1
0
mirror of https://github.com/e107inc/e107.git synced 2025-01-17 04:38:27 +01:00

Login handler rework, alt_auth changes, preparing for Magento authorization option. Could produce some temporary problems

This commit is contained in:
secretr 2011-09-14 11:30:58 +00:00
parent 6c6a0a9b40
commit d295b576fa
9 changed files with 151 additions and 90 deletions

View File

@ -829,6 +829,8 @@ if ((e_QUERY == 'logout')/* || (($pref['user_tracking'] == 'session') && isset($
}
cookie(e_COOKIE, '', (time() - 2592000));
e107::getUser()->logout();
e107::getEvent()->trigger('logout');
e107::getRedirect()->redirect(SITEURL.'index.php');
// header('location:'.e_BASE.'index.php');

View File

@ -2,14 +2,12 @@
/*
* e107 website system
*
* Copyright (C) 2008-2009 e107 Inc (e107.org)
* Copyright (C) 2008-2011 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://gnu.org).
*
* $Source: /cvs_backup/e107_0.8/e107_handlers/js_manager.php,v $
* $Revision$
* $Date$
* $Author$
* $URL$
* Id$
*
*/
global $pref, $eplug_admin, $THEME_JSLIB, $THEME_CORE_JSLIB;

View File

@ -3,7 +3,7 @@
/*
* e107 website system
*
* Copyright (C) 2008-2010 e107 Inc (e107.org)
* Copyright (C) 2008-2011 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
@ -22,6 +22,7 @@ error_reporting(E_ALL);
// require_once(e_HANDLER.'user_handler.php'); //shouldn't be necessary
include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/lan_login.php');
// TODO - class constants
define ('LOGIN_TRY_OTHER', 2); // Try some other authentication method
define ('LOGIN_CONTINUE',1); // Not rejected (which is not exactly the same as 'accepted') by alt_auth
define ('LOGIN_ABORT',-1); // Rejected by alt_auth
@ -37,7 +38,9 @@ define ('LOGIN_BANNED', -10); // Banned user attempting login
define ('LOGIN_CHAP_FAIL', -11); // CHAP login failed
define ('LOGIN_DB_ERROR', -12); // Error adding user to main DB
/**
* TODO - use new user model, compact everything in max 2 classes
*/
class userlogin
{
protected $e107;
@ -48,7 +51,14 @@ class userlogin
protected $passResult = FALSE; // USed to determine if stored password needs update
/** Constructor
public function __construct()
{
$this->e107 = e107::getInstance();
$this->userIP = $this->e107->getip();
$this->userMethods = e107::getUserSession();
}
/**
# Class called when user attempts to log in
#
# @param string $username, $_POSTED user name
@ -59,7 +69,7 @@ class userlogin
' @param string $response - response string returned by CHAP login (instead of password)
# @return boolean - FALSE on login fail, TRUE on login successful
*/
public function __construct($username, $userpass, $autologin, $response = '', $noredirect = false)
public function login($username, $userpass, $autologin, $response = '', $noredirect = false)
{
global $pref, $e_event, $_E107;
@ -74,9 +84,6 @@ class userlogin
$tp = e107::getParser();
$sql = e107::getDb();
$this->e107 = e107::getInstance();
$this->userIP = $this->e107->getip();
if($username == "" || (($userpass == "") && ($response == '')))
{ // Required fields blank
return $this->invalidLogin($username,LOGIN_BLANK_FIELD);
@ -87,21 +94,32 @@ class userlogin
$forceLogin = ($autologin == 'signup');
$autologin = intval($autologin); // Will decode to zero if forced login
$authorized = false;
if (!$forceLogin && $this->e107->isInstalled('alt_auth'))
{
$authMethod[0] = varset($pref['auth_method'], 'e107'); // Primary authentication method
$authMethod[1] = varset($pref['auth_method2'], 'none'); // Secondary authentication method (if defined)
$result = false;
foreach ($authMethod as $method)
{
if ($method == 'e107')
{
if ($this->lookupUser($username, $forceLogin))
{
if (varset($pref['auth_badpassword'], TRUE) || ($this->checkUserPassword($userpass, $response, $forceLogin) === TRUE))
if ($this->checkUserPassword($userpass, $response, $forceLogin) === TRUE)
{
$authorized = true;
$result = LOGIN_CONTINUE; // Valid User exists in local DB
}
elseif(varset($pref['auth_badpassword'], TRUE))
{
$result = LOGIN_TRY_OTHER;
continue; // Should use alternate method for password auth
}
else
{
return $this->invalidLogin($username,LOGIN_ABORT);
}
}
}
else
@ -112,18 +130,27 @@ class userlogin
if (file_exists($auth_file))
{
require_once(e_PLUGIN.'alt_auth/alt_auth_login_class.php');
$result = new alt_login($method, $username, $userpass);
$al = new alt_login($method, $username, $userpass);
$result = $al->loginResult;
switch ($result)
{
case LOGIN_ABORT :
return $this->invalidLogin($username,LOGIN_ABORT);
break;
case LOGIN_DB_ERROR :
return $this->invalidLogin($username,LOGIN_DB_ERROR);
break;
case AUTH_SUCCESS:
$authorized = true;
break;
case LOGIN_TRY_OTHER:
continue;
break;
}
}
}
}
if ($result == LOGIN_CONTINUE)
if ($result === LOGIN_CONTINUE)
{
break;
}
@ -151,10 +178,9 @@ class userlogin
}
}
if ($this->checkUserPassword($userpass, $response, $forceLogin) !== TRUE)
if ($authorized !== true && $this->checkUserPassword($userpass, $response, $forceLogin) !== true)
{
return FALSE;
return $this->invalidLogin($username,LOGIN_BAD_PW);
}
@ -242,7 +268,7 @@ class userlogin
}
}
if($noredirect) return;
if($noredirect) return true;
$redir = e_SELF;
if (e_QUERY) $redir .= '?'.str_replace('&','&',e_QUERY);
@ -291,8 +317,7 @@ class userlogin
*/
protected function lookupUser($username, $forceLogin)
{
global $pref;
$pref = e107::getPref();
$maxLength = varset($pref['loginname_maxlength'],30);
if(varset($pref['allowEmailLogin'])==1) // Email login only
@ -307,14 +332,7 @@ class userlogin
return FALSE;
}
$username = preg_replace("/\sOR\s|\=|\#/", "", $username);
$qry[0] = "`user_loginname`= '".$this->e107->tp->toDB($username)."'"; // username only (default)
$qry[1] = "`user_email` = '".$this->e107->tp->toDB($username)."'"; // email only
$qry[2] = (strpos($username,'@') !== FALSE ) ? "`user_loginname`= '".$this->e107->tp->toDB($username)."' OR `user_email` = '".$this->e107->tp -> toDB($username)."'" : $qry[0]; //username or email
// Look up user in DB - even if email addresses allowed, still look up by user name as well - user could have specified email address for their login name
$query = (!$forceLogin && varset($pref['allowEmailLogin'],0)) ? $qry[$pref['allowEmailLogin']] : $qry[0];
$query = $this->getLookupQuery($username, $forceLogin);
if ($this->e107->sql->db_Select('user', '*', $query) !== 1) // Handle duplicate emails as well
{ // Invalid user
@ -325,9 +343,26 @@ class userlogin
$this->userData = $this->e107->sql -> db_Fetch(MYSQL_ASSOC); // Get user info
$this->userData['user_perms'] = trim($this->userData['user_perms']);
$this->lookEmail = $this->lookEmail && ($username == $this->userData['user_email']); // Know whether login name or email address used now
return TRUE;
}
public function getLookupQuery($username, $forceLogin, $dbAlias = '')
{
$pref = e107::getPref();
$username = preg_replace("/\sOR\s|\=|\#/", "", $username);
$qry[0] = "{$dbAlias}`user_loginname`= '".$this->e107->tp->toDB($username)."'"; // username only (default)
$qry[1] = "{$dbAlias}`user_email` = '".$this->e107->tp->toDB($username)."'"; // email only
$qry[2] = (strpos($username,'@') !== FALSE ) ? "{$dbAlias}`user_loginname`= '".$this->e107->tp->toDB($username)."' OR {$dbAlias}`user_email` = '".$this->e107->tp -> toDB($username)."'" : $qry[0]; //username or email
// Look up user in DB - even if email addresses allowed, still look up by user name as well - user could have specified email address for their login name
$query = (!$forceLogin && varset($pref['allowEmailLogin'],0)) ? $qry[$pref['allowEmailLogin']] : $qry[0];
return $query;
}
/**
* Checks user password againt preferences set etc
@ -340,7 +375,7 @@ class userlogin
*/
protected function checkUserPassword($userpass, $response, $forceLogin)
{
global $pref;
$pref = e107::getPref();
if ($this->lookEmail && varsettrue($pref['passwordEncoding']))
{
$tmp = unserialize($this->userData['user_prefs']);
@ -352,8 +387,9 @@ class userlogin
$requiredPassword = $this->userData['user_password'];
}
// FIXME - [SecretR] $username is not set and I really can't get the idea.
// Now check password
$this->userMethods = e107::getUserSession();
if ($forceLogin)
{
if (md5($this->userData['user_name'].$this->userData['user_password'].$this->userData['user_join']) != $userpass)

View File

@ -2,7 +2,7 @@
/*
* e107 website system
*
* Copyright (C) 2008-2010 e107 Inc (e107.org)
* Copyright (C) 2008-2011 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
@ -1019,7 +1019,9 @@ class e_user extends e_user_model
{
if($this->isUser()) return false;
$userlogin = new userlogin($uname, $upass_plain, $uauto, $uchallange, $noredirect);
$userlogin = new userlogin();
$userlogin->login($uname, $upass_plain, $uauto, $uchallange, $noredirect);
$this->setSessionData(true)
->setData($userlogin->getUserData());

View File

@ -2,16 +2,13 @@
/*
* e107 website system
*
* Copyright (C) 2008-2009 e107 Inc (e107.org)
* Copyright (C) 2008-2011 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
*
*
* $Source: /cvs_backup/e107_0.8/e107_plugins/alt_auth/alt_auth_conf.php,v $
* $Revision$
* $Date$
* $Author$
* $URL$
* $Id$
*
*/
$eplug_admin = true;
@ -36,6 +33,7 @@ if(isset($_POST['updateprefs']))
$temp['auth_method'] = $tp->toDB($_POST['auth_method']);
$temp['auth_noconn'] = intval($_POST['auth_noconn']);
$temp['auth_method2'] = $tp->toDB($_POST['auth_method2']);
$temp['auth_badpassword'] = intval($_POST['auth_badpassword']);
if ($admin_log->logArrayDiffs($temp, $pref, 'AUTH_01'))
{
save_prefs(); // Only save if changes
@ -114,7 +112,7 @@ alt_auth_get_dropdown('auth_method', $pref['auth_method'], 'e107')."
<tr>
<td>".LAN_ALT_78.":<br /></td>
<td>
<select class='tbox' name='auth_noconn'>";
<select class='tbox' name='auth_badpassword'>";
$sel = (!$pref['auth_badpassword'] ? "" : " selected = 'selected' ");
$text .= "<option value='0' {$sel} >".LAN_ALT_FAIL."</option>";
$sel = ($pref['auth_badpassword'] ? " selected = 'selected' " : "");

View File

@ -2,38 +2,42 @@
/*
* e107 website system
*
* Copyright (C) 2008-2009 e107 Inc (e107.org)
* Copyright (C) 2008-2011 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Alternate login
*
*
* $Source: /cvs_backup/e107_0.8/e107_plugins/alt_auth/alt_auth_login_class.php,v $
* $Revision$
* $Date$
* $Author$
* $URL$
* $Id$
*
*/
define('AA_DEBUG',FALSE);
define('AA_DEBUG1',FALSE);
//TODO convert to class constants
define('AUTH_SUCCESS', -1);
define('AUTH_NOUSER', 1);
define('AUTH_BADPASSWORD', 2);
define('AUTH_NOCONNECT', 3);
class alt_login
{
protected $e107;
public $loginResult = false;
public function __construct($method, &$username, &$userpass)
{
global $pref;
$this->e107 = e107::getInstance();
$newvals=array();
define('AUTH_SUCCESS', -1);
define('AUTH_NOUSER', 1);
define('AUTH_BADPASSWORD', 2);
define('AUTH_NOCONNECT', 3);
if ($method == 'none')
{
return AUTH_NOCONNECT;
$this->loginResult = AUTH_NOCONNECT;
return;
}
require_once(e_PLUGIN.'alt_auth/'.$method.'_auth.php');
@ -41,7 +45,8 @@ class alt_login
if(isset($_login->Available) && ($_login->Available === FALSE))
{ // Relevant auth method not available (e.g. PHP extension not loaded)
return AUTH_NOCONNECT;
$this->loginResult = AUTH_NOCONNECT;
return;
}
$login_result = $_login -> login($username, $userpass, $newvals, FALSE);
@ -58,7 +63,7 @@ class alt_login
$username = preg_replace("/\sOR\s|\=|\#/", "", $username);
$username = substr($username, 0, varset($pref['loginname_maxlength'],30));
$aa_sql = new db;
$aa_sql = e107::getDb('aa');
$userMethods = new UserHandler;
$db_vals = array('user_password' => $aa_sql->escape($userMethods->HashPassword($userpass,$username)));
$xFields = array(); // Possible extended user fields
@ -88,18 +93,20 @@ class alt_login
$db_vals[$k] = $v;
}
}
$ulogin = new userlogin();
if (count($xFields))
{ // We're going to have to do something with extended fields as well - make sure there's an object
require_once (e_HANDLER.'user_extended_class.php');
$ue = new e107_user_extended;
$q =
$qry = "SELECT u.user_id,u.".implode(',u.',array_keys($db_vals)).", ue.user_extended_id, ue.".implode(',ue.',array_keys($xFields))." FROM `#user` AS u
LEFT JOIN `#user_extended` AS ue ON ue.user_extended_id = u.user_id
WHERE u.user_loginname='{$username}' ";
WHERE ".$ulogin->getLookupQuery($username, FALSE, 'u.');
if (AA_DEBUG) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth login","Query: {$qry}[!br!]".print_r($xFields,TRUE),FALSE,LOG_TO_ROLLING);
}
else
{
$qry = "SELECT * FROM `#user` WHERE `user_loginname`='{$username}'";
$qry = "SELECT * FROM `#user` WHERE ".$ulogin->getLookupQuery($username, FALSE);
}
if($aa_sql -> db_Select_gen($qry))
{ // Existing user - get current data, see if any changes
@ -145,6 +152,7 @@ class alt_login
}
else
{ // Just add a new user
if (AA_DEBUG) $this->e107->admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Alt auth login","Add new user: ".print_r($db_vals,TRUE)."[!br!]".print_r($xFields,TRUE),FALSE,LOG_TO_ROLLING);
if (!isset($db_vals['user_name'])) $db_vals['user_name'] = $username;
if (!isset($db_vals['user_loginname'])) $db_vals['user_loginname'] = $username;
@ -173,11 +181,13 @@ class alt_login
}
else
{ // Error adding user to database - possibly a conflict on unique fields
$this->e107->admin_log->e_log_event(10,__FILE__.'|'.__FUNCTION__.'@'.__LINE__,'ALT_AUTH','Alt auth login','Add user fail: DB Error '.$aa_sql->mySQLlastErrText."[!br!]".print_r($db_vals,TRUE),FALSE,LOG_TO_ROLLING);
return LOGIN_DB_ERROR;
$this->e107->admin_log->e_log_event(10,__FILE__.'|'.__FUNCTION__.'@'.__LINE__,'ALT_AUTH','Alt auth login','Add user fail: DB Error '.$aa_sql->getLastErrorText()."[!br!]".print_r($db_vals,TRUE),FALSE,LOG_TO_ROLLING);
$this->loginResult = LOGIN_DB_ERROR;
return;
}
}
return LOGIN_CONTINUE;
$this->loginResult = LOGIN_CONTINUE;
return;
}
else
{ // Failure modes
@ -195,22 +205,27 @@ class alt_login
case AUTH_NOCONNECT:
if(varset($pref['auth_noconn'], TRUE))
{
return LOGIN_TRY_OTHER;
$this->loginResult = LOGIN_TRY_OTHER;
return;
}
$username=md5('xx_noconn_xx');
return LOGIN_ABORT;
$this->loginResult = LOGIN_ABORT;
return;
break;
case AUTH_BADPASSWORD:
if(varset($pref['auth_badpassword'], TRUE))
{
return LOGIN_TRY_OTHER;
$this->loginResult = LOGIN_TRY_OTHER;
return;
}
$userpass=md5('xx_badpassword_xx');
return LOGIN_ABORT; // Not going to magically be able to log in!
$this->loginResult = LOGIN_ABORT; // Not going to magically be able to log in!
return;
break;
}
}
return LOGIN_ABORT; // catch-all just in case
$this->loginResult = LOGIN_ABORT; // catch-all just in case
return;
}

View File

@ -1,21 +1,17 @@
<?php
/*
+ ----------------------------------------------------------------------------+
| e107 website system
|
| Copyright (C) 2008-2009 e107 Inc (e107.org)
| http://e107.org
|
|
| Released under the terms and conditions of the
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_plugins/alt_auth/languages/English/admin_alt_auth.php,v $
| $Revision$
| $Date$
| $Author$
+----------------------------------------------------------------------------+
*/
* e107 website system
*
* Copyright (C) 2008-2011 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Language file
*
* $URL$
* $Id$
*
*/
define('LAN_ALT_1', 'Primary authorisation type');
define('LAN_ALT_2', 'Update settings');
define('LAN_ALT_3', 'Choose Alternate Authorisation Type');
@ -72,7 +68,7 @@ define('LAN_ALT_50', 'Password = ');
define('LAN_ALT_51', '(blank)');
define('LAN_ALT_52', 'Authentication failed - ');
define('LAN_ALT_53', 'unknown cause');
define('LAN_ALT_54', 'could not connect to DB');
define('LAN_ALT_54', 'could not connect to DB / service provider');
define('LAN_ALT_55', 'invalid user');
define('LAN_ALT_56', 'bad password');
define('LAN_ALT_57', 'method not available');

View File

@ -1,4 +1,17 @@
<?php
/*
* e107 website system
*
* Copyright (C) 2008-2011 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Language file
*
* $URL$
* $Id$
*
*/
define('IMPORTDB_LAN_1', 'Database type');
define('IMPORTDB_LAN_2', 'Plain Text');
define('IMPORTDB_LAN_3', 'Joomla salted');
@ -14,6 +27,8 @@ define('IMPORTDB_LAN_11', 'This option is to be used when you have imported some
Each user\'s password is converted to E107 format when they log in.');
define('IMPORTDB_LAN_12', 'PHPBB2/PHPBB3 salted');
define('IMPORTDB_LAN_13', 'WordPress salted');
define('IMPORTDB_LAN_14', 'Magento salted');
define('LAN_AUTHENTICATE_HELP','This authentication method is to be used <i>only</i> when you have imported a user database into E107, and the password is in an incompatible format. The
original password is read from the local database, and validated against the storage format of the original system. If it verifies, its converted to the current E107-compatible format and

View File

@ -2,18 +2,16 @@
/*
* e107 website system
*
* Copyright (C) 2001-2008 e107 Inc (e107.org)
* Copyright (C) 2008-2011 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* User signup
*
* $Source: /cvs_backup/e107_0.8/signup.php,v $
* $Revision$
* $Date$
* $Author$
*
*/
* $URL$
* $Id$
*
*/
require_once("class2.php");
@ -333,7 +331,8 @@ if (e_QUERY)
if (varset($pref['autologinpostsignup']))
{
require_once(e_HANDLER.'login.php');
$usr = new userlogin($row['user_loginname'], md5($row['user_name'].$row['user_password'].$row['user_join']), 'signup', '');
$usr = new userlogin();
$usr->login($row['user_loginname'], md5($row['user_name'].$row['user_password'].$row['user_join']), 'signup', '');
}
require_once(HEADERF);
$text = LAN_SIGNUP_74." <a href='index.php'>".LAN_SIGNUP_22."</a> ".LAN_SIGNUP_23."<br />".LAN_SIGNUP_24." ".SITENAME;