Imported Upstream version 0.6.24+dfsg1
This commit is contained in:
Mario Fetka
111
share/pnp/application/models/auth_multisite.php
Normal file
111
share/pnp/application/models/auth_multisite.php
Normal file
@@ -0,0 +1,111 @@
|
||||
<?php defined('SYSPATH') OR die('No direct access allowed.');
|
||||
|
||||
|
||||
class Auth_Multisite_Model {
|
||||
private $htpasswdPath;
|
||||
private $serialsPath;
|
||||
private $secretPath;
|
||||
private $authFile;
|
||||
|
||||
public function __construct($htpasswdPath, $serialsPath, $secretPath, $loginUrl) {
|
||||
$this->htpasswdPath = $htpasswdPath;
|
||||
$this->serialsPath = $serialsPath;
|
||||
$this->secretPath = $secretPath;
|
||||
$this->loginUrl = $loginUrl;
|
||||
|
||||
// When the auth.serial file exists, use this instead of the htpasswd
|
||||
// for validating the cookie. The structure of the file is equal, so
|
||||
// the same code can be used.
|
||||
if(file_exists($this->serialsPath)) {
|
||||
$this->authFile = 'serial';
|
||||
|
||||
} elseif(file_exists($this->htpasswdPath)) {
|
||||
$this->authFile = 'htpasswd';
|
||||
|
||||
} else {
|
||||
throw new Kohana_exception("error.auth_multisite_missing_htpasswd");
|
||||
}
|
||||
|
||||
if(!file_exists($this->secretPath)) {
|
||||
$this->redirectToLogin();
|
||||
}
|
||||
}
|
||||
|
||||
private function loadAuthFile($path) {
|
||||
$creds = array();
|
||||
foreach(file($path) AS $line) {
|
||||
if(strpos($line, ':') !== false) {
|
||||
list($username, $secret) = explode(':', $line, 2);
|
||||
$creds[$username] = rtrim($secret);
|
||||
}
|
||||
}
|
||||
return $creds;
|
||||
}
|
||||
|
||||
private function loadSecret() {
|
||||
return trim(file_get_contents($this->secretPath));
|
||||
}
|
||||
|
||||
private function generateHash($username, $now, $user_secret) {
|
||||
$secret = $this->loadSecret();
|
||||
return md5($username . $now . $user_secret . $secret);
|
||||
}
|
||||
|
||||
private function checkAuthCookie($cookieName) {
|
||||
if(!isset($_COOKIE[$cookieName]) || $_COOKIE[$cookieName] == '') {
|
||||
throw new Exception();
|
||||
}
|
||||
|
||||
list($username, $issueTime, $cookieHash) = explode(':', $_COOKIE[$cookieName], 3);
|
||||
|
||||
if($this->authFile == 'htpasswd')
|
||||
$users = $this->loadAuthFile($this->htpasswdPath);
|
||||
else
|
||||
$users = $this->loadAuthFile($this->serialsPath);
|
||||
|
||||
if(!isset($users[$username])) {
|
||||
throw new Exception();
|
||||
}
|
||||
$user_secret = $users[$username];
|
||||
|
||||
// Validate the hash
|
||||
if($cookieHash != $this->generateHash($username, $issueTime, $user_secret)) {
|
||||
throw new Exception();
|
||||
}
|
||||
|
||||
// FIXME: Maybe renew the cookie here too
|
||||
|
||||
return $username;
|
||||
}
|
||||
|
||||
private function checkAuth() {
|
||||
// Loop all cookies trying to fetch a valid authentication
|
||||
// cookie for this installation
|
||||
foreach(array_keys($_COOKIE) AS $cookieName) {
|
||||
if(substr($cookieName, 0, 5) != 'auth_') {
|
||||
continue;
|
||||
}
|
||||
try {
|
||||
$name = $this->checkAuthCookie($cookieName);
|
||||
return $name;
|
||||
} catch(Exception $e) {}
|
||||
}
|
||||
return '';
|
||||
}
|
||||
|
||||
private function redirectToLogin() {
|
||||
header('Location:' . $this->loginUrl . '?_origtarget=' . $_SERVER['REQUEST_URI']);
|
||||
}
|
||||
|
||||
public function check() {
|
||||
$username = $this->checkAuth();
|
||||
if($username === '') {
|
||||
$this->redirectToLogin();
|
||||
exit(0);
|
||||
}
|
||||
|
||||
return $username;
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
Reference in New Issue
Block a user