About
News
Downloads
Manual
Support
Examples
Releases
Community
Contact
Blog
Sources for file plugins/class/auth.php in version 2.0
Click on a comment to hide it. Click here to show all comments.
<?PHP
/*
* Project: Onyx: PHP Application Backend
* File: plugins/class/auth.php
* Authentication Functions
*
* Version: 2.0
* CVS tag: $Id: auth.php,v 1.17 2003/05/31 08:29:39 bok Exp $
* Author: Robert Amos <bok[at]ausmac.net>
* Andrew Wellington <proton[at]wiretapped.net>
* Copyright: 2001,2002,2003 odynia.org.
*/
class Auth_Plugin {
/**
* Method: login
* Description: Authenticate a new user
* Arguments: string - username
* string - password
* Returns: true on success, false on failure ($auth->error will contain any error messages)
**/
function login($username, $password) {
global $access, $onyx_parent;
// Check for blank username
if (empty($username)) {
// Drop warning into the logs, return error status to the user
$onyx_parent->trigger_error('Blank Username', NOTICE);
$this->error = "blank_username";
return false;
}
// Check for blank password
if (empty($password)) {
// Drop warning into the logs, return error status to the user
$onyx_parent->trigger_error('Blank Password', NOTICE);
$this->error = "blank_password";
return false;
}
// run security checking functions over the username
global $input, $onyx_parent;
$username = $input->username($username);
// Run less tight security over the password as it may contain non alpha-numeric characters
$password = $input->password($password);
// include warez
if (!isset($onyx_parent->auth_type)) {
$onyx_parent->trigger_error('No authentication type selected', WARNING);
$this->error = "select_auth_req";
return false;
}
// load the fucking plugin, moron
if (!$onyx_parent->load_plugin($onyx_parent->auth_type, 'auth')) {
$onyx_parent->trigger_error('Unable to load plugin for selected authentication type
('.$onyx_parent->auth_type.')', WARNING);
$this->error = "no_plugin";
return false;
}
// auth the user
$class = "_auth_".$onyx_parent->auth_type."_handler";
$details = $onyx_parent->$class->login($username, $password, $onyx_parent->auth_params);
// invalid login if false
if (!$details) {
$this->error = "invalid_login";
return false;
}
// not in any groups, not authorised to use
if (count($details['groups']) < 1) {
$onyx_parent->trigger_error('Unauthorised access attempted by '.$username, WARNING);
$this->error = "unauthorised";
return false;
}
$_SESSION['auth'] = $details;
// store the username and groups in the session variables
$_SESSION['auth']['user'] = $username;
$_SESSION['auth']['browser'] = $_SERVER['HTTP_USER_AGENT'];
$_SESSION['auth']["expiry"] = time() + $onyx_parent->session_lifetime;
$_SESSION['auth']['subnet'] = $access->subnet();
$_SESSION['location'] = $access->location();
// authenticated, return ok
return true;
}
}
?>