CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
Zend_Auth_Result example
if (!$authHeader) {
return $this->_challengeClient();
}
list($clientScheme) = explode(' ', $authHeader);
$clientScheme = strtolower($clientScheme);
// The server can issue multiple challenges, but the client should // answer with only the selected auth scheme. if (!in_array($clientScheme, $this->_supportedSchemes)) {
$this->_response->setStatusCode(400);
return new Zend_Auth_Result(
Zend_Auth_Result::FAILURE_UNCATEGORIZED,
array(),
array('Client requested an incorrect or unsupported authentication scheme')
);
}
// client sent a scheme that is not the one required if (!in_array($clientScheme, $this->_acceptSchemes)) {
// challenge again the client return $this->_challengeClient();
}
return $this->_challengeClient();
}
list($clientScheme) = explode(' ', $authHeader);
$clientScheme = strtolower($clientScheme);
// The server can issue multiple challenges, but the client should // answer with only the selected auth scheme. if (!in_array($clientScheme, $this->_supportedSchemes)) {
$this->_response->setStatusCode(400);
return new Zend_Auth_Result(
Zend_Auth_Result::FAILURE_UNCATEGORIZED,
array(),
array('Client requested an incorrect or unsupported authentication scheme')
);
}
// client sent a scheme that is not the one required if (!in_array($clientScheme, $this->_acceptSchemes)) {
// challenge again the client return $this->_challengeClient();
}
return $this->_authenticateCreateAuthResult();
}
/** * _authenticateCreateAuthResult() - Creates a Zend_Auth_Result object from * the information that has been collected during the authenticate() attempt. * * @return Zend_Auth_Result */
protected function _authenticateCreateAuthResult()
{
return new Zend_Auth_Result(
$this->_authenticateResultInfo['code'],
$this->_authenticateResultInfo['identity'],
$this->_authenticateResultInfo['messages']
);
}
}
}
/** * _authenticateCreateAuthResult() - Creates a Zend_Auth_Result object from * the information that has been collected during the authenticate() attempt. * * @return Zend_Auth_Result */
protected function _authenticateCreateAuthResult()
{
return new Zend_Auth_Result(
$this->_authenticateResultInfo['code'],
$this->_authenticateResultInfo['identity'],
$this->_authenticateResultInfo['messages']
);
}
}
'messages' => array()
);
while ($line = trim(fgets($fileHandle))) {
if (substr($line, 0, $idLength) === $id) {
if ($this->_secureStringCompare(substr($line, -32), md5("$this->_username:$this->_realm:$this->_password"))) {
$result['code'] = Zend_Auth_Result::SUCCESS;
} else {
$result['code'] = Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID;
$result['messages'][] = 'Password incorrect';
}
return new Zend_Auth_Result($result['code'], $result['identity'], $result['messages']);
}
}
$result['code'] = Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND;
$result['messages'][] = "Username '$this->_username' and realm '$this->_realm' combination not found";
return new Zend_Auth_Result($result['code'], $result['identity'], $result['messages']);
}
/** * Securely compare two strings for equality while avoided C level memcmp() * optimisations capable of leaking timing information useful to an attacker * attempting to iteratively guess the unknown string (e.g. password) being * compared against. * * @param string $a * @param string $b * @return bool */
);
while ($line = trim(fgets($fileHandle))) {
if (substr($line, 0, $idLength) === $id) {
if ($this->_secureStringCompare(substr($line, -32), md5("$this->_username:$this->_realm:$this->_password"))) {
$result['code'] = Zend_Auth_Result::SUCCESS;
} else {
$result['code'] = Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID;
$result['messages'][] = 'Password incorrect';
}
return new Zend_Auth_Result($result['code'], $result['identity'], $result['messages']);
}
}
$result['code'] = Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND;
$result['messages'][] = "Username '$this->_username' and realm '$this->_realm' combination not found";
return new Zend_Auth_Result($result['code'], $result['identity'], $result['messages']);
}
/** * Securely compare two strings for equality while avoided C level memcmp() * optimisations capable of leaking timing information useful to an attacker * attempting to iteratively guess the unknown string (e.g. password) being * compared against. * * @param string $a * @param string $b * @return bool */
$result = parent::authenticate();
$select = $this->_zendDb->select();
$select->from($this->_tableName);
$select->where($this->_zendDb->quoteIdentifier($this->_identityColumn, true) . ' = ?', $this->_identity);
$user = $this->_zendDb->fetchRow($select, [], Zend_Db::FETCH_OBJ);
if ($result->isValid()) {
// Check if user role is active $sql = 'SELECT enabled FROM s_core_auth_roles WHERE id = ?';
if ($this->_zendDb->fetchOne($sql, [$user->roleID]) == false) {
return new Zend_Auth_Result(
Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND,
$this->_identity,
[]
);
}
$this->session->migrate(true);
$this->setSessionId($this->session->getId());
$this->updateExpiry();
$select = $this->_zendDb->select();
$select->from($this->_tableName);
$select->where($this->_zendDb->quoteIdentifier($this->_identityColumn, true) . ' = ?', $this->_identity);
$user = $this->_zendDb->fetchRow($select, [], Zend_Db::FETCH_OBJ);
if ($result->isValid()) {
// Check if user role is active $sql = 'SELECT enabled FROM s_core_auth_roles WHERE id = ?';
if ($this->_zendDb->fetchOne($sql, [$user->roleID]) == false) {
return new Zend_Auth_Result(
Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND,
$this->_identity,
[]
);
}
$this->session->migrate(true);
$this->setSessionId($this->session->getId());
$this->updateExpiry();