mirror of
https://gitlab.easter-eggs.com/ee/ldapsaisie.git
synced 2024-12-18 22:43:47 +01:00
LSauth : Recasted - Creation of LSauthMethod class
This commit is contained in:
parent
086ffb3641
commit
d288d3e99c
7 changed files with 359 additions and 271 deletions
|
@ -30,107 +30,103 @@
|
|||
class LSauth {
|
||||
|
||||
static private $authData=NULL;
|
||||
static private $authObject=NULL;
|
||||
static private $config=array();
|
||||
static private $provider=NULL;
|
||||
|
||||
var $params = array (
|
||||
static private $params = array (
|
||||
'displayLoginForm' => true,
|
||||
'displayLogoutBtn' => true
|
||||
);
|
||||
|
||||
/**
|
||||
* Check Post Data
|
||||
*
|
||||
* @retval boolean True if post data permit the authentification or False
|
||||
**/
|
||||
public function getPostData() {
|
||||
if (isset($_POST['LSsession_user']) && !empty($_POST['LSsession_user'])) {
|
||||
$this -> authData = array(
|
||||
'username' => $_POST['LSsession_user'],
|
||||
'password' => $_POST['LSsession_pwd'],
|
||||
'ldapserver' => $_POST['LSsession_ldapserver'],
|
||||
'topDn' => $_POST['LSsession_topDn']
|
||||
);
|
||||
|
||||
function start() {
|
||||
LSdebug('LSauth :: start()');
|
||||
// Load Config
|
||||
if (isset(LSsession :: $ldapServer['LSauth']) && is_array(LSsession :: $ldapServer['LSauth'])) {
|
||||
self :: $config = LSsession :: $ldapServer['LSauth'];
|
||||
}
|
||||
if (!LSsession :: loadLSclass('LSauthMethod')) {
|
||||
LSdebug('LSauth :: Failed to load LSauthMethod');
|
||||
return;
|
||||
}
|
||||
if (!isset(self :: $config['method'])) {
|
||||
self :: $config['method']='basic';
|
||||
}
|
||||
$class='LSauthMethod_'.self :: $config['method'];
|
||||
LSdebug('LSauth : provider -> '.$class);
|
||||
if (LSsession :: loadLSclass($class)) {
|
||||
self :: $provider = new $class();
|
||||
if (!self :: $provider) {
|
||||
LSerror :: addErrorCode('LSauth_05',self :: $config['method']);
|
||||
}
|
||||
LSdebug('LSauth : Provider Started !');
|
||||
return true;
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check user login
|
||||
*
|
||||
* @param[in] $username The username
|
||||
* @param[in] $password The password
|
||||
*
|
||||
* @retval LSldapObject|false The LSldapObject of the user authificated or false
|
||||
*/
|
||||
public function authenticate() {
|
||||
if (LSsession :: loadLSobject(LSsession :: $ldapServer['authObjectType'])) {
|
||||
$authobject = new LSsession :: $ldapServer['authObjectType']();
|
||||
$result = $authobject -> searchObject(
|
||||
$this -> authData['username'],
|
||||
LSsession :: getTopDn(),
|
||||
LSsession :: $ldapServer['authObjectFilter']
|
||||
);
|
||||
$nbresult=count($result);
|
||||
|
||||
if ($nbresult==0) {
|
||||
// identifiant incorrect
|
||||
LSdebug('identifiant incorrect');
|
||||
LSerror :: addErrorCode('LSauth_01');
|
||||
}
|
||||
else if ($nbresult>1) {
|
||||
// duplication d'authentité
|
||||
LSerror :: addErrorCode('LSauth_02');
|
||||
}
|
||||
elseif ( $this -> checkUserPwd($result[0],$this -> authData['password']) ) {
|
||||
// Authentication succeeded
|
||||
return $result[0];
|
||||
}
|
||||
else {
|
||||
LSerror :: addErrorCode('LSauth_01');
|
||||
LSdebug('mdp incorrect');
|
||||
}
|
||||
}
|
||||
else {
|
||||
LSerror :: addErrorCode('LSauth_03');
|
||||
LSerror :: addErrorCode('LSauth_04',self :: $config['method']);
|
||||
return;
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
/**
|
||||
* Test un couple LSobject/pwd
|
||||
*
|
||||
* Test un bind sur le serveur avec le dn de l'objet et le mot de passe fourni.
|
||||
*
|
||||
* @param[in] LSobject L'object "user" pour l'authentification
|
||||
* @param[in] string Le mot de passe à tester
|
||||
*
|
||||
* @retval boolean True si l'authentification à réussi, false sinon.
|
||||
*/
|
||||
public static function checkUserPwd($object,$pwd) {
|
||||
return LSldap :: checkBind($object -> getValue('dn'),$pwd);
|
||||
}
|
||||
|
||||
/**
|
||||
* Define if login form can be displayed or not
|
||||
*
|
||||
* @retval boolean
|
||||
**/
|
||||
public function __get($key) {
|
||||
if ($key=='params') {
|
||||
return $this -> params;
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
function forceAuthentication() {
|
||||
LSdebug('LSauth :: forceAuthentication()');
|
||||
if (!is_null(self :: $provider)) {
|
||||
self :: $authData = self :: $provider -> getAuthData();
|
||||
if (self :: $authData) {
|
||||
self :: $authObject = self :: $provider -> authenticate();
|
||||
return self :: $authObject;
|
||||
}
|
||||
// No data : user has not filled the login form
|
||||
LSdebug('LSauth : No data -> user has not filled the login form');
|
||||
return;
|
||||
}
|
||||
LSerror :: addErrorCode('LSauth_06');
|
||||
return;
|
||||
}
|
||||
|
||||
/**
|
||||
* Logout
|
||||
*
|
||||
* @retval void
|
||||
**/
|
||||
public function logout() {
|
||||
// Do nothing in the standard LSauth class
|
||||
if (!is_null(self :: $provider)) {
|
||||
return self :: $provider -> logout();
|
||||
}
|
||||
LSerror :: addErrorCode('LSauth_06');
|
||||
return;
|
||||
}
|
||||
|
||||
/**
|
||||
* Disable logout button in LSauth parameters
|
||||
*
|
||||
* @retval void
|
||||
**/
|
||||
public function disableLogoutBtn() {
|
||||
self :: $params['displayLogoutBtn'] = false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Can display or not logout button in LSauth parameters
|
||||
*
|
||||
* @retval boolean
|
||||
**/
|
||||
public function displayLogoutBtn() {
|
||||
return self :: $params['displayLogoutBtn'];
|
||||
}
|
||||
|
||||
/*
|
||||
* For compatibillity until loginForm is migrated in LSauth
|
||||
*/
|
||||
public function disableLoginForm() {
|
||||
self :: $params['displayLoginForm'] = false;
|
||||
}
|
||||
|
||||
public function displayLoginForm() {
|
||||
return self :: $params['displayLoginForm'];
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -143,6 +139,19 @@ LSerror :: defineError('LSauth_02',
|
|||
_("LSauth : Impossible to identify you : Duplication of identities.")
|
||||
);
|
||||
LSerror :: defineError('LSauth_03',
|
||||
_("LSsession : Could not load type of identifiable objects.")
|
||||
_("LSauth : Could not load type of identifiable objects.")
|
||||
);
|
||||
LSerror :: defineError('LSauth_04',
|
||||
_("LSauth : Can't load authentication method %{method}.")
|
||||
);
|
||||
LSerror :: defineError('LSauth_05',
|
||||
_("LSauth : Failed to build the authentication provider %{method}.")
|
||||
);
|
||||
LSerror :: defineError('LSauth_06',
|
||||
_("LSauth : Not correctly initialized.")
|
||||
);
|
||||
LSerror :: defineError('LSauth_07',
|
||||
_("LSauth : Failed to get authentication informations from provider.")
|
||||
);
|
||||
|
||||
?>
|
||||
|
|
|
@ -21,67 +21,61 @@
|
|||
******************************************************************************/
|
||||
|
||||
/**
|
||||
* Gestion de l'authentification d'un utilisateur suite à une authentification
|
||||
* HTTP
|
||||
* Base of a authentication provider for LSauth
|
||||
*
|
||||
* @author Benjamin Renard <brenard@easter-eggs.com>
|
||||
*/
|
||||
class LSauthHTTP extends LSauth {
|
||||
|
||||
var $params = array (
|
||||
'displayLoginForm' => false,
|
||||
'displayLogoutBtn' => false
|
||||
);
|
||||
class LSauthMethod {
|
||||
|
||||
var $authData = array();
|
||||
|
||||
function LSauthMethod() {
|
||||
// Load config
|
||||
LSsession :: includeFile(LS_CONF_DIR."LSauth/config.".get_class($this).".php");
|
||||
LSdebug(LS_CONF_DIR."LSauth/config.".get_class($this).".php");
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check Post Data
|
||||
* Check Auth Data
|
||||
*
|
||||
* @retval array|False Array of post data if exist or False
|
||||
* Return authentication data or false
|
||||
*
|
||||
* @retval Array|false Array of authentication data or False
|
||||
**/
|
||||
public function getPostData() {
|
||||
if (isset($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_USER'])) {
|
||||
$this -> authData = array(
|
||||
'username' => $_SERVER['PHP_AUTH_USER'],
|
||||
'password' => $_SERVER['PHP_AUTH_PW'],
|
||||
'ldapserver' => $_REQUEST['LSsession_ldapserver'],
|
||||
'topDn' => $_REQUEST['LSsession_topDn']
|
||||
);
|
||||
return true;
|
||||
}
|
||||
return;
|
||||
public function getAuthData() {
|
||||
// Do nothing in the standard LSauthMethod class
|
||||
// This method have to define $this -> authData['username']
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check user login
|
||||
*
|
||||
* @param[in] $username The username
|
||||
* @param[in] $password The password
|
||||
* Check authentication
|
||||
*
|
||||
* @retval LSldapObject|false The LSldapObject of the user authificated or false
|
||||
*/
|
||||
public function authenticate() {
|
||||
if (LSsession :: loadLSobject(LSsession :: $ldapServer['authObjectType'])) {
|
||||
$authobject = new LSsession :: $ldapServer['authObjectType']();
|
||||
$result = $authobject -> searchObject(
|
||||
$this -> authData['username'],
|
||||
LSsession :: getTopDn(),
|
||||
LSsession :: $ldapServer['authObjectFilter']
|
||||
);
|
||||
$nbresult=count($result);
|
||||
|
||||
if ($nbresult==0) {
|
||||
// identifiant incorrect
|
||||
LSdebug('identifiant incorrect');
|
||||
LSerror :: addErrorCode('LSauth_01');
|
||||
}
|
||||
else if ($nbresult>1) {
|
||||
// duplication d'authentité
|
||||
LSerror :: addErrorCode('LSauth_02');
|
||||
}
|
||||
else {
|
||||
// Authentication succeeded
|
||||
return $result[0];
|
||||
}
|
||||
$result = $authobject -> searchObject(
|
||||
$this -> authData['username'],
|
||||
LSsession :: getTopDn(),
|
||||
LSsession :: $ldapServer['authObjectFilter']
|
||||
);
|
||||
$nbresult=count($result);
|
||||
|
||||
if ($nbresult==0) {
|
||||
// incorrect login
|
||||
LSdebug('identifiant incorrect');
|
||||
LSerror :: addErrorCode('LSauth_01');
|
||||
}
|
||||
else if ($nbresult>1) {
|
||||
// duplication of identity
|
||||
LSerror :: addErrorCode('LSauth_02');
|
||||
}
|
||||
else {
|
||||
return $result[0];
|
||||
}
|
||||
}
|
||||
else {
|
||||
LSerror :: addErrorCode('LSauth_03');
|
||||
|
@ -89,5 +83,16 @@ class LSauthHTTP extends LSauth {
|
|||
return;
|
||||
}
|
||||
|
||||
/**
|
||||
* Logout
|
||||
*
|
||||
* @retval boolean True on success or False
|
||||
**/
|
||||
public function logout() {
|
||||
// Do nothing in the standard LSauthMethod class
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
?>
|
|
@ -11,32 +11,28 @@
|
|||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
|
||||
******************************************************************************/
|
||||
|
||||
/**
|
||||
* Gestion de l'authentification d'un utilisateur via une authentification
|
||||
* CAS
|
||||
* CAS Authentication provider for LSauth
|
||||
*
|
||||
* @author Benjamin Renard <brenard@easter-eggs.com>
|
||||
*/
|
||||
class LSauthCAS extends LSauth {
|
||||
|
||||
var $params = array (
|
||||
'displayLoginForm' => false,
|
||||
'displayLogoutBtn' => true
|
||||
);
|
||||
class LSauthMethod_CAS extends LSauthMethod {
|
||||
|
||||
function LSauthMethod_CAS() {
|
||||
LSauth :: disableLoginForm();
|
||||
|
||||
if (!parent :: LSauthMethod())
|
||||
return;
|
||||
|
||||
/**
|
||||
* Constructor
|
||||
*/
|
||||
public function LSauthCAS() {
|
||||
if (LSsession :: includeFile(PHP_CAS_PATH)) {
|
||||
if (defined('PHP_CAS_DEBUG_FILE')) {
|
||||
phpCAS::setDebug(PHP_CAS_DEBUG_FILE);
|
||||
|
@ -55,89 +51,60 @@ class LSauthCAS extends LSauth {
|
|||
}
|
||||
|
||||
if (LSAUTH_CAS_DISABLE_LOGOUT) {
|
||||
$this -> params['displayLogoutBtn'] = false;
|
||||
LSauth :: disableLogoutBtn();
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
else {
|
||||
LSerror :: addErrorCode('LSauthCAS_01');
|
||||
LSerror :: addErrorCode('LSauthMethod_CAS_01');
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check Post Data
|
||||
*
|
||||
* @retval array|False Array of post data if exist or False
|
||||
**/
|
||||
public function getPostData() {
|
||||
/**
|
||||
* Check Auth Data
|
||||
*
|
||||
* Return authentication data or false
|
||||
*
|
||||
* @retval Array|false Array of authentication data or False
|
||||
**/
|
||||
public function getAuthData() {
|
||||
|
||||
if (class_exists('phpCAS')) {
|
||||
|
||||
// Launch Auth
|
||||
phpCAS::forceAuthentication();
|
||||
|
||||
$this -> authData = array(
|
||||
'username' => phpCAS::getUser(),
|
||||
'password' => '',
|
||||
'ldapserver' => $_REQUEST['LSsession_ldapserver'],
|
||||
'topDn' => $_REQUEST['LSsession_topDn']
|
||||
'username' => phpCAS::getUser()
|
||||
);
|
||||
return true;
|
||||
return $this -> authData;
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check user login
|
||||
*
|
||||
* @param[in] $username The username
|
||||
* @param[in] $password The password
|
||||
*
|
||||
* @retval LSldapObject|false The LSldapObject of the user authificated or false
|
||||
*/
|
||||
public function authenticate() {
|
||||
if (LSsession :: loadLSobject(LSsession :: $ldapServer['authObjectType'])) {
|
||||
$authobject = new LSsession :: $ldapServer['authObjectType']();
|
||||
$result = $authobject -> searchObject(
|
||||
$this -> authData['username'],
|
||||
LSsession :: getTopDn(),
|
||||
LSsession :: $ldapServer['authObjectFilter']
|
||||
);
|
||||
$nbresult=count($result);
|
||||
|
||||
if ($nbresult==0) {
|
||||
// identifiant incorrect
|
||||
LSdebug('identifiant incorrect');
|
||||
LSerror :: addErrorCode('LSauth_01');
|
||||
/**
|
||||
* Logout
|
||||
*
|
||||
* @retval boolean True on success or False
|
||||
**/
|
||||
public function logout() {
|
||||
if(class_exists('phpCAS')) {
|
||||
if (LSauth :: displayLogoutBtn()) {
|
||||
phpCAS :: forceAuthentication();
|
||||
phpCAS :: logout();
|
||||
return true;
|
||||
}
|
||||
else if ($nbresult>1) {
|
||||
// duplication d'authentité
|
||||
LSerror :: addErrorCode('LSauth_02');
|
||||
}
|
||||
else {
|
||||
// Authentication succeeded
|
||||
return $result[0];
|
||||
}
|
||||
}
|
||||
else {
|
||||
LSerror :: addErrorCode('LSauth_03');
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
public function logout() {
|
||||
if(class_exists('phpCAS')) {
|
||||
if ($this -> params['displayLogoutBtn']) {
|
||||
phpCAS :: forceAuthentication();
|
||||
phpCAS :: logout();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
/*
|
||||
* Error Codes
|
||||
*/
|
||||
LSerror :: defineError('LSauthCAS_01',
|
||||
_("LSauthCAS : Failed to load phpCAS.")
|
||||
LSerror :: defineError('LSauthMethod_CAS_01',
|
||||
_("LSauthMethod_CAS : Failed to load phpCAS.")
|
||||
);
|
||||
?>
|
58
public_html/includes/class/class.LSauthMethod_HTTP.php
Normal file
58
public_html/includes/class/class.LSauthMethod_HTTP.php
Normal file
|
@ -0,0 +1,58 @@
|
|||
<?php
|
||||
/*******************************************************************************
|
||||
* Copyright (C) 2007 Easter-eggs
|
||||
* http://ldapsaisie.labs.libre-entreprise.org
|
||||
*
|
||||
* Author: See AUTHORS file in top-level directory.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License version 2
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
|
||||
******************************************************************************/
|
||||
|
||||
LSsession :: loadLSclass('LSauthMethod_basic');
|
||||
|
||||
/**
|
||||
* HTTP Authentication provider for LSauth
|
||||
*
|
||||
* @author Benjamin Renard <brenard@easter-eggs.com>
|
||||
*/
|
||||
class LSauthMethod_HTTP extends LSauthMethod_basic {
|
||||
|
||||
function LSauthMethod_HTTP() {
|
||||
LSauth :: disableLoginForm();
|
||||
LSauth :: disableLogoutBtn();
|
||||
return parent :: LSauthMethod_basic();
|
||||
}
|
||||
|
||||
/**
|
||||
* Check Auth Data
|
||||
*
|
||||
* Return authentication data or false
|
||||
*
|
||||
* @retval Array|false Array of authentication data or False
|
||||
**/
|
||||
public function getAuthData() {
|
||||
if (isset($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_USER'])) {
|
||||
$this -> authData = array(
|
||||
'username' => $_SERVER['PHP_AUTH_USER'],
|
||||
'password' => $_SERVER['PHP_AUTH_PW']
|
||||
);
|
||||
return $this -> authData;
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
?>
|
84
public_html/includes/class/class.LSauthMethod_basic.php
Normal file
84
public_html/includes/class/class.LSauthMethod_basic.php
Normal file
|
@ -0,0 +1,84 @@
|
|||
<?php
|
||||
/*******************************************************************************
|
||||
* Copyright (C) 2007 Easter-eggs
|
||||
* http://ldapsaisie.labs.libre-entreprise.org
|
||||
*
|
||||
* Author: See AUTHORS file in top-level directory.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License version 2
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
|
||||
******************************************************************************/
|
||||
|
||||
/**
|
||||
* Basic authentication provider for LSauth
|
||||
*
|
||||
* @author Benjamin Renard <brenard@easter-eggs.com>
|
||||
*/
|
||||
class LSauthMethod_basic extends LSauthMethod {
|
||||
|
||||
/**
|
||||
* Check Auth Data
|
||||
*
|
||||
* Return authentication data or false
|
||||
*
|
||||
* @retval Array|false Array of authentication data or False
|
||||
**/
|
||||
public function getAuthData() {
|
||||
if (isset($_POST['LSauth_user']) && !empty($_POST['LSauth_user'])) {
|
||||
$this -> authData = array(
|
||||
'username' => $_POST['LSauth_user'],
|
||||
'password' => (isset($_POST['LSauth_pwd'])?$_POST['LSauth_pwd']:'')
|
||||
);
|
||||
return $this -> authData;
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check authentication
|
||||
*
|
||||
* @retval LSldapObject|false The LSldapObject of the user authificated or false
|
||||
*/
|
||||
public function authenticate() {
|
||||
$authobject = parent :: authenticate();
|
||||
if ($authobject) {
|
||||
if ( $this -> checkUserPwd($authobject,$this -> authData['password']) ) {
|
||||
// Authentication succeeded
|
||||
return $authobject;
|
||||
}
|
||||
else {
|
||||
LSerror :: addErrorCode('LSauth_01');
|
||||
LSdebug('mdp incorrect');
|
||||
}
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
/**
|
||||
* Test un couple LSobject/pwd
|
||||
*
|
||||
* Test un bind sur le serveur avec le dn de l'objet et le mot de passe fourni.
|
||||
*
|
||||
* @param[in] LSobject L'object "user" pour l'authentification
|
||||
* @param[in] string Le mot de passe à tester
|
||||
*
|
||||
* @retval boolean True si l'authentification a reussi, false sinon.
|
||||
**/
|
||||
public static function checkUserPwd($object,$pwd) {
|
||||
return LSldap :: checkBind($object -> getValue('dn'),$pwd);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
?>
|
|
@ -50,9 +50,6 @@ class LSsession {
|
|||
// Les droits d'accès de l'utilisateur
|
||||
private static $LSaccess = array();
|
||||
|
||||
// Authentification parameters
|
||||
private static $authParams = array();
|
||||
|
||||
// Les fichiers temporaires
|
||||
private static $tmp_file = array();
|
||||
|
||||
|
@ -292,23 +289,13 @@ class LSsession {
|
|||
/**
|
||||
* Chargement d'une classe d'authentification d'LdapSaisie
|
||||
*
|
||||
* @param[in] $auth Nom de la classe d'authentification a charger (Exemple : HTTP)
|
||||
*
|
||||
* @author Benjamin Renard <brenard@easter-eggs.com
|
||||
*
|
||||
* @retval boolean true si le chargement a reussi, false sinon.
|
||||
*/
|
||||
public static function loadLSauth($auth=false) {
|
||||
public static function loadLSauth() {
|
||||
if (self :: loadLSclass('LSauth')) {
|
||||
if ($auth) {
|
||||
if(self :: includeFile(LS_CLASS_DIR .'class.LSauth'.$auth.'.php')) {
|
||||
self :: includeFile(LS_CONF_DIR."LSauth/config.LSauth".$auth.".php");
|
||||
return true;
|
||||
}
|
||||
}
|
||||
else {
|
||||
return true;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
else {
|
||||
LSerror :: addErrorCode('LSsession_05','LSauth');
|
||||
|
@ -473,6 +460,7 @@ class LSsession {
|
|||
|
||||
self :: startLSerror();
|
||||
self :: loadLSaddons();
|
||||
self :: loadLSauth();
|
||||
return true;
|
||||
}
|
||||
|
||||
|
@ -493,16 +481,20 @@ class LSsession {
|
|||
}
|
||||
|
||||
if(isset($_SESSION['LSsession']['dn']) && !isset($_GET['LSsession_recoverPassword'])) {
|
||||
// Session existante
|
||||
LSdebug('LSsession : Session existente');
|
||||
// --------------------- Session existante --------------------- //
|
||||
self :: $topDn = $_SESSION['LSsession']['topDn'];
|
||||
self :: $dn = $_SESSION['LSsession']['dn'];
|
||||
self :: $rdn = $_SESSION['LSsession']['rdn'];
|
||||
self :: $ldapServerId = $_SESSION['LSsession']['ldapServerId'];
|
||||
self :: $tmp_file = $_SESSION['LSsession']['tmp_file'];
|
||||
self :: $authParams = $_SESSION['LSsession']['authParams'];
|
||||
|
||||
if ( self :: cacheLSprofiles() && !isset($_REQUEST['LSsession_refresh']) ) {
|
||||
self :: setLdapServer(self :: $ldapServerId);
|
||||
if (!LSauth :: start()) {
|
||||
LSdebug("LSsession : can't start LSauth -> stop");
|
||||
return;
|
||||
}
|
||||
self :: $LSprofiles = $_SESSION['LSsession']['LSprofiles'];
|
||||
self :: $LSaccess = $_SESSION['LSsession']['LSaccess'];
|
||||
if (!self :: LSldapConnect())
|
||||
|
@ -510,6 +502,10 @@ class LSsession {
|
|||
}
|
||||
else {
|
||||
self :: setLdapServer(self :: $ldapServerId);
|
||||
if (!LSauth :: start()) {
|
||||
LSdebug("LSsession : can't start LSauth -> stop");
|
||||
return;
|
||||
}
|
||||
if (!self :: LSldapConnect())
|
||||
return;
|
||||
self :: loadLSprofiles();
|
||||
|
@ -524,10 +520,7 @@ class LSsession {
|
|||
}
|
||||
|
||||
if (isset($_GET['LSsession_logout'])) {
|
||||
$authObj = self :: getLSauthObject();
|
||||
if ($authObj) {
|
||||
$authObj -> logout();
|
||||
}
|
||||
LSauth :: logout();
|
||||
session_destroy();
|
||||
|
||||
if (is_array($_SESSION['LSsession']['tmp_file'])) {
|
||||
|
@ -540,8 +533,6 @@ class LSsession {
|
|||
return;
|
||||
}
|
||||
|
||||
self :: getLSuserObject();
|
||||
|
||||
if ( !self :: cacheLSprofiles() || isset($_REQUEST['LSsession_refresh']) ) {
|
||||
self :: loadLSaccess();
|
||||
}
|
||||
|
@ -559,6 +550,7 @@ class LSsession {
|
|||
|
||||
}
|
||||
else {
|
||||
// --------------------- Session inexistante --------------------- //
|
||||
if (isset($_GET['LSsession_recoverPassword'])) {
|
||||
session_destroy();
|
||||
}
|
||||
|
@ -581,7 +573,12 @@ class LSsession {
|
|||
self :: $topDn = self :: $ldapServer['ldap_config']['basedn'];
|
||||
}
|
||||
$_SESSION['LSsession_topDn']=self :: $topDn;
|
||||
|
||||
|
||||
if (!LSauth :: start()) {
|
||||
LSdebug("LSsession : can't start LSauth -> stop");
|
||||
return;
|
||||
}
|
||||
|
||||
if (isset($_GET['LSsession_recoverPassword'])) {
|
||||
$recoveryPasswordInfos = self :: recoverPasswd(
|
||||
$_REQUEST['LSsession_user'],
|
||||
|
@ -589,22 +586,17 @@ class LSsession {
|
|||
);
|
||||
}
|
||||
else {
|
||||
$authObj=self :: getLSauthObject();
|
||||
if ($authObj) {
|
||||
if ($authObj -> getPostData()) {
|
||||
$LSuserObject = $authObj -> authenticate();
|
||||
if ($LSuserObject) {
|
||||
// Authentication successful
|
||||
self :: $LSuserObject = $LSuserObject;
|
||||
self :: $dn = $LSuserObject->getValue('dn');
|
||||
self :: $rdn = $LSuserObject->getValue('rdn');
|
||||
self :: loadLSprofiles();
|
||||
self :: loadLSaccess();
|
||||
$GLOBALS['Smarty'] -> assign('LSsession_username',self :: getLSuserObject() -> getDisplayName());
|
||||
$_SESSION['LSsession']=self :: getContextInfos();
|
||||
return true;
|
||||
}
|
||||
}
|
||||
$LSuserObject = LSauth :: forceAuthentication();
|
||||
if ($LSuserObject) {
|
||||
// Authentication successful
|
||||
self :: $LSuserObject = $LSuserObject;
|
||||
self :: $dn = $LSuserObject->getValue('dn');
|
||||
self :: $rdn = $LSuserObject->getValue('rdn');
|
||||
self :: loadLSprofiles();
|
||||
self :: loadLSaccess();
|
||||
$GLOBALS['Smarty'] -> assign('LSsession_username',self :: getLSuserObject() -> getDisplayName());
|
||||
$_SESSION['LSsession']=self :: getContextInfos();
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -619,7 +611,7 @@ class LSsession {
|
|||
if (isset($_GET['LSsession_recoverPassword'])) {
|
||||
self :: displayRecoverPasswordForm($recoveryPasswordInfos);
|
||||
}
|
||||
elseif(self :: $authParams['displayLoginForm']) {
|
||||
elseif(LSauth :: displayLoginForm()) {
|
||||
self :: displayLoginForm();
|
||||
}
|
||||
else {
|
||||
|
@ -629,32 +621,6 @@ class LSsession {
|
|||
return;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Get LSauthObject
|
||||
*
|
||||
* @retval LSauth object or false
|
||||
**/
|
||||
private static function getLSauthObject() {
|
||||
if (!self :: $LSauthObject) {
|
||||
if (self :: loadLSauth()) {
|
||||
if (isset(self :: $ldapServer['LSauth']['method'])) {
|
||||
$LSauthClass = 'LSauth'.self :: $ldapServer['LSauth']['method'];
|
||||
if (!self :: loadLSauth(self :: $ldapServer['LSauth']['method'])) {
|
||||
LSerror :: addErrorCode('LSsession_08',self :: $ldapServer['LSauth']['method']);
|
||||
$LSauthClass = 'LSauth';
|
||||
}
|
||||
}
|
||||
else {
|
||||
$LSauthClass = 'LSauth';
|
||||
}
|
||||
|
||||
self :: $LSauthObject = new $LSauthClass();
|
||||
self :: $authParams = self :: $LSauthObject->params;
|
||||
}
|
||||
}
|
||||
return self :: $LSauthObject;
|
||||
}
|
||||
|
||||
/**
|
||||
* Do recover password
|
||||
|
@ -896,8 +862,7 @@ class LSsession {
|
|||
'ldapServerId' => self :: $ldapServerId,
|
||||
'ldapServer' => self :: $ldapServer,
|
||||
'LSprofiles' => self :: $LSprofiles,
|
||||
'LSaccess' => self :: $LSaccess,
|
||||
'authParams' => self :: $authParams
|
||||
'LSaccess' => self :: $LSaccess
|
||||
);
|
||||
}
|
||||
|
||||
|
@ -1406,7 +1371,7 @@ class LSsession {
|
|||
$GLOBALS['Smarty'] -> assign('LSencoding',self :: $encoding);
|
||||
$GLOBALS['Smarty'] -> assign('lang_label',_('Language'));
|
||||
|
||||
$GLOBALS['Smarty'] -> assign('displayLogoutBtn',self :: $authParams['displayLogoutBtn']);
|
||||
$GLOBALS['Smarty'] -> assign('displayLogoutBtn',LSauth :: displayLogoutBtn());
|
||||
|
||||
// Infos
|
||||
if((!empty($_SESSION['LSsession_infos']))&&(is_array($_SESSION['LSsession_infos']))) {
|
||||
|
|
|
@ -25,9 +25,9 @@
|
|||
<dt class='loginform-level' id='LSsession_topDn_label' {$loginform_ldapserver_style}>{$loginform_label_level}</dt>
|
||||
<dd class='loginform-level' {$loginform_ldapserver_style}><select name='LSsession_topDn' id='LSsession_topDn'>{html_options values=$loginform_topdn_index output=$loginform_topdn_name selected=$topDn}</select></dd>
|
||||
<dt>{$loginform_label_user}</dt>
|
||||
<dd><input type='text' name='LSsession_user' /></dd>
|
||||
<dd><input type='text' name='LSauth_user' /></dd>
|
||||
<dt>{$loginform_label_pwd}</dt>
|
||||
<dd><input type='password' name='LSsession_pwd' /></dd>
|
||||
<dd><input type='password' name='LSauth_pwd' /></dd>
|
||||
<dt class='LSlang_hidden'>{$lang_label}</dt>
|
||||
<dd class='LSlang_hidden'>
|
||||
<select name='lang'>
|
||||
|
|
Loading…
Reference in a new issue