Updated to the new Employee-style authentication

Fixes issue 4

git-svn-id: https://rosehill.googlecode.com/svn/trunk@71 100bd78a-fc82-11de-b5bc-ffd2847a4b57
This commit is contained in:
inghamn 2012-01-06 15:21:29 +00:00
parent c79d78a0b7
commit aab9b5daf7
12 changed files with 219 additions and 667 deletions

View File

@ -1,6 +1,6 @@
<?php <?php
/** /**
* @copyright 2006-2009 City of Bloomington, Indiana * @copyright 2006-2012 City of Bloomington, Indiana
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt * @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
* @author Cliff Ingham <inghamn@bloomington.in.gov> * @author Cliff Ingham <inghamn@bloomington.in.gov>
*/ */
@ -11,12 +11,14 @@
<table> <table>
<tr><td><label for="user-authenticationMethod">Authentication</label></td> <tr><td><label for="user-authenticationMethod">Authentication</label></td>
<td><select name="user[authenticationMethod]" id="user-authenticationMethod"> <td><select name="user[authenticationMethod]" id="user-authenticationMethod">
<option <?php if(isset($_POST['user']['authenticationMethod']) && $_POST['user']['authenticationMethod']=="LDAP") echo "selected=\"selected\""; ?>> <?php
LDAP foreach (User::getAuthenticationMethods() as $method) {
</option> $selected = (isset($_POST['user']['authenticationMethod']) && $_POST['user']['authenticationMethod']==$method)
<option <?php if(isset($_POST['user']['authenticationMethod']) && $_POST['user']['authenticationMethod']=="local") echo "selected=\"selected\""; ?>> ? 'selected="selected"'
local : '';
</option> echo "<option $selected>$method</option>";
}
?>
</select> </select>
</td> </td>
</tr> </tr>

View File

@ -1,6 +1,6 @@
<?php <?php
/** /**
* @copyright 2006-2009 City of Bloomington, Indiana * @copyright 2006-2012 City of Bloomington, Indiana
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt * @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
* @author Cliff Ingham <inghamn@bloomington.in.gov> * @author Cliff Ingham <inghamn@bloomington.in.gov>
* @param User $this->user * @param User $this->user
@ -13,12 +13,14 @@
<table> <table>
<tr><td><label for="user-authenticationMethod">Authentication</label></td> <tr><td><label for="user-authenticationMethod">Authentication</label></td>
<td><select name="user[authenticationMethod]" id="user-authenticationMethod"> <td><select name="user[authenticationMethod]" id="user-authenticationMethod">
<option <?php if ($this->user->getAuthenticationMethod()=='LDAP') echo "selected=\"selected\""; ?>> <?php
LDAP foreach (User::getAuthenticationMethods() as $method) {
</option> $selected = $this->user->getAuthenticationMethod()==$method
<option <?php if ($this->user->getAuthenticationMethod()=='local') echo "selected=\"selected\""; ?>> ? 'selected="selected"'
local : '';
</option> echo "<option $selected>$method</option>";
}
?>
</select> </select>
</td> </td>
</tr> </tr>

View File

@ -1,6 +1,6 @@
<?php <?php
/** /**
* @copyright 2006-2009 City of Bloomington, Indiana * @copyright 2006-2012 City of Bloomington, Indiana
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt * @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
* @author Cliff Ingham <inghamn@bloomington.in.gov> * @author Cliff Ingham <inghamn@bloomington.in.gov>
*/ */
@ -16,6 +16,20 @@ class User extends SystemUser
private $roles = array(); private $roles = array();
private $newPassword; // the User's new password, unencrypted private $newPassword; // the User's new password, unencrypted
/**
* Should provide the list of methods supported
*
* There should always be at least one method, called "local"
* Additional methods must match classes that implement External Identities
* See: ExternalIdentity.php
*
* @return array
*/
public static function getAuthenticationMethods()
{
return array('local','Employee');
}
/** /**
* @param int|string $id * @param int|string $id
*/ */

View File

@ -4,7 +4,7 @@
* will include this copyright statement * will include this copyright statement
*/ */
define('COPYRIGHT',"/** define('COPYRIGHT',"/**
* @copyright 2007-2009 City of Bloomington, Indiana * @copyright 2007-2012 City of Bloomington, Indiana
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt * @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
* @author Cliff Ingham <inghamn@bloomington.in.gov> * @author Cliff Ingham <inghamn@bloomington.in.gov>
*/"); */");
@ -86,17 +86,25 @@ define('DB_USER',APPLICATION_NAME);
define('DB_PASS','password'); define('DB_PASS','password');
/** /**
* LDAP Configuration * Directory Configuration
* This is required in order to use the LDAP authentication *
* If you do not want to use LDAP authentication, you can comment this out * This is required in order to use the LDAP or ADS authentication
* If you do not want to use external authentication, you can comment this out
*/ */
define('LDAP_DOMAIN','ldap.domain.somewhere'); // Example for ADS style authentication
define('LDAP_DN','ou=people,o='.LDAP_DOMAIN); define('DIRECTORY_SERVER','ldaps://example.org:636');
define('LDAP_USERNAME_ATTRIBUTE','uid'); define('DIRECTORY_BASE_DN','OU=Department,DC=example,DC=org');
define('LDAP_ADMIN_USER','username'); define('DIRECTORY_USERNAME_ATTRIBUTE', 'CN');
define('LDAP_ADMIN_PASS','password'); define('DIRECTORY_USER_BINDING','{username}@bloomington.in.gov');
define('LDAP_SERVER','ldap.somewhere.com'); define('DIRECTORY_ADMIN_BINDING', 'admin@bloomington.in.gov');
define('LDAP_PASSWORD_ATTRIBUTE','userpassword'); define('DIRECTORY_ADMIN_PASS','password');
// Example for LDAP style authentication
//define('DIRECTORY_SERVER','ldaps://example.org:636');
//define('DIRECTORY_BASE_DN','ou=people,o=ldap.domain.somewhere');
//define('DIRECTORY_USERNAME_ATTRIBUTE', 'uid');
//define('DIRECTORY_USER_BINDING','uid={username},'.DIRECTORY_BASE_DN);
//define('DIRECTORY_ADMIN_BINDING', 'uid=admin,'.DIRECTORY_BASE_DN);
//define('DIRECTORY_ADMIN_PASS','password');
/** /**
* Import global functions that we use for many applications we write * Import global functions that we use for many applications we write

View File

@ -1,6 +1,6 @@
<?php <?php
/** /**
* @copyright 2006-2009 City of Bloomington, Indiana * @copyright 2006-2012 City of Bloomington, Indiana
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt * @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
* @author Cliff Ingham <inghamn@bloomington.in.gov> * @author Cliff Ingham <inghamn@bloomington.in.gov>
* @param GET person_id * @param GET person_id
@ -32,18 +32,19 @@ if (isset($_POST['user'])) {
} }
else { else {
// Load their information from LDAP // Load their information from LDAP
// Delete this statement if you're not using LDAP if ($user->getAuthenticationMethod() != 'local') {
if ($user->getAuthenticationMethod() == 'LDAP') {
try { try {
$ldap = new LDAPEntry($user->getUsername()); $externalIdentity = $user->getAuthenticationMethod();
$identity = new $externalIdentity($user->getUsername());
try { try {
$person = new Person($ldap->getEmail()); $person = new Person($identity->getEmail());
} }
catch (Exception $e) { catch (Exception $e) {
$person = new Person(); $person = new Person();
$person->setFirstname($ldap->getFirstname()); $person->setFirstname($identity->getFirstname());
$person->setLastname($ldap->getLastname()); $person->setLastname($identity->getLastname());
$person->setEmail($ldap->getEmail()); $person->setEmail($identity->getEmail());
$person->save(); $person->save();
} }
$user->setPerson($person); $user->setPerson($person);

View File

@ -0,0 +1,112 @@
<?php
/**
* A class for working with entries in LDAP.
*
* This class is written specifically for the City of Bloomington's
* LDAP layout. If you are going to be doing LDAP authentication
* with your own LDAP server, you will probably need to customize
* the fields used in this class.
*
* @copyright 2011 City of Bloomington, Indiana
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
* @author Cliff Ingham <inghamn@bloomington.in.gov>
*/
class Employee implements ExternalIdentity
{
private static $connection;
private $entry;
/**
* @param string $username
* @param string $password
* @throws Exception
*/
public static function authenticate($username,$password)
{
$bindUser = sprintf(str_replace('{username}','%s',DIRECTORY_USER_BINDING),$username);
$connection = ldap_connect(DIRECTORY_SERVER) or die("Couldn't connect to ADS");
ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3);
if (ldap_bind($connection,$bindUser,$password)) {
return true;
}
}
/**
* Loads an entry from the LDAP server for the given user
*
* @param string $username
*/
public function __construct($username)
{
$this->openConnection();
$result = ldap_search(
self::$connection,
DIRECTORY_BASE_DN,
DIRECTORY_USERNAME_ATTRIBUTE."=$username"
);
if (ldap_count_entries(self::$connection,$result)) {
$entries = ldap_get_entries(self::$connection, $result);
$this->entry = $entries[0];
}
}
/**
* @return string
*/
public function getUsername()
{
return $this->entry['uid'];
}
/**
* @return string
*/
public function getFirstname()
{
return $this->entry['givenname'][0];
}
/**
* @return string
*/
public function getLastname()
{
return $this->entry['sn'][0];
}
/**
* @return string
*/
public function getEmail()
{
return $this->entry['mail'][0];
}
/**
* Creates the connection to the LDAP server
*/
private function openConnection()
{
if (!self::$connection) {
if (self::$connection = ldap_connect(DIRECTORY_SERVER)) {
ldap_set_option(self::$connection,LDAP_OPT_PROTOCOL_VERSION,3);
if (defined(DIRECTORY_ADMIN_BINDING) && DIRECTORY_ADMIN_BINDING) {
if (!ldap_bind(self::$connection,DIRECTORY_ADMIN_BINDING,DIRECTORY_ADMIN_PASS)) {
throw new Exception(ldap_error(self::$connection));
}
}
else {
if (!ldap_bind(self::$connection)) {
throw new Exception(ldap_error(self::$connection));
}
}
}
else {
throw new Exception(ldap_error(self::$connection));
}
}
}
}

View File

@ -1,12 +0,0 @@
<?php
/**
* @copyright 2008 City of Bloomington, Indiana
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
* @author Cliff Ingham <inghamn@bloomington.in.gov>
*/
interface ExternalAuthentication
{
public static function authenticate($username,$password);
public static function savePassword($username,$password);
}

View File

@ -0,0 +1,39 @@
<?php
/**
* @copyright 20011 City of Bloomington, Indiana
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
* @author Cliff Ingham <inghamn@bloomington.in.gov>
*/
interface ExternalIdentity
{
/**
* Should load user data from storage
*/
public function __construct($username);
/**
* Return whether the username, password combo is valid
*
* @param string $username
* @param string $password The unencrypted password
* @return bool
*/
public static function authenticate($username,$password);
/**
* @return string
*/
public function getFirstname();
/**
* @return string
*/
public function getLastname();
/**
* @return string
*/
public function getEmail();
}

View File

@ -1,87 +0,0 @@
<?php
/**
* @copyright 2008 City of Bloomington, Indiana
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
* @author Cliff Ingham <inghamn@bloomington.in.gov>
*/
class LDAP implements ExternalAuthentication
{
/**
* @param string $username
* @param string $password
* @throws Exception
*/
public static function authenticate($username,$password)
{
$connection = ldap_connect(LDAP_SERVER) or die("Couldn't connect to LDAP");
ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_bind($connection);
$result = ldap_search($connection,LDAP_DN,LDAP_USERNAME_ATTRIBUTE."=$username");
if (ldap_count_entries($connection,$result)) {
$entries = ldap_get_entries($connection, $result);
if (preg_match("/^\{crypt\}(.+)/i",$entries[0][LDAP_PASSWORD_ATTRIBUTE][0],$matches)) {
$ldapPassword = $matches[1];
$salt = substr($ldapPassword,0,2);
$encryptedPassword = crypt($password,$salt);
if ($encryptedPassword === $ldapPassword) {
return true;
}
else {
throw new Exception('wrongPassword');
}
}
else {
throw new Exception("passwordIsCorrupted");
}
}
else {
throw new Exception("unknownUser");
}
}
/**
* Saves a user's password to the LDAP server
*
* @param string $username
* @param string $password
*/
public static function savePassword($username,$password)
{
$connection = ldap_connect(LDAP_SERVER);
ldap_set_option($connection,LDAP_OPT_PROTOCOL_VERSION,3);
ldap_bind($connection,
LDAP_USERNAME_ATTRIBUTE."=".LDAP_ADMIN_USER.",o=".LDAP_DOMAIN,
LDAP_ADMIN_PASS) or die(ldap_error($connection));
$result = ldap_search($connection,LDAP_DN,LDAP_USERNAME_ATTRIBUTE."=$username");
$entries = ldap_get_entries($connection, $result);
$dn = LDAP_USERNAME_ATTRIBUTE."=$username,ou=people,o=".LDAP_DOMAIN;
if ($this->getPassword()) {
$salt = substr(md5(time()),0,2);
$encryptedPassword = "{CRYPT}".crypt($password,$salt);
$password = array(LDAP_PASSWORD_ATTRIBUTE=>$encryptedPassword);
if (isset($entries[0][LDAP_PASSWORD_ATTRIBUTE])) {
// Modify
ldap_mod_replace($connection,$dn,$password)
or die(print_r($password).ldap_error($connection));
}
else {
// Add
ldap_mod_add($connection,$dn,$password)
or die(print_r($password).ldap_error($connection));
}
}
else {
// Delete
$password = array();
ldap_mod_del($connection,$dn,$password)
or die(print_r($password).ldap_error($connection));
}
}
}

View File

@ -1,526 +0,0 @@
<?php
/**
* A class for working with entries in LDAP.
*
* This class is written specifically for the City of Bloomington's
* LDAP layout. If you are going to be doing LDAP authentication
* with your own LDAP server, you will probably need to customize
* the fields used in this class.
*
* @copyright 2006-2009 City of Bloomington, Indiana
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
* @author Cliff Ingham <inghamn@bloomington.in.gov>
*/
class LDAPEntry
{
private static $connection;
private $ou;
private $uid;
private $userPassword;
private $givenName;
private $sn;
private $cn;
private $displayName;
private $businessCategory;
private $departmentNumber;
private $physicalDeliveryOfficeName;
private $title;
private $mail;
private $telephoneNumber;
private $preferredTelephoneNumber;
private $webTelephoneNumber;
private $facsimileTelephoneNumber;
private $homePhone;
private $mobile;
private $dialupAccess;
private $jpegPhoto;
private $sambaLMPassword;
private $sambaNTPassword;
private $sambaSID;
private $objectClasses = array();
// Used to keep track of changes we make to this entry. This is because LDAP
// requires us to send seperate modify, add, and delete commands.
private $modifiedAttributes = array();
private $addedAttributes = array();
private $deletedAttributes = array();
/**
* Loads an entry from the LDAP server for the given user
* @param string $username
*/
public function __construct($username=null)
{
$this->openConnection();
if ($username) {
$result = ldap_search(LDAPEntry::$connection,LDAP_DN,
LDAP_USERNAME_ATTRIBUTE."=$username");
if (ldap_count_entries(LDAPEntry::$connection,$result)) {
$entries = ldap_get_entries(LDAPEntry::$connection, $result);
$this->uid = $username;
if (isset($entries[0]['ou'])) {
$this->ou = $entries[0]['ou'][0];
}
if (isset($entries[0]['givenname'])) {
$this->givenName = $entries[0]['givenname'][0];
}
if (isset($entries[0]['sn'])) {
$this->sn = $entries[0]['sn'][0];
}
if (isset($entries[0]['cn'])) {
$this->cn = $entries[0]['cn'][0];
}
if (isset($entries[0]['displayname'])) {
$this->displayName = $entries[0]['displayname'][0];
}
if (isset($entries[0]['businesscategory'])) {
$this->businessCategory = $entries[0]['businesscategory'][0];
}
if (isset($entries[0]['departmentnumber'])) {
$this->departmentNumber = $entries[0]['departmentnumber'][0];
}
if (isset($entries[0]['physicaldeliveryofficename'])) {
$this->physicalDeliveryOfficeName = $entries[0]['physicaldeliveryofficename'][0];
}
if (isset($entries[0]['title'])) {
$this->title = $entries[0]['title'][0];
}
if (isset($entries[0]['mail'])) {
$this->mail = $entries[0]['mail'][0];
}
if (isset($entries[0]['telephonenumber'])) {
$this->telephoneNumber = $entries[0]['telephonenumber'][0];
}
if (isset($entries[0]['preferredtelephonenumber'])) {
$this->preferredTelephoneNumber = $entries[0]['preferredtelephonenumber'][0];
}
if (isset($entries[0]['webtelephonenumber'])) {
$this->webTelephoneNumber = $entries[0]['webtelephonenumber'][0];
}
if (isset($entries[0]['facsimiletelephonenumber'])) {
$this->facsimileTelephoneNumber = $entries[0]['facsimiletelephonenumber'][0];
}
if (isset($entries[0]['homephone'])) {
$this->homePhone = $entries[0]['homephone'][0];
}
if (isset($entries[0]['mobile'])) {
$this->mobile = $entries[0]['mobile'][0];
}
if (isset($entries[0]['dialupaccess'])) {
$this->dialupAccess = $entries[0]['dialupaccess'][0];
}
if (isset($entries[0]['objectclass'])) {
$this->objectClasses = $entries[0]['objectclass'];
}
if (isset($entries[0]['jpegphoto'])) {
$photo = ldap_get_values_len(LDAPEntry::$connection,
ldap_first_entry(LDAPEntry::$connection,$result),
'jpegphoto');
$this->jpegPhoto = $photo[0];
}
}
else {
throw new Exception("ldap/unknownUser");
}
}
}
/**
* Creates the connection to the LDAP server
*/
private function openConnection()
{
if (!LDAPEntry::$connection) {
if (LDAPEntry::$connection = ldap_connect(LDAP_SERVER)) {
ldap_set_option(LDAPEntry::$connection,LDAP_OPT_PROTOCOL_VERSION,3);
if (LDAP_ADMIN_USER) {
if (!ldap_bind(LDAPEntry::$connection,
LDAP_USERNAME_ATTRIBUTE."=".LDAP_ADMIN_USER.",o=".LDAP_DOMAIN,
LDAP_ADMIN_PASS)) {
throw new Exception(ldap_error(LDAPEntry::$connection));
}
}
else {
if (!ldap_bind(LDAPEntry::$connection)) {
throw new Exception(ldap_error(LDAPEntry::$connection));
}
}
}
else {
throw new Exception(ldap_error(LDAPEntry::$connection));
}
}
}
/**
* Saves any changed information back to the LDAP server
*/
public function save()
{
$dn = "uid={$this->uid},ou=people,o=".LDAP_DOMAIN;
if (count($this->modifiedAttributes)) {
ldap_mod_replace(LDAPEntry::$connection,$dn,$this->modifiedAttributes)
or die(print_r($this->modifiedAttributes).ldap_error(LDAPEntry::$connection));
}
if (count($this->addedAttributes)) {
ldap_mod_add(LDAPEntry::$connection,$dn,$this->addedAttributes)
or die(print_r($this->addedAttributes).ldap_error(LDAPEntry::$connection));
}
if (count($this->deletedAttributes)) {
ldap_mod_del(LDAPEntry::$connection,$dn,$this->deletedAttributes)
or die(print_r($this->deletedAttributes).ldap_error(LDAPEntry::$connection));
}
}
/**
* Escapes any problematic characters
* @param string $str
*/
private function sanitize($str)
{
$tmp = trim($str);
$tmp = str_replace('\\', '\\\\', $tmp);
$tmp = str_replace('(', '\(', $tmp);
$tmp = str_replace(')', '\)', $tmp);
$tmp = str_replace('*', '\*', $tmp);
return $tmp;
}
/**
* Keeps track of what properties have been changed
*
* All setters should call this function. Otherwise, we won't
* know what's been changed in order to do the appropriate calls in LDAP
* @param string $property
* @param string $value
*/
private function changeProperty($property,$value)
{
if ($value) {
if ($value != $this->{$property}) {
if ($this->{$property}) {
$this->modifiedAttributes[$property] = $value;
}
else {
$this->addedAttributes[$property] = $value;
}
$this->{$property} = $value;
}
}
else {
if ($this->{$property}) {
$this->{$property} = '';
$this->deletedAttributes[$property] = array();
}
}
}
/**
* @return string
*/
public function getOU()
{
return $this->ou;
}
/**
* @return string
*/
public function getUID()
{
return $this->uid;
}
/**
* @return string
*/
public function getUsername()
{
return $this->uid;
}
/**
* @return string
*/
public function getFirstname()
{
return $this->givenName;
}
/**
* @return string
*/
public function getLastname()
{
return $this->sn;
}
/**
* @return string
*/
public function getCommonName()
{
return $this->cn;
}
/**
* @return string
*/
public function getDisplayName()
{
return $this->displayName;
}
/**
* @return string
*/
public function getBusinessCategory()
{
return $this->businessCategory;
}
/**
* @return string
*/
public function getDepartment()
{
return $this->departmentNumber;
}
/**
* @return string
*/
public function getOffice()
{
return $this->physicalDeliveryOfficeName;
}
/**
* @return string
*/
public function getTitle()
{
return $this->title;
}
/**
* @return string
*/
public function getEmail()
{
return $this->mail;
}
/**
* @return string
*/
public function getPhone()
{
return $this->telephoneNumber;
}
/**
* @return string
*/
public function getPreferredPhone()
{
return $this->preferredTelephoneNumber;
}
/**
* @return string
*/
public function getWebPhone()
{
return $this->webTelephoneNumber;
}
/**
* @return string
*/
public function getFax()
{
return $this->facsimileTelephoneNumber;
}
/**
* @return string
*/
public function getHomePhone()
{
return $this->homePhone;
}
/**
* @return string
*/
public function getCellPhone()
{
return $this->mobile;
}
/**
* @return string
*/
public function getDialup()
{
return $this->dialupAccess;
}
/**
* @return string
*/
public function getSambaLMPassword()
{
return $this->sambaLMPassword;
}
/**
* @return string
*/
public function getSambaNTPassword()
{
return $this->sambaNTPassword;
}
/**
* @return string
*/
public function getSambaSID()
{
return $this->sambaSID;
}
/**
* @return string
*/
public function getObjectClasses()
{
return $this->objectClasses;
}
/**
* @return raw
*/
public function getPhoto()
{
return $this->jpegPhoto;
}
/**
* @param string $string
*/
public function setUsername($string)
{
$this->changeProperty("uid",$this->sanitize($string));
}
/**
* @param string $string
*/
public function setFirstname($string)
{
$this->changeProperty("givenName",$this->sanitize($string));
}
/**
* @param string $string
*/
public function setLastname($string)
{
$this->changeProperty("sn",$this->sanitize($string));
}
/**
* @param string $string
*/
public function setCommonName($string)
{
$this->changeProperty("cn",$this->sanitize($string));
}
/**
* @param string $string
*/
public function setDisplayName($string)
{
$this->changeProperty("displayName",$this->sanitize($string));
}
/**
* @param string $string
*/
public function setBusinessCategory($string)
{
$this->changeProperty("businessCategory",$this->sanitize($string));
}
/**
* @param string $string
*/
public function setDepartment($string)
{
$this->changeProperty("departmentNumber",$this->sanitize($string));
}
/**
* @param string $string
*/
public function setOffice($string)
{
$this->changeProperty("physicalDeliveryOfficeName",$this->sanitize($string));
}
/**
* @param string $string
*/
public function setTitle($string)
{
$this->changeProperty("title",$this->sanitize($string));
}
/**
* @param string $string
*/
public function setEmail($string)
{
$this->changeProperty("mail",$this->sanitize($string));
}
/**
* @param string $string
*/
public function setPhone($string)
{
$this->changeProperty("telephoneNumber",preg_replace('/[^0-9ext\-\s]/','',$string));
}
/**
* @param string $string
*/
public function setPreferredPhone($string)
{
$this->changeProperty('preferredTelephoneNumber',
preg_replace('/[^0-9ext\-\s]/','',$string));
}
/**
* @param string $string
*/
public function setWebPhone($string)
{
$this->changeProperty('webTelephoneNumber',
preg_replace('/[^0-9ext\-\s]/','',$string));
}
/**
* @param string $string
*/
public function setFax($string)
{
$this->changeProperty('facsimileTelephoneNumber',
preg_replace('/[^0-9ext\-\s]/','',$string));
}
/**
* @param string $string
*/
public function setHomePhone($string)
{
$this->changeProperty('homePhone',preg_replace('/[^0-9ext\-\s]/','',$string));
}
/**
* @param string $string
*/
public function setCellPhone($string)
{
$this->changeProperty('mobile',preg_replace('/[^0-9ext\-\s]/','',$string));
}
/**
* @param string $string
*/
public function setDialup($string)
{
$this->changeProperty('dialupAccess',preg_replace('/[^0-9ext\-\s]/','',$string));
}
/**
* @param string $filePath
*/
public function setPhoto($filePath)
{
$this->changeProperty("jpegPhoto",file_get_contents($filePath));
}
}

View File

@ -6,7 +6,7 @@
* a city employee will have the same username and password on all applications. * a city employee will have the same username and password on all applications.
* Applications should use these public functions for their own users. * Applications should use these public functions for their own users.
* *
* @copyright 2006-2009 City of Bloomington, Indiana * @copyright 2006-2012 City of Bloomington, Indiana
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt * @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
* @author Cliff Ingham <inghamn@bloomington.in.gov> * @author Cliff Ingham <inghamn@bloomington.in.gov>
*/ */
@ -57,7 +57,7 @@ abstract class SystemUser
default: default:
$type = $this->getAuthenticationMethod(); $type = $this->getAuthenticationMethod();
return call_user_func(array($type,'authenticate'),$this->getUsername(),$password); return $type::authenticate($this->getUsername(),$password);
} }
} }
@ -74,8 +74,10 @@ abstract class SystemUser
} }
/** /**
* Determines which authentication method is being used, and sends the password to the * Used to save passwords to the database
* appropriate method *
* Only local passwords should be saved. External Identities should have
* their own methods for users to change passwords
*/ */
public function savePassword() public function savePassword()
{ {
@ -83,10 +85,6 @@ abstract class SystemUser
case "local": case "local":
$this->saveLocalPassword(); $this->saveLocalPassword();
break; break;
default:
$type = $this->getAuthenticationMethod();
call_user_func(array($type,'savePassword'),$this->getUsername(),$password);
} }
} }
} }

View File

@ -0,0 +1 @@
update users set authenticationMethod='Employee' where authenticationMethod='LDAP';