*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*
* See also http://www.fsf.org
*********************************************************************/
/**
* we derive PEAR Auth
*/
require_once("lib/conf.php");
require_once("Auth.php");
/**
* PEAR Auth customization
*
* We subclass Auth for various reasons
*
* It will be easier to use a single Auth instance using instance()
*
* It will make a global $error string available
*
*/
class AuthLogin extends Auth {
/* watch out, we reverse the default value of $showLogin since we
* use this more as a check than as a stopper */
function AuthLogin($storageDriver = "DB", $options = null,
$loginFunction = "", $showLogin = false) {
if (is_null($options)) {
if (!isset($options["dsn"])) {
$options["dsn"] = _DSN; /* must be defined in conf somewhere */
}
if (!isset($options["cryptType"])) {
$options["cryptType"] = "md5";
}
if (!isset($options["table"])) {
$options["table"] = "user";
}
if (!isset($options["usernamecol"])) {
$options["usernamecol"] = "email";
}
if (!isset($options["passwordcol"])) {
$options["passwordcol"] = "password";
}
/* this makes all the columns of the usagers table available
* through the getAuthData() function
*
* see ecdStd.inc.php for an example usage
*/
if (!isset($options["db_fields"])) {
$options["db_fields"] = "*";
}
}
if ($loginFunction == "") {
// $loginFunction = 'print_login_screen';
}
parent::Auth($storageDriver, $options, $loginFunction, $showLogin);
$this->setSessionname("TIMETRACKER");
}
/*
* Override PEAR::Auth::start() to set a global $error message
*/
function start() {
global $error;
$ret = parent::start();
$error = $this->error_mapping($this->getStatus());
return $ret;
}
/**
* return always the same instance of this class
*
* useful to check the auth of a user over and over again without
* having to recreate the object and use the proper args
*
* $storageDriver and $options are ignored and subsequent calls
*/
function instance($storageDriver = "DB", $options = "",
$loginFunction = "", $showLogin = false) {
static $a;
if (!isset($a)) {
$a = new AuthLogin($storageDriver, $options, $loginFunction, $showLogin);
} else {
$a->setShowlogin($showLogin);
if (!empty($loginFunction)) {
$a->loginFunction = $loginFunction;
}
}
return $a;
}
/* transform a PEAR::Auth error into a readable message */
function error_mapping($pear) {
switch($pear) {
case AUTH_WRONG_LOGIN:
$error = "wrong username or password";
break;
case AUTH_EXPIRED:
case AUTH_IDLED:
$error = "session idle too long or expired";
break;
case "":
/* no error */
$error = null;
break;
default:
$error = "unknown error";
break;
}
return $error;
}
/**
* function used to refuse access to a given section
*
* this will output a page, with the error message, and exit()
*
* argument will be printed in the output
*/
function refuse_access($error) {
global $PREFIX;
/* we assume this page handles the $error */
require_once(dirname(__FILE__) . '/../login_form.php');
exit();
}
/**
* callback function for Auth in case of login failure
*
* this function shouldn't return, otherwise login auth will not be
* enforced and a page will display even with an auth check
*/
function login_screen($username, $error = null) {
$error = AuthLogin::error_mapping($error);
AuthLogin::refuse_access($error);
exit(); /* NOT REACHED */
}
}
/* XXX: helper function to work around PEAR::Auth's stupidity
*
* It uses function_exists() to check if the loginFunction exists and
* so obviously fails on array("AuthLogin", "login_screen")
* constructs. Until PEAR matures, we keep this (ugly) workaround.
*/
function print_login_screen($username, $error = null) {
AuthLogin::login_screen($username, $error);
}
/**
* Login the user using PEAR Auth module
*
* This can be used to login someone, and/or to check if he is logged
* in. It also includes the code to logout someone since the procedure
* is very similar. However, it is advised to use logout() to logout
* the user instead.
*
* To check if a valid auth is there, use the following piece of code:
*
*
* if (login(false)) { print "logged in!"; }
*
*
* To do the actual login and refuse access, with a login screen, if
* there's no login already:
*
*
* login();
*
*
* login() will not returned if the user is not logged in, and will
* prompt the user with a password prompt.
*
* @param boolean $show_login if we want to deny the user access with
* a login prompt
* @param boolean $logout wether to log off the user (in any case)
*
* @uses AuthLogin::instance()
* @uses AuthLogin::start()
* @uses AuthLogin::checkauth()
* @uses AuthLogin::logout()
* @see logout()
*/
function login($show_login = true, $logout = false) {
$a = AuthLogin::instance("DB", null, null, $show_login);
$a->start();
if ($logout) {
$ret = $a->logout();
} else {
if ((!$ret = $a->checkAuth()) && $show_login)
exit();
}
return $ret;
}
/**
* logout the current user
*
* This removes the user any credentials he might have
*
* This is actually implemented using login() since a lot of code is common.
*
* @uses login()
*/
function logout() {
return login(false, true);
}
?>