FALSE)
{
$this->makeErrorText('Password error - invalid method');
return AUTH_BADPASSWORD;
}
$pwFromDB = $row['user_password']; // Password stored in DB
if ($pass_check->checkPassword($pword, $uname, $pwFromDB, $passMethod) !== PASSWORD_VALID)
{
$this->makeErrorText('Password incorrect');
return AUTH_BADPASSWORD;
}
// Valid user - check he's in an appropriate class
if ($filterClass != e_UC_PUBLIC)
{
$tmp = explode(',', $row['user_class']);
if (!in_array($filterClass, $tmp))
{
$this->makeErrorText('Userc not found');
return AUTH_NOUSER; // Treat as non-existent user
}
unset($tmp);
}
// Now copy across any values we have selected
foreach($this->conf as $k => $v)
{
if ($v && (strpos($k,'e107db_xf_') === 0))
{
$f = substr($k,strlen('e107db_xf_'));
if (isset($row[$f])) $newvals[$f] = $row[$f];
}
}
$this->makeErrorText(''); // Success - just reconnect to E107 DB if needed
return AUTH_SUCCESS;
}
}
<?php
/*
* e107 website system
*
* Copyright (C) 2008-2012 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* e107 DB authorisation for alt_auth plugin
*
* $URL$
* $Id$
*/
/**
* e107 Alternate authorisation plugin
*
* @package e107_plugins
* @subpackage alt_auth
* @version $Id$;
*
* This connects to a 'foreign' e107 user database to validate the user
*/
/*
return values
AUTH_NOCONNECT = unable to connect to db
AUTH_NOUSER = user not found
AUTH_BADPASSWORD = supplied password incorrect
AUTH_SUCCESS = valid login
*/
class auth_login extends alt_auth_base
{
public $Available = FALSE; // Flag indicates whether DB connection available
public $ErrorText; // e107 error string on exit
private $conf; // Configuration parameters
/**
* Read configuration, initialise connection to remote e107 database
*
* @return AUTH_xxxx result code
*/
public function __construct()
{
$this->ErrorText = '';
$this->conf = $this->altAuthGetParams('e107db');
$this->Available = TRUE;
}
/**
* Retrieve and construct error strings
*
* @todo - test whether reconnect to DB is required (shouldn't be)
*/
private function makeErrorText($extra = '')
{
$this->ErrorText = $extra;
//global $mySQLserver, $mySQLuser, $mySQLpassword, $mySQLdefaultdb, $sql;
//$sql->db_Connect($mySQLserver, $mySQLuser, $mySQLpassword, $mySQLdefaultdb);
}
/**
* Validate login credentials
*
* @param string $uname - The user name requesting access
* @param string $pass - Password to use (usually plain text)
* @param pointer &$newvals - pointer to array to accept other data read from database
* @param boolean $connect_only - TRUE to simply connect to the database
*
* @return integer result (AUTH_xxxx)
*
* On a successful login, &$newvals array is filled with the requested data from the server
*/
public function login($uname, $pword, &$newvals, $connect_only = FALSE)
{
//Attempt to open connection to sql database
/* if(!$res = mysql_connect($this->conf['e107db_server'], $this->conf['e107db_username'], $this->conf['e107db_password']))
{
$this->makeErrorText('Cannot connect to remote server');
return AUTH_NOCONNECT;
}
if(!mysql_select_db($this->conf['e107db_database'], $res))
{
mysql_close($res);
$this->makeErrorText('Cannot connect to remote DB');
return AUTH_NOCONNECT;
}
if ($connect_only) return AUTH_SUCCESS; // Test mode may just want to connect to the DB
*/
// $dsn = 'mysql:dbname=' . $this->conf['e107db_database'] . ';host=' . $this->conf['e107db_server'];
$dsn = "mysql:host=".$this->conf['e107db_server'].";port=".varset($this->conf['e107db_port'],3306).";dbname=".$this->conf['e107db_database'];
try
{
$dbh = new PDO($dsn, $this->conf['e107db_username'], $this->conf['e107db_password']);
}
catch (PDOException $e)
{
$this->makeErrorText('Cannot connect to remote DB; PDOException message: ' . $e->getMessage());
return AUTH_NOCONNECT;
}
$sel_fields = array();
// Make an array of the fields we want from the source DB
foreach($this->conf as $k => $v)
{
if ($v && (strpos($k,'e107db_xf_') === 0))
{
$sel_fields[] = substr($k,strlen('e107db_xf_'));
}
}
$filterClass = intval(varset($this->conf['e107db_filter_class'], e_UC_PUBLIC));
if (($filterClass != e_UC_PUBLIC) && (!in_array('user_class',$sel_fields)))
{
$sel_fields[] = 'user_class';
}
$sel_fields[] = 'user_password';
$user_field = 'user_loginname';
//Get record containing supplied login name
$qry = 'SELECT '.implode(',',$sel_fields)." FROM ".$this->conf['e107db_prefix']."user WHERE {$user_field} = '{$uname}' AND `user_ban` = 0";
// echo "Query: {$qry}<br />";
if(!$r1 = $dbh->query($qry))
{
$this->makeErrorText('Lookup query failed');
e107::getMessage()->addDebug($qry);
return AUTH_NOCONNECT;
}
if (!$row = $r1->fetch(PDO::FETCH_BOTH))
{
$this->makeErrorText('User not found');
return AUTH_NOUSER;
}
// mysql_close($res); // Finished with 'foreign' DB now
// Got something from the DB - see whether password valid
require_once(e_PLUGIN.'alt_auth/extended_password_handler.php'); // This auto-loads the 'standard' password handler as well
$pass_check = new ExtendedPasswordHandler();
$passMethod = $pass_check->passwordMapping($this->conf['e107db_password_method']);
if ($passMethod === FALSE)
{
$this->makeErrorText('Password error - invalid method');
return AUTH_BADPASSWORD;
}
$pwFromDB = $row['user_password']; // Password stored in DB
if ($pass_check->checkPassword($pword, $uname, $pwFromDB, $passMethod) !== PASSWORD_VALID)
{
$this->makeErrorText('Password incorrect');
return AUTH_BADPASSWORD;
}
// Valid user - check he's in an appropriate class
if ($filterClass != e_UC_PUBLIC)
{
$tmp = explode(',', $row['user_class']);
if (!in_array($filterClass, $tmp))
{
$this->makeErrorText('Userc not found');
return AUTH_NOUSER; // Treat as non-existent user
}
unset($tmp);
}
// Now copy across any values we have selected
foreach($this->conf as $k => $v)
{
if ($v && (strpos($k,'e107db_xf_') === 0))
{
$f = substr($k,strlen('e107db_xf_'));
if (isset($row[$f])) $newvals[$f] = $row[$f];
}
}
$this->makeErrorText(''); // Success - just reconnect to E107 DB if needed
return AUTH_SUCCESS;
}
}
?>

270
e107_plugins/alt_auth/e107db_conf.php
View File

@@ -1,135 +1,135 @@
<?php
/*
* e107 website system
*
* Copyright (C) 2008-2012 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* e107 DB configuration for alt_auth plugin
*
* $URL$
* $Id$
*/
/**
* e107 Alternate authorisation plugin
*
* @package e107_plugins
* @subpackage alt_auth
* @version $Id$;
*/
$eplug_admin = true;
require_once('../../class2.php');
require_once(e_ADMIN.'auth.php');
require_once(e_HANDLER.'form_handler.php');
e107::includeLan(e_PLUGIN.'alt_auth/languages/'.e_LANGUAGE.'/admin_e107db_conf.php');
e107::includeLan(e_PLUGIN.'alt_auth/languages/'.e_LANGUAGE.'/admin_alt_auth.php');
define('ALT_AUTH_ACTION', 'e107db');
require_once(e_PLUGIN.'alt_auth/alt_auth_adminmenu.php');
require_once(e_PLUGIN.'alt_auth/extended_password_handler.php');
class alt_auth_e107db extends alt_auth_admin
{
public function __construct()
{
}
public function showForm()
{
$ns = e107::getRender();
$parm = $this->altAuthGetParams('e107db');
$frm = new form;
$tab1 = "<table class='table adminform'>
<colgroup span='2'>
<col class='col-label' />
<col class='col-control' />
</colgroup>";
$tab1 .= "<tr><td>".LAN_ALT_26."</td><td>";
$tab1 .= E107DB_LAN_1;
$tab1 .= "</td></tr>";
$tab1 .= $this->alt_auth_get_db_fields('e107db', $frm, $parm, 'server|port|uname|pwd|db|prefix|classfilt');
$tab1 .= "<tr><td>".E107DB_LAN_9."</td><td>";
$tab1 .= $this->altAuthGetPasswordSelector('e107db_password_method', $frm, $parm['e107db_password_method'], FALSE);
$tab1 .= "</td></tr></table>";
$tab2 = "
<table class='table adminform'>
<colgroup>
<col class='col-label' />
<col class='col-control' />
</colgroup>
";
$tab2 .= "<tr><td colspan='2'><br />".E107DB_LAN_11."</td></tr>";
$tab2 .= $this->alt_auth_get_field_list('e107db',$frm, $parm, TRUE);
$tab2 .= "</table>";
$tabs = array(
'tab1' => array('caption'=>'Database', 'text'=>$tab1),
'tab2' => array('caption'=>'Data', 'text'=>$tab2),
);
$text = $frm -> form_open('post', e_SELF);
$text .= e107::getForm()->tabs($tabs);
$text .= "<div class='buttons-bar center'>";
$text .= e107::getForm()->admin_button("update", LAN_UPDATE,'update');
$text .= '</div>';
$text .= $frm -> form_close();
$ns->tablerender(E107DB_LAN_10, $text);
echo e107::getMessage()->render();
$ns->tablerender(LAN_ALT_40.LAN_ALT_41,$this->alt_auth_test_form('e107db',$frm));
}
}
$e107dbAdmin = new alt_auth_e107db();
if(vartrue($_POST['update']))
{
$message = $e107dbAdmin->alt_auth_post_options('e107db');
}
if(vartrue($message))
{
e107::getRender()->tablerender('',"<div style='text-align:center;'>".$message.'</div>');
}
$e107dbAdmin->showForm();
require_once(e_ADMIN.'footer.php');
function e107db_conf_adminmenu()
{
alt_auth_adminmenu();
}
?>
<?php
/*
* e107 website system
*
* Copyright (C) 2008-2012 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* e107 DB configuration for alt_auth plugin
*
* $URL$
* $Id$
*/
/**
* e107 Alternate authorisation plugin
*
* @package e107_plugins
* @subpackage alt_auth
* @version $Id$;
*/
$eplug_admin = true;
require_once('../../class2.php');
require_once(e_ADMIN.'auth.php');
require_once(e_HANDLER.'form_handler.php');
e107::includeLan(e_PLUGIN.'alt_auth/languages/'.e_LANGUAGE.'/admin_e107db_conf.php');
e107::includeLan(e_PLUGIN.'alt_auth/languages/'.e_LANGUAGE.'/admin_alt_auth.php');
define('ALT_AUTH_ACTION', 'e107db');
require_once(e_PLUGIN.'alt_auth/alt_auth_adminmenu.php');
require_once(e_PLUGIN.'alt_auth/extended_password_handler.php');
class alt_auth_e107db extends alt_auth_admin
{
public function __construct()
{
}
public function showForm()
{
$ns = e107::getRender();
$parm = $this->altAuthGetParams('e107db');
$frm = new form;
$tab1 = "<table class='table adminform'>
<colgroup span='2'>
<col class='col-label' />
<col class='col-control' />
</colgroup>";
$tab1 .= "<tr><td>".LAN_ALT_26."</td><td>";
$tab1 .= E107DB_LAN_1;
$tab1 .= "</td></tr>";
$tab1 .= $this->alt_auth_get_db_fields('e107db', $frm, $parm, 'server|port|uname|pwd|db|prefix|classfilt');
$tab1 .= "<tr><td>".E107DB_LAN_9."</td><td>";
$tab1 .= $this->altAuthGetPasswordSelector('e107db_password_method', $frm, $parm['e107db_password_method'], FALSE);
$tab1 .= "</td></tr></table>";
$tab2 = "
<table class='table adminform'>
<colgroup>
<col class='col-label' />
<col class='col-control' />
</colgroup>
";
$tab2 .= "<tr><td colspan='2'><br />".E107DB_LAN_11."</td></tr>";
$tab2 .= $this->alt_auth_get_field_list('e107db',$frm, $parm, TRUE);
$tab2 .= "</table>";
$tabs = array(
'tab1' => array('caption'=>'Database', 'text'=>$tab1),
'tab2' => array('caption'=>'Data', 'text'=>$tab2),
);
$text = $frm -> form_open('post', e_SELF);
$text .= e107::getForm()->tabs($tabs);
$text .= "<div class='buttons-bar center'>";
$text .= e107::getForm()->admin_button("update", LAN_UPDATE,'update');
$text .= '</div>';
$text .= $frm -> form_close();
$ns->tablerender(E107DB_LAN_10, $text);
echo e107::getMessage()->render();
$ns->tablerender(LAN_ALT_40.LAN_ALT_41,$this->alt_auth_test_form('e107db',$frm));
}
}
$e107dbAdmin = new alt_auth_e107db();
if(vartrue($_POST['update']))
{
$message = $e107dbAdmin->alt_auth_post_options('e107db');
}
if(vartrue($message))
{
e107::getRender()->tablerender('',"<div style='text-align:center;'>".$message.'</div>');
}
$e107dbAdmin->showForm();
require_once(e_ADMIN.'footer.php');
function e107db_conf_adminmenu()
{
alt_auth_adminmenu();
}
?>

768
e107_plugins/alt_auth/extended_password_handler.php
View File

@@ -1,385 +1,385 @@
<?php
/*
* e107 website system
*
* Copyright (C) 2008-2013 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Extended password handler for alt_auth plugin
*
* $URL$
* $Id$
*/
/**
* e107 Alternate authorisation plugin
*
* @package e107_plugins
* @subpackage alt_auth
* @version $Id$;
*/
/**
EXTENDED PASSWORD HANDLER CLASS
- supports many password formats used on other systems
- implements checking of existing passwords only
To use:
Instantiate ExtendedPasswordHandler
call CheckPassword(plaintext_password,login_name, stored_value)
or, optionally:
call CheckPassword(plaintext_password,login_name, stored_value, password_type)
@todo:
1. Check that public/private declarations of functions are correct
*/
if (!defined('e107_INIT')) { exit; }
require_once(e_HANDLER.'user_handler.php');
// @todo make these class constants
/*define('PASSWORD_PHPBB_SALT',2);
define('PASSWORD_MAMBO_SALT',3);
define('PASSWORD_JOOMLA_SALT',4);
define('PASSWORD_GENERAL_MD5',5);
define('PASSWORD_PLAINTEXT',6);
define('PASSWORD_GENERAL_SHA1',7);
define('PASSWORD_WORDPRESS_SALT', 8);
define('PASSWORD_MAGENTO_SALT', 9);
define('PASSWORD_PHPFUSION_SHA256', 10);
// Supported formats:
define('PASSWORD_PHPBB_ID', '$H$'); // PHPBB salted
define('PASSWORD_ORIG_ID', '$P$'); // 'Original' code
define('PASSWORD_WORDPRESS_ID', '$P$'); // WordPress 2.8
*/
class ExtendedPasswordHandler extends UserHandler
{
private $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; // Holds a string of 64 characters for base64 conversion
var $random_state = ''; // A (hopefully) random number
const PASSWORD_E107_MD5 = 0;
const PASSWORD_E107_SALT = 1;
const PASSWORD_PHPBB_SALT = 2;
const PASSWORD_MAMBO_SALT = 3;
const PASSWORD_JOOMLA_SALT = 4;
const PASSWORD_GENERAL_MD5 = 5;
const PASSWORD_PLAINTEXT = 6;
const PASSWORD_GENERAL_SHA1 = 7;
const PASSWORD_WORDPRESS_SALT = 8;
const PASSWORD_MAGENTO_SALT = 9;
const PASSWORD_PHPFUSION_SALT = 10;
const PASSWORD_PHPBB_ID = '$H$'; // PHPBB salted
const PASSWORD_ORIG_ID = '$P$'; // 'Original' code
const PASSWORD_WORDPRESS_ID = '$P$'; // WordPress 2.8
/**
* Constructor - just call parent
*/
function __construct()
{
// Ancestor constructor
parent::__construct();
}
/**
* Return a number of random bytes as specified by $count
*/
private function get_random_bytes($count)
{
$this->random_state = md5($this->random_state.microtime().mt_rand(0,10000)); // This will 'auto seed'
$output = '';
for ($i = 0; $i < $count; $i += 16)
{ // Only do this loop once unless we need more than 16 bytes
$this->random_state = md5(microtime() . $this->random_state);
$output .= pack('H*', md5($this->random_state)); // Becomes an array of 16 bytes
}
$output = substr($output, 0, $count);
return $output;
}
/**
* Encode to base64 (each block of three 8-bit chars becomes 4 printable chars)
* Use first $count characters of $input string
*/
private function encode64($input, $count)
{
return base64_encode(substr($input, 0, $count)); // @todo - check this works OK
/*
$output = '';
$i = 0;
do
{
$value = ord($input[$i++]);
$output .= $this->itoa64[$value & 0x3f];
if ($i < $count) $value |= ord($input[$i]) << 8;
$output .= $this->itoa64[($value >> 6) & 0x3f];
if ($i++ >= $count) break;
if ($i < $count) $value |= ord($input[$i]) << 16;
$output .= $this->itoa64[($value >> 12) & 0x3f];
if ($i++ >= $count) break;
$output .= $this->itoa64[($value >> 18) & 0x3f];
} while ($i < $count);
return $output;
*/
}
/**
* Method for PHPBB3-style salted passwords, which begin '$H$', and WordPress-style salted passwords, which begin '$P$'
* Given a plaintext password and the complete password/hash function (which includes any salt), calculate hash
* Returns FALSE on error
*/
private function crypt_private($password, $stored_password, $password_type = self::PASSWORD_PHPBB_SALT)
{
$output = '*0';
if (substr($stored_password, 0, 2) == $output)
{
$output = '*1';
}
$prefix = '';
switch ($password_type)
{
case self::PASSWORD_PHPBB_SALT :
$prefix = self::PASSWORD_PHPBB_ID;
break;
case self::PASSWORD_WORDPRESS_SALT :
$prefix = self::PASSWORD_WORDPRESS_ID;
break;
default :
$prefix = '';
}
if ($prefix != substr($stored_password, 0, 3))
{
return $output;
}
$count_log2 = strpos($this->itoa64, $stored_password[3]); // 4th character indicates hash depth count
if ($count_log2 < 7 || $count_log2 > 30)
{
return $output;
}
$count = 1 << $count_log2;
$salt = substr($stored_password, 4, 8); // Salt is characters 5..12
if (strlen($salt) != 8)
{
return $output;
}
# We're kind of forced to use MD5 here since it's the only
# cryptographic primitive available in all versions of PHP
# currently in use. To implement our own low-level crypto
# in PHP would result in much worse performance and
# consequently in lower iteration counts and hashes that are
# quicker to crack (by non-PHP code).
// Get raw binary output (always 16 bytes) - we assume PHP5 here
$hash = md5($salt.$password, TRUE);
do
{
$hash = md5($hash.$password, TRUE);
} while (--$count);
$output = substr($setting, 0, 12); // Identifier, shift count and salt - total 12 chars
$output .= $this->encode64($hash, 16); // Returns 22-character string
return $output;
}
/**
* Return array of supported password types - key is used internally, text is displayed
*/
public function getPasswordTypes($includeExtended = TRUE)
{
$vals = array();
$vals = array(
'md5' => IMPORTDB_LAN_7,
'e107_salt' => IMPORTDB_LAN_8); // Methods supported in core
if ($includeExtended)
{
$vals = array_merge($vals,array(
'plaintext' => IMPORTDB_LAN_2,
'joomla_salt' => IMPORTDB_LAN_3,
'mambo_salt' => IMPORTDB_LAN_4,
'smf_sha1' => IMPORTDB_LAN_5,
'sha1' => IMPORTDB_LAN_6,
'phpbb3_salt' => IMPORTDB_LAN_12,
'wordpress_salt' => IMPORTDB_LAN_13,
'magento_salt' => IMPORTDB_LAN_14,
'phpfusion_salt' => "PHPFusion",
));
}
return $vals;
}
/**
* Return password type which relates to a specific foreign system
*/
public function passwordMapping($ptype)
{
$maps = array(
'plaintext' => self::PASSWORD_PLAINTEXT,
'joomla_salt' => self::PASSWORD_JOOMLA_SALT,
'mambo_salt' => self::PASSWORD_MAMBO_SALT,
'smf_sha1' => self::PASSWORD_GENERAL_SHA1,
'sha1' => self::PASSWORD_GENERAL_SHA1,
'mambo' => self::PASSWORD_GENERAL_MD5,
'phpbb2' => self::PASSWORD_GENERAL_MD5,
'e107' => self::PASSWORD_GENERAL_MD5,
'md5' => self::PASSWORD_GENERAL_MD5,
'e107_salt' => self::PASSWORD_E107_SALT,
'phpbb2_salt' => self::PASSWORD_PHPBB_SALT,
'phpbb3_salt' => self::PASSWORD_PHPBB_SALT,
'wordpress_salt' => self::PASSWORD_WORDPRESS_SALT,
'magento_salt' => self::PASSWORD_MAGENTO_SALT,
'phpfusion_salt' => self::PASSWORD_PHPFUSION_SALT,
);
if (isset($maps[$ptype])) return $maps[$ptype];
return FALSE;
}
/**
* Extension of password validation to handle more types
*
* @param string $pword - plaintext password as entered by user
* @param string $login_name - string used to log in (could actually be email address)
* @param string $stored_hash - required value for password to match
* @param integer $password_type - constant specifying the type of password to check against
*
* @return PASSWORD_INVALID|PASSWORD_VALID|string
* PASSWORD_INVALID if no match
* PASSWORD_VALID if valid password
* Return a new hash to store if valid password but non-preferred encoding
*/
public function CheckPassword($pword, $login_name, $stored_hash, $password_type = PASSWORD_DEFAULT_TYPE)
{
switch ($password_type)
{
case self::PASSWORD_GENERAL_MD5 :
case self::PASSWORD_E107_MD5 :
$pwHash = md5($pword);
break;
case self::PASSWORD_GENERAL_SHA1 :
if (strlen($stored_hash) != 40) return PASSWORD_INVALID;
$pwHash = sha1($pword);
break;
case self::PASSWORD_JOOMLA_SALT :
case self::PASSWORD_MAMBO_SALT :
if ((strpos($stored_hash, ':') === false) || (strlen($stored_hash) < 40))
{
return PASSWORD_INVALID;
}
// Mambo/Joomla salted hash - should be 32-character md5 hash, ':', 16-character salt (but could be 8-char salt, maybe)
list($hash, $salt) = explode(':', $stored_hash);
$pwHash = md5($pword.$salt);
$stored_hash = $hash;
break;
case self::PASSWORD_MAGENTO_SALT :
$hash = $salt = '';
if ((strpos($stored_hash, ':') !== false))
{
list($hash, $salt) = explode(':', $stored_hash);
}
// Magento salted hash - should be 32-character md5 hash, ':', 2-character salt, but could be also only md5 hash
else
{
$hash = $stored_hash;
}
if(strlen($hash) !== 32)
{
//return PASSWORD_INVALID;
}
$pwHash = $salt ? md5($salt.$pword) : md5($pword);
$stored_hash = $hash;
break;
case self::PASSWORD_E107_SALT :
//return e107::getUserSession()->CheckPassword($password, $login_name, $stored_hash);
return parent::CheckPassword($pword, $login_name, $stored_hash);
break;
case self::PASSWORD_PHPBB_SALT :
case self::PASSWORD_WORDPRESS_SALT :
if (strlen($stored_hash) != 34) return PASSWORD_INVALID;
$pwHash = $this->crypt_private($pword, $stored_hash, $password_type);
if ($pwHash[0] == '*')
{
return PASSWORD_INVALID;
}
$stored_hash = substr($stored_hash,12);
break;
case self::PASSWORD_PHPFUSION_SALT:
list($hash, $salt) = explode(':', $stored_hash);
if (strlen($hash) !== 32)
{
$pwHash = hash_hmac('sha256',$pword, $salt);
}
else
{
e107::getMessage()->addDebug("PHPFusion Md5 Hash Detected ");
$pwHash = md5(md5($pword));
}
$stored_hash = $hash;
break;
case self::PASSWORD_PLAINTEXT :
$pwHash = $pword;
break;
default :
return PASSWORD_INVALID;
}
if(deftrue('e_DEBUG'))
{
e107::getMessage()->addDebug("Stored Hash: ".$stored_hash);
if(!empty($salt))
{
e107::getMessage()->addDebug("Stored Salt: ".$salt);
}
e107::getMessage()->addDebug("Generated Hash: ".$pwHash);
}
if ($stored_hash != $pwHash) return PASSWORD_INVALID;
return PASSWORD_VALID;
}
}
<?php
/*
* e107 website system
*
* Copyright (C) 2008-2013 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Extended password handler for alt_auth plugin
*
* $URL$
* $Id$
*/
/**
* e107 Alternate authorisation plugin
*
* @package e107_plugins
* @subpackage alt_auth
* @version $Id$;
*/
/**
EXTENDED PASSWORD HANDLER CLASS
- supports many password formats used on other systems
- implements checking of existing passwords only
To use:
Instantiate ExtendedPasswordHandler
call CheckPassword(plaintext_password,login_name, stored_value)
or, optionally:
call CheckPassword(plaintext_password,login_name, stored_value, password_type)
@todo:
1. Check that public/private declarations of functions are correct
*/
if (!defined('e107_INIT')) { exit; }
require_once(e_HANDLER.'user_handler.php');
// @todo make these class constants
/*define('PASSWORD_PHPBB_SALT',2);
define('PASSWORD_MAMBO_SALT',3);
define('PASSWORD_JOOMLA_SALT',4);
define('PASSWORD_GENERAL_MD5',5);
define('PASSWORD_PLAINTEXT',6);
define('PASSWORD_GENERAL_SHA1',7);
define('PASSWORD_WORDPRESS_SALT', 8);
define('PASSWORD_MAGENTO_SALT', 9);
define('PASSWORD_PHPFUSION_SHA256', 10);
// Supported formats:
define('PASSWORD_PHPBB_ID', '$H$'); // PHPBB salted
define('PASSWORD_ORIG_ID', '$P$'); // 'Original' code
define('PASSWORD_WORDPRESS_ID', '$P$'); // WordPress 2.8
*/
class ExtendedPasswordHandler extends UserHandler
{
private $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; // Holds a string of 64 characters for base64 conversion
var $random_state = ''; // A (hopefully) random number
const PASSWORD_E107_MD5 = 0;
const PASSWORD_E107_SALT = 1;
const PASSWORD_PHPBB_SALT = 2;
const PASSWORD_MAMBO_SALT = 3;
const PASSWORD_JOOMLA_SALT = 4;
const PASSWORD_GENERAL_MD5 = 5;
const PASSWORD_PLAINTEXT = 6;
const PASSWORD_GENERAL_SHA1 = 7;
const PASSWORD_WORDPRESS_SALT = 8;
const PASSWORD_MAGENTO_SALT = 9;
const PASSWORD_PHPFUSION_SALT = 10;
const PASSWORD_PHPBB_ID = '$H$'; // PHPBB salted
const PASSWORD_ORIG_ID = '$P$'; // 'Original' code
const PASSWORD_WORDPRESS_ID = '$P$'; // WordPress 2.8
/**
* Constructor - just call parent
*/
function __construct()
{
// Ancestor constructor
parent::__construct();
}
/**
* Return a number of random bytes as specified by $count
*/
private function get_random_bytes($count)
{
$this->random_state = md5($this->random_state.microtime().mt_rand(0,10000)); // This will 'auto seed'
$output = '';
for ($i = 0; $i < $count; $i += 16)
{ // Only do this loop once unless we need more than 16 bytes
$this->random_state = md5(microtime() . $this->random_state);
$output .= pack('H*', md5($this->random_state)); // Becomes an array of 16 bytes
}
$output = substr($output, 0, $count);
return $output;
}
/**
* Encode to base64 (each block of three 8-bit chars becomes 4 printable chars)
* Use first $count characters of $input string
*/
private function encode64($input, $count)
{
return base64_encode(substr($input, 0, $count)); // @todo - check this works OK
/*
$output = '';
$i = 0;
do
{
$value = ord($input[$i++]);
$output .= $this->itoa64[$value & 0x3f];
if ($i < $count) $value |= ord($input[$i]) << 8;
$output .= $this->itoa64[($value >> 6) & 0x3f];
if ($i++ >= $count) break;
if ($i < $count) $value |= ord($input[$i]) << 16;
$output .= $this->itoa64[($value >> 12) & 0x3f];
if ($i++ >= $count) break;
$output .= $this->itoa64[($value >> 18) & 0x3f];
} while ($i < $count);
return $output;
*/
}
/**
* Method for PHPBB3-style salted passwords, which begin '$H$', and WordPress-style salted passwords, which begin '$P$'
* Given a plaintext password and the complete password/hash function (which includes any salt), calculate hash
* Returns FALSE on error
*/
private function crypt_private($password, $stored_password, $password_type = self::PASSWORD_PHPBB_SALT)
{
$output = '*0';
if (substr($stored_password, 0, 2) == $output)
{
$output = '*1';
}
$prefix = '';
switch ($password_type)
{
case self::PASSWORD_PHPBB_SALT :
$prefix = self::PASSWORD_PHPBB_ID;
break;
case self::PASSWORD_WORDPRESS_SALT :
$prefix = self::PASSWORD_WORDPRESS_ID;
break;
default :
$prefix = '';
}
if ($prefix != substr($stored_password, 0, 3))
{
return $output;
}
$count_log2 = strpos($this->itoa64, $stored_password[3]); // 4th character indicates hash depth count
if ($count_log2 < 7 || $count_log2 > 30)
{
return $output;
}
$count = 1 << $count_log2;
$salt = substr($stored_password, 4, 8); // Salt is characters 5..12
if (strlen($salt) != 8)
{
return $output;
}
# We're kind of forced to use MD5 here since it's the only
# cryptographic primitive available in all versions of PHP
# currently in use. To implement our own low-level crypto
# in PHP would result in much worse performance and
# consequently in lower iteration counts and hashes that are
# quicker to crack (by non-PHP code).
// Get raw binary output (always 16 bytes) - we assume PHP5 here
$hash = md5($salt.$password, TRUE);
do
{
$hash = md5($hash.$password, TRUE);
} while (--$count);
$output = substr($setting, 0, 12); // Identifier, shift count and salt - total 12 chars
$output .= $this->encode64($hash, 16); // Returns 22-character string
return $output;
}
/**
* Return array of supported password types - key is used internally, text is displayed
*/
public function getPasswordTypes($includeExtended = TRUE)
{
$vals = array();
$vals = array(
'md5' => IMPORTDB_LAN_7,
'e107_salt' => IMPORTDB_LAN_8); // Methods supported in core
if ($includeExtended)
{
$vals = array_merge($vals,array(
'plaintext' => IMPORTDB_LAN_2,
'joomla_salt' => IMPORTDB_LAN_3,
'mambo_salt' => IMPORTDB_LAN_4,
'smf_sha1' => IMPORTDB_LAN_5,
'sha1' => IMPORTDB_LAN_6,
'phpbb3_salt' => IMPORTDB_LAN_12,
'wordpress_salt' => IMPORTDB_LAN_13,
'magento_salt' => IMPORTDB_LAN_14,
'phpfusion_salt' => "PHPFusion",
));
}
return $vals;
}
/**
* Return password type which relates to a specific foreign system
*/
public function passwordMapping($ptype)
{
$maps = array(
'plaintext' => self::PASSWORD_PLAINTEXT,
'joomla_salt' => self::PASSWORD_JOOMLA_SALT,
'mambo_salt' => self::PASSWORD_MAMBO_SALT,
'smf_sha1' => self::PASSWORD_GENERAL_SHA1,
'sha1' => self::PASSWORD_GENERAL_SHA1,
'mambo' => self::PASSWORD_GENERAL_MD5,
'phpbb2' => self::PASSWORD_GENERAL_MD5,
'e107' => self::PASSWORD_GENERAL_MD5,
'md5' => self::PASSWORD_GENERAL_MD5,
'e107_salt' => self::PASSWORD_E107_SALT,
'phpbb2_salt' => self::PASSWORD_PHPBB_SALT,
'phpbb3_salt' => self::PASSWORD_PHPBB_SALT,
'wordpress_salt' => self::PASSWORD_WORDPRESS_SALT,
'magento_salt' => self::PASSWORD_MAGENTO_SALT,
'phpfusion_salt' => self::PASSWORD_PHPFUSION_SALT,
);
if (isset($maps[$ptype])) return $maps[$ptype];
return FALSE;
}
/**
* Extension of password validation to handle more types
*
* @param string $pword - plaintext password as entered by user
* @param string $login_name - string used to log in (could actually be email address)
* @param string $stored_hash - required value for password to match
* @param integer $password_type - constant specifying the type of password to check against
*
* @return PASSWORD_INVALID|PASSWORD_VALID|string
* PASSWORD_INVALID if no match
* PASSWORD_VALID if valid password
* Return a new hash to store if valid password but non-preferred encoding
*/
public function CheckPassword($pword, $login_name, $stored_hash, $password_type = PASSWORD_DEFAULT_TYPE)
{
switch ($password_type)
{
case self::PASSWORD_GENERAL_MD5 :
case self::PASSWORD_E107_MD5 :
$pwHash = md5($pword);
break;
case self::PASSWORD_GENERAL_SHA1 :
if (strlen($stored_hash) != 40) return PASSWORD_INVALID;
$pwHash = sha1($pword);
break;
case self::PASSWORD_JOOMLA_SALT :
case self::PASSWORD_MAMBO_SALT :
if ((strpos($stored_hash, ':') === false) || (strlen($stored_hash) < 40))
{
return PASSWORD_INVALID;
}
// Mambo/Joomla salted hash - should be 32-character md5 hash, ':', 16-character salt (but could be 8-char salt, maybe)
list($hash, $salt) = explode(':', $stored_hash);
$pwHash = md5($pword.$salt);
$stored_hash = $hash;
break;
case self::PASSWORD_MAGENTO_SALT :
$hash = $salt = '';
if ((strpos($stored_hash, ':') !== false))
{
list($hash, $salt) = explode(':', $stored_hash);
}
// Magento salted hash - should be 32-character md5 hash, ':', 2-character salt, but could be also only md5 hash
else
{
$hash = $stored_hash;
}
if(strlen($hash) !== 32)
{
//return PASSWORD_INVALID;
}
$pwHash = $salt ? md5($salt.$pword) : md5($pword);
$stored_hash = $hash;
break;
case self::PASSWORD_E107_SALT :
//return e107::getUserSession()->CheckPassword($password, $login_name, $stored_hash);
return parent::CheckPassword($pword, $login_name, $stored_hash);
break;
case self::PASSWORD_PHPBB_SALT :
case self::PASSWORD_WORDPRESS_SALT :
if (strlen($stored_hash) != 34) return PASSWORD_INVALID;
$pwHash = $this->crypt_private($pword, $stored_hash, $password_type);
if ($pwHash[0] == '*')
{
return PASSWORD_INVALID;
}
$stored_hash = substr($stored_hash,12);
break;
case self::PASSWORD_PHPFUSION_SALT:
list($hash, $salt) = explode(':', $stored_hash);
if (strlen($hash) !== 32)
{
$pwHash = hash_hmac('sha256',$pword, $salt);
}
else
{
e107::getMessage()->addDebug("PHPFusion Md5 Hash Detected ");
$pwHash = md5(md5($pword));
}
$stored_hash = $hash;
break;
case self::PASSWORD_PLAINTEXT :
$pwHash = $pword;
break;
default :
return PASSWORD_INVALID;
}
if(deftrue('e_DEBUG'))
{
e107::getMessage()->addDebug("Stored Hash: ".$stored_hash);
if(!empty($salt))
{
e107::getMessage()->addDebug("Stored Salt: ".$salt);
}
e107::getMessage()->addDebug("Generated Hash: ".$pwHash);
}
if ($stored_hash != $pwHash) return PASSWORD_INVALID;
return PASSWORD_VALID;
}
}
?>

250
e107_plugins/alt_auth/importdb_auth.php
View File

@@ -1,126 +1,126 @@
<?php
/*
* e107 website system
*
* Copyright (C) 2008-2012 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* imported DB authorisation for alt_auth plugin
*
* $URL$
* $Id$
*/
/**
* e107 Alternate authorisation plugin
*
* @package e107_plugins
* @subpackage alt_auth
* @version $Id$;
*/
/*
return values
AUTH_NOCONNECT = unable to connect to db
AUTH_NOUSER = user not found
AUTH_BADPASSWORD = supplied password incorrect
AUTH_SUCCESS = valid login
*/
class auth_login extends alt_auth_base
{
public $Available = FALSE; // Flag indicates whether DB connection available
public $ErrorText; // e107 error string on exit
private $conf; // Configuration parameters
/**
* Read configuration
*
* @return AUTH_xxxx result code
*/
public function __construct()
{
$this->ErrorText = '';
$this->conf = $this->altAuthGetParams('importdb');
$this->Available = TRUE;
}
private function makeErrorText($extra = '')
{
$this->ErrorText = $extra;
}
/**
* Validate login credentials
*
* @param string $uname - The user name requesting access
* @param string $pass - Password to use (usually plain text)
* @param pointer &$newvals - pointer to array to accept other data read from database
* @param boolean $connect_only - TRUE to simply connect to the database
*
* @return integer result (AUTH_xxxx)
*
* On a successful login, &$newvals array is filled with the requested data from the server
*/
public function login($uname, $pword, &$newvals, $connect_only = FALSE)
{
if ($connect_only) return AUTH_SUCCESS; // Big problem if can't connect to our own DB!
// See if the user's in the E107 database - otherwise they can go away
global $sql, $tp;
if (!$sql->db_Select('user', 'user_loginname, user_password', "user_loginname = '".$tp -> toDB($uname)."'"))
{ // Invalid user
$this->makeErrorText('User not found');
return AUTH_NOUSER;
}
// Now look at their password - we always need to verify it, even if its a core E107 format.
// Higher levels will always convert an authorised password to E107 format and save it for us.
if (!$row = $sql->db_Fetch())
{
$this->makeErrorText('Error reading DB');
return AUTH_NOCONNECT; // Debateable return code - really a DB error. But consistent with other handler
}
require_once(e_PLUGIN.'alt_auth/extended_password_handler.php'); // This auto-loads the 'standard' password handler as well
$pass_check = new ExtendedPasswordHandler();
if(empty($this->conf['importdb_password_method']))
{
$this->makeErrorText('importdb_password_method not set');
}
$passMethod = $pass_check->passwordMapping($this->conf['importdb_password_method']);
e107::getMessage()->addInfo("Testing with Password Method: ".$this->conf['importdb_password_method']);
if ($passMethod === FALSE)
{
$this->makeErrorText('Password error - invalid method');
return AUTH_BADPASSWORD;
}
$pwFromDB = $row['user_password']; // Password stored in DB
e107::getMessage()->addDebug("Stored Password: ".$pwFromDB);
if ($pass_check->checkPassword($pword, $uname, $pwFromDB, $passMethod) !== PASSWORD_VALID)
{
$this->makeErrorText('Password incorrect');
return LOGIN_CONTINUE; // Could have already changed password to E107 format
}
$this->makeErrorText('');
return AUTH_SUCCESS;
}
}
<?php
/*
* e107 website system
*
* Copyright (C) 2008-2012 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* imported DB authorisation for alt_auth plugin
*
* $URL$
* $Id$
*/
/**
* e107 Alternate authorisation plugin
*
* @package e107_plugins
* @subpackage alt_auth
* @version $Id$;
*/
/*
return values
AUTH_NOCONNECT = unable to connect to db
AUTH_NOUSER = user not found
AUTH_BADPASSWORD = supplied password incorrect
AUTH_SUCCESS = valid login
*/
class auth_login extends alt_auth_base
{
public $Available = FALSE; // Flag indicates whether DB connection available
public $ErrorText; // e107 error string on exit
private $conf; // Configuration parameters
/**
* Read configuration
*
* @return AUTH_xxxx result code
*/
public function __construct()
{
$this->ErrorText = '';
$this->conf = $this->altAuthGetParams('importdb');
$this->Available = TRUE;
}
private function makeErrorText($extra = '')
{
$this->ErrorText = $extra;
}
/**
* Validate login credentials
*
* @param string $uname - The user name requesting access
* @param string $pass - Password to use (usually plain text)
* @param pointer &$newvals - pointer to array to accept other data read from database
* @param boolean $connect_only - TRUE to simply connect to the database
*
* @return integer result (AUTH_xxxx)
*
* On a successful login, &$newvals array is filled with the requested data from the server
*/
public function login($uname, $pword, &$newvals, $connect_only = FALSE)
{
if ($connect_only) return AUTH_SUCCESS; // Big problem if can't connect to our own DB!
// See if the user's in the E107 database - otherwise they can go away
global $sql, $tp;
if (!$sql->db_Select('user', 'user_loginname, user_password', "user_loginname = '".$tp -> toDB($uname)."'"))
{ // Invalid user
$this->makeErrorText('User not found');
return AUTH_NOUSER;
}
// Now look at their password - we always need to verify it, even if its a core E107 format.
// Higher levels will always convert an authorised password to E107 format and save it for us.
if (!$row = $sql->db_Fetch())
{
$this->makeErrorText('Error reading DB');
return AUTH_NOCONNECT; // Debateable return code - really a DB error. But consistent with other handler
}
require_once(e_PLUGIN.'alt_auth/extended_password_handler.php'); // This auto-loads the 'standard' password handler as well
$pass_check = new ExtendedPasswordHandler();
if(empty($this->conf['importdb_password_method']))
{
$this->makeErrorText('importdb_password_method not set');
}
$passMethod = $pass_check->passwordMapping($this->conf['importdb_password_method']);
e107::getMessage()->addInfo("Testing with Password Method: ".$this->conf['importdb_password_method']);
if ($passMethod === FALSE)
{
$this->makeErrorText('Password error - invalid method');
return AUTH_BADPASSWORD;
}
$pwFromDB = $row['user_password']; // Password stored in DB
e107::getMessage()->addDebug("Stored Password: ".$pwFromDB);
if ($pass_check->checkPassword($pword, $uname, $pwFromDB, $passMethod) !== PASSWORD_VALID)
{
$this->makeErrorText('Password incorrect');
return LOGIN_CONTINUE; // Could have already changed password to E107 format
}
$this->makeErrorText('');
return AUTH_SUCCESS;
}
}
?>

210
e107_plugins/alt_auth/importdb_conf.php
View File

@@ -1,105 +1,105 @@
<?php
/*
* e107 website system
*
* Copyright (C) 2008-2012 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Alt_auth plugin - 'importdb' configuration
*
* $URL$
* $Id$
*
*/
/**
* e107 Alternate authorisation plugin
*
* @package e107_plugins
* @subpackage alt_auth
* @version $Id$;
*/
$eplug_admin = true;
require_once('../../class2.php');
require_once(e_ADMIN.'auth.php');
require_once(e_HANDLER.'form_handler.php');
e107::includeLan(e_PLUGIN.'alt_auth/languages/'.e_LANGUAGE.'/admin_importdb_conf.php');
e107::includeLan(e_PLUGIN.'alt_auth/languages/'.e_LANGUAGE.'/admin_alt_auth.php');
define('ALT_AUTH_ACTION', 'importdb');
require_once(e_PLUGIN.'alt_auth/alt_auth_adminmenu.php');
require_once(e_PLUGIN.'alt_auth/extended_password_handler.php');
class alt_auth_otherdb extends alt_auth_admin
{
public function __construct()
{
}
public function showForm()
{
$ns = e107::getRender();
$parm = $this->altAuthGetParams('importdb');
$frm = new form;
$text = $frm -> form_open('post', e_SELF);
$text .= "<table class='table adminform'>
<colgroup span='2'>
<col class='col-label' />
<col class='col-control' />
</colgroup>";
$text .= "<tr><td colspan='2'>".IMPORTDB_LAN_11."</td></tr>";
$text .= "<tr><td>".IMPORTDB_LAN_9."</td><td>";
$text .= $this->altAuthGetPasswordSelector('importdb_password_method', $frm, $parm['importdb_password_method'], TRUE);
$text .= "</td></tr>";
$text .= "</table><div class='buttons-bar center'>";
$text .= e107::getForm()->admin_button("update", LAN_UPDATE,'update');
$text .= "</div>";
$text .= $frm -> form_close();
$ns -> tablerender(IMPORTDB_LAN_10, $text);
$ns->tablerender(LAN_ALT_40.LAN_ALT_41, $this->alt_auth_test_form('importdb',$frm));
}
}
$otherDbAdmin = new alt_auth_otherdb();
if(vartrue($_POST['update']))
{
// $message = update_importdb_prefs();
$message = $otherDbAdmin->alt_auth_post_options('importdb');
}
if(vartrue($message))
{
e107::getRender()->tablerender("","<div style='text-align:center;'>".$message."</div>");
}
$otherDbAdmin->showForm();
require_once(e_ADMIN.'footer.php');
function importdb_conf_adminmenu()
{
alt_auth_adminmenu();
}
?>
<?php
/*
* e107 website system
*
* Copyright (C) 2008-2012 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Alt_auth plugin - 'importdb' configuration
*
* $URL$
* $Id$
*
*/
/**
* e107 Alternate authorisation plugin
*
* @package e107_plugins
* @subpackage alt_auth
* @version $Id$;
*/
$eplug_admin = true;
require_once('../../class2.php');
require_once(e_ADMIN.'auth.php');
require_once(e_HANDLER.'form_handler.php');
e107::includeLan(e_PLUGIN.'alt_auth/languages/'.e_LANGUAGE.'/admin_importdb_conf.php');
e107::includeLan(e_PLUGIN.'alt_auth/languages/'.e_LANGUAGE.'/admin_alt_auth.php');
define('ALT_AUTH_ACTION', 'importdb');
require_once(e_PLUGIN.'alt_auth/alt_auth_adminmenu.php');
require_once(e_PLUGIN.'alt_auth/extended_password_handler.php');
class alt_auth_otherdb extends alt_auth_admin
{
public function __construct()
{
}
public function showForm()
{
$ns = e107::getRender();
$parm = $this->altAuthGetParams('importdb');
$frm = new form;
$text = $frm -> form_open('post', e_SELF);
$text .= "<table class='table adminform'>
<colgroup span='2'>
<col class='col-label' />
<col class='col-control' />
</colgroup>";
$text .= "<tr><td colspan='2'>".IMPORTDB_LAN_11."</td></tr>";
$text .= "<tr><td>".IMPORTDB_LAN_9."</td><td>";
$text .= $this->altAuthGetPasswordSelector('importdb_password_method', $frm, $parm['importdb_password_method'], TRUE);
$text .= "</td></tr>";
$text .= "</table><div class='buttons-bar center'>";
$text .= e107::getForm()->admin_button("update", LAN_UPDATE,'update');
$text .= "</div>";
$text .= $frm -> form_close();
$ns -> tablerender(IMPORTDB_LAN_10, $text);
$ns->tablerender(LAN_ALT_40.LAN_ALT_41, $this->alt_auth_test_form('importdb',$frm));
}
}
$otherDbAdmin = new alt_auth_otherdb();
if(vartrue($_POST['update']))
{
// $message = update_importdb_prefs();
$message = $otherDbAdmin->alt_auth_post_options('importdb');
}
if(vartrue($message))
{
e107::getRender()->tablerender("","<div style='text-align:center;'>".$message."</div>");
}
$otherDbAdmin->showForm();
require_once(e_ADMIN.'footer.php');
function importdb_conf_adminmenu()
{
alt_auth_adminmenu();
}
?>

78
e107_plugins/alt_auth/languages/English/admin_e107db_conf.php
View File

@@ -1,39 +1,39 @@
<?php
/*
* e107 website system
*
* Copyright (C) 2008-2012 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Language file
*
* $URL$
* $Id$
*
*/
/**
* e107 Alternate authorisation plugin
*
* @package e107_plugins
* @subpackage alt_auth
* @version $Id$;
*/
define('E107DB_LAN_1', 'e107 format database');
define('E107DB_LAN_9', 'Password Method:');
define('E107DB_LAN_10', 'Configure e107 db auth');
define('E107DB_LAN_11', 'Check the box against any field you wish to be transferred to the local database:');
define('IMPORTDB_LAN_7', 'MD5 (e107 original)');
define('IMPORTDB_LAN_8', 'e107 salted (option 2.0 on)');
define('LAN_AUTHENTICATE_HELP','This authentication method is to be used with a second E107 database, which may use a different password format to this system. The
original password is read from the local database, and validated against the storage format of the original system. If it verifies, its converted to the current E107-compatible format and
stored in the database.');
?>
<?php
/*
* e107 website system
*
* Copyright (C) 2008-2012 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Language file
*
* $URL$
* $Id$
*
*/
/**
* e107 Alternate authorisation plugin
*
* @package e107_plugins
* @subpackage alt_auth
* @version $Id$;
*/
define('E107DB_LAN_1', 'e107 format database');
define('E107DB_LAN_9', 'Password Method:');
define('E107DB_LAN_10', 'Configure e107 db auth');
define('E107DB_LAN_11', 'Check the box against any field you wish to be transferred to the local database:');
define('IMPORTDB_LAN_7', 'MD5 (e107 original)');
define('IMPORTDB_LAN_8', 'e107 salted (option 2.0 on)');
define('LAN_AUTHENTICATE_HELP','This authentication method is to be used with a second E107 database, which may use a different password format to this system. The
original password is read from the local database, and validated against the storage format of the original system. If it verifies, its converted to the current E107-compatible format and
stored in the database.');
?>

88
e107_plugins/alt_auth/languages/English/admin_ldap_conf.php
View File

@@ -1,44 +1,44 @@
<?php
/*
* e107 website system
*
* Copyright (C) 2008-2012 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* LDAP authorisation for alt_auth plugin - language file
*
* $URL$
* $Id$
*/
/**
* e107 Alternate authorisation plugin
*
* @package e107_plugins
* @subpackage alt_auth
* @version $Id$;
*/
define('LDAPLAN_1', 'Server address');
define('LDAPLAN_2', 'Base DN or Domain<br />LDAP - Enter BaseDN<br />AD - enter the fqdn eg ad.mydomain.co.uk');
define('LDAPLAN_3', 'LDAP Browsing user<br />Full context of the user who is able to search the directory.');
define('LDAPLAN_4', 'LDAP Browsing password<br />Password for the LDAP Browsing user.');
define('LDAPLAN_5', 'LDAP Version');
define('LDAPLAN_6', 'Configure LDAP auth');
define('LDAPLAN_7', 'eDirectory search filter:');
define('LDAPLAN_8', "This will be used to ensure the username is in the correct tree, <br />e.g. '(objectclass=inetOrgPerson)'");
define('LDAPLAN_9', 'Current search filter will be:');
define('LDAPLAN_10', 'Settings Updated');
define('LDAPLAN_11', 'WARNING: It appears that the ldap module is not currently available; setting your auth method to LDAP will probably not work!');
define('LDAPLAN_12', 'Server Type');
define('LDAPLAN_13', 'Update settings');
define('LDAPLAN_14', 'OU for AD (e.g. ou=itdept)');
define('SHOW_COPY_HELP', TRUE);
define('SHOW_CONVERSION_HELP', TRUE);
define('LAN_AUTHENTICATE_HELP','This method can be used to authenticate against most LDAP servers, including Novell\'s eDirectory and Microsoft\'s Active Directory. It requires that PHP\'s LDAP extension is loaded. Refer to the wiki for further information.');
?>
<?php
/*
* e107 website system
*
* Copyright (C) 2008-2012 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* LDAP authorisation for alt_auth plugin - language file
*
* $URL$
* $Id$
*/
/**
* e107 Alternate authorisation plugin
*
* @package e107_plugins
* @subpackage alt_auth
* @version $Id$;
*/
define('LDAPLAN_1', 'Server address');
define('LDAPLAN_2', 'Base DN or Domain<br />LDAP - Enter BaseDN<br />AD - enter the fqdn eg ad.mydomain.co.uk');
define('LDAPLAN_3', 'LDAP Browsing user<br />Full context of the user who is able to search the directory.');
define('LDAPLAN_4', 'LDAP Browsing password<br />Password for the LDAP Browsing user.');
define('LDAPLAN_5', 'LDAP Version');
define('LDAPLAN_6', 'Configure LDAP auth');
define('LDAPLAN_7', 'eDirectory search filter:');
define('LDAPLAN_8', "This will be used to ensure the username is in the correct tree, <br />e.g. '(objectclass=inetOrgPerson)'");
define('LDAPLAN_9', 'Current search filter will be:');
define('LDAPLAN_10', 'Settings Updated');
define('LDAPLAN_11', 'WARNING: It appears that the ldap module is not currently available; setting your auth method to LDAP will probably not work!');
define('LDAPLAN_12', 'Server Type');
define('LDAPLAN_13', 'Update settings');
define('LDAPLAN_14', 'OU for AD (e.g. ou=itdept)');
define('SHOW_COPY_HELP', TRUE);
define('SHOW_CONVERSION_HELP', TRUE);
define('LAN_AUTHENTICATE_HELP','This method can be used to authenticate against most LDAP servers, including Novell\'s eDirectory and Microsoft\'s Active Directory. It requires that PHP\'s LDAP extension is loaded. Refer to the wiki for further information.');
?>

74
e107_plugins/alt_auth/languages/English/admin_radius_conf.php
View File

@@ -1,37 +1,37 @@
<?php
/*
* e107 website system
*
* Copyright (C) 2008-2012 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Language file
*
* $URL$
* $Id$
*
*/
/**
* e107 Alternate authorisation plugin
*
* @package e107_plugins
* @subpackage alt_auth
* @version $Id$;
*/
define('LAN_RADIUS_01', 'Server address');
define('LAN_RADIUS_02', 'Shared secret');
define('LAN_RADIUS_03', 'Server user');
define('LAN_RADIUS_04', 'Server password');
define('LAN_RADIUS_06', 'Configure RADIUS auth');
define('LAN_RADIUS_11', 'WARNING: It appears that the RADIUS module is not currently available; setting your auth method to RADIUS will probably not work!');
define('LAN_AUTHENTICATE_HELP','This authentication method is used with an external RADIUS server. It requres that PHP\'s RADIUS extension is enabled. <br />
Note that the RADIUS server may only allow access from a specific range of IP addresses');
?>
<?php
/*
* e107 website system
*
* Copyright (C) 2008-2012 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Language file
*
* $URL$
* $Id$
*
*/
/**
* e107 Alternate authorisation plugin
*
* @package e107_plugins
* @subpackage alt_auth
* @version $Id$;
*/
define('LAN_RADIUS_01', 'Server address');
define('LAN_RADIUS_02', 'Shared secret');
define('LAN_RADIUS_03', 'Server user');
define('LAN_RADIUS_04', 'Server password');
define('LAN_RADIUS_06', 'Configure RADIUS auth');
define('LAN_RADIUS_11', 'WARNING: It appears that the RADIUS module is not currently available; setting your auth method to RADIUS will probably not work!');
define('LAN_AUTHENTICATE_HELP','This authentication method is used with an external RADIUS server. It requres that PHP\'s RADIUS extension is enabled. <br />
Note that the RADIUS server may only allow access from a specific range of IP addresses');
?>

618
e107_plugins/alt_auth/ldap_auth.php
View File

@@ -1,309 +1,309 @@
<?php
/*
* e107 website system
*
* Copyright (C) 2008-2012 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* LDAP authorisation for alt_auth plugin
*
* $URL$
* $Id$
*/
/**
* e107 Alternate authorisation plugin
*
* @package e107_plugins
* @subpackage alt_auth
* @version $Id$;
*/
class auth_login extends alt_auth_base
{
private $server; // The LDAP server (array of possible servers)
private $dn; // LDAP domain
private $ou; // LDAP OU
private $usr; // User name to log on to server
private $pwd; // Password to log on to server
private $serverType; // Server type = LDAP/AD/eDirectory
public $ldapErrorCode; // LDAP error code on exit
public $ldapErrorText; // LDAP error string on exit
public $ErrorText; // e107 error string on exit
private $connection; // LDAP resource for connection
private $ldapVersion; // Version of LDAP to use
public $Available = FALSE; // Flag indicates whether DB connection available
private $filter; // Filter for eDirectory search
private $copyAttribs; // Any attributes which are to be copied on successful login
public $copyMethods; // Methods which are to be used to copy attributes
/**
* Read configuration, initialise connection to LDAP database
*
* @return AUTH_xxxx result code
*/
public function auth_login()
{
$this->copyAttribs = array();
$this->copyMethods = array();
$ldap = $this->altAuthGetParams('ldap');
foreach ($ldap as $row)
{
if ((strpos($row['auth_parmname'], 'ldap_xf_') === 0) && $ldap[$row['auth_parmname']]) // Attribute to copy on successful login
{
$this->copyAttribs[substr($row['auth_parmname'], strlen('ldap_xf_'))] = $ldap[$row['auth_parmname']]; // Key = LDAP attribute. Value = e107 field name
}
elseif ((strpos($row['auth_parmname'], 'ldap_pm_') === 0) && $ldap[$row['auth_parmname']] && ($ldap[$row['auth_parmname']] != 'none')) // Method to use to copy parameter
{ // Any fields with non-null 'copy' methods
$this->copyMethods[substr($row['auth_parmname'], strlen('ldap_pm_'))] = $ldap[$row['auth_parmname']]; // Key = e107 field name. Value = copy method
}
}
$this->server = explode(',', $ldap['ldap_server']);
$this->serverType = $ldap['ldap_servertype'];
$this->dn = $ldap['ldap_basedn'];
$this->ou = $ldap['ldap_ou'];
$this->usr = $ldap['ldap_user'];
$this->pwd = $ldap['ldap_passwd'];
$this->ldapVersion = $ldap['ldap_version'];
$this->filter = (isset($ldap['ldap_edirfilter']) ? $ldap['ldap_edirfilter'] : "");
if (!function_exists('ldap_connect'))
{
return AUTH_NORESOURCE;
}
if (!$this->connect())
{
return AUTH_NOCONNECT;
}
$this->Available = TRUE;
return AUTH_SUCCESS;
}
/**
* Retrieve and construct error strings
*/
private function makeErrorText($extra = '')
{
$this->ldapErrorCode = ldap_errno($this->connection);
$this->ldapErrorText = ldap_error($this->connection);
$this->ErrorText = $extra . ' ' . $this->ldapErrorCode . ': ' . $this->ldapErrorText;
}
/**
* Connect to the LDAP server
*
* @return boolean TRUE for success, FALSE for failure
*/
public function connect()
{
foreach ($this->server as $key => $host)
{
$this->connection = ldap_connect($host);
if ($this->connection)
{
if ($this->ldapVersion == 3 || $this->serverType == "ActiveDirectory")
{
@ldap_set_option($this->connection, LDAP_OPT_PROTOCOL_VERSION, 3);
}
return true;
}
}
$this->ldapErrorCode = -1;
$this->ldapErrorText = "Unable to connect to any server";
$this->ErrorText = $this->ldapErrorCode . ': ' . $this->ldapErrorText;
return false;
}
/**
* Close the connection to the LDAP server
*/
public function close()
{
if (!@ldap_close($this->connection))
{
$this->makeErrorText(); // Read the error code and explanatory string
return false;
}
else
{
return true;
}
}
/**
* Validate login credentials
*
* @param string $uname - The user name requesting access
* @param string $pass - Password to use (usually plain text)
* @param pointer &$newvals - pointer to array to accept other data read from database
* @param boolean $connect_only - TRUE to simply connect to the server
*
* @return integer result (AUTH_xxxx)
*
* On a successful login, &$newvals array is filled with the requested data from the server
*/
function login($uname, $pass, &$newvals, $connect_only = false)
{
/* Construct the full DN, eg:-
** "uid=username, ou=People, dc=orgname,dc=com"
*/
// echo "Login to server type: {$this->serverType}<br />";
$current_filter = "";
if ($this->serverType == "ActiveDirectory")
{
$checkDn = $uname . '@' . $this->dn;
// added by Father Barry Keal
// $current_filter = "(sAMAccountName={$uname})"; for pre windows 2000
$current_filter = "(userprincipalname={$uname}@{$this->dn})"; // for 2000 +
// end add by Father Barry Keal
}
else
{
if ($this->usr != '' && $this->pwd != '')
{
$this->result = ldap_bind($this->connection, $this->usr, $this->pwd);
}
else
{
$this->result = ldap_bind($this->connection);
}
if ($this->result === false)
{
// echo "LDAP bind failed<br />";
$this->makeErrorText(); // Read the error code and explanatory string
return AUTH_NOCONNECT;
}
// In ldap_auth.php, should look like this instead for eDirectory
// $query = ldap_search($this -> connection, $this -> dn, "cn=".$uname);
if ($this->serverType == "eDirectory")
{
$current_filter = "(&(cn={$uname})" . $this->filter . ")";
}
else
{
$current_filter = "uid=" . $uname;
}
// echo "LDAP search: {$this->dn}, {$current_filter}<br />";
$query = ldap_search($this->connection, $this->dn, $current_filter);
if ($query === false)
{
// Could not perform query to LDAP directory
echo "LDAP - search for user failed<br />";
$this->makeErrorText(); // Read the error code and explanatory string
return AUTH_NOCONNECT;
}
else
{
$query_result = ldap_get_entries($this->connection, $query);
if ($query_result["count"] != 1)
{
if ($connect_only) return AUTH_SUCCESS;
else return AUTH_NOUSER;
}
else
{
$checkDn = $query_result[0]["dn"];
$this->close();
$this->connect();
}
}
}
// Try and connect...
$this->result = ldap_bind($this->connection, $checkDn, $pass);
if ($this->result)
{
// Connected OK - login credentials are fine!
// But bind can return success even if no password! Does reject an invalid password, however
if ($connect_only) return AUTH_SUCCESS;
if (trim($pass) == '') return AUTH_BADPASSWORD; // Pick up a blank password
if (count($this->copyAttribs) == 0) return AUTH_SUCCESS; // No attributes required - we're done
$ldap_attributes = array_values(array_unique($this->copyAttribs));
if ($this->serverType == "ActiveDirectory")
{ // If we are using AD then build up the full string from the fqdn
$altauth_tmp = explode('.', $this->dn);
$checkDn='';
foreach($altauth_tmp as $$altauth_dc)
{
$checkDn .= ",DC={$altauth_dc}";
}
// prefix with the OU
$checkDn = $this->ou . $checkDn;
}
$this->result = ldap_search($this->connection, $checkDn, $current_filter, $ldap_attributes);
if ($this->result)
{
$entries = ldap_get_entries($this->connection, $this->result);
if (count($entries) == 2) // All OK
{
for ($j = 0; $j < $entries[0]['count']; $j++)
{
$k = $entries[0][$j]; // LDAP attribute name
$tlv = $entries[0][$k]; // Array of LDAP data
if (is_array($tlv) && count($tempKeys = array_keys($this->copyAttribs,$k))) // This bit executed if we've successfully got some data. Key is the attribute name, then array of data
{
foreach ($tempKeys as $tk) // Single LDAP attribute may be mapped to several fields
{
// $newvals[$tk] = $this->translate($tlv[0]); // Just grab the first value
$newvals[$tk] = $tlv[0]; // Just grab the first value
}
}
else
{
// echo " Unexpected non-array value - Key: {$k} Value: {$tlv}<br />";
$this->makeErrorText(); // Read the error code and explanatory string
return AUTH_NOCONNECT; // Not really a suitable return code for this - its an error
}
}
}
else
{
// echo "Got wrong number of entries<br />";
$this->makeErrorText(); // Read the error code and explanatory string
return AUTH_NOUSER; // Bit debateable what to return if this happens
}
}
else // Probably a bit strange if we don't get any info back - but possible
{
// echo "No results!<br />";
}
return AUTH_SUCCESS;
}
else
{
/* Login failed. Return error code.
** The common error codes and reasons are listed below :
** (for iPlanet, other servers may differ)
** 19 - Account locked out (too many invalid login attempts)
** 32 - User does not exist
** 49 - Wrong password
** 53 - Account inactive (manually locked out by administrator)
*/
$this->makeErrorText(); // Read the error code and explanatory string
switch ($this->ldapErrorCode)
{
case 32 :
return AUTH_NOUSER;
case 49 :
return AUTH_BADPASSWORD;
}
// return error code as if it never connected, maybe change that in the future
return AUTH_NOCONNECT;
}
}
}
?>
<?php
/*
* e107 website system
*
* Copyright (C) 2008-2012 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* LDAP authorisation for alt_auth plugin
*
* $URL$
* $Id$
*/
/**
* e107 Alternate authorisation plugin
*
* @package e107_plugins
* @subpackage alt_auth
* @version $Id$;
*/
class auth_login extends alt_auth_base
{
private $server; // The LDAP server (array of possible servers)
private $dn; // LDAP domain
private $ou; // LDAP OU
private $usr; // User name to log on to server
private $pwd; // Password to log on to server
private $serverType; // Server type = LDAP/AD/eDirectory
public $ldapErrorCode; // LDAP error code on exit
public $ldapErrorText; // LDAP error string on exit
public $ErrorText; // e107 error string on exit
private $connection; // LDAP resource for connection
private $ldapVersion; // Version of LDAP to use
public $Available = FALSE; // Flag indicates whether DB connection available
private $filter; // Filter for eDirectory search
private $copyAttribs; // Any attributes which are to be copied on successful login
public $copyMethods; // Methods which are to be used to copy attributes
/**
* Read configuration, initialise connection to LDAP database
*
* @return AUTH_xxxx result code
*/
public function auth_login()
{
$this->copyAttribs = array();
$this->copyMethods = array();
$ldap = $this->altAuthGetParams('ldap');
foreach ($ldap as $row)
{
if ((strpos($row['auth_parmname'], 'ldap_xf_') === 0) && $ldap[$row['auth_parmname']]) // Attribute to copy on successful login
{
$this->copyAttribs[substr($row['auth_parmname'], strlen('ldap_xf_'))] = $ldap[$row['auth_parmname']]; // Key = LDAP attribute. Value = e107 field name
}
elseif ((strpos($row['auth_parmname'], 'ldap_pm_') === 0) && $ldap[$row['auth_parmname']] && ($ldap[$row['auth_parmname']] != 'none')) // Method to use to copy parameter
{ // Any fields with non-null 'copy' methods
$this->copyMethods[substr($row['auth_parmname'], strlen('ldap_pm_'))] = $ldap[$row['auth_parmname']]; // Key = e107 field name. Value = copy method
}
}
$this->server = explode(',', $ldap['ldap_server']);
$this->serverType = $ldap['ldap_servertype'];
$this->dn = $ldap['ldap_basedn'];
$this->ou = $ldap['ldap_ou'];
$this->usr = $ldap['ldap_user'];
$this->pwd = $ldap['ldap_passwd'];
$this->ldapVersion = $ldap['ldap_version'];
$this->filter = (isset($ldap['ldap_edirfilter']) ? $ldap['ldap_edirfilter'] : "");
if (!function_exists('ldap_connect'))
{
return AUTH_NORESOURCE;
}
if (!$this->connect())
{
return AUTH_NOCONNECT;
}
$this->Available = TRUE;
return AUTH_SUCCESS;
}
/**
* Retrieve and construct error strings
*/
private function makeErrorText($extra = '')
{
$this->ldapErrorCode = ldap_errno($this->connection);
$this->ldapErrorText = ldap_error($this->connection);
$this->ErrorText = $extra . ' ' . $this->ldapErrorCode . ': ' . $this->ldapErrorText;
}
/**
* Connect to the LDAP server
*
* @return boolean TRUE for success, FALSE for failure
*/
public function connect()
{
foreach ($this->server as $key => $host)
{
$this->connection = ldap_connect($host);
if ($this->connection)
{
if ($this->ldapVersion == 3 || $this->serverType == "ActiveDirectory")
{
@ldap_set_option($this->connection, LDAP_OPT_PROTOCOL_VERSION, 3);
}
return true;
}
}
$this->ldapErrorCode = -1;
$this->ldapErrorText = "Unable to connect to any server";
$this->ErrorText = $this->ldapErrorCode . ': ' . $this->ldapErrorText;
return false;
}
/**
* Close the connection to the LDAP server
*/
public function close()
{
if (!@ldap_close($this->connection))
{
$this->makeErrorText(); // Read the error code and explanatory string
return false;
}
else
{
return true;
}
}
/**
* Validate login credentials
*
* @param string $uname - The user name requesting access
* @param string $pass - Password to use (usually plain text)
* @param pointer &$newvals - pointer to array to accept other data read from database
* @param boolean $connect_only - TRUE to simply connect to the server
*
* @return integer result (AUTH_xxxx)
*
* On a successful login, &$newvals array is filled with the requested data from the server
*/
function login($uname, $pass, &$newvals, $connect_only = false)
{
/* Construct the full DN, eg:-
** "uid=username, ou=People, dc=orgname,dc=com"
*/
// echo "Login to server type: {$this->serverType}<br />";
$current_filter = "";
if ($this->serverType == "ActiveDirectory")
{
$checkDn = $uname . '@' . $this->dn;
// added by Father Barry Keal
// $current_filter = "(sAMAccountName={$uname})"; for pre windows 2000
$current_filter = "(userprincipalname={$uname}@{$this->dn})"; // for 2000 +
// end add by Father Barry Keal
}
else
{
if ($this->usr != '' && $this->pwd != '')
{
$this->result = ldap_bind($this->connection, $this->usr, $this->pwd);
}
else
{
$this->result = ldap_bind($this->connection);
}
if ($this->result === false)
{
// echo "LDAP bind failed<br />";
$this->makeErrorText(); // Read the error code and explanatory string
return AUTH_NOCONNECT;
}
// In ldap_auth.php, should look like this instead for eDirectory
// $query = ldap_search($this -> connection, $this -> dn, "cn=".$uname);
if ($this->serverType == "eDirectory")
{
$current_filter = "(&(cn={$uname})" . $this->filter . ")";
}
else
{
$current_filter = "uid=" . $uname;
}
// echo "LDAP search: {$this->dn}, {$current_filter}<br />";
$query = ldap_search($this->connection, $this->dn, $current_filter);
if ($query === false)
{
// Could not perform query to LDAP directory
echo "LDAP - search for user failed<br />";
$this->makeErrorText(); // Read the error code and explanatory string
return AUTH_NOCONNECT;
}
else
{
$query_result = ldap_get_entries($this->connection, $query);
if ($query_result["count"] != 1)
{
if ($connect_only) return AUTH_SUCCESS;
else return AUTH_NOUSER;
}
else
{
$checkDn = $query_result[0]["dn"];
$this->close();
$this->connect();
}
}
}
// Try and connect...
$this->result = ldap_bind($this->connection, $checkDn, $pass);
if ($this->result)
{
// Connected OK - login credentials are fine!
// But bind can return success even if no password! Does reject an invalid password, however
if ($connect_only) return AUTH_SUCCESS;
if (trim($pass) == '') return AUTH_BADPASSWORD; // Pick up a blank password
if (count($this->copyAttribs) == 0) return AUTH_SUCCESS; // No attributes required - we're done
$ldap_attributes = array_values(array_unique($this->copyAttribs));
if ($this->serverType == "ActiveDirectory")
{ // If we are using AD then build up the full string from the fqdn
$altauth_tmp = explode('.', $this->dn);
$checkDn='';
foreach($altauth_tmp as $$altauth_dc)
{
$checkDn .= ",DC={$altauth_dc}";
}
// prefix with the OU
$checkDn = $this->ou . $checkDn;
}
$this->result = ldap_search($this->connection, $checkDn, $current_filter, $ldap_attributes);
if ($this->result)
{
$entries = ldap_get_entries($this->connection, $this->result);
if (count($entries) == 2) // All OK
{
for ($j = 0; $j < $entries[0]['count']; $j++)
{
$k = $entries[0][$j]; // LDAP attribute name
$tlv = $entries[0][$k]; // Array of LDAP data
if (is_array($tlv) && count($tempKeys = array_keys($this->copyAttribs,$k))) // This bit executed if we've successfully got some data. Key is the attribute name, then array of data
{
foreach ($tempKeys as $tk) // Single LDAP attribute may be mapped to several fields
{
// $newvals[$tk] = $this->translate($tlv[0]); // Just grab the first value
$newvals[$tk] = $tlv[0]; // Just grab the first value
}
}
else
{
// echo " Unexpected non-array value - Key: {$k} Value: {$tlv}<br />";
$this->makeErrorText(); // Read the error code and explanatory string
return AUTH_NOCONNECT; // Not really a suitable return code for this - its an error
}
}
}
else
{
// echo "Got wrong number of entries<br />";
$this->makeErrorText(); // Read the error code and explanatory string
return AUTH_NOUSER; // Bit debateable what to return if this happens
}
}
else // Probably a bit strange if we don't get any info back - but possible
{
// echo "No results!<br />";
}
return AUTH_SUCCESS;
}
else
{
/* Login failed. Return error code.
** The common error codes and reasons are listed below :
** (for iPlanet, other servers may differ)
** 19 - Account locked out (too many invalid login attempts)
** 32 - User does not exist
** 49 - Wrong password
** 53 - Account inactive (manually locked out by administrator)
*/
$this->makeErrorText(); // Read the error code and explanatory string
switch ($this->ldapErrorCode)
{
case 32 :
return AUTH_NOUSER;
case 49 :
return AUTH_BADPASSWORD;
}
// return error code as if it never connected, maybe change that in the future
return AUTH_NOCONNECT;
}
}
}
?>

410
e107_plugins/alt_auth/otherdb_auth.php
View File

@@ -1,205 +1,205 @@
<?php
/*
* e107 website system
*
* Copyright (C) 2008-2012 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Alt_auth plugin - 'otherdb' authorisation handler
*
* $URL$
* $Id$
*
*/
/**
* e107 Alternate authorisation plugin
*
* @package e107_plugins
* @subpackage alt_auth
* @version $Id$;
*/
/*
return values
AUTH_NOCONNECT = unable to connect to db
AUTH_NOUSER = user not found
AUTH_BADPASSWORD = supplied password incorrect
AUTH_SUCCESS = valid login
*/
class auth_login extends alt_auth_base
{
public $Available = FALSE; // Flag indicates whether DB connection available
public $ErrorText; // e107 error string on exit
private $conf; // Configuration parameters
/**
* Read configuration
*
* @return AUTH_xxxx result code
*/
public function __construct()
{
$this->ErrorText = '';
$this->conf = $this->altAuthGetParams('otherdb');
$this->Available = TRUE;
}
/**
* Retrieve and construct error strings
*
* @todo - test whether reconnect to DB is required (shouldn't be)
*/
private function makeErrorText($extra = '')
{
$this->ErrorText = $extra;
}
/**
* Validate login credentials
*
* @param string $uname - The user name requesting access
* @param string $pass - Password to use (usually plain text)
* @param pointer &$newvals - pointer to array to accept other data read from database
* @param boolean $connect_only - TRUE to simply connect to the database
*
* @return integer result (AUTH_xxxx)
*
* On a successful login, &$newvals array is filled with the requested data from the server
*/
public function login($uname, $pword, &$newvals, $connect_only = FALSE)
{
/* Begin - Deltik's PDO Workaround (part 1/2) */
// $dsn = 'mysql:dbname=' . $this->conf['otherdb_database'] . ';host=' . $this->conf['otherdb_server'];
$dsn = "mysql:host=".$this->conf['otherdb_server'].";port=".varset($this->conf['otherdb_port'],3306).";dbname=".$this->conf['otherdb_database'];
try
{
$dbh = new PDO($dsn, $this->conf['otherdb_username'], $this->conf['otherdb_password']);
}
catch (PDOException $e)
{
$this->makeErrorText('Cannot connect to remote DB; PDOException message: ' . $e->getMessage());
return AUTH_NOCONNECT;
}
/* End - Deltik's PDO Workaround (part 1/2) */
/** Ancient code that breaks e107's ability to use the original MySQL resource
//Attempt to open connection to sql database
if(!$res = mysql_connect($this->conf['otherdb_server'], $this->conf['otherdb_username'], $this->conf['otherdb_password']))
{
$this->makeErrorText('Cannot connect to remote server');
return AUTH_NOCONNECT;
}
//Select correct db
if(!mysql_select_db($this->conf['otherdb_database'], $res))
{
mysql_close($res);
$this->makeErrorText('Cannot connect to remote DB');
return AUTH_NOCONNECT;
}
*/
if ($connect_only) return AUTH_SUCCESS; // Test mode may just want to connect to the DB
$sel_fields = array();
// Make an array of the fields we want from the source DB
foreach($this->conf as $k => $v)
{
if ($v && (strpos($k,'otherdb_xf_') === 0))
{
$sel_fields[] = $v;
}
}
$sel_fields[] = $this->conf['otherdb_password_field'];
$user_field = $this->conf['otherdb_user_field'];
if(!empty($this->conf['otherdb_password_salt']))
{
$sel_fields[] = $this->conf['otherdb_password_salt'];
}
//Get record containing supplied login name
$qry = "SELECT ".implode(',',$sel_fields)." FROM {$this->conf['otherdb_table']} WHERE {$user_field} = '{$uname}'";
// echo "Query: {$qry}<br />";
/* Begin - Deltik's PDO Workaround (part 2/2) */
if (!$r1 = $dbh->query($qry))
{
$this->makeErrorText('Lookup query failed');
e107::getMessage()->addDebug($qry);
return AUTH_NOCONNECT;
}
if (!$row = $r1->fetch(PDO::FETCH_BOTH))
{
$this->makeErrorText('User not found');
return AUTH_NOUSER;
}
/* End - Deltik's PDO Workaround (part 2/2) */
/** Ancient code that breaks e107's ability to use the original MySQL resource
if(!$r1 = mysql_query($qry))
{
mysql_close($res);
$this->makeErrorText('Lookup query failed');
return AUTH_NOCONNECT;
}
if(!$row = mysql_fetch_array($r1))
{
mysql_close($res);
$this->makeErrorText('User not found');
return AUTH_NOUSER;
}
mysql_close($res);*/ // Finished with 'foreign' DB now
// Got something from the DB - see whether password valid
require_once(e_PLUGIN.'alt_auth/extended_password_handler.php'); // This auto-loads the 'standard' password handler as well
$pass_check = new ExtendedPasswordHandler();
$passMethod = $pass_check->passwordMapping($this->conf['otherdb_password_method']);
if ($passMethod === FALSE)
{
$this->makeErrorText('Password error - invalid method');
return AUTH_BADPASSWORD;
}
$pwFromDB = $row[$this->conf['otherdb_password_field']]; // Password stored in DB
$salt_field = $this->conf['otherdb_password_salt'];
if(!empty($salt_field))
{
$pwFromDB .= ':'.$row[$salt_field];
}
if ($pass_check->checkPassword($pword, $uname, $pwFromDB, $passMethod) !== PASSWORD_VALID)
{
$this->makeErrorText('Password incorrect');
return AUTH_BADPASSWORD;
}
// Now copy across any values we have selected
foreach($this->conf as $k => $v)
{
if ($v && (strpos($k,'otherdb_xf_') === 0) && isset($row[$v]))
{
$newvals[substr($k,strlen('otherdb_xf_'))] = $row[$v];
}
}
$this->makeErrorText(''); // Success - just reconnect to E107 DB if needed
return AUTH_SUCCESS;
}
}
?>
<?php
/*
* e107 website system
*
* Copyright (C) 2008-2012 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Alt_auth plugin - 'otherdb' authorisation handler
*
* $URL$
* $Id$
*
*/
/**
* e107 Alternate authorisation plugin
*
* @package e107_plugins
* @subpackage alt_auth
* @version $Id$;
*/
/*
return values
AUTH_NOCONNECT = unable to connect to db
AUTH_NOUSER = user not found
AUTH_BADPASSWORD = supplied password incorrect
AUTH_SUCCESS = valid login
*/
class auth_login extends alt_auth_base
{
public $Available = FALSE; // Flag indicates whether DB connection available
public $ErrorText; // e107 error string on exit
private $conf; // Configuration parameters
/**
* Read configuration
*
* @return AUTH_xxxx result code
*/
public function __construct()
{
$this->ErrorText = '';
$this->conf = $this->altAuthGetParams('otherdb');
$this->Available = TRUE;
}
/**
* Retrieve and construct error strings
*
* @todo - test whether reconnect to DB is required (shouldn't be)
*/
private function makeErrorText($extra = '')
{
$this->ErrorText = $extra;
}
/**
* Validate login credentials
*
* @param string $uname - The user name requesting access
* @param string $pass - Password to use (usually plain text)
* @param pointer &$newvals - pointer to array to accept other data read from database
* @param boolean $connect_only - TRUE to simply connect to the database
*
* @return integer result (AUTH_xxxx)
*
* On a successful login, &$newvals array is filled with the requested data from the server
*/
public function login($uname, $pword, &$newvals, $connect_only = FALSE)
{
/* Begin - Deltik's PDO Workaround (part 1/2) */
// $dsn = 'mysql:dbname=' . $this->conf['otherdb_database'] . ';host=' . $this->conf['otherdb_server'];
$dsn = "mysql:host=".$this->conf['otherdb_server'].";port=".varset($this->conf['otherdb_port'],3306).";dbname=".$this->conf['otherdb_database'];
try
{
$dbh = new PDO($dsn, $this->conf['otherdb_username'], $this->conf['otherdb_password']);
}
catch (PDOException $e)
{
$this->makeErrorText('Cannot connect to remote DB; PDOException message: ' . $e->getMessage());
return AUTH_NOCONNECT;
}
/* End - Deltik's PDO Workaround (part 1/2) */
/** Ancient code that breaks e107's ability to use the original MySQL resource
//Attempt to open connection to sql database
if(!$res = mysql_connect($this->conf['otherdb_server'], $this->conf['otherdb_username'], $this->conf['otherdb_password']))
{
$this->makeErrorText('Cannot connect to remote server');
return AUTH_NOCONNECT;
}
//Select correct db
if(!mysql_select_db($this->conf['otherdb_database'], $res))
{
mysql_close($res);
$this->makeErrorText('Cannot connect to remote DB');
return AUTH_NOCONNECT;
}
*/
if ($connect_only) return AUTH_SUCCESS; // Test mode may just want to connect to the DB
$sel_fields = array();
// Make an array of the fields we want from the source DB
foreach($this->conf as $k => $v)
{
if ($v && (strpos($k,'otherdb_xf_') === 0))
{
$sel_fields[] = $v;
}
}
$sel_fields[] = $this->conf['otherdb_password_field'];
$user_field = $this->conf['otherdb_user_field'];
if(!empty($this->conf['otherdb_password_salt']))
{
$sel_fields[] = $this->conf['otherdb_password_salt'];
}
//Get record containing supplied login name
$qry = "SELECT ".implode(',',$sel_fields)." FROM {$this->conf['otherdb_table']} WHERE {$user_field} = '{$uname}'";
// echo "Query: {$qry}<br />";
/* Begin - Deltik's PDO Workaround (part 2/2) */
if (!$r1 = $dbh->query($qry))
{
$this->makeErrorText('Lookup query failed');
e107::getMessage()->addDebug($qry);
return AUTH_NOCONNECT;
}
if (!$row = $r1->fetch(PDO::FETCH_BOTH))
{
$this->makeErrorText('User not found');
return AUTH_NOUSER;
}
/* End - Deltik's PDO Workaround (part 2/2) */
/** Ancient code that breaks e107's ability to use the original MySQL resource
if(!$r1 = mysql_query($qry))
{
mysql_close($res);
$this->makeErrorText('Lookup query failed');
return AUTH_NOCONNECT;
}
if(!$row = mysql_fetch_array($r1))
{
mysql_close($res);
$this->makeErrorText('User not found');
return AUTH_NOUSER;
}
mysql_close($res);*/ // Finished with 'foreign' DB now
// Got something from the DB - see whether password valid
require_once(e_PLUGIN.'alt_auth/extended_password_handler.php'); // This auto-loads the 'standard' password handler as well
$pass_check = new ExtendedPasswordHandler();
$passMethod = $pass_check->passwordMapping($this->conf['otherdb_password_method']);
if ($passMethod === FALSE)
{
$this->makeErrorText('Password error - invalid method');
return AUTH_BADPASSWORD;
}
$pwFromDB = $row[$this->conf['otherdb_password_field']]; // Password stored in DB
$salt_field = $this->conf['otherdb_password_salt'];
if(!empty($salt_field))
{
$pwFromDB .= ':'.$row[$salt_field];
}
if ($pass_check->checkPassword($pword, $uname, $pwFromDB, $passMethod) !== PASSWORD_VALID)
{
$this->makeErrorText('Password incorrect');
return AUTH_BADPASSWORD;
}
// Now copy across any values we have selected
foreach($this->conf as $k => $v)
{
if ($v && (strpos($k,'otherdb_xf_') === 0) && isset($row[$v]))
{
$newvals[substr($k,strlen('otherdb_xf_'))] = $row[$v];
}
}
$this->makeErrorText(''); // Success - just reconnect to E107 DB if needed
return AUTH_SUCCESS;
}
}
?>

274
e107_plugins/alt_auth/otherdb_conf.php
View File

@@ -1,138 +1,138 @@
<?php
/*
* e107 website system
*
* Copyright (C) 2008-2012 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Alt_auth plugin - 'otherdb' configuration
*
* $URL$
* $Id$
*
*/
/**
* e107 Alternate authorisation plugin
*
* @package e107_plugins
* @subpackage alt_auth
* @version $Id$;
*/
$eplug_admin = true;
require_once('../../class2.php');
require_once(e_ADMIN.'auth.php');
require_once(e_HANDLER.'form_handler.php');
e107::includeLan(e_PLUGIN.'alt_auth/languages/'.e_LANGUAGE.'/admin_otherdb_conf.php');
e107::includeLan(e_PLUGIN.'alt_auth/languages/'.e_LANGUAGE.'/admin_alt_auth.php');
define('ALT_AUTH_ACTION', 'otherdb');
require_once(e_PLUGIN.'alt_auth/alt_auth_adminmenu.php');
require_once(e_PLUGIN.'alt_auth/extended_password_handler.php');
class alt_auth_otherdb extends alt_auth_admin
{
public function __construct()
{
}
public function showForm()
{
$ns = e107::getRender();
$parm = $this->altAuthGetParams('otherdb');
$frm = new form;
$text = $frm -> form_open("post", e_SELF);
$tab1 = "<table class='table adminform'>
<colgroup>
<col class='col-label' />
<col class='col-control' />
</colgroup>
";
$tab1 .= "<tr><td>".LAN_ALT_26."</td><td>";
$tab1 .= OTHERDB_LAN_15;
$tab1 .= "</td></tr>";
$tab1 .= $this->alt_auth_get_db_fields('otherdb', $frm, $parm, 'server|port|uname|pwd|db|table|ufield|pwfield|salt');
$tab1 .= "<tr><td>".OTHERDB_LAN_9."</td><td>";
$tab1 .= $this->altAuthGetPasswordSelector('otherdb_password_method', $frm, $parm['otherdb_password_method'], TRUE);
$tab1 .= "</td></tr>
</table>
";
$tab2 = "
<table class='table adminform'>
<colgroup>
<col class='col-label' />
<col class='col-control' />
</colgroup>
";
$tab2 .= "<tr><td class='forumheader2' colspan='2'>".LAN_ALT_27."</td></tr>";
$tab2 .= $this->alt_auth_get_field_list('otherdb',$frm, $parm, FALSE);
$tab2 .= '</table>';
$tabs = array(
'tab1' => array('caption'=>'Database', 'text'=>$tab1),
'tab2' => array('caption'=>'Data', 'text'=>$tab2),
);
$text .= e107::getForm()->tabs($tabs);
$text .= "<div class='buttons-bar center'>";
$text .= e107::getForm()->admin_button("update", LAN_UPDATE,'update');
$text .= '</div>';
$text .= $frm -> form_close();
$ns -> tablerender(OTHERDB_LAN_10, $text);
$ns->tablerender(LAN_ALT_40.LAN_ALT_41, $this->alt_auth_test_form('otherdb',$frm));
}
}
$otherdbAdmin = new alt_auth_otherdb();
if(!empty($_POST['update']))
{
$message = $otherdbAdmin->alt_auth_post_options('otherdb');
}
if(!empty($message))
{
echo e107::getMessage()->addSuccess($message)->render();
}
$otherdbAdmin->showForm($mes);
require_once(e_ADMIN.'footer.php');
function otherdb_conf_adminmenu()
{
alt_auth_adminmenu();
}
<?php
/*
* e107 website system
*
* Copyright (C) 2008-2012 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Alt_auth plugin - 'otherdb' configuration
*
* $URL$
* $Id$
*
*/
/**
* e107 Alternate authorisation plugin
*
* @package e107_plugins
* @subpackage alt_auth
* @version $Id$;
*/
$eplug_admin = true;
require_once('../../class2.php');
require_once(e_ADMIN.'auth.php');
require_once(e_HANDLER.'form_handler.php');
e107::includeLan(e_PLUGIN.'alt_auth/languages/'.e_LANGUAGE.'/admin_otherdb_conf.php');
e107::includeLan(e_PLUGIN.'alt_auth/languages/'.e_LANGUAGE.'/admin_alt_auth.php');
define('ALT_AUTH_ACTION', 'otherdb');
require_once(e_PLUGIN.'alt_auth/alt_auth_adminmenu.php');
require_once(e_PLUGIN.'alt_auth/extended_password_handler.php');
class alt_auth_otherdb extends alt_auth_admin
{
public function __construct()
{
}
public function showForm()
{
$ns = e107::getRender();
$parm = $this->altAuthGetParams('otherdb');
$frm = new form;
$text = $frm -> form_open("post", e_SELF);
$tab1 = "<table class='table adminform'>
<colgroup>
<col class='col-label' />
<col class='col-control' />
</colgroup>
";
$tab1 .= "<tr><td>".LAN_ALT_26."</td><td>";
$tab1 .= OTHERDB_LAN_15;
$tab1 .= "</td></tr>";
$tab1 .= $this->alt_auth_get_db_fields('otherdb', $frm, $parm, 'server|port|uname|pwd|db|table|ufield|pwfield|salt');
$tab1 .= "<tr><td>".OTHERDB_LAN_9."</td><td>";
$tab1 .= $this->altAuthGetPasswordSelector('otherdb_password_method', $frm, $parm['otherdb_password_method'], TRUE);
$tab1 .= "</td></tr>
</table>
";
$tab2 = "
<table class='table adminform'>
<colgroup>
<col class='col-label' />
<col class='col-control' />
</colgroup>
";
$tab2 .= "<tr><td class='forumheader2' colspan='2'>".LAN_ALT_27."</td></tr>";
$tab2 .= $this->alt_auth_get_field_list('otherdb',$frm, $parm, FALSE);
$tab2 .= '</table>';
$tabs = array(
'tab1' => array('caption'=>'Database', 'text'=>$tab1),
'tab2' => array('caption'=>'Data', 'text'=>$tab2),
);
$text .= e107::getForm()->tabs($tabs);
$text .= "<div class='buttons-bar center'>";
$text .= e107::getForm()->admin_button("update", LAN_UPDATE,'update');
$text .= '</div>';
$text .= $frm -> form_close();
$ns -> tablerender(OTHERDB_LAN_10, $text);
$ns->tablerender(LAN_ALT_40.LAN_ALT_41, $this->alt_auth_test_form('otherdb',$frm));
}
}
$otherdbAdmin = new alt_auth_otherdb();
if(!empty($_POST['update']))
{
$message = $otherdbAdmin->alt_auth_post_options('otherdb');
}
if(!empty($message))
{
echo e107::getMessage()->addSuccess($message)->render();
}
$otherdbAdmin->showForm($mes);
require_once(e_ADMIN.'footer.php');
function otherdb_conf_adminmenu()
{
alt_auth_adminmenu();
}
?>

500
e107_plugins/alt_auth/radius_auth.php
View File

@@ -1,250 +1,250 @@
<?php
/*
+ ----------------------------------------------------------------------------+
| e107 website system
|
| Copyright (C) 2008-2009 e107 Inc (e107.org)
| http://e107.org
|
|
| Released under the terms and conditions of the
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_plugins/alt_auth/radius_auth.php,v $
| $Revision$
| $Date$
| $Author$
+----------------------------------------------------------------------------+
RFC2865 is the main RADIUS standard - http://www.faqs.org/rfcs/rfc2865
Potential enhancements:
- Multiple servers (done, but not tested)
- Configurable port (probably not necessary)
- Configurable timeout
- Configurable retries
Error recfrom: 10054 - winsock error for 'connection reset'
*/
define('RADIUS_DEBUG',FALSE);
class auth_login extends alt_auth_base
{
private $server;
private $secret;
private $port;
private $usr;
private $pwd;
private $connection; // Handle to use on successful creation
public $Available = FALSE; // Flag indicates whether DB connection available
public $ErrorText; // e107 error string on exit
/**
* Read configuration, initialise connection to LDAP database
*
* @return AUTH_xxxx result code
*/
function __construct()
{
$this->copyAttribs = array();
$radius = $this->altAuthGetParams('radius');
$this->server = explode(',',$radius['radius_server']);
$this->port = 1812; // Assume fixed port number for now - 1812 (UDP) is listed for servers, 1645 for authentification. (1646, 1813 for accounting)
// (A Microsoft app note says 1812 is the RFC2026-compliant port number. (http://support.microsoft.com/kb/230786)
// $this->port = 1645;
$this->secret = explode(',',$radius['radius_secret']);
if ((count($this->server) > 1) && (count($this->secret) == 1))
{
$this->secret = array();
foreach ($this->server as $k => $v)
{
$this->secret[$k] = $radius['radius_secret']; // Same secret for all servers, if only one entered
}
}
$this->ErrorText = '';
if(!function_exists('radius_auth_open'))
{
return AUTH_NORESOURCE;
}
if(!$this -> connect())
{
return AUTH_NOCONNECT;
}
$this->Available = TRUE;
return AUTH_SUCCESS;
}
/**
* Retrieve and construct error strings
*/
function makeErrorText($extra = '')
{
$this->ErrorText = $extra.radius_strerror($this->connection) ;
if (!RADIUS_DEBUG) return;
$text = "<br />Server: {$this->server} Stored secret: ".radius_server_secret($this->connection)." Port: {$this->port}";
$this->ErrorText .= $text;
}
/**
* Try to connect to a radius server
*
* @return boolean TRUE for success, FALSE for failure
*/
function connect()
{
if (!($this->connection = radius_auth_open()))
{
$this->makeErrorText('RADIUS open failed: ') ;
return FALSE;
}
foreach ($this->server as $k => $s)
{
if (!radius_add_server($this->connection, $s, $this->port, $this->secret[$k], 15, 1)) // fixed 15 second timeout, one try ATM
{
$this->makeErrorText('RADIUS add server failed: ') ;
return FALSE;
}
}
return TRUE;
}
/**
* Close the connection to the Radius server
*/
function close()
{
if ( !radius_close( $this->connection)) // (Not strictly necessary, but tidy)
{
$this->makeErrorText('RADIUS close error: ') ;
return false;
}
else
{
return true;
}
}
/**
* Validate login credentials
*
* @param string $uname - The user name requesting access
* @param string $pass - Password to use (usually plain text)
* @param pointer &$newvals - pointer to array to accept other data read from database
* @param boolean $connect_only - TRUE to simply connect to the server
*
* @return integer result (AUTH_xxxx)
*
* On a successful login, &$newvals array is filled with the requested data from the server
*/
function login($uname, $pass, &$newvals, $connect_only = FALSE)
{
// Create authentification request
if (!radius_create_request($this->connection,RADIUS_ACCESS_REQUEST))
{
$this->makeErrorText('RADIUS failed authentification request: ') ;
return AUTH_NOCONNECT;
}
if (trim($pass) == '') return AUTH_BADPASSWORD; // Pick up a blank password - always expect one
// Attach username and password
if (!radius_put_attr($this->connection,RADIUS_USER_NAME,$uname)
|| !radius_put_attr($this->connection,RADIUS_USER_PASSWORD,$pass))
{
$this->makeErrorText('RADIUS could not attach username/password: ') ;
return AUTH_NOCONNECT;
}
// Finally, send request to server
switch (radius_send_request($this->connection))
{
case RADIUS_ACCESS_ACCEPT : // Valid username/password
break;
case RADIUS_ACCESS_CHALLENGE : // CHAP response required - not currently implemented
$this->makeErrorText('CHAP not supported');
return AUTH_NOUSER;
case RADIUS_ACCESS_REJECT : // Specifically rejected
default: // Catch-all
$this->makeErrorText('RADIUS validation error: ') ;
return AUTH_NOUSER;
}
// User accepted here.
if ($connect_only) return AUTH_SUCCESS;
return AUTH_SUCCESS; // Not interested in any attributes returned ATM, so done.
// See if we get any attributes - not really any use to us unless we implement CHAP, so disabled ATM
$attribs = array();
while ($resa = radius_get_attr($this->connection))
{
if (!is_array($resa))
{
$this->makeErrorText("Error getting attribute: ");
exit;
}
// Decode attribute according to type (this isn't an exhaustive list)
// Codes: 2, 3, 4, 5, 30, 31, 32, 60, 61 should never be received by us
// Codes 17, 21 not assigned
switch ($resa['attr'])
{
case 8 : // IP address to be set (255.255.255.254 indicates 'allocate your own address')
case 9 : // Subnet mask
case 14 : // Login-IP host
$attribs[$resa['attr']] = radius_cvt_addr($resa['data']);
break;
case 6 : // Service type (integer bitmap)
case 7 : // Protocol (integer bitmap)
case 10 : // Routing method (integer)
case 12 : // Framed MTU
case 13 : // Compression method
case 15 : // Login service (bitmap)
case 16 : // Login TCP port
case 23 : // Framed IPX network (0xFFFFFFFE indicates 'allocate your own')
case 27 : // Session timeout - maximum connection/login time in seconds
case 28 : // Idle timeout in seconds
case 29 : // Termination action
case 37 : // AppleTalk link number
case 38 : // AppleTalk network
case 62 : // Max ports
case 63 : // Login LAT port
$attribs[$resa['attr']] = radius_cvt_int($resa['data']);
break;
case 1 : // User name
case 11 : // Filter ID - could get several of these
case 18 : // Reply message (text, various purposes)
case 19 : // Callback number
case 20 : // Callback ID
case 22 : // Framed route - could get several of these
case 24 : // State - used in CHAP
case 25 : // Class
case 26 : // Vendor-specific
case 33 : // Proxy State
case 34 : // Login LAT service
case 35 : // Login LAT node
case 36 : // Login LAT group
case 39 : // AppleTalk zone
default :
$attribs[$resa['attr']] = radius_cvt_string($resa['data']); // Default to string type
}
printf("Got Attr: %d => %d Bytes %s\n", $resa['attr'], strlen($attribs[$resa['attr']]), $attribs[$resa['attr']]);
}
return AUTH_SUCCESS;
}
}
?>
<?php
/*
+ ----------------------------------------------------------------------------+
| e107 website system
|
| Copyright (C) 2008-2009 e107 Inc (e107.org)
| http://e107.org
|
|
| Released under the terms and conditions of the
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_plugins/alt_auth/radius_auth.php,v $
| $Revision$
| $Date$
| $Author$
+----------------------------------------------------------------------------+
RFC2865 is the main RADIUS standard - http://www.faqs.org/rfcs/rfc2865
Potential enhancements:
- Multiple servers (done, but not tested)
- Configurable port (probably not necessary)
- Configurable timeout
- Configurable retries
Error recfrom: 10054 - winsock error for 'connection reset'
*/
define('RADIUS_DEBUG',FALSE);
class auth_login extends alt_auth_base
{
private $server;
private $secret;
private $port;
private $usr;
private $pwd;
private $connection; // Handle to use on successful creation
public $Available = FALSE; // Flag indicates whether DB connection available
public $ErrorText; // e107 error string on exit
/**
* Read configuration, initialise connection to LDAP database
*
* @return AUTH_xxxx result code
*/
function __construct()
{
$this->copyAttribs = array();
$radius = $this->altAuthGetParams('radius');
$this->server = explode(',',$radius['radius_server']);
$this->port = 1812; // Assume fixed port number for now - 1812 (UDP) is listed for servers, 1645 for authentification. (1646, 1813 for accounting)
// (A Microsoft app note says 1812 is the RFC2026-compliant port number. (http://support.microsoft.com/kb/230786)
// $this->port = 1645;
$this->secret = explode(',',$radius['radius_secret']);
if ((count($this->server) > 1) && (count($this->secret) == 1))
{
$this->secret = array();
foreach ($this->server as $k => $v)
{
$this->secret[$k] = $radius['radius_secret']; // Same secret for all servers, if only one entered
}
}
$this->ErrorText = '';
if(!function_exists('radius_auth_open'))
{
return AUTH_NORESOURCE;
}
if(!$this -> connect())
{
return AUTH_NOCONNECT;
}
$this->Available = TRUE;
return AUTH_SUCCESS;
}
/**
* Retrieve and construct error strings
*/
function makeErrorText($extra = '')
{
$this->ErrorText = $extra.radius_strerror($this->connection) ;
if (!RADIUS_DEBUG) return;
$text = "<br />Server: {$this->server} Stored secret: ".radius_server_secret($this->connection)." Port: {$this->port}";
$this->ErrorText .= $text;
}
/**
* Try to connect to a radius server
*
* @return boolean TRUE for success, FALSE for failure
*/
function connect()
{
if (!($this->connection = radius_auth_open()))
{
$this->makeErrorText('RADIUS open failed: ') ;
return FALSE;
}
foreach ($this->server as $k => $s)
{
if (!radius_add_server($this->connection, $s, $this->port, $this->secret[$k], 15, 1)) // fixed 15 second timeout, one try ATM
{
$this->makeErrorText('RADIUS add server failed: ') ;
return FALSE;
}
}
return TRUE;
}
/**
* Close the connection to the Radius server
*/
function close()
{
if ( !radius_close( $this->connection)) // (Not strictly necessary, but tidy)
{
$this->makeErrorText('RADIUS close error: ') ;
return false;
}
else
{
return true;
}
}
/**
* Validate login credentials
*
* @param string $uname - The user name requesting access
* @param string $pass - Password to use (usually plain text)
* @param pointer &$newvals - pointer to array to accept other data read from database
* @param boolean $connect_only - TRUE to simply connect to the server
*
* @return integer result (AUTH_xxxx)
*
* On a successful login, &$newvals array is filled with the requested data from the server
*/
function login($uname, $pass, &$newvals, $connect_only = FALSE)
{
// Create authentification request
if (!radius_create_request($this->connection,RADIUS_ACCESS_REQUEST))
{
$this->makeErrorText('RADIUS failed authentification request: ') ;
return AUTH_NOCONNECT;
}
if (trim($pass) == '') return AUTH_BADPASSWORD; // Pick up a blank password - always expect one
// Attach username and password
if (!radius_put_attr($this->connection,RADIUS_USER_NAME,$uname)
|| !radius_put_attr($this->connection,RADIUS_USER_PASSWORD,$pass))
{
$this->makeErrorText('RADIUS could not attach username/password: ') ;
return AUTH_NOCONNECT;
}
// Finally, send request to server
switch (radius_send_request($this->connection))
{
case RADIUS_ACCESS_ACCEPT : // Valid username/password
break;
case RADIUS_ACCESS_CHALLENGE : // CHAP response required - not currently implemented
$this->makeErrorText('CHAP not supported');
return AUTH_NOUSER;
case RADIUS_ACCESS_REJECT : // Specifically rejected
default: // Catch-all
$this->makeErrorText('RADIUS validation error: ') ;
return AUTH_NOUSER;
}
// User accepted here.
if ($connect_only) return AUTH_SUCCESS;
return AUTH_SUCCESS; // Not interested in any attributes returned ATM, so done.
// See if we get any attributes - not really any use to us unless we implement CHAP, so disabled ATM
$attribs = array();
while ($resa = radius_get_attr($this->connection))
{
if (!is_array($resa))
{
$this->makeErrorText("Error getting attribute: ");
exit;
}
// Decode attribute according to type (this isn't an exhaustive list)
// Codes: 2, 3, 4, 5, 30, 31, 32, 60, 61 should never be received by us
// Codes 17, 21 not assigned
switch ($resa['attr'])
{
case 8 : // IP address to be set (255.255.255.254 indicates 'allocate your own address')
case 9 : // Subnet mask
case 14 : // Login-IP host
$attribs[$resa['attr']] = radius_cvt_addr($resa['data']);
break;
case 6 : // Service type (integer bitmap)
case 7 : // Protocol (integer bitmap)
case 10 : // Routing method (integer)
case 12 : // Framed MTU
case 13 : // Compression method
case 15 : // Login service (bitmap)
case 16 : // Login TCP port
case 23 : // Framed IPX network (0xFFFFFFFE indicates 'allocate your own')
case 27 : // Session timeout - maximum connection/login time in seconds
case 28 : // Idle timeout in seconds
case 29 : // Termination action
case 37 : // AppleTalk link number
case 38 : // AppleTalk network
case 62 : // Max ports
case 63 : // Login LAT port
$attribs[$resa['attr']] = radius_cvt_int($resa['data']);
break;
case 1 : // User name
case 11 : // Filter ID - could get several of these
case 18 : // Reply message (text, various purposes)
case 19 : // Callback number
case 20 : // Callback ID
case 22 : // Framed route - could get several of these
case 24 : // State - used in CHAP
case 25 : // Class
case 26 : // Vendor-specific
case 33 : // Proxy State
case 34 : // Login LAT service
case 35 : // Login LAT node
case 36 : // Login LAT group
case 39 : // AppleTalk zone
default :
$attribs[$resa['attr']] = radius_cvt_string($resa['data']); // Default to string type
}
printf("Got Attr: %d => %d Bytes %s\n", $resa['attr'], strlen($attribs[$resa['attr']]), $attribs[$resa['attr']]);
}
return AUTH_SUCCESS;
}
}
?>