diff options
Diffstat (limited to 'management-interface/lib/auth.php')
-rw-r--r-- | management-interface/lib/auth.php | 233 |
1 files changed, 233 insertions, 0 deletions
diff --git a/management-interface/lib/auth.php b/management-interface/lib/auth.php new file mode 100644 index 0000000..78a068c --- /dev/null +++ b/management-interface/lib/auth.php @@ -0,0 +1,233 @@ +<?php + +/* + Copyright (c) 2009-2014 F3::Factory/Bong Cosca, All rights reserved. + + This file is part of the Fat-Free Framework (http://fatfree.sf.net). + + THE SOFTWARE AND DOCUMENTATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF + ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR + PURPOSE. + + Please see the license.txt file for more information. +*/ + +//! Authorization/authentication plug-in +class Auth { + + //@{ Error messages + const + E_LDAP='LDAP connection failure', + E_SMTP='SMTP connection failure'; + //@} + + protected + //! Auth storage + $storage, + //! Mapper object + $mapper, + //! Storage options + $args; + + /** + * Jig storage handler + * @return bool + * @param $id string + * @param $pw string + * @param $realm string + **/ + protected function _jig($id,$pw,$realm) { + return (bool) + call_user_func_array( + array($this->mapper,'load'), + array( + array_merge( + array( + '@'.$this->args['id'].'==? AND '. + '@'.$this->args['pw'].'==?'. + (isset($this->args['realm'])? + (' AND @'.$this->args['realm'].'==?'):''), + $id,$pw + ), + (isset($this->args['realm'])?array($realm):array()) + ) + ) + ); + } + + /** + * MongoDB storage handler + * @return bool + * @param $id string + * @param $pw string + * @param $realm string + **/ + protected function _mongo($id,$pw,$realm) { + return (bool) + $this->mapper->load( + array( + $this->args['id']=>$id, + $this->args['pw']=>$pw + )+ + (isset($this->args['realm'])? + array($this->args['realm']=>$realm):array()) + ); + } + + /** + * SQL storage handler + * @return bool + * @param $id string + * @param $pw string + * @param $realm string + **/ + protected function _sql($id,$pw,$realm) { + return (bool) + call_user_func_array( + array($this->mapper,'load'), + array( + array_merge( + array( + $this->args['id'].'=? AND '. + $this->args['pw'].'=?'. + (isset($this->args['realm'])? + (' AND '.$this->args['realm'].'=?'):''), + $id,$pw + ), + (isset($this->args['realm'])?array($realm):array()) + ) + ) + ); + } + + /** + * LDAP storage handler + * @return bool + * @param $id string + * @param $pw string + **/ + protected function _ldap($id,$pw) { + $dc=@ldap_connect($this->args['dc']); + if ($dc && + ldap_set_option($dc,LDAP_OPT_PROTOCOL_VERSION,3) && + ldap_set_option($dc,LDAP_OPT_REFERRALS,0) && + ldap_bind($dc,$this->args['rdn'],$this->args['pw']) && + ($result=ldap_search($dc,$this->args['base_dn'], + 'uid='.$id)) && + ldap_count_entries($dc,$result) && + ($info=ldap_get_entries($dc,$result)) && + @ldap_bind($dc,$info[0]['dn'],$pw) && + @ldap_close($dc)) { + return $info[0]['uid'][0]==$id; + } + user_error(self::E_LDAP); + } + + /** + * SMTP storage handler + * @return bool + * @param $id string + * @param $pw string + **/ + protected function _smtp($id,$pw) { + $socket=@fsockopen( + (strtolower($this->args['scheme'])=='ssl'? + 'ssl://':'').$this->args['host'], + $this->args['port']); + $dialog=function($cmd=NULL) use($socket) { + if (!is_null($cmd)) + fputs($socket,$cmd."\r\n"); + $reply=''; + while (!feof($socket) && + ($info=stream_get_meta_data($socket)) && + !$info['timed_out'] && $str=fgets($socket,4096)) { + $reply.=$str; + if (preg_match('/(?:^|\n)\d{3} .+\r\n/s', + $reply)) + break; + } + return $reply; + }; + if ($socket) { + stream_set_blocking($socket,TRUE); + $dialog(); + $fw=Base::instance(); + $dialog('EHLO '.$fw->get('HOST')); + if (strtolower($this->args['scheme'])=='tls') { + $dialog('STARTTLS'); + stream_socket_enable_crypto( + $socket,TRUE,STREAM_CRYPTO_METHOD_TLS_CLIENT); + $dialog('EHLO '.$fw->get('HOST')); + } + // Authenticate + $dialog('AUTH LOGIN'); + $dialog(base64_encode($id)); + $reply=$dialog(base64_encode($pw)); + $dialog('QUIT'); + fclose($socket); + return (bool)preg_match('/^235 /',$reply); + } + user_error(self::E_SMTP); + } + + /** + * Login auth mechanism + * @return bool + * @param $id string + * @param $pw string + * @param $realm string + **/ + function login($id,$pw,$realm=NULL) { + return $this->{'_'.$this->storage}($id,$pw,$realm); + } + + /** + * HTTP basic auth mechanism + * @return bool + * @param $func callback + **/ + function basic($func=NULL) { + $fw=Base::instance(); + $realm=$fw->get('REALM'); + $hdr=NULL; + if (isset($_SERVER['HTTP_AUTHORIZATION'])) + $hdr=$_SERVER['HTTP_AUTHORIZATION']; + elseif (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) + $hdr=$_SERVER['REDIRECT_HTTP_AUTHORIZATION']; + if (!empty($hdr)) + list($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW'])= + explode(':',base64_decode(substr($hdr,6))); + if (isset($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']) && + $this->login( + $_SERVER['PHP_AUTH_USER'], + $func? + $fw->call($func,$_SERVER['PHP_AUTH_PW']): + $_SERVER['PHP_AUTH_PW'], + $realm + )) + return TRUE; + if (PHP_SAPI!='cli') + header('WWW-Authenticate: Basic realm="'.$realm.'"'); + $fw->status(401); + return FALSE; + } + + /** + * Instantiate class + * @return object + * @param $storage string|object + * @param $args array + **/ + function __construct($storage,array $args=NULL) { + if (is_object($storage) && is_a($storage,'DB\Cursor')) { + $this->storage=$storage->dbtype(); + $this->mapper=$storage; + unset($ref); + } + else + $this->storage=$storage; + $this->args=$args; + } + +} |