Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- class Session {
- private static $Instance;
- /**
- * @var User Holds an instance to the user's data object
- */
- public $User;
- public $SessionID;
- /**
- * @var string The user's authorization ID
- */
- public $AuthUser;
- /**
- * @var string The user's authorization password (encrypted)
- */
- public $AuthPass;
- /**
- * @var string The user's real password - kept private
- */
- private $AuthRealPassword;
- private $Key;
- public function AuthenticateSession() {
- //echo ('Attempting to authenticate,<br/>');
- //print_r($this);
- //echo ('<br/>Cookies are:<br/>');
- //print_r($_COOKIE);
- //echo ('<br/>');
- $this->Decrypt(); //Take the given password and decrypt it;
- $LDAP = LDAP::Inst();
- //print_r($LDAP);
- if ($this->AuthUser && $LDAP->Bind($this->AuthUser,$this->AuthRealPassword)) {
- //Session has succesfully auth'd against ldap.
- //echo ('<br/>Bound!<br/>');
- //Attempt to get the user object logged in to - if not, the user isn't a DB user and should be created.
- $DOM = DataObjectManager::Inst();
- $User = new User();
- if (!$User->FetchUserFromAuthName($this->AuthUser)) {
- //We need to create a new user, extracting first name and last name from AD;
- //echo ('<br/>Searching LDAP<br/>');
- if ($LDAPUserData = $LDAP->ReadUserData($this->AuthUser)) {
- $User->AuthType = 'LDAP';
- $User->AuthID = $this->AuthUser;
- $User->AuthPassword = 'NULL';
- $User->Forenames = $LDAPUserData['FirstName'];
- $User->Surname = $LDAPUserData['LastName'];
- $User->Active = 1;
- if (!$User->Create()) {
- throw new CriticalException("Failed to create user {$this->AuthUser} from unknown LDAP user.");
- }
- }
- else {
- //print_r($LDAPUserData);
- throw new CriticalException("Failed to find user {$this->AuthUser} on AD when bound.");
- }
- }
- $UserID = $User->ID;
- $DOM->RegisterDataObject($User);
- $this->User = $DOM->FetchDataObject('User',$UserID);
- //Set session cookies;
- $this->WriteSessionCookie();
- return true;
- }
- else {
- //echo '<br/>auth failed...<br/>';
- //Auth failed, so destroy any cookies set.
- //$this->DeleteSessionCookie();
- $this->AuthUser = false;
- $this->AuthPass = false;
- $this->AuthRealPassword = false;
- return false;
- }
- }
- public function ClearSession() {
- $this->AuthUser = false;
- $this->AuthPass = false;
- $this->AuthRealPassword = false;
- $this->DeleteSessionCookie();
- return true;
- }
- public function SetRealPassword($pass) {
- $this->AuthRealPassword = $pass;
- $this->Encrypt();
- }
- private function WriteSessionCookie() {
- $conf = Config::Inst();
- setcookie($conf->CookieUserName,$this->AuthUser,time() + 216000,'/');
- setcookie($conf->CookieUserPass,$this->AuthPass,time() + 216000,'/');
- setcookie($conf->CookieSession,$this->Session,time() + 216000,'/');
- }
- private function DeleteSessionCookie() {
- $conf = Config::Inst();
- setcookie($conf->CookieUserName,false,time() - 36000,'/');
- setcookie($conf->CookieUserPass,false,time() - 36000,'/');
- setcookie($conf->CookieSession,false,time() - 36000,'/');
- }
- /**
- * Using an alorithm and a key, apply mathamatics to a string so we
- * retrieve an unrecognisable message but we can still reverse engineer
- * it to receive the basic plain text input.
- *
- * @param string $string - The input into the RC4 Algorithm
- * @return string - The RC4 Encryption / Decryption of the message
- */
- private function RC4($string) {
- $keylength = strlen($this->Key);
- for($i = 0; $i < 256; $i++) {
- $s[$i] = $i;
- }
- for ($i = $j = 0; $i < 256; $i++) {
- $temp = 0;
- //$j = ($j + ord($this->Key[$i % $keylength] + $s[$i])) & 255;
- // The ord() should only be for the $this->key, Not $this-Key[] + $s[$i]
- $j = ($j + ord($this->Key[$i % $keylength]) + $s[$i]) & 255;
- $temp = $s[$i];
- $s[$i] = $s[$j];
- $s[$j] = $temp;
- }
- $i = $j = 0;
- $n = 0;
- $out = '';
- while($n < strlen($string)) {
- //echo ('pass ' . $n . '<br />');
- $i = ($i + 1) & 255;
- $j = ($j + $s[$i]) & 255;
- $temp = $s[$j];
- $s[$j] = $s[$i];
- $s[$i] = $temp;
- $out .= chr((ord($string[$n])) ^ ($s[($temp + $s[$j]) & 255]));
- $n++;
- }
- return $out;
- }
- /**
- * Encrypt a plain text message with a key to receive a message which
- * can't be interpreted without a key.
- */
- private function Encrypt() {
- $this->AuthPass = $this->RC4($this->AuthRealPassword);
- }
- /**
- * Decrypt the encrypted message to return the message as plain text
- */
- private function Decrypt() {
- $this->AuthRealPassword = $this->RC4($this->AuthPass);
- }
- /**
- * This function returns a singleton instance
- * @return Session singleton of itself
- */
- public static function Inst() {
- if(!isset(self::$Instance)) {
- $c = __CLASS__;
- self::$Instance = new $c;
- }
- return self::$Instance;
- }
- private function __construct() {
- $conf = Config::Inst();
- $this->Key = $conf->RC4Key;
- if (isset($_COOKIE[$conf->CookieUserName])) {
- $this->AuthUser = $_COOKIE[$conf->CookieUserName];
- }
- if (isset($_COOKIE[$conf->CookieUserPass])) {
- $this->AuthPass = $_COOKIE[$conf->CookieUserPass];
- $this->Decrypt();
- }
- if (!isset($_COOKIE[$conf->CookieSession])) {
- $this->Session = md5(microtime() . $this->AuthUser);
- setcookie($conf->CookieSession,$this->Session,time() + 216000, '/');
- }
- else {
- $this->Session = $_COOKIE[$conf->CookieSession];
- }
- }
- }
- //Test code;
- /*$teststring = 'attack at dawn';
- $Auth = Session::Inst();
- echo ('Original text:' . $teststring . '<br />');
- $ciphertext = $Auth->Encrypt($teststring);
- echo ('Round 1:' . $ciphertext . '<br />');
- $restring = $Auth->Encrypt($ciphertext);
- echo ('Round 2:' . $restring . '<br />');*/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement