About
News
Downloads
Manual
Support
Examples
Releases
Community
Contact
Blog
Sources for file plugins/class/auth.php in version 2.0 Release Candidate 1
Click on a comment to hide it. Click here to show all comments.
<?PHP
/*
* Project: Onyx: PHP Application Backend
* File: plugins/class/auth.php
* Authentication Functions
*
* Version: 2.0rc1
* CVS tag: $Id: auth.php,v 1.10 2002/11/29 07:22:12 bok Exp $
* Author: Robert Amos <bok[at]ausmac.net>
* Andrew Wellington <proton[at]wiretapped.net>
* Copyright: 2001,2002 odynia.org.
*/
class Auth_Plugin {
/***************************************************************\
* Method: login *
* Description: Authenticate a new user *
* Syntax: $auth->login(string username, string password); *
* Returns: true on success, false on failure *
* ($auth->error is set) *
\***************************************************************/
function login($username, $password) {
global $access;
// Check for blank username
if (empty($username)) {
// Drop warning into the logs, return error status to the user
trigger_error('Blank Username', NOTICE);
$this->error = "blank_username";
return false;
}
// Check for blank password
if (empty($password)) {
// Drop warning into the logs, return error status to the user
trigger_error('Blank Password', NOTICE);
$this->error = "blank_password";
return false;
}
// run security checking functions over the username
global $input, $onyx_parent;
$username = $input->username($username);
// Run less tight security over the password as it may contain non alpha-numeric
characters
$password = $input->password($password);
// include warez
if (!isset($onyx_parent->auth_type)) {
trigger_error('No authentication type selected', WARNING);
$this->error = "select_db_req";
return false;
}
// load the fucking plugin, moron
if (!$onyx_parent->load_plugin($onyx_parent->auth_type, 'auth')) {
trigger_error('Unable to load plugin for selected authentication type
('.$onyx_parent->auth_type.')', WARNING);
$this->error = "no_plugin";
return false;
}
// auth the user
$class = "_auth_".$onyx_parent->auth_type."_handler";
$groups = $onyx_parent->$class->login($username, $password, $onyx_parent->auth_params);
// invalid login if false
if (!$groups) {
$this->error = "invalid_login";
return false;
}
// not in any groups, not authorised to use
if (count($groups) < 1) {
trigger_error('Unauthorised access attempted by '.$username, WARNING);
$this->error = "unauthorised";
return false;
}
$_SESSION['auth'] = array();
// store the username and groups in the session variables
$_SESSION['auth']['user'] = $username;
if (isset($groups["loginname"])) {
$_SESSION['auth']['realname'] = $groups['loginname'];
unset($groups["loginname"]);
}
$_SESSION['auth']['groups'] = $groups;
$_SESSION['auth']['browser'] = $_SERVER['HTTP_USER_AGENT'];
$_SESSION['auth']["expiry"] = time() + $onyx_parent->session_lifetime;
$_SESSION['auth']['subnet'] = $access->subnet();
$_SESSION['location'] = $access->location();
// authenticated, return ok
return true;
}
}
?>