1 | <?php |
---|
2 | /**************************************************************************\ |
---|
3 | * eGroupWare API - Auth from SQL, with optional SSL authentication * |
---|
4 | * This file written by Andreas 'Count' Kotes <count@flatline.de> * |
---|
5 | * Authentication based on SQL table and X.509 certificates * |
---|
6 | * Copyright (C) 2000, 2001 Dan Kuykendall * |
---|
7 | * -------------------------------------------------------------------------* |
---|
8 | * This library is part of the eGroupWare API * |
---|
9 | * http://www.egroupware.org/api * |
---|
10 | * ------------------------------------------------------------------------ * |
---|
11 | * This library is free software; you can redistribute it and/or modify it * |
---|
12 | * under the terms of the GNU Lesser General Public License as published by * |
---|
13 | * the Free Software Foundation; either version 2.1 of the License, * |
---|
14 | * or any later version. * |
---|
15 | * This library is distributed in the hope that it will be useful, but * |
---|
16 | * WITHOUT ANY WARRANTY; without even the implied warranty of * |
---|
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * |
---|
18 | * See the GNU Lesser General Public License for more details. * |
---|
19 | * You should have received a copy of the GNU Lesser General Public License * |
---|
20 | * along with this library; if not, write to the Free Software Foundation, * |
---|
21 | * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * |
---|
22 | \**************************************************************************/ |
---|
23 | |
---|
24 | |
---|
25 | class auth_ |
---|
26 | { |
---|
27 | var $db = ''; |
---|
28 | var $previous_login = -1; |
---|
29 | |
---|
30 | function auth_() |
---|
31 | { |
---|
32 | copyobj($GLOBALS['phpgw']->db,$this->db); |
---|
33 | } |
---|
34 | |
---|
35 | function authenticate($username, $passwd) |
---|
36 | { |
---|
37 | $local_debug = False; |
---|
38 | |
---|
39 | if($local_debug) |
---|
40 | { |
---|
41 | echo "<b>Debug SQL: uid - $username passwd - $passwd</b>"; |
---|
42 | } |
---|
43 | |
---|
44 | # Apache + mod_ssl provide the data in the environment |
---|
45 | # Certificate (chain) verification occurs inside mod_ssl |
---|
46 | # see http://www.modssl.org/docs/2.8/ssl_howto.html#ToC6 |
---|
47 | if(!isset($_SERVER['SSL_CLIENT_S_DN'])) |
---|
48 | { |
---|
49 | # if we're not doing SSL authentication, behave like auth_sql |
---|
50 | $this->db->query("SELECT * FROM phpgw_accounts WHERE account_lid = '$username' AND " |
---|
51 | . "account_pwd='" . md5($passwd) . "' AND account_status ='A'",__LINE__,__FILE__); |
---|
52 | $this->db->next_record(); |
---|
53 | } |
---|
54 | else |
---|
55 | { |
---|
56 | # use username only for authentication, ignore X.509 subject in $passwd for now |
---|
57 | $this->db->query("SELECT * FROM phpgw_accounts WHERE account_lid = '$username' AND account_status ='A'",__LINE__,__FILE__); |
---|
58 | $this->db->next_record(); |
---|
59 | } |
---|
60 | |
---|
61 | if($GLOBALS['phpgw_info']['server']['case_sensitive_username'] == true) |
---|
62 | { |
---|
63 | if($db->f('account_lid') != $username) |
---|
64 | { |
---|
65 | return false; |
---|
66 | } |
---|
67 | } |
---|
68 | if($this->db->f('account_lid')) |
---|
69 | { |
---|
70 | return True; |
---|
71 | } |
---|
72 | else |
---|
73 | { |
---|
74 | return False; |
---|
75 | } |
---|
76 | } |
---|
77 | |
---|
78 | function change_password($old_passwd, $new_passwd, $account_id = '') |
---|
79 | { |
---|
80 | if(!$account_id) |
---|
81 | { |
---|
82 | $account_id = $GLOBALS['phpgw_info']['user']['account_id']; |
---|
83 | } |
---|
84 | |
---|
85 | $encrypted_passwd = md5($new_passwd); |
---|
86 | |
---|
87 | $GLOBALS['phpgw']->db->query("UPDATE phpgw_accounts SET account_pwd='" . md5($new_passwd) . "'," |
---|
88 | . "account_lastpwd_change='" . time() . "' WHERE account_id='" . $account_id . "'",__LINE__,__FILE__); |
---|
89 | |
---|
90 | $GLOBALS['phpgw']->session->appsession('password','phpgwapi',$new_passwd); |
---|
91 | |
---|
92 | return $encrypted_passwd; |
---|
93 | } |
---|
94 | |
---|
95 | function update_lastlogin($account_id, $ip) |
---|
96 | { |
---|
97 | $GLOBALS['phpgw']->db->query("SELECT account_lastlogin FROM phpgw_accounts WHERE account_id='$account_id'",__LINE__,__FILE__); |
---|
98 | $GLOBALS['phpgw']->db->next_record(); |
---|
99 | $this->previous_login = $GLOBALS['phpgw']->db->f('account_lastlogin'); |
---|
100 | |
---|
101 | $GLOBALS['phpgw']->db->query("UPDATE phpgw_accounts SET account_lastloginfrom='" |
---|
102 | . "$ip', account_lastlogin='" . time() |
---|
103 | . "' WHERE account_id='$account_id'",__LINE__,__FILE__); |
---|
104 | } |
---|
105 | } |
---|
106 | ?> |
---|