* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * * See also http://www.fsf.org *********************************************************************/ /** * we derive PEAR Auth */ require_once("lib/conf.php"); require_once("Auth.php"); /** * PEAR Auth customization * * We subclass Auth for various reasons * * It will be easier to use a single Auth instance using instance() * * It will make a global $error string available * */ class AuthLogin extends Auth { /* watch out, we reverse the default value of $showLogin since we * use this more as a check than as a stopper */ function AuthLogin($storageDriver = "DB", $options = null, $loginFunction = "", $showLogin = false) { if (is_null($options)) { if (!isset($options["dsn"])) { $options["dsn"] = _DSN; /* must be defined in conf somewhere */ } if (!isset($options["cryptType"])) { $options["cryptType"] = "md5"; } if (!isset($options["table"])) { $options["table"] = "user"; } if (!isset($options["usernamecol"])) { $options["usernamecol"] = "email"; } if (!isset($options["passwordcol"])) { $options["passwordcol"] = "password"; } /* this makes all the columns of the usagers table available * through the getAuthData() function * * see ecdStd.inc.php for an example usage */ if (!isset($options["db_fields"])) { $options["db_fields"] = "*"; } } if ($loginFunction == "") { // $loginFunction = 'print_login_screen'; } parent::Auth($storageDriver, $options, $loginFunction, $showLogin); $this->setSessionname("TIMETRACKER"); } /* * Override PEAR::Auth::start() to set a global $error message */ function start() { global $error; $ret = parent::start(); $error = $this->error_mapping($this->getStatus()); return $ret; } /** * return always the same instance of this class * * useful to check the auth of a user over and over again without * having to recreate the object and use the proper args * * $storageDriver and $options are ignored and subsequent calls */ function instance($storageDriver = "DB", $options = "", $loginFunction = "", $showLogin = false) { static $a; if (!isset($a)) { $a = new AuthLogin($storageDriver, $options, $loginFunction, $showLogin); } else { $a->setShowlogin($showLogin); if (!empty($loginFunction)) { $a->loginFunction = $loginFunction; } } return $a; } /* transform a PEAR::Auth error into a readable message */ function error_mapping($pear) { switch($pear) { case AUTH_WRONG_LOGIN: $error = "wrong username or password"; break; case AUTH_EXPIRED: case AUTH_IDLED: $error = "session idle too long or expired"; break; case "": /* no error */ $error = null; break; default: $error = "unknown error"; break; } return $error; } /** * function used to refuse access to a given section * * this will output a page, with the error message, and exit() * * argument will be printed in the output */ function refuse_access($error) { global $PREFIX; /* we assume this page handles the $error */ require_once(dirname(__FILE__) . '/../login_form.php'); exit(); } /** * callback function for Auth in case of login failure * * this function shouldn't return, otherwise login auth will not be * enforced and a page will display even with an auth check */ function login_screen($username, $error = null) { $error = AuthLogin::error_mapping($error); AuthLogin::refuse_access($error); exit(); /* NOT REACHED */ } } /* XXX: helper function to work around PEAR::Auth's stupidity * * It uses function_exists() to check if the loginFunction exists and * so obviously fails on array("AuthLogin", "login_screen") * constructs. Until PEAR matures, we keep this (ugly) workaround. */ function print_login_screen($username, $error = null) { AuthLogin::login_screen($username, $error); } /** * Login the user using PEAR Auth module * * This can be used to login someone, and/or to check if he is logged * in. It also includes the code to logout someone since the procedure * is very similar. However, it is advised to use logout() to logout * the user instead. * * To check if a valid auth is there, use the following piece of code: * * * if (login(false)) { print "logged in!"; } * * * To do the actual login and refuse access, with a login screen, if * there's no login already: * * * login(); * * * login() will not returned if the user is not logged in, and will * prompt the user with a password prompt. * * @param boolean $show_login if we want to deny the user access with * a login prompt * @param boolean $logout wether to log off the user (in any case) * * @uses AuthLogin::instance() * @uses AuthLogin::start() * @uses AuthLogin::checkauth() * @uses AuthLogin::logout() * @see logout() */ function login($show_login = true, $logout = false) { $a = AuthLogin::instance("DB", null, null, $show_login); $a->start(); if ($logout) { $ret = $a->logout(); } else { if ((!$ret = $a->checkAuth()) && $show_login) exit(); } return $ret; } /** * logout the current user * * This removes the user any credentials he might have * * This is actually implemented using login() since a lot of code is common. * * @uses login() */ function logout() { return login(false, true); } ?>