ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
Public Member Functions | Data Fields
Auth_HTTP Class Reference
+ Inheritance diagram for Auth_HTTP:
+ Collaboration diagram for Auth_HTTP:

Public Member Functions

 Auth_HTTP ($storageDriver, $options='')
 Constructor. More...
 
 assignData ()
 Assign values from $PHP_AUTH_USER and $PHP_AUTH_PW or 'Authorization' header to internal variables and sets the session id based on them. More...
 
 login ()
 Login function. More...
 
 drawLogin ($username="")
 Launch the login box. More...
 
 setRealm ($realm, $digestRealm='')
 Set name of the current realm. More...
 
 setCancelText ($text)
 Set the text to send if user hits the cancel button. More...
 
 validateDigest ($response, $a1)
 judge if the client response is valid. More...
 
 _judgeStale ($nonce)
 judge if nonce from client is stale. More...
 
 _decodeNonce ($nonce, &$time, &$hash)
 decode nonce string More...
 
 _getNonce ()
 return nonce to detect timeout More...
 
 authenticationInfo ($contentMD5='')
 output HTTP Authentication-Info header More...
 
 setOption ($name, $value=null)
 set authentication option More...
 
 getOption ($name)
 get authentication option More...
 
 selfURI ()
 get self URI More...
 
- Public Member Functions inherited from Auth
 Auth ($storageDriver, $options='', $loginFunction='', $showLogin=true)
 Constructor. More...
 
applyAuthOptions (&$options)
 Set the Auth options. More...
 
 _loadStorage ()
 Load Storage Driver if not already loaded. More...
 
 assignData ()
 Assign data from login form to internal values. More...
 
 start ()
 Start new auth session. More...
 
 login ()
 Login function. More...
 
 setExpire ($time, $add=false)
 Set the maximum expire time. More...
 
 setIdle ($time, $add=false)
 Set the maximum idle time. More...
 
 setSessionName ($name='session')
 Set name of the session to a customized value. More...
 
 setShowLogin ($showLogin=true)
 Should the login form be displayed if neccessary? More...
 
 setAllowLogin ($allowLogin=true)
 Should the login form be displayed if neccessary? More...
 
 setCheckAuthCallback ($checkAuthCallback)
 Register a callback function to be called whenever the validity of the login is checked The function will receive two parameters, the username and a reference to the auth object. More...
 
 setLoginCallback ($loginCallback)
 Register a callback function to be called on user login. More...
 
 setFailedLoginCallback ($loginFailedCallback)
 Register a callback function to be called on failed user login. More...
 
 setLogoutCallback ($logoutCallback)
 Register a callback function to be called on user logout. More...
 
 setAuthData ($name, $value, $overwrite=true)
 Register additional information that is to be stored in the session. More...
 
 getAuthData ($name=null)
 Get additional information that is stored in the session. More...
 
 setAuth ($username)
 Register variable in a session telling that the user has logged in successfully. More...
 
 setAdvancedSecurity ($flag=true)
 Enables advanced security checks. More...
 
 checkAuth ()
 Checks if there is a session with valid auth information. More...
 
 getAuth ()
 Has the user been authenticated? More...
 
 logout ()
 Logout function. More...
 
 updateIdle ()
 Update the idletime. More...
 
 getUsername ()
 Get the username. More...
 
 getStatus ()
 Get the current status. More...
 
 getPostUsernameField ()
 Gets the post varible used for the username. More...
 
 getPostPasswordField ()
 Gets the post varible used for the username. More...
 
 sessionValidThru ()
 Returns the time up to the session is valid. More...
 
 listUsers ()
 List all users that are currently available in the storage container. More...
 
 addUser ($username, $password, $additional='')
 Add user to the storage container. More...
 
 removeUser ($username)
 Remove user from the storage container. More...
 
 changePassword ($username, $password)
 Change password for user in the storage container. More...
 
 log ($message, $level=AUTH_LOG_DEBUG)
 Log a message from the Auth system. More...
 
 _loadLogger ()
 Load Log object if not already loaded. More...
 
 attachLogObserver (&$observer)
 Attach an Observer to the Auth Log Source. More...
 
 _isAdvancedSecurityEnabled ($feature=null)
 Is advanced security enabled? More...
 
- Public Member Functions inherited from ilAuthBase
 getSubStatus ()
 Get sub status. More...
 
 setSubStatus ($a_sub_status)
 Set sub status. More...
 
 supportsRedirects ()
 Returns true, if the current auth mode allows redirects to e.g the login screen, public section ... More...
 
 getContainer ()
 Get container object. More...
 
 getExceededUserName ()
 

Data Fields

 $authType = 'basic'
 
 $realm = "protected area"
 
 $CancelText = "Error 401 - Access denied"
 
 $options = array()
 
 $stale = false
 
 $opaque = 'dummy'
 
 $uri = ''
 
 $auth = array()
 
 $nextNonce = ''
 
 $nonce = ''
 
 $server
 
 $post
 
 $cookie
 
- Data Fields inherited from Auth
 $expire = 0
 
 $expired = false
 
 $idle = 0
 
 $idled = false
 
 $storage = ''
 
 $loginFunction = ''
 
 $showLogin = true
 
 $allowLogin = true
 
 $status = ''
 
 $username = ''
 
 $password = ''
 
 $checkAuthCallback = ''
 
 $loginCallback = ''
 
 $loginFailedCallback = ''
 
 $logoutCallback = ''
 
 $_sessionName = '_authsession'
 
 $version = "@version@"
 
 $advancedsecurity = false
 
 $_postUsername = 'username'
 
 $_postPassword = 'password'
 
 $session
 
 $server
 
 $post
 
 $cookie
 
 $authdata
 
 $authChecks = 0
 
 $logger = null
 
 $enableLogging = false
 
 $regenerateSessionId = false
 

Additional Inherited Members

- Static Public Member Functions inherited from Auth
_factory ($driver, $options='')
 Return a storage driver based on $driver and $options. More...
 
 staticCheckAuth ($options=null)
 Statically checks if there is a session with valid auth information. More...
 
- Protected Member Functions inherited from ilAuthBase
 initAuth ()
 Init auth object Enable logging, set callbacks... More...
 
 loginObserver ($a_username, $a_auth)
 Called after successful login. More...
 
 checkExceededLoginAttempts (\ilObjUser $user)
 
 failedLoginObserver ($a_username, $a_auth)
 Called after failed login. More...
 
 checkAuthObserver ($a_username, $a_auth)
 Called after each check auth request. More...
 
 logoutObserver ($a_username, $a_auth)
 Called after logout. More...
 
- Protected Attributes inherited from ilAuthBase
 $sub_status = null
 
 $exceeded_user_name
 

Detailed Description

Definition at line 54 of file HTTP.php.

Member Function Documentation

◆ _decodeNonce()

Auth_HTTP::_decodeNonce (   $nonce,
$time,
$hash 
)

decode nonce string

private

Parameters
string$noncenonce value from client
string$timedecoded time
string$hashdecoded hash
Returns
bool false if nonce is invalid

Definition at line 628 of file HTTP.php.

References AUTH_HTTP_NONCE_HASH_LEN, and AUTH_HTTP_NONCE_TIME_LEN.

Referenced by _judgeStale().

629  {
630  if (method_exists($this, '_importGlobalVariable')) {
631  $this->server = &$this->_importGlobalVariable('server');
632  }
633 
634  if (strlen($nonce) != AUTH_HTTP_NONCE_TIME_LEN + AUTH_HTTP_NONCE_HASH_LEN) {
635  return false;
636  }
637 
638  $time = base64_decode(substr($nonce, 0, AUTH_HTTP_NONCE_TIME_LEN));
639  $hash_cli = substr($nonce, AUTH_HTTP_NONCE_TIME_LEN, AUTH_HTTP_NONCE_HASH_LEN);
640 
641  $hash = md5($time . $this->server['HTTP_USER_AGENT'] . $this->options['noncekey']);
642 
643  if ($hash_cli != $hash) {
644  return false;
645  }
646 
647  return true;
648  }
Auth_HTTP\$nonce
$nonce
Definition: HTTP.php:139
AUTH_HTTP_NONCE_HASH_LEN
const AUTH_HTTP_NONCE_HASH_LEN
Definition: HTTP.php:27
AUTH_HTTP_NONCE_TIME_LEN
const AUTH_HTTP_NONCE_TIME_LEN
Definition: HTTP.php:26
+ Here is the caller graph for this function:

◆ _getNonce()

Auth_HTTP::_getNonce ( )

return nonce to detect timeout

private

Returns
string nonce value

Definition at line 659 of file HTTP.php.

Referenced by _judgeStale(), and drawLogin().

660  {
661  if (method_exists($this, '_importGlobalVariable')) {
662  $this->server = &$this->_importGlobalVariable('server');
663  }
664 
665  $time = time();
666  $hash = md5($time . $this->server['HTTP_USER_AGENT'] . $this->options['noncekey']);
667 
668  return base64_encode($time) . $hash;
669  }
+ Here is the caller graph for this function:

◆ _judgeStale()

Auth_HTTP::_judgeStale (   $nonce)

judge if nonce from client is stale.

private

Parameters
string$noncenonce value from client
Returns
bool stale

Definition at line 596 of file HTTP.php.

References $nonce, $stale, _decodeNonce(), and _getNonce().

Referenced by assignData().

597  {
598  $stale = false;
599 
600  if(!$this->_decodeNonce($nonce, $time, $hash_cli)) {
601  $this->nextNonce = false;
602  $stale = true;
603  return $stale;
604  }
605 
606  if ($time < time() - $this->options['nonceLife']) {
607  $this->nextNonce = $this->_getNonce();
608  $stale = true;
609  } else {
610  $this->nextNonce = $nonce;
611  }
612 
613  return $stale;
614  }
Auth_HTTP\_decodeNonce
_decodeNonce($nonce, &$time, &$hash)
decode nonce string
Definition: HTTP.php:628
Auth_HTTP\$nonce
$nonce
Definition: HTTP.php:139
Auth_HTTP\$stale
$stale
Definition: HTTP.php:99
Auth_HTTP\_getNonce
_getNonce()
return nonce to detect timeout
Definition: HTTP.php:659
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ assignData()

Auth_HTTP::assignData ( )

Assign values from $PHP_AUTH_USER and $PHP_AUTH_PW or 'Authorization' header to internal variables and sets the session id based on them.

public

Returns
void

Try to get authentication information from IIS

set sessionName for AUTH, so that the sessionName is different for distinct realms

Definition at line 217 of file HTTP.php.

References Auth\$password, Auth\$username, _judgeStale(), PEAR\raiseError(), and selfURI().

218  {
219  if (method_exists($this, '_importGlobalVariable')) {
220  $this->server = &$this->_importGlobalVariable('server');
221  }
222 
223 
224  if ($this->authType == 'basic') {
225  if (!empty($this->server['PHP_AUTH_USER'])) {
226  $this->username = $this->server['PHP_AUTH_USER'];
227  }
228 
229  if (!empty($this->server['PHP_AUTH_PW'])) {
230  $this->password = $this->server['PHP_AUTH_PW'];
231  }
232 
236  if (empty($this->username) && empty($this->password)) {
237  if (!empty($this->server['HTTP_AUTHORIZATION'])) {
238  list($this->username, $this->password) =
239  explode(':', base64_decode(substr($this->server['HTTP_AUTHORIZATION'], 6)));
240  }
241  }
242  } elseif ($this->authType == 'digest') {
243  $this->username = '';
244  $this->password = '';
245 
246  $this->digest_header = null;
247  if (!empty($this->server['PHP_AUTH_DIGEST'])) {
248  $this->digest_header = substr($this->server['PHP_AUTH_DIGEST'],
249  strpos($this->server['PHP_AUTH_DIGEST'],' ')+1);
250  } else {
251  $headers = getallheaders();
252  if(isset($headers['Authorization']) && !empty($headers['Authorization'])) {
253  $this->digest_header = substr($headers['Authorization'],
254  strpos($headers['Authorization'],' ')+1);
255  }
256  }
257 
258  if($this->digest_header) {
259  $authtemp = explode(',', $this->digest_header);
260  $auth = array();
261  foreach($authtemp as $key => $value) {
262  $value = trim($value);
263  if(strpos($value,'=') !== false) {
264  $lhs = substr($value,0,strpos($value,'='));
265  $rhs = substr($value,strpos($value,'=')+1);
266  if(substr($rhs,0,1) == '"' && substr($rhs,-1,1) == '"') {
267  $rhs = substr($rhs,1,-1);
268  }
269  $auth[$lhs] = $rhs;
270  }
271  }
272  }
273  if (!isset($auth['uri']) || !isset($auth['realm'])) {
274  return;
275  }
276 
277  if ($this->selfURI() == $auth['uri']) {
278  $this->uri = $auth['uri'];
279  if (substr($headers['Authorization'],0,7) == 'Digest ') {
280 
281  $this->authType = 'digest';
282 
283  if (!isset($auth['nonce']) || !isset($auth['username']) ||
284  !isset($auth['response']) || !isset($auth['qop']) ||
285  !isset($auth['nc']) || !isset($auth['cnonce'])){
286  return;
287  }
288 
289  if ($auth['qop'] != 'auth' && $auth['qop'] != 'auth-int') {
290  return;
291  }
292 
293  $this->stale = $this->_judgeStale($auth['nonce']);
294 
295  if ($this->nextNonce == false) {
296  return;
297  }
298 
299  $this->username = $auth['username'];
300  $this->password = $auth['response'];
301  $this->auth['nonce'] = $auth['nonce'];
302 
303  $this->auth['qop'] = $auth['qop'];
304  $this->auth['nc'] = $auth['nc'];
305  $this->auth['cnonce'] = $auth['cnonce'];
306 
307  if (isset($auth['opaque'])) {
308  $this->auth['opaque'] = $auth['opaque'];
309  }
310 
311  } elseif (substr($headers['Authorization'],0,6) == 'Basic ') {
312  if ($this->options['forceDigestOnly']) {
313  return; // Basic authentication is not allowed.
314  }
315 
316  $this->authType = 'basic';
317  list($username, $password) =
318  explode(':',base64_decode(substr($headers['Authorization'],6)));
319  $this->username = $username;
320  $this->password = $password;
321  }
322  }
323  } else {
324  return PEAR::raiseError('authType is invalid.');
325  }
326 
327  if ($this->options['sessionSharing'] &&
328  isset($this->username) && isset($this->password)) {
329  session_id(md5('Auth_HTTP' . $this->username . $this->password));
330  }
331 
336  $this->_sessionName = "_authhttp".md5($this->realm);
337  }
Auth\$password
$password
Definition: Auth.php:182
Auth_HTTP\$auth
$auth
Definition: HTTP.php:123
PEAR\raiseError
& raiseError($message=null, $code=null, $mode=null, $options=null, $userinfo=null, $error_class=null, $skipmsg=false)
This method is a wrapper that returns an instance of the configured error class with this object&#39;s de...
Definition: PEAR.php:524
Auth_HTTP\selfURI
selfURI()
get self URI
Definition: HTTP.php:768
Auth_HTTP\_judgeStale
_judgeStale($nonce)
judge if nonce from client is stale.
Definition: HTTP.php:596
Auth\$username
$username
Definition: Auth.php:175
+ Here is the call graph for this function:

◆ Auth_HTTP()

Auth_HTTP::Auth_HTTP (   $storageDriver,
  $options = '' 
)

Constructor.

Parameters
stringType of the storage driver
mixedAdditional options for the storage driver (example: if you are using DB as the storage driver, you have to pass the dsn string here)
Returns
void

Definition at line 173 of file HTTP.php.

References Auth\Auth().

174  {
175  /* set default values for options */
176  $this->options = array('cryptType' => 'md5',
177  'algorithm' => 'MD5',
178  'qop' => 'auth-int,auth',
179  'opaquekey' => 'moo',
180  'noncekey' => 'moo',
181  'digestRealm' => 'protected area',
182  'forceDigestOnly' => false,
183  'nonceLife' => 300,
184  'sessionSharing' => true,
185  );
186 
187  if (!empty($options['authType'])) {
188  $this->authType = strtolower($options['authType']);
189  }
190 
191  if (is_array($options)) {
192  foreach($options as $key => $value) {
193  if (array_key_exists( $key, $this->options)) {
194  $this->options[$key] = $value;
195  }
196  }
197 
198  if (!empty($this->options['opaquekey'])) {
199  $this->opaque = md5($this->options['opaquekey']);
200  }
201  }
202 
203  $this->Auth($storageDriver, $options);
204  }
Auth\Auth
Auth($storageDriver, $options='', $loginFunction='', $showLogin=true)
Constructor.
Definition: Auth.php:335
Auth_HTTP\$options
$options
Definition: HTTP.php:91
+ Here is the call graph for this function:

◆ authenticationInfo()

Auth_HTTP::authenticationInfo (   $contentMD5 = '')

output HTTP Authentication-Info header

md5 hash of contents is required if 'qop' is 'auth-int'

private

Parameters
stringMD5 hash of content

Definition at line 682 of file HTTP.php.

References Auth\getAuth(), and Auth\getAuthData().

Referenced by login().

682  {
683 
684  if($this->getAuth() && ($this->getAuthData('a1') != null)) {
685  $a1 = $this->getAuthData('a1');
686 
687  // Work out authorisation response
688  $a2unhashed = ":".$this->selfURI();
689  if($this->auth['qop'] == 'auth-int') {
690  $a2unhashed .= ':'.$contentMD5;
691  }
692  $a2 = md5($a2unhashed);
693  $combined = $a1.':'.
694  $this->nonce.':'.
695  $this->auth['nc'].':'.
696  $this->auth['cnonce'].':'.
697  $this->auth['qop'].':'.
698  $a2;
699 
700  // Send authentication info
701  $wwwauth = 'Authentication-Info: ';
702  if($this->nonce != $this->nextNonce) {
703  $wwwauth .= 'nextnonce="'.$this->nextNonce.'", ';
704  }
705  $wwwauth .= 'qop='.$this->auth['qop'].', ';
706  $wwwauth .= 'rspauth="'.md5($combined).'", ';
707  $wwwauth .= 'cnonce="'.$this->auth['cnonce'].'", ';
708  $wwwauth .= 'nc='.$this->auth['nc'].'';
709  header($wwwauth);
710  }
711  }
Auth\getAuth
getAuth()
Has the user been authenticated?
Definition: Auth.php:1058
Auth\getAuthData
getAuthData($name=null)
Get additional information that is stored in the session.
Definition: Auth.php:798
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ drawLogin()

Auth_HTTP::drawLogin (   $username = "")

Launch the login box.

Parameters
string$usernameUsername
Returns
void private

Send the header commands

This code is only executed if the user hits the cancel button or if he enters wrong data 3 times.

Definition at line 449 of file HTTP.php.

References $CancelText, _getNonce(), and exit.

Referenced by ilAuthHTTP\failedLoginObserver(), login(), and validateDigest().

450  {
454  if ($this->authType == 'basic') {
455  header("WWW-Authenticate: Basic realm=\"".$this->realm."\"");
456  header('HTTP/1.0 401 Unauthorized');
457  } else if ($this->authType == 'digest') {
458  $this->nonce = $this->_getNonce();
459 
460  $wwwauth = 'WWW-Authenticate: Digest ';
461  $wwwauth .= 'qop="'.$this->options['qop'].'", ';
462  $wwwauth .= 'algorithm='.$this->options['algorithm'].', ';
463  $wwwauth .= 'realm="'.$this->options['digestRealm'].'", ';
464  $wwwauth .= 'nonce="'.$this->nonce.'", ';
465  if ($this->stale) {
466  $wwwauth .= 'stale=true, ';
467  }
468  if (!empty($this->opaque)) {
469  $wwwauth .= 'opaque="'.$this->opaque.'"' ;
470  }
471  $wwwauth .= "\r\n";
472  if (!$this->options['forceDigestOnly']) {
473  $wwwauth .= 'WWW-Authenticate: Basic realm="'.$this->realm.'"';
474  }
475  header($wwwauth);
476  header('HTTP/1.0 401 Unauthorized');
477  }
478 
483  if ($this->stale) {
484  echo 'Stale nonce value, please re-authenticate.';
485  } else {
486  echo $this->CancelText;
487  }
488  exit;
489  }
exit
exit
Definition: login.php:54
Auth_HTTP\$CancelText
$CancelText
Definition: HTTP.php:83
Auth_HTTP\_getNonce
_getNonce()
return nonce to detect timeout
Definition: HTTP.php:659
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getOption()

Auth_HTTP::getOption (   $name)

get authentication option

public

Parameters
string$namekey of option
Returns
mixed option value

Definition at line 746 of file HTTP.php.

References $CancelText, and $realm.

747  {
748  if (array_key_exists( $name, $this->options)) {
749  return $this->options[$name];
750  }
751  if ($name == 'CancelText') {
752  return $this->CancelText;
753  }
754  if ($name == 'Realm') {
755  return $this->realm;
756  }
757  return false;
758  }
Auth_HTTP\$realm
$realm
Definition: HTTP.php:74
Auth_HTTP\$CancelText
$CancelText
Definition: HTTP.php:83

◆ login()

Auth_HTTP::login ( )

Login function.

private

Returns
void

When the user has already entered a username, we have to validate it.

If the login failed or the user entered no username, output the login screen again.

Definition at line 348 of file HTTP.php.

References Auth\$_sessionName, $query, Auth\$storage, Auth\_loadStorage(), AUTH_WRONG_LOGIN, authenticationInfo(), drawLogin(), Auth\getAuth(), Auth\getAuthData(), PEAR\raiseError(), Auth\setAuth(), Auth\setAuthData(), and validateDigest().

349  {
350  $login_ok = false;
351  if (method_exists($this, '_loadStorage')) {
352  $this->_loadStorage();
353  }
354  $this->storage->_auth_obj->_sessionName =& $this->_sessionName;
355 
360  if (!empty($this->username) && !empty($this->password)) {
361  if ($this->authType == 'basic' && !$this->options['forceDigestOnly']) {
362  if (true === $this->storage->fetchData($this->username, $this->password)) {
363  $login_ok = true;
364  }
365  } else { /* digest authentication */
366 
367  if (!$this->getAuth() || $this->getAuthData('a1') == null) {
368  /*
369  * note:
370  * - only PEAR::DB is supported as container.
371  * - password should be stored in container as plain-text
372  * (if $options['cryptType'] == 'none') or
373  * A1 hashed form (md5('username:realm:password'))
374  * (if $options['cryptType'] == 'md5')
375  */
376  $dbs = $this->storage;
377  if (!DB::isConnection($dbs->db)) {
378  $dbs->_connect($dbs->options['dsn']);
379  }
380 
381  $query = 'SELECT '.$dbs->options['passwordcol']." FROM ".$dbs->options['table'].
382  ' WHERE '.$dbs->options['usernamecol']." = '".
383  $dbs->db->quoteString($this->username)."' ";
384 
385  $pwd = $dbs->db->getOne($query); // password stored in container.
386 
387  if (DB::isError($pwd)) {
388  return PEAR::raiseError($pwd->getMessage(), $pwd->getCode());
389  }
390 
391  if ($this->options['cryptType'] == 'none') {
392  $a1 = md5($this->username.':'.$this->options['digestRealm'].':'.$pwd);
393  } else {
394  $a1 = $pwd;
395  }
396 
397  $this->setAuthData('a1', $a1, true);
398  } else {
399  $a1 = $this->getAuthData('a1');
400  }
401 
402  $login_ok = $this->validateDigest($this->password, $a1);
403  if ($this->nextNonce == false) {
404  $login_ok = false;
405  }
406  }
407 
408  if (!$login_ok && is_callable($this->loginFailedCallback)) {
409  call_user_func($this->loginFailedCallback,$this->username, $this);
410  }
411  }
412 
413  if (!empty($this->username) && $login_ok) {
414  $this->setAuth($this->username);
415  if (is_callable($this->loginCallback)) {
416  call_user_func($this->loginCallback,$this->username, $this);
417  }
418  }
419 
424  if (!empty($this->username) && !$login_ok) {
425  $this->status = AUTH_WRONG_LOGIN;
426  }
427 
428  if ((empty($this->username) || !$login_ok) && $this->showLogin) {
429  $this->drawLogin($this->storage->activeUser);
430  return;
431  }
432 
433  if (!empty($this->username) && $login_ok && $this->authType == 'digest'
434  && $this->auth['qop'] == 'auth') {
435  $this->authenticationInfo();
436  }
437  }
Auth\$storage
$storage
Definition: Auth.php:138
Auth_HTTP\drawLogin
drawLogin($username="")
Launch the login box.
Definition: HTTP.php:449
Auth\getAuth
getAuth()
Has the user been authenticated?
Definition: Auth.php:1058
Auth\setAuthData
setAuthData($name, $value, $overwrite=true)
Register additional information that is to be stored in the session.
Definition: Auth.php:777
Auth_HTTP\validateDigest
validateDigest($response, $a1)
judge if the client response is valid.
Definition: HTTP.php:536
Auth\_loadStorage
_loadStorage()
Load Storage Driver if not already loaded.
Definition: Auth.php:443
Auth\getAuthData
getAuthData($name=null)
Get additional information that is stored in the session.
Definition: Auth.php:798
Auth\setAuth
setAuth($username)
Register variable in a session telling that the user has logged in successfully.
Definition: Auth.php:823
PEAR\raiseError
& raiseError($message=null, $code=null, $mode=null, $options=null, $userinfo=null, $error_class=null, $skipmsg=false)
This method is a wrapper that returns an instance of the configured error class with this object&#39;s de...
Definition: PEAR.php:524
AUTH_WRONG_LOGIN
const AUTH_WRONG_LOGIN
Returned if container is unable to authenticate user/password pair.
Definition: Auth.php:38
Auth_HTTP\authenticationInfo
authenticationInfo($contentMD5='')
output HTTP Authentication-Info header
Definition: HTTP.php:682
Auth\$_sessionName
$_sessionName
Definition: Auth.php:221
+ Here is the call graph for this function:

◆ selfURI()

Auth_HTTP::selfURI ( )

get self URI

public

Returns
string self URI

Definition at line 768 of file HTTP.php.

References $uri.

Referenced by assignData(), and validateDigest().

769  {
770  if (method_exists($this, '_importGlobalVariable')) {
771  $this->server = &$this->_importGlobalVariable('server');
772  }
773 
774  if (preg_match("/MSIE/",$this->server['HTTP_USER_AGENT'])) {
775  // query string should be removed for MSIE
776  $uri = preg_replace("/^(.*)\?/","\\1",$this->server['REQUEST_URI']);
777  } else {
778  $uri = $this->server['REQUEST_URI'];
779  }
780  return $uri;
781  }
Auth_HTTP\$uri
$uri
Definition: HTTP.php:115
+ Here is the caller graph for this function:

◆ setCancelText()

Auth_HTTP::setCancelText (   $text)

Set the text to send if user hits the cancel button.

public

Parameters
string$textText to send
Returns
void

Definition at line 520 of file HTTP.php.

References $text.

521  {
522  $this->CancelText = $text;
523  }
$text
$text
Definition: example_020.php:127

◆ setOption()

Auth_HTTP::setOption (   $name,
  $value = null 
)

set authentication option

public

Parameters
mixed$namekey of option
mixed$valuevalue of option
Returns
void

Definition at line 722 of file HTTP.php.

723  {
724  if (is_array($name)) {
725  foreach($name as $key => $value) {
726  if (array_key_exists( $key, $this->options)) {
727  $this->options[$key] = $value;
728  }
729  }
730  } else {
731  if (array_key_exists( $name, $this->options)) {
732  $this->options[$name] = $value;
733  }
734  }
735  }

◆ setRealm()

Auth_HTTP::setRealm (   $realm,
  $digestRealm = '' 
)

Set name of the current realm.

public

Parameters
string$realmName of the realm
string$digestRealmName of the realm for digest authentication
Returns
void

Definition at line 502 of file HTTP.php.

References $realm.

Referenced by ilAuthHTTP\__construct().

503  {
504  $this->realm = $realm;
505  if (!empty($digestRealm)) {
506  $this->options['digestRealm'] = $digestRealm;
507  }
508  }
Auth_HTTP\$realm
$realm
Definition: HTTP.php:74
+ Here is the caller graph for this function:

◆ validateDigest()

Auth_HTTP::validateDigest (   $response,
  $a1 
)

judge if the client response is valid.

private

Parameters
string$responseclient response
string$a1password or hashed password stored in container
Returns
bool true if success, false otherwise

Definition at line 536 of file HTTP.php.

References $GLOBALS, drawLogin(), and selfURI().

Referenced by login().

537  {
538  if (method_exists($this, '_importGlobalVariable')) {
539  $this->server = &$this->_importGlobalVariable('server');
540  }
541 
542  $a2unhashed = $this->server['REQUEST_METHOD'].":".$this->selfURI();
543  if($this->auth['qop'] == 'auth-int') {
544  if(isset($GLOBALS["HTTP_RAW_POST_DATA"])) {
545  // In PHP < 4.3 get raw POST data from this variable
546  $body = $GLOBALS["HTTP_RAW_POST_DATA"];
547  } else if($lines = @file('php://input')) {
548  // In PHP >= 4.3 get raw POST data from this file
549  $body = implode("\n", $lines);
550  } else {
551  if (method_exists($this, '_importGlobalVariable')) {
552  $this->post = &$this->_importGlobalVariable('post');
553  }
554  $body = '';
555  foreach($this->post as $key => $value) {
556  if($body != '') $body .= '&';
557  $body .= rawurlencode($key) . '=' . rawurlencode($value);
558  }
559  }
560 
561  $a2unhashed .= ':'.md5($body);
562  }
563 
564  $a2 = md5($a2unhashed);
565  $combined = $a1.':'.
566  $this->auth['nonce'].':'.
567  $this->auth['nc'].':'.
568  $this->auth['cnonce'].':'.
569  $this->auth['qop'].':'.
570  $a2;
571  $expectedResponse = md5($combined);
572 
573  if(!isset($this->auth['opaque']) || $this->auth['opaque'] == $this->opaque) {
574  if($response == $expectedResponse) { // password is valid
575  if(!$this->stale) {
576  return true;
577  } else {
578  $this->drawLogin();
579  }
580  }
581  }
582 
583  return false;
584  }
Auth_HTTP\drawLogin
drawLogin($username="")
Launch the login box.
Definition: HTTP.php:449
$GLOBALS
$GLOBALS['PHPCAS_CLIENT']
This global variable is used by the interface class phpCAS.
Definition: CAS.php:276
Auth_HTTP\selfURI
selfURI()
get self URI
Definition: HTTP.php:768
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $auth

Auth_HTTP::$auth = array()

Definition at line 123 of file HTTP.php.

◆ $authType

Auth_HTTP::$authType = 'basic'

Definition at line 65 of file HTTP.php.

◆ $CancelText

Auth_HTTP::$CancelText = "Error 401 - Access denied"

Definition at line 83 of file HTTP.php.

Referenced by drawLogin(), and getOption().

◆ $cookie

Auth_HTTP::$cookie

Definition at line 157 of file HTTP.php.

◆ $nextNonce

Auth_HTTP::$nextNonce = ''

Definition at line 131 of file HTTP.php.

◆ $nonce

Auth_HTTP::$nonce = ''

Definition at line 139 of file HTTP.php.

Referenced by _judgeStale().

◆ $opaque

Auth_HTTP::$opaque = 'dummy'

Definition at line 107 of file HTTP.php.

◆ $options

Auth_HTTP::$options = array()

Definition at line 91 of file HTTP.php.

◆ $post

Auth_HTTP::$post

Definition at line 151 of file HTTP.php.

◆ $realm

Auth_HTTP::$realm = "protected area"

Definition at line 74 of file HTTP.php.

Referenced by getOption(), and setRealm().

◆ $server

Auth_HTTP::$server

Definition at line 145 of file HTTP.php.

◆ $stale

Auth_HTTP::$stale = false

Definition at line 99 of file HTTP.php.

Referenced by _judgeStale().

◆ $uri

Auth_HTTP::$uri = ''

Definition at line 115 of file HTTP.php.

Referenced by selfURI().

The documentation for this class was generated from the following file: