[ Index ] |
PHP Cross Reference of DokuWiki |
[Source view] [Print] [Project Stats]
Authentication library Including this file will automatically try to login a user by calling auth_login()
Author: | Andreas Gohr |
License: | GPL 2 (http://www.gnu.org/licenses/gpl.html) |
File Size: | 1287 lines (39 kb) |
Included or required: | 1 time |
Referenced: | 0 times |
Includes or requires: | 0 files |
auth_setup() X-Ref |
Initialize the auth system. This function is automatically called at the end of init.php This used to be the main() of the auth.php triggers: AUTH_LOGIN_CHECK return: bool |
auth_loadACL() X-Ref |
Loads the ACL setup and handle user wildcards author: Andreas Gohr <andi@splitbrain.org> return: array |
auth_login_wrapper($evdata) X-Ref |
Event hook callback for AUTH_LOGIN_CHECK param: array $evdata return: bool |
auth_login($user, $pass, $sticky = false, $silent = false) X-Ref |
This tries to login the user based on the sent auth credentials The authentication works like this: if a username was given a new login is assumed and user/password are checked. If they are correct the password is encrypted with blowfish and stored together with the username in a cookie - the same info is stored in the session, too. Additonally a browserID is stored in the session. If no username was given the cookie is checked: if the username, crypted password and browserID match between session and cookie no further testing is done and the user is accepted If a cookie was found but no session info was availabe the blowfish encrypted password from the cookie is decrypted and together with username rechecked by calling this function again. On a successful login $_SERVER[REMOTE_USER] and $USERINFO are set. author: Andreas Gohr <andi@splitbrain.org> param: string $user Username param: string $pass Cleartext Password param: bool $sticky Cookie should not expire param: bool $silent Don't show error on bad auth return: bool true on successful auth |
auth_browseruid() X-Ref |
Builds a pseudo UID from browser and IP data This is neither unique nor unfakable - still it adds some security. Using the first part of the IP makes sure proxy farms like AOLs are still okay. author: Andreas Gohr <andi@splitbrain.org> return: string a SHA256 sum of various browser headers |
auth_cookiesalt($addsession = false, $secure = false) X-Ref |
Creates a random key to encrypt the password in cookies This function tries to read the password for encrypting cookies from $conf['metadir'].'/_htcookiesalt' if no such file is found a random key is created and and stored in this file. author: Andreas Gohr <andi@splitbrain.org> param: bool $addsession if true, the sessionid is added to the salt param: bool $secure if security is more important than keeping the old value return: string |
auth_randombytes($length) X-Ref |
Return cryptographically secure random bytes. author: Niklas Keller <me@kelunik.com> param: int $length number of bytes return: string cryptographically secure random bytes |
auth_random($min, $max) X-Ref |
Cryptographically secure random number generator. author: Niklas Keller <me@kelunik.com> param: int $min param: int $max return: int |
auth_encrypt($data, $secret) X-Ref |
Encrypt data using the given secret using AES The mode is CBC with a random initialization vector, the key is derived using pbkdf2. param: string $data The data that shall be encrypted param: string $secret The secret/password that shall be used return: string The ciphertext |
auth_decrypt($ciphertext, $secret) X-Ref |
Decrypt the given AES ciphertext The mode is CBC, the key is derived using pbkdf2 param: string $ciphertext The encrypted data param: string $secret The secret/password that shall be used return: string The decrypted data |
auth_logoff($keepbc = false) X-Ref |
Log out the current user This clears all authentication data and thus log the user off. It also clears session data. author: Andreas Gohr <andi@splitbrain.org> param: bool $keepbc - when true, the breadcrumb data is not cleared |
auth_ismanager($user = null, $groups = null, $adminonly = false, $recache=false) X-Ref |
Check if a user is a manager Should usually be called without any parameters to check the current user. The info is available through $INFO['ismanager'], too author: Andreas Gohr <andi@splitbrain.org> param: string $user Username param: array $groups List of groups the user is in param: bool $adminonly when true checks if user is admin param: bool $recache set to true to refresh the cache see: auth_isadmin return: bool |
auth_isadmin($user = null, $groups = null, $recache=false) X-Ref |
Check if a user is admin Alias to auth_ismanager with adminonly=true The info is available through $INFO['isadmin'], too author: Andreas Gohr <andi@splitbrain.org> param: string $user Username param: array $groups List of groups the user is in param: bool $recache set to true to refresh the cache see: auth_ismanager() return: bool |
auth_isMember($memberlist, $user, array $groups) X-Ref |
Match a user and his groups against a comma separated list of users and groups to determine membership status Note: all input should NOT be nameencoded. param: string $memberlist commaseparated list of allowed users and groups param: string $user user to match against param: array $groups groups the user is member of return: bool true for membership acknowledged |
auth_quickaclcheck($id) X-Ref |
Convinience function for auth_aclcheck() This checks the permissions for the current user author: Andreas Gohr <andi@splitbrain.org> param: string $id page ID (needs to be resolved and cleaned) return: int permission level |
auth_aclcheck($id, $user, $groups) X-Ref |
Returns the maximum rights a user has for the given ID or its namespace author: Andreas Gohr <andi@splitbrain.org> param: string $id page ID (needs to be resolved and cleaned) param: string $user Username param: array|null $groups Array of groups the user is in triggers: AUTH_ACL_CHECK return: int permission level |
auth_aclcheck_cb($data) X-Ref |
default ACL check method DO NOT CALL DIRECTLY, use auth_aclcheck() instead author: Andreas Gohr <andi@splitbrain.org> param: array $data event data return: int permission level |
auth_nameencode($name, $skip_group = false) X-Ref |
Encode ASCII special chars Some auth backends allow special chars in their user and groupnames The special chars are encoded with this function. Only ASCII chars are encoded UTF-8 multibyte are left as is (different from usual urlencoding!). Decoding can be done with rawurldecode author: Andreas Gohr <gohr@cosmocode.de> param: string $name param: bool $skip_group see: rawurldecode() return: string |
auth_nameencode_callback($matches) X-Ref |
callback encodes the matches param: array $matches first complete match, next matching subpatterms return: string |
auth_pwgen($foruser = '') X-Ref |
Create a pronouncable password The $foruser variable might be used by plugins to run additional password policy checks, but is not used by the default implementation author: Andreas Gohr <andi@splitbrain.org> param: string $foruser username for which the password is generated link: http://www.phpbuilder.com/annotate/message.php3?id=1014451 triggers: AUTH_PASSWORD_GENERATE return: string pronouncable password |
auth_sendPassword($user, $password) X-Ref |
Sends a password to the given user author: Andreas Gohr <andi@splitbrain.org> param: string $user Login name of the user param: string $password The new password in clear text return: bool true on success |
register() X-Ref |
Register a new user This registers a new user - Data is read directly from $_POST author: Andreas Gohr <andi@splitbrain.org> return: bool true on success, false on any error |
updateprofile() X-Ref |
Update user profile author: Christopher Smith <chris@jalakai.co.uk> |
auth_deleteprofile() X-Ref |
Delete the current logged-in user return: bool true on success, false on any error |
act_resendpwd() X-Ref |
Send a new password This function handles both phases of the password reset: - handling the first request of password reset - validating the password reset auth token author: Benoit Chesneau <benoit@bchesneau.info> author: Chris Smith <chris@jalakai.co.uk> author: Andreas Gohr <andi@splitbrain.org> return: bool true on success, false on any error |
auth_cryptPassword($clear, $method = '', $salt = null) X-Ref |
Encrypts a password using the given method and salt If the selected method needs a salt and none was given, a random one is chosen. author: Andreas Gohr <andi@splitbrain.org> param: string $clear The clear text password param: string $method The hashing method param: string $salt A salt, null for random return: string The crypted password |
auth_verifyPassword($clear, $crypt) X-Ref |
Verifies a cleartext password against a crypted hash author: Andreas Gohr <andi@splitbrain.org> param: string $clear The clear text password param: string $crypt The hash to compare with return: bool true if both match |
auth_setCookie($user, $pass, $sticky) X-Ref |
Set the authentication cookie and add user identification data to the session param: string $user username param: string $pass encrypted password param: bool $sticky whether or not the cookie will last beyond the session return: bool |
auth_getCookie() X-Ref |
Returns the user, (encrypted) password and sticky bit from cookie returns: array |