4 Authentication library for RackTables.
8 // This function ensures that we don't continue without a legitimate
9 // username and password.
10 function authenticate ()
14 !isset ($_SERVER['PHP_AUTH_USER']) or
15 !isset ($_SERVER['PHP_AUTH_PW']) or
16 !authenticated ($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) or
17 isset ($_REQUEST['logout'])
20 header ('WWW-Authenticate: Basic realm="' . getConfigVar ('enterprise') . ' RackTables access"');
21 header ('HTTP/1.0 401 Unauthorized');
22 showError ('This system requires authentication. You should use a username and a password.');
27 // Merge accumulated tags into a single chain, add location-specific
28 // autotags and try getting access clearance. Page and tab are mandatory,
29 // operation is optional.
30 function permitted ($p = NULL, $t = NULL, $o = NULL, $annex = array())
32 global $pageno, $tabno, $op;
43 $subject = array_merge
51 $subject[] = array ('tag' => '$page_' . $p);
52 $subject[] = array ('tag' => '$tab_' . $t);
53 if ($o === NULL and isset ($op))
55 $subject[] = array ('tag' => '$op_' . $op);
56 $subject[] = array ('tag' => '$any_op');
58 return gotClearanceForTagChain ($subject);
61 function accessibleSubpage ($p)
64 $subject = $user_tags;
65 $subject[] = array ('tag' => '$page_' . $p);
66 $subject[] = array ('tag' => '$tab_default');
67 return gotClearanceForTagChain ($subject);
70 // This function returns TRUE, if username and password are valid.
71 function authenticated ($username, $password)
74 if (!isset ($accounts[$username]) or $accounts[$username]['user_enabled'] != 'yes')
76 // Always authenticate the administrator locally, thus giving him a chance
77 // to fix broken installation.
78 if ($accounts[$username]['user_id'] == 1)
79 return authenticated_via_database ($username, $password);
80 switch (getConfigVar ('USER_AUTH_SRC'))
83 return authenticated_via_database ($username, $password);
86 return authenticated_via_ldap ($username, $password);
89 showError ("Unknown user authentication source configured.", __FUNCTION__
);
93 // and just to be sure...
97 function authenticated_via_ldap ($username, $password)
99 global $ldap_server, $ldap_domain;
100 if ($connect = @ldap_connect
($ldap_server))
101 if ($bind = @ldap_bind
($connect, "${username}@${ldap_domain}", $password))
103 @ldap_close
($connect);
106 @ldap_close
($connect);
110 function authenticated_via_database ($username, $password)
113 if (!defined ('HASH_HMAC'))
115 showError ('Fatal error: PHP hash extension is missing', __FUNCTION__
);
118 if (array_search (PASSWORD_HASH
, hash_algos()) === FALSE)
120 showError ('Password hash not supported, authentication impossible.', __FUNCTION__
);
123 if (!isset ($accounts[$username]['user_password_hash']))
125 if ($accounts[$username]['user_password_hash'] == hash (PASSWORD_HASH
, $password))
130 // This function returns password hash for given user ID.
131 function getHashByID ($user_id = 0)
135 showError ('Invalid user_id', __FUNCTION__
);
139 foreach ($accounts as $account)
140 if ($account['user_id'] == $user_id)
141 return $account['user_password_hash'];
146 function getUsernameByID ($user_id = 0)
150 showError ('Invalid user_id', __FUNCTION__
);
154 foreach ($accounts as $account)
155 if ($account['user_id'] == $user_id)
156 return $account['user_name'];
157 showError ("User with ID '${user_id}' not found!");