Go to the documentation of this file.00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 {
00004 header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005 echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006 echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007 exit(1);
00008 }
00026 function getSessionData($user_id) {
00027 $user_id=escape($user_id);
00028 $query = "SELECT `user_name`,`user_email`,`user_lastlogin` FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`=$user_id";
00029 $data = mysql_query($query) or die(mysql_error());
00030 $temp = mysql_fetch_assoc($data);
00031 $user_name = $temp['user_name'];
00032 $user_email = $temp['user_email'];
00033 $lastlogin = $temp['user_lastlogin'];
00034
00035 $sessionDataRaw = $user_id . $user_name . $user_email . $lastlogin;
00036 $sessionData = md5($sessionDataRaw);
00037 return $sessionData;
00038 }
00039
00049 function setAuth($user_id) {
00050 global $userId;
00051 $userId = $user_id;
00052 $_SESSION['userId'] = $userId;
00053 $_SESSION['data'] = getSessionData($user_id);
00054 header("location: ".$_SERVER["REQUEST_URI"]);
00055 return $user_id;
00056 }
00057
00065 function checkCookieSupport() {
00066 if(isset($_COOKIE['PHPSESSID']) || (isset($_COOKIE['cookie_support']) && $_COOKIE['cookie_support']=="enabled") ) {
00067 return true;
00068 } else
00069 return false;
00070 }
00071
00079 function showCookieWarning() {
00080 global $cookieSupported;
00081 if($cookieSupported==false) {
00082 displayerror("Cookie support is required beyond this point. <a href=\"http://www.google.com/cookies.html\">Click here</a> to find out " .
00083 "how to enable cookies.");
00084 return true;
00085 }
00086 else
00087 return false;
00088 }
00089
00090 function getUserId() {
00091 global $userId;
00092 return $userId;
00093 }
00094
00100 function firstTimeGetUserId() {
00101 global $cookieSupported;
00102 if($cookieSupported) {
00103 if (isset ($_SESSION['userId'])) {
00104 $user_id = $_SESSION['userId'];
00105 $sessionData = getSessionData($user_id);
00106 if ($_SESSION['data'] == $sessionData) {
00107 if(!isset($_GET['fileget'])) {
00108 global $cookie_timeout,$cookie_path;
00109 setcookie('PHPSESSID',$_COOKIE['PHPSESSID'],time()+$cookie_timeout, $cookie_path);
00110 }
00111 return $user_id;
00112 }
00113 else
00114 resetAuth();
00115 return 0;
00116 } else
00117 resetAuth();
00118 return 0;
00119 } else
00120 resetAuth();
00121 return 0;
00122 }
00123
00131 function getGroupIds($userId) {
00132 $groups = array (
00133 0
00134 );
00135 if ($userId == 0)
00136 return $groups;
00137 else
00138 $groups[] = 1;
00139 $groupQuery = 'SELECT `group_id` FROM `' . MYSQL_DATABASE_PREFIX . 'usergroup` WHERE `user_id` = ' . escape($userId);
00140 $groupQueryResult = mysql_query($groupQuery) or die(mysql_error());
00141 while ($groupQueryResultRow = mysql_fetch_row($groupQueryResult))
00142 $groups[] = $groupQueryResultRow[0];
00143 return $groups;
00144 }
00145
00147 function resetAuth() {
00148 global $userId;
00149 if(isset($_SESSION))
00150 {
00151 unset($_SESSION['userId']);
00152 unset($_SESSION['data']);
00153 unset($_SESSION['forum_lastVisit']);
00154 }
00155 $userId = 0;
00156 return $userId;
00157 }
00158
00159
00160
00161 function checkLogin($login_method,$user_name,$user_email,$user_passwd) {
00162 $login_status=false;
00163 global $authmethods;
00164 switch($login_method)
00165 {
00166 case 'ads':
00167 if($authmethods[$login_method]['status'])
00168 $login_status = my_ads_auth($user_name, $user_passwd);
00169 break;
00170 case 'imap':
00171 if($authmethods[$login_method]['status'])
00172 {
00173 $pos=strpos($user_email,'@');
00174 $user_name1=substr($user_email,0,$pos);
00175
00176 $login_status = my_imap_auth($user_name1, $user_passwd);
00177
00178 }
00179 break;
00180 case 'ldap':
00181 if($authmethods[$login_method]['status'])
00182 $login_status = my_ldap_auth($user_name, $user_passwd);
00183 break;
00185 case 'openid':
00186 $login_status=False;
00187 break;
00188 default:
00189 $temp = getUserInfo($user_email);
00190 if(md5($user_passwd)==$temp['user_password']) {
00191 $login_status = true;
00192 }
00193 }
00194
00195 return $login_status;
00196
00197 }
00198
00199
00200 function quoteIMAP($str)
00201 {
00202 return preg_replace('/'.addcslashes("([\"\\])",'/').'/', "\\1", $str);
00203 }
00204
00205 function my_imap_auth ($username, $password)
00206 {
00207 global $authmethods;
00208 if(!isset($authmethods['imap']['server_address']) || !isset($authmethods['imap']['port']))
00209 displayerror("Please specify IMAP authentication settings completely");
00210
00211 $imap_server_address=$authmethods['imap']['server_address'];
00212 $imap_port=$authmethods['imap']['port'];
00213 $imap_stream = fsockopen($imap_server_address,$imap_port);
00214 if ( !$imap_stream ) {
00215 return false;
00216 }
00217 $server_info = fgets ($imap_stream, 1024);
00218
00219 $query = 'b221 ' . 'LOGIN "' . quoteIMAP($username) . '" "' .quoteIMAP($password) . "\"\r\n";
00220 $read = fputs ($imap_stream, $query);
00221
00222 $response = fgets ($imap_stream, 1024);
00223 $query = 'b222 ' . 'LOGOUT';
00224 $read = fputs ($imap_stream, $query);
00225 fclose($imap_stream);
00226
00227 strtok($response, " ");
00228 $result = strtok(" ");
00229
00230 if($result == "OK")
00231 return TRUE;
00232 else
00233 return FALSE;
00234 }
00235
00237 function my_ldap_auth($uid,$passwd) {
00238 global $authmethods;
00239 if(!isset($authmethods['ldap']['server_address']) || !isset($authmethods['ldap']['search_group']))
00240 displayerror("Please specify LDAP authentication settings completely");
00241
00242 $ds=@ldap_connect($authmethods['ldap']['server_address']);
00243 @ldap_bind($ds);
00244 $dn=get_dn($uid,$ds);
00245 @ldap_unbind($ds);
00246 $ds=@ldap_connect($authmethods['ldap']['server_address']);
00247 if($dn!=false && ldap_bind($ds,$dn,$passwd) && $passwd!='')
00248 return TRUE;
00249 else
00250 return FALSE;
00251 }
00252
00253 function get_dn($uid,$ds) {
00254 $info=@search_user($uid,$ds);
00255 if ($info['count'] == 1)
00256 return $info[0]['dn'];
00257 else
00258 return false;
00259 }
00260
00261 function search_user($uid,$ds) {
00262 global $authmethods;
00263 $sr=@ldap_search($ds, $authmethods['ldap']['search_group'], "uid=$uid");
00264 $info = @ldap_get_entries($ds, $sr);
00265 return $info;
00266 }
00267
00268
00270 function my_ads_auth ($username, $password) {
00271 global $authmethods;
00272 if(!isset($authmethods['ads']['server_address']) || !isset($authmethods['ads']['network_name']))
00273 displayerror("Please specify ADS authentication settings completely");
00274
00275 $ldapconn=@ldap_connect($authmethods['ads']['server_address']);
00276 if($ldapconn) {
00277 $ldap_bind=@ldap_bind($ldapconn, $authmethods['ads']['network_name'].$username, $password);
00278 }
00279 if($ldap_bind && $password!='')
00280 return TRUE;
00281 else
00282 return FALSE;
00283 }
00284
00285