root/devel/mod/rpc/lib/function_authenticate.php

Revision 982, 4.6 kB (checked in by sven, 2 years ago)

RPC: use the elgglib authenticate_account() function

  • Property svn:eol-style set to native
Line 
1 <?php
2
3     // Function to authenticate
4     
5     // Original elgg logon code is not modular enough, most of the data, bussinesslogic and
6     // presentation folded in one, plus:
7     // - it expects the username and password in the _POST variable, we are dealing with _SERVER.
8     // - it sets a display message, we need a run_result
9     // - what if we need LDAP, or other ...
10
11     // Note: the HTTP Authentication hooks in PHP are only available when it is running as an Apache
12     // module and is hence not available in the CGI version.
13
14     // The Pear Auth packge looks nice, with hooks for plugging in different
15     // authentication providers (DB, LDAP, etc.). Wait for elgg people first.
16
17     
18     $auth             = array();
19     $auth['status']   = false;
20     $auth['message']  = "";
21     $auth['code']     = 0;      // not used, for passing generalized result codes, e.g. 3 = no such user (should be used instead of text message, e.g. for being able to construct internationalized message)
22     $auth['provider'] = "elgg"; // not used, elgg, ldap, smb, file, sso
23     $auth['method']   = "";     // how have credentials been passed: http-basic-auth, post, parameters, token, etc.
24     $auth['token']    = "";     // not used, for passing a sso token?
25
26     $username         = "";
27     $password         = "";
28     $token            = ""; // not used/implemented, for providing an authentication token (e.g. sso) via $parameter['token'] (not sure how this works)?
29     $provider         = ""; // not used/implemented, possibility for explicitly requesting an authentication provider via $parameter['provider']?
30
31     // For now parameters take precendence
32     
33     if (isset($parameter) && $parameter['username'] != "") // parameters passed by run()
34     {
35         $username = $parameter['username'];
36         $password = $parameter['password'];
37         
38         $auth['method'] = "parameters";
39     }
40     elseif (isset($_SERVER['HTTP_X_WSSE']) && $_SERVER['HTTP_X_WSSE'] != "")
41     {
42         // Some basic Web Services Security UsernameToken Profile (WSSE) support
43         $wsse = str_replace("UsernameToken","", $_SERVER['HTTP_X_WSSE']);
44         $wsse = explode(",", $wsse);
45
46         foreach ($wsse as $element)
47         {
48             $element = explode("=", $element);
49             $key = trim($element[0]);
50             $val = trim($element[1],"\x22\x27");
51
52             if ( $key == "Username")
53             {
54                 $username = $val;
55             }
56             elseif ($key == "PasswordDigest")
57             {
58                 $password = $val;
59             }
60             elseif ($key == "Created")
61             {
62                 $created = $val;
63             }
64             elseif ($key == "Nonce")
65             {
66                 $nonce = $val;
67             }
68         }
69         
70         $result = get_record('users','username',$username);
71         $good_pw = md5($result->password);
72
73         // Recreate the digest
74         $digest = pack("H*", sha1($nonce
75                                 . $created
76                                 . $good_pw));
77
78         $auth['method'] = $good_pw;
79     }
80     elseif (isset($_SERVER['PHP_AUTH_USER']) &&
81             isset($_SERVER['PHP_AUTH_PW'])   &&
82             $_SERVER['PHP_AUTH_USER'] != ""  &&
83             $_SERVER['PHP_AUTH_PW'] != "") // Basic HTTP AUTH
84     {
85         $username = $_SERVER['PHP_AUTH_USER'];
86         $password = md5($_SERVER['PHP_AUTH_PW']);
87         
88         $auth['method'] = "http-basic-auth";
89     }
90     elseif (isset($_POST['username']) &&
91             isset($_POST['password']) &&
92             $_POST['username'] != "" &&
93             $_POST['password'] != "") // parameters passed via login form (form post)
94     {       
95         $username = trim($_POST['username']);
96         $password = trim(md5($_POST['password']));
97         
98         $auth['method'] = "post";
99     }
100     // Conditions to be extended for other methods (tokens etc.)
101     
102     // If all is well we have a username and password
103     // To be modified for different providers, tokens, etc. and fall-through (iterate through the configured providers)
104     
105     // Elgg authentication provider
106     
107     if (isset($username))
108     {
109         $logonsuccess = authenticate_account($username,$password);
110         if ($logonsuccess)
111         {
112             $auth['status']  = true;
113             $auth['message'] = "Authenticated";
114             $auth['code']    = 200;
115         }
116         else
117         {
118             $auth['status']  = false;
119             $auth['message'] = "Incorrect username or password";
120             $auth['code']    = 801;
121         }
122     }
123     else
124     {
125         $auth['status']  = false;
126         $auth['message'] = "No username or password provided";
127         $auth['code']    = 801;
128
129     }
130
131     $run_result = $auth;
132
133 ?>
134
Note: See TracBrowser for help on using the browser.