Open Monograph Press: classes/security/Validation.inc.php Source File

00001 <?php
00002 
00016 import('lib.pkp.classes.security.UserGroup');
00017 
00018 class Validation {
00019 
00028    function &login($username, $password, &$reason, $remember = false) {
00029       $implicitAuth = Config::getVar('security', 'implicit_auth');
00030 
00031       $reason = null;
00032       $valid = false;
00033       $userDao =& DAORegistry::getDAO('UserDAO');
00034 
00035       if ($implicitAuth) { // Implicit auth
00036          if (!Validation::isLoggedIn()) {
00037             PluginRegistry::loadCategory('implicitAuth');
00038 
00039             // Call the implicitAuth hook. It will set user.
00040 
00041             HookRegistry::call('ImplicitAuthPlugin::implicitAuth', array(&$user));
00042 
00043             $valid=true;
00044          }
00045       } else { // Regular Auth
00046          $user =& $userDao->getByUsername($username, true);
00047 
00048          if (!isset($user)) {
00049             // User does not exist
00050             return $valid;
00051          }
00052 
00053          if ($user->getAuthId()) {
00054             $authDao =& DAORegistry::getDAO('AuthSourceDAO');
00055             $auth =& $authDao->getPlugin($user->getAuthId());
00056          }
00057 
00058          if (isset($auth)) {
00059             // Validate against remote authentication source
00060             $valid = $auth->authenticate($username, $password);
00061             if ($valid) {
00062                $oldEmail = $user->getEmail();
00063                $auth->doGetUserInfo($user);
00064                if ($user->getEmail() != $oldEmail) {
00065                   // FIXME OMP requires email addresses to be unique; if changed email already exists, ignore
00066                   if ($userDao->userExistsByEmail($user->getEmail())) {
00067                      $user->setEmail($oldEmail);
00068                   }
00069                }
00070             }
00071          } else {
00072             // Validate against OMP user database
00073             $valid = ($user->getPassword() === Validation::encryptCredentials($username, $password));
00074          }
00075       }
00076 
00077       if (!$valid) {
00078          // Login credentials are invalid
00079          return $valid;
00080 
00081       } else {
00082          if ($user->getDisabled()) {
00083             // The user has been disabled.
00084             $reason = $user->getDisabledReason();
00085             if ($reason === null) $reason = '';
00086             $valid = false;
00087             return $valid;
00088          }
00089 
00090          // The user is valid, mark user as logged in in current session
00091          $sessionManager =& SessionManager::getManager();
00092 
00093          // Regenerate session ID first
00094          $sessionManager->regenerateSessionId();
00095 
00096          $session =& $sessionManager->getUserSession();
00097          $session->setSessionVar('userId', $user->getId());
00098          $session->setUserId($user->getId());
00099          $session->setSessionVar('username', $user->getUsername());
00100          $session->setRemember($remember);
00101 
00102          if ($remember && Config::getVar('general', 'session_lifetime') > 0) {
00103             // Update session expiration time
00104             $sessionManager->updateSessionLifetime(time() +  Config::getVar('general', 'session_lifetime') * 86400);
00105          }
00106 
00107          $user->setDateLastLogin(Core::getCurrentDate());
00108          $userDao->updateObject($user);
00109 
00110          return $user;
00111       }
00112    }
00113 
00118    function logout() {
00119       $sessionManager =& SessionManager::getManager();
00120       $session =& $sessionManager->getUserSession();
00121       $session->unsetSessionVar('userId');
00122       $session->unsetSessionVar('signedInAs');
00123       $session->setUserId(null);
00124 
00125       if ($session->getRemember()) {
00126          $session->setRemember(0);
00127          $sessionManager->updateSessionLifetime(0);
00128       }
00129 
00130       $sessionDao =& DAORegistry::getDAO('SessionDAO');
00131       $sessionDao->updateObject($session);
00132 
00133       return true;
00134    }
00135 
00140    function redirectLogin($message = null) {
00141       $args = array();
00142 
00143       if (isset($_SERVER['REQUEST_URI'])) {
00144          $args['source'] = $_SERVER['REQUEST_URI'];
00145       }
00146       if ($message !== null) {
00147          $args['loginMessage'] = $message;
00148       }
00149 
00150       Request::redirect(null, 'login', null, null, $args);
00151    }
00152 
00159    function checkCredentials($username, $password) {
00160       $userDao =& DAORegistry::getDAO('UserDAO');
00161       $user =& $userDao->getByUsername($username, false);
00162 
00163       $valid = false;
00164       if (isset($user)) {
00165          if ($user->getAuthId()) {
00166             $authDao =& DAORegistry::getDAO('AuthSourceDAO');
00167             $auth =& $authDao->getPlugin($user->getAuthId());
00168          }
00169 
00170          if (isset($auth)) {
00171             $valid = $auth->authenticate($username, $password);
00172          } else {
00173             $valid = ($user->getPassword() === Validation::encryptCredentials($username, $password));
00174          }
00175       }
00176 
00177       return $valid;
00178    }
00179 
00186    function isAuthorized($roleId, $pressId = 0) {
00187       if (!Validation::isLoggedIn()) {
00188          return false;
00189       }
00190 
00191       if ($pressId === -1) {
00192          // Get press ID from request
00193          $press =& Request::getPress();
00194          $pressId = $press == null ? 0 : $press->getId();
00195       }
00196 
00197       $sessionManager =& SessionManager::getManager();
00198       $session =& $sessionManager->getUserSession();
00199       $user =& $session->getUser();
00200 
00201       $roleDao =& DAORegistry::getDAO('RoleDAO');
00202       return $roleDao->userHasRole($pressId, $user->getId(), $roleId);
00203    }
00204 
00214    function encryptCredentials($username, $password, $encryption = false) {
00215       $valueToEncrypt = $username . $password;
00216 
00217       if ($encryption == false) {
00218          $encryption = Config::getVar('security', 'encryption');
00219       }
00220 
00221       switch ($encryption) {
00222          case 'sha1':
00223             if (function_exists('sha1')) {
00224                return sha1($valueToEncrypt);
00225             }
00226          case 'md5':
00227          default:
00228             return md5($valueToEncrypt);
00229       }
00230    }
00231 
00238    function generatePassword($length = 8) {
00239       $letters = 'abcdefghijkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ';
00240       $numbers = '23456789';
00241 
00242       $password = "";
00243       for ($i=0; $i<$length; $i++) {
00244          $password .= mt_rand(1, 4) == 4 ? $numbers[mt_rand(0,strlen($numbers)-1)] : $letters[mt_rand(0, strlen($letters)-1)];
00245       }
00246       return $password;
00247    }
00248 
00254    function generatePasswordResetHash($userId) {
00255       $userDao =& DAORegistry::getDAO('UserDAO');
00256       if (($user = $userDao->getById($userId)) == null) {
00257          // No such user
00258          return false;
00259       }
00260       return substr(md5($user->getId() . $user->getUsername() . $user->getPassword()), 0, 6);
00261    }
00262 
00267    function suggestUsername($firstName, $lastName) {
00268       $initial = String::substr($firstName, 0, 1);
00269 
00270       $suggestion = String::regexp_replace('/[^a-zA-Z0-9_-]/', '', String::strtolower($initial . $lastName));
00271       $userDao =& DAORegistry::getDAO('UserDAO');
00272       for ($i = ''; $userDao->userExistsByUsername($suggestion . $i); $i++);
00273       return $suggestion . $i;
00274    }
00275 
00280    function isLoggedIn() {
00281       $sessionManager =& SessionManager::getManager();
00282       $session =& $sessionManager->getUserSession();
00283 
00284       $userId = $session->getUserId();
00285       return isset($userId) && !empty($userId);
00286    }
00287 
00292    function isSiteAdmin() {
00293       return Validation::isAuthorized(ROLE_ID_SITE_ADMIN);
00294    }
00295 
00301    function isPressManager($pressId = -1) {
00302       return Validation::isAuthorized(ROLE_ID_PRESS_MANAGER, $pressId);
00303    }
00304 
00310    function isSeriesEditor($pressId = -1) {
00311       return Validation::isAuthorized(ROLE_ID_SERIES_EDITOR, $pressId);
00312    }
00313 
00320    function canAdminister($administeredUserId, $administratorUserId) {
00321       $roleDao =& DAORegistry::getDAO('RoleDAO');
00322 
00323       if ($roleDao->userHasRole(0, $administratorUserId, ROLE_ID_SITE_ADMIN)) return true;
00324 
00325       // Check for administered user group assignments in other presses
00326       // that the administrator user doesn't have a manager role in.
00327       $pressDao =& DAORegistry::getDao('PressDAO');
00328       $presses =& $pressDao->getPresses();
00329       $userGroupDao =& DAORegistry::getDAO('UserGroupDAO');
00330       while(!$presses->eof()) {
00331          $press = $presses->next();
00332          $userGroups = $userGroupDao->getByUserId($administeredUserId, $press->getId());
00333          while (!$userGroups->eof()) {
00334             $userGroup =& $userGroups->next();
00335             if (!$roleDao->userHasRole($userGroup->getContextId(), $administratorUserId, ROLE_ID_PRESS_MANAGER)) {
00336                // Found an assignment: disqualified.
00337                return false;
00338             }
00339             unset($userGroup);
00340          }
00341          unset($press, $userGroups);
00342       }
00343 
00344       // There were no conflicting roles.
00345       return true;
00346    }
00347 }
00348 
00349 ?>