Merge branch 'seeddms-5.1.x' into seeddms-6.0.x

controllers/class.Login.php

@@ -35,9 +35,10 @@ class SeedDMS_Controller_Login extends SeedDMS_Controller_Common {
 		$dms = $this->params['dms'];
 		$settings = $this->params['settings'];
 		$session = $this->params['session'];
-		$sesstheme = $this->params['sesstheme'];
+		$source = isset($this->params['source']) ? $this->params['source'] : '';
-		$referuri = $this->params['referuri'];
+		$sesstheme = $this->getParam('sesstheme');
-		$lang = $this->params['lang'];
+		$referuri = $this->getParam('referuri');
+		$lang = $this->getParam('lang');
 		$login = $this->params['login'];
 		$pwd = $this->params['pwd'];
 
@@ -75,7 +76,7 @@ class SeedDMS_Controller_Login extends SeedDMS_Controller_Common {
 		 * return false and if the hook doesn't care at all, if must return null.
 		 */
 		if(!$user) {
-			$user = $this->callHook('authenticate');
+			$user = $this->callHook('authenticate', $source);
 			if(false === $user) {
 				if(empty($this->errormsg))
 					$this->setErrorMsg("authentication_failed");
@@ -176,73 +177,78 @@ class SeedDMS_Controller_Login extends SeedDMS_Controller_Common {
 		/* Clear login failures if login was successful */
 		$user->clearLoginFailures();
 
-		// Capture the user's language and theme settings.
+		/* Setting the theme and language and all the cookie handling is
-		if ($lang) {
+		 * only done when authentication was requested from a weg page.
-			$user->setLanguage($lang);
+		 */
-		} else {
+		if($source == 'web') {
-			$lang = $user->getLanguage();
+			// Capture the user's language and theme settings.
-			if (strlen($lang)==0) {
+			if ($lang) {
-				$lang = $settings->_language;
 				$user->setLanguage($lang);
-			}
-		}
-		if ($sesstheme) {
-			$user->setTheme($sesstheme);
-		}
-		else {
-			$sesstheme = $user->getTheme();
-			/* Override the theme if the user doesn't have one or the default theme
-			 * shall override it.
-			 */
-			if (strlen($sesstheme)==0 || !empty($settings->_overrideTheme)) {
-				$sesstheme = $settings->_theme;
-		//		$user->setTheme($sesstheme);
-			}
-		}
-
-		// Delete all sessions that are more than 1 week or the configured
-		// cookie lifetime old. Probably not the most
-		// reliable place to put this check -- move to inc.Authentication.php?
-		if($settings->_cookieLifetime)
-			$lifetime = intval($settings->_cookieLifetime);
-		else
-			$lifetime = 7*86400;
-		if(!$session->deleteByTime($lifetime)) {
-			$this->setErrorMsg("error_occured");
-			return false;
-		}
-
-		if (isset($_COOKIE["mydms_session"])) {
-			/* This part will never be reached unless the session cookie is kept,
-			 * but op.Logout.php deletes it. Keeping a session could be a good idea
-			 * for retaining the clipboard data, but the user id in the session should
-			 * be set to 0 which is not possible due to foreign key constraints.
-			 * So for now op.Logout.php will delete the cookie as always
-			 */
-			/* Load session */
-			$dms_session = $_COOKIE["mydms_session"];
-			if(!$resArr = $session->load($dms_session)) {
-				/* Turn off http only cookies if jumploader is enabled */
-				setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot, null, false, true); //delete cookie
-				header("Location: " . $settings->_httpRoot . "out/out.Login.php?referuri=".$referuri);
-				exit;
 			} else {
-				$session->updateAccess($dms_session);
+				$lang = $user->getLanguage();
-				$session->setUser($userid);
+				if (strlen($lang)==0) {
+					$lang = $settings->_language;
+					$user->setLanguage($lang);
+				}
 			}
-		} else {
+			if ($sesstheme) {
-			// Create new session in database
+				$user->setTheme($sesstheme);
-			if(!$id = $session->create(array('userid'=>$userid, 'theme'=>$sesstheme, 'lang'=>$lang))) {
+			}
+			else {
+				$sesstheme = $user->getTheme();
+				/* Override the theme if the user doesn't have one or the default theme
+				 * shall override it.
+				 */
+				if (strlen($sesstheme)==0 || !empty($settings->_overrideTheme)) {
+					$sesstheme = $settings->_theme;
+			//		$user->setTheme($sesstheme);
+				}
+			}
+
+			// Delete all sessions that are more than 1 week or the configured
+			// cookie lifetime old. Probably not the most
+			// reliable place to put this check -- move to inc.Authentication.php?
+			if($settings->_cookieLifetime)
+				$lifetime = intval($settings->_cookieLifetime);
+			else
+				$lifetime = 7*86400;
+			if(!$session->deleteByTime($lifetime)) {
 				$this->setErrorMsg("error_occured");
 				return false;
 			}
 
-			// Set the session cookie.
+			if (isset($_COOKIE["mydms_session"])) {
-			if($settings->_cookieLifetime)
+				/* This part will never be reached unless the session cookie is kept,
-				$lifetime = time() + intval($settings->_cookieLifetime);
+				 * but op.Logout.php deletes it. Keeping a session could be a good idea
-			else
+				 * for retaining the clipboard data, but the user id in the session should
-				$lifetime = 0;
+				 * be set to 0 which is not possible due to foreign key constraints.
-			setcookie("mydms_session", $id, $lifetime, $settings->_httpRoot, null, false, true);
+				 * So for now op.Logout.php will delete the cookie as always
+				 */
+				/* Load session */
+				$dms_session = $_COOKIE["mydms_session"];
+				if(!$resArr = $session->load($dms_session)) {
+					/* Turn off http only cookies if jumploader is enabled */
+					setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot, null, false, true); //delete cookie
+					header("Location: " . $settings->_httpRoot . "out/out.Login.php?referuri=".$referuri);
+					exit;
+				} else {
+					$session->updateAccess($dms_session);
+					$session->setUser($userid);
+				}
+			} else {
+				// Create new session in database
+				if(!$id = $session->create(array('userid'=>$userid, 'theme'=>$sesstheme, 'lang'=>$lang))) {
+					$this->setErrorMsg("error_occured");
+					return false;
+				}
+
+				// Set the session cookie.
+				if($settings->_cookieLifetime)
+					$lifetime = time() + intval($settings->_cookieLifetime);
+				else
+					$lifetime = 0;
+				setcookie("mydms_session", $id, $lifetime, $settings->_httpRoot, null, false, true);
+			}
 		}
 
 		if($this->callHook('postLogin', $user)) {

op/op.Login.php

@@ -84,6 +84,7 @@ add_log_line();
 
 $controller->setParam('login', $login);
 $controller->setParam('pwd', $pwd);
+$controller->setParam('source', 'web');
 $controller->setParam('lang', $lang);
 $controller->setParam('sesstheme', $sesstheme);
 $controller->setParam('referuri', $referuri);

webdav/index.php

@@ -1,6 +1,7 @@
 <?php
 include("../inc/inc.Settings.php");
 
+include("Log.php");
 require_once("../inc/inc.Language.php");
 require_once("../inc/inc.Utils.php");
 

webdav/webdav.php

@@ -153,6 +153,25 @@ class HTTP_WebDAV_Server_SeedDMS extends HTTP_WebDAV_Server
 		if($this->logger)
 			$this->logger->log('check_auth: type='.$type.', user='.$user.'', PEAR_LOG_INFO);
 
+		$controller = Controller::factory('Login', array('dms'=>$this->dms));
+		$controller->setParam('login', $user);
+		$controller->setParam('pwd', $pass);
+		$controller->setParam('source', 'webdav');
+		if(!$controller()) {
+			if($this->logger) {
+				$this->logger->log($controller->getErrorMsg(), PEAR_LOG_NOTICE);
+				$this->logger->log('check_auth: error authenicating user '.$user, PEAR_LOG_NOTICE);
+			}
+			return false;
+		}
+
+		if($this->logger)
+			$this->logger->log('check_auth: type='.$type.', user='.$user.' authenticated', PEAR_LOG_INFO);
+
+		$this->user = $controller->getUser();
+
+		return true;
+
 		$userobj = false;
 
 		/* Authenticate against LDAP server {{{ */