FastFrame: Auth.php Source File

00001 <?php
00003 // {{{ license
00004 
00005 // +----------------------------------------------------------------------+
00006 // | FastFrame Application Framework                                      |
00007 // +----------------------------------------------------------------------+
00008 // | Copyright (c) 2002-2006 The Codejanitor Group                        |
00009 // +----------------------------------------------------------------------+
00010 // | This source file is subject to the GNU Lesser Public License (LGPL), |
00011 // | that is bundled with this package in the file LICENSE, and is        |
00012 // | available at through the world-wide-web at                           |
00013 // | http://www.fsf.org/copyleft/lesser.html                              |
00014 // | If you did not receive a copy of the LGPL and are unable to          |
00015 // | obtain it through the world-wide-web, you can get it by writing the  |
00016 // | Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, |
00017 // | MA 02111-1307, USA.                                                  |
00018 // +----------------------------------------------------------------------+
00019 // | Authors: The Horde Team <http://www.horde.org>                       |
00020 // |          Jason Rust <jrust@codejanitor.com>                          |
00021 // |          Dan Allen <dan@mojavelinux.com>                             |
00022 // +----------------------------------------------------------------------+
00023 
00024 // }}}
00025 // {{{ constants
00026 
00027 define('FASTFRAME_AUTH_OK',        0);
00028 define('FASTFRAME_AUTH_IDLED',     1);
00029 define('FASTFRAME_AUTH_NO_LOGIN',  2);
00030 define('FASTFRAME_AUTH_BAD_APP',   3);
00031 define('FASTFRAME_AUTH_NO_ANCHOR', 4);
00032 define('FASTFRAME_AUTH_BROWSER',   5);
00033 define('FASTFRAME_AUTH_LOGOUT',    6);
00034 
00035 // }}}
00036 // {{{ includes
00037 
00038 require_once dirname(__FILE__) . '/Registry.php';
00039 
00040 // }}}
00041 // {{{ class FF_Auth
00042 
00060 // }}}
00061 class FF_Auth {
00062     // {{{ authenticate()
00063 
00073     function authenticate($in_username, $in_password) 
00074     {
00075         $o_registry =& FF_Registry::singleton();
00076         $s_authType = $o_registry->getConfigParam('auth/method');
00077         $b_authenticated = false;
00078         $a_credentials = array('apps' => array('*'));
00079         $a_sources = (array) $o_registry->getConfigParam('auth/sources');
00080         $o_result = new FF_Result();
00081         $o_result->setSuccess(false);
00082         foreach ($a_sources as $a_source) {
00083             $o_authSource =& FF_Auth::getAuthSourceObject($a_source['name']);
00084             if (($tmp_result = $o_authSource->authenticate($in_username, $in_password)) &&
00085                 $tmp_result->isSuccess()) {
00086                 $a_credentials['authSource'] = $o_authSource->getName();
00087                 $b_authenticated = true;
00088                 $o_result->addMessage($tmp_result->getMessages());
00089                 $o_result->setSuccess(true);
00090                 break;
00091             }
00092             else {
00093                 $o_result->addMessage($tmp_result->getMessages());
00094             }
00095         }
00096 
00097         if ($b_authenticated) {
00098             // Clear session data in case the previous user hadn't actually logged out
00099             $_SESSION = array();
00100             // Prevent session fixation
00101             session_regenerate_id();
00102             FF_Auth::setAuth($in_username, $a_credentials);
00103         }
00104 
00105         return $o_result;
00106     }
00107 
00108     // }}}
00109     // {{{ checkAuth()
00110 
00129     function checkAuth($in_full = false)
00130     {
00131         if (!$in_full) {
00132             return (isset($_SESSION['__auth__']['registered']) && $_SESSION['__auth__']['registered'] == true);
00133         }
00134 
00135         $o_registry =& FF_Registry::singleton();
00136         if (isset($_SESSION['__auth__'])) {
00137             if (isset($_SESSION['__auth__']['browser']) && 
00138                 $_SESSION['__auth__']['browser'] != @$_SERVER['HTTP_USER_AGENT']) {
00139                 FF_Auth::_setStatus(FASTFRAME_AUTH_BROWSER);
00140                 return false;
00141             }
00142             elseif (isset($_SESSION['__auth__']['idle']) &&
00143                     ($idle = $o_registry->getConfigParam('session/idle')) > 0 && 
00144                     ($_SESSION['__auth__']['idle'] + $idle) < time()) {
00145                 FF_Auth::_setStatus(FASTFRAME_AUTH_IDLED);
00146                 return false;
00147             }
00148             elseif (($a_apps = (array) FF_Auth::getCredential('apps')) &&
00149                     !in_array('*', $a_apps) && !in_array($o_registry->getCurrentApp(), $a_apps)) {
00150                 FF_Auth::_setStatus(FASTFRAME_AUTH_BAD_APP);
00151                 return false;
00152             }
00153             elseif (isset($_SESSION['__auth__']['registered']) && $_SESSION['__auth__']['registered'] == true) {
00154                 FF_Auth::_setStatus(FASTFRAME_AUTH_OK);
00155                 FF_Auth::_updateIdle();
00156             }
00157             else {
00158                 return false;
00159             }
00160         }
00161         else {
00162             $a_sources = (array) $o_registry->getConfigParam('auth/sources');
00163             foreach ($a_sources as $a_source) {
00164                 $o_authSource =& FF_Auth::getAuthSourceObject($a_source['name']);
00165                 if ($o_authSource->hasCapability('transparent') && $o_authSource->transparent()) {
00166                     return true;
00167                 }
00168             }
00169 
00170             return false;
00171         }
00172 
00177         if (!FF_Request::getParam(FF_Auth::_getSessionAnchor(), 'c')) {
00178             FF_Auth::_setStatus(FASTFRAME_AUTH_NO_ANCHOR);
00179             return false;
00180         }
00181 
00182         return true;
00183     }
00184 
00185     // }}}
00186     // {{{ isGuest()
00187 
00195     function isGuest()
00196     {
00197         return (!FF_Auth::checkAuth() || FF_Auth::getCredential('transparent'));
00198     }
00199 
00200     // }}}
00201     // {{{ setAuth()
00202 
00213     function setAuth($in_username, $in_credentials = array())
00214     {
00215         $in_credentials['username'] = $in_username;
00216         $_SESSION['__auth__'] = array(
00217             'registered' => true,
00218             'status'     => FASTFRAME_AUTH_OK,
00219             'username'   => $in_username,
00220             'browser'    => isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : null,
00221             'timestamp'  => time(),
00222             'idle'       => time(),
00223             'credentials'=> $in_credentials);
00224         
00225         // set the anchor for this browser
00226         $o_registry =& FF_Registry::singleton();
00227         FF_Request::setCookies(array(FF_Auth::_getSessionAnchor() => 1), 0,
00228             $o_registry->getConfigParam('cookie/path'),
00229             $o_registry->getConfigParam('cookie/domain'));
00230     }
00231 
00232     // }}}
00233     // {{{ getStatus()
00234 
00244     function getStatus()
00245     {
00246         return isset($_SESSION['__auth__']['status']) ? $_SESSION['__auth__']['status'] : FASTFRAME_AUTH_NO_LOGIN;
00247     }
00248 
00249     // }}}
00250     // {{{ setCredential()
00251 
00261     function setCredential($in_credential, $in_value)
00262     {
00263         $_SESSION['__auth__']['credentials'][$in_credential] = $in_value;
00264     }
00265 
00266     // }}}
00267     // {{{ getCredential()
00268 
00277     function getCredential($in_credential)
00278     {
00279         return isset($_SESSION['__auth__']['credentials'][$in_credential]) ? 
00280             $_SESSION['__auth__']['credentials'][$in_credential] : false;
00281     }
00282 
00283     // }}}
00284     // {{{ logout()
00285 
00292     function logout()
00293     {
00294         $o_result = new FF_Result();
00295         $s_status = FF_Auth::getStatus();
00296         switch ($s_status) {
00297             case FASTFRAME_AUTH_BROWSER:
00298                 $o_result->addMessage(_('Your browser has changed since the beginning of your session. To protect your security, you must login again.'));
00299             break;
00300             case FASTFRAME_AUTH_IDLED:
00301                 $o_result->addMessage(_('To protect your security you have been logged out due to inactivity.'));
00302             break;
00303             case FASTFRAME_AUTH_BAD_APP:
00304                 $o_result->addMessage(_('You have been logged out because you have tried to access a protected application.'));
00305             break;
00306             case FASTFRAME_AUTH_NO_ANCHOR:
00307                 $o_result->addMessage(_('Ensure that you have cookies enabled.  You have been logged out because your session anchor could not be verified.'));
00308             break;
00309             default:
00310                 $o_result->addMessage(_('You have been successfully logged out.'));
00311             break;
00312         }
00313 
00319         if ($s_status != FASTFRAME_AUTH_NO_ANCHOR && 
00320             $s_status != FASTFRAME_AUTH_BROWSER) {
00321             FF_Auth::destroySession();
00322         }
00323 
00324         // Start session again so we don't end up with an empty session_id
00325         FF_Auth::startSession();
00326         return $o_result;
00327     }
00328 
00329     // }}}
00330     // {{{ getAuthSourceObject()
00331 
00340     function &getAuthSourceObject($in_name)
00341     {
00342         static $a_authSources;
00343         if (!isset($a_authSources)) {
00344             $a_authSources = array();
00345             require_once dirname(__FILE__) . '/Auth/AuthSource.php';
00346         }
00347 
00348         if (!isset($a_authSources[$in_name])) {
00349             $o_registry =& FF_Registry::singleton();
00350             foreach ($o_registry->getConfigParam('auth/sources') as $a_source) {
00351                 if ($a_source['name'] == $in_name) {
00352                     $a_params = isset($a_source['params']) ? $a_source['params'] : array();
00353                     $a_authSources[$in_name] =& FF_AuthSource::factory($a_source['type'], $in_name, $a_params);
00354                     break;
00355                 }
00356             }
00357 
00358             // Couldn't find an auth source, so give a dummy
00359             if (!isset($a_authSources[$in_name])) {
00360                 $a_authSources[$in_name] =& new FF_AuthSource($in_name, array());
00361             }
00362         }
00363 
00364         return $a_authSources[$in_name];
00365     }
00366 
00367     // }}}
00368     // {{{ startSession()
00369 
00379     function startSession()
00380     {
00381         static $isStarted;
00382         
00383         if (!isset($isStarted)) {
00384             $o_registry =& FF_Registry::singleton();
00385             // Don't use cookies to do the session if it will be appended to the URL
00386             if ($o_registry->getConfigParam('session/append')) {
00387                 ini_alter('session.use_cookies', 0);
00388             }
00389             else {
00390                 ini_alter('session.use_cookies', 1);
00391                 session_set_cookie_params(0,
00392                             $o_registry->getConfigParam('cookie/path'),
00393                             $o_registry->getConfigParam('cookie/domain'),
00394                             $o_registry->getConfigParam('webserver/use_ssl') ? 1 : 0);
00395             }
00396 
00397             // Use a common session name for all apps
00398             session_name('FF_SESSID');
00399             // Don't transparently track session ID, since we handle it.
00400             // Can't ini_set session.use_trans_sid, so we just empty what it searches for
00401             ini_set('url_rewriter.tags', 0);
00402             // set the caching 
00403             session_cache_limiter($o_registry->getConfigParam('session/cache', 'nocache'));
00404             $isStarted = true;
00405         }
00406 
00407         @session_start();
00408     }
00409 
00410     // }}}
00411     // {{{ destroySession()
00412 
00419     function destroySession()
00420     {
00421         $o_registry =& FF_Registry::singleton();
00422         FF_Request::unsetCookies(array(session_name(), FF_Auth::_getSessionAnchor()),
00423                 $o_registry->getConfigParam('cookie/path'),
00424                 $o_registry->getConfigParam('cookie/domain'));
00425         $_SESSION = array();
00426         @session_destroy();
00427     }
00428 
00429     // }}}
00430     // {{{ encryptPassword()
00431 
00441     function encryptPassword($in_plain, $in_method)
00442     {
00443         switch ($in_method) {
00444             case 'md5':
00445                 return md5($in_plain);
00446             break;
00447             case 'plain':
00448             default:
00449                 return $in_plain;
00450             break;
00451         }
00452 
00453     }
00454 
00455     // }}}
00456     // {{{ _getSessionAnchor()
00457 
00468     function _getSessionAnchor()
00469     {
00470         return @md5($_SESSION['__auth__']['timestamp'] . @$_SERVER['HTTP_USER_AGENT']);
00471     }
00472 
00473     // }}}
00474     // {{{ _setStatus()
00475 
00482     function _setStatus($in_status)
00483     {
00484         $_SESSION['__auth__']['status'] = $in_status;
00485     }
00486 
00487     // }}}
00488     // {{{ _updateIdle()
00489 
00490     function _updateIdle() 
00491     {
00492         $_SESSION['__auth__']['idle'] = time();
00493     }
00494 
00495     // }}}
00496 }
00497 
00498 // {{{ session_regenerate_id()
00499 
00500 if (!function_exists('session_regenerate_id')) {
00501     function session_regenerate_id() { 
00502         session_id(md5(uniqid(mt_rand(), true)));
00503     }
00504 }
00505 
00506 // }}}
00507 ?>