[763] | 1 | <?php |
---|
| 2 | /**************************************************************************\ |
---|
| 3 | * eGroupWare API - Auth from SQL, with optional SSL authentication * |
---|
| 4 | * This file written by Andreas 'Count' Kotes <count@flatline.de> * |
---|
| 5 | * Authentication based on SQL table and X.509 certificates * |
---|
| 6 | * Copyright (C) 2000, 2001 Dan Kuykendall * |
---|
| 7 | * -------------------------------------------------------------------------* |
---|
| 8 | * This library is part of the eGroupWare API * |
---|
| 9 | * http://www.egroupware.org/api * |
---|
| 10 | * ------------------------------------------------------------------------ * |
---|
| 11 | * This library is free software; you can redistribute it and/or modify it * |
---|
| 12 | * under the terms of the GNU Lesser General Public License as published by * |
---|
| 13 | * the Free Software Foundation; either version 2.1 of the License, * |
---|
| 14 | * or any later version. * |
---|
| 15 | * This library is distributed in the hope that it will be useful, but * |
---|
| 16 | * WITHOUT ANY WARRANTY; without even the implied warranty of * |
---|
| 17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * |
---|
| 18 | * See the GNU Lesser General Public License for more details. * |
---|
| 19 | * You should have received a copy of the GNU Lesser General Public License * |
---|
| 20 | * along with this library; if not, write to the Free Software Foundation, * |
---|
| 21 | * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * |
---|
| 22 | \**************************************************************************/ |
---|
| 23 | |
---|
| 24 | |
---|
| 25 | class auth_ |
---|
| 26 | { |
---|
| 27 | var $db = ''; |
---|
| 28 | var $previous_login = -1; |
---|
| 29 | |
---|
| 30 | function auth_() |
---|
| 31 | { |
---|
| 32 | copyobj($GLOBALS['phpgw']->db,$this->db); |
---|
| 33 | } |
---|
| 34 | |
---|
| 35 | function authenticate($username, $passwd) |
---|
| 36 | { |
---|
| 37 | $local_debug = False; |
---|
| 38 | |
---|
| 39 | if($local_debug) |
---|
| 40 | { |
---|
| 41 | echo "<b>Debug SQL: uid - $username passwd - $passwd</b>"; |
---|
| 42 | } |
---|
| 43 | |
---|
| 44 | # Apache + mod_ssl provide the data in the environment |
---|
| 45 | # Certificate (chain) verification occurs inside mod_ssl |
---|
| 46 | # see http://www.modssl.org/docs/2.8/ssl_howto.html#ToC6 |
---|
| 47 | if(!isset($_SERVER['SSL_CLIENT_S_DN'])) |
---|
| 48 | { |
---|
| 49 | # if we're not doing SSL authentication, behave like auth_sql |
---|
| 50 | $this->db->query("SELECT * FROM phpgw_accounts WHERE account_lid = '$username' AND " |
---|
| 51 | . "account_pwd='" . md5($passwd) . "' AND account_status ='A'",__LINE__,__FILE__); |
---|
| 52 | $this->db->next_record(); |
---|
| 53 | } |
---|
| 54 | else |
---|
| 55 | { |
---|
| 56 | # use username only for authentication, ignore X.509 subject in $passwd for now |
---|
| 57 | $this->db->query("SELECT * FROM phpgw_accounts WHERE account_lid = '$username' AND account_status ='A'",__LINE__,__FILE__); |
---|
| 58 | $this->db->next_record(); |
---|
| 59 | } |
---|
| 60 | |
---|
| 61 | if($GLOBALS['phpgw_info']['server']['case_sensitive_username'] == true) |
---|
| 62 | { |
---|
| 63 | if($db->f('account_lid') != $username) |
---|
| 64 | { |
---|
| 65 | return false; |
---|
| 66 | } |
---|
| 67 | } |
---|
| 68 | if($this->db->f('account_lid')) |
---|
| 69 | { |
---|
| 70 | return True; |
---|
| 71 | } |
---|
| 72 | else |
---|
| 73 | { |
---|
| 74 | return False; |
---|
| 75 | } |
---|
| 76 | } |
---|
| 77 | |
---|
| 78 | function change_password($old_passwd, $new_passwd, $account_id = '') |
---|
| 79 | { |
---|
| 80 | if(!$account_id) |
---|
| 81 | { |
---|
| 82 | $account_id = $GLOBALS['phpgw_info']['user']['account_id']; |
---|
| 83 | } |
---|
| 84 | |
---|
| 85 | $encrypted_passwd = md5($new_passwd); |
---|
| 86 | |
---|
| 87 | $GLOBALS['phpgw']->db->query("UPDATE phpgw_accounts SET account_pwd='" . md5($new_passwd) . "'," |
---|
| 88 | . "account_lastpwd_change='" . time() . "' WHERE account_id='" . $account_id . "'",__LINE__,__FILE__); |
---|
| 89 | |
---|
| 90 | $GLOBALS['phpgw']->session->appsession('password','phpgwapi',$new_passwd); |
---|
| 91 | |
---|
| 92 | return $encrypted_passwd; |
---|
| 93 | } |
---|
| 94 | |
---|
| 95 | function update_lastlogin($account_id, $ip) |
---|
| 96 | { |
---|
| 97 | $GLOBALS['phpgw']->db->query("SELECT account_lastlogin FROM phpgw_accounts WHERE account_id='$account_id'",__LINE__,__FILE__); |
---|
| 98 | $GLOBALS['phpgw']->db->next_record(); |
---|
| 99 | $this->previous_login = $GLOBALS['phpgw']->db->f('account_lastlogin'); |
---|
| 100 | |
---|
| 101 | $GLOBALS['phpgw']->db->query("UPDATE phpgw_accounts SET account_lastloginfrom='" |
---|
| 102 | . "$ip', account_lastlogin='" . time() |
---|
| 103 | . "' WHERE account_id='$account_id'",__LINE__,__FILE__); |
---|
| 104 | } |
---|
| 105 | } |
---|
| 106 | ?> |
---|