/usr/share/awl/inc/AuthPlugins.php is in libawl-php 0.57-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 | <?php
/**
* The authentication handling plugins can be used by the Session class to
* provide authentication.
*
* Each authenticate hook needs to:
* - Accept a username / password
* - Confirm the username / password are correct
* - Create (or update) a 'usr' record in our database
* - Return the 'usr' record as an object
* - Return === false when authentication fails
*
* It can expect that:
* - Configuration data will be in $c->authenticate_hook['config'], which might be an array, or whatever is needed.
*
* In order to be called:
* - This file should be included
* - $c->authenticate_hook['call'] should be set to the name of the plugin
* - $c->authenticate_hook['config'] should be set up with any configuration data for the plugin
*
* @package awl
* @subpackage AuthPlugin
* @author Andrew McMillan <andrew@mcmillan.net.nz>
* @copyright Catalyst IT Ltd, Morphoss Ltd <http://www.morphoss.com/>
* @license http://gnu.org/copyleft/gpl.html GNU GPL v2 or later
*/
require_once('AWLUtilities.php');
require_once('DataUpdate.php');
/**
* Authenticate against a different PostgreSQL database which contains a usr table in
* the AWL format.
*
* @package awl
*/
function auth_other_awl( $username, $password ) {
global $c;
$authconn = pg_Connect($c->authenticate_hook['config']['connection']);
if ( ! $authconn ) {
echo <<<EOERRMSG
<html><head><title>Database Connection Failure</title></head><body>
<h1>Database Error</h1>
<h3>Could not connect to PostgreSQL database</h3>
</body>
</html>
EOERRMSG;
exit(1);
}
if ( isset($c->authenticate_hook['config']['columns']) )
$cols = $c->authenticate_hook['config']['columns'];
else
$cols = "*";
if ( isset($c->authenticate_hook['config']['where']) )
$andwhere = " AND ".$c->authenticate_hook['config']['where'];
else
$andwhere = "";
$qry = new AwlQuery("SELECT $cols FROM usr WHERE lower(username) = text(?) $andwhere", strtolower($username) );
$qry->SetConnection($authconn);
if ( $qry->Exec('Login',__LINE,__FILE__) && $qry->rows() == 1 ) {
$usr = $qry->Fetch();
if ( session_validate_password( $password, $usr->password ) ) {
$qry = new AwlQuery("SELECT * FROM usr WHERE user_no = $usr->user_no;" );
if ( $qry->Exec('Login',__LINE,__FILE__) && $qry->rows() == 1 )
$type = "UPDATE";
else
$type = "INSERT";
$qry = new AwlQuery( sql_from_object( $usr, $type, 'usr', "WHERE user_no=$usr->user_no" ) );
$qry->Exec('Login',__LINE__,__FILE__);
/**
* We disallow login by inactive users _after_ we have updated the local copy
*/
if ( isset($usr->active) && $usr->active == 'f' ) return false;
return $usr;
}
}
return false;
}
/**
* Authentication has already happened. We know the username, we just need
* to do the authorisation / access control. The password is ignored.
*
* @package awl
*/
function auth_external( $username, $password ) {
global $c;
$qry = new AwlQuery("SELECT * FROM usr WHERE active AND lower(username) = text(?) ", strtolower($username) );
if ( $qry->Exec('Login',__LINE__,__FILE__) && $qry->rows() == 1 ) {
$usr = $qry->Fetch();
return $usr;
}
return false;
}
|