X-Git-Url: http://git.roojs.org/?a=blobdiff_plain;f=DataObjects%2FCore_person.php;h=419fc9c0c8f3c29a8143a9b1081fd9a22c83cc0b;hb=928ccee81f4abe3d3857b2aef55ba341570f1853;hp=0e720ef2ed8a6c41e46d533dc9a34d138332483e;hpb=5e44de672b024c43709fdb3b54f00946737a0af2;p=Pman.Core diff --git a/DataObjects/Core_person.php b/DataObjects/Core_person.php index 0e720ef2..419fc9c0 100644 --- a/DataObjects/Core_person.php +++ b/DataObjects/Core_person.php @@ -50,6 +50,9 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject /* the code above is auto generated do not remove the tag below */ ###END_AUTOCODE + + static $authUser = false; + function owner() { @@ -232,6 +235,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject $sesPrefix = $this->sesPrefix(); + self::$authUser = false; $_SESSION[get_class($this)][$sesPrefix .'-auth'] = ""; return false; @@ -291,12 +295,12 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject } - // local auth - - $default_admin = false; - if (!empty($ff->Pman['local_autoauth']) && - ($ff->Pman['local_autoauth'] === true) && - (!empty($_SERVER['SERVER_ADDR'])) && - ( + $auto_auth_allow = false; + if (!empty($ff->Pman['local_autoauth']) && $ff->Pman['local_autoauth'] === true) { + $auto_auth_allow = true; + } + if ( + (!empty($_SERVER['SERVER_ADDR'])) && ( $_SERVER['SERVER_ADDR'] == '127.0.0.1' && $_SERVER['REMOTE_ADDR'] == '127.0.0.1' @@ -306,8 +310,19 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject $_SERVER['SERVER_ADDR'] == '::1' && $_SERVER['REMOTE_ADDR'] == '::1' ) - ) - ) { + + ){ + $auto_auth_allow = true; + } + + + if (empty($_SERVER['PATH_INFO']) || $_SERVER['PATH_INFO'] == '/Login') { + $auto_auth_allow = false; + } + //var_dump($auto_auth_allow); + // local auth - + $default_admin = false; + if ($auto_auth_allow) { $group = DB_DataObject::factory('core_group'); $group->get('name', 'Administrators'); @@ -329,24 +344,14 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject $u = DB_DataObject::factory($this->tableName()); $ff = HTML_FlexyFramework::get(); - if (!empty($ff->Pman['local_autoauth']) && - (!empty($_SERVER['SERVER_ADDR'])) && - ( - ( - $_SERVER['SERVER_ADDR'] == '127.0.0.1' && - $_SERVER['REMOTE_ADDR'] == '127.0.0.1' - ) - || - ( - $_SERVER['SERVER_ADDR'] == '::1' && - $_SERVER['REMOTE_ADDR'] == '::1' - ) - ) && + if ($auto_auth_allow && ($default_admin || $u->get('email', $ff->Pman['local_autoauth'])) ) { $user = $default_admin ? $default_admin->toArray() : $u->toArray(); + // if we request other URLS.. then we get auto logged in.. + $_SESSION[get_class($this)][$sesPrefix .'-auth'] = serialize((object) $user); return true; } @@ -370,10 +375,9 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject } } if (!$n){ // authenticated as there are no users in the system... - return true; + return true; } - - return false; + return false; } @@ -520,10 +524,9 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject function checkTwoFactorAuthentication($val) { - // also used in login - return true; + // also used in login require_once 'System.php'; if( @@ -539,7 +542,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject return false; } - $cmd = "{$oathtool} --totp --base32 {$this->oath_key}"; + $cmd = "{$oathtool} --totp --base32 " . escapeshellarg($this->oath_key); $password = exec($cmd); @@ -672,14 +675,13 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject $aur['passwd'] = ''; $aur['dailykey'] = ''; $aur['oath_key'] = ''; - $aur['require_oath'] = 0; + + $aur['oath_key_enable'] = !empty($this->oath_key); + $aur['require_oath'] = 1; $s = DB_DataObject::Factory('core_setting'); $oath_require = $s->lookup('core', 'two_factor_authentication_requirement'); - if(empty($oath_require) || $oath_require == 1) { - $aur['oath_key_enable'] = !empty($this->oath_key); - } - + $aur['require_oath'] = $oath_require ? $oath_require->val : 0; return $aur; }