Dominique Fournier
235e980250
git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@3752 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
93 lines
3.3 KiB
PHP
93 lines
3.3 KiB
PHP
<?php
|
|
/** DomFramework
|
|
@package domframework
|
|
@author Dominique Fournier <dominique@fournier38.fr> */
|
|
|
|
require_once ("domframework/auth.php");
|
|
|
|
/** User authentication against .htpasswd file
|
|
A .htpasswd can be created by the 'htpasswd' command for Apache, and contain
|
|
toto@toto.com:$2y$05$uHCUNqicE7Pku3MK1qZaDuJxP/pocqCcEAnacZBjsfWgW9EcuG5y2
|
|
*/
|
|
class authhtpasswd extends auth
|
|
{
|
|
/** The .htpasswd file to use for authentication */
|
|
public $htpasswdFile;
|
|
|
|
/** The details to return if the user is authenticated */
|
|
private $details = null;
|
|
|
|
/** There is no real connection to htpasswd */
|
|
public function connect ()
|
|
{
|
|
if (! file_exists ($this->htpasswdFile))
|
|
throw new Exception (sprintf (dgettext("domframework",
|
|
"The HTPasswd file '%s' is not found"),
|
|
$this->htpasswdFile), 500);
|
|
if (! is_readable ($this->htpasswdFile))
|
|
throw new Exception (sprintf (dgettext("domframework",
|
|
"The HTPasswd file '%s' is not readable"),
|
|
$this->htpasswdFile), 500);
|
|
}
|
|
|
|
/** Try to authenticate the email/password of the user
|
|
@param string $email Email to authenticate
|
|
@param string $password Password to authenticate */
|
|
public function authentication ($email, $password)
|
|
{
|
|
// Redo the checks of connect to not have a property to add
|
|
$this->connect ();
|
|
$file = file_get_contents ($this->htpasswdFile);
|
|
$lines = explode ("\n", $file);
|
|
foreach ($lines as $line)
|
|
{
|
|
// Comment line : skip it
|
|
if (isset ($line{0}) && $line{0} === "#")
|
|
continue;
|
|
$line = trim ($line);
|
|
$user = strstr ($line, ":", true);
|
|
$cryptedPassword = substr (strstr ($line, ':'), 1);
|
|
if ($user === $email)
|
|
{
|
|
if (substr ($cryptedPassword, 0, 6) === '$apr1$')
|
|
throw new \Exception (dgettext ("domframework",
|
|
"Invalid format of password"), 500);
|
|
if (crypt ($password, $cryptedPassword) !== $cryptedPassword)
|
|
throw new Exception ("Bad password for '$email'", 401);
|
|
$this->details = array ("email"=>$email);
|
|
return TRUE;
|
|
}
|
|
}
|
|
throw new Exception ("Unable to find the user : '$email'", 401);
|
|
}
|
|
|
|
/** Return all the parameters recorded for the authenticate user */
|
|
public function getdetails ()
|
|
{
|
|
return $this->details;
|
|
}
|
|
|
|
/** Method to change the password
|
|
@param string $oldpassword The old password (to check if the user have the
|
|
rights to change the password)
|
|
@param string $newpassword The new password to be recorded */
|
|
public function changepassword ($oldpassword, $newpassword)
|
|
{
|
|
throw new Exception (dgettext("domframework",
|
|
"The password can't be change for HTPasswd users"),
|
|
405);
|
|
}
|
|
|
|
/** Method to overwrite the password (without oldpassword check)
|
|
Must be reserved to the administrators. For the users, use changepassword
|
|
method
|
|
@param string $email the user identifier to select
|
|
@param string $newpassword The new password to be recorded */
|
|
public function overwritepassword ($email, $newpassword)
|
|
{
|
|
throw new Exception (dgettext("domframework",
|
|
"The password can't be change for HTPasswd users"),
|
|
405);
|
|
}
|
|
}
|