From 10c147aa5e2e1be5a3d4eddebff1cdf1df0b604a Mon Sep 17 00:00:00 2001 From: Karl 'vollmerk' Vollmer Date: Fri, 13 Jan 2006 09:49:47 +0000 Subject: removed libglue in favor of brand new vauth session handler fixes remember me --- modules/init.php | 69 +++---- modules/libglue/README | 393 --------------------------------------- modules/libglue/auth.php | 399 ---------------------------------------- modules/libglue/config.php | 173 ------------------ modules/libglue/dbh.php | 53 ------ modules/libglue/libdb.php | 95 ---------- modules/libglue/session.php | 416 ------------------------------------------ modules/libglue/session2.php | 346 ----------------------------------- modules/vauth/auth.lib.php | 74 ++++++++ modules/vauth/dbh.lib.php | 64 +++++++ modules/vauth/init.php | 160 ++++++++++++++++ modules/vauth/session.lib.php | 236 ++++++++++++++++++++++++ 12 files changed, 558 insertions(+), 1920 deletions(-) delete mode 100644 modules/libglue/README delete mode 100644 modules/libglue/auth.php delete mode 100644 modules/libglue/config.php delete mode 100644 modules/libglue/dbh.php delete mode 100644 modules/libglue/libdb.php delete mode 100644 modules/libglue/session.php delete mode 100644 modules/libglue/session2.php create mode 100644 modules/vauth/auth.lib.php create mode 100644 modules/vauth/dbh.lib.php create mode 100644 modules/vauth/init.php create mode 100644 modules/vauth/session.lib.php (limited to 'modules') diff --git a/modules/init.php b/modules/init.php index 34230f52..08f85645 100644 --- a/modules/init.php +++ b/modules/init.php @@ -76,47 +76,21 @@ if (!$results = read_config($configfile,0)) { // Cheat a little to setup the extra vars needed by libglue -//FIXME: Untile we have a config updater force stream as allowed playback method +//FIXME: Until we have a config updater force stream as allowed playback method if (!$results['conf']['allow_stream_playback']) { $results['conf']['allow_stream_playback'] = "true"; } $results['conf']['raw_web_path'] = $results['conf']['web_path']; $results['conf']['web_path'] = $http_type . $_SERVER['HTTP_HOST'] . $results['conf']['web_path']; -$results['conf']['version'] = '3.3.2-Beta2 (Build 001)'; +$results['conf']['version'] = '3.3.2-Beta2 (Build 002)'; $results['conf']['catalog_file_pattern']= 'mp3|mpc|m4p|m4a|mp4|aac|ogg|rm|wma|asf|flac|spx|ra'; -$results['libglue']['local_table'] = 'session'; -$results['libglue']['local_sid'] = 'id'; -$results['libglue']['local_expirecol'] = 'expire'; -$results['libglue']['local_usercol'] = 'username'; -$results['libglue']['local_typecol'] = 'type'; -$results['libglue']['local_datacol'] = 'value'; -$results['libglue']['mysql_table'] = 'user'; -$results['libglue']['mysql_usercol'] = 'username'; -$results['libglue']['mysql_passwdcol'] = 'password'; -$results['libglue']['local_dbh_name'] = 'local_dbh'; -$results['libglue']['auth_methods'] = 'mysql'; -$results['libglue']['user_username'] = 'username'; -$results['libglue']['mysql_fields'] = 'username,fullname,email,access,offset_limit'; -$results['libglue']['mysql_host'] = $results['libglue']['local_host']; -$results['libglue']['mysql_db'] = $results['libglue']['local_db']; -$results['libglue']['mysql_username'] = $results['libglue']['local_username']; -$results['libglue']['mysql_user'] = $results['libglue']['local_username']; -$results['libglue']['mysql_passwd'] = $results['libglue']['local_pass']; -$results['libglue']['mysql_pass'] = $results['libglue']['local_pass']; -$results['libglue']['mysql_passcol'] = 'password'; -$results['libglue']['dbh'] = $results['libglue']['local_dbh_name']; -$results['libglue']['auth_page'] = $results['conf']['web_path']; -$results['libglue']['login_page'] = $results['conf']['web_path'] . "/login.php"; $results['conf']['http_port'] = $_SERVER['SERVER_PORT']; if (!$results['conf']['prefix']) { $results['conf']['prefix'] = $prefix; } if (!$results['libglue']['stop_auth']) { - $results['libglue']['stop_auth'] = $results['conf']['prefix'] . "/modules/libglue/gone.fishing"; -} -if (!$results['libglue']['libglue_path']) { - $results['libglue']['libglue_path']= $results['conf']['prefix'] . "/modules/libglue"; + $results['libglue']['stop_auth'] = $results['conf']['prefix'] . "/modules/vauth/gone.fishing"; } if (!$results['conf']['http_port']) { $results['conf']['http_port'] = '80'; @@ -136,20 +110,31 @@ if (!$results['conf']['ellipse_threshold_artist']) { if (!$results['conf']['ellipse_threshold_title']) { $results['conf']['ellipse_threshold_title'] = 27; } +if (!$results['conf']['raw_web_path']) { + $results['conf']['raw_web_path'] = '/'; +} +/* Variables needed for vauth Module */ +//FIXME: Rename this array as we are no longer using libglue +$results['libglue']['cookie_path'] = $results['conf']['raw_web_path']; +$results['libglue']['cookie_domain'] = $_SERVER['HTTP_HOST']; +$results['libglue']['cookie_life'] = $results['libglue']['sess_cookielife']; +$results['libglue']['session_name'] = $results['libglue']['sess_name']; +$results['libglue']['cookie_secure'] = '0'; +$results['libglue']['session_length'] = '9000'; +$results['libglue']['mysql_password'] = $results['libglue']['local_pass']; +$results['libglue']['mysql_username'] = $results['libglue']['local_username']; +$results['libglue']['mysql_hostname'] = $results['libglue']['local_host']; +$results['libglue']['mysql_db'] = $results['libglue']['local_db']; /* Temp Fixes */ $results['conf'] = fix_preferences($results['conf']); - // Setup Static Arrays -libglue_param($results['libglue']); conf($results['conf']); -// Libglue Requires -require_once(libglue_param('libglue_path') . "/auth.php"); -require_once(libglue_param('libglue_path') . "/session.php"); -require_once(libglue_param('libglue_path') . "/dbh.php"); +// Vauth Requires +require_once(conf('prefix') . '/modules/vauth/init.php'); // Librarys require_once(conf('prefix') . '/lib/album.lib.php'); @@ -209,17 +194,11 @@ require_once(conf('prefix') . "/lib/class/access.class.php"); require_once(conf('prefix') . "/lib/class/error.class.php"); require_once(conf('prefix') . "/lib/class/genre.class.php"); - /* Set a new Error Handler */ $old_error_handler = set_error_handler("ampache_error_handler"); -/* Some Libglue Hacks */ -$array['dbh_name'] = 'stupid_pos'; -$array['stupid_pos'] = check_sess_db('local'); -libglue_param($array); -/* End Libglue Hacks */ - - +/* Initilize the Vauth Library */ +vauth_init($results['libglue']); /* Check their PHP Vars to make sure we're cool here */ if ($results['conf']['memory_limit'] < 16) { @@ -257,7 +236,7 @@ srand((double) microtime() * 1000003); // If we don't want a session if (!isset($no_session) AND conf('use_auth')) { - if (!check_session()) { logout(); exit(); } + if (!vauth_check_session()) { logout(); exit(); } init_preferences(); set_theme(); $user = new User($_SESSION['userdata']['username']); @@ -271,7 +250,7 @@ elseif (!conf('use_auth')) { $auth['info']['id'] = -1; $auth['info']['access'] = "admin"; $auth['info']['offset_limit'] = 50; - if (!check_session()) { make_local_session_only($auth); } + if (!vauth_check_session()) { vauth_session_create($auth); } $user = new User(-1); $user->fullname = $auth['info']['fullname']; $user->offset_limit = $auth['info']['offset_limit']; diff --git a/modules/libglue/README b/modules/libglue/README deleted file mode 100644 index b847586b..00000000 --- a/modules/libglue/README +++ /dev/null @@ -1,393 +0,0 @@ -libglue - 8/17/03 - -libglue provides a set of libraries for use with applications -developed here at Oregon State University. - -This set of libraries includes: -- mysql session handling, -- MySQL/LDAP/'shared' authentication methods -- a database handler - -Contents: -1 Authentication Methods - 1.1 LDAP Authentication - 1.2 MySQL Authentication - 1.3 Shared Authentication -2 Database schemas - 2.1 For Session management - 2.2 For LDAP Authentication - 2.3 For MySQL Authentication - 2.4 For Shared Authentication -3 The Config file - 3.1 Formatting - 3.2 Subsections - 3.3 Arrays - 3.3 Retrieving options -4 Session management -5 Libglue in action - -6 Help, FAQs - - -1 Authentication Methods --------------------------------------------------------------------------------- - Libglue currently supports 3 authentication methods: LDAP, MySQL, and - 'Shared.' It can support any combination of these concurrently, by falling - through in the order you specify (see Section 3.3). - - 1.1 LDAP Authentication - ------------------------------------------------------------------------------ - To use LDAP authentication, you must have LDAP support for PHP. - See http://php.net/manual/en/ref.ldap.php for how to configure php with LDAP. - - You must provide credentials for your LDAP server in the config file. - Anonymous LDAP authentication is possible, but not with libglue today. - - libglue has two functions for ldap authentication, both in 'LIBGLUE/auth.php': - - mixed get_ldap_user($username [,$fields]) - - object auth_ldap($username,$password) - - 'auth_ldap' is intended for internal use, while 'get_ldap_user' is a utility - for app developers to use. Both have similar layouts: - - - connect to ldap service - - bind to ldap with credential from config file - - search for '$username' in the space specified in the config file - - attempt to bind with supplied user credentials (auth_ldap only) - - 'get_ldap_user' returns an array of fields on success (if '$fields' is - not specified, it will return all the information for the specified user), - and an error string on failure. - - 'auth_ldap' returns an 'auth_response' object, with success indicated by - the value of auth_response->success. (This class is defined in 'auth.php'). - - 'auth_ldap' is typically only going to be called from a login script. - 'get_ldap_user' could be used when granting access to a new user. - - Config Options: - ldap_host - ldap_auth_dn - ldap_user_dn - ldap_filter - ldap_pass - ldap_fields - ldap_version - - - 1.2 MySQL Authentication - ------------------------------------------------------------------------------ - MySQL Authentication (like all of libglue) requires MySQL support in PHP. - It defaults to using the MySQL PASSWORD() function to check passwords, but - can also use PHP crypt() for compatability with other applications - (pam_mysql for example). - - MySQL Authentication assumes the local database specified in the config file - is being used. It is possible to support a different database, but that - begins to duplicate functionality from Share Authentication (Section 1.3). - - Config Options: - mysql_host - mysql_db - mysql_username - mysql_passwd - mysql_table - mysql_usercol - mysql_passcol - mysql_other - mysql_fields - - 'mysql_other' is an optional clause appended to the query. - Ex: mysql_other = "access = 'admin'" - - 'mysql_fields' is a comma separated list of the fields to return from - 'mysql_table' - Ex: mysql_fields = 'id,username,email,homedir' - - 1.3 Shared Authentication - ------------------------------------------------------------------------------ - Because libglue uses a mysql database to store session info, it is possible - to share session information between applications, creating a "Single Sign - On" (SSO) framework for web applications. libglue supports this out of - the box, with the following assumptions: - 1) The initial authentication is being handled elsewhere - 2) "SSO" session data is stored in a mysql database. - 3) The SSO database uses the schema described in Section 2.3. - - libglue keeps track of the 'type' of authentication each session uses, so - can still use LDAP or MySQL authentication when also using SSO. - - Config options: - sso_host - sso_db - sso_username - sso_pass - sso_table - sso_sid - sso_usercol - sso_expirecol - sso_length - sso_dbh_name - - -2 Database schemas --------------------------------------------------------------------------------- - - Below are sample schemas for use with libglue. Mandatory fields are - indicated with a '*'. Unless stated otherwise, field NAMES can be set in - the config file. - - 2.1 For Session Management - ------------------------------------------------------------------------------ - CREATE TABLE session_data ( - * id varchar(32) NOT NULL default '', - * username varchar(16) NOT NULL default '', - * expire int(10) unsigned NOT NULL default '0', - * type enum('sso','mysql','ldap') NOT NULL default 'sso', - * data text, - PRIMARY KEY (id)) - - This session table should work for any type of authentication you do. - 'id' is an md5sum by default (as generated by php) but you can make - something else up if you've got the spare entropy. 'Type' obviously - only applies if you're using more than 1 type of authentication, - but the code assumes that it's present. - - 'data' is the field where serialized php data (from $_SESSION) is stored. - If you overflow this field, weird things may happen. - - - 2.2 For LDAP Authentication - ------------------------------------------------------------------------------ - - Basic LDAP authentication with libglue doesn't require a mysql database, - only session management. However, you will most likely need to store - some user information locally, in which case the table definition in - Section 2.3 is a good starting point. - - 2.3 For MySQL Authentication - ------------------------------------------------------------------------------ - - CREATE TABLE user ( - * id int(11) NOT NULL default '0', - * username varchar(255) NOT NULL default '', - * password varchar(255) default NULL, - fullname varchar(255) NOT NULL default '', - email varchar(255) default NULL, - status enum('disabled','enabled','dev') NOT NULL default 'enabled', - expire date default NULL, - phone varchar(255) NOT NULL default '', - PRIMARY KEY (id), - UNIQUE KEY username (username), - UNIQUE KEY id (id) - } - - Feel free to add columns to this table and then specify them in - 'mysql_fields' to make them part of your session data. - - 2.3 For Shared Authentication - ------------------------------------------------------------------------------ - - If you need to store user data locally, see the definition in Section 2.3. - - -3 The Config file --------------------------------------------------------------------------------- - - 3.1 Formatting - ------------------------------------------------------------------------------ - The libglue config file is a lot like the smb.cnf file if you've ever used - samba (it's really easy to parse). Options are specified like - - option = value - - 'option' is a letter followed by any number of letters or numbers. - The spaces between 'option' and 'value' are optional. - 'value' may be single quoted, double quoted, or not quoted at all. - semicolons at the end of the line are ignored. - '#' is the single-line comment character. - - 3.2 Subsections - ------------------------------------------------------------------------------ - The config file parser can generate subsections in the config: - - > [libglue] - > option1 = value; - > option2 = 'value'; - > option3 = "value" - > [conf] - > option1 = value; - > otheroption = othervalue; - > [other] - > foo = "bar"; - - The parser then returns: - array( - 'libglue' => ('option1' => 'value', - 'option2' => 'value', - 'option3' => 'value'), - 'conf' => ('option1' => 'value', - 'otheroption' => 'othervalue'), - 'other' => ('foo' => 'bar') - ); - - 3.3 Arrays - ------------------------------------------------------------------------------ - You can create arrays of values in the config file by declaring an option - multiple times: - - [libglue] - ldap_fields = 'cn' - ldap_fields = 'homedirectory' - ldap_fields = 'uidnumber' - ldap_fields = 'uid' - ldap_fields = 'osuuid' - - would return the following: - array( - 'libglue' => ('ldap_fields' => ( - 0 => 'cn', - 1 => 'homedirectory', - 2 => 'uidnumber', - 3 => 'uid', - 4 => 'osuuid') - ) - ) - - - 3.3 Retrieving options - ------------------------------------------------------------------------------ - LIBGLUE/config.php defines two functions, conf() and libglue_param() for - retrieving values from the config file. See "Libglue in action" below. - - -4 Session Data and Management --------------------------------------------------------------------------------- - - Libglue should relieve some of the burden of session management from your app - once a user is authenticated. The config file has the following parameters, - - user_data_name - Name of the array to store authentication session data in. - Ex: - user_data_name = 'user' - - Libglue then puts all the account information it retrieves - into $_SESSION['user'] - - user_id - fieldname for userid, - stored in $_SESSION[user_data_name][user_id] - user_username - fieldname for username, - stored in $_SESSION[user_data_name][user_username] - - Then for each of your authentication methods: - - ldap_uidfield = 'uidnumber' - ldap_usernamefield = 'uid' - mysql_uidfield = 'id' - mysql_usernamefield = 'username' - - Note that in this case, 'sso' isn't really an authentication method - (the info has to be looked up either in ldap or mysql). - - What this lets you do is ignore account type in your application, since - every session will have the same field names. - - -5 Libglue in action --------------------------------------------------------------------------------- - - Libglue assumes there are three basic types of files in your application: - 1) Login/Authentication page - 2) Restricted pages - 3) Logout/Cleanup page - - Example login and logout pages are in the LIBGLUE/examples directory. - - For (2), you'll be calling the same code over and over. It is a good idea - to create an init file to take care of these common tasks in your application. - In each file, you'll do a - - > $restricted = 1; - > require_once('/path/to/init.php'); - - right off the bat; libglue needs to run before anything else so it can send - HTTP headers for cookies and redirection if necessary. - - Here is a sample init.php: - - - - - libglue_param() and conf() make use of static member variables and - tests on paramter types to register/retrieve config data. When passed an - array, these functions assume you're registering config options. If given - a string, as in: - - $database_name = libglue_param('local_db'); - - the function will look for the key 'local_db' in the values that have been - previously registered with it. This is a little bit hokey, but objects - don't yet support static members in php so it's about the best we can do. - - - Session management is just taken care of; anything you put in $_SESSION in - your app is serialized, stored in the db when the page is done redering, - and retrieved on page load. - - - Database handle management is nice with libglue; if you've defined - 'dbh' in the config file, you can call dbh() to use that database handle again: - - $dbh = dbh(); - mysql_query($sql, $dbh); - - or - - mysql_query($sql, dbh()); - - -6 Help, FAQs --------------------------------------------------------------------------------- - - Libglue is distributed at: - - http://oss.oregonstate.edu/libglue/ - - as it becomes more mature and widely used, this page may include more help - documentation. - - For now, feel free to email - - cws-prog@lists.orst.edu - - with any questions or bug reports. - --- Central Web Services, - Oregon State University - diff --git a/modules/libglue/auth.php b/modules/libglue/auth.php deleted file mode 100644 index 1cd55418..00000000 --- a/modules/libglue/auth.php +++ /dev/null @@ -1,399 +0,0 @@ -error = ldap_error($ldap_link); - $auth['error'] = libglue_param('login_failed'); - } - } - } - - // - // Here means we couldn't use the service. - // So it's most likely config related. - // Check the username and password? - // - else - { - $auth['error'] = libglue_param('bad_auth_cred'); - } - } - - // - // This most often will mean we can't reach the server. - // Perhaps it's down, or we mistyped the address. - // - else - { - $auth['error'] = libglue_param('connect_error'); - } - - // Done with the link, give it back - ldap_close($ldap_link); - $auth['type'] = 'ldap'; - return $auth; -} - -/* - * MySQL authentication. - * returns true/false depending on whether the user was authenticated - * successfully - * The crypt settings below assume the php crypt() function created the passwords. - * But hopson updated it to use mysql PASSWORD() instead - */ - -function auth_mysql($username, $password) { - - $auth = array(); - $auth['success'] = 0; - - // Did we get fed proper variables? - if(!$username or !$password) { - $auth['error'] = 'Empty username/password'; - return $auth; - } - - // - // Retrieve config parameters set in config.php - // - $dbhost = libglue_param('mysql_host'); - $dbuser = libglue_param('mysql_user'); - $dbpass = libglue_param('mysql_pass'); - $dbname = libglue_param('mysql_db'); - $passfield = libglue_param('mysql_passcol'); - $table = libglue_param('mysql_table'); - $usercol = libglue_param('mysql_usercol'); - $other = libglue_param('mysql_other'); - $fields = libglue_param('mysql_fields'); - - - $mysql_uidfield = libglue_param('mysql_uidfield'); - $mysql_usernamefield = libglue_param('mysql_usernamefield'); - - if(!preg_match("/$mysql_uidfield/",$fields)) $fields .= ",$mysql_uidfield"; - if(!preg_match("/$mysql_usernamefield/",$fields)) $fields .= ",$mysql_usernamefield"; - - if($other == '') $other = '1=1'; - - if ($mysql_link = @mysql_connect($dbhost,$dbuser,$dbpass)) - { - // - // now retrieve the stored password to use as salt - // for password checking - // - $sql = "SELECT $passfield FROM $table" . - " WHERE $usercol = '$username' " . - " AND $other LIMIT 1"; - @mysql_select_db($dbname, $mysql_link); - $result = @mysql_query($sql, $mysql_link); - $row = @mysql_fetch_array($result); - - $password_check_sql = "PASSWORD('$password')"; - - $sql = "SELECT version()"; - $db_results = @mysql_query($sql, $mysql_link); - $version = @mysql_fetch_array($db_results); - - $mysql_version = substr(preg_replace("/(\d+)\.(\d+)\.(\d+).*/","$1$2$3",$version[0]),0,3); - - if ($mysql_version > "409" AND substr($row[0],0,1) !== "*") { - $password_check_sql = "OLD_PASSWORD('$password')"; - } - - $sql = "SELECT $fields FROM $table" . - " WHERE $usercol = '$username'" . - " AND $passfield = $password_check_sql" . - " AND $other LIMIT 1"; - $rs = @mysql_query($sql, $mysql_link); - //This should only fail on a badly formed query. - if(!$rs) - { - $auth['error'] = @mysql_error(); - } - - // - // Retrieved the right info, set auth->success and info. - // - if (@mysql_num_rows($rs) == 1) - { - // username and password are successful - $row = mysql_fetch_array($rs); - $sess_username = libglue_param('user_username'); - $sess_id = libglue_param('user_id'); - $auth[$info][$sess_username] = $row[$mysql_usernamefield]; - $auth[$info][$sess_id] = $row[$mysql_uidfield]; - $auth[$info] = $row; - $auth['info'] = $row; - $auth['success'] = 1; - } - - // - // We didn't find anything matching. No user, bad password, ? - // - else - { - $auth['error'] = libglue_param('login_failed'); - } - } - - // - // Couldn't connect to database at all. - // - else - { - $auth['error'] = libglue_param('bad_auth_cred'); - } - - $auth['type'] = 'mysql'; - return $auth; - -} // auth_mysql - - -function auth_sso ($username, $password) -{ - $auth = new auth_response(); - $auth->success = 0; - $auth->error = "SSO Authentication failed."; - return $auth; -} - -// This is the auth_response class that will be returned during -// and authentication - this allows us to set some variables -// by the session for later lookup -class auth_response { - var $username; - var $userid; - var $error; - var $success; - var $info; -} - - -?> diff --git a/modules/libglue/config.php b/modules/libglue/config.php deleted file mode 100644 index c1ca07a8..00000000 --- a/modules/libglue/config.php +++ /dev/null @@ -1,173 +0,0 @@ -"; - - $count = 0; - $config_name = ''; - foreach($data as $value) - { - $count++; - if (preg_match("/^\[([A-Za-z]+)\]$/",$value,$matches)) - { - // If we have previous data put it into $results... - if (!empty($config_name) && count(${$config_name})) $results[$config_name] = ${$config_name}; - $config_name = $matches[1]; - } // if it is a [section] name - - elseif ($config_name) - { - // if it's not a comment - if (preg_match("/^(\w[\w\d]*)\s*=\s*\"{1}(.*?)\"{1};*$/",$value,$matches) - || preg_match("/^(\w[\w\d]*)\s*=\s*\'{1}(.*?)\'{1};*$/", $value, $matches) - || preg_match("/^(\w[\w\d]*)\s*=\s*[\'\"]{0}(.*)[\'\"]{0};*$/",$value,$matches)) - { - if (isset(${$config_name}[$matches[1]]) && is_array(${$config_name}[$matches[1]]) && isset($matches[2]) ) - { - if($debug) - echo "Adding value $matches[2] to existing key $matches[1]\n"; - array_push(${$config_name}[$matches[1]], $matches[2]); - } - elseif (isset(${$config_name}[$matches[1]]) && isset($matches[2]) ) - { - if($debug) - echo "Adding value $matches[2] to existing key $matches[1]\n"; - ${$config_name}[$matches[1]] = array(${$config_name}[$matches[1]],$matches[2]); - } - elseif ($matches[2] !== "") - { - if($debug) - echo "Adding value $matches[2] for key $matches[1]\n"; - ${$config_name}[$matches[1]] = $matches[2]; - } - - // if there is something there and it's not a comment - elseif ($value{0} !== "#" AND strlen(trim($value)) > 0) - { - echo "Error Invalid Config Entry --> Line:$count"; die; - } // else if it's not a comment and there is something there - - else - { - if($debug) - echo "Key $matches[1] defined, but no value set\n"; - } - } // end if it's not a comment - - } // else if no config_name - - - elseif (preg_match("/^([\w\d]+)\s+=\s+[\"]{1}(.*?)[\"]{1}$/",$value,$matches) - || preg_match("/^([\w\d]+)\s+=\s+[\']{1}(.*?)[\']{1}$/", $value, $matches) - || preg_match("/^([\w\d]+)\s+=\s+[\'\"]{0}(.*)[\'\"]{0}$/",$value,$matches)) - { - if (is_array($results[$matches[1]]) && isset($matches[2]) ) - { - if($debug) - echo "Adding value $matches[2] to existing key $matches[1]\n"; - array_push($results[$matches[1]], $matches[2]); - } - elseif (isset($results[$matches[1]]) && isset($matches[2]) ) - { - if($debug) - echo "Adding value $matches[2] to existing key $matches[1]\n"; - $results[$matches[1]] = array($results[$matches[1]],$matches[2]); - } - elseif ($matches[2] !== "") - { - if($debug) - echo "Adding value $matches[2] for key $matches[1]\n"; - $results[$matches[1]] = $matches[2]; - } - - // if there is something there and it's not a comment - elseif ($value{0} !== "#" AND strlen(trim($value)) > 0) - { - echo "Error Invalid Config Entry --> Line:$count"; die; - } // else if it's not a comment and there is something there - - else - { - if($debug) - echo "Key $matches[1] defined, but no value set\n"; - } - - } // end else - - } // foreach - - if (count(${$config_name})) - { - $results[$config_name] = ${$config_name}; - } - - if($debug) echo ""; - - return $results; - -} // end read_config - -function libglue_param($param,$clobber=0) -{ - static $params = array(); - if(is_array($param)) - //meaning we are setting values - { - foreach ($param as $key=>$val) - { - if(!$clobber && isset($params[$key])) - { - echo "Error: attempting to clobber $key = $val\n"; - exit(); - } - $params[$key] = $val; - } - return true; - } - else - //meaning we are trying to retrieve a parameter - { - if(isset($params[$param])) return $params[$param]; - else return false; - } -} - -function conf($param,$clobber=0) -{ - static $params = array(); - if(is_array($param)) - //meaning we are setting values - { - foreach ($param as $key=>$val) - { - if(!$clobber && isset($params[$key])) - { - echo "Error: attempting to clobber $key = $val\n"; - exit(); - } - $params[$key] = $val; - } - return true; - } - else - //meaning we are trying to retrieve a parameter - { - if(isset($params[$param])) return $params[$param]; - else return false; - } -} - -function dbh($str='') -{ - if($str !== '') $dbh = libglue_param(libglue_param($str)); - else $dbh = libglue_param(libglue_param('dbh')); - if(!is_resource($dbh)) die("Bad database handle: $dbh"); - else return $dbh; -} diff --git a/modules/libglue/dbh.php b/modules/libglue/dbh.php deleted file mode 100644 index 92824efc..00000000 --- a/modules/libglue/dbh.php +++ /dev/null @@ -1,53 +0,0 @@ -$dbh)); - } - - return $dbh; -} - -?> diff --git a/modules/libglue/libdb.php b/modules/libglue/libdb.php deleted file mode 100644 index 00e8a9b2..00000000 --- a/modules/libglue/libdb.php +++ /dev/null @@ -1,95 +0,0 @@ -$user); - - //Somewhat stupidly, we have to initialize $_SESSION here, - // or sess_write will blast it for us - $_SESSION = $data; - - $db_data = serialize($data); - $local_dbh = check_sess_db('local'); - - //Local stuff we need: - $local_table = libglue_param('local_table'); - $local_sid = libglue_param('local_sid'); - $local_usercol = libglue_param('local_usercol'); - $local_datacol = libglue_param('local_datacol'); - $local_expirecol = libglue_param('local_expirecol'); - $local_typecol = libglue_param('local_typecol'); - $sql= "INSERT INTO $local_table ". - " ($local_sid,$local_usercol,$local_datacol,$local_expirecol,$local_typecol)". - " VALUES ('$sso_sid','$sso_usercol','$db_data','$sso_expire','sso')"; - $db_result = mysql_query($sql, $local_dbh); - - if($db_result) return TRUE; - else return FALSE; -} - -function get_local_session($sid) -{ - $local_table = libglue_param('local_table'); - $local_sid = libglue_param('local_sid'); - $local_expirecol = libglue_param('local_expirecol'); - $local_length = libglue_param('local_length'); - $local_usercol = libglue_param('local_usercol'); - $local_datacol = libglue_param('local_datacol'); - $local_typecol = libglue_param('local_typecol'); - - $local_dbh = check_sess_db('local'); - $time = time(); - $sql = "SELECT * FROM $local_table WHERE $local_sid='$sid' AND $local_expirecol > $time"; - $db_result = mysql_query($sql, $local_dbh); - $session = mysql_fetch_array($db_result); - - if(is_array($session)) $retval = $session; - else $retval = FALSE; - - if($retval === FALSE) - { - //Find out what's going on - } - - return $retval; -} - -function get_sso_session($sid) -{ - $sso_table = libglue_param('sso_table'); - $sso_sid = libglue_param('sso_sid'); - $sso_expirecol = libglue_param('sso_expirecol'); - $sso_length = libglue_param('sso_length'); - $sso_usercol = libglue_param('sso_usercol'); - - $sso_dbh = check_sess_db('sso'); - $time = time(); - $sql = "SELECT * FROM $sso_table WHERE $sso_sid='$sid' AND $sso_expirecol > $time"; - $db_result = mysql_query($sql, $sso_dbh); - $sso_session = mysql_fetch_array($db_result); - - $retval = (is_array($sso_session))?$sso_session:FALSE; - return $retval; -} - - - -// This will start the session tools, then destroy anything in the database then -// clear all of the session information -function logout ($id=0) -{ - sess_destroy($id); - $login_page = libglue_param('login_page'); - // should clear both the database information as well as the - // current session info - header("Location: $login_page"); - die(); - return true; -} - -// Double checks that we have a database handle -// Args are completely ignored - we're using a database here -function sess_open($save_path, $session_name) -{ - $local_dbh = check_sess_db(); - if ( !is_resource($local_dbh) ) - { - echo "\n"; - return FALSE; - } - - $auth_methods = libglue_param('auth_methods'); - if(!is_array($auth_methods)) $auth_methods = array($auth_methods); - if(in_array('sso',$auth_methods,TRUE)) - { - $sso_dbh = check_sess_db('sso'); - if ( !is_resource($sso_dbh) ) - { - echo "\n"; - return FALSE; - } - } - return TRUE; -} - -// Placeholder function, does nothing -function sess_close() -{ - return true; -} - -// Retrieve session identified by 'key' from the database -// and return the data field -function sess_read($key) -{ - $retval = 0; - $session = get_local_session($key); - $datacol = libglue_param('local_datacol'); - if(is_array($session)) $retval = $session[$datacol]; - else $retval = ""; - return $retval; -} - - -// -// Save the session data $val to the database -// -function sess_write($key, $val) -{ - $local_dbh = check_sess_db('local'); - $local_datacol = libglue_param('local_datacol'); - $local_table = libglue_param('local_table'); - $local_sid = libglue_param('local_sid'); - - $auth_methods = libglue_param('auth_methods'); - $local_expirecol = libglue_param('local_expirecol'); - $local_length = libglue_param('local_length'); - $time = $local_length+time(); - - // If they've got the long session - if ($_COOKIE['amp_longsess'] == '1') { - $time = time() + 86400*364; - } - - if(!is_array($auth_methods)) $auth_methods = array($auth_methods); - if(!in_array('sso',$auth_methods,TRUE)) - { - // If not using sso, we now need to update the expire time - $sql = "UPDATE $local_table SET $local_datacol='" . sql_escape($val) . "',$local_expirecol='$time'". - " WHERE $local_sid = '$key'"; - } - else $sql = "UPDATE $local_table SET $local_datacol='" . sql_escape($val) . "',$local_expirecol='$time'". - " WHERE $local_sid = '$key'"; - - return mysql_query($sql, $local_dbh); -} - -// -// Remove the current session from the database. -// -function sess_destroy($id=0) -{ - if($id == 0) { - session_start(); - $id = session_id(); - } - - $auth_methods = libglue_param('auth_methods'); - if(!is_array($auth_methods)) $auth_methods = array($auth_methods); - if(in_array('sso',$auth_methods,TRUE)) - { - $sso_sid = libglue_param('sso_sid'); - $sso_table = libglue_param('sso_table'); - $sso_dbh = check_sess_db('sso'); - $sql = "DELETE FROM $sso_table WHERE $sso_sid = '$id' LIMIT 1"; - $result = mysql_query($sql, $sso_dbh); - } - $local_sid = libglue_param('local_sid'); - $local_table = libglue_param('local_table'); - - $local_dbh = check_sess_db('local'); - $sql = "DELETE FROM $local_table WHERE $local_sid = '$id' LIMIT 1"; - $result = mysql_query($sql, $local_dbh); - $_SESSION = array(); - - /* Delete the long ampache session cookie */ - setcookie ("amp_longsess", "", time() - 3600); - - /* Delete the ampache cookie as well... */ - setcookie (libglue_param('sess_name'),"", time() - 3600); - - return TRUE; -} - -// -// This function is called with random frequency -// to remove expired session data -// -function sess_gc($maxlifetime) -{ - $auth_methods = libglue_param('auth_methods'); - if(!is_array($auth_methods)) $auth_methods = array($auth_methods); - if(in_array('sso',$auth_methods,TRUE)) - { - //Delete old sessions from SSO - // We do 'where length' so we don't accidentally blast - // another app's sessions - $sso_expirecol = libglue_param('sso_expirecol'); - $sso_table = libglue_param('sso_table'); - $sso_length = libglue_param('sso_length'); - $local_length = libglue_param('local_length'); - - $sso_dbh = check_sess_db('sso'); - $time = time(); - $sql = "DELETE FROM $sso_table WHERE $sso_expirecol < $time". - " AND $sso_length = '$local_length'"; - $result = mysql_query($sql, $sso_dbh); - } - $local_expirecol = libglue_param('local_expirecol'); - $local_table = libglue_param('local_table'); - $time = time(); - $local_dbh = check_sess_db('local'); - $sql = "DELETE FROM $local_table WHERE $local_expirecol < $time"; - $result = mysql_query($sql, $local_dbh); - return true; -} - -// -// Register all our cool session handling functions -// -session_set_save_handler( - "sess_open", - "sess_close", - "sess_read", - "sess_write", - "sess_destroy", - "sess_gc"); -?> diff --git a/modules/libglue/session2.php b/modules/libglue/session2.php deleted file mode 100644 index 171dc1ca..00000000 --- a/modules/libglue/session2.php +++ /dev/null @@ -1,346 +0,0 @@ -$dbh)); - - if(is_resource($dbh)) return $dbh; - else die("Could not connect to $dbtype database for session management"); -} - -/* This function is public */ -function check_session($id=null) -{ - if(is_null($id)) - { - //From Karl Vollmer, vollmerk@net.orst.edu: - // naming the session and starting it is sufficient - // to retrieve the cookie - $name = libglue_param('sess_name'); - if(!empty($name)) session_name($name); - session_start(); - $id = strip_tags($_COOKIE[$name]); - } - - // Now what we have a session id, let's verify it: - if(libglue_sso_mode()) - { - // if sso mode, we must have a valid sso session already - $sso_sess = libglue_sso_check($id); - if(!is_null($sso_sess)) - { - // if sso is valid, it's okay to create a new local session - if($local_sess = libglue_local_check($id)) - { - return true; - } - else - { - libglue_local_create($id, - $sso_sess[libglue_param('sso_username_col')], - 'sso', - $sso_sess[libglue_param('sso_expire_col')]); - return true; - } - } - else - // libglue_sso_check failed - { - libglue_sess_destroy($id); - return false; - } - } - else - { - //if not in sso mode, there must be a local session - if($local_sess = libglue_local_check($id)) - { - return true; - } - else - { - //you're gone buddy - libglue_sess_destroy($id); - return false; - } - } -} - -// private function, don't ever use this: -function libglue_sso_mode() -{ - $auth_methods = libglue_param('auth_methods'); - if(!is_array($auth_methods)) $auth_methods = array($auth_methods); - return (in_array('sso',$auth_methods))?true:false; -} - -function libglue_sso_check($sess_id) -{ - // Read the sso info from the config file: - $sso_table = libglue_param('sso_table'); - $sso_sid = libglue_param('sso_sessid_col'); - $sso_expire_col = libglue_param('sso_expire_col'); - $sso_length = libglue_param('sso_length'); - $sso_username_col = libglue_param('sso_username_col'); - - $sso_dbh = libglue_sess_db('sso'); - $sql = "SELECT * FROM $sso_table WHERE $sso_sid='$sess_id' AND $sso_expire_col > UNIX_TIMESTAMP()"; - $db_result = db_query($sql, $sso_dbh); - if(is_resource($db_result)) $sso_session = db_fetch($db_result); - else $sso_session = null; - - $retval = (is_array($sso_session))?$sso_session:null; - return $retval; -} - -function libglue_local_check($sess_id) -{ - static $retval = -1; - if($retval != -1) return $retval; - - $local_table = libglue_param('local_table'); - $local_sid = libglue_param('local_sid'); - $local_expirecol = libglue_param('local_expirecol'); - $local_length = libglue_param('local_length'); - $local_usercol = libglue_param('local_usercol'); - $local_datacol = libglue_param('local_datacol'); - $local_typecol = libglue_param('local_typecol'); - - $local_dbh = libglue_sess_db('local'); - $sql = "SELECT $local_datacol FROM $local_table WHERE $local_sid='$sess_id' AND $local_expirecol > UNIX_TIMESTAMP()"; - $db_result = db_query($sql, $local_dbh); - if(is_resource($db_result)) $session = db_fetch($db_result); - else $session = null; - - if(is_array($session)) - { - $retval = $session[$local_datacol]; - } - else $retval = null; - return $retval; -} - -function libglue_local_create($sess_id, $username, $type, $expire) -{ - if($type === "sso" || $type === "ldap") - $userdata = get_ldap_user($username); - else if($type === "mysql") - $userdata = get_mysql_user($username); - - $data = array(libglue_param('user_data_name')=>$userdata); - - // It seems we have to set $_SESSION manually, or it gets blasted - // by php's session write handler - $_SESSION = $data; - $db_data = serialize($data); - $local_dbh = libglue_sess_db('local'); - - // Local parameters we need: - $local_table = libglue_param('local_table'); - $local_sid = libglue_param('local_sid'); - $local_usercol = libglue_param('local_usercol'); - $local_datacol = libglue_param('local_datacol'); - $local_expirecol = libglue_param('local_expirecol'); - $local_typecol = libglue_param('local_typecol'); - - // session data will be saved when the script terminates, - // but not the rest of this fancy info - $sql= "INSERT INTO $local_table ". - " ($local_sid,$local_usercol,$local_datacol,$local_expirecol,$local_typecol)". - " VALUES ('$sess_id','$username','$db_data','$expire','$type')"; - $db_result = db_query($sql, $local_dbh); - if(!$db_result) die("Died trying to create local session: 

$sql
"); -} - -function sess_open() -{ - if(libglue_sso_mode()) - { - if(!is_resource(libglue_sess_db('sso'))) - { - die("\n"); - return false; - } - } - - if(!is_resource(libglue_sess_db('local'))) - { - die("\n"); - return false; - } - return true; -} - -function sess_close(){ return true; } - -function sess_write($sess_id, $sess_data) -{ - $local_dbh = libglue_sess_db('local'); - $local_datacol = libglue_param('local_datacol'); - $local_table = libglue_param('local_table'); - $local_sid = libglue_param('local_sid'); - - $auth_methods = libglue_param('auth_methods'); - $local_expire = libglue_param('local_expirecol'); - $local_length = libglue_param('local_length'); - $time = $local_length+time(); - - // If not using sso, we now need to update the expire time - $local_expire = libglue_param('local_expirecol'); - $local_length = libglue_param('local_length'); - $time = $local_length+time(); - $sql = "UPDATE $local_table SET $local_datacol='$sess_data',$local_expire='$time'". - " WHERE $local_sid = '$sess_id'"; - db_query($sql, $local_dbh); - - if(libglue_sso_mode()) - { - $sso_table = libglue_param('sso_table'); - $sso_expire_col = libglue_param('sso_expire_col'); - $sso_sess_length = libglue_param('sso_length_col'); - $sso_sess_id = libglue_param('sso_sessid_col'); - $time = time(); - $sql = "UPDATE $sso_table SET $sso_expire_col = $sso_sess_length + UNIX_TIMESTAMP() WHERE $sso_sess_id = '$sess_id'"; - $sso_dbh = libglue_sess_db('sso'); - db_query($sql, $sso_dbh); - } - return true; -} - -// -// This function is called with random frequency -// to remove expired session data -// -function sess_gc($maxlifetime) -{ - if(libglue_sso_mode()) - { - //Delete old sessions from SSO - // We do 'where length' so we don't accidentally blast - // another app's sessions - $sso_expirecol = libglue_param('sso_expire_col'); - $sso_table = libglue_param('sso_table'); - $sso_length = libglue_param('sso_length_col'); - $local_length = libglue_param('local_length'); - - $sso_dbh = libglue_sess_db('sso'); - $time = time(); - $sql = "DELETE FROM $sso_table WHERE $sso_expirecol < $time". - " AND $sso_length = '$local_length'"; - $result = db_query($sql, $sso_dbh); - } - $local_expire = libglue_param('local_expire'); - $local_table = libglue_param('local_table'); - $time = time(); - $local_dbh = libglue_sess_db('local'); - $sql = "DELETE FROM $local_table WHERE $local_expire < $time"; - $result = db_query($sql, $local_dbh); - return true; -} - -function libglue_sess_destroy($id=null) -{ - if(is_null($id)) - { - //From Karl Vollmer, vollmerk@net.orst.edu: - // naming the session and starting it is sufficient - // to retrieve the cookie - $name = libglue_param('sess_name'); - if(!empty($name)) session_name($name); - session_start(); - $id = strip_tags($_COOKIE[$name]); - } - if(libglue_sso_mode()) - { - $sso_sid = libglue_param('sso_sessid_col'); - $sso_table = libglue_param('sso_table'); - $sso_dbh = libglue_sess_db('sso'); - $sql = "DELETE FROM $sso_table WHERE $sso_sid = '$id' LIMIT 1"; - $result = db_query($sql, $sso_dbh); - } - $local_sid = libglue_param('local_sid'); - $local_table = libglue_param('local_table'); - - $local_dbh = libglue_sess_db('local'); - $sql = "DELETE FROM $local_table WHERE $local_sid = '$id' LIMIT 1"; - $result = db_query($sql, $local_dbh); - - // It is very important we destroy our current session cookie, - // because if we don't, a person won't be able to log in again - // without closing their browser - SSO doesn't respect - // - // Code from http://php.oregonstate.edu/manual/en/function.session-destroy.php, - // Written by powerlord@spamless.vgmusic.com, 18-Nov-2002 08:41 - // - $cookie = session_get_cookie_params(); - if ((empty($cookie['domain'])) && (empty($cookie['secure'])) ) - { - setcookie(session_name(), '', time()-3600, $cookie['path']); - } elseif (empty($CookieInfo['secure'])) { - setcookie(session_name(), '', time()-3600, $cookie['path'], $cookie['domain']); - } else { - setcookie(session_name(), '', time()-3600, $cookie['path'], $cookie['domain'], $cookie['secure']); - } - // end powerloard - - unset($_SESSION); - unset($_COOKIE[session_name()]); - - return TRUE; -} - -function logout($id=null) -{ - libglue_sess_destroy($id); - $login_page = libglue_param('login_page'); - header("Location: $login_page"); - die(); - return true; //because why not? -} - - -// -// Register all our cool session handling functions -// -session_set_save_handler( - "sess_open", - "sess_close", - "libglue_local_check", - "sess_write", - "libglue_sess_destroy", - "sess_gc"); - -?> diff --git a/modules/vauth/auth.lib.php b/modules/vauth/auth.lib.php new file mode 100644 index 00000000..fdd3060d --- /dev/null +++ b/modules/vauth/auth.lib.php @@ -0,0 +1,74 @@ + diff --git a/modules/vauth/dbh.lib.php b/modules/vauth/dbh.lib.php new file mode 100644 index 00000000..eb3575d0 --- /dev/null +++ b/modules/vauth/dbh.lib.php @@ -0,0 +1,64 @@ + $dbh),1); + + } // if no db connection + + return $dbh; + +} // vauth_dbh + + +?> diff --git a/modules/vauth/init.php b/modules/vauth/init.php new file mode 100644 index 00000000..f79c18f6 --- /dev/null +++ b/modules/vauth/init.php @@ -0,0 +1,160 @@ +$val) { + if(!$clobber && isset($params[$key])) { + vauth_error("Attempting to clobber $key = $val"); + return false; + } + $params[$key] = $val; + } + return true; + } + // We are attempting to retrive a variable + else { + if($params[$param]) return $params[$param]; + else return; + } + +} // vauth_conf + +?> diff --git a/modules/vauth/session.lib.php b/modules/vauth/session.lib.php new file mode 100644 index 00000000..680f3f9e --- /dev/null +++ b/modules/vauth/session.lib.php @@ -0,0 +1,236 @@ + '" . time() . "'"; + $db_results = mysql_query($sql, vauth_dbh()); + + $results = mysql_fetch_assoc($db_results); + + return $results; + +} // vauth_get_session + + +/** + * vauth_session_create + * This is called when you want to create a new session + * It takes care of setting the initial cookie, and inserting the first chunk + * of data + */ +function vauth_session_create($data) { + + /* Set the Cookies Paramaters, this is very very important */ + $cookie_life = vauth_conf('cookie_life'); + $cookie_path = vauth_conf('cookie_path'); + $cookie_domain = vauth_conf('cookie_domain'); + $cookie_secure = vauth_conf('cookkie_secure'); + + session_set_cookie_params($cookie_life,$cookie_path,$cookie_domain,$cookie_secure); + + session_name(vauth_conf('session_name')); + + /* Start the Session */ + session_start(); + + /* Before a refresh we don't have the cookie, so use session_id() */ + $key = session_id(); + + $username = sql_escape($data['username']); + $type = sql_escape($data['type']); + $value = sql_escape($data['value']); + + /* Insert the row */ + $sql = "INSERT INTO session (`id`,`username`,`type`,`value`) " . + " VALUES ('$key','$username','$type','$value')"; + $db_results = mysql_query($sql, vauth_dbh()); + + return $db_results; + +} // vauth_session_create + +/** + * vauth_check_session + * This checks for an existing session, and if it's still there starts it and returns true + */ +function vauth_check_session() { + + /* Make sure we're still valid */ + $session_name = vauth_conf('session_name'); + + $key = scrub_in($_COOKIE[$session_name]); + + $results = vauth_get_session($key); + + if (!is_array($results)) { + return false; + } + + /* Check for Rememeber Me */ + $cookie_name = vauth_conf('session_name') . "_remember"; + if ($_COOKIE[$cookie_name]) { + $month = 86400*30; + vauth_conf(array('cookie_life'=>$month),1); + } + + /* Set the Cookie Paramaters */ + session_set_cookie_params( + vauth_conf('cookie_life'), + vauth_conf('cookie_path'), + vauth_conf('cookie_domain'), + vauth_conf('cookie_secure')); + + /* Set Session name so it knows what cookie to get */ + session_name($session_name); + + session_start(); + + return true; + +} // vauth_check_session + +?> -- cgit