Location: PHPKode > projects > phpBugTracker > inc/auth.php
<?php

// auth.php - Authentication and permission objects
// ------------------------------------------------------------------------
// Copyright (c) 2001 - 2004 The phpBugTracker Group
// ------------------------------------------------------------------------
// This file is part of phpBugTracker
//
// phpBugTracker is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 2 of the License, or
// (at your option) any later version.
//
// phpBugTracker is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with phpBugTracker; if not, write to the Free Software Foundation,
// Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
// ------------------------------------------------------------------------
// Based on and/or directly from PHPlib, which is
// Copyright (c) 1998-2000 NetUSE AG -- Boris Erdmann, Kristian Koehntopp

class uauth {
	var $lifetime = 0; // In minutes -- 0 for no expiration until browser closed
	var $classname = 'uauth';

	function uauth() {
		global $group_ids, $uname, $db_fields, $group, $perms,
		$uid, $exp;

		if (!isset($_SESSION['group_ids'])) {
			$_SESSION['group_ids'] = array(0);
		}

		if ($this->is_authenticated()) {
			if ($_SESSION['uid']) {
				$_SESSION['exp'] = time() + (60 * $this->lifetime);
			}
		}
	}

	function is_authenticated() {

		if (isset($_SESSION['uid']) && $_SESSION['uid'] && ($this->lifetime <= 0 || time() < $_SESSION['exp'])) {
			return $_SESSION['uid'];
		} else {
			return false;
		}
	}
	
	function force_auth() {
		if (!$this->is_authenticated()) {
			show_text('You must be logged in to use this page');
			exit;
		}
	}

	function auth_validatelogin() {
		global $db, $select, $emailpass, $emailsuccess, $uid;

		$role = array();
		$roles = $db->getAll("select group_id, group_name from ".TBL_AUTH_GROUP." ag where ag.is_role=1");

		foreach ($roles as $r) {
			$role[$r['group_name']] = $r['group_id'];
		}

		$_SESSION['group'] = array();
		$_SESSION['group_ids'] = array(0);
		$_SESSION['perms'] = array();

		extract($_POST);
		if (!$username) return 0;
		$_SESSION['uname'] = $username;
		if (ENCRYPT_PASS) {
			$password = md5($password);
		}
		$u = $db->getRow("select * from ".TBL_AUTH_USER." where login = '$username' and password = '$password' and active > 0");
		if (!$u or DB::isError($u)) {
			return 0;
		} else {
			$_SESSION['db_fields'] = @unserialize($u['bug_list_fields']);

			// Grab group assignments and permissions based on groups
			$rs = $db->query("select u.group_id, group_name from ".TBL_USER_GROUP." u, ".TBL_AUTH_GROUP." a where user_id = ".$db->quote($u['user_id'])." and u.group_id = a.group_id");
			while (list($groupid, $groupname) = $rs->fetchRow(DB_FETCHMODE_ORDERED)) {
				$_SESSION['group_ids'][] = $groupid;
				$_SESSION['group'][$groupname] = true;
			}
			$_SESSION['group_ids'][] = $role['User'];
			$_SESSION['group']['User'] = true;
			
			$perms = $db->getCol("select perm_name from ".TBL_AUTH_PERM." ap, ".TBL_GROUP_PERM." gp where group_id in ("hide@address.com(',', $_SESSION['group_ids']).") and gp.perm_id = ap.perm_id");
			foreach ($perms as $perm) {
				$_SESSION['perms'][$perm] = true;
			}
			$_SESSION['uid'] = $u['user_id'];
			$projs = $db->getCol("select project_id from ".TBL_PROJECT_PERM." where user_id = ".$_SESSION['uid']);
			foreach ($projs as $proj) {
				$_SESSION['projs'][$proj] = true;
			}

			return $u['user_id'];
		}
	}

	function unauth() {

		$_SESSION['uid'] = 0;
		$_SESSION['perms'] = array();
		$_SESSION['exp']   = 0;
		$_SESSION['group'] = array();
		$_SESSION['group_ids'] = array(0);
		$_SESSION['db_fields'] = array();
		$_SESSION['queryinfo'] = array();
		$_SESSION = array();

	}
}

class uperm {
	var $classname = 'uperm';
	var $permissions = array ();

	function check($p, $proj = 0) {

		if (!$this->have_perm($p, $proj)) {
			if (!isset($_SESSION['perms']) ) {
				$_SESSION['perms'] = '';
			}
			$this->perm_invalid($_SESSION['perms'], $p);
			exit();
		}
	}

	function check_proj($project_id = -1) {
		global $db;

		if ($this->have_perm_proj($project_id)) {
			return true;
		} else {
			$this->perm_invalid($_SESSION['perms']);
			exit();
		}
	}

	function have_perm_proj($project_id = -1) {
		global $db;

		if ($this->have_perm('Admin')) {
			return true;
		}

		if ($project_id == -1) {
			if (isset($_SESSION['projs']) ) {
				return true;
			} else {
				return false;
			}
		}

		if (isset($_SESSION['projs'][$project_id]) ) {
			return true;
		} else {
			return false;
		}
	}

	function check_auth($auth_var, $reqs, $proj = 0) {

		// Administrators always pass
		if (@isset($_SESSION[$auth_var]['Admin'])) {
			return true;
		}

		if (isset($proj) && !empty($proj) && $this->have_perm_proj($proj)) {
			return true;
		}

		if (is_array($reqs)) {
			foreach ($reqs as $req) {
				if (!@isset($_SESSION[$auth_var][$req]) &&
					($auth_var!='perms' || !@isset($this->permissions[$req]))) {
					return false;
				}
			}
		} else {
			if (!@isset($_SESSION[$auth_var][$reqs]) &&
				($auth_var!='perms' || !@isset($this->permissions[$reqs]))) {
				return false;
			}
		}

		// Didn't fail on any requirements?  Then the user passes the check
		return true;
	}


	function in_group($req_groups) {
		return $this->check_auth('group', $req_groups);
	}


	function have_perm($req_perms, $proj = 0) {
		return $this->check_auth('perms', $req_perms, $proj);
	}


	function perm_invalid($actual_perms, $required_perms = 0) {
		global $t;

		$t->render('badperm.html', '');
	}

	function check_group($group) {
		global $t;

		if (!$this->check_auth('group', $group)) {
			$t->assign('group', $group);
			$t->render('badgroup.html', 'Group Failure');
			exit();
		}
	}

	function add_role($arole) {
		global $db;

		$perms = $db->getCol("select perm_name from ".TBL_AUTH_PERM." ap, ".TBL_GROUP_PERM." gp, ".TBL_AUTH_GROUP." ag where ag.group_name='$arole' and ag.group_id=gp.group_id and gp.perm_id = ap.perm_id");
		if ($perms && !DB::isError($perms)) {
			foreach ($perms as $p) {
				$this->permissions[$p] = true;
			}
		}
	}

}

?>
Return current item: phpBugTracker