Go to the documentation of this file.00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 {
00004 header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005 echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006 echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007 exit(1);
00008 }
00018 function getSessionData($user_id) {
00019 $user_id=escape($user_id);
00020 $query = "SELECT `user_name`,`user_email`,`user_lastlogin` FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`=$user_id";
00021 $data = mysql_query($query) or die(mysql_error());
00022 $temp = mysql_fetch_assoc($data);
00023 $user_name = $temp['user_name'];
00024 $user_email = $temp['user_email'];
00025 $lastlogin = $temp['user_lastlogin'];
00026
00027 $sessionDataRaw = $user_id . $user_name . $user_email . $lastlogin;
00028 $sessionData = md5($sessionDataRaw);
00029 return $sessionData;
00030 }
00031
00033 function setAuth($user_id) {
00034 global $userId;
00035 $userId = $user_id;
00036 $_SESSION['userId'] = $userId;
00037 $_SESSION['data'] = getSessionData($user_id);
00038 header("location: ".$_SERVER["REQUEST_URI"]);
00039 return $user_id;
00040 }
00041
00042 function checkCookieSupport() {
00043 if(isset($_COOKIE['PHPSESSID']) || (isset($_COOKIE['cookie_support']) && $_COOKIE['cookie_support']=="enabled") ) {
00044 return true;
00045 } else
00046 return false;
00047 }
00048
00049 function showCookieWarning() {
00050 global $cookieSupported;
00051 if($cookieSupported==false) {
00052 displayerror("Cookie support is required beyond this point. <a href=\"http://www.google.com/cookies.html\">Click here</a> to find out " .
00053 "how to enable cookies.");
00054 return true;
00055 }
00056 else
00057 return false;
00058 }
00059
00060 function getUserId() {
00061 global $userId;
00062 return $userId;
00063 }
00064
00070 function firstTimeGetUserId() {
00071 global $cookieSupported;
00072 if($cookieSupported) {
00073 if (isset ($_SESSION['userId'])) {
00074 $user_id = $_SESSION['userId'];
00075 $sessionData = getSessionData($user_id);
00076 if ($_SESSION['data'] == $sessionData) {
00077 if(!isset($_GET['fileget'])) {
00078 global $cookie_timeout,$cookie_path;
00079 setcookie('PHPSESSID',$_COOKIE['PHPSESSID'],time()+$cookie_timeout, $cookie_path);
00080 }
00081 return $user_id;
00082 }
00083 else
00084 resetAuth();
00085 return 0;
00086 } else
00087 resetAuth();
00088 return 0;
00089 } else
00090 resetAuth();
00091 return 0;
00092 }
00093
00098 function getGroupIds($userId) {
00099 $groups = array (
00100 0
00101 );
00102 if ($userId == 0)
00103 return $groups;
00104 else
00105 $groups[] = 1;
00106 $groupQuery = 'SELECT `group_id` FROM `' . MYSQL_DATABASE_PREFIX . 'usergroup` WHERE `user_id` = ' . escape($userId);
00107 $groupQueryResult = mysql_query($groupQuery) or die(mysql_error());
00108 while ($groupQueryResultRow = mysql_fetch_row($groupQueryResult))
00109 $groups[] = $groupQueryResultRow[0];
00110 return $groups;
00111 }
00112
00114 function resetAuth() {
00115 global $userId;
00116 if(isset($_SESSION))
00117 {
00118 unset($_SESSION['userId']);
00119 unset($_SESSION['data']);
00120 unset($_SESSION['forum_lastVisit']);
00121 }
00122 $userId = 0;
00123 return $userId;
00124 }
00125
00126
00127
00128 function checkLogin($login_method,$user_name,$user_email,$user_passwd) {
00129 $login_status=false;
00130 global $authmethods;
00131 switch($login_method)
00132 {
00133 case 'ads':
00134 if($authmethods[$login_method]['status'])
00135 $login_status = my_ads_auth($user_name, $user_passwd);
00136 break;
00137 case 'imap':
00138 if($authmethods[$login_method]['status'])
00139 {
00140 $pos=strpos($user_email,'@');
00141 $user_name1=substr($user_email,0,$pos);
00142
00143 $login_status = my_imap_auth($user_name1, $user_passwd);
00144
00145 }
00146 break;
00147 case 'ldap':
00148 if($authmethods[$login_method]['status'])
00149 $login_status = my_ldap_auth($user_name, $user_passwd);
00150 break;
00152 case 'openid':
00153 $login_status=False;
00154 break;
00155 default:
00156 $temp = getUserInfo($user_email);
00157 if(md5($user_passwd)==$temp['user_password']) {
00158 $login_status = true;
00159 }
00160 }
00161
00162 return $login_status;
00163
00164 }
00165
00166
00167 function quoteIMAP($str)
00168 {
00169 return ereg_replace("([\"\\])", "\\1", $str);
00170 }
00171
00172 function my_imap_auth ($username, $password)
00173 {
00174 global $authmethods;
00175 if(!isset($authmethods['imap']['server_address']) || !isset($authmethods['imap']['port']))
00176 displayerror("Please specify IMAP authentication settings completely");
00177
00178 $imap_server_address=$authmethods['imap']['server_address'];
00179 $imap_port=$authmethods['imap']['port'];
00180 $imap_stream = fsockopen($imap_server_address,$imap_port);
00181 if ( !$imap_stream ) {
00182 return false;
00183 }
00184 $server_info = fgets ($imap_stream, 1024);
00185
00186 $query = 'b221 ' . 'LOGIN "' . quoteIMAP($username) . '" "' .quoteIMAP($password) . "\"\r\n";
00187 $read = fputs ($imap_stream, $query);
00188
00189 $response = fgets ($imap_stream, 1024);
00190 $query = 'b222 ' . 'LOGOUT';
00191 $read = fputs ($imap_stream, $query);
00192 fclose($imap_stream);
00193
00194 strtok($response, " ");
00195 $result = strtok(" ");
00196
00197 if($result == "OK")
00198 return TRUE;
00199 else
00200 return FALSE;
00201 }
00202
00204 function my_ldap_auth($uid,$passwd) {
00205 global $authmethods;
00206 if(!isset($authmethods['ldap']['server_address']) || !isset($authmethods['ldap']['search_group']))
00207 displayerror("Please specify LDAP authentication settings completely");
00208
00209 $ds=@ldap_connect($authmethods['ldap']['server_address']);
00210 @ldap_bind($ds);
00211 $dn=get_dn($uid,$ds);
00212 @ldap_unbind($ds);
00213 $ds=@ldap_connect($authmethods['ldap']['server_address']);
00214 if($dn!=false && ldap_bind($ds,$dn,$passwd) && $passwd!='')
00215 return TRUE;
00216 else
00217 return FALSE;
00218 }
00219
00220 function get_dn($uid,$ds) {
00221 $info=@search_user($uid,$ds);
00222 if ($info['count'] == 1)
00223 return $info[0]['dn'];
00224 else
00225 return false;
00226 }
00227
00228 function search_user($uid,$ds) {
00229 global $authmethods;
00230 $sr=@ldap_search($ds, $authmethods['ldap']['search_group'], "uid=$uid");
00231 $info = @ldap_get_entries($ds, $sr);
00232 return $info;
00233 }
00234
00235
00237 function my_ads_auth ($username, $password) {
00238 global $authmethods;
00239 if(!isset($authmethods['ads']['server_address']) || !isset($authmethods['ads']['network_name']))
00240 displayerror("Please specify ADS authentication settings completely");
00241
00242 $ldapconn=@ldap_connect($authmethods['ads']['server_address']);
00243 if($ldapconn) {
00244 $ldap_bind=@ldap_bind($ldapconn, $authmethods['ads']['network_name'].$username, $password);
00245 }
00246 if($ldap_bind && $password!='')
00247 return TRUE;
00248 else
00249 return FALSE;
00250 }
00251
00252