2 /* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4 foldmethod=marker: */
5 * The main include file for Auth package
9 * LICENSE: This source file is subject to version 3.01 of the PHP license
10 * that is available through the world-wide-web at the following URI:
11 * http://www.php.net/license/3_01.txt. If you did not receive a copy of
12 * the PHP License and are unable to obtain it through the web, please
13 * send a note to license@php.net so we can mail you a copy immediately.
15 * @category Authentication
17 * @author Martin Jansen <mj@php.net>
18 * @author Adam Ashley <aashley@php.net>
19 * @copyright 2001-2006 The PHP Group
20 * @license http://www.php.net/license/3_01.txt PHP License 3.01
21 * @version CVS: $Id: Auth.php 289651 2009-10-15 04:39:07Z aashley $
22 * @link http://pear.php.net/package/Auth
26 * Returned if session exceeds idle time
28 define('AUTH_IDLED', -1);
30 * Returned if session has expired
32 define('AUTH_EXPIRED', -2);
34 * Returned if container is unable to authenticate user/password pair
36 define('AUTH_WRONG_LOGIN', -3);
38 * Returned if a container method is not supported.
40 define('AUTH_METHOD_NOT_SUPPORTED', -4);
42 * Returned if new Advanced security system detects a breach
44 define('AUTH_SECURITY_BREACH', -5);
46 * Returned if checkAuthCallback says session should not continue.
48 define('AUTH_CALLBACK_ABORT', -6);
51 * Auth Log level - INFO
53 define('AUTH_LOG_INFO', 6);
55 * Auth Log level - DEBUG
57 define('AUTH_LOG_DEBUG', 7);
60 * Auth Advanced Security - IP Checks
62 define('AUTH_ADV_IPCHECK', 1);
64 * Auth Advanced Security - User Agent Checks
66 define('AUTH_ADV_USERAGENT', 2);
68 * Auth Advanced Security - Challenge Response
70 define('AUTH_ADV_CHALLENGE', 3);
76 * The PEAR::Auth class provides methods for creating an
77 * authentication system using PHP.
79 * @category Authentication
81 * @author Martin Jansen <mj@php.net>
82 * @author Adam Ashley <aashley@php.net>
83 * @copyright 2001-2006 The PHP Group
84 * @license http://www.php.net/license/3_01.txt PHP License 3.01
85 * @version Release: @package_version@ File: $Revision: 289651 $
86 * @link http://pear.php.net/package/Auth
93 * Auth lifetime in seconds
95 * If this variable is set to 0, auth never expires
98 * @see setExpire(), checkAuth()
103 * Has the auth session expired?
108 var $expired = false;
111 * Maximum idletime in seconds
113 * The difference to $expire is, that the idletime gets
114 * refreshed each time checkAuth() is called. If this
115 * variable is set to 0, idletime is never checked.
118 * @see setIdle(), checkAuth()
123 * Is the maximum idletime over?
134 * @see Auth(), validateLogin()
139 * User-defined function that creates the login screen
143 var $loginFunction = '';
146 * Should the login form be displayed
149 * @see setShowlogin()
151 var $showLogin = true;
154 * Is Login Allowed from this page
159 var $allowLogin = true;
162 * Current authentication status
183 * checkAuth callback function name
186 * @see setCheckAuthCallback()
188 var $checkAuthCallback = '';
191 * Login callback function name
194 * @see setLoginCallback()
196 var $loginCallback = '';
199 * Failed Login callback function name
202 * @see setFailedLoginCallback()
204 var $loginFailedCallback = '';
207 * Logout callback function name
210 * @see setLogoutCallback()
212 var $logoutCallback = '';
215 * Auth session-array name
219 var $_sessionName = '_authsession';
226 var $version = "@version@";
229 * Flag to use advanced security
230 * When set extra checks will be made to see if the
231 * user's IP or useragent have changed across requests.
232 * Turned off by default to preserve BC.
234 * @var mixed Boolean to turn all advanced security options on or off
235 * Array containing named values turning specific advanced
236 * security features on or off individually
238 * AUTH_ADV_IPCHECK => true,
239 * AUTH_ADV_USERAGENT => true,
240 * AUTH_ADV_CHALLENGE => true,
243 var $advancedsecurity = false;
246 * Username key in POST array
250 var $_postUsername = 'username';
253 * Password key in POST array
257 var $_postPassword = 'password';
260 * Holds a reference to the session auth variable
266 * Holds a reference to the global server variable
272 * Holds a reference to the global post variable
278 * Holds a reference to the global cookie variable
284 * A hash to hold various superglobals as reference
290 * How many times has checkAuth been called
303 * Whether to enable logging of behaviour
307 var $enableLogging = false;
310 * Whether to regenerate session id everytime start is called
314 var $regenerateSessionId = false;
317 // {{{ Auth() [constructor]
322 * Set up the storage driver.
324 * @param string Type of the storage driver
325 * @param mixed Additional options for the storage driver
326 * (example: if you are using DB as the storage
327 * driver, you have to pass the dsn string here)
329 * @param string Name of the function that creates the login form
330 * @param boolean Should the login form be displayed if necessary?
333 function Auth($storageDriver, $options = '', $loginFunction = '', $showLogin = true)
335 $this->applyAuthOptions($options);
337 // Start the session suppress error if already started
342 include_once 'PEAR.php';
343 PEAR::throwError('Session could not be started by Auth, '
344 .'possibly headers are already sent, try putting '
345 .'ob_start in the beginning of your script');
349 // Make Sure Auth session variable is there
350 if(!isset($_SESSION[$this->_sessionName])) {
351 $_SESSION[$this->_sessionName] = array();
354 // Assign Some globals to internal references, this will replace _importGlobalVariable
355 $this->session =& $_SESSION[$this->_sessionName];
356 $this->server =& $_SERVER;
357 $this->post =& $_POST;
358 $this->cookie =& $_COOKIE;
360 if ($loginFunction != '' && is_callable($loginFunction)) {
361 $this->loginFunction = $loginFunction;
364 if (is_bool($showLogin)) {
365 $this->showLogin = $showLogin;
368 if (is_object($storageDriver)) {
369 $this->storage =& $storageDriver;
370 // Pass a reference to auth to the container, ugly but works
371 // this is used by the DB container to use method setAuthData not staticaly.
372 $this->storage->_auth_obj =& $this;
374 // $this->storage = $this->_factory($storageDriver, $options);
376 $this->storage_driver = $storageDriver;
377 $this->storage_options =& $options;
382 // {{{ applyAuthOptions()
385 * Set the Auth options
387 * Some options which are Auth specific will be applied
388 * the rest will be left for usage by the container
390 * @param array An array of Auth options
391 * @return array The options which were not applied
394 function &applyAuthOptions(&$options)
396 if(is_array($options)){
397 if (!empty($options['sessionName'])) {
398 $this->_sessionName = $options['sessionName'];
399 unset($options['sessionName']);
401 if (isset($options['allowLogin'])) {
402 $this->allowLogin = $options['allowLogin'];
403 unset($options['allowLogin']);
405 if (!empty($options['postUsername'])) {
406 $this->_postUsername = $options['postUsername'];
407 unset($options['postUsername']);
409 if (!empty($options['postPassword'])) {
410 $this->_postPassword = $options['postPassword'];
411 unset($options['postPassword']);
413 if (isset($options['advancedsecurity'])) {
414 $this->advancedsecurity = $options['advancedsecurity'];
415 unset($options['advancedsecurity']);
417 if (isset($options['enableLogging'])) {
418 $this->enableLogging = $options['enableLogging'];
419 unset($options['enableLogging']);
421 if (isset($options['regenerateSessionId']) && is_bool($options['regenerateSessionId'])) {
422 $this->regenerateSessionId = $options['regenerateSessionId'];
429 // {{{ _loadStorage()
432 * Load Storage Driver if not already loaded
434 * Suspend storage instantiation to make Auth lighter to use
435 * for calls which do not require login
437 * @return bool True if the conainer is loaded, false if the container
441 function _loadStorage()
443 if(!is_object($this->storage)) {
444 $this->storage =& $this->_factory($this->storage_driver,
445 $this->storage_options);
446 $this->storage->_auth_obj =& $this;
447 $this->log('Loaded storage container ('.$this->storage_driver.')', AUTH_LOG_DEBUG);
457 * Return a storage driver based on $driver and $options
460 * @param string $driver Type of storage class to return
461 * @param string $options Optional parameters for the storage class
462 * @return object Object Storage object
465 function &_factory($driver, $options = '')
467 $storage_class = 'Auth_Container_' . $driver;
468 include_once 'Auth/Container/' . $driver . '.php';
469 $obj =& new $storage_class($options);
477 * Assign data from login form to internal values
479 * This function takes the values for username and password
480 * from $HTTP_POST_VARS/$_POST and assigns them to internal variables.
481 * If you wish to use another source apart from $HTTP_POST_VARS/$_POST,
482 * you have to derive this function.
484 * @global $HTTP_POST_VARS, $_POST
489 function assignData()
491 $this->log('Auth::assignData() called.', AUTH_LOG_DEBUG);
493 if ( isset($this->post[$this->_postUsername])
494 && $this->post[$this->_postUsername] != '') {
495 $this->username = (get_magic_quotes_gpc() == 1
496 ? stripslashes($this->post[$this->_postUsername])
497 : $this->post[$this->_postUsername]);
499 if ( isset($this->post[$this->_postPassword])
500 && $this->post[$this->_postPassword] != '') {
501 $this->password = (get_magic_quotes_gpc() == 1
502 ? stripslashes($this->post[$this->_postPassword])
503 : $this->post[$this->_postPassword] );
511 * Start new auth session
518 $this->log('Auth::start() called.', AUTH_LOG_DEBUG);
520 // #10729 - Regenerate session id here if we are generating it on every
522 if ($this->regenerateSessionId) {
523 session_regenerate_id(true);
527 if (!$this->checkAuth() && $this->allowLogin) {
543 $this->log('Auth::login() called.', AUTH_LOG_DEBUG);
546 $this->_loadStorage();
548 // Check if using challenge response
549 (isset($this->post['authsecret']) && $this->post['authsecret'] == 1)
551 : $usingChap = false;
554 // When the user has already entered a username, we have to validate it.
555 if (!empty($this->username)) {
556 if (true === $this->storage->fetchData($this->username, $this->password, $usingChap)) {
557 $this->session['challengekey'] = md5($this->username.$this->password);
559 $this->log('Successful login.', AUTH_LOG_INFO);
563 if (!empty($this->username) && $login_ok) {
564 $this->setAuth($this->username);
565 if (is_callable($this->loginCallback)) {
566 $this->log('Calling loginCallback ('.$this->loginCallback.').', AUTH_LOG_DEBUG);
567 call_user_func_array($this->loginCallback, array($this->username, &$this));
571 // If the login failed or the user entered no username,
572 // output the login screen again.
573 if (!empty($this->username) && !$login_ok) {
574 $this->log('Incorrect login.', AUTH_LOG_INFO);
575 $this->status = AUTH_WRONG_LOGIN;
576 if (is_callable($this->loginFailedCallback)) {
577 $this->log('Calling loginFailedCallback ('.$this->loginFailedCallback.').', AUTH_LOG_DEBUG);
578 call_user_func_array($this->loginFailedCallback, array($this->username, &$this));
582 if ((empty($this->username) || !$login_ok) && $this->showLogin) {
583 $this->log('Rendering Login Form.', AUTH_LOG_INFO);
584 if (is_callable($this->loginFunction)) {
585 $this->log('Calling loginFunction ('.$this->loginFunction.').', AUTH_LOG_DEBUG);
586 call_user_func_array($this->loginFunction, array($this->username, $this->status, &$this));
588 // BC fix Auth used to use drawLogin for this
589 // call is sub classes implement this
590 if (is_callable(array($this, 'drawLogin'))) {
591 $this->log('Calling Auth::drawLogin()', AUTH_LOG_DEBUG);
592 return $this->drawLogin($this->username, $this);
595 $this->log('Using default Auth_Frontend_Html', AUTH_LOG_DEBUG);
598 include_once 'Auth/Frontend/Html.php';
599 return Auth_Frontend_Html::render($this, $this->username);
610 * Set the maximum expire time
612 * @param integer time in seconds
613 * @param bool add time to current expire time or not
617 function setExpire($time, $add = false)
619 $add ? $this->expire += $time : $this->expire = $time;
626 * Set the maximum idle time
628 * @param integer time in seconds
629 * @param bool add time to current maximum idle time or not
633 function setIdle($time, $add = false)
635 $add ? $this->idle += $time : $this->idle = $time;
639 // {{{ setSessionName()
642 * Set name of the session to a customized value.
644 * If you are using multiple instances of PEAR::Auth
645 * on the same domain, you can change the name of
646 * session per application via this function.
647 * This will chnage the name of the session variable
648 * auth uses to store it's data in the session
650 * @param string New name for the session
654 function setSessionName($name = 'session')
656 $this->_sessionName = '_auth_'.$name;
657 // Make Sure Auth session variable is there
658 if(!isset($_SESSION[$this->_sessionName])) {
659 $_SESSION[$this->_sessionName] = array();
661 $this->session =& $_SESSION[$this->_sessionName];
665 // {{{ setShowLogin()
668 * Should the login form be displayed if necessary?
670 * @param bool show login form or not
674 function setShowLogin($showLogin = true)
676 $this->showLogin = $showLogin;
680 // {{{ setAllowLogin()
683 * Is Login Allowed from this page?
685 * @param bool allow login from this page or not
689 function setAllowLogin($allowLogin = true)
691 $this->allowLogin = $allowLogin;
695 // {{{ setCheckAuthCallback()
698 * Register a callback function to be called whenever the validity of the login is checked
699 * The function will receive two parameters, the username and a reference to the auth object.
701 * @param string callback function name
704 * @since Method available since Release 1.4.3
706 function setCheckAuthCallback($checkAuthCallback)
708 $this->checkAuthCallback = $checkAuthCallback;
712 // {{{ setLoginCallback()
715 * Register a callback function to be called on user login.
716 * The function will receive two parameters, the username and a reference to the auth object.
718 * @param string callback function name
720 * @see setLogoutCallback()
723 function setLoginCallback($loginCallback)
725 $this->loginCallback = $loginCallback;
729 // {{{ setFailedLoginCallback()
732 * Register a callback function to be called on failed user login.
733 * The function will receive two parameters, the username and a reference to the auth object.
735 * @param string callback function name
739 function setFailedLoginCallback($loginFailedCallback)
741 $this->loginFailedCallback = $loginFailedCallback;
745 // {{{ setLogoutCallback()
748 * Register a callback function to be called on user logout.
749 * The function will receive three parameters, the username and a reference to the auth object.
751 * @param string callback function name
753 * @see setLoginCallback()
756 function setLogoutCallback($logoutCallback)
758 $this->logoutCallback = $logoutCallback;
765 * Register additional information that is to be stored
768 * @param string Name of the data field
769 * @param mixed Value of the data field
770 * @param boolean Should existing data be overwritten? (default
775 function setAuthData($name, $value, $overwrite = true)
777 if (!empty($this->session['data'][$name]) && $overwrite == false) {
780 $this->session['data'][$name] = $value;
787 * Get additional information that is stored in the session.
789 * If no value for the first parameter is passed, the method will
790 * return all data that is currently stored.
792 * @param string Name of the data field
793 * @return mixed Value of the data field.
796 function getAuthData($name = null)
798 if (!isset($this->session['data'])) {
802 return $this->session['data'];
804 if (isset($name) && isset($this->session['data'][$name])) {
805 return $this->session['data'][$name];
814 * Register variable in a session telling that the user
815 * has logged in successfully
817 * @param string Username
821 function setAuth($username)
823 $this->log('Auth::setAuth() called.', AUTH_LOG_DEBUG);
825 // #10729 - Regenerate session id here only if generating at login only
826 // Don't do it if we are regenerating on every request so we don't
827 // regenerate it twice in one request.
828 if (!$this->regenerateSessionId) {
829 // #2021 - Change the session id to avoid session fixation attacks php 4.3.3 >
830 session_regenerate_id(true);
833 if (!isset($this->session) || !is_array($this->session)) {
834 $this->session = array();
837 if (!isset($this->session['data'])) {
838 $this->session['data'] = array();
841 $this->session['sessionip'] = isset($this->server['REMOTE_ADDR'])
842 ? $this->server['REMOTE_ADDR']
844 $this->session['sessionuseragent'] = isset($this->server['HTTP_USER_AGENT'])
845 ? $this->server['HTTP_USER_AGENT']
847 $this->session['sessionforwardedfor'] = isset($this->server['HTTP_X_FORWARDED_FOR'])
848 ? $this->server['HTTP_X_FORWARDED_FOR']
851 // This should be set by the container to something more safe
852 // Like md5(passwd.microtime)
853 if(empty($this->session['challengekey'])) {
854 $this->session['challengekey'] = md5($username.microtime());
857 $this->session['challengecookie'] = md5($this->session['challengekey'].microtime());
858 setcookie('authchallenge', $this->session['challengecookie'], 0, '/');
860 $this->session['registered'] = true;
861 $this->session['username'] = $username;
862 $this->session['timestamp'] = time();
863 $this->session['idle'] = time();
867 // {{{ setAdvancedSecurity()
870 * Enables advanced security checks
872 * Currently only ip change and useragent change
874 * @todo Add challenge cookies - Create a cookie which changes every time
875 * and contains some challenge key which the server can verify with
876 * a session var cookie might need to be crypted (user pass)
877 * @param bool Enable or disable
881 function setAdvancedSecurity($flag=true)
883 $this->advancedsecurity = $flag;
890 * Checks if there is a session with valid auth information.
893 * @return boolean Whether or not the user is authenticated.
897 $this->log('Auth::checkAuth() called.', AUTH_LOG_DEBUG);
899 if (isset($this->session)) {
900 // Check if authentication session is expired
901 if ( $this->expire > 0
902 && isset($this->session['timestamp'])
903 && ($this->session['timestamp'] + $this->expire) < time()) {
904 $this->log('Session Expired', AUTH_LOG_INFO);
905 $this->expired = true;
906 $this->status = AUTH_EXPIRED;
911 // Check if maximum idle time is reached
913 && isset($this->session['idle'])
914 && ($this->session['idle'] + $this->idle) < time()) {
915 $this->log('Session Idle Time Reached', AUTH_LOG_INFO);
917 $this->status = AUTH_IDLED;
922 if ( isset($this->session['registered'])
923 && isset($this->session['username'])
924 && $this->session['registered'] == true
925 && $this->session['username'] != '') {
928 if ($this->_isAdvancedSecurityEnabled()) {
929 $this->log('Advanced Security Mode Enabled.', AUTH_LOG_DEBUG);
931 // Only Generate the challenge once
932 if ( $this->authChecks == 1
933 && $this->_isAdvancedSecurityEnabled(AUTH_ADV_CHALLENGE)) {
934 $this->log('Generating new Challenge Cookie.', AUTH_LOG_DEBUG);
935 $this->session['challengecookieold'] = $this->session['challengecookie'];
936 $this->session['challengecookie'] = md5($this->session['challengekey'].microtime());
937 setcookie('authchallenge', $this->session['challengecookie'], 0, '/');
940 // Check for ip change
941 if ( $this->_isAdvancedSecurityEnabled(AUTH_ADV_IPCHECK)
942 && isset($this->server['REMOTE_ADDR'])
943 && $this->session['sessionip'] != $this->server['REMOTE_ADDR']) {
944 $this->log('Security Breach. Remote IP Address changed.', AUTH_LOG_INFO);
945 // Check if the IP of the user has changed, if so we
946 // assume a man in the middle attack and log him out
947 $this->expired = true;
948 $this->status = AUTH_SECURITY_BREACH;
953 // Check for ip change (if connected via proxy)
954 if ( $this->_isAdvancedSecurityEnabled(AUTH_ADV_IPCHECK)
955 && isset($this->server['HTTP_X_FORWARDED_FOR'])
956 && $this->session['sessionforwardedfor'] != $this->server['HTTP_X_FORWARDED_FOR']) {
957 $this->log('Security Breach. Forwarded For IP Address changed.', AUTH_LOG_INFO);
958 // Check if the IP of the user connecting via proxy has
959 // changed, if so we assume a man in the middle attack
961 $this->expired = true;
962 $this->status = AUTH_SECURITY_BREACH;
967 // Check for useragent change
968 if ( $this->_isAdvancedSecurityEnabled(AUTH_ADV_USERAGENT)
969 && isset($this->server['HTTP_USER_AGENT'])
970 && $this->session['sessionuseragent'] != $this->server['HTTP_USER_AGENT']) {
971 $this->log('Security Breach. User Agent changed.', AUTH_LOG_INFO);
972 // Check if the User-Agent of the user has changed, if
973 // so we assume a man in the middle attack and log him out
974 $this->expired = true;
975 $this->status = AUTH_SECURITY_BREACH;
980 // Check challenge cookie here, if challengecookieold is not set
981 // this is the first time and check is skipped
982 // TODO when user open two pages similtaneuly (open in new window,open
983 // in tab) auth breach is caused find out a way around that if possible
984 if ( $this->_isAdvancedSecurityEnabled(AUTH_ADV_CHALLENGE)
985 && isset($this->session['challengecookieold'])
986 && $this->session['challengecookieold'] != $this->cookie['authchallenge']) {
987 $this->log('Security Breach. Challenge Cookie mismatch.', AUTH_LOG_INFO);
988 $this->expired = true;
989 $this->status = AUTH_SECURITY_BREACH;
996 if (is_callable($this->checkAuthCallback)) {
997 $this->log('Calling checkAuthCallback ('.$this->checkAuthCallback.').', AUTH_LOG_DEBUG);
998 $checkCallback = call_user_func_array($this->checkAuthCallback, array($this->username, &$this));
999 if ($checkCallback == false) {
1000 $this->log('checkAuthCallback failed.', AUTH_LOG_INFO);
1001 $this->expired = true;
1002 $this->status = AUTH_CALLBACK_ABORT;
1008 $this->log('Session OK.', AUTH_LOG_INFO);
1012 $this->log('Unable to locate session storage.', AUTH_LOG_DEBUG);
1015 $this->log('No login session.', AUTH_LOG_DEBUG);
1020 // {{{ staticCheckAuth() [static]
1023 * Statically checks if there is a session with valid auth information.
1027 * @return boolean Whether or not the user is authenticated.
1030 function staticCheckAuth($options = null)
1033 if(!isset($staticAuth)) {
1034 $staticAuth = new Auth('null', $options);
1036 $staticAuth->log('Auth::staticCheckAuth() called', AUTH_LOG_DEBUG);
1037 return $staticAuth->checkAuth();
1044 * Has the user been authenticated?
1046 * Is there a valid login session. Previously this was different from
1047 * checkAuth() but now it is just an alias.
1050 * @return bool True if the user is logged in, otherwise false.
1054 $this->log('Auth::getAuth() called.', AUTH_LOG_DEBUG);
1055 return $this->checkAuth();
1064 * This function clears any auth tokens in the currently
1065 * active session and executes the logout callback function,
1073 $this->log('Auth::logout() called.', AUTH_LOG_DEBUG);
1075 if (is_callable($this->logoutCallback) && isset($this->session['username'])) {
1076 $this->log('Calling logoutCallback ('.$this->logoutCallback.').', AUTH_LOG_DEBUG);
1077 call_user_func_array($this->logoutCallback, array($this->session['username'], &$this));
1080 $this->username = '';
1081 $this->password = '';
1083 $this->session = null;
1090 * Update the idletime
1095 function updateIdle()
1097 $this->session['idle'] = time();
1101 // {{{ getUsername()
1109 function getUsername()
1111 if (isset($this->session['username'])) {
1112 return($this->session['username']);
1121 * Get the current status
1126 function getStatus()
1128 return $this->status;
1132 // {{{ getPostUsernameField()
1135 * Gets the post varible used for the username
1140 function getPostUsernameField()
1142 return($this->_postUsername);
1146 // {{{ getPostPasswordField()
1149 * Gets the post varible used for the username
1154 function getPostPasswordField()
1156 return($this->_postPassword);
1160 // {{{ sessionValidThru()
1163 * Returns the time up to the session is valid
1168 function sessionValidThru()
1170 if (!isset($this->session['idle'])) {
1173 if ($this->idle == 0) {
1176 return ($this->session['idle'] + $this->idle);
1183 * List all users that are currently available in the storage
1189 function listUsers()
1191 $this->log('Auth::listUsers() called.', AUTH_LOG_DEBUG);
1192 $this->_loadStorage();
1193 return $this->storage->listUsers();
1200 * Add user to the storage container
1203 * @param string Username
1204 * @param string Password
1205 * @param mixed Additional parameters
1206 * @return mixed True on success, PEAR error object on error
1207 * and AUTH_METHOD_NOT_SUPPORTED otherwise.
1209 function addUser($username, $password, $additional = '')
1211 $this->log('Auth::addUser() called.', AUTH_LOG_DEBUG);
1212 $this->_loadStorage();
1213 return $this->storage->addUser($username, $password, $additional);
1220 * Remove user from the storage container
1223 * @param string Username
1224 * @return mixed True on success, PEAR error object on error
1225 * and AUTH_METHOD_NOT_SUPPORTED otherwise.
1227 function removeUser($username)
1229 $this->log('Auth::removeUser() called.', AUTH_LOG_DEBUG);
1230 $this->_loadStorage();
1231 return $this->storage->removeUser($username);
1235 // {{{ changePassword()
1238 * Change password for user in the storage container
1241 * @param string Username
1242 * @param string The new password
1243 * @return mixed True on success, PEAR error object on error
1244 * and AUTH_METHOD_NOT_SUPPORTED otherwise.
1246 function changePassword($username, $password)
1248 $this->log('Auth::changePassword() called', AUTH_LOG_DEBUG);
1249 $this->_loadStorage();
1250 return $this->storage->changePassword($username, $password);
1257 * Log a message from the Auth system
1260 * @param string The message to log
1261 * @param string The log level to log the message under. See the Log documentation for more info.
1264 function log($message, $level = AUTH_LOG_DEBUG)
1266 if (!$this->enableLogging) return false;
1268 $this->_loadLogger();
1270 $this->logger->log('AUTH: '.$message, $level);
1274 // {{{ _loadLogger()
1277 * Load Log object if not already loaded
1279 * Suspend logger instantiation to make Auth lighter to use
1280 * for calls which do not require logging
1282 * @return bool True if the logger is loaded, false if the logger
1286 function _loadLogger()
1288 if(is_null($this->logger)) {
1289 if (!class_exists('Log')) {
1290 include_once 'Log.php';
1292 $this->logger =& Log::singleton('null',
1294 'auth['.getmypid().']',
1303 // {{{ attachLogObserver()
1306 * Attach an Observer to the Auth Log Source
1308 * @param object Log_Observer A Log Observer instance
1311 function attachLogObserver(&$observer) {
1313 $this->_loadLogger();
1315 return $this->logger->attach($observer);
1320 // {{{ _isAdvancedSecurityEnabled()
1323 * Is advanced security enabled?
1325 * Pass one of the Advanced Security constants as the first parameter
1326 * to check if that advanced security check is enabled.
1331 function _isAdvancedSecurityEnabled($feature = null) {
1333 if (is_null($feature)) {
1335 if ($this->advancedsecurity === true)
1338 if ( is_array($this->advancedsecurity)
1339 && in_array(true, $this->advancedsecurity, true))
1346 if (is_array($this->advancedsecurity)) {
1348 if ( isset($this->advancedsecurity[$feature])
1349 && $this->advancedsecurity[$feature] == true)
1356 return (bool)$this->advancedsecurity;