3.2/dynacase-core-api-reference/checkauth_8php_source.html

 <?php

 /*

  * @author Anakeen

  * @package FDL

 */

 /**

  * PHP Authentification control

  *

  * @author Anakeen

  * @package FDL

  * @subpackage CORE

  * @deprecated since HTTP Authentification

  */


 function checkauth(Action & $action)

 {


     include_once ('WHAT/Lib.Common.php');

     include_once ('WHAT/Class.AuthenticatorManager.php');

     include_once ('WHAT/Class.htmlAuthenticator.php');

     include_once ('WHAT/Class.User.php');

     include_once ('WHAT/Class.Log.php');


     $redirect_uri = GetHttpVars('redirect_uri', '');


     $status = AuthenticatorManager::checkAccess();

     //error_log("checkauth: AuthenticatorManager::checkAccess() = {$status}");

     switch ($status) {

         case AuthenticatorManager::AccessOk: // it'good, user is authentified, just log the connexion

             AuthenticatorManager::secureLog("success", "welcome", AuthenticatorManager::$auth->provider->parms['type'] . "/" . AuthenticatorManager::$auth->provider->parms['provider'], $_SERVER["REMOTE_ADDR"], AuthenticatorManager::$auth->getAuthUser() , $_SERVER["HTTP_USER_AGENT"]);

             break;


         case AuthenticatorManager::AccessBug:

             // User must change his password

             $action->session->close();

             global $_POST;

             Redirect($action, 'AUTHENT', 'ERRNO_BUG_639');

             exit(0);

             break;


         default:

             AuthenticatorManager::$auth->askAuthentication(array(

                 'error' => $status,

                 'auth_user' => $_POST['auth_user'],

                 'redirect_uri' => $redirect_uri

             ));

             exit(0);

     }


     if (($redirect_uri == "") || (preg_match('/app=AUTHENT/', $redirect_uri))) {

         $redirect_uri = ".";

     } else if ($redirect_uri[0] != '/') {

         /*

          * $redirect_uri is normally constructed from REQUEST_URI, so

          * it should start with "/" and be a local absolute pathname.

          *

          * If it does not start with a "/", then it might indicate a

          * malicious manipulation to perform a cross-site redirect.

         */

         $redirect_uri = ".";

     }

     $lang = array();

     include_once ('CORE/lang.php');

     $core_lang = getHttpVars('CORE_LANG');

     if ($core_lang != "" && array_key_exists($core_lang, $lang)) {

         //     error_log(__CLASS__."::".__FUNCTION__." "."Registering vaviable CORE_LANG = '".$core_lang."' in session_auth");

         AuthenticatorManager::$session->register('CORE_LANG', $core_lang);

     }

     $redirect_uri = preg_replace('!//+!', '/', $redirect_uri);

     $redirect_uri = preg_replace('!&&+!', '&', $redirect_uri);

     // Redirect to initial page

     header('Location: ' . $redirect_uri);

     exit(0);

 }

AuthenticatorManager\AccessBug
const AccessBug
Definition: Class.AuthenticatorManager.php:31

$status
$status
Definition: index.php:30

AuthenticatorManager\secureLog
static secureLog($status="", $additionalMessage="", $provider="", $clientIp="", $account="", $userAgent="")
Definition: Class.AuthenticatorManager.php:261

$action
global $action
Definition: accountRefreshGroup.php:16

$_POST
global $_POST
Definition: chgpasswd.php:17

Redirect
Redirect($action, $appname, $actionname, $otherurl="", $httpparamredirect=false)
Definition: Lib.Http.php:21

$lang
$lang
Definition: lang.php:18

AuthenticatorManager\AccessOk
const AccessOk
Definition: Class.AuthenticatorManager.php:32

Action
Definition: Class.Action.php:24

AuthenticatorManager\$session
static $session
Definition: Class.AuthenticatorManager.php:30

checkauth
checkauth(Action &$action)
Definition: checkauth.php:15

AuthenticatorManager\$auth
static $auth
Definition: Class.AuthenticatorManager.php:42

getHttpVars
getHttpVars($name, $def="", $scope="all")
Definition: Lib.Http.php:124

$_SERVER
global $_SERVER
Definition: cleanContext.php:41

exit
switch($command) exit
Definition: checkVault.php:46