129 if ( !isset($_SERVER[
'AUTHORIZATION']) && isset($_SERVER[
'HTTP_AUTHORIZATION']) && !empty($_SERVER[
'HTTP_AUTHORIZATION']))
130 $_SERVER[
'AUTHORIZATION'] = $_SERVER[
'HTTP_AUTHORIZATION'];
131 if (isset($_SERVER[
'AUTHORIZATION']) && !empty($_SERVER[
'AUTHORIZATION'])) {
132 list ($type, $cred) = explode(
" ", $_SERVER[
'AUTHORIZATION']);
133 if ($type ==
'Basic') {
134 list ($user, $pass) = explode(
":", base64_decode($cred), 2);
135 $_SERVER[
'PHP_AUTH_USER'] = $user;
136 $_SERVER[
'PHP_AUTH_PW'] = $pass;
139 else if ( isset($c->authenticate_hook[
'server_auth_type'])
140 && ( ( isset($_SERVER[
"REMOTE_USER"]) && !empty($_SERVER[
"REMOTE_USER"]) ) ||
141 ( isset($_SERVER[
"REDIRECT_REMOTE_USER"]) && !empty($_SERVER[
"REDIRECT_REMOTE_USER"]) ) ) ) {
142 if ( ( is_array($c->authenticate_hook[
'server_auth_type'])
143 && in_array( strtolower($_SERVER[
'AUTH_TYPE']), array_map(
'strtolower', $c->authenticate_hook[
'server_auth_type'])) )
145 ( !is_array($c->authenticate_hook[
'server_auth_type'])
146 && strtolower($c->authenticate_hook[
'server_auth_type']) == strtolower($_SERVER[
'AUTH_TYPE']) )
151 if (isset($_SERVER[
"REMOTE_USER"]))
152 $_SERVER[
'PHP_AUTH_USER'] = $_SERVER[
'REMOTE_USER'];
154 $_SERVER[
'PHP_AUTH_USER'] = $_SERVER[
'REDIRECT_REMOTE_USER'];
155 $_SERVER[
'PHP_AUTH_PW'] =
'Externally Authenticated';
156 if ( ! isset($c->authenticate_hook[
'call']) ) {
162 $c->authenticate_hook[
'call'] =
'auth_external';
171 if ( isset($_SERVER[
'PHP_AUTH_USER']) ) {
172 if ( $p = $this->
CheckPassword( $_SERVER[
'PHP_AUTH_USER'], $_SERVER[
'PHP_AUTH_PW'] ) ) {
173 if ( isset($p->active) && !isset($p->user_active) ) {
174 trace_bug(
'Some authentication failed to return a dav_principal record and needs fixing.');
175 $p->user_active = $p->active;
182 if ( $p->user_active ) {
189 if ( isset($c->allow_unauthenticated) && $c->allow_unauthenticated ) {
191 $this->logged_in =
false;
217 $realm = $c->system_name;
219 if ( isset($_SERVER[
'HTTP_USER_AGENT']) ) $opaque .= $_SERVER[
'HTTP_USER_AGENT'];
220 if ( isset($_SERVER[
'REMOTE_ADDR']) ) $opaque .= $_SERVER[
'REMOTE_ADDR'];
221 $opaque = sha1($opaque);
223 if ( ! empty($_SERVER[
'PHP_AUTH_DIGEST'])) {
227 if ( $data[
'uri'] != $_SERVER[
'REQUEST_URI'] ) {
228 dbg_error_log(
"ERROR",
" DigestAuth: WTF! URI is '%s' and request URI is '%s'!?!" );
234 $test_user =
new Principal(
'username', $data[
'username']);
236 if ( preg_match(
'{\*(Digest)?\*(.*)}', $test_user->password, $matches ) ) {
237 if ( $matches[1] ==
'Digest' )
241 $A1 = md5($data[
'username'] .
':' . $realm .
':' . $matches[2]);
243 $A2 = md5($_SERVER[
'REQUEST_METHOD'].
':'.$data[
'uri']);
244 $auth_string = $A1.
':'.$data[
'nonce'].
':'.$data[
'nc'].
':'.$data[
'cnonce'].
':'.$data[
'qop'].
':'.$A2;
246 $valid_response = md5($auth_string);
249 if ( $data[
'response'] == $valid_response ) {
263 $nonce = sha1(uniqid(
'',
true));
264 $authheader = sprintf(
'WWW-Authenticate: Digest realm="%s", qop="auth", nonce="%s", opaque="%s", algorithm="MD5"',
265 $realm, $nonce, $opaque );
266 dbg_error_log(
"HTTPAuth", $authheader );
278 $needed_parts = array(
'nonce'=>1,
'nc'=>1,
'cnonce'=>1,
'qop'=>1,
'username'=>1,
'uri'=>1,
'response'=>1);
281 preg_match_all(
'{(\w+)="([^"]+)"}', $auth_header, $matches, PREG_SET_ORDER);
282 foreach ($matches as $m) {
284 $data[$m[1]] = $m[2];
285 unset($needed_parts[$m[1]]);
286 dbg_error_log(
"HTTPAuth",
'Received: %s: %s', $m[1], $m[2] );
289 preg_match_all(
'{(\w+)=([^" ,]+)}', $auth_header, $matches, PREG_SET_ORDER);
290 foreach ($matches as $m) {
292 $data[$m[1]] = $m[2];
293 unset($needed_parts[$m[1]]);
294 dbg_error_log(
"HTTPAuth",
'Received: %s: %s', $m[1], $m[2] );
298 @dbg_error_log(
"HTTPAuth",
'Received: nonce: %s, nc: %s, cnonce: %s, qop: %s, username: %s, uri: %s, response: %s',
299 $data[
'nonce'], $data[
'nc'], $data[
'cnonce'], $data[
'qop'], $data[
'username'], $data[
'uri'], $data[
'response']
301 return $needed_parts ? false : $data;
312 if(isset($c->login_append_domain_if_missing) && $c->login_append_domain_if_missing && !preg_match(
'/@/',$username))
313 $username.=
'@'.$c->domain_name;
315 if ( !isset($c->authenticate_hook) || !isset($c->authenticate_hook[
'call'])
316 || !function_exists($c->authenticate_hook[
'call'])
317 || (isset($c->authenticate_hook[
'optional']) && $c->authenticate_hook[
'optional']) )
319 if ( $principal =
new Principal(
'username', $username) ) {
320 if ( isset($c->dbg[
'password']) ) dbg_error_log(
"password",
":CheckPassword: Name:%s, Pass:%s, File:%s, Active:%s", $username, $password, $principal->password, ($principal->user_active?
'Yes':
'No') );
321 if ( $principal->user_active && session_validate_password( $password, $principal->password ) ) {
327 if ( isset($c->authenticate_hook) && isset($c->authenticate_hook[
'call']) && function_exists($c->authenticate_hook[
'call']) ) {
339 $principal = call_user_func( $c->authenticate_hook[
'call'], $username, $password );
340 if ( $principal !==
false && !($principal instanceof
Principal) ) {
341 $principal =
new Principal(
'username', $username);
383 if ( is_string($principal) ) $principal =
new Principal(
'username',$principal);
384 if ( get_class($principal) !=
'Principal' ) {
385 $principal =
new Principal(
'username',$principal->username);
388 if ( !get_class($principal) ==
'Principal' ) {
389 throw new Exception(
'HTTPAuthSession::AssignSessionDetails could not find a Principal object');
391 $this->username = $principal->username();
392 $this->user_no = $principal->user_no();
393 $this->principal_id = $principal->principal_id();
394 $this->email = $principal->email();
395 $this->fullname = $principal->fullname;
396 $this->dav_name = $principal->dav_name();
397 $this->principal = $principal;
400 $this->logged_in =
true;
401 if ( function_exists(
"awl_set_locale") && isset($this->locale) && $this->locale !=
"" ) {
402 awl_set_locale($this->locale);