/
Authwebserver.php
111 lines (97 loc) · 3.97 KB
/
Authwebserver.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
<?php
class Authwebserver extends AuthPluginBase
{
protected $storage = 'DbStorage';
static protected $description = 'Core: Webserver authentication';
public function __construct(PluginManager $manager, $id) {
parent::__construct($manager, $id);
/**
* Here you should handle subscribing to the events your plugin will handle
*/
$this->subscribe('beforeLogin');
$this->subscribe('newUserSession');
}
public function beforeLogin()
{
// normal login through webserver authentication
if (isset($_SERVER['PHP_AUTH_USER'])||isset($_SERVER['LOGON_USER']) ||isset($_SERVER['REMOTE_USER']))
{
if (isset($_SERVER['PHP_AUTH_USER'])) {
$sUser=$_SERVER['PHP_AUTH_USER'];
}
elseif (isset($_SERVER['REMOTE_USER'])) {
$sUser=$_SERVER['REMOTE_USER'];
} else {
$sUser = $_SERVER['LOGON_USER'];
}
if (strpos($sUser,"\\")!==false) {
$sUser = substr($sUser, strrpos($sUser, "\\")+1);
}
$aUserMappings=$this->api->getConfigKey('auth_webserver_user_map', array());
if (isset($aUserMappings[$sUser]))
{
$sUser = $aUserMappings[$sUser];
}
$this->setUsername($sUser);
$this->setAuthPlugin(); // This plugin handles authentication, halt further execution of auth plugins
}
}
public function newUserSession()
{
/* @var $identity LSUserIdentity */
$sUser = $this->getUserName();
$oUser = $this->api->getUserByName($sUser);
if (is_null($oUser))
{
if (function_exists("hook_get_auth_webserver_profile"))
{
// If defined this function returns an array
// describing the default profile for this user
$aUserProfile = hook_get_auth_webserver_profile($sUser);
}
elseif ($this->api->getConfigKey('auth_webserver_autocreate_user'))
{
$aUserProfile=$this->api->getConfigKey('auth_webserver_autocreate_profile');
}
} else {
$this->setAuthSuccess($oUser);
return;
}
if ($this->api->getConfigKey('auth_webserver_autocreate_user') && isset($aUserProfile) && is_null($oUser))
{ // user doesn't exist but auto-create user is set
$oUser=new User;
$oUser->users_name=$sUser;
$oUser->password=hash('sha256', createPassword());
$oUser->full_name=$aUserProfile['full_name'];
$oUser->parent_id=1;
$oUser->lang=$aUserProfile['lang'];
$oUser->email=$aUserProfile['email'];
$oUser->create_survey=$aUserProfile['create_survey'];
$oUser->create_user=$aUserProfile['create_user'];
$oUser->delete_user=$aUserProfile['delete_user'];
$oUser->superadmin=$aUserProfile['superadmin'];
$oUser->configurator=$aUserProfile['configurator'];
$oUser->manage_template=$aUserProfile['manage_template'];
$oUser->manage_label=$aUserProfile['manage_label'];
if ($oUser->save())
{
$aTemplates=explode(",",$aUserProfile['templatelist']);
foreach ($aTemplates as $sTemplateName)
{
$oRecord=new Templates_rights;
$oRecord->uid = $oUser->uid;
$oRecord->folder = trim($sTemplateName);
$oRecord->use = 1;
$oRecord->save();
}
// read again user from newly created entry
$this->setAuthSuccess($oUser);
return;
}
else
{
$this->setAuthFailure(self::ERROR_USERNAME_INVALID);
}
}
}
}