inc/AuthPlugins.php

   1 <?php
   2 /**
   3 * The authentication handling plugins can be used by the Session class to
   4 * provide authentication.
   5 *
   6 * Each authenticate hook needs to:
   7 *   - Accept a username / password
   8 *   - Confirm the username / password are correct
   9 *   - Create (or update) a 'usr' record in our database
  10 *   - Return the 'usr' record as an object
  11 *   - Return === false when authentication fails
  12 *
  13 * It can expect that:
  14 *   - Configuration data will be in $c->authenticate_hook['config'], which might be an array, or whatever is needed.
  15 *
  16 * In order to be called:
  17 *   - This file should be included
  18 *   - $c->authenticate_hook['call'] should be set to the name of the plugin
  19 *   - $c->authenticate_hook['config'] should be set up with any configuration data for the plugin
  20 *
  21 * @package   awl
  22 * @subpackage   AuthPlugin
  23 * @author    Andrew McMillan <andrew@mcmillan.net.nz>
  24 * @copyright Catalyst IT Ltd, Morphoss Ltd <http://www.morphoss.com/>
  25 * @license   http://gnu.org/copyleft/gpl.html GNU GPL v2 or later
  26 */
  27
  28 require_once('AWLUtilities.php');
  29 require_once('DataUpdate.php');
  30
  31 /**
  32 * Authenticate against a different PostgreSQL database which contains a usr table in
  33 * the AWL format.
  34 *
  35 * @package   awl
  36 */
  37 function auth_other_awl( $username, $password ) {
  38   global $c;
  39
  40   $authconn = pg_Connect($c->authenticate_hook['config']['connection']);
  41   if ( ! $authconn ) {
  42     echo <<<EOERRMSG
  43   <html><head><title>Database Connection Failure</title></head><body>
  44   <h1>Database Error</h1>
  45   <h3>Could not connect to PostgreSQL database</h3>
  46   </body>
  47   </html>
  48 EOERRMSG;
  49     exit(1);
  50   }
  51
  52   if ( isset($c->authenticate_hook['config']['columns']) )
  53     $cols = $c->authenticate_hook['config']['columns'];
  54   else
  55     $cols = "*";
  56
  57   if ( isset($c->authenticate_hook['config']['where']) )
  58     $andwhere = " AND ".$c->authenticate_hook['config']['where'];
  59   else
  60     $andwhere = "";
  61
  62   $qry = new AwlQuery("SELECT $cols FROM usr WHERE lower(username) = text(?) $andwhere", strtolower($username) );
  63   $qry->SetConnection($authconn);
  64   if ( $qry->Exec('Login',__LINE,__FILE__) && $qry->rows() == 1 ) {
  65     $usr = $qry->Fetch();
  66     if ( session_validate_password( $password, $usr->password ) ) {
  67
  68       $qry = new AwlQuery("SELECT * FROM usr WHERE user_no = $usr->user_no;" );
  69       if ( $qry->Exec('Login',__LINE,__FILE__) && $qry->rows() == 1 )
  70         $type = "UPDATE";
  71       else
  72         $type = "INSERT";
  73
  74       $qry = new AwlQuery( sql_from_object( $usr, $type, 'usr', "WHERE user_no=$usr->user_no" ) );
  75       $qry->Exec('Login',__LINE__,__FILE__);
  76
  77       /**
  78       * We disallow login by inactive users _after_ we have updated the local copy
  79       */
  80       if ( isset($usr->active) && $usr->active == 'f' ) return false;
  81
  82       return $usr;
  83     }
  84   }
  85
  86   return false;
  87
  88 }
  89
  90
  91 /**
  92 * Authentication has already happened.  We know the username, we just need
  93 * to do the authorisation / access control.  The password is ignored.
  94 *
  95 * @package   awl
  96 */
  97 function auth_external( $username, $password ) {
  98   global $c;
  99
 100   $qry = new AwlQuery("SELECT * FROM usr WHERE active AND lower(username) = text(?) ", strtolower($username) );
 101   if ( $qry->Exec('Login',__LINE__,__FILE__) && $qry->rows() == 1 ) {
 102     $usr = $qry->Fetch();
 103     return $usr;
 104   }
 105
 106   return false;
 107
 108 }
 109
 110