classes/security/Validation.inc.php

Go to the documentation of this file.
00001 <?php
00002 
00015 //$Id$
00016 
00017 import('security.Role');
00018 
00019 class Validation {
00020 
00029    function &login($username, $password, &$reason, $remember = false) {
00030       $reason = null;
00031       $valid = false;
00032       $userDao =& DAORegistry::getDAO('UserDAO');
00033 
00034       $user =& $userDao->getUserByUsername($username, true);
00035 
00036       if (!isset($user)) {
00037          // User does not exist
00038          return $valid;
00039       }
00040 
00041       if ($user->getAuthId()) {
00042          $authDao =& DAORegistry::getDAO('AuthSourceDAO');
00043          $auth =& $authDao->getPlugin($user->getAuthId());
00044       }
00045 
00046       if (isset($auth)) {
00047          // Validate against remote authentication source
00048          $valid = $auth->authenticate($username, $password);
00049          if ($valid) {
00050             $oldEmail = $user->getEmail();
00051             $auth->doGetUserInfo($user);
00052             if ($user->getEmail() != $oldEmail) {
00053                // FIXME OCS requires email addresses to be unique; if changed email already exists, ignore
00054                if ($userDao->userExistsByEmail($user->getEmail())) {
00055                   $user->setEmail($oldEmail);
00056                }
00057             }
00058          }
00059 
00060       } else {
00061          // Validate against OCS user database
00062          $valid = ($user->getPassword() === Validation::encryptCredentials($username, $password));
00063       }
00064 
00065       if (!$valid) {
00066          // Login credentials are invalid
00067          return $valid;
00068 
00069       } else {
00070          if ($user->getDisabled()) {
00071             // The user has been disabled.
00072             $reason = $user->getDisabledReason();
00073             if ($reason === null) $reason = '';
00074             $valid = false;
00075             return $valid;
00076          }
00077 
00078          // The user is valid, mark user as logged in in current session
00079          $sessionManager =& SessionManager::getManager();
00080 
00081          // Regenerate session ID first
00082          $sessionManager->regenerateSessionId();
00083 
00084          $session =& $sessionManager->getUserSession();
00085          $session->setSessionVar('userId', $user->getId());
00086          $session->setUserId($user->getId());
00087          $session->setSessionVar('username', $user->getUsername());
00088          $session->setRemember($remember);
00089 
00090          if ($remember && Config::getVar('general', 'session_lifetime') > 0) {
00091             // Update session expiration time
00092             $sessionManager->updateSessionLifetime(time() +  Config::getVar('general', 'session_lifetime') * 86400);
00093          }
00094 
00095          $user->setDateLastLogin(Core::getCurrentDate());
00096          $userDao->updateObject($user);
00097 
00098          return $user;
00099       }
00100    }
00101 
00106    function logout() {
00107       $sessionManager =& SessionManager::getManager();
00108       $session =& $sessionManager->getUserSession();
00109       $session->unsetSessionVar('userId');
00110       $session->unsetSessionVar('signedInAs');
00111       $session->setUserId(null);
00112 
00113       if ($session->getRemember()) {
00114          $session->setRemember(0);
00115          $sessionManager->updateSessionLifetime(0);
00116       }
00117 
00118       $sessionDao =& DAORegistry::getDAO('SessionDAO');
00119       $sessionDao->updateObject($session);
00120 
00121       return true;
00122    }
00123 
00127    function redirectLogin($message = null, $args = array()) {
00128 
00129       if (isset($_SERVER['REQUEST_URI'])) {
00130          $args['source'] = $_SERVER['REQUEST_URI'];
00131       }
00132       if ($message !== null) {
00133          $args['loginMessage'] = $message;
00134       }
00135 
00136       Request::redirect(null, null, 'login', null, null, $args);
00137    }
00138 
00145    function checkCredentials($username, $password) {
00146       $userDao =& DAORegistry::getDAO('UserDAO');
00147       $user =& $userDao->getUserByUsername($username, false);
00148 
00149       $valid = false;
00150       if (isset($user)) {
00151          if ($user->getAuthId()) {
00152             $authDao =& DAORegistry::getDAO('AuthSourceDAO');
00153             $auth =& $authDao->getPlugin($user->getAuthId());
00154          }
00155 
00156          if (isset($auth)) {
00157             $valid = $auth->authenticate($username, $password);
00158          } else {
00159             $valid = ($user->getPassword() === Validation::encryptCredentials($username, $password));
00160          }
00161       }
00162 
00163       return $valid;
00164    }
00165 
00172    function isAuthorized($roleId, $conferenceId = 0, $schedConfId = 0) {
00173       if (!Validation::isLoggedIn()) {
00174          return false;
00175       }
00176 
00177       if ($conferenceId === -1) {
00178          // Get conference ID from request
00179          $conference =& Request::getConference();
00180          $conferenceId = $conference ? $conference->getId() : 0;
00181       }
00182 
00183       if ($schedConfId === -1) {
00184          // Get scheduled conference ID from request
00185          $schedConf =& Request::getSchedConf();
00186          $schedConfId = $schedConf ? $schedConf->getId() : 0;
00187       }
00188 
00189       $sessionManager =& SessionManager::getManager();
00190       $session =& $sessionManager->getUserSession();
00191       $user =& $session->getUser();
00192 
00193       $roleDao =& DAORegistry::getDAO('RoleDAO');
00194       return $roleDao->roleExists($conferenceId, $schedConfId, $user->getId(), $roleId);
00195    }
00196 
00206    function encryptCredentials($username, $password, $encryption = false) {
00207       $valueToEncrypt = $username . $password;
00208 
00209       if ($encryption == false) {
00210          $encryption = Config::getVar('security', 'encryption');
00211       }
00212 
00213       switch ($encryption) {
00214          case 'sha1':
00215             if (function_exists('sha1')) {
00216                return sha1($valueToEncrypt);
00217             }
00218          case 'md5':
00219          default:
00220             return md5($valueToEncrypt);
00221       }
00222    }
00223 
00230    function generatePassword($length = 8) {
00231       $letters = 'abcdefghijkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ';
00232       $numbers = '23456789';
00233 
00234       $password = "";
00235       for ($i=0; $i<$length; $i++) {
00236          $password .= mt_rand(1, 4) == 4 ? $numbers[mt_rand(0,strlen($numbers)-1)] : $letters[mt_rand(0, strlen($letters)-1)];
00237       }
00238       return $password;
00239    }
00240 
00246    function generatePasswordResetHash($userId) {
00247       $userDao =& DAORegistry::getDAO('UserDAO');
00248       if (($user = $userDao->getUser($userId)) == null) {
00249          // No such user
00250          return false;
00251       }
00252       return substr(md5($user->getId() . $user->getUsername() . $user->getPassword()), 0, 6);
00253    }
00254 
00259    function suggestUsername($firstName, $lastName) {
00260       $initial = String::substr($firstName, 0, 1);
00261 
00262       $suggestion = String::regexp_replace('/[^a-zA-Z0-9_-]/', '', String::strtolower($initial . $lastName));
00263       $userDao =& DAORegistry::getDAO('UserDAO');
00264       for ($i = ''; $userDao->userExistsByUsername($suggestion . $i); $i++);
00265       return $suggestion . $i;
00266    }
00267 
00272    function isLoggedIn() {
00273       $sessionManager =& SessionManager::getManager();
00274       $session =& $sessionManager->getUserSession();
00275 
00276       $userId = $session->getUserId();
00277       return isset($userId) && !empty($userId);
00278    }
00279 
00284    function isSiteAdmin() {
00285       return Validation::isAuthorized(ROLE_ID_SITE_ADMIN, 0, 0);
00286    }
00287 
00293    function isConferenceManager($conferenceId = -1) {
00294       return Validation::isAuthorized(ROLE_ID_CONFERENCE_MANAGER, $conferenceId, 0);
00295    }
00296 
00302    function isDirector($conferenceId = -1, $schedConfId = -1) {
00303       return Validation::isAuthorized(ROLE_ID_DIRECTOR, $conferenceId, $schedConfId);
00304    }
00305 
00311    function isTrackDirector($conferenceId = -1, $schedConfId = -1) {
00312       return Validation::isAuthorized(ROLE_ID_TRACK_DIRECTOR, $conferenceId, $schedConfId);
00313    }
00314 
00320    function isReviewer($conferenceId = -1, $schedConfId = -1) {
00321       return Validation::isAuthorized(ROLE_ID_REVIEWER, $conferenceId, $schedConfId);
00322    }
00323 
00329    function isAuthor($conferenceId = -1, $schedConfId = -1) {
00330       return Validation::isAuthorized(ROLE_ID_AUTHOR, $conferenceId, $schedConfId);
00331    }
00332 
00338    function isReader($conferenceId = -1, $schedConfId = -1) {
00339       return Validation::isAuthorized(ROLE_ID_READER, $conferenceId, $schedConfId);
00340    }
00341 
00348    function canAdminister($conferenceId, $userId) {
00349 
00350       if (Validation::isSiteAdmin()) return true;
00351       if (!Validation::isConferenceManager($conferenceId)) return false;
00352 
00353       // Check for roles in other conferences that this user
00354       // doesn't have administrative rights over.
00355       $roleDao =& DAORegistry::getDAO('RoleDAO');
00356       $roles =& $roleDao->getRolesByUserId($userId);
00357       foreach ($roles as $role) {
00358          // Other user cannot be site admin
00359          if ($role->getRoleId() == ROLE_ID_SITE_ADMIN) return false;
00360 
00361          if($role->getConferenceId() != $conferenceId) {
00362             // Other conferences: We must have admin privileges there too
00363             if (!Validation::isConferenceManager($role->getConferenceId())) {
00364                return false;
00365             }
00366          }
00367       }
00368       return true;
00369    }
00370 }
00371 
00372 ?>

Generated on 25 Jul 2013 for Open Conference Systems by  doxygen 1.4.7