Changeset 2566:9bf417837888 for inc/core/class.dc.auth.php
- Timestamp:
- 11/17/13 20:25:53 (12 years ago)
- Branch:
- 2.6
- Children:
- 2567:6c11245cbf04, 2568:61c67a7d17fa
- File:
-
- 1 edited
-
inc/core/class.dc.auth.php (modified) (45 diffs)
Legend:
- Unmodified
- Added
- Removed
-
inc/core/class.dc.auth.php
r2311 r2566 16 16 * @nosubgrouping 17 17 * @brief Authentication and user credentials management 18 * 18 * 19 19 * dcAuth is a class used to handle everything related to user authentication 20 20 * and credentials. Object is provided by dcCore $auth property. … … 26 26 /** @var connection Database connection object */ 27 27 protected $con; 28 28 29 29 /** @var string User table name */ 30 30 protected $user_table; 31 31 /** @var string Perm table name */ 32 32 protected $perm_table; 33 33 34 34 /** @var string Current user ID */ 35 35 protected $user_id; … … 50 50 /** @var integer Count of user blogs */ 51 51 public $blog_count = null; 52 52 53 53 /** @var array Permission types */ 54 54 protected $perm_types; 55 55 56 56 /** @var dcPrefs dcPrefs object */ 57 57 public $user_prefs; 58 58 59 59 /** 60 60 * Class constructor. Takes dcCore object as single argument. 61 * 61 * 62 62 * @param dcCore $core dcCore object 63 63 */ … … 69 69 $this->user_table = $core->prefix.'user'; 70 70 $this->perm_table = $core->prefix.'permissions'; 71 71 72 72 $this->perm_types = array( 73 73 'admin' => __('administrator'), … … 81 81 ); 82 82 } 83 83 84 84 /// @name Credentials and user permissions 85 85 //@{ … … 88 88 * while you may need to check user without password. This method will create 89 89 * credentials and populate all needed object properties. 90 * 90 * 91 91 * @param string $user_id User ID 92 92 * @param string $pwd User password … … 104 104 'FROM '.$this->con->escapeSystem($this->user_table).' '. 105 105 "WHERE user_id = '".$this->con->escape($user_id)."' "; 106 106 107 107 try { 108 108 $rs = $this->con->select($strReq); … … 110 110 $err = $e->getMessage(); 111 111 return false; 112 } 113 112 } 113 114 114 if ($rs->isEmpty()) { 115 115 sleep(rand(2,5)); 116 116 return false; 117 117 } 118 118 119 119 $rs->extend('rsExtUser'); 120 120 121 121 if ($pwd != '') 122 122 { … … 132 132 } 133 133 } 134 134 135 135 $this->user_id = $rs->user_id; 136 136 $this->user_change_pwd = (boolean) $rs->user_change_pwd; 137 137 $this->user_admin = (boolean) $rs->user_super; 138 138 139 139 $this->user_info['user_pwd'] = $rs->user_pwd; 140 140 $this->user_info['user_name'] = $rs->user_name; … … 149 149 $this->user_info['user_creadt'] = $rs->user_creadt; 150 150 $this->user_info['user_upddt'] = $rs->user_upddt; 151 151 152 152 $this->user_info['user_cn'] = dcUtils::getUserCN($rs->user_id, $rs->user_name, 153 153 $rs->user_firstname, $rs->user_displayname); 154 154 155 155 $this->user_options = array_merge($this->core->userDefaults(),$rs->options()); 156 156 157 157 $this->user_prefs = new dcPrefs($this->core,$this->user_id); 158 158 159 159 # Get permissions on blogs 160 160 if ($check_blog && ($this->findUserBlog() === false)) { … … 163 163 return true; 164 164 } 165 165 166 166 /** 167 167 * This method only check current user password. 168 * 168 * 169 169 * @param string $pwd User password 170 170 * @return boolean … … 175 175 return $pwd == $this->user_info['user_pwd']; 176 176 } 177 177 178 178 return false; 179 179 } 180 180 181 181 /** 182 182 * This method checks if user session cookie exists 183 * 183 * 184 184 * @return boolean 185 185 */ … … 188 188 return isset($_COOKIE[DC_SESSION_NAME]); 189 189 } 190 190 191 191 /** 192 192 * This method checks user session validity. 193 * 193 * 194 194 * @return boolean 195 195 */ … … 197 197 { 198 198 $this->core->session->start(); 199 199 200 200 # If session does not exist, logout. 201 201 if (!isset($_SESSION['sess_user_id'])) { … … 203 203 return false; 204 204 } 205 205 206 206 # Check here for user and IP address 207 207 $this->checkUser($_SESSION['sess_user_id']); 208 208 $uid = $uid ? $uid : http::browserUID(DC_MASTER_KEY); 209 209 210 210 $user_can_log = $this->userID() !== null && $uid == $_SESSION['sess_browser_uid']; 211 211 212 212 if (!$user_can_log) { 213 213 $this->core->session->destroy(); 214 214 return false; 215 215 } 216 216 217 217 return true; 218 218 } 219 219 220 220 /** 221 221 * Checks if user must change his password in order to login. … … 227 227 return $this->user_change_pwd; 228 228 } 229 229 230 230 /** 231 231 * Checks if user is super admin 232 * 232 * 233 233 * @return boolean 234 234 */ … … 237 237 return $this->user_admin; 238 238 } 239 239 240 240 /** 241 241 * Checks if user has permissions given in <var>$permissions</var> for blog 242 242 * <var>$blog_id</var>. <var>$permissions</var> is a coma separated list of 243 243 * permissions. 244 * 244 * 245 245 * @param string $permissions Permissions list 246 246 * @param string $blog_id Blog ID … … 252 252 return true; 253 253 } 254 254 255 255 $p = explode(',',$permissions); 256 256 $b = $this->getPermissions($blog_id); 257 257 258 258 if ($b != false) 259 259 { … … 261 261 return true; 262 262 } 263 263 264 264 foreach ($p as $v) 265 265 { … … 269 269 } 270 270 } 271 271 272 272 return false; 273 273 } 274 274 275 275 /** 276 276 * Returns true if user is allowed to change its password. 277 * 277 * 278 278 * @return boolean 279 279 */ … … 283 283 } 284 284 //@} 285 285 286 286 /// @name User code handlers 287 287 //@{ … … 293 293 return bin2hex($code); 294 294 } 295 295 296 296 public function checkUserCode($code) 297 297 { 298 298 $code = @pack('H*',$code); 299 299 300 300 $user_id = trim(@pack('a32',substr($code,0,32))); 301 301 $pwd = @unpack('H40hex',substr($code,32,40)); 302 302 303 303 if ($user_id === false || $pwd === false) { 304 304 return false; 305 305 } 306 306 307 307 $pwd = $pwd['hex']; 308 308 309 309 $strReq = 'SELECT user_id, user_pwd '. 310 310 'FROM '.$this->user_table.' '. 311 311 "WHERE user_id = '".$this->con->escape($user_id)."' "; 312 312 313 313 $rs = $this->con->select($strReq); 314 314 315 315 if ($rs->isEmpty()) { 316 316 return false; 317 317 } 318 318 319 319 if (crypt::hmac(DC_MASTER_KEY,$rs->user_pwd) != $pwd) { 320 320 return false; 321 321 } 322 322 323 323 return $rs->user_id; 324 324 } 325 325 //@} 326 327 326 327 328 328 /// @name Sudo 329 329 //@{ … … 331 331 * Calls $f function with super admin rights. 332 332 * Returns the function result. 333 * 333 * 334 334 * @param callback $f Callback function 335 335 * @return mixed … … 340 340 throw new Exception($f.' function doest not exist'); 341 341 } 342 342 343 343 $args = func_get_args(); 344 344 array_shift($args); 345 345 346 346 if ($this->user_admin) { 347 347 $res = call_user_func_array($f,$args); … … 356 356 } 357 357 } 358 358 359 359 return $res; 360 360 } 361 361 //@} 362 362 363 363 /// @name User information and options 364 364 //@{ 365 365 /** 366 366 * Returns user permissions for a blog as an array which looks like: 367 * 367 * 368 368 * - [blog_id] 369 369 * - [permission] => true 370 370 * - ... 371 * 371 * 372 372 * @param string $blog_id Blog ID 373 373 * @return array … … 384 384 "WHERE blog_id = '".$this->con->escape($blog_id)."' "; 385 385 $rs = $this->con->select($strReq); 386 386 387 387 $this->blogs[$blog_id] = $rs->isEmpty() ? false : array('admin' => true); 388 388 389 389 return $this->blogs[$blog_id]; 390 390 } 391 391 392 392 $strReq = 'SELECT permissions '. 393 393 'FROM '.$this->perm_table.' '. … … 396 396 "AND (permissions LIKE '%|usage|%' OR permissions LIKE '%|admin|%' OR permissions LIKE '%|contentadmin|%') "; 397 397 $rs = $this->con->select($strReq); 398 398 399 399 $this->blogs[$blog_id] = $rs->isEmpty() ? false : $this->parsePermissions($rs->permissions); 400 400 401 401 return $this->blogs[$blog_id]; 402 402 } … … 409 409 return $this->blog_count; 410 410 } 411 411 412 412 public function findUserBlog($blog_id=null) 413 413 { … … 434 434 $this->con->limit(1); 435 435 } 436 436 437 437 $rs = $this->con->select($strReq); 438 438 if (!$rs->isEmpty()) { … … 440 440 } 441 441 } 442 442 443 443 return false; 444 444 } 445 445 446 446 /** 447 447 * Returns current user ID 448 * 448 * 449 449 * @return string 450 450 */ … … 453 453 return $this->user_id; 454 454 } 455 455 456 456 /** 457 457 * Returns information about a user . 458 * 458 * 459 459 * @param string $n Information name 460 460 * @return string … … 465 465 return $this->user_info[$n]; 466 466 } 467 467 468 468 return null; 469 469 } 470 470 471 471 /** 472 472 * Returns a specific user option 473 * 473 * 474 474 * @param string $n Option name 475 475 * @return string … … 482 482 return null; 483 483 } 484 484 485 485 /** 486 486 * Returns all user options in an associative array. 487 * 487 * 488 488 * @return array 489 489 */ … … 493 493 } 494 494 //@} 495 495 496 496 /// @name Permissions 497 497 //@{ 498 498 /** 499 499 * Returns an array with permissions parsed from the string <var>$level</var> 500 * 500 * 501 501 * @param string $level Permissions string 502 502 * @return array … … 506 506 $level = preg_replace('/^\|/','',$level); 507 507 $level = preg_replace('/\|$/','',$level); 508 508 509 509 $res = array(); 510 510 foreach (explode('|',$level) as $v) { … … 513 513 return $res; 514 514 } 515 515 516 516 /** 517 517 * Returns <var>perm_types</var> property content. 518 * 518 * 519 519 * @return array 520 520 */ … … 523 523 return $this->perm_types; 524 524 } 525 525 526 526 /** 527 527 * Adds a new permission type. 528 * 528 * 529 529 * @param string $name Permission name 530 530 * @param string $title Permission title … … 535 535 } 536 536 //@} 537 537 538 538 /// @name Password recovery 539 539 //@{ … … 541 541 * Add a recover key to a specific user identified by its email and 542 542 * password. 543 * 543 * 544 544 * @param string $user_id User ID 545 545 * @param string $user_email User Email … … 552 552 "WHERE user_id = '".$this->con->escape($user_id)."' ". 553 553 "AND user_email = '".$this->con->escape($user_email)."' "; 554 554 555 555 $rs = $this->con->select($strReq); 556 556 557 557 if ($rs->isEmpty()) { 558 558 throw new Exception(__('That user does not exist in the database.')); 559 559 } 560 560 561 561 $key = md5(uniqid()); 562 562 563 563 $cur = $this->con->openCursor($this->user_table); 564 564 $cur->user_recover_key = $key; 565 565 566 566 $cur->update("WHERE user_id = '".$this->con->escape($user_id)."'"); 567 567 568 568 return $key; 569 569 } 570 570 571 571 /** 572 572 * Creates a new user password using recovery key. Returns an array: 573 * 573 * 574 574 * - user_email 575 575 * - user_id 576 576 * - new_pass 577 * 577 * 578 578 * @param string $recover_key Recovery key 579 579 * @return array … … 584 584 'FROM '.$this->user_table.' '. 585 585 "WHERE user_recover_key = '".$this->con->escape($recover_key)."' "; 586 586 587 587 $rs = $this->con->select($strReq); 588 588 589 589 if ($rs->isEmpty()) { 590 590 throw new Exception(__('That key does not exist in the database.')); 591 591 } 592 592 593 593 $new_pass = crypt::createPassword(); 594 594 595 595 $cur = $this->con->openCursor($this->user_table); 596 596 $cur->user_pwd = crypt::hmac(DC_MASTER_KEY,$new_pass); 597 597 $cur->user_recover_key = null; 598 598 599 599 $cur->update("WHERE user_recover_key = '".$this->con->escape($recover_key)."'"); 600 600 601 601 return array('user_email' => $rs->user_email, 'user_id' => $rs->user_id, 'new_pass' => $new_pass); 602 602 } 603 603 //@} 604 604 605 605 /** @name User management callbacks 606 606 This 3 functions only matter if you extend this class and use … … 611 611 */ 612 612 //@{ 613 613 614 614 /** 615 615 * Called after core->addUser … … 618 618 */ 619 619 public function afterAddUser($cur) {} 620 620 621 621 /** 622 622 * Called after core->updUser … … 626 626 */ 627 627 public function afterUpdUser($id,$cur) {} 628 628 629 629 /** 630 630 * Called after core->delUser … … 635 635 //@} 636 636 } 637 ?>
Note: See TracChangeset
for help on using the changeset viewer.