[geeklog-cvs] Auth_Enterprise/Enterprise/Server DB.php,1.6,1.7 PasswordGenerator.php,1.1,1.2
jellybob at iowaoutdoors.org
jellybob at iowaoutdoors.org
Sun Jul 11 23:06:11 EDT 2004
Update of /var/cvs/Auth_Enterprise/Enterprise/Server
In directory www:/tmp/cvs-serv10601/Enterprise/Server
Modified Files:
DB.php PasswordGenerator.php
Log Message:
Moved the password generation options from the global server configuration
($gConf) to a "passwords" element in the options array for a server instance.
Index: DB.php
===================================================================
RCS file: /var/cvs/Auth_Enterprise/Enterprise/Server/DB.php,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** DB.php 9 Jul 2004 15:34:34 -0000 1.6
--- DB.php 12 Jul 2004 03:06:07 -0000 1.7
***************
*** 108,135 ****
}
! /**
! * Authenticates a user
! *
! * There is a long calling chain from the client end to this point but,
! * finally, this is where the real work gets done. This method will authenticate
! * a user against a DBMS that is supported by PEAR::DB
! *
! * @author Tony Bibbs <tony at geeklog.net>
! * @access public
! * @param string $appId App user is authenticating to
! * @param string $userName ID of user trying to log in
! * @param string $password Password to try logging in with
! * @return object AEServiceUser Object *reference* or PEAR::Error
! *
! */
! public function authenticate($userName, $password)
{
- //$encryptedPass = MD5($password);
- $encryptedPass = $password;
-
$prepStmt = $this->db->prepare('SELECT user_name,user_password,user_account_locked,
user_failed_attempts,user_pwd_last_set FROM ae_user
! WHERE user_name = ? AND user_password = ?');
! $result = $this->db->execute($prepStmt, array($userName, $encryptedPass));
if (DB::isError($result)) {
--- 108,129 ----
}
! /**
! * Gets a user object.
! *
! * This methods should be overridden by providers to return a user object.
! *
! * Returns false if the user doesn't exist.
! *
! * @author Jon Wood <jon at jellybob.co.uk>
! * @access protected
! * @param string $username The user to get.
! * @return Auth_Enterprise_ServiceUser|false Either a user object, or false if the didn't exist.
! */
! protected function &getUser($userName)
{
$prepStmt = $this->db->prepare('SELECT user_name,user_password,user_account_locked,
user_failed_attempts,user_pwd_last_set FROM ae_user
! WHERE user_name = ?');
! $result = $this->db->execute($prepStmt, array($userName));
if (DB::isError($result)) {
***************
*** 138,219 ****
if ($result->numRows() > 0) {
! $user = $this->mapResultToUserObject($result);
} else {
! // Invalid credentials, try to update the failed attempts for the user. I say try
! // because the username could be invalid
! try {
! $this->incrementFailedAttempts($userName);
! } catch (AESQLException $e) {
! throw $e;
! }
!
! throw new AEInvalidUserCredentials();
! }
!
! // Ensure the account hasn't been locked
! if ($user->getAccountLocked()) {
! throw new AEAccountLocked();
! }
!
! // Check to see if password has expired.
! if ($user->isPasswordExpired()) {
! throw new AEPasswordExpired();
! }
! $user->setAppId($this->options['appId']);
!
! try {
! // We get the groups as those will be sent back in user object
! $user->setGroups($this->getGroups($user->getUserName()));
! $user->setPrivileges($this->getPrivileges($user->getUserName()));
! } catch (AESQLException $e) {
! throw $e;
! } catch (Exception $e) {
! throw $e;
}
-
- $this->isAuthenticated = true;
- $this->_user = $user;
-
- return $user;
}
/**
! * Creates a user account
! *
! * Allows calling applications to create a new user account. NOTE: username's are case
! * insensitive. This is achieved by converting them all to uppercase. Passwords are case
! * sensitive.
! *
! * @author Tony Bibbs <tony at geeklog.net>
! * @access public
! * @param string $appId App user is authenticating to
! * @param string $userName Username of user trying to log in
! * @param string $password Password for new user
! *
! */
! public function createAccountByAdmin($adminUserName, $adminUserPass, $userName, $password)
{
- // Make sure admin is authenticated
- if (!$this->isAuthenticated) {
- try {
- $userObj = $this->authenticate($adminUserName, $adminUserPass);
- } catch (AESQLException $e) {
- throw $e;
- } catch (AEAccountLocked $e) {
- throw new AEAccountLocked('Administrator\'s account is locked');
- } catch (AEPasswordExpired $e) {
- throw new AEPasswordExpired('Administrator\'s password has expired');
- }
- }
-
// Begin a SQL transaction if we can
if ($this->db->provides('transactions')) {
- print 'starting transaction...<br>';
$this->db->autoCommit(false);
}
- // Don't forget to encrypt the password at some point
- //$encryptedPass = MD5($password);
- $encryptedPass = $password;
$prepStmt = $this->db->prepare('INSERT INTO ae_user (user_name, user_password,
user_account_locked, user_failed_attempts, user_pwd_last_set, user_creation_date,
--- 132,158 ----
if ($result->numRows() > 0) {
! return $this->mapResultToUserObject($result);
} else {
! return false;
}
}
/**
! * Creates a user account in the database.
! *
! * @author Jon Wood <jon at jellybob.co.uk>
! * @access protected
! * @param string $userName The username to assign to the new user.
! * @param string $password The password to assign to the new user.
! * @param string $creator The username of the user creating the new user.
! * @return bool Success/failure
! */
! protected function createAccount($userName, $password, $creator)
{
// Begin a SQL transaction if we can
if ($this->db->provides('transactions')) {
$this->db->autoCommit(false);
}
$prepStmt = $this->db->prepare('INSERT INTO ae_user (user_name, user_password,
user_account_locked, user_failed_attempts, user_pwd_last_set, user_creation_date,
***************
*** 221,226 ****
VALUES (?,?,?,?,?,?,?,?)');
$curTime = time();
! $result = $this->db->execute($prepStmt, array(strtoupper($userName), $encryptedPass, 0, 0
! , $curTime, $curTime, $curTime, strtoupper($adminUserName)));
if (DB::isError($result)) {
// Rollback transaction
--- 160,165 ----
VALUES (?,?,?,?,?,?,?,?)');
$curTime = time();
! $result = $this->db->execute($prepStmt, array(strtoupper($userName), $password, 0, 0
! , $curTime, $curTime, $curTime, strtoupper($creator)));
if (DB::isError($result)) {
// Rollback transaction
***************
*** 231,246 ****
throw new AESQLException($result->toString());
}
! // Add password to history
! try {
! $this->addPasswordToHistory($userName, $password);
! } catch (AESQLException $e) {
// Rollback transaction
if ($this->db->provides('transactions')) {
- print 'rolling back transaction...<br>';
$this->db->rollback();
}
! throw $e;
}
--- 170,210 ----
throw new AESQLException($result->toString());
+ return false;
}
! // Commit transaction
! if ($this->db->provides('transactions')) {
! $this->db->commit();
! $this->db->autoCommit(true);
! }
!
! return true;
! }
!
! /**
! * Delete's a user account.
! *
! * @author Jon Wood <jon at jellybob.co.uk>
! * @access protected
! * @param string $userName The username to delete.
! */
! protected function deleteAccount($userName)
! {
! // Begin a SQL transaction if we can
! if ($this->db->provides('transactions')) {
! $this->db->autoCommit(false);
! }
!
! $prepStmt = $this->db->prepare('DELETE FROM ae_user WHERE user_name=?');
! $result = $this->db->execute($prepStmt, array(strtoupper($userName)));
! if (DB::isError($result)) {
// Rollback transaction
if ($this->db->provides('transactions')) {
$this->db->rollback();
+ $this->db->autoCommit(true);
}
!
! throw new AESQLException($result->toString());
! return false;
}
***************
*** 406,410 ****
public function resetPassword($userName)
{
! $newPassword = Enterprise_PasswordGenerator::generatePassword();
// Begin a SQL transaction if we can
--- 370,374 ----
public function resetPassword($userName)
{
! $newPassword = Auth_Enterprise_PasswordGenerator::generatePassword($this->_options['passwords']);
// Begin a SQL transaction if we can
***************
*** 621,624 ****
--- 585,601 ----
}
+ public function listAppGroupsByAdmin($adminUserName, $adminPassword)
+ {
+ $prepStmt = $this->db->prepare('SELECT *
+ FROM ae_group
+ WHERE grp_app_id = ?');
+ $result = $this->db->execute($prepStmt, array($this->options['appId']));
+ if (DB::isError($result)) {
+ throw new AESQLException($result->toString());
+ }
+
+ return $this->dbResultToGroup($result);
+ }
+
/**
* Gets the groups for a given user on behalf of an administrator
***************
*** 750,754 ****
WHERE grp_app_id = ?
AND grp_id = ?');
! $result = $this->db->execute($prepStmt, array($this->appId, $groupObj->getGroupId()));
if (DB::isError($result)) {
throw new AESQLException($result->toString());
--- 727,731 ----
WHERE grp_app_id = ?
AND grp_id = ?');
! $result = $this->db->execute($prepStmt, array($this->options['appId'], $groupObj->getGroupId()));
if (DB::isError($result)) {
throw new AESQLException($result->toString());
***************
*** 859,864 ****
return $userGroups;
}
! $curGroup = new Enterprise_Group();
! while ($row = $result->fetchRow($this->_fetchMode)) {
$curGroup->setGroupId($row[0]);
$curGroup->setGroupLogicalName($row[2]);
--- 836,841 ----
return $userGroups;
}
! $curGroup = new Auth_Enterprise_Group();
! while ($row = $result->fetchRow()) {
$curGroup->setGroupId($row[0]);
$curGroup->setGroupLogicalName($row[2]);
***************
*** 1051,1054 ****
--- 1028,1057 ----
/**
+ * Converts a PEAR::DB SQL result to group objects
+ *
+ * @author Jon Wood <jon at jellybob.co.uk>
+ * @access public
+ * @param DB_Result $sqlResult PEAR::DB_Result object
+ * @return array Array of Grouo objects
+ *
+ */
+ protected function dbResultToGroup($sqlResult)
+ {
+ $tmpGroup = new Auth_Enterprise_Group();
+ $groupArray = array();
+
+ while($row = $sqlResult->fetchRow()) {
+ $tmpGroup = new Auth_Enterprise_Group();
+ $tmpGroup->setGroupId($row[0]);
+ $tmpGroup->setGroupLogicalName($row[2]);
+ $tmpGroup->setGroupDisplayName($row[3]);
+ $tmpGroup->setGroupDesc($row[4]);
+
+ $groupArray[] = $tmpGroup;
+ }
+ return $groupArray;
+ }
+
+ /**
* Builds AAServiceUser object from SQL result from authenticate
*
Index: PasswordGenerator.php
===================================================================
RCS file: /var/cvs/Auth_Enterprise/Enterprise/Server/PasswordGenerator.php,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** PasswordGenerator.php 8 Jul 2004 14:36:16 -0000 1.1
--- PasswordGenerator.php 12 Jul 2004 03:06:07 -0000 1.2
***************
*** 18,26 ****
/**
- * The Auth_Enterprise server configuration file
- */
- //require_once 'Auth/Enterprise/Server/ServerConfig.php';
-
- /**
* Pull in Auth_Enterprise Exceptions
*/
--- 18,21 ----
***************
*** 35,39 ****
*/
class Auth_Enterprise_PasswordGenerator {
!
/**
* Generates a random password
--- 30,86 ----
*/
class Auth_Enterprise_PasswordGenerator {
! private $_options = array();
!
! /**
! * Constructor
! *
! * @author Jon Wood <jon at jellybob.co.uk>
! * @access public
! */
! public function __construct($options = array())
! {
! if (!isset($options['min_length'])) {
! $options['min_length'] = 6;
! }
!
! if (!isset($options['randompasswordchars'])) {
! $options['randompasswordchars'] = array('a', 'b', 'c', 'd', 'e',
! 'f', 'g', 'h', 'i', 'j',
! 'k', 'l', 'm', 'n', 'o',
! 'p', 'q', 'r', 's', 't',
! 'u', 'v', 'w', 'x', 'y',
! 'z', 'A', 'B', 'C', 'D',
! 'E', 'F', 'G', 'H', 'I',
! 'J', 'K', 'L', 'M', 'N',
! 'O', 'P', 'Q', 'R', 'S',
! 'T', 'U', 'V', 'W', 'X',
! 'Y', 'Z', '1', '2', '3',
! '4', '5', '6', '7', '8',
! '9', '0', '!', '"', '£',
! '$', '%', '^', '*', '(',
! ')', '-', '_', '+', '~',
! ':', ';', '<', '>', ',',
! '.');
! }
!
! if (!isset($options['pw_rule'])) {
! $options['pw_rule'] = array();
! }
!
! if (!isset($options['pw_spell'])) {
! $options['pw_spell'] = false;
! }
!
! if (!isset($options['pw_check'])) {
! $options['pw_check'] = false;
! }
!
! if (!isset($options['pw_dict'])) {
! $options['pw_dict'] = 'en';
! }
!
! $this->_options = $options;
! }
!
/**
* Generates a random password
***************
*** 44,62 ****
*
*/
! public static function generatePassword()
{
- global $gConf;
-
$password = '';
! $len = 0;
!
! if ($gConf['pw_min_length'] >= 6) {
! $len = $gConf['pw_min_length'];
! } else {
! $len = 6;
! }
!
for ($i = 0; $i < $len; $i++) {
! $password .= $gConf['randompasswordchars'][rand(0,count($gConf['randompasswordchars'])-1)];
}
--- 91,101 ----
*
*/
! public function generatePassword()
{
$password = '';
! $len = $this->_options['min_length'];
!
for ($i = 0; $i < $len; $i++) {
! $password .= $this->_options['randompasswordchars'][rand(0,count($this->_options['randompasswordchars'])-1)];
}
***************
*** 76,86 ****
*
*/
! public static function isValidPassword($password)
! {
! global $gConf;
!
! if (is_array($gConf['pw_rule'])) {
! foreach ($gConf['pw_rule'] as $rule) {
! if ($rule['enabled']) {
if (!preg_match($rule['regex'], $password)) {
throw new AEPasswordInvalid("The supplied password does not meet the "
--- 115,123 ----
*
*/
! public function isValidPassword($password)
! {
! if (is_array($this->_options['pw_rule'])) {
! foreach ($this->_options['pw_rule'] as $rule) {
! if (isset($rule['enabled']) && ($rule['enabled'] = true)) {
if (!preg_match($rule['regex'], $password)) {
throw new AEPasswordInvalid("The supplied password does not meet the "
***************
*** 92,96 ****
// Check for dictionary words
! if ($gConf['pw_spell'] && function_exists('pspell_check')) {
// open dictionary
if ( !($pspell_link = pspell_new("en")) ) {
--- 129,133 ----
// Check for dictionary words
! if ($this->_options['pw_spell'] && function_exists('pspell_check')) {
// open dictionary
if ( !($pspell_link = pspell_new("en")) ) {
***************
*** 105,111 ****
// Use cracklib to determine if password is strong
! if ($gConf['pw_crack'] && function_exists('crack_check')) {
// Open CrackLib Dictionary
! if ( !($dictionary = crack_opendict($gConf['crack_dict'])) ) {
throw new AEUnableToConnect('Cannot open libcrack dictionary');
}
--- 142,148 ----
// Use cracklib to determine if password is strong
! if ($this->_options['pw_crack'] && function_exists('crack_check')) {
// Open CrackLib Dictionary
! if ( !($dictionary = crack_opendict($this->_options['crack_dict'])) ) {
throw new AEUnableToConnect('Cannot open libcrack dictionary');
}
More information about the geeklog-cvs
mailing list