Trang chủ Khám phá Trợ giúp
Đăng ký Đăng nhập
URBANMS
/
EXCELIA_DBARR
2
0
Fork 0
Các tập tin Các vấn đề 0 Yêu cầu kéo về 0 Wiki
Tree: 7124a25e68
Branches Tags
EXCELIA_DBARR
/
core
/
login
/
functions_http.php

functions_http.php 3.1 KB
Lịch sử Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687 
  1. <?php
    2. 

  2. /* Copyright (C) 2007 Laurent Destailleur  <eldy@users.sourceforge.net>
    3. 

  3.  *
    4. 

  4.  * This program is free software; you can redistribute it and/or modify
    5. 

  5.  * it under the terms of the GNU General Public License as published by
    6. 

  6.  * the Free Software Foundation; either version 3 of the License, or
    7. 

  7.  * (at your option) any later version.
    8. 

  8.  *
    9. 

  9.  * This program is distributed in the hope that it will be useful,
    10. 

  10.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    11. 

  11.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    12. 

  12.  * GNU General Public License for more details.
    13. 

  13.  *
    14. 

  14.  * You should have received a copy of the GNU General Public License
    15. 

  15.  * along with this program. If not, see <https://www.gnu.org/licenses/>.
    16. 

  16.  */
    17. 

  17. 

  18. /**
    19. 

  19.  * \file       htdocs/core/login/functions_http.php
    20. 

  20.  * \ingroup    core
    21. 

  21.  * \brief      Authentication functions for HTTP Basic
    22. 

  22.  */
    23. 

  23. 

  24. 

  25. /**
    26. 

  26.  * Check validity of user/password/entity
    27. 

  27.  * If test is ko, reason must be filled into $_SESSION["dol_loginmesg"]
    28. 

  28.  *
    29. 

  29.  * @param	string	$usertotest		Login
    30. 

  30.  * @param	string	$passwordtotest	Password
    31. 

  31.  * @param   int		$entitytotest   Number of instance (always 1 if module multicompany not enabled)
    32. 

  32.  * @return	string					Login if OK, '' if KO
    33. 

  33. */
    34. 

  34. function check_user_password_http($usertotest, $passwordtotest, $entitytotest)
    35. 

  35. {
    36. 

  36. 	global $db, $langs;
    37. 

  37. 

  38. 	dol_syslog("functions_http::check_user_password_http _SERVER[REMOTE_USER]=".(empty($_SERVER["REMOTE_USER"]) ? '' : $_SERVER["REMOTE_USER"]));
    39. 

  39. 

  40. 	$login = '';
    41. 

  41. 	if (!empty($_SERVER["REMOTE_USER"])) {
    42. 

  42. 		$login = $_SERVER["REMOTE_USER"];
    43. 

  43. 

  44. 		require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
    45. 

  45. 

  46. 		$tmpuser = new User($db);
    47. 

  47. 		$tmpuser->fetch('', $login, '', 1, ($entitytotest > 0 ? $entitytotest : -1));
    48. 

  48. 

  49. 		$now = dol_now();
    50. 

  50. 		if ($tmpuser->datestartvalidity && $db->jdate($tmpuser->datestartvalidity) >= $now) {
    51. 

  51. 			// Load translation files required by the page
    52. 

  52. 			$langs->loadLangs(array('main', 'errors'));
    53. 

  53. 			$_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorLoginDateValidity");
    54. 

  54. 			return '--bad-login-validity--';
    55. 

  55. 		}
    56. 

  56. 		if ($tmpuser->dateendvalidity && $db->jdate($tmpuser->dateendvalidity) <= dol_get_first_hour($now)) {
    57. 

  57. 			// Load translation files required by the page
    58. 

  58. 			$langs->loadLangs(array('main', 'errors'));
    59. 

  59. 			$_SESSION["dol_loginmesg"] = $langs->transnoentitiesnoconv("ErrorLoginDateValidity");
    60. 

  60. 			return '--bad-login-validity--';
    61. 

  61. 		}
    62. 

  62. 	}
    63. 

  63. 

  64. 	return $login;
    65. 

  65. }
    66. 

  66. 

  67. 

  68. /**
    69. 

  69.  * Decode the value found into the Authorization HTTP header.
    70. 

  70.  * Ex: "Authorization: Basic bG9naW46cGFzcw==", $value is "Basic bG9naW46cGFzcw==" and after base64decode is "login:pass"
    71. 

  71.  * Note: the $_SERVER["REMOTE_USER"] contains only the login used in the HTTP Basic form
    72. 

  72.  * Method not used yet, but we keep it for some dev/test purposes.
    73. 

  73.  *
    74. 

  74.  * @param 	string	$value 		Ex: $_SERVER["REMOTE_USER"]
    75. 

  75.  * @return 	Object 				object.login & object.password
    76. 

  76.  */
    77. 

  77. function decodeHttpBasicAuth($value)
    78. 

  78. {
    79. 

  79. 	$encoded_basic_auth = substr($value, 6);	// Remove the "Basic " string
    80. 

  80. 	$decoded_basic_auth = base64_decode($encoded_basic_auth);
    81. 

  81. 	$credentials_basic_auth = explode(':', $decoded_basic_auth);
    82. 

  82. 

  83. 	return (object) [
    84. 

  84. 		'username'=> $credentials_basic_auth[0],
    85. 

  85. 		'password' => $credentials_basic_auth[1]
    86. 

  86. 	];
    87. 

  87. }
    88.