Peter M. Groen / knowledgetree

Commit afc703b0aff8495c0e0c77b80de8dbd9c94db558

Authored by Michael Joseph
1 parent 0eb1c152

initial revisions of new authentication and controller implementation 


git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@38 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 4 changed files with 275 additions and 0 deletions
control.php 0 โ†’ 100644
  View file @afc703b
  1 +<?php
  2 +
  3 +/**
  4 + * control.php -- Controller page
  5 + *
  6 + * This page controls the web application by responding to a set of
  7 + * defined actions. The controller performs session handling, page-level
  8 + * authentication and forwards the request to the appropriate handling
  9 + * page.
  10 + *
  11 + *
  12 + * Licensed under the GNU GPL. For full terms see the file COPYING.
  13 + *
  14 + * @version $Id$
  15 + * @Copyright (c) 1999-2002 The Owl Project Team
  16 + * @author michael
  17 + * @package dmsWebApplication
  18 + */
  19 +
  20 +// main library routines and defaults
  21 +require_once("./config/owl.php");
  22 +require_once("./lib/owl.lib.php");
  23 +require_once("./config/html.php");
  24 +require_once("./lib/Authenticator.inc");
  25 +require_once("./lib/control.inc");
  26 +require_once("./lib/SiteMap.inc");
  27 +
  28 +// -------------------------------
  29 +// page start
  30 +// -------------------------------
  31 +
  32 +if (!checkSession($sessionID)) {
  33 + // no session, redirect to login
  34 + $action = "loginForm";
  35 +}
  36 +
  37 +$page = $default->siteMap->getPage($action, getUserClass($userID))
  38 +
  39 +if (isset($page)) {
  40 + redirect($page);
  41 +} else {
  42 + // TODO: build no permission page
  43 + print "you do not have access to view this page! please go away, and come back when you do.";
  44 +}
  45 +
  46 +?>
... ...
lib/Authenticator.inc 0 โ†’ 100644
  View file @afc703b
  1 +<?php
  2 +
  3 +/**
  4 + * $Id$
  5 + *
  6 + * Interface class that performs all authentication functions.
  7 + *
  8 + * @version $Revision$
  9 + * @author michael@jamwarehouse.com
  10 + * @package dms
  11 + */
  12 +class Authenticator {
  13 +
  14 + /**
  15 + * Verifies the login credentials
  16 + *
  17 + * @param userName
  18 + * the user name of the user logging in
  19 + * @param password
  20 + * the user's password
  21 + * @return array containing user details (userName, userID, groupID)
  22 + * and authentication status code
  23 + */
  24 + function login($userName, $password) {
  25 +
  26 + global $default;
  27 + $sql = new Owl_DB;
  28 + $query = "select * from $default->owl_users_table where username = '$username' and password = '" . md5($password) . "'";
  29 + $sql->query($query);
  30 + //$sql->query("select * from $default->owl_users_table where username = '$username' and password = '" . md5($password) . "'");
  31 + $numrows = $sql->num_rows($sql);
  32 + // Bozz Begin added Password Encryption above, but for now
  33 + // I will allow admin to use non crypted password until he
  34 + // upgrades all users
  35 + if ($numrows == "1") {
  36 + while($sql->next_record()) {
  37 + if ( $sql->f("disabled") == 1 ) {
  38 + $userDetails["status"] = 2;
  39 + } else {
  40 + $userDetails["status"] = 1;
  41 + $userDetails["userName"] = $sql->f("username");
  42 + $userDetails["userID"] = $sql->f("id");
  43 + $userDetails["groupID"] = $sql->f("groupid");
  44 + $maxsessions = $sql->f("maxsessions") + 1;
  45 + }
  46 + }
  47 + // Remove this else in a future version
  48 + } elseif ($username == "admin") {
  49 + // username admin check password
  50 + $sql->query("select * from $default->owl_users_table where username = '$username' and password = '$password'");
  51 + $numrows = $sql->num_rows($sql);
  52 + if ($numrows == "1") {
  53 + while($sql->next_record()) {
  54 + $userDetails["status"] = 1;
  55 + $userDetails["userName"] = $sql->f("username");
  56 + $userDetails["userID"] = $sql->f("id");
  57 + $userDetails["groupID"] = $sql->f("groupid");
  58 + $maxsessions = $sql->f("maxsessions") + 1;
  59 + }
  60 + }
  61 + // login failure
  62 + } else {
  63 + $userDetails["status"] = 0;
  64 + }
  65 +
  66 + if (isset($userDetails["userID"]) && ($userDetails["status"] != 0)) {
  67 + // remove stale sessions from the database for the user
  68 + // that is signing on.
  69 + Owl_Session::removeStaleSessions($userDetails["userID"]);
  70 +
  71 + // Check if Maxsessions has been reached
  72 + $sql = new Owl_DB;
  73 + $sql->query("select * from $default->owl_sessions_table where uid = '".$userDetails["userID"]."'");
  74 + if ($sql->num_rows($sql) >= $maxsessions && $userDetails["status"] != 0) {
  75 + if ( $userDetails["groupID"] == 0) {
  76 + // ignore maxsessions check for admin group
  77 + $userDetails["status"] = 1;
  78 + } else {
  79 + // return too many sessions status code
  80 + $userDetails["status"] = 3;
  81 + }
  82 + }
  83 + }
  84 + return $userDetails;
  85 + }
  86 +
  87 + /**
  88 + * Logs the user out of the application
  89 + *
  90 + * @param userID
  91 + * the ID of user logging out
  92 + * @param sessionID
  93 + * the user's sessionID
  94 + */
  95 + function logout($userID, $sessionID) {
  96 + // remove session from db
  97 + Owl_Session::remove($sessionID)
  98 + }
  99 +
  100 +
  101 +}
  102 +
  103 +/**
  104 + * Perform authentication tasks against the database.
  105 + */
  106 +class DBAuthenticator extends Authenticator {
  107 +}
  108 +
  109 +/**
  110 + * Perform authentication tasks against LDAP compliant directory server.
  111 + */
  112 +class LDAPAuthenticator extends Authenticator {
  113 +}
  114 +
  115 +?>
... ...
lib/control.inc 0 โ†’ 100644
  View file @afc703b
  1 +<?php
  2 +
  3 +/**
  4 + * control.inc
  5 + *
  6 + * contains the controller helper functions
  7 + *
  8 + * Copyright (c) 1999-2002 The Owl Project Team
  9 + * Licensed under the GNU GPL. For full terms see the file COPYING.
  10 + * @version $Revision$
  11 + * @author jam dms team
  12 + * @package
  13 + */
  14 +
  15 +/**
  16 + * Redirects to the specified URL
  17 + *
  18 + * @param $url the URL to forward to
  19 + */
  20 +function redirect($url) {
  21 + // everything is relative to the root url
  22 + $url = $url . $default->owl_root_url . "/";
  23 + // if we have a session
  24 + if (isset($uid->sessdata["sessid"])) {
  25 + // check url for parameters and add sessid accordingly
  26 + if (strstr($url, "?")) {
  27 + $url = $url . "&sess=". $uid->sessdata["sessid"];
  28 + } else {
  29 + $url = $url . "?sess=". $uid->sessdata["sessid"];
  30 + }
  31 + }
  32 + header("Location: $url");
  33 +}
  34 +
  35 +/**
  36 + * Redirects to login if no session is present
  37 + */
  38 +function checkSession($sessionID) {
  39 + $sessionStatus = Owl_Session::verify($sessionID);
  40 + switch ($sessionStatus["status"]) {
  41 +
  42 + }
  43 +}
  44 +
... ...
login.php 0 โ†’ 100644
  View file @afc703b
  1 +<?php
  2 +
  3 +// main library routines and defaults
  4 +require_once("./config/owl.php");
  5 +require_once("./lib/owl.lib.php");
  6 +require_once("./config/html.php");
  7 +require_once("./lib/Authenticator.php");
  8 +
  9 +// this page displays the login form
  10 +// and performs the business logic login code
  11 +
  12 +if ($loginAction == "loginForm") {
  13 + // TODO: build login form using PatternMainPage
  14 + include("./lib/header.inc");
  15 + print("<CENTER>");
  16 + print("<IMG SRC='$default->owl_root_url/locale/$default->owl_lang/graphics/$default->logo'><BR>$lang_engine<BR>$lang_version: $default->version<BR><HR WIDTH=300>");
  17 + print "<FORM ACTION=\"control.php\" METHOD=\"POST\">";
  18 +
  19 + if (isset($fileid)) {
  20 + print "<INPUT TYPE=\"HIDDEN\" NAME=\"parent\" value=\"$parent\">";
  21 + print "<INPUT TYPE=\"HIDDEN\" NAME=\"fileid\" value=\"$fileid\">";
  22 + }
  23 +
  24 + print "<TABLE><TR><TD>$lang_username:</TD><TD><INPUT TYPE=\"TEXT\" NAME=\"fUserName\"><BR></TD></TR>";
  25 + print "<TR><TD>$lang_password:</TD><TD><INPUT TYPE=\"PASSWORD\" NAME=\"fPassword\"><BR></TD></TR></TABLE>";
  26 + print "<INPUT TYPE=\"hidden\" name=\"loginAction\" value=\"login\">\n";
  27 + print "<INPUT TYPE=\"SUBMIT\" Value=\"$lang_login\">\n";
  28 + print "<BR><BR><HR WIDTH=300>";
  29 + include("./lib/footer.inc");
  30 +
  31 +} elseif ($loginAction == "login") {
  32 +
  33 + // check the requirements
  34 + if (checkrequirements() == 1) {
  35 + // TODO: appropriate error message
  36 + exit;
  37 + } else {
  38 + // if requirements are met and we have a username and password to authenticate
  39 + if( isset($fUserName) && isset($fPassword) ) {
  40 + // verifies the login and password of the user
  41 + $userDetails = Authenticator::login($fUserName, $fUserName)
  42 +
  43 + switch ($userDetails["status"]) {
  44 + // successfully authenticated
  45 + case 1:
  46 + $sessionID = Owl_Session::create($userDetails["userID"]);
  47 + // check query string and forward to requested page
  48 + // else forward to dashboard (config defined page/action)
  49 + break;
  50 + // login disabled
  51 + case 2:
  52 + redirect("control.php?action=loginForm&loginFailureMessage=");
  53 + break;
  54 + // too many sessions
  55 + case 3 :
  56 + redirect("control.php?action=loginForm&loginFailureMessage=");
  57 + break;
  58 + default :
  59 + redirect("control.php?action=loginForm&loginFailureMessage=");
  60 + }
  61 + } else {
  62 + // didn't receive any login parameters, so redirect login form
  63 + $url = "control.php?action=loginForm";
  64 + redirect($url);
  65 + }
  66 + }
  67 +}
  68 +?>
  69 +
  70 +
... ...