[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] phpgwapi/inc/auth class.auth_.inc.php, 1.1 class.auth
From: |
fipsfuchs |
Subject: |
[Phpgroupware-cvs] phpgwapi/inc/auth class.auth_.inc.php, 1.1 class.auth_ntlm.inc.php, 1.1 class.auth_mail.inc.php, 1.1 class.auth_exchange.inc.php, 1.1 class.auth_sqlssl.inc.php, 1.1 class.auth_ldap.inc.php, 1.1 class.auth_ads.inc.php, 1.1 class.auth_sql.inc.php, 1.1 class.auth_http.inc.php, 1.1 class.auth_nis.inc.php, 1.1 |
Date: |
Tue, 22 Mar 2005 15:53:00 +0100 |
Update of phpgwapi/inc/auth
Added Files:
Branch: MAIN
class.auth_.inc.php
class.auth_ntlm.inc.php
class.auth_mail.inc.php
class.auth_exchange.inc.php
class.auth_sqlssl.inc.php
class.auth_ldap.inc.php
class.auth_ads.inc.php
class.auth_sql.inc.php
class.auth_http.inc.php
class.auth_nis.inc.php
Log Message:
auth classes moved to supfolder
====================================================
Index: class.auth_.inc.php
<?php
/**
* Authentication based on SQL table
* @author Dan Kuykendall <address@hidden>
* @author Joseph Engo <address@hidden>
* @author Philipp Kamps <address@hidden>
* @copyright Copyright (C) 2000-2004 Free Software Foundation, Inc.
http://www.fsf.org/
* @license http://www.gnu.org/licenses/lgpl.html GNU Lesser General
Public License
* @package phpgwapi
* @subpackage accounts
* @version $Id: class.auth_.inc.php,v 1.1 2005/03/22 14:53:43 fipsfuchs
Exp $
*/
/**
* Authentication based on SQL table
*
* @package phpgwapi
* @subpackage accounts
*/
class auth_
{
var $previous_login = -1;
var $xmlrpc_methods = array();
function auth()
{
$this->xmlrpc_methods[] = array(
'name' => 'change_password',
'decription' => 'Change the current users
password'
);
}
function authenticate($username, $passwd, $passwd_type)
{
}
function change_password($old_passwd, $new_passwd, $account_id
= '')
{
// Don't allow passwords changes for other accounts
when using XML-RPC
if (! $account_id ||
$GLOBALS['phpgw_info']['flags']['currentapp'] == 'login')
{
$account_id =
$GLOBALS['phpgw_info']['user']['account_id'];
$pwd_check = " and account_pwd='" .
md5($old_passwd) . "'";
}
$encrypted_passwd = md5($new_passwd);
$GLOBALS['phpgw']->db->query("update phpgw_accounts set
account_pwd='" . md5($new_passwd) . "',"
. "account_lastpwd_change='" . time() . "'
where account_id='" . $account_id . "'" . $pwd_check,__LINE__,__FILE__);
if ($GLOBALS['phpgw']->db->affected_rows())
{
$GLOBALS['phpgw']->session->appsession('password','phpgwapi',base64_encode($new_passwd));
return $encrypted_passwd;
}
else
{
return false;
}
}
function update_lastlogin($account_id, $ip)
{
$GLOBALS['phpgw']->db->query("update phpgw_accounts set
account_lastloginfrom='"
. "$ip', account_lastlogin='" . time()
. "' where
account_id='$account_id'",__LINE__,__FILE__);
}
}
?>
====================================================
Index: class.auth_ntlm.inc.php
<?php
/**
* Authentication based on ntlm auth
* @author Philipp Kamps <address@hidden>
* @copyright Copyright (C) 2000-2004 Free Software Foundation, Inc
http://www.fsf.org/
* @license http://www.gnu.org/licenses/lgpl.html GNU Lesser General
Public License
* @package phpgwapi
* @subpackage accounts
* @version $Id: class.auth_ntlm.inc.php,v 1.1 2005/03/22 14:53:43
fipsfuchs Exp $
*/
/**
* Authentication based on ntlm auth
*
* @package phpgwapi
* @subpackage accounts
* @ignore
*/
class auth_ntlm extends auth_
{
function auth_ntlm()
{
parent::auth();
}
function authenticate($username, $passwd)
{
if (strlen($_SERVER['REMOTE_USER']))
{
return true;
}
else
{
return false;
}
}
function change_password($old_passwd, $new_passwd)
{
// not yet supported - this script would change the
windows domain password
return false;
}
}
?>
====================================================
Index: class.auth_mail.inc.php
<?php
/**
* Authentication based on Mail server
* @author Dan Kuykendall <address@hidden>
* @copyright Copyright (C) 2000-2004 Free Software Foundation, Inc.
http://www.fsf.org/
* @license http://www.gnu.org/licenses/lgpl.html GNU Lesser General
Public License
* @package phpgwapi
* @subpackage accounts
* @version $Id: class.auth_mail.inc.php,v 1.1 2005/03/22 14:53:43
fipsfuchs Exp $
*/
/**
* Authentication based on Mail server
*
* @package phpgwapi
* @subpackage accounts
* @ignore
*/
class auth_mail extends auth_
{
function auth_mail()
{
parent::auth();
}
function authenticate($username, $passwd)
{
error_reporting(error_reporting() - 2);
if ($GLOBALS['phpgw_info']['server']['mail_login_type']
== 'vmailmgr')
{
$username = $username . '@' .
$GLOBALS['phpgw_info']['server']['mail_suffix'];
}
if ($GLOBALS['phpgw_info']['server']['mail_login_type']
== 'ispman')
{
$username = $username . '_' . str_replace('.',
'_', $GLOBALS['phpgw_info']['server']['mail_suffix']);
}
if
($GLOBALS['phpgw_info']['server']['mail_server_type']=='imap')
{
$GLOBALS['phpgw_info']['server']['mail_port'] =
'143';
}
elseif
($GLOBALS['phpgw_info']['server']['mail_server_type']=='pop3')
{
$GLOBALS['phpgw_info']['server']['mail_port'] =
'110';
}
elseif
($GLOBALS['phpgw_info']['server']['mail_server_type']=='imaps')
{
$GLOBALS['phpgw_info']['server']['mail_port'] =
'993';
}
elseif
($GLOBALS['phpgw_info']['server']['mail_server_type']=='pop3s')
{
$GLOBALS['phpgw_info']['server']['mail_port'] =
'995';
}
if(
$GLOBALS['phpgw_info']['server']['mail_server_type']=='pop3')
{
$mailauth =
imap_open('{'.$GLOBALS['phpgw_info']['server']['mail_server'].'/pop3'
.':'.$GLOBALS['phpgw_info']['server']['mail_port'].'}INBOX', $username ,
$passwd);
}
elseif (
$GLOBALS['phpgw_info']['server']['mail_server_type']=='imaps' )
{
// IMAPS support:
$mailauth =
imap_open('{'.$GLOBALS['phpgw_info']['server']['mail_server']."/ssl/novalidate-cert"
.':993}INBOX', $username , $passwd);
}
elseif (
$GLOBALS['phpgw_info']['server']['mail_server_type']=='pop3s' )
{
// POP3S support:
$mailauth =
imap_open('{'.$GLOBALS['phpgw_info']['server']['mail_server']."/ssl/novalidate-cert"
.':995}INBOX', $username , $passwd);
}
else
{
/* assume imap */
$mailauth =
imap_open('{'.$GLOBALS['phpgw_info']['server']['mail_server']
.':'.$GLOBALS['phpgw_info']['server']['mail_port'].'}INBOX', $username ,
$passwd);
}
error_reporting(error_reporting() + 2);
if ($mailauth == False)
{
return False;
}
else
{
imap_close($mailauth);
return True;
}
}
function change_password($old_passwd, $new_passwd)
{
return False;
}
}
?>
====================================================
Index: class.auth_exchange.inc.php
<?php
/**
* Authentication based on Exchange 5.5
* @author Philipp Kamps <address@hidden>
* @copyright Portions Copyright (C) 2000-2004 Free Software Foundation,
Inc. http://www.fsf.org/
* @license http://www.gnu.org/licenses/lgpl.html GNU Lesser General
Public License
* @package phpgwapi
* @subpackage accounts
* @version $Id: class.auth_exchange.inc.php,v 1.1 2005/03/22 14:53:43
fipsfuchs Exp $
*/
/**
* Authentication based on LDAP
*
* @package phpgwapi
* @subpackage accounts
*/
class auth_exchange extends auth_
{
/**
*
* ldap connection
*/
var $ldap;
/**
*
* your windows domain
*/
var $domain = '';
/**
*
* your exchange host
*/
var $host = '';
function auth_exchange()
{
parent::auth();
if(!$this->ldap = ldap_connect($this->host))
{
die('not connected');
return false;
}
}
function get_base_dn()
{
return 'DC='.$this->domain;
}
function transform_username($username)
{
return $username;
}
function authenticate($username, $passwd, $pwType)
{
if($pwType == 'none')
{
return true;
}
// empty pw will connect as anonymous user
if (empty($passwd))
{
$passwd = crypt(microtime());
}
/* Try to bind to the repository */
if(@ldap_bind($this->ldap,
'cn='.$this->transform_username($username).','.$this->get_base_dn(),
$passwd
))
{
return true;
}
return false;
}
function change_password($old_passwd, $new_passwd,
$_account_id='')
{
return false;
}
}
?>
====================================================
Index: class.auth_sqlssl.inc.php
<?php
/**
* Authentication based on SQL, with optional SSL authentication
* @author Andreas 'Count' Kotes <address@hidden>
* @copyright Copyright (C) 200x Andreas 'Count' Kotes <address@hidden>
* @copyright Portions Copyright (C) 2004 Free Software Foundation, Inc.
http://www.fsf.org/
* @license http://www.gnu.org/licenses/lgpl.html GNU Lesser General
Public License
* @package phpgwapi
* @subpackage accounts
* @version $Id: class.auth_sqlssl.inc.php,v 1.1 2005/03/22 14:53:43
fipsfuchs Exp $
*/
/**
* Authentication based on SQL, with optional SSL authentication
*
* @package phpgwapi
* @subpackage accounts
* @ignore
*/
class auth_sqlssl extends auth_
{
function auth_sqlssl()
{
parent::auth();
}
function authenticate($username, $passwd)
{
$db = $GLOBALS['phpgw']->db;
$local_debug = False;
if($local_debug)
{
echo "<b>Debug SQL: uid - $username passwd -
$passwd</b>";
}
// Apache + mod_ssl provide the data in the environment
// Certificate (chain) verification occurs inside
mod_ssl
// see
http://www.modssl.org/docs/2.8/ssl_howto.html#ToC6
if(!isset($_SERVER['SSL_CLIENT_S_DN']))
{
// if we're not doing SSL authentication,
behave like auth_sql
$db->query("SELECT * FROM phpgw_accounts WHERE
account_lid = '$username' AND "
. "account_pwd='" . md5($passwd) . "'
AND account_status ='A'",__LINE__,__FILE__);
$db->next_record();
}
else
{
// use username only for authentication, ignore
X.509 subject in $passwd for now
$db->query('SELECT * FROM phpgw_accounts'
. " WHERE account_lid = '" .
$db->db_addslashes($username) . "'"
. "AND account_status
='A'",__LINE__,__FILE__);
$db->next_record();
}
if($db->f('account_lid'))
{
return True;
}
else
{
return False;
}
}
}
?>
====================================================
Index: class.auth_ldap.inc.php
<?php
/**
* Authentication based on LDAP Server
* @author Lars Kneschke <address@hidden>
* @author Joseph Engo <address@hidden>
* @copyright Copyright (C) 2000,2001 Lars Kneschke, Joseph Engo
* @copyright Portions Copyright (C) 2000-2004 Free Software Foundation,
Inc. http://www.fsf.org/
* @license http://www.gnu.org/licenses/lgpl.html GNU Lesser General
Public License
* @package phpgwapi
* @subpackage accounts
* @version $Id: class.auth_ldap.inc.php,v 1.1 2005/03/22 14:53:43
fipsfuchs Exp $
*/
/**
* Authentication based on LDAP Server
*
* @package phpgwapi
* @subpackage accounts
* @ignore
*/
class auth_ldap extends auth_
{
function auth_ldap()
{
parent::auth();
}
function authenticate($username, $passwd)
{
//Connect as Admin with v3 or v2 in LDAP server
if ( !$ldap = $GLOBALS['phpgw']->common->ldapConnect() )
{
$GLOBALS['phpgw']->log->message('F-Abort,
Failed connecting to LDAP server for authenication, execution stopped');
$GLOBALS['phpgw']->log->commit();
return false;
}
//Search for the dn
$attributes = array( 'uid', 'dn', 'phpgwaccountstatus'
);
$sri = ldap_search($ldap,
$GLOBALS['phpgw_info']['server']['ldap_context'], "uid=$username", $attributes);
$allValues = ldap_get_entries($ldap, $sri);
error_reporting(0); // this avoid waring with ldap_bind
when user / password are not correct
if ($allValues['count'] > 0)
{
// let's check if its an inactive account
if($allValues[0]['phpgwaccountstatus'][0] !=
'I')
{
/* we only care about the first dn */
$userDN = $allValues[0]['dn'];
/*
generate a bogus password to pass if
the user doesn't give us one
this gets around systems that are
anonymous search enabled
*/
if (empty($passwd))
{
$passwd = crypt(microtime());
}
/* try to bind as the user with user
suplied password */
if (@ldap_bind($ldap, $userDN, $passwd))
{
@ldap_unbind($ldap); // we
don't need this connection anymore, so avoid a leak.
error_reporting(7);
return true;
}
}
}
else
{
}
@ldap_unbind($ldap);
/* Turn error reporting back to normal */
error_reporting(7);
/* dn not found or password wrong */
return False;
}
function change_password($old_passwd, $new_passwd,
$_account_id='')
{
if ('' == $_account_id)
{
$_account_id =
$GLOBALS['phpgw_info']['user']['account_id'];
}
$ds = $GLOBALS['phpgw']->common->ldapConnect();
$sri = ldap_search($ds,
$GLOBALS['phpgw_info']['server']['ldap_context'], 'uidnumber='.$_account_id);
$allValues = ldap_get_entries($ds, $sri);
$dn = $allValues[0]['dn'];
$entry['userpassword'] =
$GLOBALS['phpgw']->common->encrypt_password($new_passwd);
if (is_array($allValues[0]['objectclass']) &&
( in_array('phpgwAccount',
$allValues[0]['objectclass']) ||
in_array('phpgwaccount',
$allValues[0]['objectclass'])
)
)
{
$entry['phpgwlastpasswordchange'] = time();
}
if (@ldap_modify($ds, $dn, $entry))
{
$GLOBALS['phpgw']->session->appsession('password','phpgwapi',$new_passwd);
return $entry['userpassword'];
}
else
{
return false;
}
}
function update_lastlogin($account_id, $ip)
{
$entry['phpgwlastlogin'] = time();
$entry['phpgwlastloginfrom'] = $ip;
$ds = $GLOBALS['phpgw']->common->ldapConnect();
$sri = ldap_search($ds,
$GLOBALS['phpgw_info']['server']['ldap_context'], '(&(uidnumber=' .
$account_id.')(objectclass=phpgwaccount))');
$allValues = ldap_get_entries($ds, $sri);
if ($dn = $allValues[0]['dn'])
{
$this->previous_login =
$allValues[0]['phpgwlastlogin'][0];
ldap_modify($ds, $dn, $entry);
}
}
}
?>
====================================================
Index: class.auth_ads.inc.php
<?php
/**
* Authentication based on MS Active Directory Service
* @author Philipp Kamps <address@hidden>
* @copyright Portions Copyright (C) 2000-2004 Free Software Foundation,
Inc. http://www.fsf.org/
* @license http://www.gnu.org/licenses/lgpl.html GNU Lesser General
Public License
* @package phpgwapi
* @subpackage accounts
* @version $Id: class.auth_ads.inc.php,v 1.1 2005/03/22 14:53:43
fipsfuchs Exp $
*/
include_once(PHPGW_API_INC . '/auth/class.auth_exchange.inc.php');
/**
* Authentication based on MS Active Directory Service
*
* @package phpgwapi
* @subpackage accounts
*/
class auth_ads extends auth_exchange
{
/**
*
* your ADS base DN
*/
var $ldap_base = ''; //'DC=pbgroup,DC=lan';
/**
*
* your ads host
*/
var $host = ''; // example: '192.168.100.1';
function auth_ads()
{
parent::auth_exchange();
}
function transform_username($username)
{
// see this code as an example
ldap_bind($this->ldap,
'CN=admin,CN=Users,DC=pbgroup,DC=lan',
'password'
);
$sr = ldap_search($this->ldap,
'CN=Users,DC=pbgroup,DC=lan',
'mailNickname='.$username,
array('cn')
);
$entries = ldap_get_entries($this->ldap, $sr);
return $entries[0]['cn'][0];
}
function get_base_dn()
{
return 'CN=Users,'.$this->ldap_base;
}
}
?>
====================================================
Index: class.auth_sql.inc.php
<?php
/**
* Authentication based on SQL table
* @author Dan Kuykendall <address@hidden>
* @author Joseph Engo <address@hidden>
* @copyright Copyright (C) 2000-2004 Free Software Foundation, Inc.
http://www.fsf.org/
* @license http://www.gnu.org/licenses/lgpl.html GNU Lesser General
Public License
* @package phpgwapi
* @subpackage accounts
* @version $Id: class.auth_sql.inc.php,v 1.1 2005/03/22 14:53:43
fipsfuchs Exp $
*/
/**
* Authentication based on SQL table
*
* @package phpgwapi
* @subpackage accounts
*/
class auth_sql extends auth_
{
function auth_sql()
{
parent::auth();
}
function authenticate($username, $passwd, $passwd_type)
{
$db = $GLOBALS['phpgw']->db;
if ($passwd_type == 'text')
{
$_passwd = md5($passwd);
}
if ($passwd_type == 'md5')
{
$_passwd = $passwd;
}
$db->query("SELECT * FROM phpgw_accounts WHERE
account_lid = '$username' AND "
. "account_pwd='" . $_passwd . "' AND
account_status ='A'",__LINE__,__FILE__);
$db->next_record();
if ($db->f('account_lid'))
{
$this->previous_login =
$db->f('account_lastlogin');
return true;
}
else
{
return false;
}
}
}
?>
====================================================
Index: class.auth_http.inc.php
<?php
/**
* Authentication based on HTTP auth
* @author Dan Kuykendall <address@hidden>
* @author Joseph Engo <address@hidden>
* @copyright Copyright (C) 2000-2004 Free Software Foundation, Inc
http://www.fsf.org/
* @license http://www.gnu.org/licenses/lgpl.html GNU Lesser General
Public License
* @package phpgwapi
* @subpackage accounts
* @version $Id: class.auth_http.inc.php,v 1.1 2005/03/22 14:53:43
fipsfuchs Exp $
*/
/**
* Authentication based on HTTP auth
*
* @package phpgwapi
* @subpackage accounts
* @ignore
*/
class auth_http extends auth_
{
function auth_http()
{
parent::auth();
}
function authenticate($username, $passwd)
{
if (isset($GLOBALS['PHP_AUTH_USER']))
{
return True;
}
else
{
return False;
}
}
function change_password($old_passwd, $new_passwd)
{
return False;
}
}
?>
====================================================
Index: class.auth_nis.inc.php
<?php
/**
* Authentication based on NIS maps
* @author Dylan Adams <address@hidden>
* @copyright Copyright (C) 2001 Dylan Adams
* @copyright Portions Copyright (C) 2004 Free Software Foundation, Inc
http://www.fsf.org/
* @license http://www.gnu.org/licenses/lgpl.html GNU Lesser General
Public License
* @package phpgwapi
* @subpackage accounts
* @version $Id: class.auth_nis.inc.php,v 1.1 2005/03/22 14:53:43
fipsfuchs Exp $
*/
/**
* Authentication based on NIS maps
*
* @package phpgwapi
* @subpackage accounts
* @ignore
*/
class auth_nis extends auth_
{
function auth_nis()
{
parent::auth();
}
function authenticate($username, $passwd)
{
$domain = yp_get_default_domain();
if(
!empty($GLOBALS['phpgw_info']['server']['nis_domain']) )
{
$domain =
$GLOBALS['phpgw_info']['server']['nis_domain'];
}
$map = "passwd.byname";
if( !empty($GLOBALS['phpgw_info']['server']['nis_map'])
)
{
$map =
$GLOBALS['phpgw_info']['server']['nis_map'];
}
$entry = yp_match( $domain, $map, $username );
/*
* we assume that the map is structured in the usual
* unix passwd flavor
*/
$entry_array = explode( ':', $entry );
$stored_passwd = $entry_array[1];
$encrypted_passwd = crypt( $passwd, $stored_passwd );
return( $encrypted_passwd == $stored_passwd );
}
function change_password($old_passwd, $new_passwd, $account_id
= '')
{
// can't change passwords unless server runs as root
(bad idea)
return( False );
}
}
?>
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] phpgwapi/inc/auth class.auth_.inc.php, 1.1 class.auth_ntlm.inc.php, 1.1 class.auth_mail.inc.php, 1.1 class.auth_exchange.inc.php, 1.1 class.auth_sqlssl.inc.php, 1.1 class.auth_ldap.inc.php, 1.1 class.auth_ads.inc.php, 1.1 class.auth_sql.inc.php, 1.1 class.auth_http.inc.php, 1.1 class.auth_nis.inc.php, 1.1,
fipsfuchs <=
- Prev by Date:
[Phpgroupware-cvs] phpgwapi/inc class.auth.inc.php, 1.11 class.auth_sqlssl.inc.php, 1.8 class.auth_ntlm.inc.php, 1.3 class.auth_nis.inc.php, 1.6 class.auth_ldap.inc.php, 1.21 class.auth_mail.inc.php, 1.14 class.auth_sql.inc.php, 1.16 class.auth_http.inc.php, 1.10
- Next by Date:
[Phpgroupware-cvs] phpgwapi/inc/auth class.auth_exchange.inc.php, 1.2
- Previous by thread:
[Phpgroupware-cvs] phpgwapi/inc class.auth.inc.php, 1.11 class.auth_sqlssl.inc.php, 1.8 class.auth_ntlm.inc.php, 1.3 class.auth_nis.inc.php, 1.6 class.auth_ldap.inc.php, 1.21 class.auth_mail.inc.php, 1.14 class.auth_sql.inc.php, 1.16 class.auth_http.inc.php, 1.10
- Next by thread:
[Phpgroupware-cvs] phpgwapi/inc/auth class.auth_exchange.inc.php, 1.2
- Index(es):