2 // +----------------------------------------------------------------------+
3 // | Anuko Time Tracker
4 // +----------------------------------------------------------------------+
5 // | Copyright (c) Anuko International Ltd. (https://www.anuko.com)
6 // +----------------------------------------------------------------------+
7 // | LIBERAL FREEWARE LICENSE: This source code document may be used
8 // | by anyone for any purpose, and freely redistributed alone or in
9 // | combination with other software, provided that the license is obeyed.
11 // | There are only two ways to violate the license:
13 // | 1. To redistribute this code in source form, with the copyright
14 // | notice or license removed or altered. (Distributing in compiled
15 // | forms without embedded copyright notices is permitted).
17 // | 2. To redistribute modified versions of this code in *any* form
18 // | that bears insufficient indications that the modifications are
19 // | not the work of the original author(s).
21 // | This license applies to this document only, not any other software
22 // | that it may be combined with.
24 // +----------------------------------------------------------------------+
26 // | https://www.anuko.com/time_tracker/credits.htm
27 // +----------------------------------------------------------------------+
31 // isAuthenticated - checks authentication status for user.
32 function isAuthenticated() {
33 if (isset($_SESSION['authenticated'])) {
34 // This check does not work properly because we are not getting here. Need to improve.
35 // if (!isset($_COOKIE['tt_login'])) {
36 // die ("Your browser's cookie functionality is turned off. Please turn it on.");
39 $GLOBALS['SMARTY']->assign('authenticated', true); // Used in header.tpl for menu display.
42 session_write_close();
47 * authenticate - main function for authentication. Returns an array with 'login' key set to login
48 * and other values depending on the underlying authentication module.
49 * Returns false if error. For actual implementation see classes in WEB-INF/lib/auth/.
51 function authenticate($login, $password)
56 // isPasswordExternal - returns true if actual password is not stored in the internal DB.
57 function isPasswordExternal()
62 // doLogin - perfoms a login procedure.
63 function doLogin($login, $password) {
64 $auth = $this->authenticate($login, $password);
66 if (defined('AUTH_DEBUG') && isTrue(AUTH_DEBUG)) {
67 echo '<br>'; var_dump($auth); echo '<br />';
73 $login = $auth['login'];
75 $mdb2 = getConnection();
76 $sql = "SELECT id FROM tt_users WHERE login = ".$mdb2->quote($login)." AND status = 1";
77 $res = $mdb2->query($sql);
78 if (is_a($res, 'PEAR_Error')) {
79 if (defined('AUTH_DEBUG') && isTrue(AUTH_DEBUG))
80 echo 'db error!<br />';
83 $val = $res->fetchRow();
85 if (defined('AUTH_DEBUG') && isTrue(AUTH_DEBUG))
86 echo 'login "'.$login.'" does not exist in Time Tracker database.<br />';
90 $this->setAuth($val['id'], $login);
94 // doLogout - clears logon data from session.
96 unset($_SESSION['authenticated']);
97 unset($_SESSION['authenticated_user_id']);
98 unset($_SESSION['login']);
101 // setAuth - stores authorization data in session.
102 function setAuth($userid, $username) {
103 $_SESSION['authenticated'] = true;
104 $_SESSION['authenticated_user_id'] = $userid; // NOTE: using "user_id" instead of "authenticated_user_id" gets us in trouble
105 // with older PHP when register_globals = On. What happens is that any time we set
106 // $user_id variable in script, $_SESSION['user_id'] is also changed automatically.
107 $_SESSION['login'] = $username;
110 // getUserLogin - retrieves user login from session.
111 function getUserLogin() {
112 return $_SESSION['login'];
115 // getUserId - retrieves user ID from session.
116 function getUserId() {
117 if (isset($_SESSION['authenticated_user_id']))
118 return $_SESSION['authenticated_user_id'];
123 static function &factory($module, $params = array())
125 import('auth.Auth_'.$module);
126 $class = 'Auth_' . $module;
127 if (class_exists($class)) {
128 $new_class = new $class($params);
131 die('Class '.$class.' not found');