2 // +----------------------------------------------------------------------+
3 // | Anuko Time Tracker
4 // +----------------------------------------------------------------------+
5 // | Copyright (c) Anuko International Ltd. (https://www.anuko.com)
6 // +----------------------------------------------------------------------+
7 // | LIBERAL FREEWARE LICENSE: This source code document may be used
8 // | by anyone for any purpose, and freely redistributed alone or in
9 // | combination with other software, provided that the license is obeyed.
11 // | There are only two ways to violate the license:
13 // | 1. To redistribute this code in source form, with the copyright
14 // | notice or license removed or altered. (Distributing in compiled
15 // | forms without embedded copyright notices is permitted).
17 // | 2. To redistribute modified versions of this code in *any* form
18 // | that bears insufficient indications that the modifications are
19 // | not the work of the original author(s).
21 // | This license applies to this document only, not any other software
22 // | that it may be combined with.
24 // +----------------------------------------------------------------------+
26 // | https://www.anuko.com/time_tracker/credits.htm
27 // +----------------------------------------------------------------------+
31 // isAuthenticated - checks authentication status for user.
32 function isAuthenticated() {
33 if (isset($_SESSION['authenticated'])) {
34 // This check does not work properly because we are not getting here. Need to improve.
35 // if (!isset($_COOKIE['tt_login'])) {
36 // die ("Your browser's cookie functionality is turned off. Please turn it on.");
40 $smarty->assign('authenticated', true); // Used in header.tpl for menu display.
43 session_write_close();
48 * authenticate - main function for authentication. Returns an array with 'login' key set to login
49 * and other values depending on the underlying authentication module.
50 * Returns false if error. For actual implementation see classes in WEB-INF/lib/auth/.
52 function authenticate($login, $password)
57 // isPasswordExternal - returns true if actual password is not stored in the internal DB.
58 function isPasswordExternal()
63 // doLogin - perfoms a login procedure.
64 function doLogin($login, $password) {
65 $auth = $this->authenticate($login, $password);
67 if (isTrue('DEBUG')) {
68 echo '<br>'; var_dump($auth); echo '<br />';
74 $login = $auth['login'];
76 $mdb2 = getConnection();
77 $sql = "SELECT id FROM tt_users WHERE login = ".$mdb2->quote($login)." AND status = 1";
78 $res = $mdb2->query($sql);
79 if (is_a($res, 'PEAR_Error')) {
81 echo 'db error!<br />';
84 $val = $res->fetchRow();
87 echo 'login "'.$login.'" does not exist in Time Tracker database.<br />';
91 $this->setAuth($val['id'], $login);
95 // doLogout - clears logon data from session.
97 unset($_SESSION['authenticated']);
98 unset($_SESSION['authenticated_user_id']);
99 unset($_SESSION['login']);
102 // setAuth - stores authorization data in session.
103 function setAuth($userid, $username) {
104 $_SESSION['authenticated'] = true;
105 $_SESSION['authenticated_user_id'] = $userid; // NOTE: using "user_id" instead of "authenticated_user_id" gets us in trouble
106 // with older PHP when register_globals = On. What happens is that any time we set
107 // $user_id variable in script, $_SESSION['user_id'] is also changed automatically.
108 $_SESSION['login'] = $username;
111 // getUserLogin - retrieves user login from session.
112 function getUserLogin() {
113 return $_SESSION['login'];
116 // getUserId - retrieves user ID from session.
117 function getUserId() {
118 if (isset($_SESSION['authenticated_user_id']))
119 return $_SESSION['authenticated_user_id'];
124 static function &factory($module, $params = array())
126 import('auth.Auth_'.$module);
127 $class = 'Auth_' . $module;
128 if (class_exists($class)) {
129 $new_class = new $class($params);
132 die('Class '.$class.' not found');