class LSauth {
static private $authData=NULL;
+ static private $authObject=NULL;
+ static private $config=array();
+ static private $provider=NULL;
- var $params = array (
+ static private $params = array (
'displayLoginForm' => true,
'displayLogoutBtn' => true
);
-
- /**
- * Check Post Data
- *
- * @retval boolean True if post data permit the authentification or False
- **/
- public function getPostData() {
- if (isset($_POST['LSsession_user']) && !empty($_POST['LSsession_user'])) {
- $this -> authData = array(
- 'username' => $_POST['LSsession_user'],
- 'password' => $_POST['LSsession_pwd'],
- 'ldapserver' => $_POST['LSsession_ldapserver'],
- 'topDn' => $_POST['LSsession_topDn']
- );
- return true;
+
+ function start() {
+ LSdebug('LSauth :: start()');
+ // Load Config
+ if (isset(LSsession :: $ldapServer['LSauth']) && is_array(LSsession :: $ldapServer['LSauth'])) {
+ self :: $config = LSsession :: $ldapServer['LSauth'];
}
- return;
- }
-
- /**
- * Check user login
- *
- * @param[in] $username The username
- * @param[in] $password The password
- *
- * @retval LSldapObject|false The LSldapObject of the user authificated or false
- */
- public function authenticate() {
- if (LSsession :: loadLSobject(LSsession :: $ldapServer['authObjectType'])) {
- $authobject = new LSsession :: $ldapServer['authObjectType']();
- $result = $authobject -> searchObject(
- $this -> authData['username'],
- LSsession :: getTopDn(),
- LSsession :: $ldapServer['authObjectFilter']
- );
- $nbresult=count($result);
-
- if ($nbresult==0) {
- // identifiant incorrect
- LSdebug('identifiant incorrect');
- LSerror :: addErrorCode('LSauth_01');
- }
- else if ($nbresult>1) {
- // duplication d'authentité
- LSerror :: addErrorCode('LSauth_02');
- }
- elseif ( $this -> checkUserPwd($result[0],$this -> authData['password']) ) {
- // Authentication succeeded
- return $result[0];
- }
- else {
- LSerror :: addErrorCode('LSauth_01');
- LSdebug('mdp incorrect');
+ if (!LSsession :: loadLSclass('LSauthMethod')) {
+ LSdebug('LSauth :: Failed to load LSauthMethod');
+ return;
+ }
+ if (!isset(self :: $config['method'])) {
+ self :: $config['method']='basic';
+ }
+ $class='LSauthMethod_'.self :: $config['method'];
+ LSdebug('LSauth : provider -> '.$class);
+ if (LSsession :: loadLSclass($class)) {
+ self :: $provider = new $class();
+ if (!self :: $provider) {
+ LSerror :: addErrorCode('LSauth_05',self :: $config['method']);
}
+ LSdebug('LSauth : Provider Started !');
+ return true;
}
else {
- LSerror :: addErrorCode('LSauth_03');
- }
- return;
- }
-
- /**
- * Test un couple LSobject/pwd
- *
- * Test un bind sur le serveur avec le dn de l'objet et le mot de passe fourni.
- *
- * @param[in] LSobject L'object "user" pour l'authentification
- * @param[in] string Le mot de passe à tester
- *
- * @retval boolean True si l'authentification à réussi, false sinon.
- */
- public static function checkUserPwd($object,$pwd) {
- return LSldap :: checkBind($object -> getValue('dn'),$pwd);
- }
-
- /**
- * Define if login form can be displayed or not
- *
- * @retval boolean
- **/
- public function __get($key) {
- if ($key=='params') {
- return $this -> params;
+ LSerror :: addErrorCode('LSauth_04',self :: $config['method']);
+ return;
}
- return;
}
+ function forceAuthentication() {
+ LSdebug('LSauth :: forceAuthentication()');
+ if (!is_null(self :: $provider)) {
+ self :: $authData = self :: $provider -> getAuthData();
+ if (self :: $authData) {
+ self :: $authObject = self :: $provider -> authenticate();
+ return self :: $authObject;
+ }
+ // No data : user has not filled the login form
+ LSdebug('LSauth : No data -> user has not filled the login form');
+ return;
+ }
+ LSerror :: addErrorCode('LSauth_06');
+ return;
+ }
+
/**
* Logout
*
* @retval void
**/
public function logout() {
- // Do nothing in the standard LSauth class
+ if (!is_null(self :: $provider)) {
+ return self :: $provider -> logout();
+ }
+ LSerror :: addErrorCode('LSauth_06');
+ return;
}
+
+ /**
+ * Disable logout button in LSauth parameters
+ *
+ * @retval void
+ **/
+ public function disableLogoutBtn() {
+ self :: $params['displayLogoutBtn'] = false;
+ }
+
+ /**
+ * Can display or not logout button in LSauth parameters
+ *
+ * @retval boolean
+ **/
+ public function displayLogoutBtn() {
+ return self :: $params['displayLogoutBtn'];
+ }
+ /*
+ * For compatibillity until loginForm is migrated in LSauth
+ */
+ public function disableLoginForm() {
+ self :: $params['displayLoginForm'] = false;
+ }
+
+ public function displayLoginForm() {
+ return self :: $params['displayLoginForm'];
+ }
+
+
}
/*
_("LSauth : Impossible to identify you : Duplication of identities.")
);
LSerror :: defineError('LSauth_03',
-_("LSsession : Could not load type of identifiable objects.")
+_("LSauth : Could not load type of identifiable objects.")
+);
+LSerror :: defineError('LSauth_04',
+_("LSauth : Can't load authentication method %{method}.")
);
+LSerror :: defineError('LSauth_05',
+_("LSauth : Failed to build the authentication provider %{method}.")
+);
+LSerror :: defineError('LSauth_06',
+_("LSauth : Not correctly initialized.")
+);
+LSerror :: defineError('LSauth_07',
+_("LSauth : Failed to get authentication informations from provider.")
+);
+
?>
+++ /dev/null
-<?php
-/*******************************************************************************
- * Copyright (C) 2007 Easter-eggs
- * http://ldapsaisie.labs.libre-entreprise.org
- *
- * Author: See AUTHORS file in top-level directory.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License version 2
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-
-******************************************************************************/
-
-/**
- * Gestion de l'authentification d'un utilisateur via une authentification
- * CAS
- *
- * @author Benjamin Renard <brenard@easter-eggs.com>
- */
-class LSauthCAS extends LSauth {
-
- var $params = array (
- 'displayLoginForm' => false,
- 'displayLogoutBtn' => true
- );
-
- /**
- * Constructor
- */
- public function LSauthCAS() {
- if (LSsession :: includeFile(PHP_CAS_PATH)) {
- if (defined('PHP_CAS_DEBUG_FILE')) {
- phpCAS::setDebug(PHP_CAS_DEBUG_FILE);
- }
- phpCAS::client(constant(LSAUTH_CAS_VERSION),LSAUTH_CAS_SERVER_HOSTNAME,LSAUTH_CAS_SERVER_PORT,LSAUTH_CAS_SERVER_URI,false);
- if (LSAUTH_CAS_SERVER_NO_SSL_VALIDATION) {
- phpCAS::setNoCasServerValidation();
- }
-
- if (defined(LSAUTH_CAS_SERVER_SSL_CERT)) {
- phpCAS::setCasServerCert(LSAUTH_CAS_SERVER_SSL_CERT);
- }
-
- if (defined(LSAUTH_CAS_SERVER_SSL_CACERT)) {
- phpCAS::setCasServerCACert(LSAUTH_CAS_SERVER_SSL_CACERT);
- }
-
- if (LSAUTH_CAS_DISABLE_LOGOUT) {
- $this -> params['displayLogoutBtn'] = false;
- }
-
- return true;
- }
- else {
- LSerror :: addErrorCode('LSauthCAS_01');
- }
- return false;
- }
-
- /**
- * Check Post Data
- *
- * @retval array|False Array of post data if exist or False
- **/
- public function getPostData() {
- if (class_exists('phpCAS')) {
- // Launch Auth
- phpCAS::forceAuthentication();
-
- $this -> authData = array(
- 'username' => phpCAS::getUser(),
- 'password' => '',
- 'ldapserver' => $_REQUEST['LSsession_ldapserver'],
- 'topDn' => $_REQUEST['LSsession_topDn']
- );
- return true;
- }
- return;
- }
-
- /**
- * Check user login
- *
- * @param[in] $username The username
- * @param[in] $password The password
- *
- * @retval LSldapObject|false The LSldapObject of the user authificated or false
- */
- public function authenticate() {
- if (LSsession :: loadLSobject(LSsession :: $ldapServer['authObjectType'])) {
- $authobject = new LSsession :: $ldapServer['authObjectType']();
- $result = $authobject -> searchObject(
- $this -> authData['username'],
- LSsession :: getTopDn(),
- LSsession :: $ldapServer['authObjectFilter']
- );
- $nbresult=count($result);
-
- if ($nbresult==0) {
- // identifiant incorrect
- LSdebug('identifiant incorrect');
- LSerror :: addErrorCode('LSauth_01');
- }
- else if ($nbresult>1) {
- // duplication d'authentité
- LSerror :: addErrorCode('LSauth_02');
- }
- else {
- // Authentication succeeded
- return $result[0];
- }
- }
- else {
- LSerror :: addErrorCode('LSauth_03');
- }
- return;
- }
-
- public function logout() {
- if(class_exists('phpCAS')) {
- if ($this -> params['displayLogoutBtn']) {
- phpCAS :: forceAuthentication();
- phpCAS :: logout();
- }
- }
- }
-}
-/*
- * Error Codes
- */
-LSerror :: defineError('LSauthCAS_01',
-_("LSauthCAS : Failed to load phpCAS.")
-);
-?>
+++ /dev/null
-<?php
-/*******************************************************************************
- * Copyright (C) 2007 Easter-eggs
- * http://ldapsaisie.labs.libre-entreprise.org
- *
- * Author: See AUTHORS file in top-level directory.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License version 2
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-
-******************************************************************************/
-
-/**
- * Gestion de l'authentification d'un utilisateur suite à une authentification
- * HTTP
- *
- * @author Benjamin Renard <brenard@easter-eggs.com>
- */
-class LSauthHTTP extends LSauth {
-
- var $params = array (
- 'displayLoginForm' => false,
- 'displayLogoutBtn' => false
- );
-
- /**
- * Check Post Data
- *
- * @retval array|False Array of post data if exist or False
- **/
- public function getPostData() {
- if (isset($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_USER'])) {
- $this -> authData = array(
- 'username' => $_SERVER['PHP_AUTH_USER'],
- 'password' => $_SERVER['PHP_AUTH_PW'],
- 'ldapserver' => $_REQUEST['LSsession_ldapserver'],
- 'topDn' => $_REQUEST['LSsession_topDn']
- );
- return true;
- }
- return;
- }
-
- /**
- * Check user login
- *
- * @param[in] $username The username
- * @param[in] $password The password
- *
- * @retval LSldapObject|false The LSldapObject of the user authificated or false
- */
- public function authenticate() {
- if (LSsession :: loadLSobject(LSsession :: $ldapServer['authObjectType'])) {
- $authobject = new LSsession :: $ldapServer['authObjectType']();
- $result = $authobject -> searchObject(
- $this -> authData['username'],
- LSsession :: getTopDn(),
- LSsession :: $ldapServer['authObjectFilter']
- );
- $nbresult=count($result);
-
- if ($nbresult==0) {
- // identifiant incorrect
- LSdebug('identifiant incorrect');
- LSerror :: addErrorCode('LSauth_01');
- }
- else if ($nbresult>1) {
- // duplication d'authentité
- LSerror :: addErrorCode('LSauth_02');
- }
- else {
- // Authentication succeeded
- return $result[0];
- }
- }
- else {
- LSerror :: addErrorCode('LSauth_03');
- }
- return;
- }
-
-}
-?>
--- /dev/null
+<?php
+/*******************************************************************************
+ * Copyright (C) 2007 Easter-eggs
+ * http://ldapsaisie.labs.libre-entreprise.org
+ *
+ * Author: See AUTHORS file in top-level directory.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+******************************************************************************/
+
+/**
+ * Base of a authentication provider for LSauth
+ *
+ * @author Benjamin Renard <brenard@easter-eggs.com>
+ */
+class LSauthMethod {
+
+ var $authData = array();
+
+ function LSauthMethod() {
+ // Load config
+ LSsession :: includeFile(LS_CONF_DIR."LSauth/config.".get_class($this).".php");
+ LSdebug(LS_CONF_DIR."LSauth/config.".get_class($this).".php");
+ return true;
+ }
+
+ /**
+ * Check Auth Data
+ *
+ * Return authentication data or false
+ *
+ * @retval Array|false Array of authentication data or False
+ **/
+ public function getAuthData() {
+ // Do nothing in the standard LSauthMethod class
+ // This method have to define $this -> authData['username']
+ return false;
+ }
+
+ /**
+ * Check authentication
+ *
+ * @retval LSldapObject|false The LSldapObject of the user authificated or false
+ */
+ public function authenticate() {
+ if (LSsession :: loadLSobject(LSsession :: $ldapServer['authObjectType'])) {
+ $authobject = new LSsession :: $ldapServer['authObjectType']();
+ $result = $authobject -> searchObject(
+ $this -> authData['username'],
+ LSsession :: getTopDn(),
+ LSsession :: $ldapServer['authObjectFilter']
+ );
+ $nbresult=count($result);
+
+ if ($nbresult==0) {
+ // incorrect login
+ LSdebug('identifiant incorrect');
+ LSerror :: addErrorCode('LSauth_01');
+ }
+ else if ($nbresult>1) {
+ // duplication of identity
+ LSerror :: addErrorCode('LSauth_02');
+ }
+ else {
+ return $result[0];
+ }
+ }
+ else {
+ LSerror :: addErrorCode('LSauth_03');
+ }
+ return;
+ }
+
+ /**
+ * Logout
+ *
+ * @retval boolean True on success or False
+ **/
+ public function logout() {
+ // Do nothing in the standard LSauthMethod class
+ return true;
+ }
+
+}
+
+?>
--- /dev/null
+<?php
+/*******************************************************************************
+ * Copyright (C) 2007 Easter-eggs
+ * http://ldapsaisie.labs.libre-entreprise.org
+ *
+ * Author: See AUTHORS file in top-level directory.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+******************************************************************************/
+
+/**
+ * CAS Authentication provider for LSauth
+ *
+ * @author Benjamin Renard <brenard@easter-eggs.com>
+ */
+class LSauthMethod_CAS extends LSauthMethod {
+
+ function LSauthMethod_CAS() {
+ LSauth :: disableLoginForm();
+
+ if (!parent :: LSauthMethod())
+ return;
+
+ if (LSsession :: includeFile(PHP_CAS_PATH)) {
+ if (defined('PHP_CAS_DEBUG_FILE')) {
+ phpCAS::setDebug(PHP_CAS_DEBUG_FILE);
+ }
+ phpCAS::client(constant(LSAUTH_CAS_VERSION),LSAUTH_CAS_SERVER_HOSTNAME,LSAUTH_CAS_SERVER_PORT,LSAUTH_CAS_SERVER_URI,false);
+ if (LSAUTH_CAS_SERVER_NO_SSL_VALIDATION) {
+ phpCAS::setNoCasServerValidation();
+ }
+
+ if (defined(LSAUTH_CAS_SERVER_SSL_CERT)) {
+ phpCAS::setCasServerCert(LSAUTH_CAS_SERVER_SSL_CERT);
+ }
+
+ if (defined(LSAUTH_CAS_SERVER_SSL_CACERT)) {
+ phpCAS::setCasServerCACert(LSAUTH_CAS_SERVER_SSL_CACERT);
+ }
+
+ if (LSAUTH_CAS_DISABLE_LOGOUT) {
+ LSauth :: disableLogoutBtn();
+ }
+
+ return true;
+ }
+ else {
+ LSerror :: addErrorCode('LSauthMethod_CAS_01');
+ }
+ return false;
+ }
+
+ /**
+ * Check Auth Data
+ *
+ * Return authentication data or false
+ *
+ * @retval Array|false Array of authentication data or False
+ **/
+ public function getAuthData() {
+
+ if (class_exists('phpCAS')) {
+
+ // Launch Auth
+ phpCAS::forceAuthentication();
+
+ $this -> authData = array(
+ 'username' => phpCAS::getUser()
+ );
+ return $this -> authData;
+ }
+ return;
+ }
+
+ /**
+ * Logout
+ *
+ * @retval boolean True on success or False
+ **/
+ public function logout() {
+ if(class_exists('phpCAS')) {
+ if (LSauth :: displayLogoutBtn()) {
+ phpCAS :: forceAuthentication();
+ phpCAS :: logout();
+ return true;
+ }
+ }
+ return;
+ }
+
+}
+/*
+ * Error Codes
+ */
+LSerror :: defineError('LSauthMethod_CAS_01',
+_("LSauthMethod_CAS : Failed to load phpCAS.")
+);
+?>
--- /dev/null
+<?php
+/*******************************************************************************
+ * Copyright (C) 2007 Easter-eggs
+ * http://ldapsaisie.labs.libre-entreprise.org
+ *
+ * Author: See AUTHORS file in top-level directory.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+******************************************************************************/
+
+LSsession :: loadLSclass('LSauthMethod_basic');
+
+/**
+ * HTTP Authentication provider for LSauth
+ *
+ * @author Benjamin Renard <brenard@easter-eggs.com>
+ */
+class LSauthMethod_HTTP extends LSauthMethod_basic {
+
+ function LSauthMethod_HTTP() {
+ LSauth :: disableLoginForm();
+ LSauth :: disableLogoutBtn();
+ return parent :: LSauthMethod_basic();
+ }
+
+ /**
+ * Check Auth Data
+ *
+ * Return authentication data or false
+ *
+ * @retval Array|false Array of authentication data or False
+ **/
+ public function getAuthData() {
+ if (isset($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_USER'])) {
+ $this -> authData = array(
+ 'username' => $_SERVER['PHP_AUTH_USER'],
+ 'password' => $_SERVER['PHP_AUTH_PW']
+ );
+ return $this -> authData;
+ }
+ return;
+ }
+
+}
+
+?>
--- /dev/null
+<?php
+/*******************************************************************************
+ * Copyright (C) 2007 Easter-eggs
+ * http://ldapsaisie.labs.libre-entreprise.org
+ *
+ * Author: See AUTHORS file in top-level directory.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+******************************************************************************/
+
+/**
+ * Basic authentication provider for LSauth
+ *
+ * @author Benjamin Renard <brenard@easter-eggs.com>
+ */
+class LSauthMethod_basic extends LSauthMethod {
+
+ /**
+ * Check Auth Data
+ *
+ * Return authentication data or false
+ *
+ * @retval Array|false Array of authentication data or False
+ **/
+ public function getAuthData() {
+ if (isset($_POST['LSauth_user']) && !empty($_POST['LSauth_user'])) {
+ $this -> authData = array(
+ 'username' => $_POST['LSauth_user'],
+ 'password' => (isset($_POST['LSauth_pwd'])?$_POST['LSauth_pwd']:'')
+ );
+ return $this -> authData;
+ }
+ return;
+ }
+
+ /**
+ * Check authentication
+ *
+ * @retval LSldapObject|false The LSldapObject of the user authificated or false
+ */
+ public function authenticate() {
+ $authobject = parent :: authenticate();
+ if ($authobject) {
+ if ( $this -> checkUserPwd($authobject,$this -> authData['password']) ) {
+ // Authentication succeeded
+ return $authobject;
+ }
+ else {
+ LSerror :: addErrorCode('LSauth_01');
+ LSdebug('mdp incorrect');
+ }
+ }
+ return;
+ }
+
+ /**
+ * Test un couple LSobject/pwd
+ *
+ * Test un bind sur le serveur avec le dn de l'objet et le mot de passe fourni.
+ *
+ * @param[in] LSobject L'object "user" pour l'authentification
+ * @param[in] string Le mot de passe à tester
+ *
+ * @retval boolean True si l'authentification a reussi, false sinon.
+ **/
+ public static function checkUserPwd($object,$pwd) {
+ return LSldap :: checkBind($object -> getValue('dn'),$pwd);
+ }
+
+}
+
+?>
// Les droits d'accès de l'utilisateur
private static $LSaccess = array();
- // Authentification parameters
- private static $authParams = array();
-
// Les fichiers temporaires
private static $tmp_file = array();
/**
* Chargement d'une classe d'authentification d'LdapSaisie
*
- * @param[in] $auth Nom de la classe d'authentification a charger (Exemple : HTTP)
- *
* @author Benjamin Renard <brenard@easter-eggs.com
*
* @retval boolean true si le chargement a reussi, false sinon.
*/
- public static function loadLSauth($auth=false) {
+ public static function loadLSauth() {
if (self :: loadLSclass('LSauth')) {
- if ($auth) {
- if(self :: includeFile(LS_CLASS_DIR .'class.LSauth'.$auth.'.php')) {
- self :: includeFile(LS_CONF_DIR."LSauth/config.LSauth".$auth.".php");
- return true;
- }
- }
- else {
- return true;
- }
+ return true;
}
else {
LSerror :: addErrorCode('LSsession_05','LSauth');
self :: startLSerror();
self :: loadLSaddons();
+ self :: loadLSauth();
return true;
}
}
if(isset($_SESSION['LSsession']['dn']) && !isset($_GET['LSsession_recoverPassword'])) {
- // Session existante
+ LSdebug('LSsession : Session existente');
+ // --------------------- Session existante --------------------- //
self :: $topDn = $_SESSION['LSsession']['topDn'];
self :: $dn = $_SESSION['LSsession']['dn'];
self :: $rdn = $_SESSION['LSsession']['rdn'];
self :: $ldapServerId = $_SESSION['LSsession']['ldapServerId'];
self :: $tmp_file = $_SESSION['LSsession']['tmp_file'];
- self :: $authParams = $_SESSION['LSsession']['authParams'];
if ( self :: cacheLSprofiles() && !isset($_REQUEST['LSsession_refresh']) ) {
self :: setLdapServer(self :: $ldapServerId);
+ if (!LSauth :: start()) {
+ LSdebug("LSsession : can't start LSauth -> stop");
+ return;
+ }
self :: $LSprofiles = $_SESSION['LSsession']['LSprofiles'];
self :: $LSaccess = $_SESSION['LSsession']['LSaccess'];
if (!self :: LSldapConnect())
}
else {
self :: setLdapServer(self :: $ldapServerId);
+ if (!LSauth :: start()) {
+ LSdebug("LSsession : can't start LSauth -> stop");
+ return;
+ }
if (!self :: LSldapConnect())
return;
self :: loadLSprofiles();
}
if (isset($_GET['LSsession_logout'])) {
- $authObj = self :: getLSauthObject();
- if ($authObj) {
- $authObj -> logout();
- }
+ LSauth :: logout();
session_destroy();
if (is_array($_SESSION['LSsession']['tmp_file'])) {
return;
}
- self :: getLSuserObject();
-
if ( !self :: cacheLSprofiles() || isset($_REQUEST['LSsession_refresh']) ) {
self :: loadLSaccess();
}
}
else {
+ // --------------------- Session inexistante --------------------- //
if (isset($_GET['LSsession_recoverPassword'])) {
session_destroy();
}
self :: $topDn = self :: $ldapServer['ldap_config']['basedn'];
}
$_SESSION['LSsession_topDn']=self :: $topDn;
-
+
+ if (!LSauth :: start()) {
+ LSdebug("LSsession : can't start LSauth -> stop");
+ return;
+ }
+
if (isset($_GET['LSsession_recoverPassword'])) {
$recoveryPasswordInfos = self :: recoverPasswd(
$_REQUEST['LSsession_user'],
);
}
else {
- $authObj=self :: getLSauthObject();
- if ($authObj) {
- if ($authObj -> getPostData()) {
- $LSuserObject = $authObj -> authenticate();
- if ($LSuserObject) {
- // Authentication successful
- self :: $LSuserObject = $LSuserObject;
- self :: $dn = $LSuserObject->getValue('dn');
- self :: $rdn = $LSuserObject->getValue('rdn');
- self :: loadLSprofiles();
- self :: loadLSaccess();
- $GLOBALS['Smarty'] -> assign('LSsession_username',self :: getLSuserObject() -> getDisplayName());
- $_SESSION['LSsession']=self :: getContextInfos();
- return true;
- }
- }
+ $LSuserObject = LSauth :: forceAuthentication();
+ if ($LSuserObject) {
+ // Authentication successful
+ self :: $LSuserObject = $LSuserObject;
+ self :: $dn = $LSuserObject->getValue('dn');
+ self :: $rdn = $LSuserObject->getValue('rdn');
+ self :: loadLSprofiles();
+ self :: loadLSaccess();
+ $GLOBALS['Smarty'] -> assign('LSsession_username',self :: getLSuserObject() -> getDisplayName());
+ $_SESSION['LSsession']=self :: getContextInfos();
+ return true;
}
}
}
if (isset($_GET['LSsession_recoverPassword'])) {
self :: displayRecoverPasswordForm($recoveryPasswordInfos);
}
- elseif(self :: $authParams['displayLoginForm']) {
+ elseif(LSauth :: displayLoginForm()) {
self :: displayLoginForm();
}
else {
return;
}
}
-
- /**
- * Get LSauthObject
- *
- * @retval LSauth object or false
- **/
- private static function getLSauthObject() {
- if (!self :: $LSauthObject) {
- if (self :: loadLSauth()) {
- if (isset(self :: $ldapServer['LSauth']['method'])) {
- $LSauthClass = 'LSauth'.self :: $ldapServer['LSauth']['method'];
- if (!self :: loadLSauth(self :: $ldapServer['LSauth']['method'])) {
- LSerror :: addErrorCode('LSsession_08',self :: $ldapServer['LSauth']['method']);
- $LSauthClass = 'LSauth';
- }
- }
- else {
- $LSauthClass = 'LSauth';
- }
-
- self :: $LSauthObject = new $LSauthClass();
- self :: $authParams = self :: $LSauthObject->params;
- }
- }
- return self :: $LSauthObject;
- }
/**
* Do recover password
'ldapServerId' => self :: $ldapServerId,
'ldapServer' => self :: $ldapServer,
'LSprofiles' => self :: $LSprofiles,
- 'LSaccess' => self :: $LSaccess,
- 'authParams' => self :: $authParams
+ 'LSaccess' => self :: $LSaccess
);
}
$GLOBALS['Smarty'] -> assign('LSencoding',self :: $encoding);
$GLOBALS['Smarty'] -> assign('lang_label',_('Language'));
- $GLOBALS['Smarty'] -> assign('displayLogoutBtn',self :: $authParams['displayLogoutBtn']);
+ $GLOBALS['Smarty'] -> assign('displayLogoutBtn',LSauth :: displayLogoutBtn());
// Infos
if((!empty($_SESSION['LSsession_infos']))&&(is_array($_SESSION['LSsession_infos']))) {
<dt class='loginform-level' id='LSsession_topDn_label' {$loginform_ldapserver_style}>{$loginform_label_level}</dt>
<dd class='loginform-level' {$loginform_ldapserver_style}><select name='LSsession_topDn' id='LSsession_topDn'>{html_options values=$loginform_topdn_index output=$loginform_topdn_name selected=$topDn}</select></dd>
<dt>{$loginform_label_user}</dt>
- <dd><input type='text' name='LSsession_user' /></dd>
+ <dd><input type='text' name='LSauth_user' /></dd>
<dt>{$loginform_label_pwd}</dt>
- <dd><input type='password' name='LSsession_pwd' /></dd>
+ <dd><input type='password' name='LSauth_pwd' /></dd>
<dt class='LSlang_hidden'>{$lang_label}</dt>
<dd class='LSlang_hidden'>
<select name='lang'>