| [ Index ] |
PHP Cross Reference of DokuWiki |
[Source view] [Print] [Project Stats]
Authentication library Including this file will automatically try to login a user by calling auth_login()
| Author: | Andreas Gohr |
| License: | GPL 2 (http://www.gnu.org/licenses/gpl.html) |
| File Size: | 1401 lines (42 kb) |
| Included or required: | 0 times |
| Referenced: | 0 times |
| Includes or requires: | 0 files |
| auth_setup() X-Ref |
| Initialize the auth system. This function is automatically called at the end of init.php This used to be the main() of the auth.php triggers: AUTH_LOGIN_CHECK return: bool |
| auth_loadACL() X-Ref |
| Loads the ACL setup and handle user wildcards author: Andreas Gohr <andi@splitbrain.org> return: array |
| auth_tokenlogin() X-Ref |
| Try a token login return: bool true if token login succeeded |
| auth_login_wrapper($evdata) X-Ref |
| Event hook callback for AUTH_LOGIN_CHECK param: array $evdata return: bool |
| auth_login($user, $pass, $sticky = false, $silent = false) X-Ref |
| This tries to login the user based on the sent auth credentials The authentication works like this: if a username was given a new login is assumed and user/password are checked. If they are correct the password is encrypted with blowfish and stored together with the username in a cookie - the same info is stored in the session, too. Additonally a browserID is stored in the session. If no username was given the cookie is checked: if the username, crypted password and browserID match between session and cookie no further testing is done and the user is accepted If a cookie was found but no session info was availabe the blowfish encrypted password from the cookie is decrypted and together with username rechecked by calling this function again. On a successful login $_SERVER[REMOTE_USER] and $USERINFO are set. param: string $user Username param: string $pass Cleartext Password param: bool $sticky Cookie should not expire param: bool $silent Don't show error on bad auth author: Andreas Gohr <andi@splitbrain.org> return: bool true on successful auth |
| auth_browseruid() X-Ref |
| Builds a pseudo UID from browser and IP data This is neither unique nor unfakable - still it adds some security. Using the first part of the IP makes sure proxy farms like AOLs are still okay. author: Andreas Gohr <andi@splitbrain.org> return: string a SHA256 sum of various browser headers |
| auth_cookiesalt($addsession = false, $secure = false) X-Ref |
| Creates a random key to encrypt the password in cookies This function tries to read the password for encrypting cookies from $conf['metadir'].'/_htcookiesalt' if no such file is found a random key is created and and stored in this file. param: bool $addsession if true, the sessionid is added to the salt param: bool $secure if security is more important than keeping the old value author: Andreas Gohr <andi@splitbrain.org> return: string |
| auth_randombytes($length) X-Ref |
| Return cryptographically secure random bytes. param: int $length number of bytes author: Niklas Keller <me@kelunik.com> return: string cryptographically secure random bytes |
| auth_random($min, $max) X-Ref |
| Cryptographically secure random number generator. param: int $min param: int $max author: Niklas Keller <me@kelunik.com> return: int |
| auth_encrypt($data, $secret) X-Ref |
| Encrypt data using the given secret using AES The mode is CBC with a random initialization vector, the key is derived using pbkdf2. param: string $data The data that shall be encrypted param: string $secret The secret/password that shall be used return: string The ciphertext |
| auth_decrypt($ciphertext, $secret) X-Ref |
| Decrypt the given AES ciphertext The mode is CBC, the key is derived using pbkdf2 param: string $ciphertext The encrypted data param: string $secret The secret/password that shall be used return: string|null The decrypted data |
| auth_logoff($keepbc = false) X-Ref |
| Log out the current user This clears all authentication data and thus log the user off. It also clears session data. param: bool $keepbc - when true, the breadcrumb data is not cleared author: Andreas Gohr <andi@splitbrain.org> |
| auth_ismanager($user = null, $groups = null, $adminonly = false, $recache = false) X-Ref |
| Check if a user is a manager Should usually be called without any parameters to check the current user. The info is available through $INFO['ismanager'], too see: auth_isadmin param: string $user Username param: array $groups List of groups the user is in param: bool $adminonly when true checks if user is admin param: bool $recache set to true to refresh the cache author: Andreas Gohr <andi@splitbrain.org> return: bool |
| auth_isadmin($user = null, $groups = null, $recache = false) X-Ref |
| Check if a user is admin Alias to auth_ismanager with adminonly=true The info is available through $INFO['isadmin'], too see: auth_ismanager() param: string $user Username param: array $groups List of groups the user is in param: bool $recache set to true to refresh the cache author: Andreas Gohr <andi@splitbrain.org> return: bool |
| auth_isMember($memberlist, $user, array $groups) X-Ref |
| Match a user and his groups against a comma separated list of users and groups to determine membership status Note: all input should NOT be nameencoded. param: string $memberlist commaseparated list of allowed users and groups param: string $user user to match against param: array $groups groups the user is member of return: bool true for membership acknowledged |
| auth_quickaclcheck($id) X-Ref |
| Convinience function for auth_aclcheck() This checks the permissions for the current user param: string $id page ID (needs to be resolved and cleaned) author: Andreas Gohr <andi@splitbrain.org> return: int permission level |
| auth_aclcheck($id, $user, $groups) X-Ref |
| Returns the maximum rights a user has for the given ID or its namespace param: string $id page ID (needs to be resolved and cleaned) param: string $user Username param: array|null $groups Array of groups the user is in triggers: AUTH_ACL_CHECK author: Andreas Gohr <andi@splitbrain.org> return: int permission level |
| auth_aclcheck_cb($data) X-Ref |
| default ACL check method DO NOT CALL DIRECTLY, use auth_aclcheck() instead param: array $data event data author: Andreas Gohr <andi@splitbrain.org> return: int permission level |
| auth_nameencode($name, $skip_group = false) X-Ref |
| Encode ASCII special chars Some auth backends allow special chars in their user and groupnames The special chars are encoded with this function. Only ASCII chars are encoded UTF-8 multibyte are left as is (different from usual urlencoding!). Decoding can be done with rawurldecode see: rawurldecode() param: string $name param: bool $skip_group author: Andreas Gohr <gohr@cosmocode.de> return: string |
| auth_nameencode_callback($matches) X-Ref |
| callback encodes the matches param: array $matches first complete match, next matching subpatterms return: string |
| auth_pwgen($foruser = '') X-Ref |
| Create a pronouncable password The $foruser variable might be used by plugins to run additional password policy checks, but is not used by the default implementation link: http://www.phpbuilder.com/annotate/message.php3?id=1014451 param: string $foruser username for which the password is generated triggers: AUTH_PASSWORD_GENERATE author: Andreas Gohr <andi@splitbrain.org> return: string pronouncable password |
| auth_sendPassword($user, $password) X-Ref |
| Sends a password to the given user param: string $user Login name of the user param: string $password The new password in clear text author: Andreas Gohr <andi@splitbrain.org> return: bool true on success |
| register() X-Ref |
| Register a new user This registers a new user - Data is read directly from $_POST author: Andreas Gohr <andi@splitbrain.org> return: bool true on success, false on any error |
| updateprofile() X-Ref |
| Update user profile author: Christopher Smith <chris@jalakai.co.uk> |
| auth_deleteprofile() X-Ref |
| Delete the current logged-in user return: bool true on success, false on any error |
| act_resendpwd() X-Ref |
| Send a new password This function handles both phases of the password reset: - handling the first request of password reset - validating the password reset auth token author: Andreas Gohr <andi@splitbrain.org> author: Benoit Chesneau <benoit@bchesneau.info> author: Chris Smith <chris@jalakai.co.uk> return: bool true on success, false on any error |
| auth_cryptPassword($clear, $method = '', $salt = null) X-Ref |
| Encrypts a password using the given method and salt If the selected method needs a salt and none was given, a random one is chosen. param: string $clear The clear text password param: string $method The hashing method param: string $salt A salt, null for random author: Andreas Gohr <andi@splitbrain.org> return: string The crypted password |
| auth_verifyPassword($clear, $crypt) X-Ref |
| Verifies a cleartext password against a crypted hash param: string $clear The clear text password param: string $crypt The hash to compare with author: Andreas Gohr <andi@splitbrain.org> return: bool true if both match |
| auth_setCookie($user, $pass, $sticky) X-Ref |
| Set the authentication cookie and add user identification data to the session param: string $user username param: string $pass encrypted password param: bool $sticky whether or not the cookie will last beyond the session return: bool |
| auth_getCookie() X-Ref |
| Returns the user, (encrypted) password and sticky bit from cookie returns: array |