* @license http://opensource.org/licenses/lgpl-license.php LGPL - GNU Lesser General Public License * @package api * @subpackage authentication * @version $Id$ */ /** * Authentication agains a LDAP Server with fallback to SQL * * For other fallback types, simply change auth backends in constructor call */ class auth_fallback implements auth_backend { /** * Primary auth backend * * @var auth_backend */ private $primary_backend; /** * Fallback auth backend * * @var auth_backend */ private $fallback_backend; /** * Constructor */ function __construct($primary='auth_ldap',$fallback='auth_sql') { $this->primary_backend = new $primary; $this->fallback_backend = new $fallback; } /** * authentication against LDAP with fallback to SQL * * @param string $username username of account to authenticate * @param string $passwd corresponding password * @return boolean true if successful authenticated, false otherwise */ function authenticate($username, $passwd, $passwd_type='text') { if ($this->primary_backend->authenticate($username, $passwd, $passwd_type)) { egw_cache::setInstance(__CLASS__,'backend_used-'.$username,'primary'); return true; } if ($this->fallback_backend->authenticate($username,$passwd, $passwd_type)) { egw_cache::setInstance(__CLASS__,'backend_used-'.$username,'fallback'); return true; } return false; } /** * changes password in LDAP * * If $old_passwd is given, the password change is done binded as user and NOT with the * "root" dn given in the configurations. * * @param string $old_passwd must be cleartext or empty to not to be checked * @param string $new_passwd must be cleartext * @param int $account_id account id of user whose passwd should be changed * @return boolean true if password successful changed, false otherwise */ function change_password($old_passwd, $new_passwd, $account_id=0) { if(!$account_id || $GLOBALS['egw_info']['flags']['currentapp'] == 'login') { $admin = False; $account_id = $GLOBALS['egw_info']['user']['account_id']; $username = $GLOBALS['egw_info']['user']['account_lid']; } else { $username = $GLOBALS['egw']->accounts->id2name($account_id); } if (egw_cache::getInstance(__CLASS__,'backend_used-'.$username) == 'primary') { return $this->primary_backend->change_password($old_passwd, $new_passwd, $account_id); } return $this->fallback_backend->change_password($old_passwd, $new_passwd, $account_id); } /** * fetch the last pwd change for the user * * @param string $username username of account to authenticate * @return mixed false or account_lastpwd_change */ function getLastPwdChange($username) { if (egw_cache::getInstance(__CLASS__,'backend_used-'.$username) == 'primary') { return false; } return $this->fallback_backend->getLastPwdChange($username); } /** * changes account_lastpwd_change in sql datababse * * @param int $account_id account id of user whose passwd should be changed * @param string $passwd must be cleartext, usually not used, but may be used to authenticate as user to do the change -> ldap * @param int $lastpwdchange must be a unixtimestamp * @return boolean true if account_lastpwd_change successful changed, false otherwise */ function setLastPwdChange($account_id=0, $passwd=NULL, $lastpwdchange=NULL) { if(!$account_id || $GLOBALS['egw_info']['flags']['currentapp'] == 'login') { $admin = False; $account_id = $GLOBALS['egw_info']['user']['account_id']; $username = $GLOBALS['egw_info']['user']['account_lid']; } else { $username = $GLOBALS['egw']->accounts->id2name($account_id); } if (egw_cache::getInstance(__CLASS__,'backend_used-'.$username) == 'primary') { return false; } return $this->fallback_backend->setLastPwdChange($account_id, $passwd, $lastpwdchange); } }