|
1 <?php |
|
2 /** |
|
3 * Zend Framework |
|
4 * |
|
5 * LICENSE |
|
6 * |
|
7 * This source file is subject to the new BSD license that is bundled |
|
8 * with this package in the file LICENSE.txt. |
|
9 * It is also available through the world-wide-web at this URL: |
|
10 * http://framework.zend.com/license/new-bsd |
|
11 * If you did not receive a copy of the license and are unable to |
|
12 * obtain it through the world-wide-web, please send an email |
|
13 * to license@zend.com so we can send you a copy immediately. |
|
14 * |
|
15 * @category Zend |
|
16 * @package Zend_Auth |
|
17 * @subpackage Zend_Auth_Adapter_Http |
|
18 * @copyright Copyright (c) 2005-2010 Zend Technologies USA Inc. (http://www.zend.com) |
|
19 * @license http://framework.zend.com/license/new-bsd New BSD License |
|
20 * @version $Id: File.php 20096 2010-01-06 02:05:09Z bkarwin $ |
|
21 */ |
|
22 |
|
23 |
|
24 /** |
|
25 * @see Zend_Auth_Adapter_Http_Resolver_Interface |
|
26 */ |
|
27 require_once 'Zend/Auth/Adapter/Http/Resolver/Interface.php'; |
|
28 |
|
29 |
|
30 /** |
|
31 * HTTP Authentication File Resolver |
|
32 * |
|
33 * @category Zend |
|
34 * @package Zend_Auth |
|
35 * @subpackage Zend_Auth_Adapter_Http |
|
36 * @copyright Copyright (c) 2005-2010 Zend Technologies USA Inc. (http://www.zend.com) |
|
37 * @license http://framework.zend.com/license/new-bsd New BSD License |
|
38 */ |
|
39 class Zend_Auth_Adapter_Http_Resolver_File implements Zend_Auth_Adapter_Http_Resolver_Interface |
|
40 { |
|
41 /** |
|
42 * Path to credentials file |
|
43 * |
|
44 * @var string |
|
45 */ |
|
46 protected $_file; |
|
47 |
|
48 /** |
|
49 * Constructor |
|
50 * |
|
51 * @param string $path Complete filename where the credentials are stored |
|
52 * @return void |
|
53 */ |
|
54 public function __construct($path = '') |
|
55 { |
|
56 if (!empty($path)) { |
|
57 $this->setFile($path); |
|
58 } |
|
59 } |
|
60 |
|
61 /** |
|
62 * Set the path to the credentials file |
|
63 * |
|
64 * @param string $path |
|
65 * @throws Zend_Auth_Adapter_Http_Resolver_Exception |
|
66 * @return Zend_Auth_Adapter_Http_Resolver_File Provides a fluent interface |
|
67 */ |
|
68 public function setFile($path) |
|
69 { |
|
70 if (empty($path) || !is_readable($path)) { |
|
71 /** |
|
72 * @see Zend_Auth_Adapter_Http_Resolver_Exception |
|
73 */ |
|
74 require_once 'Zend/Auth/Adapter/Http/Resolver/Exception.php'; |
|
75 throw new Zend_Auth_Adapter_Http_Resolver_Exception('Path not readable: ' . $path); |
|
76 } |
|
77 $this->_file = $path; |
|
78 |
|
79 return $this; |
|
80 } |
|
81 |
|
82 /** |
|
83 * Returns the path to the credentials file |
|
84 * |
|
85 * @return string |
|
86 */ |
|
87 public function getFile() |
|
88 { |
|
89 return $this->_file; |
|
90 } |
|
91 |
|
92 /** |
|
93 * Resolve credentials |
|
94 * |
|
95 * Only the first matching username/realm combination in the file is |
|
96 * returned. If the file contains credentials for Digest authentication, |
|
97 * the returned string is the password hash, or h(a1) from RFC 2617. The |
|
98 * returned string is the plain-text password for Basic authentication. |
|
99 * |
|
100 * The expected format of the file is: |
|
101 * username:realm:sharedSecret |
|
102 * |
|
103 * That is, each line consists of the user's username, the applicable |
|
104 * authentication realm, and the password or hash, each delimited by |
|
105 * colons. |
|
106 * |
|
107 * @param string $username Username |
|
108 * @param string $realm Authentication Realm |
|
109 * @throws Zend_Auth_Adapter_Http_Resolver_Exception |
|
110 * @return string|false User's shared secret, if the user is found in the |
|
111 * realm, false otherwise. |
|
112 */ |
|
113 public function resolve($username, $realm) |
|
114 { |
|
115 if (empty($username)) { |
|
116 /** |
|
117 * @see Zend_Auth_Adapter_Http_Resolver_Exception |
|
118 */ |
|
119 require_once 'Zend/Auth/Adapter/Http/Resolver/Exception.php'; |
|
120 throw new Zend_Auth_Adapter_Http_Resolver_Exception('Username is required'); |
|
121 } else if (!ctype_print($username) || strpos($username, ':') !== false) { |
|
122 /** |
|
123 * @see Zend_Auth_Adapter_Http_Resolver_Exception |
|
124 */ |
|
125 require_once 'Zend/Auth/Adapter/Http/Resolver/Exception.php'; |
|
126 throw new Zend_Auth_Adapter_Http_Resolver_Exception('Username must consist only of printable characters, ' |
|
127 . 'excluding the colon'); |
|
128 } |
|
129 if (empty($realm)) { |
|
130 /** |
|
131 * @see Zend_Auth_Adapter_Http_Resolver_Exception |
|
132 */ |
|
133 require_once 'Zend/Auth/Adapter/Http/Resolver/Exception.php'; |
|
134 throw new Zend_Auth_Adapter_Http_Resolver_Exception('Realm is required'); |
|
135 } else if (!ctype_print($realm) || strpos($realm, ':') !== false) { |
|
136 /** |
|
137 * @see Zend_Auth_Adapter_Http_Resolver_Exception |
|
138 */ |
|
139 require_once 'Zend/Auth/Adapter/Http/Resolver/Exception.php'; |
|
140 throw new Zend_Auth_Adapter_Http_Resolver_Exception('Realm must consist only of printable characters, ' |
|
141 . 'excluding the colon.'); |
|
142 } |
|
143 |
|
144 // Open file, read through looking for matching credentials |
|
145 $fp = @fopen($this->_file, 'r'); |
|
146 if (!$fp) { |
|
147 /** |
|
148 * @see Zend_Auth_Adapter_Http_Resolver_Exception |
|
149 */ |
|
150 require_once 'Zend/Auth/Adapter/Http/Resolver/Exception.php'; |
|
151 throw new Zend_Auth_Adapter_Http_Resolver_Exception('Unable to open password file: ' . $this->_file); |
|
152 } |
|
153 |
|
154 // No real validation is done on the contents of the password file. The |
|
155 // assumption is that we trust the administrators to keep it secure. |
|
156 while (($line = fgetcsv($fp, 512, ':')) !== false) { |
|
157 if ($line[0] == $username && $line[1] == $realm) { |
|
158 $password = $line[2]; |
|
159 fclose($fp); |
|
160 return $password; |
|
161 } |
|
162 } |
|
163 |
|
164 fclose($fp); |
|
165 return false; |
|
166 } |
|
167 } |