mirror of
https://git.code.sf.net/p/seeddms/code
synced 2025-06-01 22:47:19 +00:00
move most of the login code into a controller
This commit is contained in:
Uwe Steinmann
parent
c3ca1cb1f9
commit
b7ffaa878e
|
|
@ -21,14 +21,205 @@
|
|||
* @version Release: @package_version@
|
||||
*/
|
||||
class SeedDMS_Controller_Login extends SeedDMS_Controller_Common {
|
||||
/**
|
||||
* @var array $user set if user could be logged in
|
||||
* @access protected
|
||||
*/
|
||||
static protected $user;
|
||||
|
||||
public function run() {
|
||||
public function getUser() { /* {{{ */
|
||||
return self::$user;
|
||||
} /* }}} */
|
||||
|
||||
public function run() { /* {{{ */
|
||||
$dms = $this->params['dms'];
|
||||
$user = $this->params['user'];
|
||||
$settings = $this->params['settings'];
|
||||
$session = $this->params['session'];
|
||||
$sesstheme = $this->params['sesstheme'];
|
||||
$lang = $this->params['lang'];
|
||||
$login = $this->params['login'];
|
||||
$pwd = $this->params['pwd'];
|
||||
|
||||
if($this->callHook('postLogin')) {
|
||||
self::$user = null;
|
||||
|
||||
/* The preLogin hook may set self::$user which will prevent any further
|
||||
* authentication process.
|
||||
*/
|
||||
if($this->callHook('preLogin')) {
|
||||
}
|
||||
}
|
||||
|
||||
$user = self::$user;
|
||||
|
||||
/* The password may only be empty if the guest user tries to log in.
|
||||
* There is just one guest account with id $settings->_guestID which
|
||||
* is allowed to log in without a password. All other guest accounts
|
||||
* are treated like regular logins
|
||||
*/
|
||||
if(!$user && $settings->_enableGuestLogin && (int) $settings->_guestID) {
|
||||
$guestUser = $dms->getUser((int) $settings->_guestID);
|
||||
if(($login != $guestUser->getLogin())) {
|
||||
if ((!isset($pwd) || strlen($pwd)==0)) {
|
||||
$this->setErrorMsg("login_error_text");
|
||||
return false;
|
||||
}
|
||||
} else {
|
||||
$user = $guestUser;
|
||||
}
|
||||
}
|
||||
|
||||
/* Run any additional authentication method. The hook must return a
|
||||
* valid user, if the authentication succeeded. If it fails, it must
|
||||
* return false and if the hook doesn't care at all, if must return null.
|
||||
*/
|
||||
$user = $this->callHook('authenticate');
|
||||
if(false === $user) {
|
||||
if(empty($this->errormsg))
|
||||
$this->setErrorMsg("authentication_failed");
|
||||
return false;
|
||||
}
|
||||
|
||||
/* Deprecated: Run any additional authentication implemented in a hook */
|
||||
if(!$user && isset($GLOBALS['SEEDDMS_HOOKS']['authentication'])) {
|
||||
foreach($GLOBALS['SEEDDMS_HOOKS']['authentication'] as $authObj) {
|
||||
if(!$user && method_exists($authObj, 'authenticate')) {
|
||||
$user = $authObj->authenticate($dms, $settings, $login, $pwd);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* Authenticate against LDAP server {{{ */
|
||||
if (!$user && isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) {
|
||||
require_once("../inc/inc.ClassLdapAuthentication.php");
|
||||
$authobj = new SeedDMS_LdapAuthentication($dms, $settings);
|
||||
$user = $authobj->authenticate($login, $pwd);
|
||||
} /* }}} */
|
||||
|
||||
/* Authenticate against SeedDMS database {{{ */
|
||||
if(!$user) {
|
||||
require_once("../inc/inc.ClassDbAuthentication.php");
|
||||
$authobj = new SeedDMS_DbAuthentication($dms, $settings);
|
||||
$user = $authobj->authenticate($login, $pwd);
|
||||
} /* }}} */
|
||||
|
||||
/* If the user is still not authenticated, then exit with an error */
|
||||
if(!$user) {
|
||||
$this->callHook('loginFailed');
|
||||
$this->setErrorMsg("login_error_text");
|
||||
return false;
|
||||
}
|
||||
|
||||
self::$user = $user;
|
||||
|
||||
/* Check for other restrictions which prevent the user from login, though
|
||||
* the authentication was successfull.
|
||||
*/
|
||||
$userid = $user->getID();
|
||||
if (($userid == $settings->_guestID) && (!$settings->_enableGuestLogin)) {
|
||||
$this->setErrorMsg("guest_login_disabled");
|
||||
return false;
|
||||
}
|
||||
|
||||
// Check if account is disabled
|
||||
if($user->isDisabled()) {
|
||||
$this->setErrorMsg("login_disabled_text");
|
||||
return false;
|
||||
}
|
||||
|
||||
// control admin IP address if required
|
||||
if ($user->isAdmin() && ($_SERVER['REMOTE_ADDR'] != $settings->_adminIP ) && ( $settings->_adminIP != "") ){
|
||||
$this->setErrorMsg("invalid_user_id");
|
||||
return false;
|
||||
}
|
||||
|
||||
/* Run any additional checks which may prevent login */
|
||||
if(false === $this->callHook('restrictLogin', $user)) {
|
||||
if(empty($this->errormsg))
|
||||
$this->setErrorMsg("login_restrictions_apply");
|
||||
return false;
|
||||
}
|
||||
|
||||
if(!$user && isset($GLOBALS['SEEDDMS_HOOKS']['authentication'])) {
|
||||
foreach($GLOBALS['SEEDDMS_HOOKS']['authentication'] as $authObj) {
|
||||
if(!$user && method_exists($authObj, 'authenticate')) {
|
||||
$user = $authObj->authenticate($dms, $settings, $login, $pwd);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* Clear login failures if login was successful */
|
||||
$user->clearLoginFailures();
|
||||
|
||||
// Capture the user's language and theme settings.
|
||||
if (isset($_REQUEST["lang"]) && strlen($_REQUEST["lang"])>0 && is_numeric(array_search($_REQUEST["lang"],getLanguages())) ) {
|
||||
$lang = $_REQUEST["lang"];
|
||||
$user->setLanguage($lang);
|
||||
}
|
||||
else {
|
||||
$lang = $user->getLanguage();
|
||||
if (strlen($lang)==0) {
|
||||
$lang = $settings->_language;
|
||||
$user->setLanguage($lang);
|
||||
}
|
||||
}
|
||||
if ($sesstheme) {
|
||||
$user->setTheme($sesstheme);
|
||||
}
|
||||
else {
|
||||
$sesstheme = $user->getTheme();
|
||||
if (strlen($sesstheme)==0) {
|
||||
$sesstheme = $settings->_theme;
|
||||
// $user->setTheme($sesstheme);
|
||||
}
|
||||
}
|
||||
|
||||
// Delete all sessions that are more than 1 week or the configured
|
||||
// cookie lifetime old. Probably not the most
|
||||
// reliable place to put this check -- move to inc.Authentication.php?
|
||||
if($settings->_cookieLifetime)
|
||||
$lifetime = intval($settings->_cookieLifetime);
|
||||
else
|
||||
$lifetime = 7*86400;
|
||||
if(!$session->deleteByTime($lifetime)) {
|
||||
$this->setErrorMsg("error_occured");
|
||||
return false;
|
||||
}
|
||||
|
||||
if (isset($_COOKIE["mydms_session"])) {
|
||||
/* This part will never be reached unless the session cookie is kept,
|
||||
* but op.Logout.php deletes it. Keeping a session could be a good idea
|
||||
* for retaining the clipboard data, but the user id in the session should
|
||||
* be set to 0 which is not possible due to foreign key constraints.
|
||||
* So for now op.Logout.php will delete the cookie as always
|
||||
*/
|
||||
/* Load session */
|
||||
$dms_session = $_COOKIE["mydms_session"];
|
||||
if(!$resArr = $session->load($dms_session)) {
|
||||
/* Turn off http only cookies if jumploader is enabled */
|
||||
setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot, null, null, !$settings->_enableLargeFileUpload); //delete cookie
|
||||
header("Location: " . $settings->_httpRoot . "out/out.Login.php?referuri=".$refer);
|
||||
exit;
|
||||
} else {
|
||||
$session->updateAccess($dms_session);
|
||||
$session->setUser($userid);
|
||||
}
|
||||
} else {
|
||||
// Create new session in database
|
||||
if(!$id = $session->create(array('userid'=>$userid, 'theme'=>$sesstheme, 'lang'=>$lang))) {
|
||||
$this->setErrorMsg("error_occured");
|
||||
return false;
|
||||
}
|
||||
|
||||
// Set the session cookie.
|
||||
if($settings->_cookieLifetime)
|
||||
$lifetime = time() + intval($settings->_cookieLifetime);
|
||||
else
|
||||
$lifetime = 0;
|
||||
setcookie("mydms_session", $id, $lifetime, $settings->_httpRoot, null, null, !$settings->_enableLargeFileUpload);
|
||||
}
|
||||
|
||||
if($this->callHook('postLogin', $user)) {
|
||||
}
|
||||
|
||||
return true;
|
||||
} /* }}} */
|
||||
}
|
||||
|
|
|
|||
160
op/op.Login.php
160
op/op.Login.php
|
|
@ -31,21 +31,20 @@ include("../inc/inc.ClassController.php");
|
|||
|
||||
include $settings->_rootDir . "languages/" . $settings->_language . "/lang.inc";
|
||||
|
||||
function _printMessage($heading, $message) { /* {{{ */
|
||||
function _printMessage($message) { /* {{{ */
|
||||
global $session, $dms, $theme;
|
||||
|
||||
header("Location:../out/out.Login.php?msg=".urlencode($message));
|
||||
exit;
|
||||
|
||||
UI::exitError($heading, $message, true);
|
||||
return;
|
||||
} /* }}} */
|
||||
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$controller = Controller::factory($tmp[1], array('dms'=>$dms));
|
||||
|
||||
$sesstheme = '';
|
||||
if (isset($_REQUEST["sesstheme"]) && strlen($_REQUEST["sesstheme"])>0 && is_numeric(array_search($_REQUEST["sesstheme"],UI::getStyles())) ) {
|
||||
$theme = $_REQUEST["sesstheme"];
|
||||
$sesstheme = $_REQUEST["sesstheme"];
|
||||
}
|
||||
|
||||
if (isset($_REQUEST["login"])) {
|
||||
|
|
@ -54,7 +53,7 @@ if (isset($_REQUEST["login"])) {
|
|||
}
|
||||
|
||||
if (!isset($login) || strlen($login)==0) {
|
||||
_printMessage(getMLText("login_error_title"), getMLText("login_not_given")."\n");
|
||||
_printMessage(getMLText("login_not_given")."\n");
|
||||
exit;
|
||||
}
|
||||
|
||||
|
|
@ -66,147 +65,8 @@ if(isset($_POST['pwd'])) {
|
|||
}
|
||||
}
|
||||
|
||||
/* Initialy set $user to false. It will contain a valid user record
|
||||
* if the user is a guest user or authentication will succeed.
|
||||
*/
|
||||
$user = false;
|
||||
|
||||
/* The password may only be empty if the guest user tries to log in.
|
||||
* There is just one guest account with id $settings->_guestID which
|
||||
* is allowed to log in without a password. All other guest accounts
|
||||
* are treated like regular logins
|
||||
*/
|
||||
if($settings->_enableGuestLogin && (int) $settings->_guestID) {
|
||||
$guestUser = $dms->getUser((int) $settings->_guestID);
|
||||
if(($login != $guestUser->getLogin())) {
|
||||
if ((!isset($pwd) || strlen($pwd)==0)) {
|
||||
_printMessage(getMLText("login_error_title"), getMLText("login_error_text")."\n");
|
||||
exit;
|
||||
}
|
||||
} else {
|
||||
$user = $guestUser;
|
||||
}
|
||||
}
|
||||
|
||||
if(!$user && isset($GLOBALS['SEEDDMS_HOOKS']['authentication'])) {
|
||||
foreach($GLOBALS['SEEDDMS_HOOKS']['authentication'] as $authObj) {
|
||||
if(!$user && method_exists($authObj, 'authenticate')) {
|
||||
$user = $authObj->authenticate($dms, $settings, $login, $pwd);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* Authenticate against LDAP server {{{ */
|
||||
if (!$user && isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) {
|
||||
require_once("../inc/inc.ClassLdapAuthentication.php");
|
||||
$authobj = new SeedDMS_LdapAuthentication($dms, $settings);
|
||||
$user = $authobj->authenticate($login, $pwd);
|
||||
} /* }}} */
|
||||
|
||||
/* Authenticate against SeedDMS database {{{ */
|
||||
if(!$user) {
|
||||
require_once("../inc/inc.ClassDbAuthentication.php");
|
||||
$authobj = new SeedDMS_DbAuthentication($dms, $settings);
|
||||
$user = $authobj->authenticate($login, $pwd);
|
||||
} /* }}} */
|
||||
|
||||
if(!$user) {
|
||||
_printMessage(getMLText("login_error_title"), getMLText("login_error_text"));
|
||||
exit;
|
||||
}
|
||||
|
||||
$userid = $user->getID();
|
||||
if (($userid == $settings->_guestID) && (!$settings->_enableGuestLogin)) {
|
||||
_printMessage(getMLText("login_error_title"), getMLText("guest_login_disabled"));
|
||||
exit;
|
||||
}
|
||||
|
||||
// Check if account is disabled
|
||||
if($user->isDisabled()) {
|
||||
_printMessage(getMLText("login_disabled_title"), getMLText("login_disabled_text"));
|
||||
exit;
|
||||
}
|
||||
|
||||
// control admin IP address if required
|
||||
if ($user->isAdmin() && ($_SERVER['REMOTE_ADDR'] != $settings->_adminIP ) && ( $settings->_adminIP != "") ){
|
||||
_printMessage(getMLText("login_error_title"), getMLText("invalid_user_id"));
|
||||
exit;
|
||||
}
|
||||
|
||||
/* Clear login failures if login was successful */
|
||||
$user->clearLoginFailures();
|
||||
|
||||
// Capture the user's language and theme settings.
|
||||
if (isset($_REQUEST["lang"]) && strlen($_REQUEST["lang"])>0 && is_numeric(array_search($_REQUEST["lang"],getLanguages())) ) {
|
||||
$lang = $_REQUEST["lang"];
|
||||
$user->setLanguage($lang);
|
||||
}
|
||||
else {
|
||||
$lang = $user->getLanguage();
|
||||
if (strlen($lang)==0) {
|
||||
$lang = $settings->_language;
|
||||
$user->setLanguage($lang);
|
||||
}
|
||||
}
|
||||
if (isset($_REQUEST["sesstheme"]) && strlen($_REQUEST["sesstheme"])>0 && is_numeric(array_search($_REQUEST["sesstheme"],UI::getStyles())) ) {
|
||||
$sesstheme = $_REQUEST["sesstheme"];
|
||||
$user->setTheme($sesstheme);
|
||||
}
|
||||
else {
|
||||
$sesstheme = $user->getTheme();
|
||||
if (strlen($sesstheme)==0) {
|
||||
$sesstheme = $settings->_theme;
|
||||
// $user->setTheme($sesstheme);
|
||||
}
|
||||
}
|
||||
|
||||
$session = new SeedDMS_Session($db);
|
||||
|
||||
// Delete all sessions that are more than 1 week or the configured
|
||||
// cookie lifetime old. Probably not the most
|
||||
// reliable place to put this check -- move to inc.Authentication.php?
|
||||
if($settings->_cookieLifetime)
|
||||
$lifetime = intval($settings->_cookieLifetime);
|
||||
else
|
||||
$lifetime = 7*86400;
|
||||
if(!$session->deleteByTime($lifetime)) {
|
||||
_printMessage(getMLText("login_error_title"), getMLText("error_occured").": ".$db->getErrorMsg());
|
||||
exit;
|
||||
}
|
||||
|
||||
if (isset($_COOKIE["mydms_session"])) {
|
||||
/* This part will never be reached unless the session cookie is kept,
|
||||
* but op.Logout.php deletes it. Keeping a session could be a good idea
|
||||
* for retaining the clipboard data, but the user id in the session should
|
||||
* be set to 0 which is not possible due to foreign key constraints.
|
||||
* So for now op.Logout.php will delete the cookie as always
|
||||
*/
|
||||
/* Load session */
|
||||
$dms_session = $_COOKIE["mydms_session"];
|
||||
if(!$resArr = $session->load($dms_session)) {
|
||||
/* Turn off http only cookies if jumploader is enabled */
|
||||
setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot, null, null, !$settings->_enableLargeFileUpload); //delete cookie
|
||||
header("Location: " . $settings->_httpRoot . "out/out.Login.php?referuri=".$refer);
|
||||
exit;
|
||||
} else {
|
||||
$session->updateAccess($dms_session);
|
||||
$session->setUser($userid);
|
||||
}
|
||||
} else {
|
||||
// Create new session in database
|
||||
if(!$id = $session->create(array('userid'=>$userid, 'theme'=>$sesstheme, 'lang'=>$lang))) {
|
||||
_printMessage(getMLText("login_error_title"), getMLText("error_occured").": ".$db->getErrorMsg());
|
||||
exit;
|
||||
}
|
||||
|
||||
// Set the session cookie.
|
||||
if($settings->_cookieLifetime)
|
||||
$lifetime = time() + intval($settings->_cookieLifetime);
|
||||
else
|
||||
$lifetime = 0;
|
||||
setcookie("mydms_session", $id, $lifetime, $settings->_httpRoot, null, null, !$settings->_enableLargeFileUpload);
|
||||
}
|
||||
|
||||
// TODO: by the PHP manual: The superglobals $_GET and $_REQUEST are already decoded.
|
||||
// Using urldecode() on an element in $_GET or $_REQUEST could have unexpected and dangerous results.
|
||||
|
||||
|
|
@ -219,9 +79,17 @@ else if (isset($_GET["referuri"]) && strlen($_GET["referuri"])>0) {
|
|||
|
||||
add_log_line();
|
||||
|
||||
$controller->setParam('user', $user);
|
||||
$controller->setParam('login', $login);
|
||||
$controller->setParam('pwd', $pwd);
|
||||
$controller->setParam('lang', $lang);
|
||||
$controller->setParam('sesstheme', $sesstheme);
|
||||
$controller->setParam('session', $session);
|
||||
$controller->run();
|
||||
if(!$controller->run()) {
|
||||
_printMessage(getMLText($controller->getErrorMsg()), getMLText($controller->getErrorMsg())."\n");
|
||||
exit;
|
||||
}
|
||||
|
||||
$user = $controller->getUser();
|
||||
|
||||
if (isset($referuri) && strlen($referuri)>0) {
|
||||
// header("Location: http".((isset($_SERVER['HTTPS']) && (strcmp($_SERVER['HTTPS'],'off')!=0)) ? "s" : "")."://".$_SERVER['HTTP_HOST'] . $referuri);
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user