ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
Auth_HTTP Class Reference
+ Inheritance diagram for Auth_HTTP:
+ Collaboration diagram for Auth_HTTP:

Public Member Functions

 Auth_HTTP ($storageDriver, $options='')
 Constructor. More...
 
 assignData ()
 Assign values from $PHP_AUTH_USER and $PHP_AUTH_PW or 'Authorization' header to internal variables and sets the session id based on them. More...
 
 login ()
 Login function. More...
 
 drawLogin ($username="")
 Launch the login box. More...
 
 setRealm ($realm, $digestRealm='')
 Set name of the current realm. More...
 
 setCancelText ($text)
 Set the text to send if user hits the cancel button. More...
 
 validateDigest ($response, $a1)
 judge if the client response is valid. More...
 
 _judgeStale ($nonce)
 judge if nonce from client is stale. More...
 
 _decodeNonce ($nonce, &$time, &$hash)
 decode nonce string More...
 
 _getNonce ()
 return nonce to detect timeout More...
 
 authenticationInfo ($contentMD5='')
 output HTTP Authentication-Info header More...
 
 setOption ($name, $value=null)
 set authentication option More...
 
 getOption ($name)
 get authentication option More...
 
 selfURI ()
 get self URI More...
 
- Public Member Functions inherited from Auth
 Auth ($storageDriver, $options='', $loginFunction='', $showLogin=true)
 Constructor. More...
 
applyAuthOptions (&$options)
 Set the Auth options. More...
 
 _loadStorage ()
 Load Storage Driver if not already loaded. More...
 
 assignData ()
 Assign data from login form to internal values. More...
 
 start ()
 Start new auth session. More...
 
 login ()
 Login function. More...
 
 setExpire ($time, $add=false)
 Set the maximum expire time. More...
 
 setIdle ($time, $add=false)
 Set the maximum idle time. More...
 
 setSessionName ($name='session')
 Set name of the session to a customized value. More...
 
 setShowLogin ($showLogin=true)
 Should the login form be displayed if neccessary? More...
 
 setAllowLogin ($allowLogin=true)
 Should the login form be displayed if neccessary? More...
 
 setCheckAuthCallback ($checkAuthCallback)
 Register a callback function to be called whenever the validity of the login is checked The function will receive two parameters, the username and a reference to the auth object. More...
 
 setLoginCallback ($loginCallback)
 Register a callback function to be called on user login. More...
 
 setFailedLoginCallback ($loginFailedCallback)
 Register a callback function to be called on failed user login. More...
 
 setLogoutCallback ($logoutCallback)
 Register a callback function to be called on user logout. More...
 
 setAuthData ($name, $value, $overwrite=true)
 Register additional information that is to be stored in the session. More...
 
 getAuthData ($name=null)
 Get additional information that is stored in the session. More...
 
 setAuth ($username)
 Register variable in a session telling that the user has logged in successfully. More...
 
 setAdvancedSecurity ($flag=true)
 Enables advanced security checks. More...
 
 checkAuth ()
 Checks if there is a session with valid auth information. More...
 
 getAuth ()
 Has the user been authenticated? More...
 
 logout ()
 Logout function. More...
 
 updateIdle ()
 Update the idletime. More...
 
 getUsername ()
 Get the username. More...
 
 getStatus ()
 Get the current status. More...
 
 getPostUsernameField ()
 Gets the post varible used for the username. More...
 
 getPostPasswordField ()
 Gets the post varible used for the username. More...
 
 sessionValidThru ()
 Returns the time up to the session is valid. More...
 
 listUsers ()
 List all users that are currently available in the storage container. More...
 
 addUser ($username, $password, $additional='')
 Add user to the storage container. More...
 
 removeUser ($username)
 Remove user from the storage container. More...
 
 changePassword ($username, $password)
 Change password for user in the storage container. More...
 
 log ($message, $level=AUTH_LOG_DEBUG)
 Log a message from the Auth system. More...
 
 _loadLogger ()
 Load Log object if not already loaded. More...
 
 attachLogObserver (&$observer)
 Attach an Observer to the Auth Log Source. More...
 
 _isAdvancedSecurityEnabled ($feature=null)
 Is advanced security enabled? More...
 
- Public Member Functions inherited from ilAuthBase
 getSubStatus ()
 Get sub status. More...
 
 setSubStatus ($a_sub_status)
 Set sub status. More...
 
 supportsRedirects ()
 Returns true, if the current auth mode allows redirects to e.g the login screen, public section ... More...
 
 getContainer ()
 Get container object. More...
 
 getExceededUserName ()
 

Data Fields

 $authType = 'basic'
 
 $realm = "protected area"
 
 $CancelText = "Error 401 - Access denied"
 
 $options = array()
 
 $stale = false
 
 $opaque = 'dummy'
 
 $uri = ''
 
 $auth = array()
 
 $nextNonce = ''
 
 $nonce = ''
 
 $server
 
 $post
 
 $cookie
 
- Data Fields inherited from Auth
 $expire = 0
 
 $expired = false
 
 $idle = 0
 
 $idled = false
 
 $storage = ''
 
 $loginFunction = ''
 
 $showLogin = true
 
 $allowLogin = true
 
 $status = ''
 
 $username = ''
 
 $password = ''
 
 $checkAuthCallback = ''
 
 $loginCallback = ''
 
 $loginFailedCallback = ''
 
 $logoutCallback = ''
 
 $_sessionName = '_authsession'
 
 $version = "@version@"
 
 $advancedsecurity = false
 
 $_postUsername = 'username'
 
 $_postPassword = 'password'
 
 $session
 
 $server
 
 $post
 
 $cookie
 
 $authdata
 
 $authChecks = 0
 
 $logger = null
 
 $enableLogging = false
 
 $regenerateSessionId = false
 

Additional Inherited Members

- Static Public Member Functions inherited from Auth
_factory ($driver, $options='')
 Return a storage driver based on $driver and $options. More...
 
 staticCheckAuth ($options=null)
 Statically checks if there is a session with valid auth information. More...
 
- Protected Member Functions inherited from ilAuthBase
 initAuth ()
 Init auth object Enable logging, set callbacks... More...
 
 loginObserver ($a_username, $a_auth)
 Called after successful login. More...
 
 checkExceededLoginAttempts (\ilObjUser $user)
 
 failedLoginObserver ($a_username, $a_auth)
 Called after failed login. More...
 
 checkAuthObserver ($a_username, $a_auth)
 Called after each check auth request. More...
 
 logoutObserver ($a_username, $a_auth)
 Called after logout. More...
 
- Protected Attributes inherited from ilAuthBase
 $sub_status = null
 
 $exceeded_user_name
 

Detailed Description

Definition at line 54 of file HTTP.php.

Member Function Documentation

◆ _decodeNonce()

Auth_HTTP::_decodeNonce (   $nonce,
$time,
$hash 
)

decode nonce string

@access private

Parameters
string$noncenonce value from client
string$timedecoded time
string$hashdecoded hash
Returns
bool false if nonce is invalid

Definition at line 628 of file HTTP.php.

629 {
630 if (method_exists($this, '_importGlobalVariable')) {
631 $this->server = &$this->_importGlobalVariable('server');
632 }
633
635 return false;
636 }
637
638 $time = base64_decode(substr($nonce, 0, AUTH_HTTP_NONCE_TIME_LEN));
640
641 $hash = md5($time . $this->server['HTTP_USER_AGENT'] . $this->options['noncekey']);
642
643 if ($hash_cli != $hash) {
644 return false;
645 }
646
647 return true;
648 }
const AUTH_HTTP_NONCE_TIME_LEN
Definition: HTTP.php:26
const AUTH_HTTP_NONCE_HASH_LEN
Definition: HTTP.php:27

References $nonce, AUTH_HTTP_NONCE_HASH_LEN, and AUTH_HTTP_NONCE_TIME_LEN.

Referenced by _judgeStale().

+ Here is the caller graph for this function:

◆ _getNonce()

Auth_HTTP::_getNonce ( )

return nonce to detect timeout

@access private

Returns
string nonce value

Definition at line 659 of file HTTP.php.

660 {
661 if (method_exists($this, '_importGlobalVariable')) {
662 $this->server = &$this->_importGlobalVariable('server');
663 }
664
665 $time = time();
666 $hash = md5($time . $this->server['HTTP_USER_AGENT'] . $this->options['noncekey']);
667
668 return base64_encode($time) . $hash;
669 }

Referenced by _judgeStale(), and drawLogin().

+ Here is the caller graph for this function:

◆ _judgeStale()

Auth_HTTP::_judgeStale (   $nonce)

judge if nonce from client is stale.

@access private

Parameters
string$noncenonce value from client
Returns
bool stale

Definition at line 596 of file HTTP.php.

597 {
598 $stale = false;
599
600 if(!$this->_decodeNonce($nonce, $time, $hash_cli)) {
601 $this->nextNonce = false;
602 $stale = true;
603 return $stale;
604 }
605
606 if ($time < time() - $this->options['nonceLife']) {
607 $this->nextNonce = $this->_getNonce();
608 $stale = true;
609 } else {
610 $this->nextNonce = $nonce;
611 }
612
613 return $stale;
614 }
_getNonce()
return nonce to detect timeout
Definition: HTTP.php:659
_decodeNonce($nonce, &$time, &$hash)
decode nonce string
Definition: HTTP.php:628
$stale
Definition: HTTP.php:99

References $nonce, $stale, _decodeNonce(), and _getNonce().

Referenced by assignData().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ assignData()

Auth_HTTP::assignData ( )

Assign values from $PHP_AUTH_USER and $PHP_AUTH_PW or 'Authorization' header to internal variables and sets the session id based on them.

@access public

Returns
void

Try to get authentication information from IIS

set sessionName for AUTH, so that the sessionName is different for distinct realms

Reimplemented from Auth.

Reimplemented in ilAuthHTTP.

Definition at line 217 of file HTTP.php.

218 {
219 if (method_exists($this, '_importGlobalVariable')) {
220 $this->server = &$this->_importGlobalVariable('server');
221 }
222
223
224 if ($this->authType == 'basic') {
225 if (!empty($this->server['PHP_AUTH_USER'])) {
226 $this->username = $this->server['PHP_AUTH_USER'];
227 }
228
229 if (!empty($this->server['PHP_AUTH_PW'])) {
230 $this->password = $this->server['PHP_AUTH_PW'];
231 }
232
236 if (empty($this->username) && empty($this->password)) {
237 if (!empty($this->server['HTTP_AUTHORIZATION'])) {
238 list($this->username, $this->password) =
239 explode(':', base64_decode(substr($this->server['HTTP_AUTHORIZATION'], 6)));
240 }
241 }
242 } elseif ($this->authType == 'digest') {
243 $this->username = '';
244 $this->password = '';
245
246 $this->digest_header = null;
247 if (!empty($this->server['PHP_AUTH_DIGEST'])) {
248 $this->digest_header = substr($this->server['PHP_AUTH_DIGEST'],
249 strpos($this->server['PHP_AUTH_DIGEST'],' ')+1);
250 } else {
251 $headers = getallheaders();
252 if(isset($headers['Authorization']) && !empty($headers['Authorization'])) {
253 $this->digest_header = substr($headers['Authorization'],
254 strpos($headers['Authorization'],' ')+1);
255 }
256 }
257
258 if($this->digest_header) {
259 $authtemp = explode(',', $this->digest_header);
260 $auth = array();
261 foreach($authtemp as $key => $value) {
262 $value = trim($value);
263 if(strpos($value,'=') !== false) {
264 $lhs = substr($value,0,strpos($value,'='));
265 $rhs = substr($value,strpos($value,'=')+1);
266 if(substr($rhs,0,1) == '"' && substr($rhs,-1,1) == '"') {
267 $rhs = substr($rhs,1,-1);
268 }
269 $auth[$lhs] = $rhs;
270 }
271 }
272 }
273 if (!isset($auth['uri']) || !isset($auth['realm'])) {
274 return;
275 }
276
277 if ($this->selfURI() == $auth['uri']) {
278 $this->uri = $auth['uri'];
279 if (substr($headers['Authorization'],0,7) == 'Digest ') {
280
281 $this->authType = 'digest';
282
283 if (!isset($auth['nonce']) || !isset($auth['username']) ||
284 !isset($auth['response']) || !isset($auth['qop']) ||
285 !isset($auth['nc']) || !isset($auth['cnonce'])){
286 return;
287 }
288
289 if ($auth['qop'] != 'auth' && $auth['qop'] != 'auth-int') {
290 return;
291 }
292
293 $this->stale = $this->_judgeStale($auth['nonce']);
294
295 if ($this->nextNonce == false) {
296 return;
297 }
298
299 $this->username = $auth['username'];
300 $this->password = $auth['response'];
301 $this->auth['nonce'] = $auth['nonce'];
302
303 $this->auth['qop'] = $auth['qop'];
304 $this->auth['nc'] = $auth['nc'];
305 $this->auth['cnonce'] = $auth['cnonce'];
306
307 if (isset($auth['opaque'])) {
308 $this->auth['opaque'] = $auth['opaque'];
309 }
310
311 } elseif (substr($headers['Authorization'],0,6) == 'Basic ') {
312 if ($this->options['forceDigestOnly']) {
313 return; // Basic authentication is not allowed.
314 }
315
316 $this->authType = 'basic';
317 list($username, $password) =
318 explode(':',base64_decode(substr($headers['Authorization'],6)));
319 $this->username = $username;
320 $this->password = $password;
321 }
322 }
323 } else {
324 return PEAR::raiseError('authType is invalid.');
325 }
326
327 if ($this->options['sessionSharing'] &&
328 isset($this->username) && isset($this->password)) {
329 session_id(md5('Auth_HTTP' . $this->username . $this->password));
330 }
331
336 $this->_sessionName = "_authhttp".md5($this->realm);
337 }
_judgeStale($nonce)
judge if nonce from client is stale.
Definition: HTTP.php:596
selfURI()
get self URI
Definition: HTTP.php:768
$username
Definition: Auth.php:175
$password
Definition: Auth.php:182
& raiseError($message=null, $code=null, $mode=null, $options=null, $userinfo=null, $error_class=null, $skipmsg=false)
This method is a wrapper that returns an instance of the configured error class with this object's de...
Definition: PEAR.php:524

References $auth, Auth\$password, Auth\$username, _judgeStale(), PEAR\raiseError(), and selfURI().

+ Here is the call graph for this function:

◆ Auth_HTTP()

Auth_HTTP::Auth_HTTP (   $storageDriver,
  $options = '' 
)

Constructor.

Parameters
stringType of the storage driver
mixedAdditional options for the storage driver (example: if you are using DB as the storage driver, you have to pass the dsn string here)
Returns
void

Definition at line 173 of file HTTP.php.

174 {
175 /* set default values for options */
176 $this->options = array('cryptType' => 'md5',
177 'algorithm' => 'MD5',
178 'qop' => 'auth-int,auth',
179 'opaquekey' => 'moo',
180 'noncekey' => 'moo',
181 'digestRealm' => 'protected area',
182 'forceDigestOnly' => false,
183 'nonceLife' => 300,
184 'sessionSharing' => true,
185 );
186
187 if (!empty($options['authType'])) {
188 $this->authType = strtolower($options['authType']);
189 }
190
191 if (is_array($options)) {
192 foreach($options as $key => $value) {
193 if (array_key_exists( $key, $this->options)) {
194 $this->options[$key] = $value;
195 }
196 }
197
198 if (!empty($this->options['opaquekey'])) {
199 $this->opaque = md5($this->options['opaquekey']);
200 }
201 }
202
203 $this->Auth($storageDriver, $options);
204 }
$options
Definition: HTTP.php:91
Auth($storageDriver, $options='', $loginFunction='', $showLogin=true)
Constructor.
Definition: Auth.php:335

References $options, and Auth\Auth().

+ Here is the call graph for this function:

◆ authenticationInfo()

Auth_HTTP::authenticationInfo (   $contentMD5 = '')

output HTTP Authentication-Info header

@notes md5 hash of contents is required if 'qop' is 'auth-int'

@access private

Parameters
stringMD5 hash of content

Definition at line 682 of file HTTP.php.

682 {
683
684 if($this->getAuth() && ($this->getAuthData('a1') != null)) {
685 $a1 = $this->getAuthData('a1');
686
687 // Work out authorisation response
688 $a2unhashed = ":".$this->selfURI();
689 if($this->auth['qop'] == 'auth-int') {
690 $a2unhashed .= ':'.$contentMD5;
691 }
692 $a2 = md5($a2unhashed);
693 $combined = $a1.':'.
694 $this->nonce.':'.
695 $this->auth['nc'].':'.
696 $this->auth['cnonce'].':'.
697 $this->auth['qop'].':'.
698 $a2;
699
700 // Send authentication info
701 $wwwauth = 'Authentication-Info: ';
702 if($this->nonce != $this->nextNonce) {
703 $wwwauth .= 'nextnonce="'.$this->nextNonce.'", ';
704 }
705 $wwwauth .= 'qop='.$this->auth['qop'].', ';
706 $wwwauth .= 'rspauth="'.md5($combined).'", ';
707 $wwwauth .= 'cnonce="'.$this->auth['cnonce'].'", ';
708 $wwwauth .= 'nc='.$this->auth['nc'].'';
709 header($wwwauth);
710 }
711 }
getAuthData($name=null)
Get additional information that is stored in the session.
Definition: Auth.php:798
getAuth()
Has the user been authenticated?
Definition: Auth.php:1058

References Auth\getAuth(), and Auth\getAuthData().

Referenced by login().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ drawLogin()

Auth_HTTP::drawLogin (   $username = "")

Launch the login box.

Parameters
string$usernameUsername
Returns
void @access private

Send the header commands

This code is only executed if the user hits the cancel button or if he enters wrong data 3 times.

Definition at line 449 of file HTTP.php.

450 {
454 if ($this->authType == 'basic') {
455 header("WWW-Authenticate: Basic realm=\"".$this->realm."\"");
456 header('HTTP/1.0 401 Unauthorized');
457 } else if ($this->authType == 'digest') {
458 $this->nonce = $this->_getNonce();
459
460 $wwwauth = 'WWW-Authenticate: Digest ';
461 $wwwauth .= 'qop="'.$this->options['qop'].'", ';
462 $wwwauth .= 'algorithm='.$this->options['algorithm'].', ';
463 $wwwauth .= 'realm="'.$this->options['digestRealm'].'", ';
464 $wwwauth .= 'nonce="'.$this->nonce.'", ';
465 if ($this->stale) {
466 $wwwauth .= 'stale=true, ';
467 }
468 if (!empty($this->opaque)) {
469 $wwwauth .= 'opaque="'.$this->opaque.'"' ;
470 }
471 $wwwauth .= "\r\n";
472 if (!$this->options['forceDigestOnly']) {
473 $wwwauth .= 'WWW-Authenticate: Basic realm="'.$this->realm.'"';
474 }
475 header($wwwauth);
476 header('HTTP/1.0 401 Unauthorized');
477 }
478
483 if ($this->stale) {
484 echo 'Stale nonce value, please re-authenticate.';
485 } else {
487 }
488 exit;
489 }
$CancelText
Definition: HTTP.php:83
exit
Definition: login.php:54

References $CancelText, _getNonce(), and exit.

Referenced by ilAuthHTTP\failedLoginObserver(), login(), and validateDigest().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getOption()

Auth_HTTP::getOption (   $name)

get authentication option

@access public

Parameters
string$namekey of option
Returns
mixed option value

Definition at line 746 of file HTTP.php.

747 {
748 if (array_key_exists( $name, $this->options)) {
749 return $this->options[$name];
750 }
751 if ($name == 'CancelText') {
752 return $this->CancelText;
753 }
754 if ($name == 'Realm') {
755 return $this->realm;
756 }
757 return false;
758 }
$realm
Definition: HTTP.php:74

References $CancelText, and $realm.

◆ login()

Auth_HTTP::login ( )

Login function.

@access private

Returns
void

When the user has already entered a username, we have to validate it.

If the login failed or the user entered no username, output the login screen again.

Reimplemented from Auth.

Definition at line 348 of file HTTP.php.

349 {
350 $login_ok = false;
351 if (method_exists($this, '_loadStorage')) {
352 $this->_loadStorage();
353 }
354 $this->storage->_auth_obj->_sessionName =& $this->_sessionName;
355
360 if (!empty($this->username) && !empty($this->password)) {
361 if ($this->authType == 'basic' && !$this->options['forceDigestOnly']) {
362 if (true === $this->storage->fetchData($this->username, $this->password)) {
363 $login_ok = true;
364 }
365 } else { /* digest authentication */
366
367 if (!$this->getAuth() || $this->getAuthData('a1') == null) {
368 /*
369 * note:
370 * - only PEAR::DB is supported as container.
371 * - password should be stored in container as plain-text
372 * (if $options['cryptType'] == 'none') or
373 * A1 hashed form (md5('username:realm:password'))
374 * (if $options['cryptType'] == 'md5')
375 */
376 $dbs = $this->storage;
377 if (!DB::isConnection($dbs->db)) {
378 $dbs->_connect($dbs->options['dsn']);
379 }
380
381 $query = 'SELECT '.$dbs->options['passwordcol']." FROM ".$dbs->options['table'].
382 ' WHERE '.$dbs->options['usernamecol']." = '".
383 $dbs->db->quoteString($this->username)."' ";
384
385 $pwd = $dbs->db->getOne($query); // password stored in container.
386
387 if (DB::isError($pwd)) {
388 return PEAR::raiseError($pwd->getMessage(), $pwd->getCode());
389 }
390
391 if ($this->options['cryptType'] == 'none') {
392 $a1 = md5($this->username.':'.$this->options['digestRealm'].':'.$pwd);
393 } else {
394 $a1 = $pwd;
395 }
396
397 $this->setAuthData('a1', $a1, true);
398 } else {
399 $a1 = $this->getAuthData('a1');
400 }
401
402 $login_ok = $this->validateDigest($this->password, $a1);
403 if ($this->nextNonce == false) {
404 $login_ok = false;
405 }
406 }
407
408 if (!$login_ok && is_callable($this->loginFailedCallback)) {
409 call_user_func($this->loginFailedCallback,$this->username, $this);
410 }
411 }
412
413 if (!empty($this->username) && $login_ok) {
414 $this->setAuth($this->username);
415 if (is_callable($this->loginCallback)) {
416 call_user_func($this->loginCallback,$this->username, $this);
417 }
418 }
419
424 if (!empty($this->username) && !$login_ok) {
425 $this->status = AUTH_WRONG_LOGIN;
426 }
427
428 if ((empty($this->username) || !$login_ok) && $this->showLogin) {
429 $this->drawLogin($this->storage->activeUser);
430 return;
431 }
432
433 if (!empty($this->username) && $login_ok && $this->authType == 'digest'
434 && $this->auth['qop'] == 'auth') {
435 $this->authenticationInfo();
436 }
437 }
const AUTH_WRONG_LOGIN
Returned if container is unable to authenticate user/password pair.
Definition: Auth.php:38
validateDigest($response, $a1)
judge if the client response is valid.
Definition: HTTP.php:536
authenticationInfo($contentMD5='')
output HTTP Authentication-Info header
Definition: HTTP.php:682
drawLogin($username="")
Launch the login box.
Definition: HTTP.php:449
setAuth($username)
Register variable in a session telling that the user has logged in successfully.
Definition: Auth.php:823
$storage
Definition: Auth.php:138
_loadStorage()
Load Storage Driver if not already loaded.
Definition: Auth.php:443
$_sessionName
Definition: Auth.php:221
setAuthData($name, $value, $overwrite=true)
Register additional information that is to be stored in the session.
Definition: Auth.php:777

References Auth\$_sessionName, $query, Auth\$storage, Auth\_loadStorage(), AUTH_WRONG_LOGIN, authenticationInfo(), drawLogin(), Auth\getAuth(), Auth\getAuthData(), PEAR\raiseError(), Auth\setAuth(), Auth\setAuthData(), and validateDigest().

+ Here is the call graph for this function:

◆ selfURI()

Auth_HTTP::selfURI ( )

get self URI

@access public

Returns
string self URI

Definition at line 768 of file HTTP.php.

769 {
770 if (method_exists($this, '_importGlobalVariable')) {
771 $this->server = &$this->_importGlobalVariable('server');
772 }
773
774 if (preg_match("/MSIE/",$this->server['HTTP_USER_AGENT'])) {
775 // query string should be removed for MSIE
776 $uri = preg_replace("/^(.*)\?/","\\1",$this->server['REQUEST_URI']);
777 } else {
778 $uri = $this->server['REQUEST_URI'];
779 }
780 return $uri;
781 }

References $uri.

Referenced by assignData(), and validateDigest().

+ Here is the caller graph for this function:

◆ setCancelText()

Auth_HTTP::setCancelText (   $text)

Set the text to send if user hits the cancel button.

@access public

Parameters
string$textText to send
Returns
void

Definition at line 520 of file HTTP.php.

521 {
522 $this->CancelText = $text;
523 }
$text

References $text.

◆ setOption()

Auth_HTTP::setOption (   $name,
  $value = null 
)

set authentication option

@access public

Parameters
mixed$namekey of option
mixed$valuevalue of option
Returns
void

Definition at line 722 of file HTTP.php.

723 {
724 if (is_array($name)) {
725 foreach($name as $key => $value) {
726 if (array_key_exists( $key, $this->options)) {
727 $this->options[$key] = $value;
728 }
729 }
730 } else {
731 if (array_key_exists( $name, $this->options)) {
732 $this->options[$name] = $value;
733 }
734 }
735 }

◆ setRealm()

Auth_HTTP::setRealm (   $realm,
  $digestRealm = '' 
)

Set name of the current realm.

@access public

Parameters
string$realmName of the realm
string$digestRealmName of the realm for digest authentication
Returns
void

Definition at line 502 of file HTTP.php.

503 {
504 $this->realm = $realm;
505 if (!empty($digestRealm)) {
506 $this->options['digestRealm'] = $digestRealm;
507 }
508 }

References $realm.

Referenced by ilAuthHTTP\__construct().

+ Here is the caller graph for this function:

◆ validateDigest()

Auth_HTTP::validateDigest (   $response,
  $a1 
)

judge if the client response is valid.

@access private

Parameters
string$responseclient response
string$a1password or hashed password stored in container
Returns
bool true if success, false otherwise

Definition at line 536 of file HTTP.php.

537 {
538 if (method_exists($this, '_importGlobalVariable')) {
539 $this->server = &$this->_importGlobalVariable('server');
540 }
541
542 $a2unhashed = $this->server['REQUEST_METHOD'].":".$this->selfURI();
543 if($this->auth['qop'] == 'auth-int') {
544 if(isset($GLOBALS["HTTP_RAW_POST_DATA"])) {
545 // In PHP < 4.3 get raw POST data from this variable
546 $body = $GLOBALS["HTTP_RAW_POST_DATA"];
547 } else if($lines = @file('php://input')) {
548 // In PHP >= 4.3 get raw POST data from this file
549 $body = implode("\n", $lines);
550 } else {
551 if (method_exists($this, '_importGlobalVariable')) {
552 $this->post = &$this->_importGlobalVariable('post');
553 }
554 $body = '';
555 foreach($this->post as $key => $value) {
556 if($body != '') $body .= '&';
557 $body .= rawurlencode($key) . '=' . rawurlencode($value);
558 }
559 }
560
561 $a2unhashed .= ':'.md5($body);
562 }
563
564 $a2 = md5($a2unhashed);
565 $combined = $a1.':'.
566 $this->auth['nonce'].':'.
567 $this->auth['nc'].':'.
568 $this->auth['cnonce'].':'.
569 $this->auth['qop'].':'.
570 $a2;
571 $expectedResponse = md5($combined);
572
573 if(!isset($this->auth['opaque']) || $this->auth['opaque'] == $this->opaque) {
574 if($response == $expectedResponse) { // password is valid
575 if(!$this->stale) {
576 return true;
577 } else {
578 $this->drawLogin();
579 }
580 }
581 }
582
583 return false;
584 }
$GLOBALS['PHPCAS_CLIENT']
This global variable is used by the interface class phpCAS.
Definition: CAS.php:276

References $GLOBALS, drawLogin(), and selfURI().

Referenced by login().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $auth

Auth_HTTP::$auth = array()

Definition at line 123 of file HTTP.php.

Referenced by assignData().

◆ $authType

Auth_HTTP::$authType = 'basic'

Definition at line 65 of file HTTP.php.

◆ $CancelText

Auth_HTTP::$CancelText = "Error 401 - Access denied"

Definition at line 83 of file HTTP.php.

Referenced by drawLogin(), and getOption().

◆ $cookie

Auth_HTTP::$cookie

Definition at line 157 of file HTTP.php.

◆ $nextNonce

Auth_HTTP::$nextNonce = ''

Definition at line 131 of file HTTP.php.

◆ $nonce

Auth_HTTP::$nonce = ''

Definition at line 139 of file HTTP.php.

Referenced by _decodeNonce(), and _judgeStale().

◆ $opaque

Auth_HTTP::$opaque = 'dummy'

Definition at line 107 of file HTTP.php.

◆ $options

Auth_HTTP::$options = array()

Definition at line 91 of file HTTP.php.

Referenced by Auth_HTTP().

◆ $post

Auth_HTTP::$post

Definition at line 151 of file HTTP.php.

◆ $realm

Auth_HTTP::$realm = "protected area"

Definition at line 74 of file HTTP.php.

Referenced by getOption(), and setRealm().

◆ $server

Auth_HTTP::$server

Definition at line 145 of file HTTP.php.

◆ $stale

Auth_HTTP::$stale = false

Definition at line 99 of file HTTP.php.

Referenced by _judgeStale().

◆ $uri

Auth_HTTP::$uri = ''

Definition at line 115 of file HTTP.php.

Referenced by selfURI().


The documentation for this class was generated from the following file: