mirror of
https://github.com/FH-Complete/FHC-Core.git
synced 2026-07-18 23:42:17 +00:00
Neue Authentifizierungsklasse
This commit is contained in:
@@ -0,0 +1,155 @@
|
||||
<?php
|
||||
/* Copyright (C) 2013 FH Technikum-Wien
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as
|
||||
* published by the Free Software Foundation; either version 2 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
|
||||
*
|
||||
* Authors: Andreas Oesterreicher <andreas.oesterreicher@technikum-wien.at>
|
||||
*
|
||||
*/
|
||||
/**
|
||||
* Klasse fuer Authentifizierung
|
||||
*/
|
||||
|
||||
require_once(dirname(__FILE__).'/basis.class.php');
|
||||
|
||||
class authentication extends auth
|
||||
{
|
||||
|
||||
public function login($username)
|
||||
{
|
||||
// Nicht noetig da dies ueber htaccess gesteuert wird
|
||||
}
|
||||
|
||||
public function getUser()
|
||||
{
|
||||
// derzeit get_uid in functions.inc.php
|
||||
if(isset($_SERVER['REMOTE_USER']))
|
||||
{
|
||||
return mb_strtolower(trim($_SERVER['REMOTE_USER']));
|
||||
}
|
||||
else
|
||||
{
|
||||
if(isset($_SESSION['user']))
|
||||
return mb_strtolower($_SESSION['user']);
|
||||
else
|
||||
return $this->RequireLogin();
|
||||
}
|
||||
}
|
||||
|
||||
// derzeit checkldapuser in functions.inc.php bzw per htaccess
|
||||
public function checkpassword($username, $passwort)
|
||||
{
|
||||
if($connect=ldap_connect(LDAP_SERVER))
|
||||
{
|
||||
ldap_set_option($connect, LDAP_OPT_REFERRALS,0);
|
||||
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION,3);
|
||||
|
||||
// bind to ldap connection
|
||||
if(($bind=ldap_bind($connect, LDAP_BIND_USER, LDAP_BIND_PASSWORD)) == false)
|
||||
{
|
||||
$this->errormsg="LDAP BIND Fehlgeschlagen";
|
||||
return false;
|
||||
}
|
||||
|
||||
// search for user
|
||||
if (($res_id = ldap_search( $connect, LDAP_BASE_DN, LDAP_USER_SEARCH_FILTER."=$username")) == false)
|
||||
{
|
||||
$this->errorsmg="Suche in LDAP fehlgeschlagen";
|
||||
return false;
|
||||
}
|
||||
|
||||
if (ldap_count_entries($connect, $res_id) != 1)
|
||||
{
|
||||
$this->errormsg='Username wurde nicht oder oefter gefunden';
|
||||
return false;
|
||||
}
|
||||
|
||||
if (( $entry_id = ldap_first_entry($connect, $res_id))== false)
|
||||
{
|
||||
$this->errormsg='LDAP Fetch fehlgeschlagen';
|
||||
return false;
|
||||
}
|
||||
|
||||
if (( $user_dn = ldap_get_dn($connect, $entry_id)) == false)
|
||||
{
|
||||
$this->errormsg='LDAP user-dn fetched fehlgeschlagen';
|
||||
return false;
|
||||
}
|
||||
|
||||
/* Authentifizierung des User */
|
||||
if (($link_id = @ldap_bind($connect, $user_dn, $passwort)) == false)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
ldap_close($connect);
|
||||
return true;
|
||||
}
|
||||
else
|
||||
{
|
||||
$this->errormsg='Verbindung zum LDAP Server fehlgeschlagen';
|
||||
}
|
||||
ldap_close($connect);
|
||||
return(false);
|
||||
}
|
||||
|
||||
// derzeit manual_basic_auth in functions.inc.php eventuell
|
||||
// direkt von getUser aus aufrufen wenn nicht authentifiziert
|
||||
public function RequireLogin()
|
||||
{
|
||||
if(!(isset($_SERVER['PHP_AUTH_USER']) && $this->checkpassword($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW'])))
|
||||
{
|
||||
header('WWW-Authenticate: Basic realm="FHComplete"');
|
||||
header('HTTP/1.0 401 Unauthorized');
|
||||
echo "Ihre Zugangsdaten sind ungueltig!";
|
||||
exit;
|
||||
}
|
||||
else
|
||||
{
|
||||
return mb_strtolower($_SERVER['PHP_AUTH_USER']);
|
||||
}
|
||||
}
|
||||
|
||||
public function isUserLoggedIn()
|
||||
{
|
||||
if(isset($_SERVER['PHP_AUTH_USER']) && $this->checkpassword($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']))
|
||||
return true;
|
||||
else
|
||||
return false;
|
||||
}
|
||||
|
||||
public function getOriginalUser()
|
||||
{
|
||||
if(isset($_SERVER['REMOTE_USER']))
|
||||
return mb_strtolower(trim($_SERVER['REMOTE_USER']));
|
||||
else
|
||||
{
|
||||
if(isset($_SESSION['user_original']))
|
||||
return $_SESSION['user_original'];
|
||||
}
|
||||
}
|
||||
|
||||
public function loginAsUser($username)
|
||||
{
|
||||
$_SESSION['user']=$username;
|
||||
return true;
|
||||
}
|
||||
|
||||
public function logout()
|
||||
{
|
||||
echo "LOGOUT BEI MIXED AUTH NICHT MÖGLICH";
|
||||
}
|
||||
}
|
||||
?>
|
||||
@@ -0,0 +1,143 @@
|
||||
<?php
|
||||
/* Copyright (C) 2013 FH Technikum-Wien
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as
|
||||
* published by the Free Software Foundation; either version 2 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
|
||||
*
|
||||
* Authors: Andreas Oesterreicher <andreas.oesterreicher@technikum-wien.at>
|
||||
*
|
||||
*/
|
||||
/**
|
||||
* Klasse fuer Authentifizierung ueber Sessions und LDAP
|
||||
*/
|
||||
|
||||
/**
|
||||
* Damit Session Authentifizierung funktioniert, muss in der php.ini die option
|
||||
* session.auto_start=1 gesetzt sein oder im Config ein session_start() hinzugefügt werden
|
||||
*/
|
||||
require_once(dirname(__FILE__).'/basis.class.php');
|
||||
|
||||
class authentication extends auth
|
||||
{
|
||||
public function login($username)
|
||||
{
|
||||
// Bei einem Login wird die Session ID erneuert
|
||||
// um Session Fixation zu erschweren
|
||||
session_regenerate_id();
|
||||
$_SESSION['user'] = mb_strtolower($username);
|
||||
}
|
||||
|
||||
public function getUser()
|
||||
{
|
||||
if(isset($_SESSION['user']))
|
||||
return mb_strtolower($_SESSION['user']);
|
||||
else
|
||||
return $this->RequireLogin();
|
||||
}
|
||||
|
||||
public function checkpassword($username, $passwort)
|
||||
{
|
||||
if($connect=ldap_connect(LDAP_SERVER))
|
||||
{
|
||||
// bind to ldap connection
|
||||
if(($bind=ldap_bind($connect, LDAP_BIND_USER, LDAP_BIND_PASSWORD)) == false)
|
||||
{
|
||||
$this->errormsg="LDAP BIND Fehlgeschlagen";
|
||||
return false;
|
||||
}
|
||||
|
||||
// search for user
|
||||
if (($res_id = ldap_search( $connect, LDAP_BASE_DN, LDAP_USER_SEARCH_FILTER."=$username")) == false)
|
||||
{
|
||||
$this->errorsmg="Suche in LDAP fehlgeschlagen";
|
||||
return false;
|
||||
}
|
||||
|
||||
if (ldap_count_entries($connect, $res_id) != 1)
|
||||
{
|
||||
$this->errormsg='Username wurde nicht oder oefter gefunden';
|
||||
return false;
|
||||
}
|
||||
|
||||
if (( $entry_id = ldap_first_entry($connect, $res_id))== false)
|
||||
{
|
||||
$this->errormsg='LDAP Fetch fehlgeschlagen';
|
||||
return false;
|
||||
}
|
||||
|
||||
if (( $user_dn = ldap_get_dn($connect, $entry_id)) == false)
|
||||
{
|
||||
$this->errormsg='LDAP user-dn fetched fehlgeschlagen';
|
||||
return false;
|
||||
}
|
||||
|
||||
/* Authentifizierung des User */
|
||||
if (($link_id = @ldap_bind($connect, $user_dn, $passwort)) == false)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
ldap_close($connect);
|
||||
return true;
|
||||
}
|
||||
else
|
||||
{
|
||||
$this->errormsg='Verbindung zum LDAP Server fehlgeschlagen';
|
||||
}
|
||||
ldap_close($connect);
|
||||
return(false);
|
||||
}
|
||||
|
||||
public function RequireLogin()
|
||||
{
|
||||
$_SESSION['request_uri']=$_SERVER['REQUEST_URI'];
|
||||
header('Location: '.APP_ROOT.'login.php');
|
||||
exit;
|
||||
}
|
||||
|
||||
public function isUserLoggedIn()
|
||||
{
|
||||
if(isset($_SESSION['user']) && $_SESSION['user']!='')
|
||||
return true;
|
||||
else
|
||||
return false;
|
||||
}
|
||||
|
||||
public function getOriginalUser()
|
||||
{
|
||||
if(isset($_SESSION['user_original']))
|
||||
return $_SESSION['user_original'];
|
||||
else
|
||||
return $_SESSION['user'];
|
||||
}
|
||||
|
||||
public function loginAsUser($username)
|
||||
{
|
||||
$_SESSION['user_original']=$_SESSION['user'];
|
||||
$_SESSION['user']=$username;
|
||||
session_regenerate_id();
|
||||
return true;
|
||||
}
|
||||
|
||||
public function logout()
|
||||
{
|
||||
unset($_SESSION['user']);
|
||||
unset($_SESSION['user_original']);
|
||||
session_destroy();
|
||||
return true;
|
||||
}
|
||||
}
|
||||
require_once(dirname(__FILE__).'/'.AUTH_SYSTEM.'.class.php');
|
||||
|
||||
?>
|
||||
@@ -0,0 +1,40 @@
|
||||
<?php
|
||||
/* Copyright (C) 2013 FH Technikum-Wien
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as
|
||||
* published by the Free Software Foundation; either version 2 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
|
||||
*
|
||||
* Authors: Andreas Oesterreicher <andreas.oesterreicher@technikum-wien.at>
|
||||
*
|
||||
*/
|
||||
/**
|
||||
* Klasse fuer Authentifizierung
|
||||
*/
|
||||
|
||||
require_once(dirname(__FILE__).'/basis.class.php');
|
||||
|
||||
abstract class auth extends basis
|
||||
{
|
||||
abstract function getUser();
|
||||
abstract function checkpassword($username, $passwort);
|
||||
abstract function RequireLogin();
|
||||
abstract function isUserLoggedIn();
|
||||
abstract function getOriginalUser();
|
||||
abstract function login($username);
|
||||
abstract function loginAsUser($username);
|
||||
abstract function logout();
|
||||
}
|
||||
require_once(dirname(__FILE__).'/'.AUTH_SYSTEM.'.class.php');
|
||||
|
||||
?>
|
||||
@@ -1350,6 +1350,9 @@ class content extends basis_db
|
||||
*/
|
||||
public function loadArray($ids, $sprache, $sichtbar=null)
|
||||
{
|
||||
if(count($ids)==0)
|
||||
return false;
|
||||
|
||||
$qry='';
|
||||
foreach($ids as $id)
|
||||
{
|
||||
|
||||
+35
-95
@@ -20,49 +20,43 @@
|
||||
* Rudolf Hangl <rudolf.hangl@technikum-wien.at>.
|
||||
*/
|
||||
require_once(dirname(__FILE__).'/basis_db.class.php');
|
||||
require_once(dirname(__FILE__).'/authentication.class.php');
|
||||
require_once('betriebsmittelperson.class.php');
|
||||
|
||||
// Auth: Benutzer des Webportals
|
||||
/**
|
||||
* DEPRECATED - Use Authentication Class
|
||||
*/
|
||||
function get_uid()
|
||||
{
|
||||
if(isset($_SERVER['REMOTE_USER']))
|
||||
{
|
||||
return mb_strtolower(trim($_SERVER['REMOTE_USER']));
|
||||
}
|
||||
else
|
||||
{
|
||||
if(isset($_SESSION['user']))
|
||||
return mb_strtolower($_SESSION['user']);
|
||||
else
|
||||
return manual_basic_auth();
|
||||
}
|
||||
// fuer Testzwecke
|
||||
//return 'oesi';
|
||||
//return 'pam';
|
||||
$auth = new authentication();
|
||||
return $auth->getUser();
|
||||
}
|
||||
|
||||
/**
|
||||
* DEPRECATED - Use Authentication Class
|
||||
*/
|
||||
function is_user_logged_in()
|
||||
{
|
||||
if(isset($_SERVER['PHP_AUTH_USER']) && checkldapuser($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']))
|
||||
return true;
|
||||
else
|
||||
return false;
|
||||
$auth = new authentication();
|
||||
return $auth->isUserLoggedIn();
|
||||
}
|
||||
/**
|
||||
* DEPRECATED - Use Authentication Class
|
||||
*/
|
||||
function get_original_uid()
|
||||
{
|
||||
if(isset($_SERVER['REMOTE_USER']))
|
||||
return mb_strtolower(trim($_SERVER['REMOTE_USER']));
|
||||
else
|
||||
{
|
||||
if(isset($_SESSION['user_original']))
|
||||
return $_SESSION['user_original'];
|
||||
}
|
||||
$auth = new authentication();
|
||||
return $auth->getOriginalUser();
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* DEPRECATED - Use Authentication Class
|
||||
*/
|
||||
function login_as_user($uid)
|
||||
{
|
||||
$_SESSION['user']=$uid;
|
||||
return true;
|
||||
$auth = new authentication();
|
||||
return $auth->loginAsUser($uid);
|
||||
}
|
||||
|
||||
function crlf()
|
||||
@@ -266,13 +260,16 @@ function jump_week($datum, $wochen)
|
||||
return $datum;
|
||||
}
|
||||
|
||||
/**
|
||||
* DEPRECATED - Use Variable Class
|
||||
*/
|
||||
function loadVariables($user)
|
||||
{
|
||||
$db = new basis_db();
|
||||
|
||||
$error_msg='';
|
||||
$num_rows=0;
|
||||
$sql_query="SELECT * FROM public.tbl_variable WHERE uid='$user'";
|
||||
$sql_query="SELECT * FROM public.tbl_variable WHERE uid=".$db->db_add_param($user);
|
||||
if(!$db->db_query($sql_query))
|
||||
$error_msg.=$db->db_last_error().'<BR>'.$sql_query;
|
||||
else
|
||||
@@ -376,9 +373,9 @@ function getStudiensemesterFromDatum($datum, $naechstes=true)
|
||||
$qry = "SELECT studiensemester_kurzbz FROM public.tbl_studiensemester WHERE";
|
||||
|
||||
if($naechstes)
|
||||
$qry.= " ende>'".addslashes($datum)."' ORDER BY ende ASC ";
|
||||
$qry.= " ende>".$db->db_add_param($datum)." ORDER BY ende ASC ";
|
||||
else
|
||||
$qry.= " start<'".addslashes($datum)."' ORDER BY ende DESC ";
|
||||
$qry.= " start<".$db->db_add_param($datum)." ORDER BY ende DESC ";
|
||||
|
||||
$qry.= "LIMIT 1";
|
||||
|
||||
@@ -422,61 +419,13 @@ function getUidFromCardNumber($number)
|
||||
|
||||
}
|
||||
|
||||
// ****************************************************************
|
||||
// * Prueft ob im LDAP ein User mit diesem Passwort existiert
|
||||
// ****************************************************************
|
||||
/**
|
||||
* DEPRECATED
|
||||
*/
|
||||
function checkldapuser($username,$password)
|
||||
{
|
||||
if($connect=@ldap_connect(LDAP_SERVER))
|
||||
{
|
||||
// bind to ldap connection
|
||||
if(($bind=@ldap_bind($connect)) == false)
|
||||
{
|
||||
print "bind:__FAILED__<br>\n";
|
||||
return false;
|
||||
}
|
||||
|
||||
// search for user
|
||||
if (($res_id = ldap_search( $connect, LDAP_BASE_DN, "uid=$username")) == false)
|
||||
{
|
||||
print "failure: search in LDAP-tree failed<br>";
|
||||
return false;
|
||||
}
|
||||
|
||||
if (ldap_count_entries($connect, $res_id) != 1)
|
||||
{
|
||||
print "failure: username not found<br>\n";
|
||||
return false;
|
||||
}
|
||||
|
||||
if (( $entry_id = ldap_first_entry($connect, $res_id))== false)
|
||||
{
|
||||
print "failur: entry of searchresult couln't be fetched<br>\n";
|
||||
return false;
|
||||
}
|
||||
|
||||
if (( $user_dn = ldap_get_dn($connect, $entry_id)) == false)
|
||||
{
|
||||
print "failure: user-dn coulnd't be fetched<br>\n";
|
||||
return false;
|
||||
}
|
||||
|
||||
/* Authentifizierung des User */
|
||||
if (($link_id = @ldap_bind($connect, $user_dn, $password)) == false)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
@ldap_close($connect);
|
||||
return true;
|
||||
}
|
||||
else
|
||||
{
|
||||
// no conection to ldap server
|
||||
echo "no connection to '$ldap_server'<br>\n";
|
||||
}
|
||||
@ldap_close($connect);
|
||||
return(false);
|
||||
$auth = new authentication();
|
||||
return $auth->checkpassword($username, $password);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -825,17 +774,8 @@ function check_filename($filename)
|
||||
*/
|
||||
function manual_basic_auth()
|
||||
{
|
||||
if(!(isset($_SERVER['PHP_AUTH_USER']) && checkldapuser($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW'])))
|
||||
{
|
||||
header('WWW-Authenticate: Basic realm="Technikum-Wien"');
|
||||
header('HTTP/1.0 401 Unauthorized');
|
||||
echo "Ihre Zugangsdaten sind ungueltig!";
|
||||
exit;
|
||||
}
|
||||
else
|
||||
{
|
||||
return mb_strtolower($_SERVER['PHP_AUTH_USER']);
|
||||
}
|
||||
$auth = new authentication();
|
||||
return $auth->RequireLogin();
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user