lib.php 4.83 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
<?php
/**
 * This program is part of Mahara
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
 *
 * @package    mahara
20
 * @subpackage auth/internal
21
22
23
24
25
26
27
28
 * @author     Nigel McNie <nigel@catalyst.net.nz>
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL
 * @copyright  (C) 2006,2007 Catalyst IT Ltd http://catalyst.net.nz
 *
 */

defined('INTERNAL') || die();

29
30
31
32
/**
 * The internal authentication method, which authenticates users against the
 * Mahara database.
 */
33
class AuthInternal extends Auth {
34
35
36
37
38
39
40
41
42
43
44

    /**
     * Attempt to authenticate user
     */
    public static function authenticate_user_account($username, $password, $institution) {
        if (!$user = get_record_sql('SELECT username, password, salt
            FROM ' . get_config('dbprefix') . 'usr
            WHERE LOWER(username) = ?', strtolower($username))) {
            throw new AuthUnknownUserException("\"$username\" is not known to Auth_Internal");
        }

45
        return self::validate_password($password, $user->password, $user->salt);
46
47
48
49
50
51
52
53
54
55
56
    }

    /**
     * Given a user that we know about, return an array of information about them
     */
    public static function get_user_info($username) {
        $user = new StdClass;
        $user->username = $username;
        return $user;
    }

57
58
59
60
61
62
63
    /**
     * Returns a form that allows an administrator to configure this
     * authentication method.
     *
     * The internal method has no configuration options. This is just
     * here until I can document it properly.
     */
64
65
66
67
68
69
70
71
72
73
74
    public static function get_configuration_form() {
        //return Auth::build_form('internal', array(
        //    'foo' => array(
        //        'type' => 'text',
        //        'title' => 'wtf',
        //        'description' => 'Testing',
        //        'help' => 'help',
        //        'defaultvalue' => get_config_plugin('auth', 'internal', 'foo')
        //    )
        //));
    }
75
76
77
78
79
80

    public static function validate_configuration_form(Form $form, $values) {
        //if (!$form->get_error('foo') && $values['foo'] != 'bar') {
        //    $form->set_error('foo', 'WTF man!');
        //}
    }
81
                
82
83
84
85
86
    /*
     The following two functions are inspired by Andrew McMillan's salted md5
     functions in AWL, adapted with his kind permission. Changed to use sha1
     and match the coding standards for Mahara.
    */
87
88
89
90
91
92
93
94
95

   /**
    * Given a password and an optional salt, encrypt the given password.
    *
    * Passwords are stored in SHA1 form.
    *
    * @param string $password The password to encrypt
    * @param string $salt     The salt to use to encrypt the password
    */
96
97
98
99
100
101
102
    private static function encrypt_password($password, $salt='') {
        if ($salt == '') {
            $salt = substr(md5(rand(1000000, 9999999)), 2, 8);
        }
        return sha1($salt . $password);
    }

103
104
105
106
107
108
109
110
111
112
113
114
115
    /**
     * Given a password that the user has sent, the password we have for them
     * and the salt we have, see if the password they sent is correct.
     *
     * @param string $theysent The password the user sent
     * @param string $wehave   The password we have in the database for them
     * @param string $salt     The salt we have. If null, plaintext password
     *                         checking is assumed. A null salt is not used
     *                         by the application - instead, this gives
     *                         administrators a way to set passwords inside the
     *                         database manually without having to make up and
     *                         encrypt a password using a salt.
     */
116
    private static function validate_password($theysent, $wehave, $salt) {
117
        if ($salt == null) {
118
119
120
            // This allows "plaintext" passwords, which are eaiser for an admin to
            // create by hacking in the database directly. The application does not
            // create passwords in this form.
121
            return $theysent == $wehave;
122
123
124
125
126
127
        }

        // The main type - a salted sha1
        $sha1sent = Auth_Internal::encrypt_password($theysent, $salt);
        return $sha1sent == $wehave;
    }
128

129
130
}

131
132
133
134
135
136
/**
 * Plugin configuration class. Nothing special required for this plugin...
 */
class PluginAuthInternal extends Plugin {
}

137
?>