is a web application for booking meeting rooms or other resources (using PHP and MySQL/pgsql).
| Auth.php (mrbs-1.9.4) | : | Auth.php (mrbs-1.10.0) |
|---|
| <?php | | <?php |
| namespace MRBS\Auth; | | namespace MRBS\Auth; |
| | |
| use \MRBS\User; | | use \MRBS\User; |
|
| | use function MRBS\get_registrants; |
| | use function MRBS\get_sortable_name; |
| | use function MRBS\strcasecmp_locale; |
| | |
| abstract class Auth | | abstract class Auth |
| { | | { |
|
| public function getUser($username) | | /* validateUser($user, $pass) |
| | * |
| | * Checks if the specified username/password pair are valid |
| | * |
| | * $user - The user name |
| | * $pass - The password |
| | * |
| | * Returns: |
| | * false - The pair are invalid or do not exist |
| | * string - The validated username |
| | */ |
| | abstract public function validateUser(?string $user, ?string $pass); |
| | |
| | public function getUser(string $username) : ?User |
| { | | { |
| $user = new User($username); | | $user = new User($username); |
| $user->display_name = $username; | | $user->display_name = $username; |
| $user->level = $this->getDefaultLevel($username); | | $user->level = $this->getDefaultLevel($username); |
| $user->email = $this->getDefaultEmail($username); | | $user->email = $this->getDefaultEmail($username); |
| | |
| return $user; | | return $user; |
| } | | } |
| | |
| // Checks whether validation of a user by email address is possible and allowe
d. | | // Checks whether validation of a user by email address is possible and allowe
d. |
|
| public function canValidateByEmail() | | public function canValidateByEmail() : bool |
| { | | { |
| return false; | | return false; |
| } | | } |
| | |
| // Checks whether the method has a password reset facility | | // Checks whether the method has a password reset facility |
|
| public function canResetPassword() | | public function canResetPassword() : bool |
| { | | { |
| return false; | | return false; |
| } | | } |
| | |
| // Checks whether the password by reset by supplying an email address | | // Checks whether the password by reset by supplying an email address |
|
| public function canResetByEmail() | | public function canResetByEmail() : bool |
| { | | { |
| return false; | | return false; |
| } | | } |
| | |
| // Validates that the password conforms to the password policy | | // Validates that the password conforms to the password policy |
| // (Ideally this function should also be matched by client-side | | // (Ideally this function should also be matched by client-side |
| // validation, but unfortunately JavaScript's native support for Unicode | | // validation, but unfortunately JavaScript's native support for Unicode |
| // pattern matching is very limited. Would need to be implemented using | | // pattern matching is very limited. Would need to be implemented using |
| // an add-in library). | | // an add-in library). |
|
| public function validatePassword($password) | | public function validatePassword(string $password) : bool |
| { | | { |
| global $pwd_policy; | | global $pwd_policy; |
| | |
| if (isset($pwd_policy)) | | if (isset($pwd_policy)) |
| { | | { |
| // Set up regular expressions. Use p{Ll} instead of [a-z] etc. | | // Set up regular expressions. Use p{Ll} instead of [a-z] etc. |
| // to make sure accented characters are included | | // to make sure accented characters are included |
| $pattern = array('alpha' => '/\p{L}/', | | $pattern = array('alpha' => '/\p{L}/', |
| 'lower' => '/\p{Ll}/', | | 'lower' => '/\p{Ll}/', |
| 'upper' => '/\p{Lu}/', | | 'upper' => '/\p{Lu}/', |
| | |
| skipping to change at line 83 | | skipping to change at line 99 |
|---|
| } | | } |
| break; | | break; |
| } | | } |
| } | | } |
| } | | } |
| | |
| // Everything is OK | | // Everything is OK |
| return true; | | return true; |
| } | | } |
| | |
|
| | // Returns an array of registrants' display names |
| | public function getRegistrantsDisplayNames (array $entry) : array |
| | { |
| | $display_names = array(); |
| | |
| | // Only bother getting the names if we don't already know how many there are |
| | , |
| | // or if we know there are definitely some |
| | if (!isset($entry['n_registered']) || ($entry['n_registered'] > 0)) |
| | { |
| | $display_names = $this->getRegistrantsDisplayNamesUnsorted($entry['id']); |
| | usort($display_names, 'MRBS\compare_display_names'); |
| | } |
| | |
| | return $display_names; |
| | } |
| | |
| | protected function getRegistrantsDisplayNamesUnsorted(int $id) : array |
| | { |
| | $display_names = array(); |
| | $registrants = get_registrants($id, false); |
| | |
| | foreach ($registrants as $registrant) |
| | { |
| | $registrant_user = $this->getUser($registrant['username']); |
| | $display_name = (isset($registrant_user)) ? $registrant_user->display_name |
| | : $registrant['username']; |
| | $display_names[] = $display_name; |
| | } |
| | |
| | return $display_names; |
| | } |
| | |
| // Gets the level from the $auth['admin'] array in the config file | | // Gets the level from the $auth['admin'] array in the config file |
|
| protected function getDefaultLevel($username) | | protected function getDefaultLevel(?string $username) : int |
| { | | { |
| global $auth; | | global $auth; |
| | |
| // User not logged in, user level '0' | | // User not logged in, user level '0' |
| if(!isset($username)) | | if(!isset($username)) |
| { | | { |
| return 0; | | return 0; |
| } | | } |
| | |
| // Check whether the user is an admin | | // Check whether the user is an admin |
| | |
| skipping to change at line 111 | | skipping to change at line 158 |
|---|
| return 2; | | return 2; |
| } | | } |
| } | | } |
| } | | } |
| | |
| // Everybody else is access level '1' | | // Everybody else is access level '1' |
| return 1; | | return 1; |
| } | | } |
| | |
| // Gets the default email address using config file settings | | // Gets the default email address using config file settings |
|
| protected function getDefaultEmail($username) | | protected function getDefaultEmail(?string $username) : string |
| { | | { |
| global $mail_settings; | | global $mail_settings; |
| | |
| if (!isset($username) || $username === '') | | if (!isset($username) || $username === '') |
| { | | { |
| return ''; | | return ''; |
| } | | } |
| | |
| $email = $username; | | $email = $username; |
| | |
| | |
| skipping to change at line 145 | | skipping to change at line 192 |
|---|
| // Trim any leading '@' character. Older versions of MRBS required the '@'
character | | // Trim any leading '@' character. Older versions of MRBS required the '@'
character |
| // to be included in $mail_settings['domain'], and we still allow this for
backwards | | // to be included in $mail_settings['domain'], and we still allow this for
backwards |
| // compatibility. | | // compatibility. |
| $domain = ltrim($mail_settings['domain'], '@'); | | $domain = ltrim($mail_settings['domain'], '@'); |
| $email .= '@' . $domain; | | $email .= '@' . $domain; |
| } | | } |
| | |
| return $email; | | return $email; |
| } | | } |
| | |
|
| | // Callback function for comparing two users, indexed by 'username' and 'displ |
| | ay_name'. |
| | // Compares first by 'display_name' and then by 'username' |
| | private static function compareUsers(array $user1, array $user2) : int |
| | { |
| | $display_name1 = get_sortable_name($user1['display_name']); |
| | $display_name2 = get_sortable_name($user2['display_name']); |
| | $display_name_comparison = strcasecmp_locale($display_name1, $display_name2) |
| | ; |
| | |
| | if ($display_name_comparison === 0) |
| | { |
| | return strcasecmp_locale($user1['username'], $user2['username']); |
| | } |
| | |
| | return $display_name_comparison; |
| | } |
| | |
| // Sorts an array of users indexed by 'username' and 'display_name', eg the | | // Sorts an array of users indexed by 'username' and 'display_name', eg the |
| // output of getUsernames(). Sorts by display_name then username. | | // output of getUsernames(). Sorts by display_name then username. |
|
| protected static function sortUsers(array &$users) | | protected static function sortUsers(array &$users) : void |
| { | | { |
|
| // Obtain a list of columns | | usort($users, [__CLASS__, 'compareUsers']); |
| $username = array_column($users, 'username'); | | |
| $display_name = array_column($users, 'display_name'); | | |
| | |
| // Sort the data with volume descending, edition ascending | | |
| // Add $data as the last parameter, to sort by the common key | | |
| array_multisort($display_name, SORT_ASC, SORT_LOCALE_STRING | SORT_FLAG_CASE | | |
| , | | |
| $username, SORT_ASC, SORT_LOCALE_STRING | SORT_FLAG_CASE, | | |
| $users); | | |
| } | | } |
| | |
| // Check we've got the right session scheme for the type. | | // Check we've got the right session scheme for the type. |
| // To be called for those authentication types which require the same | | // To be called for those authentication types which require the same |
| // session scheme. | | // session scheme. |
| protected function checkSessionMatchesType() | | protected function checkSessionMatchesType() |
| { | | { |
| global $auth; | | global $auth; |
| | |
| if ($auth['session'] !== $auth['type']) | | if ($auth['session'] !== $auth['type']) |
| | | |
| End of changes. 12 change blocks. |
|---|
| 18 lines changed or deleted | | 76 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 