commit 36f1bcfa9c2a9330748815f097b3f55e23db2703
parent ffe6653873d06a70e8015f0947c6481bf6492a52
Author: dankert <devnull@localhost>
Date: Mon, 27 Dec 2010 23:22:55 +0100
Umbenannt: IndexAction -> LoginAction.
Diffstat:
5 files changed, 1783 insertions(+), 1783 deletions(-)
diff --git a/actionClasses/IndexAction.class.php b/actionClasses/IndexAction.class.php
@@ -1,1676 +0,0 @@
-<?php
-// ---------------------------------------------------------------------------
-// $Id$
-// ---------------------------------------------------------------------------
-// OpenRat Content Management System
-// Copyright (C) 2002-2007 Jan Dankert, jandankert@jandankert.de
-//
-// This program is free software; you can redistribute it and/or
-// modify it under the terms of the GNU General Public License
-// as published by the Free Software Foundation; version 2.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program; if not, write to the Free Software
-// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-// ---------------------------------------------------------------------------
-
-
-define('PROJECTID_ADMIN',-1);
-
-/**
- * Action-Klasse fuer die Start-Action
- * @author $Author$
- * @version $Revision$
- * @package openrat.actions
- */
-
-class IndexAction extends Action
-{
- var $mustChangePassword = false;
-
- function setDb( $dbid )
- {
- global $conf;
-
- if ( !isset($conf['database'][$dbid] ))
- Http::serverError( 'unknown DB-Id: '.$dbid );
-
- $db = db_connection();
- if ( is_object($db) )
- {
- $db->rollback();
- }
-
- $db = new DB( $conf['database'][$dbid] );
- $db->id = $dbid;
- $db->start();
- Session::setDatabase( $db );
- }
-
-
-
- function checkForDb()
- {
- global $conf;
- $dbid = $this->getRequestVar('dbid');
-
- if ( $dbid != '' )
- $this->setDb( $dbid );
- }
-
-
-
- function setDefaultDb()
- {
- if ( $this->hasRequestVar(REQ_PARAM_DATABASE_ID) )
- {
- $dbid = $this->getRequestVar(REQ_PARAM_DATABASE_ID);
- }
- else
- {
- global $conf;
-
- if ( !isset($conf['database']['default']) )
- Http::serverError('default-database not set');
-
- $dbid = $conf['database']['default'];
- }
-
- $this->setDb( $dbid );
- }
-
-
-
- private function checkLogin( $name,$pw,$pw1,$pw2 )
- {
- Logger::debug( "login user $name" );
-
- global $conf;
- global $SESS;
-
- unset( $SESS['user'] );
-
-
- $db = db_connection();
-
- if ( !$db->available )
- {
- $this->addNotice('database',$db->conf['comment'],'DATABASE_CONNECTION_ERROR',OR_NOTICE_ERROR,array(),array('Database Error: '.$db->error));
- $this->callSubAction('showlogin');
- return false;
- }
-
- // Zeichensatz der Datenbank benutzen
- if ( isset($db->conf['charset']) )
- $charset = $db->conf['charset'];
- else
- $charset = 'US-ASCII';
- $this->setCharset($charset);
-
-
- $ip = getenv("REMOTE_ADDR");
-
- $user = new User();
- $user->name = $name;
-
- $ok = $user->checkPassword( $pw );
-
- $this->mustChangePassword = $user->mustChangePassword;
-
- if ( $this->mustChangePassword )
- {
- // Der Benutzer hat zwar ein richtiges Kennwort eingegeben, aber dieses ist abgelaufen.
- // Wir versuchen hier, das neue zu setzen (sofern eingegeben).
- if ( empty($pw1) )
- {
- }
- elseif ( $pw1 != $pw2 )
- {
- $this->addValidationError('password1','PASSWORDS_DO_NOT_MATCH');
- $this->addValidationError('password2','');
- }
- elseif ( strlen($pw2) < $conf['security']['password']['min_length'] )
- {
- $this->addValidationError('password1','PASSWORD_MINLENGTH',array('minlength'=>$conf['security']['password']['min_length']));
- $this->addValidationError('password2','');
- }
- else
- {
- // Kennw�rter identisch und lang genug.
- $user->setPassword( $pw1,true );
-
- // Das neue Kennwort ist gesetzt, die Anmeldung ist also doch noch gelungen.
- $ok = true;
- $this->mustChangePassword = false;
- $user->mustChangePassword = false;
- }
- }
-
- // Falls Login erfolgreich
- if ( $ok )
- {
- // Login war erfolgreich!
- $user->load();
- $user->setCurrent();
- Logger::info( 'login successful' );
-
- return true;
- }
- else
- {
- Logger::info( "login for user $name failed" );
-
- return false;
- }
- }
-
-
-
- /**
- * Anzeigen der Loginmaske.
- *
- * Es wird nur die Loginmaske angezeigt.
- * Hier nie "304 not modified" setzen, da sonst keine
- * Login-Fehlermeldung erscheinen kann
- */
- function loginView()
- {
- global $conf;
- $sso = $conf['security']['sso'];
- $ssl = $conf['security']['ssl'];
-
- $ssl_trust = false;
- $ssl_user_var = '';
- extract( $ssl, EXTR_PREFIX_ALL, 'ssl' );
-
- if ( $sso['enable'] )
- {
- $authid = $this->getRequestVar( $sso['auth_param_name']);
-
- if ( empty( $authid) )
- Http::notAuthorized( 'no authorization data (no auth-id)');
-
- if ( $sso['auth_param_serialized'] )
- $authid = unserialize( $authid );
-
- $purl = parse_url($sso['url']);
- // Verbindung zu URL herstellen.
- $errno=0; $errstr='';
- $fp = fsockopen ($purl['host'],80, $errno, $errstr, 30);
- if ( !$fp )
- {
- echo "Connection failed: $errstr ($errno)";
- }
- else
- {
- $http_get = $purl['path'];
- if ( !empty($purl['query']) )
- $http_get .= '?'.$purl['query'];
-
- $header = array();
-
- $header[] = "GET $http_get HTTP/1.0";
- $header[] ="Host: ".$purl['host'];
- $header[] = "User-Agent: Mozilla/5.0 (OpenRat CMS Single Sign-on Check)";
- $header[] = "Connection: Close";
-
- if ( $sso['cookie'] )
- {
- $cookie = 'Cookie: ';
- if ( is_array($authid))
- foreach( $authid as $cookiename=>$cookievalue)
- $cookie .= $cookiename.'='.$cookievalue."; ";
- else
- $cookie .= $sso['cookie_name'].'='.$authid;
-
- $header[] = $cookie;
- }
-
-// Html::debug($header);
- fputs ($fp, implode("\r\n",$header)."\r\n\r\n");
-
- $inhalt=array();
- while (!feof($fp)) {
- $inhalt[] = fgets($fp,128);
- }
- fclose($fp);
-
- $html = implode('',$inhalt);
-// Html::debug($html);
- if ( !preg_match($sso['expect_regexp'],$html) )
- Http::notAuthorized('auth failed');
- $treffer=0;
- if ( !preg_match($sso['username_regexp'],$html,$treffer) )
- Http::notAuthorized('auth failed');
- if ( !isset($treffer[1]) )
- Http::notAuthorized('authorization failed');
-
- $username = $treffer[1];
-
-// Html::debug( $treffer );
- $this->setDefaultDb();
-
- $user = User::loadWithName( $username );
-
- if ( ! $user->isValid( ))
- Http::notAuthorized('authorization failed: user not found: '.$username);
-
- $user->setCurrent();
-
- $this->callSubAction('show');
- }
- }
-
- elseif ( $ssl_trust )
- {
- if ( empty($ssl_user_var) )
- Http::serverError( 'please set environment variable name in ssl-configuration.' );
-
- $username = getenv( $ssl_user_var );
-
- if ( empty($username) )
- Http::notAuthorized( 'no username in client certificate ('.$ssl_user_var.') (or there is no client certificate...?)' );
-
- $this->setDefaultDb();
-
- $user = User::loadWithName( $username );
-
- if ( !$user->isValid() )
- Http::serverError( 'unknown username: '.$username );
-
- $user->setCurrent();
-
- $this->callSubAction('show');
- }
-
- foreach( $conf['database'] as $dbname=>$dbconf )
- {
- if ( is_array($dbconf) && $dbconf['enabled'] )
- $dbids[$dbname] = array('key' =>$dbname,
- 'value'=>Text::maxLength($dbconf['comment']),
- 'title'=>$dbconf['comment'].' ('.$dbconf['host'].')' );
- }
-
- $openid_provider = array();
- foreach( explode(',',$conf['security']['openid']['provider']) as $provider )
- $openid_provider[$provider] = config('security','openid','provider.'.$provider.'.name');
- $this->setTemplateVar('openid_providers',$openid_provider);
- $this->setTemplateVar('openid_user_identity',config('security','openid','user_identity'));
- //$this->setTemplateVar('openid_provider','identity');
-
-
- if ( empty($dbids) )
- $this->addNotice('','','no_database_configuration',OR_NOTICE_WARN);
-
- if ( !isset($this->templateVars['login_name']) && isset($_COOKIE['or_username']) )
- $this->setTemplateVar('login_name',$_COOKIE['or_username']);
-
- if ( !isset($this->templateVars['login_name']) )
- $this->setTemplateVar('login_name',@$conf['security']['default']['username']);
-
- if ( $this->templateVars['login_name']== @$conf['security']['default']['username'])
- $this->setTemplateVar('login_password',@$conf['security']['default']['password']);
-
- $this->setTemplateVar( 'dbids',$dbids );
-
- $db = Session::getDatabase();
- if ( is_object($db) )
- $this->setTemplateVar('actdbid',$db->id);
- elseif( isset($this->templateVars['actid']) )
- ;
- else
- $this->setTemplateVar('actdbid',$conf['database']['default']);
-
-
- // Den Benutzernamen aus dem Client-Zertifikat lesen und in die Loginmaske eintragen.
- $ssl_user_var = $conf['security']['ssl']['user_var'];
- if ( !empty($ssl_user_var) )
- {
- $username = getenv( $ssl_user_var );
-
- if ( empty($username) )
- {
- echo lang('ERROR_LOGIN_BROKEN_SSL_CERT');
- Logger::warn( 'no username in SSL client certificate (var='.$ssl_user_var.').' );
- exit;
- }
-
- // Benutzername ist in Eingabemaske unveränderlich
- $this->setTemplateVar('force_username',$username);
- }
-
- $this->setTemplateVar('objectid' ,$this->getRequestVar('objectid' ,OR_FILTER_NUMBER) );
- $this->setTemplateVar('projectid' ,$this->getRequestVar('projectid' ,OR_FILTER_NUMBER) );
- $this->setTemplateVar('modelid' ,$this->getRequestVar('modelid' ,OR_FILTER_NUMBER) );
- $this->setTemplateVar('languageid',$this->getRequestVar('languageid',OR_FILTER_NUMBER) );
-
- $this->setTemplateVar('register' ,$conf['login' ]['register' ]);
- $this->setTemplateVar('send_password',$conf['login' ]['send_password']);
- }
-
-
-
- /**
- * Erzeugt ein Projekt-Auswahlmenue.
- */
- function projectmenu()
- {
- $user = Session::getUser();
-
- if ( $user->mustChangePassword )
- {
- $this->addNotice( 'user',$user->name,'PASSWORD_TIMEOUT','warn' );
- $this->callSubAction( 'changepassword' ); // Zwang, das Kennwort zu �ndern.
- }
-
-
- // Diese Seite gilt pro Sitzung.
- $this->lastModified( $user->loginDate );
-
- // Projekte ermitteln
- $projects = $user->projects;
-
- $list = array();
-
- foreach( $projects as $id=>$name )
- {
- $p = array();
- $p['url' ] = Html::url('index','project',$id);
- $p['name'] = $name;
- $p['id' ] = $id;
-
- $tmpProject = new Project( $id );
- $p['defaultmodelid' ] = $tmpProject->getDefaultModelId();
- $p['defaultlanguageid'] = $tmpProject->getDefaultLanguageId();
- $p['models' ] = $tmpProject->getModels();
- $p['languages' ] = $tmpProject->getLanguages();
-
- $list[] = $p;
- }
-
- $this->setTemplateVar('projects',$list);
-
- if ( empty($list) )
- {
- // Kein Projekt vorhanden. Eine Hinweismeldung ausgeben.
- if ( $this->userIsAdmin() )
- // Administratoren bekommen bescheid, dass sie ein Projekt anlegen sollen
- $this->addNotice('','','ADMIN_NO_PROJECTS_AVAILABLE',OR_NOTICE_WARN);
- else
- // Normale Benutzer erhalten eine Meldung, dass kein Projekt zur Verf�gung steht
- $this->addNotice('','','NO_PROJECTS_AVAILABLE',OR_NOTICE_WARN);
- }
-
- $this->metaValues();
- }
-
-
-
- /**
- * Erzeugt eine Anwendungsliste.
- */
- function applications()
- {
- global $conf;
-
- // Diese Seite gilt pro Sitzung.
- $user = Session::getUser();
- $userGroups = $user->getGroups();
- $this->lastModified( $user->loginDate );
-
- // Applikationen ermitteln
- $list = array();
- foreach( $conf['applications'] as $id=>$app )
- {
- if ( !is_array($app) )
- continue;
-
- if ( isset($app['group']) )
- if ( !in_array($app['group'],$userGroups) )
- continue; // Keine Berechtigung, da Benutzer nicht in Gruppe vorhanden.
-
- $p = array();
- $p['url'] = $app['url'];
- $p['description'] = @$app['description'];
- if ( isset($app['param']) )
- {
- $p['url'] .= strpos($p['url'],'?')!==false?'&':'?';
- $p['url'] .= $app['param'].'='.session_id();
- }
- $p['name'] = $app['name'];
-
- $list[] = $p;
- }
-
-
- $this->metaValues();
- $this->setTemplateVar('applications',$list);
- }
-
-
-
- /**
- * Ermittelt Meta-Angaben f�r den HTML-Kopf.<br>
- * Falls der Browser die Meta-Angaben entsprechend auswertet, k�nnen �ber feste Browser-Men�s
- die Projekt direkt ausgew�hlt werden.
- */
- function metaValues()
- {
- global $conf;
- $metaList = array();
-
- $user = Session::getUser();
- if ( is_object($user) )
- {
- // Projekte ermitteln
- $projects = $user->projects;
- foreach( $projects as $id=>$name )
- {
- $metaList[] = array('name' => 'chapter',
- 'url' => Html::url('index','project',$id),
- 'title'=> $name );
- }
-
- if ( $this->userIsAdmin() )
- {
- $metaList[] = array('name' => 'appendix',
- 'url' => Html::url('index','projectmenu',0 ),
- 'title'=> lang('MENU_TREETITLE_ADMINISTRATION' ) );
-
- $metaList[] = array('name' => 'chapter',
- 'url' => Html::url('index','administration',0),
- 'title'=> lang('administration') );
- }
-
- // Applikationen ermitteln
- foreach( $conf['applications'] as $id=>$app )
- {
- if ( !is_array($app) )
- continue;
- $appUrl = $app['url'];
- if ( isset($app['param']) )
- {
- $appUrl .= strpos($appUrl,'?')!==false?'&':'?';
- $appUrl .= $app['param'].'='.session_id();
- }
-
- $metaList[] = array('name' => 'bookmark',
- 'url' => $appUrl ,
- 'title'=> $app['name'] );
- }
- }
-
- $project = Session::getProject();
- if ( is_object($project) && $project->projectid > 0 )
- {
- $languages =$project->getLanguages();
-
- foreach( $project->getModels() as $modelid=>$modelname )
- {
- foreach( $languages as $languageid=>$languagename )
- {
-
- $metaList[] = array('name' => 'subsection',
- 'url' => Html::url('index',
- 'project',
- $project->projectid,
- array('languageid'=>$languageid,
- 'modelid' =>$modelid) ),
- 'title'=> $modelname.' - '.$languagename
- );
- }
- }
- }
-
- $metaList[] = array('name' => 'author',
- 'url' => $conf['login']['logo']['url'],
- 'title'=> $conf['login']['logo']['url'] );
-
- $metaList[] = array('name' => 'top',
- 'url' => Html::url('index','logout',0 ),
- 'title'=> 'Start' );
-
- $metaList[] = array('name' => 'contents',
- 'url' => Html::url('index','projectmenu',0 ),
- 'title'=> lang('MENU_TREETITLE_PROJECTMENU' ) );
-
-
- $this->setTemplateVar('metaList',$metaList);
- }
-
-
-
- /**
- * Open-Id Login, �berpr�fen der Anmeldung.<br>
- * Spezifikation: http://openid.net/specs/openid-authentication-1_1.html<br>
- * Kapitel "4.4. check_authentication"<br>
- * <br>
- * Im 2. Schritt (Mode "id_res") erfolgte ein Redirect vom Open-Id Provider an OpenRat zur�ck.<br>
- * Wir befinden uns nun im darauf folgenden Request des Browsers.<br>
- * <br>
- * Es muss noch beim OpenId-Provider die Best�tigung eingeholt werden, danach ist der
- * Benutzer angemeldet.<br>
- */
- function openid()
- {
- global $conf;
- $openId = Session::get('openid');
-
- if ( !$openId->checkAuthentication() )
- {
- $this->addNotice('user',$openId->user,'LOGIN_OPENID_FAILED',OR_NOTICE_ERROR,array('name'=>$openId->user),array($openId->error) );
- $this->addValidationError('openid_url','');
- $this->callSubAction('showlogin');
- return;
- }
-
- //Html::debug($openId);
-
- // Anmeldung wurde mit "is_valid:true" best�tigt.
- // Der Benutzer ist jetzt eingeloggt.
- $username = $openId->getUserFromIdentiy();
-
- if ( empty($username) )
- {
- // Es konnte kein Benutzername ermittelt werden.
- $this->addNotice('user',$username,'LOGIN_OPENID_FAILED','error',array('name'=>$username) );
- $this->addValidationError('openid_url','');
- $this->callSubAction('showlogin');
- return;
- }
-
- $user = User::loadWithName( $username );
-
- if ( $user->userid <=0)
- {
- // Benutzer ist (noch) nicht vorhanden.
- if ( $conf['security']['openid']['add']) // Anlegen?
- {
- $user->name = $username;
- $user->add();
-
- $user->mail = $openId->info['email'];
- $user->fullname = $openId->info['fullname'];
- $user->save(); // Um E-Mail zu speichern (wird bei add() nicht gemacht)
- }
- else
- {
- // Benutzer ist nicht in Benutzertabelle vorhanden (und angelegt werden soll er auch nicht).
- $this->addNotice('user',$username,'LOGIN_OPENID_FAILED','error',array('name'=>$username) );
- $this->addValidationError('openid_url','');
- $this->callSubAction('showlogin');
- return;
- }
- }
- else
- {
- // Benutzer ist bereits vorhanden.
- if ( @$conf['security']['openid']['update_user'])
- {
- $user->fullname = $openId->info['fullname'];
- $user->mail = $openId->info['email'];
- $user->save();
- }
- }
-
- $user->setCurrent(); // Benutzer ist jetzt in der Sitzung.
- }
-
-
- /**
- * Login.
- */
- function loginAction()
- {
- global $conf;
-
- $this->checkForDb();
- Session::setUser('');
-
- if ( $conf['login']['nologin'] )
- Http::notAuthorized('login disabled');
-
- $openid_user = $this->getRequestVar('openid_url' );
- $loginName = $this->getRequestVar('login_name' ,OR_FILTER_ALPHANUM);
- $loginPassword = $this->getRequestVar('login_password',OR_FILTER_ALPHANUM);
- $newPassword1 = $this->getRequestVar('password1' ,OR_FILTER_ALPHANUM);
- $newPassword2 = $this->getRequestVar('password2' ,OR_FILTER_ALPHANUM);
-
- // Cookie setzen
- setcookie('or_username',$loginName,time()+(60*60*24*30*12*2) );
-
- // Login mit Open-Id.
- if ( $this->hasRequestVar('openid_provider') && ($this->getRequestVar('openid_provider') != 'identity' || !empty($openid_user)) )
- {
- $openId = new OpenId($this->getRequestVar('openid_provider'),$openid_user);
-
- if ( ! $openId->login() )
- {
- $this->addNotice('user',$openid_user,'LOGIN_OPENID_FAILED','error',array('name'=>$openid_user),array($openId->error) );
- $this->addValidationError('openid_url','');
- $this->callSubAction('showlogin');
- return;
- }
-
- Session::set('openid',$openId);
- $openId->redirect();
- die('Unreachable Code');
- }
-
-
- // Ermitteln, ob der Baum angezeigt werden soll
- // Ist die Breite zu klein, dann wird der Baum nicht angezeigt
- Session::set('showtree',intval($this->getRequestVar('screenwidth')) > $conf['interface']['min_width'] );
-
- $loginOk = $this->checkLogin( $loginName,
- $loginPassword,
- $newPassword1,
- $newPassword2 );
-
- if ( !$loginOk )
- {
- // Anmeldung nicht erfolgreich
- sleep(3);
-
- if ( $this->mustChangePassword )
- {
- // Anmeldung gescheitert, Benutzer muss Kennwort �ndern.
- $this->addNotice('user',$loginName,'LOGIN_FAILED_MUSTCHANGEPASSWORD','error' );
- $this->addValidationError('password1','');
- $this->addValidationError('password2','');
- }
- else
- {
- // Anmeldung gescheitert.
- $this->addNotice('user',$loginName,'LOGIN_FAILED','error',array('name'=>$loginName) );
- $this->addValidationError('login_name' ,'');
- $this->addValidationError('login_password','');
- }
-
- Logger::debug("Login failed for user '$loginName'");
-
- //$this->callSubAction('login');
- return;
- }
- else
- {
- Logger::debug("Login successful for user '$loginName'");
-
- // Anmeldung erfolgreich.
- if ( config('security','renew_session_login') )
- $this->recreateSession();
-
- $user = Session::getUser();
- $this->addNotice('user',$user->name,'LOGIN_OK',OR_NOTICE_OK,array('name'=>$user->fullname));
-
- $this->setStyle( $user->style );
-
- $this->evaluateRequestVars();
-
- $object = Session::getObject();
- // Falls noch kein Objekt ausgew�hlt, dann das zuletzt ge�nderte benutzen.
- if ( !is_object($object) && @$conf['login']['start']['start_lastchanged_object'] )
- {
- $objectid = Value::getLastChangedObjectByUserId($user->userid);
- if ( Object::available($objectid))
- {
- $object = new Object($objectid);
- $object->load();
- Session::setObject($object);
- }
-
- $project = new Project( $object->projectid );
- $project->load();
- Session::setProject( $project );
-
- $language = new Language( isset($vars[REQ_PARAM_LANGUAGE_ID])&&Language::available($vars[REQ_PARAM_LANGUAGE_ID])?$vars[REQ_PARAM_LANGUAGE_ID]:$project->getDefaultLanguageId() );
- $language->load();
- Session::setProjectLanguage( $language );
-
- $model = new Model( isset($vars[REQ_PARAM_MODEL_ID])&&Model::available($vars[REQ_PARAM_MODEL_ID])?$vars[REQ_PARAM_MODEL_ID]:$project->getDefaultModelId() );
- $model->load();
- Session::setProjectModel( $model );
- }
- }
-
- //$this->refresh(); // Benutzer ist angemeldet: Andere Views könnte das interessieren.
- $this->updateView('content','start','projectmenu');
-
- }
-
-
- /**
- * Benutzer meldet sich ab.
- */
- function logoutAction()
- {
- global $conf;
-
- $user = Session::getUser();
- if ( is_object($user) )
- $this->setTemplateVar('login_username',$user->name);
-
- // Ausgew�hlte Objekte merken, um nach dem n�. Login wieder sofort auszuw�hlen.
- $o = Session::getObject();
- if ( is_object($o) )
- $this->setTemplateVar('objectid',$o->objectid);
- $p = Session::getProject();
- if ( is_object($p) )
- $this->setTemplateVar('projectid',$p->projectid);
- $l = Session::getProjectLanguage();
- if ( is_object($l) )
- $this->setTemplateVar('languageid',$l->languageid);
- $m = Session::getProjectModel();
- if ( is_object($m) )
- $this->setTemplateVar('modelid',$m->modelid);
- $db = db_connection();
- if ( is_object($db) )
- $this->setTemplateVar('dbid',$db->id);
-
- /*
- // Alle Variablen aus der Sitzung entfernen.
- session_unset();
-
- // Damit wird die Session gelöscht, nicht nur die Session-Daten!
- if ( ini_get("session.use_cookies") )
- {
- $params = session_get_cookie_params();
- setcookie( session_name(),'', time() - 3600,
- $params["path"],$params["domain"],$params["secure"],$params["httponly"] );
- }
-
- // Loeschen der Session.
- session_destroy();
- */
- if ( config('security','renew_session_logout') )
- $this->recreateSession();
-
- session_unset();
-
- if ( @$conf['theme']['compiler']['compile_at_logout'] )
- {
- foreach( $conf['action'] as $actionName => $actionConfig )
- {
- foreach( $actionConfig as $subActionName=>$subaction )
- {
- if ( is_array($subaction) &&
- !isset($subaction['goto' ]) &&
- !isset($subaction['direct']) &&
- !isset($subaction['action']) &&
- !isset($subaction['alias' ]) &&
- $subActionName != 'menu' )
- {
- $engine = new TemplateEngine();
- $engine->compile( strtolower(str_replace('Action','',$actionName)).'/'.$subActionName);
- }
- }
- }
- }
-
- // Umleiten auf eine definierte URL.s
- $redirect_url = @$conf['security']['logout']['redirect_url'];
-
- if ( !empty($redirect_url) )
- {
- header('Location: '.$redirect_url);
- exit;
- }
- }
-
-
-
- /**
- * Benutzer meldet sich ab.
- */
- function logoutView()
- {
- }
-
-
- /**
- * Ausw�hlen der Administration.
- */
- function administration()
- {
- Session::setProject( new Project(-1) );
- }
-
-
-
- /**
- * Ausgeben von maschinenlesbaren Benutzerinformationen.
- *
- * Diese Funktion dient dem Single-Signon f�r fremde Anwendungen, welche
- * die Benutzerinformationen des angemeldeten Benutzers aus dieser
- * Anwendung auslesen k�nnen.
- */
- function userinfo()
- {
- $user = Session::getUser();
- $info = array('username' => $user->name,
- 'fullname' => $user->fullname,
- 'mail' => $user->mail,
- 'telephone' => $user->tel,
- 'style' => $user->style,
- 'admin' => $user->isAdmin?'true':'false',
- 'ldap' => $user->ldap_dn,
- 'groups' => implode(',',$user->getGroups()),
- 'description'=> $user->desc
- );
-
- // Wenn der HTTP-Parameter "xml" vorhanden ist, dann geben wir die
- // Informationen per XML aus.
- if ( $this->hasRequestVar('xml') )
- {
- header('Content-Type: text/xml');
- echo '<userinfo>';
- foreach( $info as $n=>$i )
- echo '<'.$n.'>'.$i.'</'.$n.'>'."\n";
- echo '</userinfo>';
-
- }
-
- // Sonst normale Textausgabe im INI-Datei-Format.
- else
- {
- header('Content-Type: text/plain');
- foreach( $info as $n=>$i )
- echo $n.'="'.$i."\"\n";
- }
-
- exit; // Fertig.
- }
-
-
- function project()
- {
- $user = Session::getUser();
- if ( ! is_object($user) )
- {
- $this->callSubAction('show');
- return;
- }
-
- $this->evaluateRequestVars( array('projectid'=>$this->getRequestId()) );
-
- Session::setUser( $user );
- }
-
-
- function object()
- {
- $user = Session::getUser();
- if ( ! is_object($user) )
- {
- $this->callSubAction('show');
- return;
- }
-
- $this->evaluateRequestVars( array('objectid'=>$this->getRequestId()) );
-
- Session::setUser( $user );
- }
-
-
- function language()
- {
- $user = Session::getUser();
- if ( ! is_object($user) )
- {
- $this->callSubAction('show');
- return;
- }
-
- $this->evaluateRequestVars( array(REQ_PARAM_LANGUAGE_ID=>$this->getRequestId()) );
- }
-
-
- function model()
- {
- $user = Session::getUser();
- if ( ! is_object($user) )
- {
- $this->callSubAction('show');
- return;
- }
-
- $this->evaluateRequestVars( array(REQ_PARAM_MODEL_ID=>$this->getRequestId()) );
-
- $user = Session::getUser();
- }
-
-
- /**
- * Auswerten der Request-Variablen.
- *
- * @param Array $add
- */
- function evaluateRequestVars( $add = array() )
- {
- global $REQ;
- $vars = $REQ + $add;
-
- $db = db_connection();
- if ( !is_object($db) )
- {
- if ( isset($vars[REQ_PARAM_DATABASE_ID]) )
- $this->setDb($vars[REQ_PARAM_DATABASE_ID]);
- else
- Http::serverError('no database available.');
- }
- else
- {
- // Prüft, ob die übergebene Datenbank-Id mit der
- // aktuellen übereinstimmt.
- // Falls nicht, muss ein Re-Login erfolgen.
- if ( isset($vars[REQ_PARAM_DATABASE_ID]) )
- if ( $db->id != $vars[REQ_PARAM_DATABASE_ID] )
- {
- $this->callSubAction('show');
- return;
- }
- }
-
-
- if ( isset($vars[REQ_PARAM_OBJECT_ID]) && Object::available($vars[REQ_PARAM_OBJECT_ID]) )
- {
- $object = new Object( $vars[REQ_PARAM_OBJECT_ID] );
- $object->objectLoadRaw();
- Session::setObject( $object );
-
- $project = new Project( $object->projectid );
- $project->load();
- Session::setProject( $project );
-
- $language = new Language( isset($vars[REQ_PARAM_LANGUAGE_ID])&&Language::available($vars[REQ_PARAM_LANGUAGE_ID])?$vars[REQ_PARAM_LANGUAGE_ID]:$project->getDefaultLanguageId() );
- $language->load();
- Session::setProjectLanguage( $language );
-
- $model = new Model( isset($vars[REQ_PARAM_MODEL_ID])&&Model::available($vars[REQ_PARAM_MODEL_ID])?$vars[REQ_PARAM_MODEL_ID]:$project->getDefaultModelId() );
- $model->load();
- Session::setProjectModel( $model );
- }
- elseif ( isset($vars[REQ_PARAM_LANGUAGE_ID]) && Language::available($vars[REQ_PARAM_LANGUAGE_ID]) )
- {
- $language = new Language( $vars[REQ_PARAM_LANGUAGE_ID] );
- $language->load();
- Session::setProjectLanguage( $language );
-
- $project = new Project( $language->projectid );
- $project->load();
- Session::setProject( $project );
-
- $model = Session::getProjectModel();
- if ( !is_object($model) )
- {
- $model = new Model( $project->getDefaultModelId() );
- $model->load();
- Session::setProjectModel( $model );
- }
-
- $object = Session::getObject();
- if ( is_object($object) && $object->projectid == $project->projectid )
- {
- $object->objectLoadRaw();
- Session::setObject( $object );
- }
- else
- {
- Session::setObject( '' );
- }
- }
- elseif ( isset($vars[REQ_PARAM_MODEL_ID]) && Model::available($vars[REQ_PARAM_MODEL_ID]) )
- {
- $model = new Model( $vars[REQ_PARAM_MODEL_ID] );
- $model->load();
- Session::setProjectModel( $model );
-
- $project = new Project( $model->projectid );
- $project->load();
- Session::setProject( $project );
-
- $language = Session::getProjectLanguage();
- if ( !is_object($language) || $language->projectid != $project->projectid )
- {
- $language = new Language( $project->getDefaultLanguageId() );
- $language->load();
- Session::setProjectLanguage( $language );
- }
-
- $object = Session::getObject();
- $object->objectLoadRaw();
- if ( is_object($object) && $object->projectid == $project->projectid )
- {
- $object->objectLoadRaw();
- Session::setObject( $object );
- }
- else
- {
- Session::setObject( '' );
- }
- }
- elseif ( isset($vars[REQ_PARAM_PROJECT_ID])&&Project::available($vars[REQ_PARAM_PROJECT_ID]) )
- {
- $project = new Project( $vars[REQ_PARAM_PROJECT_ID] );
- $project->load();
-
- Session::setProject( $project );
-
- $language = new Language( isset($vars[REQ_PARAM_LANGUAGE_ID])&& Language::available($vars[REQ_PARAM_LANGUAGE_ID])?$vars[REQ_PARAM_LANGUAGE_ID]:$project->getDefaultLanguageId() );
- $language->load();
- Session::setProjectLanguage( $language );
-
- $model = new Model( isset($vars[REQ_PARAM_MODEL_ID])&& Model::available($vars[REQ_PARAM_MODEL_ID])?$vars[REQ_PARAM_MODEL_ID]:$project->getDefaultModelId() );
- $model->load();
- Session::setProjectModel( $model );
-
- $object = Session::getObject();
- if ( is_object($object) && $object->projectid == $project->projectid )
- {
- $object->objectLoadRaw();
- Session::setObject( $object );
- }
- else
- {
- Session::setObject( '' );
- }
- }
- }
-
-
- function showtree()
- {
- Session::set('showtree',true );
- }
-
-
- function hidetree()
- {
- Session::set('showtree',false );
- }
-
-
- function switchuser()
- {
- $user = Session::getUser();
-
- if ( ! $user->isAdmin )
- Http::notAuthorized("");
-
- $this->recreateSession();
-
- $newUser = new User( $this->getRequestId() );
- $newUser->load();
-
- $newUser->setCurrent();
- }
-
-
- function show()
- {
- global $conf;
- global $PHP_AUTH_USER;
- global $PHP_AUTH_PW;
-
- $user = Session::getUser();
- // Gast-Login
- if ( ! is_object($user) )
- {
- if ( $conf['security']['guest']['enable'] )
- {
- $this->setDefaultDb();
- $username = $conf['security']['guest']['user'];
- $user = User::loadWithName($username);
- if ( $user->userid > 0 )
- $user->setCurrent();
- else
- {
- Logger::warn('Guest login failed, user not found: '.$username);
- $this->addNotice('user',$username,'LOGIN_FAILED',OR_NOTICE_WARN,array('name'=>$username) );
- $user = null;
- }
- }
- }
-
- if ( ! is_object($user) )
- {
- switch( $conf['security']['login']['type'] )
- {
-
- // Authorization ueber HTTP
- //
- case 'http':
- $ok = false;
-
- if ( isset($_SERVER['PHP_AUTH_USER']) )
- {
- $this->setDefaultDb();
- $ok = $this->checkLogin( $_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW'] );
- }
-
- if ( ! $ok )
- {
- header( 'WWW-Authenticate: Basic realm="'.OR_TITLE.' - '.lang('HTTP_REALM').'"' );
- header( 'HTTP/1.0 401 Unauthorized' );
- echo 'Authorization Required!';
- exit;
- }
- break;
-
- case 'form':
- // Benutzer ist nicht angemeldet
- $this->callSubAction( 'showlogin' ); // Anzeigen der Login-Maske
- return;
- break;
-
- default:
- Http::serverError('Unknown auth-type: '.$conf['security']['login']['type'].'. Please check the configuration setting /security/login/type' );
- }
- }
-
- if ( $user->mustChangePassword )
- {
- $this->addNotice( 'user',$user->name,'PASSWORD_TIMEOUT','warn' );
- $this->callSubAction( 'changepassword' ); // Zwang, das Kennwort zu �ndern.
- }
-
- // Seite �ndert sich nur 1x pro Session
- $this->lastModified( $user->loginDate );
-
- $projectid = intval( $this->getRequestVar('projectid' ) );
- $languageid = intval( $this->getRequestVar('languageid') );
- $modelid = intval( $this->getRequestVar('modelid' ) );
- $objectid = intval( $this->getRequestVar('objectid' ) );
- $elementid = intval( $this->getRequestVar('elementid' ) );
-
- if ( $projectid != 0 )
- {
- $project = new Project( $projectid );
- $project->load();
- Session::setProject($project);
- }
- elseif ( $languageid != 0 )
- {
- $language = new Language( $languageid );
- $language->load();
- Session::setProjectLanguage($language);
- }
- elseif ( $modelid != 0 )
- {
- $model = new Model( $modelid );
- $model->load();
- Session::setProjectModel($model);
- }
- elseif ( $objectid != 0 )
- {
- $object = new Object( $objectid );
- $object->objectLoad();
- Session::setObject($object);
- }
- if ( $elementid != 0 )
- {
- $element = new Element( $elementid );
- Session::setElement($element);
- }
-
- $project = Session::getProject();
- $object = Session::getObject();
- $elementid = 0;
-
- if ( is_object($project) )
- {
- if ( $project->projectid == PROJECTID_ADMIN )
- {
- $project->name = lang('ADMINISTRATION');
- Session::setProject( $project );
-
- Session::setProjectLanguage( '' );
- Session::setProjectModel ( '' );
- Session::setObject ( '' );
- }
-
- $this->setTemplateVar( 'title',$project->name );
-
- if ( is_object($object) )
- {
- $type = $object->getType();
-
- if ( $type == 'page' )
- {
- $page = new Page($object->objectid);
- $page->load();
- $elementList = $page->getWritableElements();
- if ( count($elementList) == 1 )
- $elementid = current(array_keys($elementList));
- }
-
- if ( $elementid > 0 )
- $this->setTemplateVar( 'frame_src_main',Html::url('main','pageelement',$object->objectid,array('elementid'=>$elementid,'targetSubAction'=>'edit')) );
- else
- $this->setTemplateVar( 'frame_src_main',Html::url('main',$type,$object->objectid) );
- }
- else
- {
- $this->setTemplateVar( 'frame_src_main',Html::url('main','empty',0,array(REQ_PARAM_TARGETSUBACTION=>'blank')) );
- }
- }
- elseif ( is_object($project) && $project->projectid == PROJECTID_ADMIN )
- {
- if ( $this->hasRequestVar('projectid') )
- $this->setTemplateVar( 'frame_src_main',Html::url('main','project',$this->getRequestVar('projectid')) );
- elseif ( $this->hasRequestVar('groupid') )
- $this->setTemplateVar( 'frame_src_main',Html::url('main','group' ,$this->getRequestVar('groupid' )) );
- elseif ( $this->hasRequestVar('userid') )
- $this->setTemplateVar( 'frame_src_main',Html::url('main','user' ,$this->getRequestVar('userid' )) );
- else
- $this->setTemplateVar( 'frame_src_main',Html::url('main','empty',0,array(REQ_PARAM_TARGETSUBACTION=>'blank')) );
- }
- else
- {
- $this->callSubAction( 'projectmenu' );
- }
-
-
- $this->setTemplateVar( 'show_tree',(Session::get('showtree')==true) );
-
- $this->setTemplateVar( 'frame_src_title' ,Html::url( 'title' ) );
- $this->setTemplateVar( 'frame_src_tree_menu' ,Html::url( 'treemenu' ) );
- $this->setTemplateVar( 'frame_src_tree_title',Html::url( 'treetitle' ) );
- $this->setTemplateVar( 'frame_src_tree' ,Html::url( 'tree' ,'load' ) );
- $this->setTemplateVar( 'frame_src_clipboard' ,Html::url( 'clipboard' ) );
- $this->setTemplateVar( 'frame_src_status' ,Html::url( 'status' ) );
-
- $this->setTemplateVar( 'tree_width',$conf['interface']['tree_width'] );
-
- $this->metaValues();
- }
-
-
-
- function checkMenu( $name )
- {
- global $conf;
-
- switch( $name )
- {
- case 'applications':
- // Men�punkt "Anwendungen" wird nur angezeigt, wenn weitere Anwendungen
- // konfiguriert sind.
- return count(@$conf['applications']) > 0;
-
- case 'register': // Registrierung
- // Nur, wenn aktiviert und gegen eigene Datenbank authentisiert wird.
- return @$conf['login']['register'] && @$conf['security']['auth']['type'] == 'database';
-
- case 'password': // Kennwort vergessen
- // Nur, wenn aktiviert und gegen eigene Datenbank authentisiert wird.
- // Deaktiviert, falls LDAP-Lookup aktiviert ist.
- return @$conf['login']['send_password'] && @$conf['security']['auth']['type'] == 'database'
- && !@$conf['security']['auth']['userdn'];
-
- case 'administration':
- // "Administration" nat�rlich nur f�r Administratoren.
- return $this->userIsAdmin();
-
- case 'login':
- return !@$conf['login']['nologin'];
-
- case 'logout':
- return true;
-
- case 'projectmenu':
- return true;
-
- default:
- return false;
- }
- }
-
-
- /**
- * Maske anzeigen, um Benutzer zu registrieren.
- */
- function register()
- {
-
- }
-
-
- /**
- * Registriercode erzeugen und per E-Mail dem Benutzer mitteilen.
- * Maske anzeigen, damit Benuter Registriercode anzeigen kann.
- */
- function registercode()
- {
- $email_address = $this->getRequestVar('mail','mail');
-
- if ( ! Mail::checkAddress($email_address) )
- {
- $this->addValidationError('mail');
- $this->setTemplateVar('mail',$email_address);
- $this->callSubAction('register');
- return;
- }
-
-
- srand ((double)microtime()*1000003);
- $registerCode = rand();
-
- Session::set('registerCode',$registerCode );
-
- // E-Mail and die eingegebene Adresse verschicken
- $mail = new Mail($email_address,
- 'register_commit_code','register_commit_code');
- $mail->setVar('code',$registerCode); // Registrierungscode als Text-Variable
-
- if ( $mail->send() )
- {
- $this->addNotice('','','mail_sent',OR_NOTICE_OK);
- }
- else
- {
- $this->addNotice('','','mail_not_sent',OR_NOTICE_ERROR,array(),$mail->error);
- $this->callSubAction('register');
- return;
- }
- }
-
-
-
- function registeruserdata()
- {
- global $conf;
-
- Session::set('registerMail',$this->getRequestVar('mail') );
- // TODO: Attribut "Password" abfragen
- foreach( $conf['database'] as $dbname=>$dbconf )
- {
- if ( is_array($dbconf) && $dbconf['enabled'] )
- $dbids[$dbname] = $dbconf['comment'];
- }
-
- $this->setTemplateVar( 'dbids',$dbids );
-
- $db = Session::getDatabase();
- if ( is_object($db) )
- $this->setTemplateVar('actdbid',$db->id);
- else
- $this->setTemplateVar('actdbid',$conf['database']['default']);
- }
-
-
- /**
- * Benutzerregistierung.
- * Benutzer hat Best�tigungscode erhalten und eingegeben.
- */
- function registercommit()
- {
- global $conf;
- $this->checkForDb();
-
- $origRegisterCode = Session::get('registerCode');
- $inputRegisterCode = $this->getRequestVar('code');
-
- if ( $origRegisterCode != $inputRegisterCode )
- {
- // Best�tigungscode stimmt nicht.
- $this->addValidationError('code','code_not_match');
- $this->callSubAction('registeruserdata');
- return;
- }
-
- // Best�tigungscode stimmt �berein.
- // Neuen Benutzer anlegen.
-
- if ( !$this->hasRequestVar('username') )
- {
- $this->addValidationError('username');
- $this->callSubAction('registeruserdata');
- return;
- }
-
- $user = User::loadWithName( $this->getRequestVar('username') );
- if ( $user->isValid() )
- {
- $this->addValidationError('username','USER_ALREADY_IN_DATABASE');
- $this->callSubAction('registeruserdata');
- return;
- }
-
- if ( strlen($this->getRequestVar('password')) < $conf['security']['password']['min_length'] )
- {
- $this->addValidationError('password','password_minlength',array('minlength'=>$conf['security']['password']['min_length']));
- $this->callSubAction('registeruserdata');
- return;
- }
-
- $newUser = new User();
- $newUser->name = $this->getRequestVar('username');
- $newUser->add();
-
- $newUser->mail = Session::get('registerMail');
- $newUser->save();
-
- $newUser->setPassword( $this->getRequestVar('password'),true );
-
- $this->addNotice('user',$newUser->name,'user_added','ok');
- }
-
-
-
- /**
- * Vergessenes Kennwort zusenden lassen.
- */
- function password()
- {
- global $conf;
-
- // TODO: Attribut "Password" abfragen
- foreach( $conf['database'] as $dbname=>$dbconf )
- {
- if ( is_array($dbconf) && $dbconf['enabled'] )
- $dbids[$dbname] = $dbconf['comment'];
- }
-
- $this->setTemplateVar( 'dbids',$dbids );
-
-
- $db = Session::getDatabase();
-
- if ( is_object($db) )
- $this->setTemplateVar('actdbid',$db->id);
- else
- $this->setTemplateVar('actdbid',$conf['database']['default']);
-
- }
-
-
- /*
- function changepassword()
- {
- }
- */
-
-
- /*
- function setnewpassword()
- {
- $oldPw = $this->getRequestVar('password_old' );
- $newPw1 = $this->getRequestVar('password_new_1');
- $newPw2 = $this->getRequestVar('password_new_2');
-
- if ( $newPw1 == $newPw2 )
- {
- // Aktuellen Benutzer aus der Sitzung ermitteln
- $user = $this->getUserFromSession();
-
- // Altes Kennwort pr�fen.
- $ok = $user->checkPassword( $oldPw );
-
- if ( $ok ) // Altes Kennwort ist ok.
- {
- $user->setPassword( $newPw1 ); // Setze neues Kennwort
- $user->mustChangePassword = false;
- Session::setUser($user);
- $this->addNotice('user',$user->name,'password_set','ok');
- }
- else
- {
- // Altes Kennwort falsch.
- $this->addNotice('user',$user->name,'password_error','error');
- }
- }
- else
- {
- // Beide neuen Kennw�rter stimmen nicht �berein
- $this->addNotice('user',$user->name,'passwords_not_match','error');
- }
- }
- */
-
-
- /**
- * Einen Kennwort-Anforderungscode an den Benutzer senden.
- */
- function passwordcode()
- {
- if ( !$this->hasRequestVar('username') )
- {
- $this->addValidationError('username');
- $this->callSubAction('password');
- return;
- }
-
- $this->checkForDb();
-
- $user = User::loadWithName( $this->getRequestVar("username") );
- // Html::debug($user);
- if ( $user->isValid() )
- {
- srand ((double)microtime()*1000003);
- $code = rand();
- $this->setSessionVar("password_commit_code",$code);
-
- $eMail = new Mail( $user->mail,'password_commit_code' );
- $eMail->setVar('name',$user->getName());
- $eMail->setVar('code',$code);
- if ( $eMail->send() )
- $this->addNotice('user',$user->getName(),'mail_sent',OR_NOTICE_OK);
- else
- $this->addNotice('user',$user->getName(),'mail_not_sent',OR_NOTICE_ERROR,array(),$eMail->error);
-
- }
- else
- {
- //$this->addNotice('','user','username_not_found');
- // Trotzdem vort�uschen, eine E-Mail zu senden, damit die G�ltigkeit
- // eines Benutzernamens nicht von au�en gepr�ft werden kann.
- //
- $this->addNotice('user',$this->getRequestVar("username"),'mail_sent');
- sleep(5);
- }
-
- $this->setSessionVar("password_commit_name",$user->name);
- }
-
-
-
- /**
- * Anzeige Formular zum Eingeben des Kennwort-Codes.
- *
- */
- function passwordinputcode()
- {
-
- }
-
-
- /**
- * Neues Kennwort erzeugen und dem Benutzer zusenden.
- */
- function passwordcommit()
- {
- $username = $this->getSessionVar("password_commit_name");
-
- if ( $this->getRequestVar("code")=='' ||
- $this->getSessionVar("password_commit_code") != $this->getRequestVar("code") )
- {
- $this->addValidationError('code','PASSWORDCODE_NOT_MATCH');
- $this->callSubAction('passwordinputcode');
- return;
- }
-
- $user = User::loadWithName( $username );
-
- if ( !$user->isValid() )
- {
- // Benutzer konnte nicht geladen werden.
- $this->addNotice('user',$username,'error',OR_NOTICE_ERROR);
- return;
- }
-
- $newPw = User::createPassword(); // Neues Kennwort erzeugen.
-
- $eMail = new Mail( $user->mail,'password_new' );
- $eMail->setVar('name' ,$user->getName());
- $eMail->setVar('password',$newPw );
-
- if ( $eMail->send() )
- {
- $user->setPassword( $newPw, false ); // Kennwort muss beim n�. Login ge�ndert werden.
- $this->addNotice('user',$username,'mail_sent',OR_NOTICE_OK);
- }
- else
- {
- // Sollte eigentlich nicht vorkommen, da der Benutzer ja auch schon den
- // Code per E-Mail erhalten hat.
- $this->addNotice('user',$username,'error',OR_NOTICE_ERROR,array(),$eMail->error);
- }
- }
-
-
- /**
- * Erzeugt eine neue Sitzung.
- */
- function recreateSession()
- {
-
- // PHP < 4.3.2 kennt die Funktion session_regenerate_id() nicht.
- if ( version_compare(phpversion(),"4.3.2","<") )
- {
- $randlen = 32;
- $randval = "0123456789abcdefghijklmnopqrstuvwxyz";
- $newid = "";
- for ($i = 1; $i <= $randlen; $i++)
- {
- $newid .= substr($randval, rand(0,(strlen($randval) - 1)), 1);
- }
- session_id( $newid );
- }
- elseif( version_compare(phpversion(),"4.3.2","==") )
- {
- session_regenerate_id();
-
- // Bug in PHP 4.3.2: Session-Cookie wird nicht neu gesetzt.
- if ( ini_get("session.use_cookies") )
- setcookie( session_name(),session_id(),ini_get("session.cookie_lifetime"),"/" );
- }
- elseif ( version_compare(phpversion(),"5.1.0",">") )
- {
- session_regenerate_id(true);
- }
- else
- {
- // 5.1.0 > PHP >= 4.3.3
- }
- }
-
-}
-
-
-?>-
\ No newline at end of file
diff --git a/actionClasses/IndexAction.ini.php b/actionClasses/IndexAction.ini.php
@@ -1,104 +0,0 @@
-
-admin=false
-
-
-[default]
-goto=show
-
-[logout]
-guest=true
-goto=login
-write=get
-clear=tree
-
-[switchuser]
-goto=show
-
-[object]
-goto=show
-guest=true
-
-[language]
-goto=show
-
-[model]
-goto=show
-
-[applications]
-menu=menu
-
-[userinfo]
-direct=true
-
-[project]
-goto=show
-
-[register]
-menu=login
-target=registercode
-guest=true
-
-[registercode]
-goto=registeruserdata
-guest=true
-
-[registeruserdata]
-menu=login
-target=registercommit
-guest=true
-
-[registercommit]
-menu=login
-goto=showlogin
-guest=true
-
-[password]
-menu=login
-target=passwordcode
-guest=true
-
-[passwordcode]
-guest=true
-goto=passwordinputcode
-
-[passwordinputcode]
-menu=login
-target=passwordcommit
-guest=true
-
-[passwordcommit]
-menu=login
-goto=showlogin
-guest=true
-
-[administration]
-goto=show
-
-[login]
-menu=login
-write=true
-guest=true
-;goto=projectmenu
-
-[projectmenu]
-
-[openid]
-guest=true
-goto=show
-
-[projectmenu]
-menu=menu
-
-[changepassword]
-menu=menu
-target=setnewpassword
-
-[setnewpassword]
-menu=menu
-goto=projectmenu
-
-[show]
-guest=true
-
-[menu]
-menu =login
diff --git a/actionClasses/LoginAction.class.php b/actionClasses/LoginAction.class.php
@@ -0,0 +1,1676 @@
+<?php
+// ---------------------------------------------------------------------------
+// $Id$
+// ---------------------------------------------------------------------------
+// OpenRat Content Management System
+// Copyright (C) 2002-2007 Jan Dankert, jandankert@jandankert.de
+//
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the GNU General Public License
+// as published by the Free Software Foundation; version 2.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program; if not, write to the Free Software
+// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+// ---------------------------------------------------------------------------
+
+
+define('PROJECTID_ADMIN',-1);
+
+/**
+ * Action-Klasse fuer die Start-Action
+ * @author $Author$
+ * @version $Revision$
+ * @package openrat.actions
+ */
+
+class LoginAction extends Action
+{
+ var $mustChangePassword = false;
+
+ function setDb( $dbid )
+ {
+ global $conf;
+
+ if ( !isset($conf['database'][$dbid] ))
+ Http::serverError( 'unknown DB-Id: '.$dbid );
+
+ $db = db_connection();
+ if ( is_object($db) )
+ {
+ $db->rollback();
+ }
+
+ $db = new DB( $conf['database'][$dbid] );
+ $db->id = $dbid;
+ $db->start();
+ Session::setDatabase( $db );
+ }
+
+
+
+ function checkForDb()
+ {
+ global $conf;
+ $dbid = $this->getRequestVar('dbid');
+
+ if ( $dbid != '' )
+ $this->setDb( $dbid );
+ }
+
+
+
+ function setDefaultDb()
+ {
+ if ( $this->hasRequestVar(REQ_PARAM_DATABASE_ID) )
+ {
+ $dbid = $this->getRequestVar(REQ_PARAM_DATABASE_ID);
+ }
+ else
+ {
+ global $conf;
+
+ if ( !isset($conf['database']['default']) )
+ Http::serverError('default-database not set');
+
+ $dbid = $conf['database']['default'];
+ }
+
+ $this->setDb( $dbid );
+ }
+
+
+
+ private function checkLogin( $name,$pw,$pw1,$pw2 )
+ {
+ Logger::debug( "login user $name" );
+
+ global $conf;
+ global $SESS;
+
+ unset( $SESS['user'] );
+
+
+ $db = db_connection();
+
+ if ( !$db->available )
+ {
+ $this->addNotice('database',$db->conf['comment'],'DATABASE_CONNECTION_ERROR',OR_NOTICE_ERROR,array(),array('Database Error: '.$db->error));
+ $this->callSubAction('showlogin');
+ return false;
+ }
+
+ // Zeichensatz der Datenbank benutzen
+ if ( isset($db->conf['charset']) )
+ $charset = $db->conf['charset'];
+ else
+ $charset = 'US-ASCII';
+ $this->setCharset($charset);
+
+
+ $ip = getenv("REMOTE_ADDR");
+
+ $user = new User();
+ $user->name = $name;
+
+ $ok = $user->checkPassword( $pw );
+
+ $this->mustChangePassword = $user->mustChangePassword;
+
+ if ( $this->mustChangePassword )
+ {
+ // Der Benutzer hat zwar ein richtiges Kennwort eingegeben, aber dieses ist abgelaufen.
+ // Wir versuchen hier, das neue zu setzen (sofern eingegeben).
+ if ( empty($pw1) )
+ {
+ }
+ elseif ( $pw1 != $pw2 )
+ {
+ $this->addValidationError('password1','PASSWORDS_DO_NOT_MATCH');
+ $this->addValidationError('password2','');
+ }
+ elseif ( strlen($pw2) < $conf['security']['password']['min_length'] )
+ {
+ $this->addValidationError('password1','PASSWORD_MINLENGTH',array('minlength'=>$conf['security']['password']['min_length']));
+ $this->addValidationError('password2','');
+ }
+ else
+ {
+ // Kennw�rter identisch und lang genug.
+ $user->setPassword( $pw1,true );
+
+ // Das neue Kennwort ist gesetzt, die Anmeldung ist also doch noch gelungen.
+ $ok = true;
+ $this->mustChangePassword = false;
+ $user->mustChangePassword = false;
+ }
+ }
+
+ // Falls Login erfolgreich
+ if ( $ok )
+ {
+ // Login war erfolgreich!
+ $user->load();
+ $user->setCurrent();
+ Logger::info( 'login successful' );
+
+ return true;
+ }
+ else
+ {
+ Logger::info( "login for user $name failed" );
+
+ return false;
+ }
+ }
+
+
+
+ /**
+ * Anzeigen der Loginmaske.
+ *
+ * Es wird nur die Loginmaske angezeigt.
+ * Hier nie "304 not modified" setzen, da sonst keine
+ * Login-Fehlermeldung erscheinen kann
+ */
+ function loginView()
+ {
+ global $conf;
+ $sso = $conf['security']['sso'];
+ $ssl = $conf['security']['ssl'];
+
+ $ssl_trust = false;
+ $ssl_user_var = '';
+ extract( $ssl, EXTR_PREFIX_ALL, 'ssl' );
+
+ if ( $sso['enable'] )
+ {
+ $authid = $this->getRequestVar( $sso['auth_param_name']);
+
+ if ( empty( $authid) )
+ Http::notAuthorized( 'no authorization data (no auth-id)');
+
+ if ( $sso['auth_param_serialized'] )
+ $authid = unserialize( $authid );
+
+ $purl = parse_url($sso['url']);
+ // Verbindung zu URL herstellen.
+ $errno=0; $errstr='';
+ $fp = fsockopen ($purl['host'],80, $errno, $errstr, 30);
+ if ( !$fp )
+ {
+ echo "Connection failed: $errstr ($errno)";
+ }
+ else
+ {
+ $http_get = $purl['path'];
+ if ( !empty($purl['query']) )
+ $http_get .= '?'.$purl['query'];
+
+ $header = array();
+
+ $header[] = "GET $http_get HTTP/1.0";
+ $header[] ="Host: ".$purl['host'];
+ $header[] = "User-Agent: Mozilla/5.0 (OpenRat CMS Single Sign-on Check)";
+ $header[] = "Connection: Close";
+
+ if ( $sso['cookie'] )
+ {
+ $cookie = 'Cookie: ';
+ if ( is_array($authid))
+ foreach( $authid as $cookiename=>$cookievalue)
+ $cookie .= $cookiename.'='.$cookievalue."; ";
+ else
+ $cookie .= $sso['cookie_name'].'='.$authid;
+
+ $header[] = $cookie;
+ }
+
+// Html::debug($header);
+ fputs ($fp, implode("\r\n",$header)."\r\n\r\n");
+
+ $inhalt=array();
+ while (!feof($fp)) {
+ $inhalt[] = fgets($fp,128);
+ }
+ fclose($fp);
+
+ $html = implode('',$inhalt);
+// Html::debug($html);
+ if ( !preg_match($sso['expect_regexp'],$html) )
+ Http::notAuthorized('auth failed');
+ $treffer=0;
+ if ( !preg_match($sso['username_regexp'],$html,$treffer) )
+ Http::notAuthorized('auth failed');
+ if ( !isset($treffer[1]) )
+ Http::notAuthorized('authorization failed');
+
+ $username = $treffer[1];
+
+// Html::debug( $treffer );
+ $this->setDefaultDb();
+
+ $user = User::loadWithName( $username );
+
+ if ( ! $user->isValid( ))
+ Http::notAuthorized('authorization failed: user not found: '.$username);
+
+ $user->setCurrent();
+
+ $this->callSubAction('show');
+ }
+ }
+
+ elseif ( $ssl_trust )
+ {
+ if ( empty($ssl_user_var) )
+ Http::serverError( 'please set environment variable name in ssl-configuration.' );
+
+ $username = getenv( $ssl_user_var );
+
+ if ( empty($username) )
+ Http::notAuthorized( 'no username in client certificate ('.$ssl_user_var.') (or there is no client certificate...?)' );
+
+ $this->setDefaultDb();
+
+ $user = User::loadWithName( $username );
+
+ if ( !$user->isValid() )
+ Http::serverError( 'unknown username: '.$username );
+
+ $user->setCurrent();
+
+ $this->callSubAction('show');
+ }
+
+ foreach( $conf['database'] as $dbname=>$dbconf )
+ {
+ if ( is_array($dbconf) && $dbconf['enabled'] )
+ $dbids[$dbname] = array('key' =>$dbname,
+ 'value'=>Text::maxLength($dbconf['comment']),
+ 'title'=>$dbconf['comment'].' ('.$dbconf['host'].')' );
+ }
+
+ $openid_provider = array();
+ foreach( explode(',',$conf['security']['openid']['provider']) as $provider )
+ $openid_provider[$provider] = config('security','openid','provider.'.$provider.'.name');
+ $this->setTemplateVar('openid_providers',$openid_provider);
+ $this->setTemplateVar('openid_user_identity',config('security','openid','user_identity'));
+ //$this->setTemplateVar('openid_provider','identity');
+
+
+ if ( empty($dbids) )
+ $this->addNotice('','','no_database_configuration',OR_NOTICE_WARN);
+
+ if ( !isset($this->templateVars['login_name']) && isset($_COOKIE['or_username']) )
+ $this->setTemplateVar('login_name',$_COOKIE['or_username']);
+
+ if ( !isset($this->templateVars['login_name']) )
+ $this->setTemplateVar('login_name',@$conf['security']['default']['username']);
+
+ if ( $this->templateVars['login_name']== @$conf['security']['default']['username'])
+ $this->setTemplateVar('login_password',@$conf['security']['default']['password']);
+
+ $this->setTemplateVar( 'dbids',$dbids );
+
+ $db = Session::getDatabase();
+ if ( is_object($db) )
+ $this->setTemplateVar('actdbid',$db->id);
+ elseif( isset($this->templateVars['actid']) )
+ ;
+ else
+ $this->setTemplateVar('actdbid',$conf['database']['default']);
+
+
+ // Den Benutzernamen aus dem Client-Zertifikat lesen und in die Loginmaske eintragen.
+ $ssl_user_var = $conf['security']['ssl']['user_var'];
+ if ( !empty($ssl_user_var) )
+ {
+ $username = getenv( $ssl_user_var );
+
+ if ( empty($username) )
+ {
+ echo lang('ERROR_LOGIN_BROKEN_SSL_CERT');
+ Logger::warn( 'no username in SSL client certificate (var='.$ssl_user_var.').' );
+ exit;
+ }
+
+ // Benutzername ist in Eingabemaske unveränderlich
+ $this->setTemplateVar('force_username',$username);
+ }
+
+ $this->setTemplateVar('objectid' ,$this->getRequestVar('objectid' ,OR_FILTER_NUMBER) );
+ $this->setTemplateVar('projectid' ,$this->getRequestVar('projectid' ,OR_FILTER_NUMBER) );
+ $this->setTemplateVar('modelid' ,$this->getRequestVar('modelid' ,OR_FILTER_NUMBER) );
+ $this->setTemplateVar('languageid',$this->getRequestVar('languageid',OR_FILTER_NUMBER) );
+
+ $this->setTemplateVar('register' ,$conf['login' ]['register' ]);
+ $this->setTemplateVar('send_password',$conf['login' ]['send_password']);
+ }
+
+
+
+ /**
+ * Erzeugt ein Projekt-Auswahlmenue.
+ */
+ function projectmenu()
+ {
+ $user = Session::getUser();
+
+ if ( $user->mustChangePassword )
+ {
+ $this->addNotice( 'user',$user->name,'PASSWORD_TIMEOUT','warn' );
+ $this->callSubAction( 'changepassword' ); // Zwang, das Kennwort zu �ndern.
+ }
+
+
+ // Diese Seite gilt pro Sitzung.
+ $this->lastModified( $user->loginDate );
+
+ // Projekte ermitteln
+ $projects = $user->projects;
+
+ $list = array();
+
+ foreach( $projects as $id=>$name )
+ {
+ $p = array();
+ $p['url' ] = Html::url('index','project',$id);
+ $p['name'] = $name;
+ $p['id' ] = $id;
+
+ $tmpProject = new Project( $id );
+ $p['defaultmodelid' ] = $tmpProject->getDefaultModelId();
+ $p['defaultlanguageid'] = $tmpProject->getDefaultLanguageId();
+ $p['models' ] = $tmpProject->getModels();
+ $p['languages' ] = $tmpProject->getLanguages();
+
+ $list[] = $p;
+ }
+
+ $this->setTemplateVar('projects',$list);
+
+ if ( empty($list) )
+ {
+ // Kein Projekt vorhanden. Eine Hinweismeldung ausgeben.
+ if ( $this->userIsAdmin() )
+ // Administratoren bekommen bescheid, dass sie ein Projekt anlegen sollen
+ $this->addNotice('','','ADMIN_NO_PROJECTS_AVAILABLE',OR_NOTICE_WARN);
+ else
+ // Normale Benutzer erhalten eine Meldung, dass kein Projekt zur Verf�gung steht
+ $this->addNotice('','','NO_PROJECTS_AVAILABLE',OR_NOTICE_WARN);
+ }
+
+ $this->metaValues();
+ }
+
+
+
+ /**
+ * Erzeugt eine Anwendungsliste.
+ */
+ function applications()
+ {
+ global $conf;
+
+ // Diese Seite gilt pro Sitzung.
+ $user = Session::getUser();
+ $userGroups = $user->getGroups();
+ $this->lastModified( $user->loginDate );
+
+ // Applikationen ermitteln
+ $list = array();
+ foreach( $conf['applications'] as $id=>$app )
+ {
+ if ( !is_array($app) )
+ continue;
+
+ if ( isset($app['group']) )
+ if ( !in_array($app['group'],$userGroups) )
+ continue; // Keine Berechtigung, da Benutzer nicht in Gruppe vorhanden.
+
+ $p = array();
+ $p['url'] = $app['url'];
+ $p['description'] = @$app['description'];
+ if ( isset($app['param']) )
+ {
+ $p['url'] .= strpos($p['url'],'?')!==false?'&':'?';
+ $p['url'] .= $app['param'].'='.session_id();
+ }
+ $p['name'] = $app['name'];
+
+ $list[] = $p;
+ }
+
+
+ $this->metaValues();
+ $this->setTemplateVar('applications',$list);
+ }
+
+
+
+ /**
+ * Ermittelt Meta-Angaben f�r den HTML-Kopf.<br>
+ * Falls der Browser die Meta-Angaben entsprechend auswertet, k�nnen �ber feste Browser-Men�s
+ die Projekt direkt ausgew�hlt werden.
+ */
+ function metaValues()
+ {
+ global $conf;
+ $metaList = array();
+
+ $user = Session::getUser();
+ if ( is_object($user) )
+ {
+ // Projekte ermitteln
+ $projects = $user->projects;
+ foreach( $projects as $id=>$name )
+ {
+ $metaList[] = array('name' => 'chapter',
+ 'url' => Html::url('index','project',$id),
+ 'title'=> $name );
+ }
+
+ if ( $this->userIsAdmin() )
+ {
+ $metaList[] = array('name' => 'appendix',
+ 'url' => Html::url('index','projectmenu',0 ),
+ 'title'=> lang('MENU_TREETITLE_ADMINISTRATION' ) );
+
+ $metaList[] = array('name' => 'chapter',
+ 'url' => Html::url('index','administration',0),
+ 'title'=> lang('administration') );
+ }
+
+ // Applikationen ermitteln
+ foreach( $conf['applications'] as $id=>$app )
+ {
+ if ( !is_array($app) )
+ continue;
+ $appUrl = $app['url'];
+ if ( isset($app['param']) )
+ {
+ $appUrl .= strpos($appUrl,'?')!==false?'&':'?';
+ $appUrl .= $app['param'].'='.session_id();
+ }
+
+ $metaList[] = array('name' => 'bookmark',
+ 'url' => $appUrl ,
+ 'title'=> $app['name'] );
+ }
+ }
+
+ $project = Session::getProject();
+ if ( is_object($project) && $project->projectid > 0 )
+ {
+ $languages =$project->getLanguages();
+
+ foreach( $project->getModels() as $modelid=>$modelname )
+ {
+ foreach( $languages as $languageid=>$languagename )
+ {
+
+ $metaList[] = array('name' => 'subsection',
+ 'url' => Html::url('index',
+ 'project',
+ $project->projectid,
+ array('languageid'=>$languageid,
+ 'modelid' =>$modelid) ),
+ 'title'=> $modelname.' - '.$languagename
+ );
+ }
+ }
+ }
+
+ $metaList[] = array('name' => 'author',
+ 'url' => $conf['login']['logo']['url'],
+ 'title'=> $conf['login']['logo']['url'] );
+
+ $metaList[] = array('name' => 'top',
+ 'url' => Html::url('index','logout',0 ),
+ 'title'=> 'Start' );
+
+ $metaList[] = array('name' => 'contents',
+ 'url' => Html::url('index','projectmenu',0 ),
+ 'title'=> lang('MENU_TREETITLE_PROJECTMENU' ) );
+
+
+ $this->setTemplateVar('metaList',$metaList);
+ }
+
+
+
+ /**
+ * Open-Id Login, �berpr�fen der Anmeldung.<br>
+ * Spezifikation: http://openid.net/specs/openid-authentication-1_1.html<br>
+ * Kapitel "4.4. check_authentication"<br>
+ * <br>
+ * Im 2. Schritt (Mode "id_res") erfolgte ein Redirect vom Open-Id Provider an OpenRat zur�ck.<br>
+ * Wir befinden uns nun im darauf folgenden Request des Browsers.<br>
+ * <br>
+ * Es muss noch beim OpenId-Provider die Best�tigung eingeholt werden, danach ist der
+ * Benutzer angemeldet.<br>
+ */
+ function openid()
+ {
+ global $conf;
+ $openId = Session::get('openid');
+
+ if ( !$openId->checkAuthentication() )
+ {
+ $this->addNotice('user',$openId->user,'LOGIN_OPENID_FAILED',OR_NOTICE_ERROR,array('name'=>$openId->user),array($openId->error) );
+ $this->addValidationError('openid_url','');
+ $this->callSubAction('showlogin');
+ return;
+ }
+
+ //Html::debug($openId);
+
+ // Anmeldung wurde mit "is_valid:true" best�tigt.
+ // Der Benutzer ist jetzt eingeloggt.
+ $username = $openId->getUserFromIdentiy();
+
+ if ( empty($username) )
+ {
+ // Es konnte kein Benutzername ermittelt werden.
+ $this->addNotice('user',$username,'LOGIN_OPENID_FAILED','error',array('name'=>$username) );
+ $this->addValidationError('openid_url','');
+ $this->callSubAction('showlogin');
+ return;
+ }
+
+ $user = User::loadWithName( $username );
+
+ if ( $user->userid <=0)
+ {
+ // Benutzer ist (noch) nicht vorhanden.
+ if ( $conf['security']['openid']['add']) // Anlegen?
+ {
+ $user->name = $username;
+ $user->add();
+
+ $user->mail = $openId->info['email'];
+ $user->fullname = $openId->info['fullname'];
+ $user->save(); // Um E-Mail zu speichern (wird bei add() nicht gemacht)
+ }
+ else
+ {
+ // Benutzer ist nicht in Benutzertabelle vorhanden (und angelegt werden soll er auch nicht).
+ $this->addNotice('user',$username,'LOGIN_OPENID_FAILED','error',array('name'=>$username) );
+ $this->addValidationError('openid_url','');
+ $this->callSubAction('showlogin');
+ return;
+ }
+ }
+ else
+ {
+ // Benutzer ist bereits vorhanden.
+ if ( @$conf['security']['openid']['update_user'])
+ {
+ $user->fullname = $openId->info['fullname'];
+ $user->mail = $openId->info['email'];
+ $user->save();
+ }
+ }
+
+ $user->setCurrent(); // Benutzer ist jetzt in der Sitzung.
+ }
+
+
+ /**
+ * Login.
+ */
+ function loginAction()
+ {
+ global $conf;
+
+ $this->checkForDb();
+ Session::setUser('');
+
+ if ( $conf['login']['nologin'] )
+ Http::notAuthorized('login disabled');
+
+ $openid_user = $this->getRequestVar('openid_url' );
+ $loginName = $this->getRequestVar('login_name' ,OR_FILTER_ALPHANUM);
+ $loginPassword = $this->getRequestVar('login_password',OR_FILTER_ALPHANUM);
+ $newPassword1 = $this->getRequestVar('password1' ,OR_FILTER_ALPHANUM);
+ $newPassword2 = $this->getRequestVar('password2' ,OR_FILTER_ALPHANUM);
+
+ // Cookie setzen
+ setcookie('or_username',$loginName,time()+(60*60*24*30*12*2) );
+
+ // Login mit Open-Id.
+ if ( $this->hasRequestVar('openid_provider') && ($this->getRequestVar('openid_provider') != 'identity' || !empty($openid_user)) )
+ {
+ $openId = new OpenId($this->getRequestVar('openid_provider'),$openid_user);
+
+ if ( ! $openId->login() )
+ {
+ $this->addNotice('user',$openid_user,'LOGIN_OPENID_FAILED','error',array('name'=>$openid_user),array($openId->error) );
+ $this->addValidationError('openid_url','');
+ $this->callSubAction('showlogin');
+ return;
+ }
+
+ Session::set('openid',$openId);
+ $openId->redirect();
+ die('Unreachable Code');
+ }
+
+
+ // Ermitteln, ob der Baum angezeigt werden soll
+ // Ist die Breite zu klein, dann wird der Baum nicht angezeigt
+ Session::set('showtree',intval($this->getRequestVar('screenwidth')) > $conf['interface']['min_width'] );
+
+ $loginOk = $this->checkLogin( $loginName,
+ $loginPassword,
+ $newPassword1,
+ $newPassword2 );
+
+ if ( !$loginOk )
+ {
+ // Anmeldung nicht erfolgreich
+ sleep(3);
+
+ if ( $this->mustChangePassword )
+ {
+ // Anmeldung gescheitert, Benutzer muss Kennwort �ndern.
+ $this->addNotice('user',$loginName,'LOGIN_FAILED_MUSTCHANGEPASSWORD','error' );
+ $this->addValidationError('password1','');
+ $this->addValidationError('password2','');
+ }
+ else
+ {
+ // Anmeldung gescheitert.
+ $this->addNotice('user',$loginName,'LOGIN_FAILED','error',array('name'=>$loginName) );
+ $this->addValidationError('login_name' ,'');
+ $this->addValidationError('login_password','');
+ }
+
+ Logger::debug("Login failed for user '$loginName'");
+
+ //$this->callSubAction('login');
+ return;
+ }
+ else
+ {
+ Logger::debug("Login successful for user '$loginName'");
+
+ // Anmeldung erfolgreich.
+ if ( config('security','renew_session_login') )
+ $this->recreateSession();
+
+ $user = Session::getUser();
+ $this->addNotice('user',$user->name,'LOGIN_OK',OR_NOTICE_OK,array('name'=>$user->fullname));
+
+ $this->setStyle( $user->style );
+
+ $this->evaluateRequestVars();
+
+ $object = Session::getObject();
+ // Falls noch kein Objekt ausgew�hlt, dann das zuletzt ge�nderte benutzen.
+ if ( !is_object($object) && @$conf['login']['start']['start_lastchanged_object'] )
+ {
+ $objectid = Value::getLastChangedObjectByUserId($user->userid);
+ if ( Object::available($objectid))
+ {
+ $object = new Object($objectid);
+ $object->load();
+ Session::setObject($object);
+ }
+
+ $project = new Project( $object->projectid );
+ $project->load();
+ Session::setProject( $project );
+
+ $language = new Language( isset($vars[REQ_PARAM_LANGUAGE_ID])&&Language::available($vars[REQ_PARAM_LANGUAGE_ID])?$vars[REQ_PARAM_LANGUAGE_ID]:$project->getDefaultLanguageId() );
+ $language->load();
+ Session::setProjectLanguage( $language );
+
+ $model = new Model( isset($vars[REQ_PARAM_MODEL_ID])&&Model::available($vars[REQ_PARAM_MODEL_ID])?$vars[REQ_PARAM_MODEL_ID]:$project->getDefaultModelId() );
+ $model->load();
+ Session::setProjectModel( $model );
+ }
+ }
+
+ //$this->refresh(); // Benutzer ist angemeldet: Andere Views könnte das interessieren.
+ $this->updateView('content','start','projectmenu');
+
+ }
+
+
+ /**
+ * Benutzer meldet sich ab.
+ */
+ function logoutAction()
+ {
+ global $conf;
+
+ $user = Session::getUser();
+ if ( is_object($user) )
+ $this->setTemplateVar('login_username',$user->name);
+
+ // Ausgew�hlte Objekte merken, um nach dem n�. Login wieder sofort auszuw�hlen.
+ $o = Session::getObject();
+ if ( is_object($o) )
+ $this->setTemplateVar('objectid',$o->objectid);
+ $p = Session::getProject();
+ if ( is_object($p) )
+ $this->setTemplateVar('projectid',$p->projectid);
+ $l = Session::getProjectLanguage();
+ if ( is_object($l) )
+ $this->setTemplateVar('languageid',$l->languageid);
+ $m = Session::getProjectModel();
+ if ( is_object($m) )
+ $this->setTemplateVar('modelid',$m->modelid);
+ $db = db_connection();
+ if ( is_object($db) )
+ $this->setTemplateVar('dbid',$db->id);
+
+ /*
+ // Alle Variablen aus der Sitzung entfernen.
+ session_unset();
+
+ // Damit wird die Session gelöscht, nicht nur die Session-Daten!
+ if ( ini_get("session.use_cookies") )
+ {
+ $params = session_get_cookie_params();
+ setcookie( session_name(),'', time() - 3600,
+ $params["path"],$params["domain"],$params["secure"],$params["httponly"] );
+ }
+
+ // Loeschen der Session.
+ session_destroy();
+ */
+ if ( config('security','renew_session_logout') )
+ $this->recreateSession();
+
+ session_unset();
+
+ if ( @$conf['theme']['compiler']['compile_at_logout'] )
+ {
+ foreach( $conf['action'] as $actionName => $actionConfig )
+ {
+ foreach( $actionConfig as $subActionName=>$subaction )
+ {
+ if ( is_array($subaction) &&
+ !isset($subaction['goto' ]) &&
+ !isset($subaction['direct']) &&
+ !isset($subaction['action']) &&
+ !isset($subaction['alias' ]) &&
+ $subActionName != 'menu' )
+ {
+ $engine = new TemplateEngine();
+ $engine->compile( strtolower(str_replace('Action','',$actionName)).'/'.$subActionName);
+ }
+ }
+ }
+ }
+
+ // Umleiten auf eine definierte URL.s
+ $redirect_url = @$conf['security']['logout']['redirect_url'];
+
+ if ( !empty($redirect_url) )
+ {
+ header('Location: '.$redirect_url);
+ exit;
+ }
+ }
+
+
+
+ /**
+ * Benutzer meldet sich ab.
+ */
+ function logoutView()
+ {
+ }
+
+
+ /**
+ * Ausw�hlen der Administration.
+ */
+ function administration()
+ {
+ Session::setProject( new Project(-1) );
+ }
+
+
+
+ /**
+ * Ausgeben von maschinenlesbaren Benutzerinformationen.
+ *
+ * Diese Funktion dient dem Single-Signon f�r fremde Anwendungen, welche
+ * die Benutzerinformationen des angemeldeten Benutzers aus dieser
+ * Anwendung auslesen k�nnen.
+ */
+ function userinfo()
+ {
+ $user = Session::getUser();
+ $info = array('username' => $user->name,
+ 'fullname' => $user->fullname,
+ 'mail' => $user->mail,
+ 'telephone' => $user->tel,
+ 'style' => $user->style,
+ 'admin' => $user->isAdmin?'true':'false',
+ 'ldap' => $user->ldap_dn,
+ 'groups' => implode(',',$user->getGroups()),
+ 'description'=> $user->desc
+ );
+
+ // Wenn der HTTP-Parameter "xml" vorhanden ist, dann geben wir die
+ // Informationen per XML aus.
+ if ( $this->hasRequestVar('xml') )
+ {
+ header('Content-Type: text/xml');
+ echo '<userinfo>';
+ foreach( $info as $n=>$i )
+ echo '<'.$n.'>'.$i.'</'.$n.'>'."\n";
+ echo '</userinfo>';
+
+ }
+
+ // Sonst normale Textausgabe im INI-Datei-Format.
+ else
+ {
+ header('Content-Type: text/plain');
+ foreach( $info as $n=>$i )
+ echo $n.'="'.$i."\"\n";
+ }
+
+ exit; // Fertig.
+ }
+
+
+ function project()
+ {
+ $user = Session::getUser();
+ if ( ! is_object($user) )
+ {
+ $this->callSubAction('show');
+ return;
+ }
+
+ $this->evaluateRequestVars( array('projectid'=>$this->getRequestId()) );
+
+ Session::setUser( $user );
+ }
+
+
+ function object()
+ {
+ $user = Session::getUser();
+ if ( ! is_object($user) )
+ {
+ $this->callSubAction('show');
+ return;
+ }
+
+ $this->evaluateRequestVars( array('objectid'=>$this->getRequestId()) );
+
+ Session::setUser( $user );
+ }
+
+
+ function language()
+ {
+ $user = Session::getUser();
+ if ( ! is_object($user) )
+ {
+ $this->callSubAction('show');
+ return;
+ }
+
+ $this->evaluateRequestVars( array(REQ_PARAM_LANGUAGE_ID=>$this->getRequestId()) );
+ }
+
+
+ function model()
+ {
+ $user = Session::getUser();
+ if ( ! is_object($user) )
+ {
+ $this->callSubAction('show');
+ return;
+ }
+
+ $this->evaluateRequestVars( array(REQ_PARAM_MODEL_ID=>$this->getRequestId()) );
+
+ $user = Session::getUser();
+ }
+
+
+ /**
+ * Auswerten der Request-Variablen.
+ *
+ * @param Array $add
+ */
+ function evaluateRequestVars( $add = array() )
+ {
+ global $REQ;
+ $vars = $REQ + $add;
+
+ $db = db_connection();
+ if ( !is_object($db) )
+ {
+ if ( isset($vars[REQ_PARAM_DATABASE_ID]) )
+ $this->setDb($vars[REQ_PARAM_DATABASE_ID]);
+ else
+ Http::serverError('no database available.');
+ }
+ else
+ {
+ // Prüft, ob die übergebene Datenbank-Id mit der
+ // aktuellen übereinstimmt.
+ // Falls nicht, muss ein Re-Login erfolgen.
+ if ( isset($vars[REQ_PARAM_DATABASE_ID]) )
+ if ( $db->id != $vars[REQ_PARAM_DATABASE_ID] )
+ {
+ $this->callSubAction('show');
+ return;
+ }
+ }
+
+
+ if ( isset($vars[REQ_PARAM_OBJECT_ID]) && Object::available($vars[REQ_PARAM_OBJECT_ID]) )
+ {
+ $object = new Object( $vars[REQ_PARAM_OBJECT_ID] );
+ $object->objectLoadRaw();
+ Session::setObject( $object );
+
+ $project = new Project( $object->projectid );
+ $project->load();
+ Session::setProject( $project );
+
+ $language = new Language( isset($vars[REQ_PARAM_LANGUAGE_ID])&&Language::available($vars[REQ_PARAM_LANGUAGE_ID])?$vars[REQ_PARAM_LANGUAGE_ID]:$project->getDefaultLanguageId() );
+ $language->load();
+ Session::setProjectLanguage( $language );
+
+ $model = new Model( isset($vars[REQ_PARAM_MODEL_ID])&&Model::available($vars[REQ_PARAM_MODEL_ID])?$vars[REQ_PARAM_MODEL_ID]:$project->getDefaultModelId() );
+ $model->load();
+ Session::setProjectModel( $model );
+ }
+ elseif ( isset($vars[REQ_PARAM_LANGUAGE_ID]) && Language::available($vars[REQ_PARAM_LANGUAGE_ID]) )
+ {
+ $language = new Language( $vars[REQ_PARAM_LANGUAGE_ID] );
+ $language->load();
+ Session::setProjectLanguage( $language );
+
+ $project = new Project( $language->projectid );
+ $project->load();
+ Session::setProject( $project );
+
+ $model = Session::getProjectModel();
+ if ( !is_object($model) )
+ {
+ $model = new Model( $project->getDefaultModelId() );
+ $model->load();
+ Session::setProjectModel( $model );
+ }
+
+ $object = Session::getObject();
+ if ( is_object($object) && $object->projectid == $project->projectid )
+ {
+ $object->objectLoadRaw();
+ Session::setObject( $object );
+ }
+ else
+ {
+ Session::setObject( '' );
+ }
+ }
+ elseif ( isset($vars[REQ_PARAM_MODEL_ID]) && Model::available($vars[REQ_PARAM_MODEL_ID]) )
+ {
+ $model = new Model( $vars[REQ_PARAM_MODEL_ID] );
+ $model->load();
+ Session::setProjectModel( $model );
+
+ $project = new Project( $model->projectid );
+ $project->load();
+ Session::setProject( $project );
+
+ $language = Session::getProjectLanguage();
+ if ( !is_object($language) || $language->projectid != $project->projectid )
+ {
+ $language = new Language( $project->getDefaultLanguageId() );
+ $language->load();
+ Session::setProjectLanguage( $language );
+ }
+
+ $object = Session::getObject();
+ $object->objectLoadRaw();
+ if ( is_object($object) && $object->projectid == $project->projectid )
+ {
+ $object->objectLoadRaw();
+ Session::setObject( $object );
+ }
+ else
+ {
+ Session::setObject( '' );
+ }
+ }
+ elseif ( isset($vars[REQ_PARAM_PROJECT_ID])&&Project::available($vars[REQ_PARAM_PROJECT_ID]) )
+ {
+ $project = new Project( $vars[REQ_PARAM_PROJECT_ID] );
+ $project->load();
+
+ Session::setProject( $project );
+
+ $language = new Language( isset($vars[REQ_PARAM_LANGUAGE_ID])&& Language::available($vars[REQ_PARAM_LANGUAGE_ID])?$vars[REQ_PARAM_LANGUAGE_ID]:$project->getDefaultLanguageId() );
+ $language->load();
+ Session::setProjectLanguage( $language );
+
+ $model = new Model( isset($vars[REQ_PARAM_MODEL_ID])&& Model::available($vars[REQ_PARAM_MODEL_ID])?$vars[REQ_PARAM_MODEL_ID]:$project->getDefaultModelId() );
+ $model->load();
+ Session::setProjectModel( $model );
+
+ $object = Session::getObject();
+ if ( is_object($object) && $object->projectid == $project->projectid )
+ {
+ $object->objectLoadRaw();
+ Session::setObject( $object );
+ }
+ else
+ {
+ Session::setObject( '' );
+ }
+ }
+ }
+
+
+ function showtree()
+ {
+ Session::set('showtree',true );
+ }
+
+
+ function hidetree()
+ {
+ Session::set('showtree',false );
+ }
+
+
+ function switchuser()
+ {
+ $user = Session::getUser();
+
+ if ( ! $user->isAdmin )
+ Http::notAuthorized("");
+
+ $this->recreateSession();
+
+ $newUser = new User( $this->getRequestId() );
+ $newUser->load();
+
+ $newUser->setCurrent();
+ }
+
+
+ function show()
+ {
+ global $conf;
+ global $PHP_AUTH_USER;
+ global $PHP_AUTH_PW;
+
+ $user = Session::getUser();
+ // Gast-Login
+ if ( ! is_object($user) )
+ {
+ if ( $conf['security']['guest']['enable'] )
+ {
+ $this->setDefaultDb();
+ $username = $conf['security']['guest']['user'];
+ $user = User::loadWithName($username);
+ if ( $user->userid > 0 )
+ $user->setCurrent();
+ else
+ {
+ Logger::warn('Guest login failed, user not found: '.$username);
+ $this->addNotice('user',$username,'LOGIN_FAILED',OR_NOTICE_WARN,array('name'=>$username) );
+ $user = null;
+ }
+ }
+ }
+
+ if ( ! is_object($user) )
+ {
+ switch( $conf['security']['login']['type'] )
+ {
+
+ // Authorization ueber HTTP
+ //
+ case 'http':
+ $ok = false;
+
+ if ( isset($_SERVER['PHP_AUTH_USER']) )
+ {
+ $this->setDefaultDb();
+ $ok = $this->checkLogin( $_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW'] );
+ }
+
+ if ( ! $ok )
+ {
+ header( 'WWW-Authenticate: Basic realm="'.OR_TITLE.' - '.lang('HTTP_REALM').'"' );
+ header( 'HTTP/1.0 401 Unauthorized' );
+ echo 'Authorization Required!';
+ exit;
+ }
+ break;
+
+ case 'form':
+ // Benutzer ist nicht angemeldet
+ $this->callSubAction( 'showlogin' ); // Anzeigen der Login-Maske
+ return;
+ break;
+
+ default:
+ Http::serverError('Unknown auth-type: '.$conf['security']['login']['type'].'. Please check the configuration setting /security/login/type' );
+ }
+ }
+
+ if ( $user->mustChangePassword )
+ {
+ $this->addNotice( 'user',$user->name,'PASSWORD_TIMEOUT','warn' );
+ $this->callSubAction( 'changepassword' ); // Zwang, das Kennwort zu �ndern.
+ }
+
+ // Seite �ndert sich nur 1x pro Session
+ $this->lastModified( $user->loginDate );
+
+ $projectid = intval( $this->getRequestVar('projectid' ) );
+ $languageid = intval( $this->getRequestVar('languageid') );
+ $modelid = intval( $this->getRequestVar('modelid' ) );
+ $objectid = intval( $this->getRequestVar('objectid' ) );
+ $elementid = intval( $this->getRequestVar('elementid' ) );
+
+ if ( $projectid != 0 )
+ {
+ $project = new Project( $projectid );
+ $project->load();
+ Session::setProject($project);
+ }
+ elseif ( $languageid != 0 )
+ {
+ $language = new Language( $languageid );
+ $language->load();
+ Session::setProjectLanguage($language);
+ }
+ elseif ( $modelid != 0 )
+ {
+ $model = new Model( $modelid );
+ $model->load();
+ Session::setProjectModel($model);
+ }
+ elseif ( $objectid != 0 )
+ {
+ $object = new Object( $objectid );
+ $object->objectLoad();
+ Session::setObject($object);
+ }
+ if ( $elementid != 0 )
+ {
+ $element = new Element( $elementid );
+ Session::setElement($element);
+ }
+
+ $project = Session::getProject();
+ $object = Session::getObject();
+ $elementid = 0;
+
+ if ( is_object($project) )
+ {
+ if ( $project->projectid == PROJECTID_ADMIN )
+ {
+ $project->name = lang('ADMINISTRATION');
+ Session::setProject( $project );
+
+ Session::setProjectLanguage( '' );
+ Session::setProjectModel ( '' );
+ Session::setObject ( '' );
+ }
+
+ $this->setTemplateVar( 'title',$project->name );
+
+ if ( is_object($object) )
+ {
+ $type = $object->getType();
+
+ if ( $type == 'page' )
+ {
+ $page = new Page($object->objectid);
+ $page->load();
+ $elementList = $page->getWritableElements();
+ if ( count($elementList) == 1 )
+ $elementid = current(array_keys($elementList));
+ }
+
+ if ( $elementid > 0 )
+ $this->setTemplateVar( 'frame_src_main',Html::url('main','pageelement',$object->objectid,array('elementid'=>$elementid,'targetSubAction'=>'edit')) );
+ else
+ $this->setTemplateVar( 'frame_src_main',Html::url('main',$type,$object->objectid) );
+ }
+ else
+ {
+ $this->setTemplateVar( 'frame_src_main',Html::url('main','empty',0,array(REQ_PARAM_TARGETSUBACTION=>'blank')) );
+ }
+ }
+ elseif ( is_object($project) && $project->projectid == PROJECTID_ADMIN )
+ {
+ if ( $this->hasRequestVar('projectid') )
+ $this->setTemplateVar( 'frame_src_main',Html::url('main','project',$this->getRequestVar('projectid')) );
+ elseif ( $this->hasRequestVar('groupid') )
+ $this->setTemplateVar( 'frame_src_main',Html::url('main','group' ,$this->getRequestVar('groupid' )) );
+ elseif ( $this->hasRequestVar('userid') )
+ $this->setTemplateVar( 'frame_src_main',Html::url('main','user' ,$this->getRequestVar('userid' )) );
+ else
+ $this->setTemplateVar( 'frame_src_main',Html::url('main','empty',0,array(REQ_PARAM_TARGETSUBACTION=>'blank')) );
+ }
+ else
+ {
+ $this->callSubAction( 'projectmenu' );
+ }
+
+
+ $this->setTemplateVar( 'show_tree',(Session::get('showtree')==true) );
+
+ $this->setTemplateVar( 'frame_src_title' ,Html::url( 'title' ) );
+ $this->setTemplateVar( 'frame_src_tree_menu' ,Html::url( 'treemenu' ) );
+ $this->setTemplateVar( 'frame_src_tree_title',Html::url( 'treetitle' ) );
+ $this->setTemplateVar( 'frame_src_tree' ,Html::url( 'tree' ,'load' ) );
+ $this->setTemplateVar( 'frame_src_clipboard' ,Html::url( 'clipboard' ) );
+ $this->setTemplateVar( 'frame_src_status' ,Html::url( 'status' ) );
+
+ $this->setTemplateVar( 'tree_width',$conf['interface']['tree_width'] );
+
+ $this->metaValues();
+ }
+
+
+
+ function checkMenu( $name )
+ {
+ global $conf;
+
+ switch( $name )
+ {
+ case 'applications':
+ // Men�punkt "Anwendungen" wird nur angezeigt, wenn weitere Anwendungen
+ // konfiguriert sind.
+ return count(@$conf['applications']) > 0;
+
+ case 'register': // Registrierung
+ // Nur, wenn aktiviert und gegen eigene Datenbank authentisiert wird.
+ return @$conf['login']['register'] && @$conf['security']['auth']['type'] == 'database';
+
+ case 'password': // Kennwort vergessen
+ // Nur, wenn aktiviert und gegen eigene Datenbank authentisiert wird.
+ // Deaktiviert, falls LDAP-Lookup aktiviert ist.
+ return @$conf['login']['send_password'] && @$conf['security']['auth']['type'] == 'database'
+ && !@$conf['security']['auth']['userdn'];
+
+ case 'administration':
+ // "Administration" nat�rlich nur f�r Administratoren.
+ return $this->userIsAdmin();
+
+ case 'login':
+ return !@$conf['login']['nologin'];
+
+ case 'logout':
+ return true;
+
+ case 'projectmenu':
+ return true;
+
+ default:
+ return false;
+ }
+ }
+
+
+ /**
+ * Maske anzeigen, um Benutzer zu registrieren.
+ */
+ function register()
+ {
+
+ }
+
+
+ /**
+ * Registriercode erzeugen und per E-Mail dem Benutzer mitteilen.
+ * Maske anzeigen, damit Benuter Registriercode anzeigen kann.
+ */
+ function registercode()
+ {
+ $email_address = $this->getRequestVar('mail','mail');
+
+ if ( ! Mail::checkAddress($email_address) )
+ {
+ $this->addValidationError('mail');
+ $this->setTemplateVar('mail',$email_address);
+ $this->callSubAction('register');
+ return;
+ }
+
+
+ srand ((double)microtime()*1000003);
+ $registerCode = rand();
+
+ Session::set('registerCode',$registerCode );
+
+ // E-Mail and die eingegebene Adresse verschicken
+ $mail = new Mail($email_address,
+ 'register_commit_code','register_commit_code');
+ $mail->setVar('code',$registerCode); // Registrierungscode als Text-Variable
+
+ if ( $mail->send() )
+ {
+ $this->addNotice('','','mail_sent',OR_NOTICE_OK);
+ }
+ else
+ {
+ $this->addNotice('','','mail_not_sent',OR_NOTICE_ERROR,array(),$mail->error);
+ $this->callSubAction('register');
+ return;
+ }
+ }
+
+
+
+ function registeruserdata()
+ {
+ global $conf;
+
+ Session::set('registerMail',$this->getRequestVar('mail') );
+ // TODO: Attribut "Password" abfragen
+ foreach( $conf['database'] as $dbname=>$dbconf )
+ {
+ if ( is_array($dbconf) && $dbconf['enabled'] )
+ $dbids[$dbname] = $dbconf['comment'];
+ }
+
+ $this->setTemplateVar( 'dbids',$dbids );
+
+ $db = Session::getDatabase();
+ if ( is_object($db) )
+ $this->setTemplateVar('actdbid',$db->id);
+ else
+ $this->setTemplateVar('actdbid',$conf['database']['default']);
+ }
+
+
+ /**
+ * Benutzerregistierung.
+ * Benutzer hat Best�tigungscode erhalten und eingegeben.
+ */
+ function registercommit()
+ {
+ global $conf;
+ $this->checkForDb();
+
+ $origRegisterCode = Session::get('registerCode');
+ $inputRegisterCode = $this->getRequestVar('code');
+
+ if ( $origRegisterCode != $inputRegisterCode )
+ {
+ // Best�tigungscode stimmt nicht.
+ $this->addValidationError('code','code_not_match');
+ $this->callSubAction('registeruserdata');
+ return;
+ }
+
+ // Best�tigungscode stimmt �berein.
+ // Neuen Benutzer anlegen.
+
+ if ( !$this->hasRequestVar('username') )
+ {
+ $this->addValidationError('username');
+ $this->callSubAction('registeruserdata');
+ return;
+ }
+
+ $user = User::loadWithName( $this->getRequestVar('username') );
+ if ( $user->isValid() )
+ {
+ $this->addValidationError('username','USER_ALREADY_IN_DATABASE');
+ $this->callSubAction('registeruserdata');
+ return;
+ }
+
+ if ( strlen($this->getRequestVar('password')) < $conf['security']['password']['min_length'] )
+ {
+ $this->addValidationError('password','password_minlength',array('minlength'=>$conf['security']['password']['min_length']));
+ $this->callSubAction('registeruserdata');
+ return;
+ }
+
+ $newUser = new User();
+ $newUser->name = $this->getRequestVar('username');
+ $newUser->add();
+
+ $newUser->mail = Session::get('registerMail');
+ $newUser->save();
+
+ $newUser->setPassword( $this->getRequestVar('password'),true );
+
+ $this->addNotice('user',$newUser->name,'user_added','ok');
+ }
+
+
+
+ /**
+ * Vergessenes Kennwort zusenden lassen.
+ */
+ function password()
+ {
+ global $conf;
+
+ // TODO: Attribut "Password" abfragen
+ foreach( $conf['database'] as $dbname=>$dbconf )
+ {
+ if ( is_array($dbconf) && $dbconf['enabled'] )
+ $dbids[$dbname] = $dbconf['comment'];
+ }
+
+ $this->setTemplateVar( 'dbids',$dbids );
+
+
+ $db = Session::getDatabase();
+
+ if ( is_object($db) )
+ $this->setTemplateVar('actdbid',$db->id);
+ else
+ $this->setTemplateVar('actdbid',$conf['database']['default']);
+
+ }
+
+
+ /*
+ function changepassword()
+ {
+ }
+ */
+
+
+ /*
+ function setnewpassword()
+ {
+ $oldPw = $this->getRequestVar('password_old' );
+ $newPw1 = $this->getRequestVar('password_new_1');
+ $newPw2 = $this->getRequestVar('password_new_2');
+
+ if ( $newPw1 == $newPw2 )
+ {
+ // Aktuellen Benutzer aus der Sitzung ermitteln
+ $user = $this->getUserFromSession();
+
+ // Altes Kennwort pr�fen.
+ $ok = $user->checkPassword( $oldPw );
+
+ if ( $ok ) // Altes Kennwort ist ok.
+ {
+ $user->setPassword( $newPw1 ); // Setze neues Kennwort
+ $user->mustChangePassword = false;
+ Session::setUser($user);
+ $this->addNotice('user',$user->name,'password_set','ok');
+ }
+ else
+ {
+ // Altes Kennwort falsch.
+ $this->addNotice('user',$user->name,'password_error','error');
+ }
+ }
+ else
+ {
+ // Beide neuen Kennw�rter stimmen nicht �berein
+ $this->addNotice('user',$user->name,'passwords_not_match','error');
+ }
+ }
+ */
+
+
+ /**
+ * Einen Kennwort-Anforderungscode an den Benutzer senden.
+ */
+ function passwordcode()
+ {
+ if ( !$this->hasRequestVar('username') )
+ {
+ $this->addValidationError('username');
+ $this->callSubAction('password');
+ return;
+ }
+
+ $this->checkForDb();
+
+ $user = User::loadWithName( $this->getRequestVar("username") );
+ // Html::debug($user);
+ if ( $user->isValid() )
+ {
+ srand ((double)microtime()*1000003);
+ $code = rand();
+ $this->setSessionVar("password_commit_code",$code);
+
+ $eMail = new Mail( $user->mail,'password_commit_code' );
+ $eMail->setVar('name',$user->getName());
+ $eMail->setVar('code',$code);
+ if ( $eMail->send() )
+ $this->addNotice('user',$user->getName(),'mail_sent',OR_NOTICE_OK);
+ else
+ $this->addNotice('user',$user->getName(),'mail_not_sent',OR_NOTICE_ERROR,array(),$eMail->error);
+
+ }
+ else
+ {
+ //$this->addNotice('','user','username_not_found');
+ // Trotzdem vort�uschen, eine E-Mail zu senden, damit die G�ltigkeit
+ // eines Benutzernamens nicht von au�en gepr�ft werden kann.
+ //
+ $this->addNotice('user',$this->getRequestVar("username"),'mail_sent');
+ sleep(5);
+ }
+
+ $this->setSessionVar("password_commit_name",$user->name);
+ }
+
+
+
+ /**
+ * Anzeige Formular zum Eingeben des Kennwort-Codes.
+ *
+ */
+ function passwordinputcode()
+ {
+
+ }
+
+
+ /**
+ * Neues Kennwort erzeugen und dem Benutzer zusenden.
+ */
+ function passwordcommit()
+ {
+ $username = $this->getSessionVar("password_commit_name");
+
+ if ( $this->getRequestVar("code")=='' ||
+ $this->getSessionVar("password_commit_code") != $this->getRequestVar("code") )
+ {
+ $this->addValidationError('code','PASSWORDCODE_NOT_MATCH');
+ $this->callSubAction('passwordinputcode');
+ return;
+ }
+
+ $user = User::loadWithName( $username );
+
+ if ( !$user->isValid() )
+ {
+ // Benutzer konnte nicht geladen werden.
+ $this->addNotice('user',$username,'error',OR_NOTICE_ERROR);
+ return;
+ }
+
+ $newPw = User::createPassword(); // Neues Kennwort erzeugen.
+
+ $eMail = new Mail( $user->mail,'password_new' );
+ $eMail->setVar('name' ,$user->getName());
+ $eMail->setVar('password',$newPw );
+
+ if ( $eMail->send() )
+ {
+ $user->setPassword( $newPw, false ); // Kennwort muss beim n�. Login ge�ndert werden.
+ $this->addNotice('user',$username,'mail_sent',OR_NOTICE_OK);
+ }
+ else
+ {
+ // Sollte eigentlich nicht vorkommen, da der Benutzer ja auch schon den
+ // Code per E-Mail erhalten hat.
+ $this->addNotice('user',$username,'error',OR_NOTICE_ERROR,array(),$eMail->error);
+ }
+ }
+
+
+ /**
+ * Erzeugt eine neue Sitzung.
+ */
+ function recreateSession()
+ {
+
+ // PHP < 4.3.2 kennt die Funktion session_regenerate_id() nicht.
+ if ( version_compare(phpversion(),"4.3.2","<") )
+ {
+ $randlen = 32;
+ $randval = "0123456789abcdefghijklmnopqrstuvwxyz";
+ $newid = "";
+ for ($i = 1; $i <= $randlen; $i++)
+ {
+ $newid .= substr($randval, rand(0,(strlen($randval) - 1)), 1);
+ }
+ session_id( $newid );
+ }
+ elseif( version_compare(phpversion(),"4.3.2","==") )
+ {
+ session_regenerate_id();
+
+ // Bug in PHP 4.3.2: Session-Cookie wird nicht neu gesetzt.
+ if ( ini_get("session.use_cookies") )
+ setcookie( session_name(),session_id(),ini_get("session.cookie_lifetime"),"/" );
+ }
+ elseif ( version_compare(phpversion(),"5.1.0",">") )
+ {
+ session_regenerate_id(true);
+ }
+ else
+ {
+ // 5.1.0 > PHP >= 4.3.3
+ }
+ }
+
+}
+
+
+?>+
\ No newline at end of file
diff --git a/actionClasses/LoginAction.ini.php b/actionClasses/LoginAction.ini.php
@@ -0,0 +1,104 @@
+
+admin=false
+
+
+[default]
+goto=show
+
+[logout]
+guest=true
+goto=login
+write=get
+clear=tree
+
+[switchuser]
+goto=show
+
+[object]
+goto=show
+guest=true
+
+[language]
+goto=show
+
+[model]
+goto=show
+
+[applications]
+menu=menu
+
+[userinfo]
+direct=true
+
+[project]
+goto=show
+
+[register]
+menu=login
+target=registercode
+guest=true
+
+[registercode]
+goto=registeruserdata
+guest=true
+
+[registeruserdata]
+menu=login
+target=registercommit
+guest=true
+
+[registercommit]
+menu=login
+goto=showlogin
+guest=true
+
+[password]
+menu=login
+target=passwordcode
+guest=true
+
+[passwordcode]
+guest=true
+goto=passwordinputcode
+
+[passwordinputcode]
+menu=login
+target=passwordcommit
+guest=true
+
+[passwordcommit]
+menu=login
+goto=showlogin
+guest=true
+
+[administration]
+goto=show
+
+[login]
+menu=login
+write=true
+guest=true
+;goto=projectmenu
+
+[projectmenu]
+
+[openid]
+guest=true
+goto=show
+
+[projectmenu]
+menu=menu
+
+[changepassword]
+menu=menu
+target=setnewpassword
+
+[setnewpassword]
+menu=menu
+goto=projectmenu
+
+[show]
+guest=true
+
+[menu]
+menu =login
diff --git a/do.php b/do.php
@@ -210,7 +210,7 @@ if ( is_object( $db ) )
if ( !empty($REQ[REQ_PARAM_ACTION]) )
$action = $REQ[REQ_PARAM_ACTION];
-else $action = 'index';
+else $action = 'login';
Session::set('action',$action);
@@ -237,7 +237,7 @@ if ( !is_array($views) )
{
$views = array( 'tree' => null,
'header' => array('action'=>'title','subaction'=>'show' ),
- 'content'=> array('action'=>'index','subaction'=>'login') );
+ 'content'=> array('action'=>'login','subaction'=>'login') );
}
// Wenn 'target' übergeben wurde und als View bekannt ist
if ( isset($REQ[REQ_PARAM_TARGET]) && array_key_exists($REQ[REQ_PARAM_TARGET],$views) ) {