sql.auth.class.inc

groupoffice

<?php
/**
 * @copyright Copyright &copy; Intermesh 2003
 * @version $Revision: 1.18 $ $Date: 2006/04/10 13:21:10 $
 * 
 * @author Markus Schabel <markus.schabel@tgm.ac.at>
 * @author Merijn Schering <mschering@intermesh.nl>

   This file is part of Group-Office.

   Group-Office is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.

   Group-Office is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with Group-Office; if not, write to the Free Software
   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA

 * @package Framework
 * @subpackage Usermanagement
 * @category Authentication
 */

/*
 * This file is overriding some of the functions that are defined in the
 * base_auth class. So we need to include this class.
 */
require_once( $GO_CONFIG->class_path.'base/base.auth.class.inc' );

/**
 * Implementation of GroupOffice Authentication.
 * 
 * This class provides the login-function for the Group-Office SQL database,
 * which is the default authentication mechanism.
 * 
 * @package Framework
 * @subpackage Usermanagement
 * @category Authentication
 * 
 * @access protected
 * 
 * @uses base_auth
 */
class sql_auth extends base_auth
{
	/**
	 * Authenticate the user against the Group-Office SQL database.
	 * 
	 * This function authenticates a given user and password against the SQL
	 * database. First it checks if the username and the given password are
	 * available inside the database. The it fetches the userid number of the
	 * found user. When an error (or authentication failure) occours, the
	 * function returns null.
	 * 
	 * @access private
	 * 
	 * @param string $username is the username we should authenticate.
	 * @param string $password is the user's password, we should use.
	 * 
	 * @return int the userid number of the given user if the authentication
	 * was successfull and we were able to fetch the ID, true if we were able
	 * to authenticate the user, but got no ID, and null if the authentication
	 * has failed.
	 */
	function authenticate( $username, $password ) {
		// Query the database for the given username with the associated
		// password. We only need to get the userid from the database, all
		// other columns are not interesting for the authentication.
		$sql = 'SELECT id FROM users WHERE ' .
				"username='$username' AND password='".md5($password)."' " .
				"AND enabled='1'";
		$this->query($sql);

		// Check how many results we got from the search above. If we got more
		// than one result, something is wrong, and we should not authenticate
		// the given user.
		if ( $this->num_rows() != 1 ) {
			return null;
		}

		// Check if we got a valid result from the SQL database. Otherwise the
		// login has failed.
		if  ( !$this->next_record() ) {
			return null;
		}
		// Fetch the userid number from the database
		$user_id = $this->f('id');

		// Check if we were able to fetch an user_id. If we were not able, this
		// means that the authentication was successful, but the database has
		// no user_id number stored for the given user, so we return true.
		if ( $user_id == null ) {
			return true;
		}

		// Check if the userid number is valid. If it is not, the login should
		// fail.
		if ( $user_id < 1 ) {
			return null;
		}
		
		// There were not problems, so we can return the userid number.
		return $user_id;
	}

	/**
	 * This function logs a user in
	 *
	 * @access public
	 * 
	 * @param string $username
	 * @param string $password
	 * @param array $params	The authentication source specified in auth_sources.inc
	 * 
	 * @return bool true if the login was possible, false otherwise.
	 */
	function login( $username, $password, $params=array() ) {
		global $GO_SECURITY;
		$GO_SECURITY->user_id = 0;

		// Authenticate the user.
		$user_id = $this->authenticate( $username, $password );
		// Check if the authentication was successful, otherwise exit.
		if ( $user_id == null ) {
			return false;
		}

		/*
		 * Check if the authentication backend database is the same as the
		 * user management database. If they are the same, we should check if
		 * we got a vaild user_id number from the authentication and proceed.
		 * Otherwise (they are different), we add the user to the UM database.
		 */
		// TODO the above ;-)

		// Actualise session and other necessary things.
		$this->updateAfterLogin( $user_id );

		return true;
	}
}
?>