Squiz Matrix  4.12.2
 All Data Structures Namespaces Functions Variables Pages
authentication_default.inc
1 <?php
18 require_once SQ_CORE_PACKAGE_PATH.'/system/authentication/authentication/authentication.inc';
19 
20 
32 class Authentication_Default extends Authentication
33 {
34 
35 
42  function Authentication_Default($assetid=0)
43  {
44  $this->Authentication($assetid);
45 
46  }//end constructor
47 
48 
57  function &locateUser($username)
58  {
59  $db = DAL::getDb();
60  try {
61  $bind_vars = Array('user_name' => $username);
62  $result = MatrixDAL::executeAll('authentication_default', 'locateUser', $bind_vars);
63  if (empty($result)) {
64  $result = Array();
65  } else {
66  $result = $result[0];
67  }
68  } catch (DALException $e) {
69  throw new Exception('Unable to locate user with user name "'.$username.'" due to a database error: '.$e->getMessage());
70  }
71 
72  if (isset($result['assetid']) && !empty($result['assetid'])) {
73  $user = $GLOBALS['SQ_SYSTEM']->am->getAsset($result['assetid']);
74 
75  if (is_null($user)) {
76  // no user was found with that username
77  } else {
78  return $user;
79  }
80  }
81 
82  $null = NULL;
83  return $null;
84 
85  }//end locateUser()
86 
87 
101  function &authenticateUser($username, $password)
102  {
103  $user = NULL;
104  // Try force lowercase username first, if not found or not in allowed type, try normal login
105  if(SQ_CONF_FORCE_LOWERCASE_USERNAME) {
106  $username_lowercase = strtolower($username);
107  $user_lowercase = $this->locateUser($username_lowercase);
108  if(!is_null($user_lowercase) && in_array(get_class($user_lowercase), Array('User', 'Simple_Edit_User', 'Backend_User', 'System_User')))
109  $user = $user_lowercase;
110  }
111 
112  if(is_null($user))
113  $user = $this->locateUser($username);
114 
115  if (is_null($user)) {
116  // no user was found with that username
117  } else if (!$user->comparePassword($password)) {
118  // a user was found, but the wrong password was supplied
119  $this->_registerInvalidLogin($user);
120  } else {
121  // user found with username and password supplied
122  unset($_SESSION['user_login_attempts']);
123  return $user;
124  }
125 
126  // need this because of return by reference
127  $null = NULL;
128  return $null;
129 
130  }//end authenticateUser()
131 
132 
141  function _registerInvalidLogin(&$user)
142  {
143  // Zero (0) is unlimited attempts
144  if (SQ_CONF_MAX_LOGIN_ATTEMPTS == 0) return;
145 
146  $username = $user->attr('username');
147  if (!isset($_SESSION['user_login_attempts'])) {
148  $_SESSION['user_login_attempts'] = Array();
149  }
150  if (!isset($_SESSION['user_login_attempts'][$username])) {
151  $_SESSION['user_login_attempts'][$username] = 1;
152  } else {
153  $_SESSION['user_login_attempts'][$username]++;
154  }
155 
156  if ($_SESSION['user_login_attempts'][$username] >= SQ_CONF_MAX_LOGIN_ATTEMPTS) {
157  unset($_SESSION['user_login_attempts']);
158 
159  if (!is_null($user) && $user->canLogin()) {
160  // pretend to be the root user so we can lock the account
161  $root_user = $GLOBALS['SQ_SYSTEM']->am->getSystemAsset('root_user');
162  if ($GLOBALS['SQ_SYSTEM']->setCurrentUser($root_user)) {
163  $success = FALSE;
164  $changed_runlevel = FALSE;
165 
166  // turn off status integrity checking
167  if ($GLOBALS['SQ_SYSTEM']->runLevelEnables(SQ_SECURITY_STATUS_INTEGRITY)) {
168  // FIXME: TESTME
169  $changed_runlevel = TRUE;
170  $GLOBALS['SQ_SYSTEM']->setRunLevel($GLOBALS['SQ_SYSTEM']->getRunLevel() - SQ_SECURITY_STATUS_INTEGRITY);
171  }
172 
173  // lock the user
174  if ($user->processStatusChange(SQ_STATUS_UNDER_CONSTRUCTION)) {
175  $success = TRUE;
176  }
177  $GLOBALS['SQ_SYSTEM']->restoreCurrentUser();
178 
179  // restore the runlevel if we have to
180  if ($changed_runlevel) {
181  $GLOBALS['SQ_SYSTEM']->restoreRunLevel();
182  }
183 
184  // log a message so we know someone has had their account locked
185  // we need to do this here because before we restore the current user
186  // we are actually logged in as ROOT
187  if ($success) {
188  $ms = $GLOBALS['SQ_SYSTEM']->getMessagingService();
189  $name = $user->name.' (Id: #'.$user->id.')';
190  $msg_reps = Array(
191  'user_name' => $name,
192  'num_attempts' => (int)SQ_CONF_MAX_LOGIN_ATTEMPTS,
193  );
194  $log = $ms->newMessage(Array(), 'system.security.locked', $msg_reps);
195  $log->parameters['remote_addr'] = $_SERVER['REMOTE_ADDR'];
196  $log->parameters['sessionid'] = session_id();
197  $log->send();
198  }
199  }//end if - set current user to root
200  }//end if - user exists and can login
201  }//end if - too many attempts
202 
203  }//end _registerInvalidLogin()
204 
205 
217  function &authenticateHttpUser($username)
218  {
219  try {
220  $bind_vars = Array('user_name' => $username);
221  $result = MatrixDAL::executeAll('authentication_default', 'locateUser', $bind_vars);
222  if (empty($result)) {
223  $result = Array();
224  } else {
225  $result = $result[0];
226  }
227  } catch (DALException $e) {
228  throw new Exception('Unable to locate user with user name "'.$username.'" due to a database error: '.$e->getMessage());
229  }
230 
231  $user = NULL;
232  if (isset($result['assetid']) && !empty($result['assetid'])) {
233  $user = $GLOBALS['SQ_SYSTEM']->am->getAsset($result['assetid']);
234  }
235  return $user;
236 
237  }//end authenticateHttpUser()
238 
239 
240 }//end class
241 
242 ?>