Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.

Builtin.php 5.5KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202
  1. <?php
  2. /**
  3. *
  4. * Built-in authentication module. Uses VirtualBox's set/getExtraData capability
  5. * to store / retrieve user credentials. Called from API when authentication
  6. * functions are requested.
  7. *
  8. * @author Ian Moore (imoore76 at yahoo dot com)
  9. * @copyright Copyright (C) 2010-2015 Ian Moore (imoore76 at yahoo dot com)
  10. * @version $Id: Builtin.php 595 2015-04-17 09:50:36Z imoore76 $
  11. * @package phpVirtualBox
  12. * @see vboxconnector
  13. *
  14. */
  15. class phpvbAuthBuiltin implements phpvbAuth {
  16. /**
  17. *
  18. * A list of capabilities describing this authentication module.
  19. * @var array capability values:
  20. * @var boolean canChangePassword
  21. * @var boolean canModifyUsers
  22. * @var boolean canLogout
  23. *
  24. */
  25. var $capabilities = array(
  26. 'canChangePassword' => true,
  27. 'canModifyUsers' => true,
  28. 'canLogout' => true
  29. );
  30. /**
  31. *
  32. * Log in function. Populates $_SESSION
  33. * @param string $username user name
  34. * @param string $password password
  35. */
  36. function login($username, $password)
  37. {
  38. global $_SESSION;
  39. $vbox = new vboxconnector(true);
  40. $vbox->skipSessionCheck = true;
  41. $vbox->connect();
  42. $p = $vbox->vbox->getExtraData('phpvb/users/'.$username.'/pass');
  43. // Check for initial login
  44. if($username == 'admin' && !$p && !$vbox->vbox->getExtraData('phpvb/usersSetup')) {
  45. $vbox->vbox->setExtraData('phpvb/usersSetup','1');
  46. $vbox->vbox->setExtraData('phpvb/users/'.$username.'/pass', hash('sha512', 'admin'));
  47. $vbox->vbox->setExtraData('phpvb/users/'.$username.'/admin', '1');
  48. $p = hash('sha512', 'admin');
  49. }
  50. if($p == hash('sha512', $password)) {
  51. $_SESSION['valid'] = true;
  52. $_SESSION['user'] = $username;
  53. $_SESSION['admin'] = intval($vbox->vbox->getExtraData('phpvb/users/'.$username.'/admin'));
  54. $_SESSION['authCheckHeartbeat'] = time();
  55. $_SESSION['uHash'] = $p;
  56. }
  57. }
  58. /**
  59. *
  60. * Change password function.
  61. * @param string $old old password
  62. * @param string $new new password
  63. * @return boolean true on success
  64. */
  65. function changePassword($old, $new)
  66. {
  67. global $_SESSION;
  68. // Use main / auth server
  69. $vbox = new vboxconnector(true);
  70. $vbox->connect();
  71. $p = $vbox->vbox->getExtraData('phpvb/users/'.$_SESSION['user'].'/pass');
  72. if($p == hash('sha512', $old)) {
  73. $np = hash('sha512', $new);
  74. $vbox->vbox->setExtraData('phpvb/users/'.$_SESSION['user'].'/pass', $np);
  75. $response['data']['result'] = 1;
  76. $_SESSION['uHash'] = $np;
  77. return true;
  78. }
  79. return false;
  80. }
  81. /**
  82. *
  83. * Revalidate login info and set authCheckHeartbeat session variable.
  84. * @param vboxconnector $vbox vboxconnector object instance
  85. */
  86. function heartbeat($vbox)
  87. {
  88. global $_SESSION;
  89. // Check to see if we only have 1 server or are already connected
  90. // to the authentication master server
  91. if(@$vbox->settings->authMaster || count($vbox->settings->servers) == 1) {
  92. $vbcheck = &$vbox;
  93. } else {
  94. $vbcheck = new vboxconnector(true);
  95. }
  96. $vbcheck->connect();
  97. $p = $vbcheck->vbox->getExtraData('phpvb/users/'.$_SESSION['user'].'/pass');
  98. if(!@$p || @$_SESSION['uHash'] != $p) {
  99. if(function_exists('session_destroy')) session_destroy();
  100. unset($_SESSION['valid']);
  101. } else {
  102. $_SESSION['admin'] = intval($vbcheck->vbox->getExtraData('phpvb/users/'.$_SESSION['user'].'/admin'));
  103. $_SESSION['authCheckHeartbeat'] = time();
  104. }
  105. if(!@$_SESSION['valid'])
  106. throw new Exception(trans('Not logged in.','UIUsers'), vboxconnector::PHPVB_ERRNO_FATAL);
  107. }
  108. /**
  109. *
  110. * Log out user present in $_SESSION
  111. * @param array $response response passed byref by API and populated within function
  112. */
  113. function logout(&$response)
  114. {
  115. global $_SESSION;
  116. if(function_exists('session_destroy')) session_destroy();
  117. else unset($_SESSION['valid']);
  118. $response['data']['result'] = 1;
  119. }
  120. /**
  121. *
  122. * Return a list of users
  123. * @return array list of users
  124. */
  125. function listUsers()
  126. {
  127. $response = array();
  128. // Use main / auth server
  129. $vbox = new vboxconnector(true);
  130. $vbox->connect();
  131. $keys = $vbox->vbox->getExtraDataKeys();
  132. foreach($keys as $k) {
  133. if(strpos($k,'phpvb/users/') === 0) {
  134. $user = substr($k,12,strpos($k,'/',13)-12);
  135. if(isset($response[$user])) continue;
  136. $admin = intval($vbox->vbox->getExtraData('phpvb/users/'.$user.'/admin'));
  137. $response[$user] = array('username'=>$user,'admin'=>$admin);
  138. }
  139. }
  140. return $response;
  141. }
  142. /**
  143. *
  144. * Update user information such as password and admin status
  145. * @param array $vboxRequest request passed from API representing the request. Contains user, password and administration level.
  146. * @param boolean $skipExistCheck Do not check that the user exists first. Essentially, if this is set and the user does not exist, it is added.
  147. */
  148. function updateUser($vboxRequest, $skipExistCheck)
  149. {
  150. global $_SESSION;
  151. // Must be an admin
  152. if(!$_SESSION['admin'])
  153. return;
  154. // Use main / auth server
  155. $vbox = new vboxconnector(true);
  156. $vbox->connect();
  157. // See if it exists
  158. if(!$skipExistCheck && $vbox->vbox->getExtraData('phpvb/users/'.$vboxRequest['u'].'/pass'))
  159. return;
  160. if($vboxRequest['p'])
  161. $vbox->vbox->setExtraData('phpvb/users/'.$vboxRequest['u'].'/pass', hash('sha512', $vboxRequest['p']));
  162. $vbox->vbox->setExtraData('phpvb/users/'.$vboxRequest['u'].'/admin', ($vboxRequest['a'] ? '1' : '0'));
  163. }
  164. /**
  165. *
  166. * Remove the user $user
  167. * @param string $user Username to remove
  168. */
  169. function deleteUser($user)
  170. {
  171. // Use main / auth server
  172. $vbox = new vboxconnector(true);
  173. $vbox->connect();
  174. $vbox->vbox->setExtraData('phpvb/users/'.$user.'/pass','');
  175. $vbox->vbox->setExtraData('phpvb/users/'.$user.'/admin','');
  176. $vbox->vbox->setExtraData('phpvb/users/'.$user,'');
  177. }
  178. }