[ Index ]

PHP Cross Reference of DokuWiki

title

Body

[close]

/inc/ -> auth.php (summary)

[Source view] [Print] [Project Stats]

Authentication library Including this file will automatically try to login a user by calling auth_login()

Author: Andreas Gohr
License: GPL 2 (http://www.gnu.org/licenses/gpl.html)
File Size: 1043 lines (32 kb)
Included or required: 2 times
Referenced: 0 times
Includes or requires: 1 file
 inc/auth/basic.class.php

Defines 24 functions

  auth_setup()
  auth_loadACL()
  auth_login_wrapper()
  auth_login()
  auth_validateToken()
  auth_createToken()
  auth_browseruid()
  auth_cookiesalt()
  auth_logoff()
  auth_ismanager()
  auth_isadmin()
  auth_isMember()
  auth_quickaclcheck()
  auth_aclcheck()
  auth_nameencode()
  auth_pwgen()
  auth_sendPassword()
  register()
  updateprofile()
  act_resendpwd()
  auth_cryptPassword()
  auth_verifyPassword()
  auth_setCookie()
  auth_getCookie()

Functions
Functions that are not part of a class:

auth_setup()   X-Ref
Initialize the auth system.

This function is automatically called at the end of init.php

This used to be the main() of the auth.php


auth_loadACL()   X-Ref
Loads the ACL setup and handle user wildcards

returns: array
author: Andreas Gohr <andi@splitbrain.org>

auth_login_wrapper($evdata)   X-Ref
No description

auth_login($user,$pass,$sticky=false,$silent=false)   X-Ref
This tries to login the user based on the sent auth credentials

The authentication works like this: if a username was given
a new login is assumed and user/password are checked. If they
are correct the password is encrypted with blowfish and stored
together with the username in a cookie - the same info is stored
in the session, too. Additonally a browserID is stored in the
session.

If no username was given the cookie is checked: if the username,
crypted password and browserID match between session and cookie
no further testing is done and the user is accepted

If a cookie was found but no session info was availabe the
blowfish encrypted password from the cookie is decrypted and
together with username rechecked by calling this function again.

On a successful login $_SERVER[REMOTE_USER] and $USERINFO
are set.

author: Andreas Gohr <andi@splitbrain.org>
param: string  $user    Username
param: string  $pass    Cleartext Password
param: bool    $sticky  Cookie should not expire
param: bool    $silent  Don't show error on bad auth
return: bool             true on successful auth

auth_validateToken($token)   X-Ref
Checks if a given authentication token was stored in the session

Will setup authentication data using data from the session if the
token is correct. Will exit with a 401 Status if not.

author: Andreas Gohr <andi@splitbrain.org>
param: string $token The authentication token
return: boolean true (or will exit on failure)

auth_createToken()   X-Ref
Create an auth token and store it in the session

NOTE: this is completely unrelated to the getSecurityToken() function

author: Andreas Gohr <andi@splitbrain.org>
return: string The auth token

auth_browseruid()   X-Ref
Builds a pseudo UID from browser and IP data

This is neither unique nor unfakable - still it adds some
security. Using the first part of the IP makes sure
proxy farms like AOLs are stil okay.

author: Andreas Gohr <andi@splitbrain.org>
return: string  a MD5 sum of various browser headers

auth_cookiesalt($addsession=false)   X-Ref
Creates a random key to encrypt the password in cookies

This function tries to read the password for encrypting
cookies from $conf['metadir'].'/_htcookiesalt'
if no such file is found a random key is created and
and stored in this file.

author: Andreas Gohr <andi@splitbrain.org>
param: bool $addsession if true, the sessionid is added to the salt
return: string

auth_logoff($keepbc=false)   X-Ref
Log out the current user

This clears all authentication data and thus log the user
off. It also clears session data.

author: Andreas Gohr <andi@splitbrain.org>
param: bool $keepbc - when true, the breadcrumb data is not cleared

auth_ismanager($user=null,$groups=null,$adminonly=false)   X-Ref
Check if a user is a manager

Should usually be called without any parameters to check the current
user.

The info is available through $INFO['ismanager'], too

author: Andreas Gohr <andi@splitbrain.org>
param: string user      - Username
param: array  groups    - List of groups the user is in
param: bool   adminonly - when true checks if user is admin
see: auth_isadmin

auth_isadmin($user=null,$groups=null)   X-Ref
Check if a user is admin

Alias to auth_ismanager with adminonly=true

The info is available through $INFO['isadmin'], too

author: Andreas Gohr <andi@splitbrain.org>
see: auth_ismanager

auth_isMember($memberlist,$user,array $groups)   X-Ref
Match a user and his groups against a comma separated list of
users and groups to determine membership status

Note: all input should NOT be nameencoded.

param: $memberlist string commaseparated list of allowed users and groups
param: $user       string user to match against
param: $groups     array  groups the user is member of
return: bool       true for membership acknowledged

auth_quickaclcheck($id)   X-Ref
Convinience function for auth_aclcheck()

This checks the permissions for the current user

author: Andreas Gohr <andi@splitbrain.org>
param: string  $id  page ID (needs to be resolved and cleaned)
return: int          permission level

auth_aclcheck($id,$user,$groups)   X-Ref
Returns the maximum rights a user has for
the given ID or its namespace

author: Andreas Gohr <andi@splitbrain.org>
param: string  $id     page ID (needs to be resolved and cleaned)
param: string  $user   Username
param: array   $groups Array of groups the user is in
return: int             permission level

auth_nameencode($name,$skip_group=false)   X-Ref
Encode ASCII special chars

Some auth backends allow special chars in their user and groupnames
The special chars are encoded with this function. Only ASCII chars
are encoded UTF-8 multibyte are left as is (different from usual
urlencoding!).

Decoding can be done with rawurldecode

author: Andreas Gohr <gohr@cosmocode.de>
see: rawurldecode()

auth_pwgen()   X-Ref
Create a pronouncable password

link: http://www.phpbuilder.com/annotate/message.php3?id=1014451
author: Andreas Gohr <andi@splitbrain.org>
return: string  pronouncable password

auth_sendPassword($user,$password)   X-Ref
Sends a password to the given user

author: Andreas Gohr <andi@splitbrain.org>
return: bool  true on success

register()   X-Ref
Register a new user

This registers a new user - Data is read directly from $_POST

author: Andreas Gohr <andi@splitbrain.org>
return: bool  true on success, false on any error

updateprofile()   X-Ref
Update user profile

author: Christopher Smith <chris@jalakai.co.uk>

act_resendpwd()   X-Ref
Send a  new password

This function handles both phases of the password reset:

- handling the first request of password reset
- validating the password reset auth token

author: Benoit Chesneau <benoit@bchesneau.info>
author: Chris Smith <chris@jalakai.co.uk>
author: Andreas Gohr <andi@splitbrain.org>
return: bool true on success, false on any error

auth_cryptPassword($clear,$method='',$salt=null)   X-Ref
Encrypts a password using the given method and salt

If the selected method needs a salt and none was given, a random one
is chosen.

author: Andreas Gohr <andi@splitbrain.org>
return: string  The crypted password

auth_verifyPassword($clear,$crypt)   X-Ref
Verifies a cleartext password against a crypted hash

author: Andreas Gohr <andi@splitbrain.org>
return: bool

auth_setCookie($user,$pass,$sticky)   X-Ref
Set the authentication cookie and add user identification data to the session

param: string  $user       username
param: string  $pass       encrypted password
param: bool    $sticky     whether or not the cookie will last beyond the session

auth_getCookie()   X-Ref
Returns the user, (encrypted) password and sticky bit from cookie

returns: array


Generated: Wed May 23 03:00:10 2012 Cross-referenced by PHPXref 0.7
WikiForumIRCBugsGitXRefTranslate