openrat-cms

OpenRat Content Management System
git clone http://git.code.weiherhei.de/openrat-cms.git
Log | Files | Refs | README

StartAction.class.php (31383B)


      1 <?php
      2 
      3 namespace cms\action;
      4 
      5 use cms\base\Configuration;
      6 use cms\base\Startup;
      7 use cms\model\User;
      8 use cms\model\Project;
      9 use cms\model\Value;
     10 use cms\model\Element;
     11 use cms\model\Page;
     12 use cms\model\BaseObject;
     13 use cms\model\Language;
     14 use cms\model\Model;
     15 
     16 
     17 use database\Database;
     18 use util\Http;
     19 use logger\Logger;
     20 use \security\Password;
     21 use util\Session;
     22 use util\Html;
     23 use util\Mail;
     24 
     25 // OpenRat Content Management System
     26 // Copyright (C) 2002-2007 Jan Dankert, jandankert@jandankert.de
     27 //
     28 // This program is free software; you can redistribute it and/or
     29 // modify it under the terms of the GNU General Public License
     30 // as published by the Free Software Foundation; version 2.
     31 //
     32 // This program is distributed in the hope that it will be useful,
     33 // but WITHOUT ANY WARRANTY; without even the implied warranty of
     34 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     35 // GNU General Public License for more details.
     36 //
     37 // You should have received a copy of the GNU General Public License
     38 // along with this program; if not, write to the Free Software
     39 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
     40 
     41 
     42 /**
     43  * Action-Klasse fuer die Start-Action
     44  * @author $Author$
     45  * @version $Revision$
     46  * @package openrat.actions
     47  * @deprecated
     48  */
     49 
     50 class StartAction extends BaseAction
     51 {
     52 	public $security = Action::SECURITY_USER;
     53 	
     54 	var $mustChangePassword = false;
     55 	
     56 	function setDb( $dbid )
     57 	{
     58 		$conf = Configuration::rawConfig();
     59 
     60 		if	( !isset($conf['database'][$dbid] ))
     61 			throw new \LogicException( 'unknown DB-Id: '.$dbid );
     62 			
     63 		$db = \cms\base\DB::get();
     64 		if	( is_object($db) )
     65 		{
     66 			$db->rollback();
     67 		}
     68 
     69 		$db = new Database( $conf['database'][$dbid] );
     70 		$db->id = $dbid;
     71 		$db->start();
     72 		Session::setDatabase( $db );
     73 	}
     74 
     75 
     76 
     77 	function checkForDb()
     78 	{
     79 		$conf = Configuration::rawConfig();
     80 		$dbid = $this->getRequestVar('dbid'); 
     81 
     82 		if	( $dbid != '' )
     83 			$this->setDb( $dbid );
     84 	}
     85 
     86 
     87 
     88 	function setDefaultDb()
     89 	{
     90 		if	( $this->hasRequestVar(RequestParams::PARAM_DATABASE_ID) )
     91 		{
     92 			$dbid = $this->getRequestVar(RequestParams::PARAM_DATABASE_ID);
     93 		}
     94 		else
     95 		{
     96 			$conf = Configuration::rawConfig();
     97 	
     98 			if	( !isset($conf['database']['default']) )
     99 				throw new \LogicException('default-database not set');
    100 	
    101 			$dbid = $conf['database']['default'];
    102 		}
    103 		
    104 		$this->setDb( $dbid );
    105 	}
    106 
    107 
    108 
    109 	function checkLogin( $name,$pw,$pw1,$pw2 )
    110 	{
    111 		Logger::debug( "login user $name" );
    112 	
    113 		$conf = Configuration::rawConfig();
    114 		global $SESS;
    115 	
    116 		unset( $SESS['user'] );	
    117 	
    118 		
    119 		$db = \cms\base\DB::get();
    120 		
    121 		if	( !$db->available )
    122 		{
    123 			$this->addNotice('database', 0, $db->conf['description'], 'DATABASE_CONNECTION_ERROR', Action::NOTICE_ERROR, array(), array('Database Error: ' . $db->error));
    124 			$this->callSubAction('showlogin');
    125 			return false;
    126 		}
    127 		
    128 		$ip = getenv("REMOTE_ADDR");
    129 	
    130 		$user = new User();
    131 		$user->name = $name;
    132 		
    133 		$ok = $user->checkPassword( $pw );
    134 		
    135 		$this->mustChangePassword = $user->mustChangePassword;
    136 		
    137 		if	( $this->mustChangePassword )
    138 		{
    139 			// Der Benutzer hat zwar ein richtiges Kennwort eingegeben, aber dieses ist abgelaufen.
    140 			// Wir versuchen hier, das neue zu setzen (sofern eingegeben).
    141 			if	( empty($pw1) )
    142 			{
    143 			}
    144 			elseif	( $pw1 != $pw2 )
    145 			{
    146 				$this->addValidationError('password1','PASSWORDS_DO_NOT_MATCH');
    147 				$this->addValidationError('password2','');
    148 			}
    149 			elseif	( strlen($pw2) < $conf['security']['password']['min_length'] )
    150 			{
    151 				$this->addValidationError('password1','PASSWORD_MINLENGTH',array('minlength'=>$conf['security']['password']['min_length']));
    152 				$this->addValidationError('password2','');
    153 			}
    154 			else
    155 			{
    156 				// Kennw�rter identisch und lang genug.
    157 				$user->setPassword( $pw1,true );
    158 				
    159 				// Das neue Kennwort ist gesetzt, die Anmeldung ist also doch noch gelungen. 
    160 				$ok = true;
    161 				$this->mustChangePassword = false;
    162 				$user->mustChangePassword = false;
    163 			}
    164 		}
    165 		
    166 		// Falls Login erfolgreich
    167 		if  ( $ok )
    168 		{
    169 			// Login war erfolgreich!
    170 			$user->load();
    171 			$user->setCurrent();
    172 			Logger::info( 'login successful' );
    173 
    174 			return true;
    175 		}
    176 		else
    177 		{
    178 			Logger::info( "login for user $name failed" );
    179 
    180 			return false;
    181 		}
    182 	}
    183 
    184 
    185 
    186 	/**
    187 	 * Anzeigen der Loginmaske.
    188 	 *
    189 	 * Es wird nur die Loginmaske angezeigt.
    190 	 * Hier nie "304 not modified" setzen, da sonst keine
    191 	 * Login-Fehlermeldung erscheinen kann
    192 	 */
    193 	function loginView()
    194 	{
    195 		$conf = Configuration::rawConfig();
    196 		$sso = $conf['security']['sso'];
    197 		$ssl = $conf['security']['ssl'];
    198 		
    199 		$ssl_trust    = false;
    200 		$ssl_user_var = '';
    201 		extract( $ssl, EXTR_PREFIX_ALL, 'ssl' );
    202 		
    203 		if	( $sso['enable'] )
    204 		{
    205 			$authid = $this->getRequestVar( $sso['auth_param_name']);
    206 			
    207 			if	( empty( $authid) )
    208 				throw new \util\exception\SecurityException( 'no authorization data (no auth-id)');
    209 				
    210 			if	( $sso['auth_param_serialized'] )
    211 				$authid = unserialize( $authid );
    212 			
    213 			$purl = parse_url($sso['url']);
    214 			// Verbindung zu URL herstellen.
    215 			$errno=0; $errstr='';
    216 			$fp = fsockopen ($purl['host'],80, $errno, $errstr, 30);
    217 			if	( !$fp )
    218 			{
    219 				echo "Connection failed: $errstr ($errno)";
    220 			}
    221 			else
    222 			{
    223 				$http_get = $purl['path'];
    224 				if	( !empty($purl['query']) ) 
    225 					$http_get .= '?'.$purl['query'];
    226 
    227 				$header = array();
    228 					
    229 				$header[] = "GET $http_get HTTP/1.0";
    230 				$header[]  ="Host: ".$purl['host'];
    231 				$header[] = "User-Agent: Mozilla/5.0 (OpenRat CMS Single Sign-on Check)";
    232 				$header[] = "Connection: Close";
    233 				
    234 				if	( $sso['cookie'] )
    235 				{
    236 					$cookie = 'Cookie: ';
    237 					if	( is_array($authid))
    238 						foreach( $authid as $cookiename=>$cookievalue)
    239 							$cookie .= $cookiename.'='.$cookievalue."; ";
    240 					else
    241 						$cookie .= $sso['cookie_name'].'='.$authid;
    242 						
    243 					$header[] = $cookie;
    244 				}
    245 				
    246 //				Html::debug($header);
    247 				fputs ($fp, implode("\r\n",$header)."\r\n\r\n");
    248 				
    249 				$inhalt=array();
    250 				while (!feof($fp)) {
    251 					$inhalt[] = fgets($fp,128);
    252 				}
    253 				fclose($fp);
    254 				
    255 				$html = implode('',$inhalt);
    256 //				Html::debug($html);
    257 				if	( !preg_match($sso['expect_regexp'],$html) )
    258 					throw new \util\exception\SecurityException('auth failed');
    259 				$treffer=0;
    260 				if	( !preg_match($sso['username_regexp'],$html,$treffer) )
    261 					throw new \util\exception\SecurityException('auth failed');
    262 				if	( !isset($treffer[1]) )
    263 					throw new \util\exception\SecurityException('authorization failed');
    264 					
    265 				$username = $treffer[1];
    266 				
    267 //				Html::debug( $treffer );
    268 				$this->setDefaultDb();
    269 
    270 				$user = User::loadWithName( $username );
    271 				
    272 				if	( ! $user->isValid( ))
    273 					throw new \util\exception\SecurityException('authorization failed: user not found: '.$username);
    274 					
    275 				$user->setCurrent();
    276 
    277 				$this->callSubAction('show');
    278 			}
    279 		}
    280 
    281 		elseif	( $ssl_trust )
    282 		{
    283 			if	( empty($ssl_user_var) )
    284 				throw new \LogicException( 'please set environment variable name in ssl-configuration.' );
    285 
    286 			$username = getenv( $ssl_user_var );
    287 
    288 			if	( empty($username) )
    289 				throw new \util\exception\SecurityException( 'no username in client certificate ('.$ssl_user_var.') (or there is no client certificate...?)' );
    290 			
    291 			$this->setDefaultDb();
    292 
    293 			$user = User::loadWithName( $username );
    294 
    295 			if	( !$user->isValid() )
    296 				throw new \LogicException( 'unknown username: '.$username );
    297 
    298 			$user->setCurrent();
    299 
    300 			$this->callSubAction('show');
    301 		}
    302 		
    303 		foreach( $conf['database'] as $dbname=>$dbconf )
    304 		{
    305 			if	( is_array($dbconf) && $dbconf['enabled'] )
    306 				$dbids[$dbname] = array('key'  =>$dbname,
    307 				                        'value'=>Text::maxLength($dbconf['description']),
    308 				                        'title'=>$dbconf['description'].' ('.$dbconf['host'].')' );
    309 		}
    310 		
    311 		$openid_provider = array();
    312 		foreach( explode(',',$conf['security']['openid']['provider']) as $provider )
    313 			$openid_provider[$provider] = Configuration::config('security','openid','provider.'.$provider.'.name');
    314 		$this->setTemplateVar('openid_providers',$openid_provider);
    315 		$this->setTemplateVar('openid_user_identity', Configuration::config('security','openid','user_identity'));
    316 		//$this->setTemplateVar('openid_provider','identity');
    317 
    318 		
    319 		if	( empty($dbids) )
    320 			$this->addNotice('', 0, '', 'no_database_configuration', Action::NOTICE_WARN);
    321 		
    322 		if	( !isset($this->templateVars['login_name']) && isset($_COOKIE['or_username']) )
    323 			$this->setTemplateVar('login_name',$_COOKIE['or_username']);
    324 		
    325 		if	( !isset($this->templateVars['login_name']) )
    326 			$this->setTemplateVar('login_name',@$conf['security']['default']['username']);
    327 
    328 		if	( $this->templateVars['login_name']== @$conf['security']['default']['username'])
    329 			$this->setTemplateVar('login_password',@$conf['security']['default']['password']);
    330 
    331 		$this->setTemplateVar( 'dbids',$dbids );
    332 		
    333 		$db = Session::getDatabase();
    334 		if	( is_object($db) )
    335 			$this->setTemplateVar('actdbid',$db->id);
    336 		elseif( isset($this->templateVars['actid']) )
    337 			;
    338 		else
    339 			$this->setTemplateVar('actdbid',$conf['database']['default']);
    340 
    341 
    342 		// Den Benutzernamen aus dem Client-Zertifikat lesen und in die Loginmaske eintragen. 
    343 		$ssl_user_var = $conf['security']['ssl']['user_var'];
    344 		if	( !empty($ssl_user_var) )
    345 		{
    346 			$username = getenv( $ssl_user_var );
    347 
    348 			if	( empty($username) )
    349 			{
    350 				echo \cms\base\Language::lang('ERROR_LOGIN_BROKEN_SSL_CERT');
    351 				Logger::warn( 'no username in SSL client certificate (var='.$ssl_user_var.').' );
    352 				exit;
    353 			}
    354 			
    355 			// Benutzername ist in Eingabemaske unveränderlich
    356 			$this->setTemplateVar('force_username',$username);
    357 		}
    358 
    359 		$this->setTemplateVar('objectid'  ,$this->getRequestVar('objectid'  ,RequestParams::FILTER_NUMBER) );
    360 		$this->setTemplateVar('projectid' ,$this->getRequestVar('projectid' ,RequestParams::FILTER_NUMBER) );
    361 		$this->setTemplateVar('modelid'   ,$this->getRequestVar('modelid'   ,RequestParams::FILTER_NUMBER) );
    362 		$this->setTemplateVar('languageid',$this->getRequestVar('languageid',RequestParams::FILTER_NUMBER) );
    363 				
    364 		$this->setTemplateVar('register'     ,$conf['login'   ]['register' ]);
    365 		$this->setTemplateVar('send_password',$conf['login'   ]['send_password']);
    366 	}
    367 
    368 
    369 
    370 	/**
    371 	 * Setzt die neue Projekt-Id und lädt die Workbench neu.
    372 	 * 
    373 	 */
    374 	public function projectmenuPost()
    375 	{
    376 		
    377 		$this->evaluateRequestVars( array('projectid'=>$this->getRequestId()) );
    378 	}
    379 	
    380 	
    381 	/**
    382 	 * Erzeugt ein Projekt-Auswahlmenue.
    383 	 */
    384 	public function projectmenuView()
    385 	{
    386 		$user = Session::getUser();
    387 		
    388 		if	( $user->mustChangePassword ) 
    389 		{
    390 			$this->addNotice('user', 0, $user->name, 'PASSWORD_TIMEOUT', 'warn');
    391 			$this->callSubAction( 'changepassword' ); // Zwang, das Kennwort zu �ndern.
    392 		}
    393 		
    394 
    395 		// Diese Seite gilt pro Sitzung. 
    396 		//$this->lastModified( $user->loginDate );
    397 
    398 		// Projekte ermitteln
    399 		$projects = $user->getReadableProjects(); 
    400 		
    401 		$list     = array();
    402 		
    403 		foreach( $projects as $id=>$name )
    404 		{
    405 			$p = array();
    406 			$p['url' ] = Html::url('start','project',$id);
    407 			$p['name'] = $name;
    408 			$p['id'  ] = $id;
    409 
    410 			$tmpProject = new Project( $id );
    411 			$p['defaultmodelid'   ] = $tmpProject->getDefaultModelId();
    412 			$p['defaultlanguageid'] = $tmpProject->getDefaultLanguageId();
    413 			$p['models'           ] = $tmpProject->getModels();
    414 			$p['languages'        ] = $tmpProject->getLanguages();
    415 			
    416 			$list[] = $p;
    417 		}
    418 
    419 		$this->setTemplateVar('projects',$list);
    420 		
    421 		if	( empty($list) )
    422 		{
    423 			// Kein Projekt vorhanden. Eine Hinweismeldung ausgeben.
    424 			if	( $this->userIsAdmin() )
    425 				// Administratoren bekommen bescheid, dass sie ein Projekt anlegen sollen
    426 				$this->addNotice('', 0, '', 'ADMIN_NO_PROJECTS_AVAILABLE', Action::NOTICE_WARN);
    427 			else
    428 				// Normale Benutzer erhalten eine Meldung, dass kein Projekt zur Verf�gung steht
    429 				$this->addNotice('', 0, '', 'NO_PROJECTS_AVAILABLE', Action::NOTICE_WARN);
    430 		}
    431 		
    432 		//$this->metaValues();
    433 	}
    434 
    435 
    436 
    437 	/**
    438 	 * Erzeugt eine Anwendungsliste.
    439 	 */
    440 	public function applicationsView()
    441 	{
    442 		$conf = Configuration::rawConfig();
    443 		
    444 		// Diese Seite gilt pro Sitzung. 
    445 		$user       = Session::getUser();
    446 		$userGroups = $user->getGroups();
    447 		$this->lastModified( $user->loginDate );
    448 
    449 		// Applikationen ermitteln
    450 		$list = array();
    451 		foreach( $conf['applications'] as $id=>$app )
    452 		{
    453 			if	( !is_array($app) )
    454 				continue;
    455 				
    456 			if	( isset($app['group']) )
    457 				if	( !in_array($app['group'],$userGroups) )
    458 					continue; // Keine Berechtigung, da Benutzer nicht in Gruppe vorhanden.
    459 					
    460 			$p = array();
    461 			$p['url']         = $app['url'];
    462 			$p['description'] = @$app['description'];
    463 			if	( isset($app['param']) )
    464 			{
    465 				$p['url'] .= strpos($p['url'],'?')!==false?'&':'?';
    466 				$p['url'] .= $app['param'].'='.session_id();
    467 			}
    468 			$p['name'] = $app['name'];
    469 			
    470 			$list[] = $p;
    471 		}
    472 
    473 
    474 		$this->setTemplateVar('applications',$list);
    475 	}
    476 
    477 	
    478 
    479 	/**
    480 	 * Open-Id Login, �berpr�fen der Anmeldung.<br>
    481 	 * Spezifikation: http://openid.net/specs/openid-authentication-1_1.html<br>
    482 	 * Kapitel "4.4. check_authentication"<br>
    483 	 * <br>
    484 	 * Im 2. Schritt (Mode "id_res") erfolgte ein Redirect vom Open-Id Provider an OpenRat zur�ck.<br>
    485 	 * Wir befinden uns nun im darauf folgenden Request des Browsers.<br>
    486 	 * <br>
    487 	 * Es muss noch beim OpenId-Provider die Best�tigung eingeholt werden, danach ist der
    488 	 * Benutzer angemeldet.<br>
    489 	 */
    490 	function openid()
    491 	{
    492 		$conf = Configuration::rawConfig();
    493 		$openId = Session::get('openid');
    494 
    495 		if	( !$openId->checkAuthentication() )
    496 		{
    497 			$this->addNotice('user', 0, $openId->user, 'LOGIN_OPENID_FAILED', Action::NOTICE_ERROR, array('name' => $openId->user), array($openId->error));
    498 			$this->addValidationError('openid_url','');
    499 			$this->callSubAction('showlogin');
    500 			return;
    501 		}
    502 		
    503 		//Html::debug($openId);
    504 		
    505 		// Anmeldung wurde mit "is_valid:true" best�tigt.
    506 		// Der Benutzer ist jetzt eingeloggt.
    507 		$username = $openId->getUserFromIdentiy();
    508 		
    509 		if	( empty($username) )
    510 		{
    511 			// Es konnte kein Benutzername ermittelt werden.
    512 			$this->addNotice('user', 0, $username, 'LOGIN_OPENID_FAILED', 'error', array('name' => $username));
    513 			$this->addValidationError('openid_url','');
    514 			$this->callSubAction('showlogin');
    515 			return;
    516 		}
    517 		
    518 		$user = User::loadWithName( $username );
    519 		
    520 		if	( $user->userid <=0)
    521 		{
    522 			// Benutzer ist (noch) nicht vorhanden.
    523 			if	( $conf['security']['openid']['add'])  // Anlegen?
    524 			{
    525 				$user->name     = $username;
    526 				$user->add();
    527 
    528 				$user->mail     = $openId->info['email'];
    529 				$user->fullname = $openId->info['fullname'];
    530 				$user->save();  // Um E-Mail zu speichern (wird bei add() nicht gemacht)
    531 			}
    532 			else
    533 			{
    534 				// Benutzer ist nicht in Benutzertabelle vorhanden (und angelegt werden soll er auch nicht).
    535 				$this->addNotice('user', 0, $username, 'LOGIN_OPENID_FAILED', 'error', array('name' => $username));
    536 				$this->addValidationError('openid_url','');
    537 				$this->callSubAction('showlogin');
    538 				return;
    539 			}
    540 		}
    541 		else
    542 		{
    543 			// Benutzer ist bereits vorhanden.
    544 			if	( @$conf['security']['openid']['update_user'])
    545 			{
    546 				$user->fullname = $openId->info['fullname'];
    547 				$user->mail     = $openId->info['email'];
    548 				$user->save();
    549 			}
    550 		}
    551 
    552 		$user->setCurrent();  // Benutzer ist jetzt in der Sitzung.
    553 	}
    554 	
    555 
    556 	/**
    557 	 * Login.
    558 	 */
    559 	function loginPost()
    560 	{
    561 		$conf = Configuration::rawConfig();
    562 
    563 		$this->checkForDb();
    564 		Session::setUser('');
    565 		
    566 		if	( $conf['login']['nologin'] )
    567 			throw new \util\exception\SecurityException('login disabled');
    568 
    569 		$openid_user   = $this->getRequestVar('openid_url'    );
    570 		$loginName     = $this->getRequestVar('login_name'    ,RequestParams::FILTER_ALPHANUM);
    571 		$loginPassword = $this->getRequestVar('login_password',RequestParams::FILTER_ALPHANUM);
    572 		$newPassword1  = $this->getRequestVar('password1'     ,RequestParams::FILTER_ALPHANUM);
    573 		$newPassword2  = $this->getRequestVar('password2'     ,RequestParams::FILTER_ALPHANUM);
    574 		
    575 		// Cookie setzen
    576         $this->setCookie('or_username',$loginName );
    577 		
    578 		// Login mit Open-Id.
    579 		if	( $this->hasRequestVar('openid_provider') && ($this->getRequestVar('openid_provider') != 'identity' || !empty($openid_user)) )
    580 		{
    581 			$openId = new OpenId($this->getRequestVar('openid_provider'),$openid_user);
    582 			
    583 			if	( ! $openId->login() )
    584 			{
    585 				$this->addNotice('user', 0, $openid_user, 'LOGIN_OPENID_FAILED', 'error', array('name' => $openid_user), array($openId->error));
    586 				$this->addValidationError('openid_url','');
    587 				$this->callSubAction('showlogin');
    588 				return;
    589 			}
    590 			
    591 			Session::set('openid',$openId);
    592 			$openId->redirect();
    593 		}
    594 		
    595 
    596 		// Ermitteln, ob der Baum angezeigt werden soll
    597 		// Ist die Breite zu klein, dann wird der Baum nicht angezeigt
    598 		Session::set('showtree',intval($this->getRequestVar('screenwidth')) > $conf['interface']['min_width'] );
    599 
    600 		$loginOk = $this->checkLogin( $loginName,
    601 		                              $loginPassword,
    602 		                              $newPassword1,
    603 		                              $newPassword2 );
    604 
    605 		usleep(hexdec(Password::randomHexString(1))); // delay: 0-255 ms
    606 		
    607 		if	( !$loginOk )
    608 		{
    609 			
    610 			if	( $this->mustChangePassword )
    611 			{
    612 				// Anmeldung gescheitert, Benutzer muss Kennwort �ndern.
    613 				$this->addNotice('user', 0, $loginName, 'LOGIN_FAILED_MUSTCHANGEPASSWORD', 'error');
    614 				$this->addValidationError('password1','');
    615 				$this->addValidationError('password2','');
    616 			}
    617 			else
    618 			{
    619 				// Anmeldung gescheitert.
    620 				$this->addNotice('user', 0, $loginName, 'LOGIN_FAILED', 'error', array('name' => $loginName));
    621 				$this->addValidationError('login_name'    ,'');
    622 				$this->addValidationError('login_password','');
    623 			}
    624 
    625 			Logger::debug("Login failed for user '$loginName'");
    626 			
    627 			$this->callSubAction('login');
    628 			return;
    629 		}
    630 		else
    631 		{
    632 			Logger::debug("Login successful for user '$loginName'");
    633 			
    634 			// Anmeldung erfolgreich.
    635 			if	( Configuration::config('security','renew_session_login') )
    636 				$this->recreateSession();
    637 			
    638 			$user = Session::getUser();
    639 			$this->addNotice('user', 0, $user->name, 'LOGIN_OK', Action::NOTICE_OK, array('name' => $user->fullname));
    640 		}
    641 		
    642 		// Benutzer ist angemeldet
    643 	}
    644 
    645 
    646 	/**
    647 	 * Benutzer meldet sich ab.
    648 	 */
    649 	function logoutPost()
    650 	{
    651 		$conf = Configuration::rawConfig();
    652 		
    653 		$user = Session::getUser();
    654 		if	( is_object($user) )
    655 			$this->setTemplateVar('login_username',$user->name);
    656 		
    657 		if	( Configuration::subset('security')->is('renew_session_logout',false) )
    658 			$this->recreateSession();
    659 
    660 		session_unset();
    661 		
    662 		if	( @$conf['theme']['compiler']['compile_at_logout'] )
    663 		{
    664 			foreach( $conf['action'] as $actionName => $actionConfig )
    665 			{
    666 				foreach( $actionConfig as $subActionName=>$subaction )
    667 				{
    668 					if	( is_array($subaction) &&
    669 						  !isset($subaction['goto'  ]) && 
    670 						  !isset($subaction['direct']) &&
    671 						  !isset($subaction['action']) &&
    672 						  !isset($subaction['alias' ]) &&
    673 						  $subActionName != 'menu'            )
    674 					{
    675 						$engine = new template_engine\TemplateEngine();
    676 						$engine->compile( strtolower(str_replace('Action','',$actionName)).'/'.$subActionName);
    677 					}
    678 				}
    679 			}
    680 		}
    681 		
    682 		// Umleiten auf eine definierte URL.s
    683 		$redirect_url = @$conf['security']['logout']['redirect_url'];
    684 
    685 		if	( !empty($redirect_url) )
    686 		{
    687 			header('Location: '.$redirect_url);
    688 			exit;
    689 		}
    690 	}
    691 
    692 	
    693 	
    694 	/**
    695 	 * Benutzer meldet sich ab.
    696 	 */
    697 	function logoutView()
    698 	{
    699 	}
    700 	
    701 
    702 	/**
    703 	 * Ausw�hlen der Administration.
    704 	 */
    705 	function administrationPost()
    706 	{
    707 	}
    708 	
    709 	
    710 	
    711 	/**
    712 	 * Auswaehlen des Benutzer-Profiles.
    713 	 */
    714 	function profilePost()
    715 	{
    716 	}
    717 	
    718 	
    719 	
    720 	/**
    721 	 * Auswaehlen der Startseite.
    722 	 */
    723 	function startPost()
    724 	{
    725 	}
    726 	
    727 	
    728 	
    729 	function project()
    730 	{
    731 		$user = Session::getUser();
    732 		if   ( ! is_object($user) )
    733 		{
    734 			$this->callSubAction('show');
    735 			return;
    736 		}
    737 
    738 		$this->evaluateRequestVars( array('projectid'=>$this->getRequestId()) );
    739 		
    740 		Session::setUser( $user );
    741 	}
    742 
    743 
    744 	function object()
    745 	{
    746 		$user = Session::getUser();
    747 		if   ( ! is_object($user) )
    748 		{
    749 			$this->callSubAction('show');
    750 			return;
    751 		}
    752 		
    753 		$this->evaluateRequestVars( array('objectid'=>$this->getRequestId()) );
    754 
    755 		Session::setUser( $user );
    756 	}
    757 
    758 
    759 	function languagePost()
    760 	{
    761 		$user = Session::getUser();
    762 		if   ( ! is_object($user) )
    763 		{
    764 			throw new \LogicException('No user in session');
    765 			return;
    766 		}
    767 		
    768 		$this->evaluateRequestVars( array(RequestParams::PARAM_LANGUAGE_ID=>$this->getRequestId()) );
    769 	}
    770 
    771 
    772 	function modelPost()
    773 	{
    774 		$user = Session::getUser();
    775 		if   ( ! is_object($user) )
    776 		{
    777 			$this->callSubAction('show');
    778 			return;
    779 		}
    780 		
    781 		$this->evaluateRequestVars( array(RequestParams::PARAM_MODEL_ID=>$this->getRequestId()) );
    782 	}
    783 	
    784 
    785 	/**
    786 	 * Auswerten der Request-Variablen.
    787 	 */
    788 	private function evaluateRequestVars( $add = array() )
    789 	{
    790 	}
    791 
    792 
    793 	function switchuser()
    794 	{
    795 		$user = Session::getUser();
    796 		
    797 		if	( ! $user->isAdmin )
    798 			throw new \util\exception\SecurityException("");
    799 		
    800 		$this->recreateSession();
    801 		
    802 		$newUser = new User( $this->getRequestId() );
    803 		$newUser->load();
    804 		
    805 		$newUser->setCurrent();
    806 	}
    807 	
    808 	
    809 	function showView()
    810 	{
    811 		$conf = Configuration::rawConfig();
    812 		global $PHP_AUTH_USER;
    813 		global $PHP_AUTH_PW;
    814 
    815 		$user = Session::getUser();
    816 		// Gast-Login
    817 		if   ( ! is_object($user) )
    818 		{
    819 			if	( $conf['security']['guest']['enable'] )
    820 			{
    821 				$this->setDefaultDb();
    822 				$username = $conf['security']['guest']['user'];
    823 				$user = User::loadWithName($username);
    824 				if	( $user->userid > 0 )
    825 					$user->setCurrent();
    826 				else
    827 				{
    828 					Logger::warn('Guest login failed, user not found: '.$username);
    829 					$this->addNotice('user', 0, $username, 'LOGIN_FAILED', Action::NOTICE_WARN, array('name' => $username));
    830 					$user = null;
    831 				}
    832 			}
    833 		}
    834 		
    835 		if   ( ! is_object($user) )
    836 		{
    837 			switch( $conf['security']['login']['type'] )
    838 			{
    839 					
    840 				// Authorization ueber HTTP
    841 				//
    842 				case 'http':
    843 					$ok = false;
    844 		
    845 				    if	( isset($_SERVER['PHP_AUTH_USER']) )
    846 				    {
    847 				    	$this->setDefaultDb();
    848 						$ok = $this->checkLogin( $_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW'] );
    849 				    }
    850 				    
    851 					if	( ! $ok )
    852 					{
    853 						header( 'WWW-Authenticate: Basic realm="'.Startup::TITLE.' - '.\cms\base\Language::lang('HTTP_REALM').'"' );
    854 						header( 'HTTP/1.0 401 Unauthorized' );
    855 						echo 'Authorization Required!';
    856 						exit;
    857 					}
    858 					break;
    859 					
    860 				case 'form':
    861 					// Benutzer ist nicht angemeldet
    862 					$this->callSubAction( 'showlogin' ); // Anzeigen der Login-Maske
    863 					return;
    864 					break;
    865 					
    866 				default:
    867 					throw new \LogicException('Unknown auth-type: '.$conf['security']['login']['type'].'. Please check the configuration setting /security/login/type' );
    868 			}
    869 		}
    870 		
    871 		if	( $user->mustChangePassword ) 
    872 		{
    873 			$this->addNotice('user', 0, $user->name, 'PASSWORD_TIMEOUT', 'warn');
    874 			$this->callSubAction( 'changepassword' ); // Zwang, das Kennwort zu �ndern.
    875 		}
    876 
    877 		// Seite �ndert sich nur 1x pro Session
    878 		$this->lastModified( $user->loginDate );
    879 
    880 		$this->metaValues();
    881 	}
    882 
    883 
    884 
    885 	/**
    886 	 * Maske anzeigen, um Benutzer zu registrieren.
    887 	 */
    888 	function register()
    889 	{
    890 		
    891 	}
    892 
    893 	
    894 	/**
    895 	 * Registriercode erzeugen und per E-Mail dem Benutzer mitteilen.
    896 	 * Maske anzeigen, damit Benuter Registriercode anzeigen kann.
    897 	 */
    898 	public function registercode()
    899 	{
    900 		$email_address = $this->getRequestVar('mail','mail');
    901 		
    902 		if	( ! Mail::checkAddress($email_address) )
    903 		{
    904 			$this->addValidationError('mail');
    905 			$this->setTemplateVar('mail',$email_address);
    906 			$this->callSubAction('register');
    907 			return;
    908 		}
    909 		
    910 		
    911 		srand ((double)microtime()*1000003);
    912 		$registerCode = rand();
    913 		
    914 		Session::set('registerCode',$registerCode                );
    915 					
    916 		// E-Mail and die eingegebene Adresse verschicken
    917 		$mail = new Mail($email_address,
    918 		                 'register_commit_code');
    919 		$mail->setVar('code',$registerCode); // Registrierungscode als Text-Variable
    920 		
    921 		if	( $mail->send() )
    922 		{
    923 			$this->addNotice('', 0, '', 'mail_sent', Action::NOTICE_OK);
    924 		}
    925 		else
    926 		{
    927 			$this->addNotice('', 0, '', 'mail_not_sent', Action::NOTICE_ERROR, array(), $mail->error);
    928 			$this->callSubAction('register');
    929 			return;
    930 		}
    931 	}
    932 
    933 	
    934 	
    935 	public function registeruserdata()
    936 	{
    937 		$conf = Configuration::rawConfig();
    938 
    939 		Session::set('registerMail',$this->getRequestVar('mail') );
    940 		// TODO: Attribut "Password" abfragen
    941 		foreach( $conf['database'] as $dbname=>$dbconf )
    942 		{
    943 			if	( is_array($dbconf) && $dbconf['enabled'] )
    944 				$dbids[$dbname] = $dbconf['description'];
    945 		}
    946 
    947 		$this->setTemplateVar( 'dbids',$dbids );
    948 		
    949 		$db = Session::getDatabase();
    950 		if	( is_object($db) )
    951 			$this->setTemplateVar('actdbid',$db->id);
    952 		else
    953 			$this->setTemplateVar('actdbid',$conf['database']['default']);
    954 	}
    955 
    956 	
    957 	/**
    958 	 * Benutzerregistierung.
    959 	 * Benutzer hat Best�tigungscode erhalten und eingegeben.
    960 	 */
    961 	public function registercommit()
    962 	{
    963 		$conf = Configuration::rawConfig();
    964 		$this->checkForDb();
    965 
    966 		$origRegisterCode  = Session::get('registerCode');
    967 		$inputRegisterCode = $this->getRequestVar('code');
    968 		
    969 		if	( $origRegisterCode != $inputRegisterCode )
    970 		{
    971 			// Best�tigungscode stimmt nicht.
    972 			$this->addValidationError('code','code_not_match');
    973 			$this->callSubAction('registeruserdata');
    974 			return;
    975 		}
    976 
    977 		// Best�tigungscode stimmt �berein.
    978 		// Neuen Benutzer anlegen.
    979 			
    980 		if	( !$this->hasRequestVar('username') )
    981 		{
    982 			$this->addValidationError('username');
    983 			$this->callSubAction('registeruserdata');
    984 			return;
    985 		}
    986 		
    987 		$user = User::loadWithName( $this->getRequestVar('username') );
    988 		if	( $user->isValid() )
    989 		{
    990 			$this->addValidationError('username','USER_ALREADY_IN_DATABASE');
    991 			$this->callSubAction('registeruserdata');
    992 			return;
    993 		}
    994 		
    995 		if	( strlen($this->getRequestVar('password')) < $conf['security']['password']['min_length'] )
    996 		{
    997 			$this->addValidationError('password','password_minlength',array('minlength'=>$conf['security']['password']['min_length']));
    998 			$this->callSubAction('registeruserdata');
    999 			return;
   1000 		}
   1001 		
   1002 		$newUser = new User();
   1003 		$newUser->name = $this->getRequestVar('username');
   1004 		$newUser->add();
   1005 			
   1006 		$newUser->mail     = Session::get('registerMail');
   1007 		$newUser->save();
   1008 			
   1009 		$newUser->setPassword( $this->getRequestVar('password'),true );
   1010 			
   1011 		$this->addNotice('user', 0, $newUser->name, 'user_added', 'ok');
   1012 	}
   1013 
   1014 
   1015 
   1016 	/**
   1017 	 * Vergessenes Kennwort zusenden lassen.
   1018 	 */
   1019 	public function password()
   1020 	{
   1021 		$conf = Configuration::rawConfig();
   1022 		
   1023 		// TODO: Attribut "Password" abfragen
   1024 		foreach( $conf['database'] as $dbname=>$dbconf )
   1025 		{
   1026 			if	( is_array($dbconf) && $dbconf['enabled'] )
   1027 				$dbids[$dbname] = $dbconf['description'];
   1028 		}
   1029 
   1030 		$this->setTemplateVar( 'dbids',$dbids );
   1031 		
   1032 		
   1033 		$db = Session::getDatabase();
   1034 		
   1035 		if	( is_object($db) )
   1036 			$this->setTemplateVar('actdbid',$db->id);
   1037 		else
   1038 			$this->setTemplateVar('actdbid',$conf['database']['default']);
   1039 		
   1040 	}	
   1041 	
   1042 	
   1043 	/*
   1044 	function changepassword()
   1045 	{
   1046 	}
   1047 	*/
   1048 	
   1049 	
   1050 	/*
   1051 	function setnewpassword()
   1052 	{
   1053 		$oldPw  = $this->getRequestVar('password_old'  );
   1054 		$newPw1 = $this->getRequestVar('password_new_1');
   1055 		$newPw2 = $this->getRequestVar('password_new_2');
   1056 		
   1057 		if	( $newPw1 == $newPw2 )
   1058 		{
   1059 			// Aktuellen Benutzer aus der Sitzung ermitteln
   1060 			$user = $this->getUserFromSession();
   1061 			
   1062 			// Altes Kennwort pr�fen.
   1063 			$ok = $user->checkPassword( $oldPw );
   1064 			
   1065 			if	( $ok )  // Altes Kennwort ist ok.
   1066 			{
   1067 				$user->setPassword( $newPw1 ); // Setze neues Kennwort
   1068 				$user->mustChangePassword = false;
   1069 				Session::setUser($user);
   1070 				$this->addNotice('user',$user->name,'password_set','ok');
   1071 			}
   1072 			else
   1073 			{
   1074 				// Altes Kennwort falsch.
   1075 				$this->addNotice('user',$user->name,'password_error','error');
   1076 			}
   1077 		}
   1078 		else
   1079 		{
   1080 			// Beide neuen Kennw�rter stimmen nicht �berein
   1081 			$this->addNotice('user',$user->name,'passwords_not_match','error');
   1082 		}
   1083 	}
   1084 	*/
   1085 	
   1086 	
   1087 	/**
   1088 	 * Einen Kennwort-Anforderungscode an den Benutzer senden.
   1089 	 */
   1090 	public function passwordcode()
   1091 	{
   1092 		if	( !$this->hasRequestVar('username') )
   1093 		{
   1094 			$this->addValidationError('username');
   1095 			$this->callSubAction('password');
   1096 			return;
   1097 		}
   1098 		
   1099 		$this->checkForDb();
   1100 
   1101 		$user = User::loadWithName( $this->getRequestVar("username") );
   1102 
   1103 		Password::delay();
   1104 		
   1105 		//		Html::debug($user);
   1106 		if	( $user->isValid() )
   1107 		{
   1108 			srand ((double)microtime()*1000003);
   1109 			$code = rand();
   1110 			$this->setSessionVar("password_commit_code",$code);
   1111 			
   1112 			$eMail = new Mail( $user->mail,'password_commit_code' );
   1113 			$eMail->setVar('name',$user->getName());
   1114 			$eMail->setVar('code',$code);
   1115 			if	( $eMail->send() )
   1116 				$this->addNotice('user', 0, $user->getName(), 'mail_sent', Action::NOTICE_OK);
   1117 			else
   1118 				$this->addNotice('user', 0, $user->getName(), 'mail_not_sent', Action::NOTICE_ERROR, array(), $eMail->error);
   1119 			
   1120 		}
   1121 		else
   1122 		{
   1123 			//$this->addNotice('','user','username_not_found');
   1124 			// Trotzdem vort�uschen, eine E-Mail zu senden, damit die G�ltigkeit
   1125 			// eines Benutzernamens nicht von au�en gepr�ft werden kann.
   1126 			// 
   1127 			$this->addNotice('user', 0, $this->getRequestVar("username"), 'mail_sent');
   1128 		}
   1129 		
   1130 		$this->setSessionVar("password_commit_name",$user->name);
   1131 	}
   1132 
   1133 	
   1134 	
   1135 	/**
   1136 	 * Anzeige Formular zum Eingeben des Kennwort-Codes.
   1137 	 *
   1138 	 */
   1139 	public function passwordinputcode()
   1140 	{
   1141 		
   1142 	}
   1143 	
   1144 	
   1145 	/**
   1146 	 * Neues Kennwort erzeugen und dem Benutzer zusenden.
   1147 	 */
   1148 	public function passwordcommit()
   1149 	{
   1150 		$username = $this->getSessionVar("password_commit_name");
   1151 
   1152 		if	( $this->getRequestVar("code")=='' ||
   1153 			  $this->getSessionVar("password_commit_code") != $this->getRequestVar("code") )
   1154 		{
   1155 			$this->addValidationError('code','PASSWORDCODE_NOT_MATCH');
   1156 			$this->callSubAction('passwordinputcode');
   1157 		  	return;
   1158 		}
   1159 		
   1160 		$user  = User::loadWithName( $username );
   1161 			
   1162 		if	( !$user->isValid() )
   1163 		{
   1164 			// Benutzer konnte nicht geladen werden.
   1165 			$this->addNotice('user', 0, $username, 'error', Action::NOTICE_ERROR);
   1166 			return;
   1167 		}
   1168 		
   1169 		$newPw = User::createPassword(); // Neues Kennwort erzeugen.
   1170 		
   1171 		$eMail = new Mail( $user->mail,'password_new' );
   1172 		$eMail->setVar('name'    ,$user->getName());
   1173 		$eMail->setVar('password',$newPw          );
   1174 
   1175 		if	( $eMail->send() )
   1176 		{
   1177 			$user->setPassword( $newPw, false ); // Kennwort muss beim n�. Login ge�ndert werden.
   1178 			$this->addNotice('user', 0, $username, 'mail_sent', Action::NOTICE_OK);
   1179 		}
   1180 		else
   1181 		{
   1182 			// Sollte eigentlich nicht vorkommen, da der Benutzer ja auch schon den
   1183 			// Code per E-Mail erhalten hat.
   1184 			$this->addNotice('user', 0, $username, 'error', Action::NOTICE_ERROR, array(), $eMail->error);
   1185 		}
   1186 	}
   1187 	
   1188 
   1189 	/**
   1190 	 * Erzeugt eine neue Sitzung.
   1191 	 */
   1192 	private function recreateSession()
   1193 	{
   1194 		
   1195 		// PHP < 4.3.2 kennt die Funktion session_regenerate_id() nicht.
   1196 		if	( version_compare(phpversion(),"4.3.2","<") )
   1197 		{
   1198 			$randlen = 32;
   1199 			$randval = "0123456789abcdefghijklmnopqrstuvwxyz";
   1200 			$newid   = "";
   1201 			for ($i = 1; $i <= $randlen; $i++)
   1202 			{
   1203 				$newid .= substr($randval, rand(0,(strlen($randval) - 1)), 1);
   1204 			}
   1205 			session_id( $newid );
   1206 		}
   1207 		elseif( version_compare(phpversion(),"4.3.2","==") )
   1208 		{
   1209 			session_regenerate_id();
   1210 			
   1211 			// Bug in PHP 4.3.2: Session-Cookie wird nicht neu gesetzt.
   1212 			if ( ini_get("session.use_cookies") )
   1213                 $this->setCookie( session_name(),session_id() );
   1214 		}
   1215 		elseif	( version_compare(phpversion(),"5.1.0",">") )
   1216 		{
   1217 			session_regenerate_id(true);
   1218 		}
   1219 		else
   1220 		{
   1221 			// 5.1.0 > PHP >= 4.3.3
   1222 		}
   1223 	}
   1224 
   1225 	
   1226 
   1227 
   1228 	
   1229 	
   1230 	/**
   1231 	 * Ermittelt die letzten Änderungen, die durch den aktuellen Benutzer im aktuellen Projekt gemacht worden sind.
   1232 	 */
   1233 	public function userprojecttimelineView()
   1234 	{
   1235 		//$project = Session::getProject();
   1236 		//$result = $project->getMyLastChanges();
   1237 		$result = array();
   1238 		
   1239 		$this->setTemplateVar('timeline', $result);
   1240 	}
   1241 
   1242 
   1243 }
   1244 
   1245 
   1246 ?>