Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
mahara
mahara
Commits
0fd8c944
Commit
0fd8c944
authored
May 10, 2007
by
Donal McMullan
Browse files
Updated to use new multi-auth API
parent
1d2a00e5
Changes
1
Hide whitespace changes
Inline
Side-by-side
htdocs/auth/internal/lib.php
View file @
0fd8c944
...
...
@@ -32,66 +32,32 @@ defined('INTERNAL') || die();
*/
class
AuthInternal
extends
Auth
{
/**
* Attempt to authenticate user
*
* @param string $username The username to authenticate with
* @param string $password The password being used for authentication
* @param string $institution The institution the user is logging in for
* @return bool True/False based on whether the user
* authenticated successfully
* @throws AuthUnknownUserException If the user does not exist
*/
public
static
function
authenticate_user_account
(
$username
,
$password
,
$institution
)
{
if
(
!
$user
=
get_record_sql
(
'SELECT username, password, salt
FROM '
.
get_config
(
'dbprefix'
)
.
'usr
WHERE LOWER(username) = ?
AND institution = ?'
,
array
(
strtolower
(
$username
),
$institution
)))
{
throw
new
AuthUnknownUserException
(
"
\"
$username
\"
is not known to AuthInternal"
);
public
function
__construct
(
$id
=
null
)
{
$this
->
has_config
=
false
;
$this
->
type
=
'internal'
;
if
(
!
empty
(
$id
))
{
return
$this
->
init
(
$id
);
}
return
self
::
validate_password
(
$password
,
$user
->
password
,
$user
->
salt
);
}
/**
* Establishes whether a user exists
*
* @param string $username The username to check
* @return bool True if the user exists
* @throws AuthUnknownUserException If the user does not exist
*/
public
static
function
user_exists
(
$username
)
{
if
(
record_exists
(
'usr'
,
'LOWER(username)'
,
strtolower
(
$username
),
'institution'
,
'mahara'
))
{
return
true
;
}
throw
new
AuthUnknownUserException
(
"
\"
$username
\"
is not known to AuthInternal"
);
return
true
;
}
/**
* Given a user that we know about, return an array of information about them
*
* Used when a user who was otherwise unknown authenticates successfully,
* or if getting userinfo on each login is enabled for this auth method.
*
* Does not need to be implemented for the internal authentication method,
* because all users are already known about.
*/
public
static
function
get_user_info
(
$username
)
{
public
function
init
(
$id
)
{
$this
->
ready
=
parent
::
init
(
$id
);
return
true
;
}
/**
* Given a username, returns information about that user from the 'usr'
* table.
* Attempt to authenticate user
*
* @param string $username The name of the user to get information from
* @return object Information about the user
* @param object $user As returned from the usr table
* @param string $password The password being used for authentication
* @return bool True/False based on whether the user
* authenticated successfully
* @throws AuthUnknownUserException If the user does not exist
*/
public
static
function
get_user_info_cached
(
$username
)
{
if
(
!
$result
=
get_record
(
'usr'
,
'LOWER(username)'
,
strtolower
(
$username
),
null
,
null
,
null
,
null
,
'*, '
.
db_format_tsfield
(
'expiry'
)
.
', '
.
db_format_tsfield
(
'lastlogin'
)))
{
throw
new
AuthUnknownUserException
(
"
\"
$username
\"
is not known to AuthInternal"
);
}
return
$result
;
public
function
authenticate_user_account
(
$user
,
$password
)
{
$this
->
must_be_ready
();
return
$this
->
validate_password
(
$password
,
$user
->
password
,
$user
->
salt
);
}
/**
...
...
@@ -102,7 +68,7 @@ class AuthInternal extends Auth {
* @param string $password The password to check
* @return bool Whether the password is valid
*/
public
static
function
is_password_valid
(
$password
)
{
public
function
is_password_valid
(
$password
)
{
if
(
!
preg_match
(
'/^[a-zA-Z0-9 ~!#\$%\^&\*\(\)_\-=\+\,\.<>\/\?;:"\[\]\{\}\\\|`\']{6,}$/'
,
$password
))
{
return
false
;
}
...
...
@@ -124,18 +90,16 @@ class AuthInternal extends Auth {
* This method is not strictly part of the authentication API, but if
* defined allows the method to change a user's password.
*
* @param
string
$user
name
The user to change the password for
* @param string $password The password to set for the user
* @param
object
$user
The user to change the password for
* @param string
$password The password to set for the user
* @return string The new password, or empty if the password could not be set
*/
public
static
function
change_password
(
$username
,
$password
)
{
public
function
change_password
(
User
$user
,
$password
)
{
$this
->
must_be_ready
();
// Create a salted password and set it for the user
$user
=
new
StdClass
;
$user
->
salt
=
substr
(
md5
(
rand
(
1000000
,
9999999
)),
2
,
8
);
$user
->
password
=
self
::
encrypt_password
(
$password
,
$user
->
salt
);
$where
=
new
StdClass
;
$where
->
username
=
$username
;
update_record
(
'usr'
,
$user
,
$where
);
$user
->
password
=
$this
->
encrypt_password
(
$password
,
$user
->
salt
);
$user
->
commit
();
return
$user
->
password
;
}
...
...
@@ -152,7 +116,7 @@ class AuthInternal extends Auth {
* @param string $username The username to check
* @return bool Whether the username is valid
*/
public
static
function
is_username_valid
(
$username
)
{
public
function
is_username_valid
(
$username
)
{
return
preg_match
(
'/^[a-zA-Z0-9\._@]{3,30}$/'
,
$username
);
}
...
...
@@ -171,7 +135,7 @@ class AuthInternal extends Auth {
* @param string $salt The salt to use to encrypt the password
* @todo salt mandatory
*/
public
static
function
encrypt_password
(
$password
,
$salt
=
''
)
{
public
function
encrypt_password
(
$password
,
$salt
=
''
)
{
if
(
$salt
==
''
)
{
$salt
=
substr
(
md5
(
rand
(
1000000
,
9999999
)),
2
,
8
);
}
...
...
@@ -191,7 +155,8 @@ class AuthInternal extends Auth {
* database manually without having to make up and
* encrypt a password using a salt.
*/
private
static
function
validate_password
(
$theysent
,
$wehave
,
$salt
)
{
private
function
validate_password
(
$theysent
,
$wehave
,
$salt
)
{
$this
->
must_be_ready
();
if
(
$salt
==
null
)
{
// This allows "plaintext" passwords, which are eaiser for an admin to
// create by hacking in the database directly. The application does not
...
...
@@ -206,7 +171,7 @@ class AuthInternal extends Auth {
}
// The main type - a salted sha1
$sha1sent
=
self
::
encrypt_password
(
$theysent
,
$salt
);
$sha1sent
=
$this
->
encrypt_password
(
$theysent
,
$salt
);
return
$sha1sent
==
$wehave
;
}
...
...
@@ -226,4 +191,4 @@ class PluginAuthInternal extends PluginAuth {
}
}
?>
?>
\ No newline at end of file
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment