r1979 + allow a comment to end RackCode text
[racktables] / inc / auth.php
CommitLineData
b325120a 1<?php
e673ee24
DO
2/*
3
4Authentication library for RackTables.
5
6*/
7
8// This function ensures that we don't continue without a legitimate
9// username and password.
10function authenticate ()
11{
e673ee24
DO
12 if
13 (
14 !isset ($_SERVER['PHP_AUTH_USER']) or
15 !isset ($_SERVER['PHP_AUTH_PW']) or
4eb5efb7
DO
16 !authenticated ($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) or
17 isset ($_REQUEST['logout'])
e673ee24
DO
18 )
19 {
9c0b0016 20 header ('WWW-Authenticate: Basic realm="' . getConfigVar ('enterprise') . ' RackTables access"');
e673ee24
DO
21 header ('HTTP/1.0 401 Unauthorized');
22 showError ('This system requires authentication. You should use a username and a password.');
23 die();
24 }
25}
26
27// Show error unless the user is allowed access here.
b9bd9897 28function authorize ($subject = array())
e673ee24 29{
b9bd9897
DO
30 global $remote_username, $expl_tags, $impl_tags, $auto_tags;
31 if (!count ($subject))
32 $subject = array_merge ($expl_tags, $impl_tags, $auto_tags);
33 if (gotClearanceForTagChain ($subject))
34 return TRUE;
bcd37231 35 else
e673ee24
DO
36 {
37 showError ("User '${remote_username}' is not allowed to access here.");
38 die();
39 }
40}
41
b9bd9897
DO
42// A yay/nay replacement for authorized() function.
43function probeLocation ($p = 'index', $t = 'default')
44{
45 $authz_ctx = getUserAutoTags();
46 $authz_ctx[] = array ('tag' => '$page_' . $p);
47 $authz_ctx[] = array ('tag' => '$tab_' . $t);
48 return gotClearanceForTagChain ($authz_ctx);
49}
50
e673ee24
DO
51// This function returns TRUE, if username and password are valid.
52function authenticated ($username, $password)
53{
54 global $accounts;
b9bd9897 55 if (!isset ($accounts[$username]) or $accounts[$username]['user_enabled'] != 'yes')
e673ee24 56 return FALSE;
7dfd5e44
DO
57 // Always authenticate the administrator locally, thus giving him a chance
58 // to fix broken installation.
59 if ($accounts[$username]['user_id'] == 1)
60 return authenticated_via_database ($username, $password);
61 switch (getConfigVar ('USER_AUTH_SRC'))
62 {
63 case 'database':
64 return authenticated_via_database ($username, $password);
65 break;
66 case 'ldap':
67 return authenticated_via_ldap ($username, $password);
68 break;
69 default:
70 showError ("Unknown user authentication source configured.", __FUNCTION__);
71 return FALSE;
72 break;
73 }
74 // and just to be sure...
75 return FALSE;
76}
77
78function authenticated_via_ldap ($username, $password)
79{
ae65938e
DO
80 global $ldap_server, $ldap_domain;
81 if ($connect = @ldap_connect ($ldap_server))
82 if ($bind = @ldap_bind ($connect, "${username}@${ldap_domain}", $password))
83 {
84 @ldap_close ($connect);
85 return TRUE;
86 }
87 @ldap_close ($connect);
7dfd5e44
DO
88 return FALSE;
89}
90
91function authenticated_via_database ($username, $password)
92{
93 global $accounts;
94 if (!defined ('HASH_HMAC'))
95 {
96 showError ('Fatal error: PHP hash extension is missing', __FUNCTION__);
97 die();
98 }
99 if (array_search (PASSWORD_HASH, hash_algos()) === FALSE)
100 {
101 showError ('Password hash not supported, authentication impossible.', __FUNCTION__);
102 die();
103 }
104 if (!isset ($accounts[$username]['user_password_hash']))
105 return FALSE;
e673ee24
DO
106 if ($accounts[$username]['user_password_hash'] == hash (PASSWORD_HASH, $password))
107 return TRUE;
108 return FALSE;
109}
110
e673ee24
DO
111// This function returns password hash for given user ID.
112function getHashByID ($user_id = 0)
113{
114 if ($user_id <= 0)
115 {
b09549b3 116 showError ('Invalid user_id', __FUNCTION__);
e673ee24
DO
117 return NULL;
118 }
119 global $accounts;
120 foreach ($accounts as $account)
121 if ($account['user_id'] == $user_id)
122 return $account['user_password_hash'];
123 return NULL;
124}
125
b9bd9897
DO
126// Likewise.
127function getUsernameByID ($user_id = 0)
128{
129 if ($user_id <= 0)
130 {
131 showError ('Invalid user_id', __FUNCTION__);
132 return NULL;
133 }
134 global $accounts;
135 foreach ($accounts as $account)
136 if ($account['user_id'] == $user_id)
137 return $account['user_name'];
138 showError ("User with ID '${user_id}' not found!");
139 return NULL;
140}
141
e673ee24 142?>