[ Index ]

PHP Cross Reference of DokuWiki

title

Body

[close]

/inc/ -> auth.php (summary)

[Source view] [Print] [Project Stats]

Authentication library Including this file will automatically try to login a user by calling auth_login()

Author: Andreas Gohr
License: GPL 2 (http://www.gnu.org/licenses/gpl.html)
File Size: 1095 lines (35 kb)
Included or required: 8 times
Referenced: 0 times
Includes or requires: 1 file
 inc/auth/basic.class.php

Defines 22 functions

  auth_setup()
  auth_login_wrapper()
  auth_login()
  auth_validateToken()
  auth_createToken()
  auth_browseruid()
  auth_cookiesalt()
  auth_logoff()
  auth_ismanager()
  auth_isadmin()
  auth_quickaclcheck()
  auth_aclcheck()
  auth_nameencode()
  auth_pwgen()
  auth_sendPassword()
  register()
  updateprofile()
  act_resendpwd()
  auth_cryptPassword()
  auth_verifyPassword()
  auth_setCookie()
  auth_getCookie()

Functions
Functions that are not part of a class:

auth_setup()   X-Ref
Initialize the auth system.

This function is automatically called at the end of init.php

This used to be the main() of the auth.php


auth_login_wrapper($evdata)   X-Ref
No description

auth_login($user,$pass,$sticky=false,$silent=false)   X-Ref
This tries to login the user based on the sent auth credentials

The authentication works like this: if a username was given
a new login is assumed and user/password are checked. If they
are correct the password is encrypted with blowfish and stored
together with the username in a cookie - the same info is stored
in the session, too. Additonally a browserID is stored in the
session.

If no username was given the cookie is checked: if the username,
crypted password and browserID match between session and cookie
no further testing is done and the user is accepted

If a cookie was found but no session info was availabe the
blowfish encrypted password from the cookie is decrypted and
together with username rechecked by calling this function again.

On a successful login $_SERVER[REMOTE_USER] and $USERINFO
are set.

author: Andreas Gohr <andi@splitbrain.org>
param: string  $user    Username
param: string  $pass    Cleartext Password
param: bool    $sticky  Cookie should not expire
param: bool    $silent  Don't show error on bad auth
return: bool             true on successful auth

auth_validateToken($token)   X-Ref
Checks if a given authentication token was stored in the session

Will setup authentication data using data from the session if the
token is correct. Will exit with a 401 Status if not.

author: Andreas Gohr <andi@splitbrain.org>
param: string $token The authentication token
return: boolean true (or will exit on failure)

auth_createToken()   X-Ref
Create an auth token and store it in the session

NOTE: this is completely unrelated to the getSecurityToken() function

author: Andreas Gohr <andi@splitbrain.org>
return: string The auth token

auth_browseruid()   X-Ref
Builds a pseudo UID from browser and IP data

This is neither unique nor unfakable - still it adds some
security. Using the first part of the IP makes sure
proxy farms like AOLs are stil okay.

author: Andreas Gohr <andi@splitbrain.org>
return: string  a MD5 sum of various browser headers

auth_cookiesalt()   X-Ref
Creates a random key to encrypt the password in cookies

This function tries to read the password for encrypting
cookies from $conf['metadir'].'/_htcookiesalt'
if no such file is found a random key is created and
and stored in this file.

author: Andreas Gohr <andi@splitbrain.org>
return: string

auth_logoff($keepbc=false)   X-Ref
Log out the current user

This clears all authentication data and thus log the user
off. It also clears session data.

author: Andreas Gohr <andi@splitbrain.org>
param: bool $keepbc - when true, the breadcrumb data is not cleared

auth_ismanager($user=null,$groups=null,$adminonly=false)   X-Ref
Check if a user is a manager

Should usually be called without any parameters to check the current
user.

The info is available through $INFO['ismanager'], too

author: Andreas Gohr <andi@splitbrain.org>
param: string user      - Username
param: array  groups    - List of groups the user is in
param: bool   adminonly - when true checks if user is admin
see: auth_isadmin

auth_isadmin($user=null,$groups=null)   X-Ref
Check if a user is admin

Alias to auth_ismanager with adminonly=true

The info is available through $INFO['isadmin'], too

author: Andreas Gohr <andi@splitbrain.org>
see: auth_ismanager

auth_quickaclcheck($id)   X-Ref
Convinience function for auth_aclcheck()

This checks the permissions for the current user

author: Andreas Gohr <andi@splitbrain.org>
param: string  $id  page ID (needs to be resolved and cleaned)
return: int          permission level

auth_aclcheck($id,$user,$groups)   X-Ref
Returns the maximum rights a user has for
the given ID or its namespace

author: Andreas Gohr <andi@splitbrain.org>
param: string  $id     page ID (needs to be resolved and cleaned)
param: string  $user   Username
param: array   $groups Array of groups the user is in
return: int             permission level

auth_nameencode($name,$skip_group=false)   X-Ref
Encode ASCII special chars

Some auth backends allow special chars in their user and groupnames
The special chars are encoded with this function. Only ASCII chars
are encoded UTF-8 multibyte are left as is (different from usual
urlencoding!).

Decoding can be done with rawurldecode

author: Andreas Gohr <gohr@cosmocode.de>
see: rawurldecode()

auth_pwgen()   X-Ref
Create a pronouncable password

link: http://www.phpbuilder.com/annotate/message.php3?id=1014451
author: Andreas Gohr <andi@splitbrain.org>
return: string  pronouncable password

auth_sendPassword($user,$password)   X-Ref
Sends a password to the given user

author: Andreas Gohr <andi@splitbrain.org>
return: bool  true on success

register()   X-Ref
Register a new user

This registers a new user - Data is read directly from $_POST

author: Andreas Gohr <andi@splitbrain.org>
return: bool  true on success, false on any error

updateprofile()   X-Ref
Update user profile

author: Christopher Smith <chris@jalakai.co.uk>

act_resendpwd()   X-Ref
Send a  new password

This function handles both phases of the password reset:

- handling the first request of password reset
- validating the password reset auth token

author: Benoit Chesneau <benoit@bchesneau.info>
author: Chris Smith <chris@jalakai.co.uk>
author: Andreas Gohr <andi@splitbrain.org>
return: bool true on success, false on any error

auth_cryptPassword($clear,$method='',$salt=null)   X-Ref
Encrypts a password using the given method and salt

If the selected method needs a salt and none was given, a random one
is chosen.

The following methods are understood:

smd5  - Salted MD5 hashing
apr1  - Apache salted MD5 hashing
md5   - Simple MD5 hashing
sha1  - SHA1 hashing
ssha  - Salted SHA1 hashing
crypt - Unix crypt
mysql - MySQL password (old method)
my411 - MySQL 4.1.1 password
kmd5  - Salted MD5 hashing as used by UNB

author: Andreas Gohr <andi@splitbrain.org>
return: string  The crypted password

auth_verifyPassword($clear,$crypt)   X-Ref
Verifies a cleartext password against a crypted hash

The method and salt used for the crypted hash is determined automatically
then the clear text password is crypted using the same method. If both hashs
match true is is returned else false

author: Andreas Gohr <andi@splitbrain.org>
return: bool

auth_setCookie($user,$pass,$sticky)   X-Ref
Set the authentication cookie and add user identification data to the session

param: string  $user       username
param: string  $pass       encrypted password
param: bool    $sticky     whether or not the cookie will last beyond the session

auth_getCookie()   X-Ref
Returns the user, (encrypted) password and sticky bit from cookie

returns: array


Generated: Tue Feb 9 03:00:24 2010 Cross-referenced by PHPXref 0.7
WikiForumIRCBugsGitXRefTranslate