Platform  3.1
PHP API documentation
 All Data Structures Namespaces Files Functions Variables Pages
Class.freedomProvider.php
Go to the documentation of this file.
1 <?php
2 /*
3  * @author Anakeen
4  * @license http://creativecommons.org/licenses/by-nc-sa/2.0/fr/ Anakeen - licence CC
5  * @package FDL
6 */
7 /**
8  * freedomProvider class
9  *
10  * This class provides methods for autentication based on freeedom
11  * @author Anakeen 2009
12  * @version $Id: $
13  * @license http://creativecommons.org/licenses/by-nc-sa/2.0/fr/ Anakeen - licence CC
14  * @package FDL
15  */
16 /**
17  */
18 include_once ("WHAT/Class.Provider.php");
19 
20 class freedomProvider extends Provider
21 {
22 
23  public function validateCredential($username, $password)
24  {
25  $dbh = pg_connect($this->parms{'connection'});
26  if ($dbh == FALSE) {
27  error_log(__CLASS__ . "::" . __FUNCTION__ . " " . "Error: failed connection to database");
28  $this->errno = 0;
29  return FALSE;
30  }
31  $stmt = pg_prepare($dbh, "check_bug_639", "SELECT login FROM users WHERE login = \$1 AND password !~ '^[a-zA-Z0-9./]{2}'");
32  if ($stmt == FALSE) {
33  error_log(__CLASS__ . "::" . __FUNCTION__ . " " . "Error: pg_preapare(check_bug_639) returned false");
34  $this->errno = 0;
35  return FALSE;
36  }
37  $res = pg_execute($dbh, "check_bug_639", array(
38  $username
39  ));
40  if ($res == FALSE) {
41  error_log(__CLASS__ . "::" . __FUNCTION__ . " " . "Error: pg_execute(check_bug_639) returned false. User $username not found ?");
42  $this->errno = 0;
43  return FALSE;
44  }
45  if (pg_num_rows($res) > 0) {
46  error_log(__CLASS__ . "::" . __FUNCTION__ . " " . "Error: found bug #639 for user '$username'");
47  $this->errno = Provider::ERRNO_BUG_639;
48  return FALSE;
49  }
50 
51  $stmt = pg_prepare($dbh, "get_password", 'SELECT password FROM users WHERE login = $1');
52  if ($stmt == FALSE) {
53  error_log(__CLASS__ . "::" . __FUNCTION__ . " " . "Error: pg_prepare(get_password) returned false");
54  $this->errno = 0;
55  return FALSE;
56  }
57  $res = pg_execute($dbh, "get_password", array(
58  $username
59  ));
60  if ($res == FALSE) {
61  error_log(__CLASS__ . "::" . __FUNCTION__ . " " . "Error: pg_execute(get_password) returned false. User $username not found ?");
62  $this->errno = 0;
63  return FALSE;
64  }
65  $encrypted_password = pg_fetch_result($res, 0);
66  if ($encrypted_password == "") {
67  error_log(__CLASS__ . "::" . __FUNCTION__ . " " . "Error: User $username not found");
68  $this->errno = 0;
69  return FALSE;
70  }
71  $ret = preg_match("/^(..)/", $encrypted_password, $salt);
72  if ($ret == 0) {
73  error_log(__CLASS__ . "::" . __FUNCTION__ . " " . "Error: could not get salt from encrypted password for user $username");
74  $this->errno = 0;
75  return FALSE;
76  }
77  if ($encrypted_password == crypt($password, $salt[0])) {
78  $this->errno = 0;
79  return TRUE;
80  }
81  error_log(__CLASS__ . "::" . __FUNCTION__ . " " . sprintf("Password mismatch for user %s", $username));
82  $this->errno = 0;
83  return FALSE;
84  }
85 
86  public function validateAuthorization($opt)
87  {
88  if (!array_key_exists('username', $opt)) {
89  error_log(__CLASS__ . "::" . __FUNCTION__ . " " . "Missing username key in opt array");
90  $this->errno = 0;
91  return FALSE;
92  }
93  $dbh = pg_connect($this->parms{'connection'});
94  if ($dbh == FALSE) {
95  error_log(__CLASS__ . "::" . __FUNCTION__ . " " . "Error connecting to database");
96  $this->errno = 0;
97  return FALSE;
98  }
99  $stmt = pg_prepare($dbh, "get_status", 'SELECT status FROM users WHERE login = $1');
100  if ($stmt == FALSE) {
101  error_log(__CLASS__ . "::" . __FUNCTION__ . " " . "Error preparing select statement");
102  $this->errno = 0;
103  return FALSE;
104  }
105  $res = pg_execute($dbh, "get_status", array(
106  $opt['username']
107  ));
108  if ($res == FALSE) {
109  error_log(__CLASS__ . "::" . __FUNCTION__ . " " . "Error in result of get_status");
110  $this->errno = 0;
111  return FALSE;
112  }
113  $status = pg_fetch_result($res, 0);
114  if ($status == 'D') {
115  error_log(__CLASS__ . "::" . __FUNCTION__ . " " . "Account " . $opt['username'] . " has been suspended");
116  $this->errno = 0;
117  return FALSE;
118  }
119  $this->errno = 0;
120  return TRUE;
121  }
122 }
123 ?>
← centre documentaire © anakeen - published under CC License - Dynacase