StartAction.class.php (31383B)
1 <?php 2 3 namespace cms\action; 4 5 use cms\base\Configuration; 6 use cms\base\Startup; 7 use cms\model\User; 8 use cms\model\Project; 9 use cms\model\Value; 10 use cms\model\Element; 11 use cms\model\Page; 12 use cms\model\BaseObject; 13 use cms\model\Language; 14 use cms\model\Model; 15 16 17 use database\Database; 18 use util\Http; 19 use logger\Logger; 20 use \security\Password; 21 use util\Session; 22 use util\Html; 23 use util\Mail; 24 25 // OpenRat Content Management System 26 // Copyright (C) 2002-2007 Jan Dankert, jandankert@jandankert.de 27 // 28 // This program is free software; you can redistribute it and/or 29 // modify it under the terms of the GNU General Public License 30 // as published by the Free Software Foundation; version 2. 31 // 32 // This program is distributed in the hope that it will be useful, 33 // but WITHOUT ANY WARRANTY; without even the implied warranty of 34 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 35 // GNU General Public License for more details. 36 // 37 // You should have received a copy of the GNU General Public License 38 // along with this program; if not, write to the Free Software 39 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 40 41 42 /** 43 * Action-Klasse fuer die Start-Action 44 * @author $Author$ 45 * @version $Revision$ 46 * @package openrat.actions 47 * @deprecated 48 */ 49 50 class StartAction extends BaseAction 51 { 52 public $security = Action::SECURITY_USER; 53 54 var $mustChangePassword = false; 55 56 function setDb( $dbid ) 57 { 58 $conf = Configuration::rawConfig(); 59 60 if ( !isset($conf['database'][$dbid] )) 61 throw new \LogicException( 'unknown DB-Id: '.$dbid ); 62 63 $db = \cms\base\DB::get(); 64 if ( is_object($db) ) 65 { 66 $db->rollback(); 67 } 68 69 $db = new Database( $conf['database'][$dbid] ); 70 $db->id = $dbid; 71 $db->start(); 72 Session::setDatabase( $db ); 73 } 74 75 76 77 function checkForDb() 78 { 79 $conf = Configuration::rawConfig(); 80 $dbid = $this->getRequestVar('dbid'); 81 82 if ( $dbid != '' ) 83 $this->setDb( $dbid ); 84 } 85 86 87 88 function setDefaultDb() 89 { 90 if ( $this->hasRequestVar(RequestParams::PARAM_DATABASE_ID) ) 91 { 92 $dbid = $this->getRequestVar(RequestParams::PARAM_DATABASE_ID); 93 } 94 else 95 { 96 $conf = Configuration::rawConfig(); 97 98 if ( !isset($conf['database']['default']) ) 99 throw new \LogicException('default-database not set'); 100 101 $dbid = $conf['database']['default']; 102 } 103 104 $this->setDb( $dbid ); 105 } 106 107 108 109 function checkLogin( $name,$pw,$pw1,$pw2 ) 110 { 111 Logger::debug( "login user $name" ); 112 113 $conf = Configuration::rawConfig(); 114 global $SESS; 115 116 unset( $SESS['user'] ); 117 118 119 $db = \cms\base\DB::get(); 120 121 if ( !$db->available ) 122 { 123 $this->addNotice('database', 0, $db->conf['description'], 'DATABASE_CONNECTION_ERROR', Action::NOTICE_ERROR, array(), array('Database Error: ' . $db->error)); 124 $this->callSubAction('showlogin'); 125 return false; 126 } 127 128 $ip = getenv("REMOTE_ADDR"); 129 130 $user = new User(); 131 $user->name = $name; 132 133 $ok = $user->checkPassword( $pw ); 134 135 $this->mustChangePassword = $user->mustChangePassword; 136 137 if ( $this->mustChangePassword ) 138 { 139 // Der Benutzer hat zwar ein richtiges Kennwort eingegeben, aber dieses ist abgelaufen. 140 // Wir versuchen hier, das neue zu setzen (sofern eingegeben). 141 if ( empty($pw1) ) 142 { 143 } 144 elseif ( $pw1 != $pw2 ) 145 { 146 $this->addValidationError('password1','PASSWORDS_DO_NOT_MATCH'); 147 $this->addValidationError('password2',''); 148 } 149 elseif ( strlen($pw2) < $conf['security']['password']['min_length'] ) 150 { 151 $this->addValidationError('password1','PASSWORD_MINLENGTH',array('minlength'=>$conf['security']['password']['min_length'])); 152 $this->addValidationError('password2',''); 153 } 154 else 155 { 156 // Kennw�rter identisch und lang genug. 157 $user->setPassword( $pw1,true ); 158 159 // Das neue Kennwort ist gesetzt, die Anmeldung ist also doch noch gelungen. 160 $ok = true; 161 $this->mustChangePassword = false; 162 $user->mustChangePassword = false; 163 } 164 } 165 166 // Falls Login erfolgreich 167 if ( $ok ) 168 { 169 // Login war erfolgreich! 170 $user->load(); 171 $user->setCurrent(); 172 Logger::info( 'login successful' ); 173 174 return true; 175 } 176 else 177 { 178 Logger::info( "login for user $name failed" ); 179 180 return false; 181 } 182 } 183 184 185 186 /** 187 * Anzeigen der Loginmaske. 188 * 189 * Es wird nur die Loginmaske angezeigt. 190 * Hier nie "304 not modified" setzen, da sonst keine 191 * Login-Fehlermeldung erscheinen kann 192 */ 193 function loginView() 194 { 195 $conf = Configuration::rawConfig(); 196 $sso = $conf['security']['sso']; 197 $ssl = $conf['security']['ssl']; 198 199 $ssl_trust = false; 200 $ssl_user_var = ''; 201 extract( $ssl, EXTR_PREFIX_ALL, 'ssl' ); 202 203 if ( $sso['enable'] ) 204 { 205 $authid = $this->getRequestVar( $sso['auth_param_name']); 206 207 if ( empty( $authid) ) 208 throw new \util\exception\SecurityException( 'no authorization data (no auth-id)'); 209 210 if ( $sso['auth_param_serialized'] ) 211 $authid = unserialize( $authid ); 212 213 $purl = parse_url($sso['url']); 214 // Verbindung zu URL herstellen. 215 $errno=0; $errstr=''; 216 $fp = fsockopen ($purl['host'],80, $errno, $errstr, 30); 217 if ( !$fp ) 218 { 219 echo "Connection failed: $errstr ($errno)"; 220 } 221 else 222 { 223 $http_get = $purl['path']; 224 if ( !empty($purl['query']) ) 225 $http_get .= '?'.$purl['query']; 226 227 $header = array(); 228 229 $header[] = "GET $http_get HTTP/1.0"; 230 $header[] ="Host: ".$purl['host']; 231 $header[] = "User-Agent: Mozilla/5.0 (OpenRat CMS Single Sign-on Check)"; 232 $header[] = "Connection: Close"; 233 234 if ( $sso['cookie'] ) 235 { 236 $cookie = 'Cookie: '; 237 if ( is_array($authid)) 238 foreach( $authid as $cookiename=>$cookievalue) 239 $cookie .= $cookiename.'='.$cookievalue."; "; 240 else 241 $cookie .= $sso['cookie_name'].'='.$authid; 242 243 $header[] = $cookie; 244 } 245 246 // Html::debug($header); 247 fputs ($fp, implode("\r\n",$header)."\r\n\r\n"); 248 249 $inhalt=array(); 250 while (!feof($fp)) { 251 $inhalt[] = fgets($fp,128); 252 } 253 fclose($fp); 254 255 $html = implode('',$inhalt); 256 // Html::debug($html); 257 if ( !preg_match($sso['expect_regexp'],$html) ) 258 throw new \util\exception\SecurityException('auth failed'); 259 $treffer=0; 260 if ( !preg_match($sso['username_regexp'],$html,$treffer) ) 261 throw new \util\exception\SecurityException('auth failed'); 262 if ( !isset($treffer[1]) ) 263 throw new \util\exception\SecurityException('authorization failed'); 264 265 $username = $treffer[1]; 266 267 // Html::debug( $treffer ); 268 $this->setDefaultDb(); 269 270 $user = User::loadWithName( $username ); 271 272 if ( ! $user->isValid( )) 273 throw new \util\exception\SecurityException('authorization failed: user not found: '.$username); 274 275 $user->setCurrent(); 276 277 $this->callSubAction('show'); 278 } 279 } 280 281 elseif ( $ssl_trust ) 282 { 283 if ( empty($ssl_user_var) ) 284 throw new \LogicException( 'please set environment variable name in ssl-configuration.' ); 285 286 $username = getenv( $ssl_user_var ); 287 288 if ( empty($username) ) 289 throw new \util\exception\SecurityException( 'no username in client certificate ('.$ssl_user_var.') (or there is no client certificate...?)' ); 290 291 $this->setDefaultDb(); 292 293 $user = User::loadWithName( $username ); 294 295 if ( !$user->isValid() ) 296 throw new \LogicException( 'unknown username: '.$username ); 297 298 $user->setCurrent(); 299 300 $this->callSubAction('show'); 301 } 302 303 foreach( $conf['database'] as $dbname=>$dbconf ) 304 { 305 if ( is_array($dbconf) && $dbconf['enabled'] ) 306 $dbids[$dbname] = array('key' =>$dbname, 307 'value'=>Text::maxLength($dbconf['description']), 308 'title'=>$dbconf['description'].' ('.$dbconf['host'].')' ); 309 } 310 311 $openid_provider = array(); 312 foreach( explode(',',$conf['security']['openid']['provider']) as $provider ) 313 $openid_provider[$provider] = Configuration::config('security','openid','provider.'.$provider.'.name'); 314 $this->setTemplateVar('openid_providers',$openid_provider); 315 $this->setTemplateVar('openid_user_identity', Configuration::config('security','openid','user_identity')); 316 //$this->setTemplateVar('openid_provider','identity'); 317 318 319 if ( empty($dbids) ) 320 $this->addNotice('', 0, '', 'no_database_configuration', Action::NOTICE_WARN); 321 322 if ( !isset($this->templateVars['login_name']) && isset($_COOKIE['or_username']) ) 323 $this->setTemplateVar('login_name',$_COOKIE['or_username']); 324 325 if ( !isset($this->templateVars['login_name']) ) 326 $this->setTemplateVar('login_name',@$conf['security']['default']['username']); 327 328 if ( $this->templateVars['login_name']== @$conf['security']['default']['username']) 329 $this->setTemplateVar('login_password',@$conf['security']['default']['password']); 330 331 $this->setTemplateVar( 'dbids',$dbids ); 332 333 $db = Session::getDatabase(); 334 if ( is_object($db) ) 335 $this->setTemplateVar('actdbid',$db->id); 336 elseif( isset($this->templateVars['actid']) ) 337 ; 338 else 339 $this->setTemplateVar('actdbid',$conf['database']['default']); 340 341 342 // Den Benutzernamen aus dem Client-Zertifikat lesen und in die Loginmaske eintragen. 343 $ssl_user_var = $conf['security']['ssl']['user_var']; 344 if ( !empty($ssl_user_var) ) 345 { 346 $username = getenv( $ssl_user_var ); 347 348 if ( empty($username) ) 349 { 350 echo \cms\base\Language::lang('ERROR_LOGIN_BROKEN_SSL_CERT'); 351 Logger::warn( 'no username in SSL client certificate (var='.$ssl_user_var.').' ); 352 exit; 353 } 354 355 // Benutzername ist in Eingabemaske unveränderlich 356 $this->setTemplateVar('force_username',$username); 357 } 358 359 $this->setTemplateVar('objectid' ,$this->getRequestVar('objectid' ,RequestParams::FILTER_NUMBER) ); 360 $this->setTemplateVar('projectid' ,$this->getRequestVar('projectid' ,RequestParams::FILTER_NUMBER) ); 361 $this->setTemplateVar('modelid' ,$this->getRequestVar('modelid' ,RequestParams::FILTER_NUMBER) ); 362 $this->setTemplateVar('languageid',$this->getRequestVar('languageid',RequestParams::FILTER_NUMBER) ); 363 364 $this->setTemplateVar('register' ,$conf['login' ]['register' ]); 365 $this->setTemplateVar('send_password',$conf['login' ]['send_password']); 366 } 367 368 369 370 /** 371 * Setzt die neue Projekt-Id und lädt die Workbench neu. 372 * 373 */ 374 public function projectmenuPost() 375 { 376 377 $this->evaluateRequestVars( array('projectid'=>$this->getRequestId()) ); 378 } 379 380 381 /** 382 * Erzeugt ein Projekt-Auswahlmenue. 383 */ 384 public function projectmenuView() 385 { 386 $user = Session::getUser(); 387 388 if ( $user->mustChangePassword ) 389 { 390 $this->addNotice('user', 0, $user->name, 'PASSWORD_TIMEOUT', 'warn'); 391 $this->callSubAction( 'changepassword' ); // Zwang, das Kennwort zu �ndern. 392 } 393 394 395 // Diese Seite gilt pro Sitzung. 396 //$this->lastModified( $user->loginDate ); 397 398 // Projekte ermitteln 399 $projects = $user->getReadableProjects(); 400 401 $list = array(); 402 403 foreach( $projects as $id=>$name ) 404 { 405 $p = array(); 406 $p['url' ] = Html::url('start','project',$id); 407 $p['name'] = $name; 408 $p['id' ] = $id; 409 410 $tmpProject = new Project( $id ); 411 $p['defaultmodelid' ] = $tmpProject->getDefaultModelId(); 412 $p['defaultlanguageid'] = $tmpProject->getDefaultLanguageId(); 413 $p['models' ] = $tmpProject->getModels(); 414 $p['languages' ] = $tmpProject->getLanguages(); 415 416 $list[] = $p; 417 } 418 419 $this->setTemplateVar('projects',$list); 420 421 if ( empty($list) ) 422 { 423 // Kein Projekt vorhanden. Eine Hinweismeldung ausgeben. 424 if ( $this->userIsAdmin() ) 425 // Administratoren bekommen bescheid, dass sie ein Projekt anlegen sollen 426 $this->addNotice('', 0, '', 'ADMIN_NO_PROJECTS_AVAILABLE', Action::NOTICE_WARN); 427 else 428 // Normale Benutzer erhalten eine Meldung, dass kein Projekt zur Verf�gung steht 429 $this->addNotice('', 0, '', 'NO_PROJECTS_AVAILABLE', Action::NOTICE_WARN); 430 } 431 432 //$this->metaValues(); 433 } 434 435 436 437 /** 438 * Erzeugt eine Anwendungsliste. 439 */ 440 public function applicationsView() 441 { 442 $conf = Configuration::rawConfig(); 443 444 // Diese Seite gilt pro Sitzung. 445 $user = Session::getUser(); 446 $userGroups = $user->getGroups(); 447 $this->lastModified( $user->loginDate ); 448 449 // Applikationen ermitteln 450 $list = array(); 451 foreach( $conf['applications'] as $id=>$app ) 452 { 453 if ( !is_array($app) ) 454 continue; 455 456 if ( isset($app['group']) ) 457 if ( !in_array($app['group'],$userGroups) ) 458 continue; // Keine Berechtigung, da Benutzer nicht in Gruppe vorhanden. 459 460 $p = array(); 461 $p['url'] = $app['url']; 462 $p['description'] = @$app['description']; 463 if ( isset($app['param']) ) 464 { 465 $p['url'] .= strpos($p['url'],'?')!==false?'&':'?'; 466 $p['url'] .= $app['param'].'='.session_id(); 467 } 468 $p['name'] = $app['name']; 469 470 $list[] = $p; 471 } 472 473 474 $this->setTemplateVar('applications',$list); 475 } 476 477 478 479 /** 480 * Open-Id Login, �berpr�fen der Anmeldung.<br> 481 * Spezifikation: http://openid.net/specs/openid-authentication-1_1.html<br> 482 * Kapitel "4.4. check_authentication"<br> 483 * <br> 484 * Im 2. Schritt (Mode "id_res") erfolgte ein Redirect vom Open-Id Provider an OpenRat zur�ck.<br> 485 * Wir befinden uns nun im darauf folgenden Request des Browsers.<br> 486 * <br> 487 * Es muss noch beim OpenId-Provider die Best�tigung eingeholt werden, danach ist der 488 * Benutzer angemeldet.<br> 489 */ 490 function openid() 491 { 492 $conf = Configuration::rawConfig(); 493 $openId = Session::get('openid'); 494 495 if ( !$openId->checkAuthentication() ) 496 { 497 $this->addNotice('user', 0, $openId->user, 'LOGIN_OPENID_FAILED', Action::NOTICE_ERROR, array('name' => $openId->user), array($openId->error)); 498 $this->addValidationError('openid_url',''); 499 $this->callSubAction('showlogin'); 500 return; 501 } 502 503 //Html::debug($openId); 504 505 // Anmeldung wurde mit "is_valid:true" best�tigt. 506 // Der Benutzer ist jetzt eingeloggt. 507 $username = $openId->getUserFromIdentiy(); 508 509 if ( empty($username) ) 510 { 511 // Es konnte kein Benutzername ermittelt werden. 512 $this->addNotice('user', 0, $username, 'LOGIN_OPENID_FAILED', 'error', array('name' => $username)); 513 $this->addValidationError('openid_url',''); 514 $this->callSubAction('showlogin'); 515 return; 516 } 517 518 $user = User::loadWithName( $username ); 519 520 if ( $user->userid <=0) 521 { 522 // Benutzer ist (noch) nicht vorhanden. 523 if ( $conf['security']['openid']['add']) // Anlegen? 524 { 525 $user->name = $username; 526 $user->add(); 527 528 $user->mail = $openId->info['email']; 529 $user->fullname = $openId->info['fullname']; 530 $user->save(); // Um E-Mail zu speichern (wird bei add() nicht gemacht) 531 } 532 else 533 { 534 // Benutzer ist nicht in Benutzertabelle vorhanden (und angelegt werden soll er auch nicht). 535 $this->addNotice('user', 0, $username, 'LOGIN_OPENID_FAILED', 'error', array('name' => $username)); 536 $this->addValidationError('openid_url',''); 537 $this->callSubAction('showlogin'); 538 return; 539 } 540 } 541 else 542 { 543 // Benutzer ist bereits vorhanden. 544 if ( @$conf['security']['openid']['update_user']) 545 { 546 $user->fullname = $openId->info['fullname']; 547 $user->mail = $openId->info['email']; 548 $user->save(); 549 } 550 } 551 552 $user->setCurrent(); // Benutzer ist jetzt in der Sitzung. 553 } 554 555 556 /** 557 * Login. 558 */ 559 function loginPost() 560 { 561 $conf = Configuration::rawConfig(); 562 563 $this->checkForDb(); 564 Session::setUser(''); 565 566 if ( $conf['login']['nologin'] ) 567 throw new \util\exception\SecurityException('login disabled'); 568 569 $openid_user = $this->getRequestVar('openid_url' ); 570 $loginName = $this->getRequestVar('login_name' ,RequestParams::FILTER_ALPHANUM); 571 $loginPassword = $this->getRequestVar('login_password',RequestParams::FILTER_ALPHANUM); 572 $newPassword1 = $this->getRequestVar('password1' ,RequestParams::FILTER_ALPHANUM); 573 $newPassword2 = $this->getRequestVar('password2' ,RequestParams::FILTER_ALPHANUM); 574 575 // Cookie setzen 576 $this->setCookie('or_username',$loginName ); 577 578 // Login mit Open-Id. 579 if ( $this->hasRequestVar('openid_provider') && ($this->getRequestVar('openid_provider') != 'identity' || !empty($openid_user)) ) 580 { 581 $openId = new OpenId($this->getRequestVar('openid_provider'),$openid_user); 582 583 if ( ! $openId->login() ) 584 { 585 $this->addNotice('user', 0, $openid_user, 'LOGIN_OPENID_FAILED', 'error', array('name' => $openid_user), array($openId->error)); 586 $this->addValidationError('openid_url',''); 587 $this->callSubAction('showlogin'); 588 return; 589 } 590 591 Session::set('openid',$openId); 592 $openId->redirect(); 593 } 594 595 596 // Ermitteln, ob der Baum angezeigt werden soll 597 // Ist die Breite zu klein, dann wird der Baum nicht angezeigt 598 Session::set('showtree',intval($this->getRequestVar('screenwidth')) > $conf['interface']['min_width'] ); 599 600 $loginOk = $this->checkLogin( $loginName, 601 $loginPassword, 602 $newPassword1, 603 $newPassword2 ); 604 605 usleep(hexdec(Password::randomHexString(1))); // delay: 0-255 ms 606 607 if ( !$loginOk ) 608 { 609 610 if ( $this->mustChangePassword ) 611 { 612 // Anmeldung gescheitert, Benutzer muss Kennwort �ndern. 613 $this->addNotice('user', 0, $loginName, 'LOGIN_FAILED_MUSTCHANGEPASSWORD', 'error'); 614 $this->addValidationError('password1',''); 615 $this->addValidationError('password2',''); 616 } 617 else 618 { 619 // Anmeldung gescheitert. 620 $this->addNotice('user', 0, $loginName, 'LOGIN_FAILED', 'error', array('name' => $loginName)); 621 $this->addValidationError('login_name' ,''); 622 $this->addValidationError('login_password',''); 623 } 624 625 Logger::debug("Login failed for user '$loginName'"); 626 627 $this->callSubAction('login'); 628 return; 629 } 630 else 631 { 632 Logger::debug("Login successful for user '$loginName'"); 633 634 // Anmeldung erfolgreich. 635 if ( Configuration::config('security','renew_session_login') ) 636 $this->recreateSession(); 637 638 $user = Session::getUser(); 639 $this->addNotice('user', 0, $user->name, 'LOGIN_OK', Action::NOTICE_OK, array('name' => $user->fullname)); 640 } 641 642 // Benutzer ist angemeldet 643 } 644 645 646 /** 647 * Benutzer meldet sich ab. 648 */ 649 function logoutPost() 650 { 651 $conf = Configuration::rawConfig(); 652 653 $user = Session::getUser(); 654 if ( is_object($user) ) 655 $this->setTemplateVar('login_username',$user->name); 656 657 if ( Configuration::subset('security')->is('renew_session_logout',false) ) 658 $this->recreateSession(); 659 660 session_unset(); 661 662 if ( @$conf['theme']['compiler']['compile_at_logout'] ) 663 { 664 foreach( $conf['action'] as $actionName => $actionConfig ) 665 { 666 foreach( $actionConfig as $subActionName=>$subaction ) 667 { 668 if ( is_array($subaction) && 669 !isset($subaction['goto' ]) && 670 !isset($subaction['direct']) && 671 !isset($subaction['action']) && 672 !isset($subaction['alias' ]) && 673 $subActionName != 'menu' ) 674 { 675 $engine = new template_engine\TemplateEngine(); 676 $engine->compile( strtolower(str_replace('Action','',$actionName)).'/'.$subActionName); 677 } 678 } 679 } 680 } 681 682 // Umleiten auf eine definierte URL.s 683 $redirect_url = @$conf['security']['logout']['redirect_url']; 684 685 if ( !empty($redirect_url) ) 686 { 687 header('Location: '.$redirect_url); 688 exit; 689 } 690 } 691 692 693 694 /** 695 * Benutzer meldet sich ab. 696 */ 697 function logoutView() 698 { 699 } 700 701 702 /** 703 * Ausw�hlen der Administration. 704 */ 705 function administrationPost() 706 { 707 } 708 709 710 711 /** 712 * Auswaehlen des Benutzer-Profiles. 713 */ 714 function profilePost() 715 { 716 } 717 718 719 720 /** 721 * Auswaehlen der Startseite. 722 */ 723 function startPost() 724 { 725 } 726 727 728 729 function project() 730 { 731 $user = Session::getUser(); 732 if ( ! is_object($user) ) 733 { 734 $this->callSubAction('show'); 735 return; 736 } 737 738 $this->evaluateRequestVars( array('projectid'=>$this->getRequestId()) ); 739 740 Session::setUser( $user ); 741 } 742 743 744 function object() 745 { 746 $user = Session::getUser(); 747 if ( ! is_object($user) ) 748 { 749 $this->callSubAction('show'); 750 return; 751 } 752 753 $this->evaluateRequestVars( array('objectid'=>$this->getRequestId()) ); 754 755 Session::setUser( $user ); 756 } 757 758 759 function languagePost() 760 { 761 $user = Session::getUser(); 762 if ( ! is_object($user) ) 763 { 764 throw new \LogicException('No user in session'); 765 return; 766 } 767 768 $this->evaluateRequestVars( array(RequestParams::PARAM_LANGUAGE_ID=>$this->getRequestId()) ); 769 } 770 771 772 function modelPost() 773 { 774 $user = Session::getUser(); 775 if ( ! is_object($user) ) 776 { 777 $this->callSubAction('show'); 778 return; 779 } 780 781 $this->evaluateRequestVars( array(RequestParams::PARAM_MODEL_ID=>$this->getRequestId()) ); 782 } 783 784 785 /** 786 * Auswerten der Request-Variablen. 787 */ 788 private function evaluateRequestVars( $add = array() ) 789 { 790 } 791 792 793 function switchuser() 794 { 795 $user = Session::getUser(); 796 797 if ( ! $user->isAdmin ) 798 throw new \util\exception\SecurityException(""); 799 800 $this->recreateSession(); 801 802 $newUser = new User( $this->getRequestId() ); 803 $newUser->load(); 804 805 $newUser->setCurrent(); 806 } 807 808 809 function showView() 810 { 811 $conf = Configuration::rawConfig(); 812 global $PHP_AUTH_USER; 813 global $PHP_AUTH_PW; 814 815 $user = Session::getUser(); 816 // Gast-Login 817 if ( ! is_object($user) ) 818 { 819 if ( $conf['security']['guest']['enable'] ) 820 { 821 $this->setDefaultDb(); 822 $username = $conf['security']['guest']['user']; 823 $user = User::loadWithName($username); 824 if ( $user->userid > 0 ) 825 $user->setCurrent(); 826 else 827 { 828 Logger::warn('Guest login failed, user not found: '.$username); 829 $this->addNotice('user', 0, $username, 'LOGIN_FAILED', Action::NOTICE_WARN, array('name' => $username)); 830 $user = null; 831 } 832 } 833 } 834 835 if ( ! is_object($user) ) 836 { 837 switch( $conf['security']['login']['type'] ) 838 { 839 840 // Authorization ueber HTTP 841 // 842 case 'http': 843 $ok = false; 844 845 if ( isset($_SERVER['PHP_AUTH_USER']) ) 846 { 847 $this->setDefaultDb(); 848 $ok = $this->checkLogin( $_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW'] ); 849 } 850 851 if ( ! $ok ) 852 { 853 header( 'WWW-Authenticate: Basic realm="'.Startup::TITLE.' - '.\cms\base\Language::lang('HTTP_REALM').'"' ); 854 header( 'HTTP/1.0 401 Unauthorized' ); 855 echo 'Authorization Required!'; 856 exit; 857 } 858 break; 859 860 case 'form': 861 // Benutzer ist nicht angemeldet 862 $this->callSubAction( 'showlogin' ); // Anzeigen der Login-Maske 863 return; 864 break; 865 866 default: 867 throw new \LogicException('Unknown auth-type: '.$conf['security']['login']['type'].'. Please check the configuration setting /security/login/type' ); 868 } 869 } 870 871 if ( $user->mustChangePassword ) 872 { 873 $this->addNotice('user', 0, $user->name, 'PASSWORD_TIMEOUT', 'warn'); 874 $this->callSubAction( 'changepassword' ); // Zwang, das Kennwort zu �ndern. 875 } 876 877 // Seite �ndert sich nur 1x pro Session 878 $this->lastModified( $user->loginDate ); 879 880 $this->metaValues(); 881 } 882 883 884 885 /** 886 * Maske anzeigen, um Benutzer zu registrieren. 887 */ 888 function register() 889 { 890 891 } 892 893 894 /** 895 * Registriercode erzeugen und per E-Mail dem Benutzer mitteilen. 896 * Maske anzeigen, damit Benuter Registriercode anzeigen kann. 897 */ 898 public function registercode() 899 { 900 $email_address = $this->getRequestVar('mail','mail'); 901 902 if ( ! Mail::checkAddress($email_address) ) 903 { 904 $this->addValidationError('mail'); 905 $this->setTemplateVar('mail',$email_address); 906 $this->callSubAction('register'); 907 return; 908 } 909 910 911 srand ((double)microtime()*1000003); 912 $registerCode = rand(); 913 914 Session::set('registerCode',$registerCode ); 915 916 // E-Mail and die eingegebene Adresse verschicken 917 $mail = new Mail($email_address, 918 'register_commit_code'); 919 $mail->setVar('code',$registerCode); // Registrierungscode als Text-Variable 920 921 if ( $mail->send() ) 922 { 923 $this->addNotice('', 0, '', 'mail_sent', Action::NOTICE_OK); 924 } 925 else 926 { 927 $this->addNotice('', 0, '', 'mail_not_sent', Action::NOTICE_ERROR, array(), $mail->error); 928 $this->callSubAction('register'); 929 return; 930 } 931 } 932 933 934 935 public function registeruserdata() 936 { 937 $conf = Configuration::rawConfig(); 938 939 Session::set('registerMail',$this->getRequestVar('mail') ); 940 // TODO: Attribut "Password" abfragen 941 foreach( $conf['database'] as $dbname=>$dbconf ) 942 { 943 if ( is_array($dbconf) && $dbconf['enabled'] ) 944 $dbids[$dbname] = $dbconf['description']; 945 } 946 947 $this->setTemplateVar( 'dbids',$dbids ); 948 949 $db = Session::getDatabase(); 950 if ( is_object($db) ) 951 $this->setTemplateVar('actdbid',$db->id); 952 else 953 $this->setTemplateVar('actdbid',$conf['database']['default']); 954 } 955 956 957 /** 958 * Benutzerregistierung. 959 * Benutzer hat Best�tigungscode erhalten und eingegeben. 960 */ 961 public function registercommit() 962 { 963 $conf = Configuration::rawConfig(); 964 $this->checkForDb(); 965 966 $origRegisterCode = Session::get('registerCode'); 967 $inputRegisterCode = $this->getRequestVar('code'); 968 969 if ( $origRegisterCode != $inputRegisterCode ) 970 { 971 // Best�tigungscode stimmt nicht. 972 $this->addValidationError('code','code_not_match'); 973 $this->callSubAction('registeruserdata'); 974 return; 975 } 976 977 // Best�tigungscode stimmt �berein. 978 // Neuen Benutzer anlegen. 979 980 if ( !$this->hasRequestVar('username') ) 981 { 982 $this->addValidationError('username'); 983 $this->callSubAction('registeruserdata'); 984 return; 985 } 986 987 $user = User::loadWithName( $this->getRequestVar('username') ); 988 if ( $user->isValid() ) 989 { 990 $this->addValidationError('username','USER_ALREADY_IN_DATABASE'); 991 $this->callSubAction('registeruserdata'); 992 return; 993 } 994 995 if ( strlen($this->getRequestVar('password')) < $conf['security']['password']['min_length'] ) 996 { 997 $this->addValidationError('password','password_minlength',array('minlength'=>$conf['security']['password']['min_length'])); 998 $this->callSubAction('registeruserdata'); 999 return; 1000 } 1001 1002 $newUser = new User(); 1003 $newUser->name = $this->getRequestVar('username'); 1004 $newUser->add(); 1005 1006 $newUser->mail = Session::get('registerMail'); 1007 $newUser->save(); 1008 1009 $newUser->setPassword( $this->getRequestVar('password'),true ); 1010 1011 $this->addNotice('user', 0, $newUser->name, 'user_added', 'ok'); 1012 } 1013 1014 1015 1016 /** 1017 * Vergessenes Kennwort zusenden lassen. 1018 */ 1019 public function password() 1020 { 1021 $conf = Configuration::rawConfig(); 1022 1023 // TODO: Attribut "Password" abfragen 1024 foreach( $conf['database'] as $dbname=>$dbconf ) 1025 { 1026 if ( is_array($dbconf) && $dbconf['enabled'] ) 1027 $dbids[$dbname] = $dbconf['description']; 1028 } 1029 1030 $this->setTemplateVar( 'dbids',$dbids ); 1031 1032 1033 $db = Session::getDatabase(); 1034 1035 if ( is_object($db) ) 1036 $this->setTemplateVar('actdbid',$db->id); 1037 else 1038 $this->setTemplateVar('actdbid',$conf['database']['default']); 1039 1040 } 1041 1042 1043 /* 1044 function changepassword() 1045 { 1046 } 1047 */ 1048 1049 1050 /* 1051 function setnewpassword() 1052 { 1053 $oldPw = $this->getRequestVar('password_old' ); 1054 $newPw1 = $this->getRequestVar('password_new_1'); 1055 $newPw2 = $this->getRequestVar('password_new_2'); 1056 1057 if ( $newPw1 == $newPw2 ) 1058 { 1059 // Aktuellen Benutzer aus der Sitzung ermitteln 1060 $user = $this->getUserFromSession(); 1061 1062 // Altes Kennwort pr�fen. 1063 $ok = $user->checkPassword( $oldPw ); 1064 1065 if ( $ok ) // Altes Kennwort ist ok. 1066 { 1067 $user->setPassword( $newPw1 ); // Setze neues Kennwort 1068 $user->mustChangePassword = false; 1069 Session::setUser($user); 1070 $this->addNotice('user',$user->name,'password_set','ok'); 1071 } 1072 else 1073 { 1074 // Altes Kennwort falsch. 1075 $this->addNotice('user',$user->name,'password_error','error'); 1076 } 1077 } 1078 else 1079 { 1080 // Beide neuen Kennw�rter stimmen nicht �berein 1081 $this->addNotice('user',$user->name,'passwords_not_match','error'); 1082 } 1083 } 1084 */ 1085 1086 1087 /** 1088 * Einen Kennwort-Anforderungscode an den Benutzer senden. 1089 */ 1090 public function passwordcode() 1091 { 1092 if ( !$this->hasRequestVar('username') ) 1093 { 1094 $this->addValidationError('username'); 1095 $this->callSubAction('password'); 1096 return; 1097 } 1098 1099 $this->checkForDb(); 1100 1101 $user = User::loadWithName( $this->getRequestVar("username") ); 1102 1103 Password::delay(); 1104 1105 // Html::debug($user); 1106 if ( $user->isValid() ) 1107 { 1108 srand ((double)microtime()*1000003); 1109 $code = rand(); 1110 $this->setSessionVar("password_commit_code",$code); 1111 1112 $eMail = new Mail( $user->mail,'password_commit_code' ); 1113 $eMail->setVar('name',$user->getName()); 1114 $eMail->setVar('code',$code); 1115 if ( $eMail->send() ) 1116 $this->addNotice('user', 0, $user->getName(), 'mail_sent', Action::NOTICE_OK); 1117 else 1118 $this->addNotice('user', 0, $user->getName(), 'mail_not_sent', Action::NOTICE_ERROR, array(), $eMail->error); 1119 1120 } 1121 else 1122 { 1123 //$this->addNotice('','user','username_not_found'); 1124 // Trotzdem vort�uschen, eine E-Mail zu senden, damit die G�ltigkeit 1125 // eines Benutzernamens nicht von au�en gepr�ft werden kann. 1126 // 1127 $this->addNotice('user', 0, $this->getRequestVar("username"), 'mail_sent'); 1128 } 1129 1130 $this->setSessionVar("password_commit_name",$user->name); 1131 } 1132 1133 1134 1135 /** 1136 * Anzeige Formular zum Eingeben des Kennwort-Codes. 1137 * 1138 */ 1139 public function passwordinputcode() 1140 { 1141 1142 } 1143 1144 1145 /** 1146 * Neues Kennwort erzeugen und dem Benutzer zusenden. 1147 */ 1148 public function passwordcommit() 1149 { 1150 $username = $this->getSessionVar("password_commit_name"); 1151 1152 if ( $this->getRequestVar("code")=='' || 1153 $this->getSessionVar("password_commit_code") != $this->getRequestVar("code") ) 1154 { 1155 $this->addValidationError('code','PASSWORDCODE_NOT_MATCH'); 1156 $this->callSubAction('passwordinputcode'); 1157 return; 1158 } 1159 1160 $user = User::loadWithName( $username ); 1161 1162 if ( !$user->isValid() ) 1163 { 1164 // Benutzer konnte nicht geladen werden. 1165 $this->addNotice('user', 0, $username, 'error', Action::NOTICE_ERROR); 1166 return; 1167 } 1168 1169 $newPw = User::createPassword(); // Neues Kennwort erzeugen. 1170 1171 $eMail = new Mail( $user->mail,'password_new' ); 1172 $eMail->setVar('name' ,$user->getName()); 1173 $eMail->setVar('password',$newPw ); 1174 1175 if ( $eMail->send() ) 1176 { 1177 $user->setPassword( $newPw, false ); // Kennwort muss beim n�. Login ge�ndert werden. 1178 $this->addNotice('user', 0, $username, 'mail_sent', Action::NOTICE_OK); 1179 } 1180 else 1181 { 1182 // Sollte eigentlich nicht vorkommen, da der Benutzer ja auch schon den 1183 // Code per E-Mail erhalten hat. 1184 $this->addNotice('user', 0, $username, 'error', Action::NOTICE_ERROR, array(), $eMail->error); 1185 } 1186 } 1187 1188 1189 /** 1190 * Erzeugt eine neue Sitzung. 1191 */ 1192 private function recreateSession() 1193 { 1194 1195 // PHP < 4.3.2 kennt die Funktion session_regenerate_id() nicht. 1196 if ( version_compare(phpversion(),"4.3.2","<") ) 1197 { 1198 $randlen = 32; 1199 $randval = "0123456789abcdefghijklmnopqrstuvwxyz"; 1200 $newid = ""; 1201 for ($i = 1; $i <= $randlen; $i++) 1202 { 1203 $newid .= substr($randval, rand(0,(strlen($randval) - 1)), 1); 1204 } 1205 session_id( $newid ); 1206 } 1207 elseif( version_compare(phpversion(),"4.3.2","==") ) 1208 { 1209 session_regenerate_id(); 1210 1211 // Bug in PHP 4.3.2: Session-Cookie wird nicht neu gesetzt. 1212 if ( ini_get("session.use_cookies") ) 1213 $this->setCookie( session_name(),session_id() ); 1214 } 1215 elseif ( version_compare(phpversion(),"5.1.0",">") ) 1216 { 1217 session_regenerate_id(true); 1218 } 1219 else 1220 { 1221 // 5.1.0 > PHP >= 4.3.3 1222 } 1223 } 1224 1225 1226 1227 1228 1229 1230 /** 1231 * Ermittelt die letzten Änderungen, die durch den aktuellen Benutzer im aktuellen Projekt gemacht worden sind. 1232 */ 1233 public function userprojecttimelineView() 1234 { 1235 //$project = Session::getProject(); 1236 //$result = $project->getMyLastChanges(); 1237 $result = array(); 1238 1239 $this->setTemplateVar('timeline', $result); 1240 } 1241 1242 1243 } 1244 1245 1246 ?>