Auth
The Auth:: class provides a common abstracted interface into the various backends for the Horde authentication system.
$Horde: framework/Auth/Auth.php,v 1.142.10.37 2009/10/26 11:58:58 jan Exp $
Copyright 1999-2009 The Horde Project (http://www.horde.org/)
See the enclosed file COPYING for license information (LGPL). If you did not receive this file, see http://opensource.org/licenses/lgpl-license.php.
Located in /Auth/Auth.php (line 80)
| Class | Description |
|---|---|
Auth_application
|
The Auth_application class provides a wrapper around application-provided Horde authentication which fits inside the Horde Auth:: API. |
|
Auth_auto
|
The Auth_auto class transparently logs users in to Horde using ONE username, either defined in the config or defaulting to 'horde_user'. This is only for use in testing or behind a firewall; it should NOT be used on a public, production machine. |
|
Auth_composite
|
The Auth_composite class provides a wrapper around application-provided Horde authentication which fits inside the Horde Auth:: API. |
|
Auth_cyrus
|
The Auth_cyrus class provides horde with the ability of administrating a Cyrus mail server authentications against another backend that Horde can update (eg SQL or LDAP). |
|
Auth_ftp
|
The Auth_ftp class provides an FTP implementation of the Horde authentication system. |
|
Auth_http
|
The Auth_http class transparently logs users in to Horde using already present HTTP authentication headers. |
|
Auth_http_remote
|
The Auth_http_remote class authenticates users against a remote HTTP-Auth endpoint. |
|
Auth_imap
|
The Auth_imap:: class provides an IMAP implementation of the Horde authentication system. |
|
Auth_imsp
|
The Auth_imsp class provides basic authentication against an IMSP server. |
|
Auth_ipbasic
|
The Auth_ipbasic class provides access control based on CIDR masks (client IP addresses). It is not meant for user-based systems, but for times when you want a block of IPs to be able to access a site, and that access is simply on/off - no preferences, etc... |
|
Auth_kolab
|
The Kolab implementation of the Horde authentication system. Derives from the Auth_imap IMAP authentication object, and provides parameters to it based on the global Kolab configuration. |
|
Auth_krb5
|
The Auth_krb5 class provides an kerberos implementation of the Horde authentication system. |
|
Auth_ldap
|
The Auth_ldap class provides an LDAP implementation of the Horde authentication system. |
|
Auth_login
|
The Auth_login:: class provides a system login implementation of the Horde authentication system. |
|
Auth_pam
|
The Auth_pam:: class provides a PAM-based implementation of the Horde authentication system. |
|
Auth_passwd
|
The Auth_passwd:: class provides a passwd-file implementation of the Horde authentication system. |
|
Auth_peclsasl
|
The Auth_peclsasl:: class provides a SASL-based implementation of the Horde authentication system. |
|
Auth_radius
|
The Auth_radius class provides a RADIUS implementation of the Horde authentication system. |
|
Auth_shibboleth
|
The Auth_shibboleth class only provides transparent authentication based on the headers set by a Shibboleth SP. Note that this class does not provide any actual SP functionality, it just takes the username from the HTTP headers that should be set by the Shibboleth SP. |
|
Auth_smb
|
The Auth_smb class provides an SMB implementation of the Horde authentication system. |
|
Auth_smbclient
|
The Auth_smbclient class provides an smbclient implementation of the Horde authentication system. |
|
Auth_sql
|
The Auth_sql class provides a SQL implementation of the Horde authentication system. |
boolean
authenticate
(string $userId, array $credentials, [boolean $login = true], [string $realm = null])
string
getCryptedPassword
(string $plaintext, [string $salt = ''], [string $encryption = 'md5-hex'], [boolean $show_encrypt = false])
void
setAuth
(string $userId, array $credentials, [string $realm = null], [boolean $changeRequested = false])
array
$capabilities
= array('add' => false,'update' => false,
'resetpassword' => false,
'remove' => false,
'list' => false,
'groups' => false,
'admins' => false,
'transparent' => false) (line 88)
An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
- Auth_application::$capabilities : An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
- Auth_auto::$capabilities : An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
- Auth_cyrus::$capabilities : An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
- Auth_http::$capabilities : An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
- Auth_http_remote::$capabilities : An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
- Auth_imsp::$capabilities : An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
- Auth_ipbasic::$capabilities : An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
- Auth_kolab::$capabilities : An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
- Auth_krb5::$capabilities : An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
- Auth_ldap::$capabilities : An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
- Auth_login::$capabilities : An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
- Auth_pam::$capabilities : An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
- Auth_passwd::$capabilities : An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
- Auth_peclsasl::$capabilities : An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
- Auth_radius::$capabilities : An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
- Auth_shibboleth::$capabilities : An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
- Auth_smb::$capabilities : An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
- Auth_smbclient::$capabilities : An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
- Auth_sql::$capabilities : An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
- Auth_customsql::$capabilities : An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
array
$_authCredentials
= array() (line 111)
The credentials currently being authenticated.
array
$_params
= array() (line 102)
Hash containing parameters.
addHook (line 865)
Applies a hook defined by the function _username_hook_frombackend() to the given user name if this function exists and user hooks are enabled.
This method should be called if a authentication backend's user name needs to be converted to a (unique) Horde user name. The backend's user name is what the user sees and uses, but internally we use the Horde user name.
- string $userId: The authentication backend's user name.
addLogoutParameters (line 1057)
Generates the correct parameters to pass to the given logout URL.
If no reason/msg is passed in, use the current global authentication error message.
- string $url: The URL to redirect to.
- string $reason: The reason for logout.
- string $msg: If reason is AUTH_REASON_MESSAGE, the message to display to the user.
addUser (line 394)
Adds a set of authentication credentials.
- string $userId: The userId to add.
- array $credentials: The credentials to use.
- Auth_application::addUser() : Add a set of authentication credentials.
- Auth_composite::addUser() : Add a set of authentication credentials.
- Auth_cyrus::addUser() : Add a set of authentication credentials.
- Auth_imap::addUser() : Add a set of authentication credentials.
- Auth_kolab::addUser() : Add a set of authentication credentials.
- Auth_ldap::addUser() : Add a set of authentication credentials.
- Auth_msad::addUser() : Add a set of authentication credentials.
- Auth_passwd::addUser() : Add a set of authentication credentials.
- Auth_sql::addUser() : Add a set of authentication credentials.
- Auth_customsql::addUser() : Add a set of authentication credentials.
- Auth_cyrsql::addUser() : Add a set of authentication credentials.
authenticate (line 136)
Finds out if a set of login credentials are valid, and if requested, mark the user as logged in in the current session.
- string $userId: The userId to check.
- array $credentials: The credentials to check.
- boolean $login: Whether to log the user in. If false, we'll only test the credentials and won't modify the current session. Defaults to true.
- string $realm: The authentication realm to check.
clearAuth (line 794)
Clears any authentication tokens in the current session.
- string $realm: The authentication realm to clear.
exists (line 480)
Checks if $userId exists in the system.
- string $userId: User ID for which to check
- Auth_application::exists() : Checks if $userId exists in the system.
- Auth_composite::exists() : Checks if a userId exists in the system.
- Auth_cyrus::exists() : Checks if a userId exists in the system.
- Auth_sql::exists() : Checks if a userId exists in the system.
- Auth_customsql::exists() : Checks if a userId exists in the system.
factory (line 1300)
Attempts to return a concrete Auth instance based on $driver.
- mixed $driver: The type of concrete Auth subclass to return. This is based on the storage driver ($driver). The code is dynamically included. If $driver is an array, then we will look in $driver[0]/lib/Auth/ for the subclass implementation named $driver[1].php.
- array $params: A hash containing any additional configuration or connection parameters a subclass might need.
genRandomPassword (line 365)
Generates a random, hopefully pronounceable, password. This can be used when resetting automatically a user's password.
getAuth (line 543)
Returns the currently logged in user, if there is one.
getAuthDomain (line 599)
Returns the domain of currently logged-in user (e.g., bob@example.com would be returned as 'example.com').
getBareAuth (line 578)
Returns the curently logged-in user without any domain information (e.g., bob@example.com would be returned as 'bob').
getCredential (line 620)
Returns the requested credential for the currently logged in user, if present.
- string $credential: The credential to retrieve.
getCryptedPassword (line 200)
Formats a password using the current encryption.
- string $plaintext: The plaintext password to encrypt.
- string $salt: The salt to use to encrypt the password. If not present, a new salt will be generated.
- string $encryption: The kind of pasword encryption to use. Defaults to md5-hex.
- boolean $show_encrypt: Some password systems prepend the kind of encryption to the crypted password ({SHA}, etc). Defaults to false.
getDriver (line 118)
Returns the name of the concrete Auth implementation.
getLoginScreen (line 924)
Returns the URI of the login screen for the current authentication method.
- string $app: The application to use.
- string $url: The URL to redirect to after login.
getLogoutReason (line 984)
Returns the logout reason.
getLogoutReasonString (line 998)
Returns the status string to use for logout messages.
getParam (line 937)
Returns the named parameter for the current auth driver.
- string $param: The parameter to fetch.
- Auth_composite::getParam() : Return the named parameter for the current auth driver.
getProvider (line 953)
Returns the name of the authentication provider.
- string $driver: Used by recursive calls when untangling composite auth.
- array $params: Used by recursive calls when untangling composite auth.
getSalt (line 299)
Returns a salt for the appropriate kind of password encryption.
Optionally takes a seed and a plaintext password, to extract the seed of an existing password, or for encryption types that use the plaintext in the generation of the salt.
- string $encryption: The kind of pasword encryption to use. Defaults to md5-hex.
- string $seed: The seed to get the salt from (probably a previously generated password). Defaults to generating a new seed.
- string $plaintext: The plaintext password that we're generating a salt for. Defaults to none.
hasCapability (line 910)
Queries the current Auth object to find out if it supports the given capability.
- string $capability: The capability to test for.
- Auth_application::hasCapability() : Queries the current Auth object to find out if it supports the given capability.
- Auth_composite::hasCapability() : Query the current Auth object to find out if it supports the given capability.
isAdmin (line 822)
Is the current user an administrator?
- string $permission: Allow users with this permission admin access in the current context.
- integer $permlevel: The level of permissions to check for (PERMS_EDIT, PERMS_DELETE, etc). Defaults to PERMS_EDIT.
- string $user: The user to check. Defaults to Auth::getAuth().
isAuthenticated (line 510)
Checks if there is a session with valid auth information. for the specified user. If there isn't, but the configured Auth driver supports transparent authentication, then we try that.
- string $realm: The authentication realm to check.
isPasswordChangeRequested (line 560)
Return whether the authentication backend requested a password change.
listUsers (line 466)
Lists all users in the system.
- Auth_application::listUsers() : List all users in the system.
- Auth_composite::listUsers() : List all users in the system.
- Auth_cyrus::listUsers() : List all users in the system.
- Auth_http::listUsers() : List all users in the system.
- Auth_imap::listUsers() : List all users in the system.
- Auth_kolab::listUsers() : List Users
- Auth_ldap::listUsers() : List Users
- Auth_passwd::listUsers() : List all users in the system.
- Auth_sql::listUsers() : List all users in the system.
- Auth_customsql::listUsers() : List all users in the system.
- Auth_cyrsql::listUsers() : List all users in the system.
readSessionData (line 1097)
Reads session data to determine if it contains Horde authentication credentials.
- string $session_data: The session data.
- boolean $info: Return session information. The following information is returned: userid, realm, timestamp, remote_addr, browser.
removeHook (line 890)
Applies a hook defined by the function _username_hook_tobackend() to the given user name if this function exists and user hooks are enabled.
This method should be called if a Horde user name needs to be converted to an authentication backend's user name or displayed to the user. The backend's user name is what the user sees and uses, but internally we use the Horde user name.
- string $userId: The internal Horde user name.
removeUser (line 424)
Deletes a set of authentication credentials.
- string $userId: The userId to delete.
- Auth_application::removeUser() : Delete a set of authentication credentials.
- Auth_composite::removeUser() : Delete a set of authentication credentials.
- Auth_cyrus::removeUser() : Delete a set of authentication credentials.
- Auth_imap::removeUser() : Delete a set of authentication credentials.
- Auth_ldap::removeUser() : Remove a set of authentication credentials.
- Auth_msad::removeUser() : Remove a set of authentication credentials.
- Auth_passwd::removeUser() : Delete a set of authentication credentials.
- Auth_sql::removeUser() : Delete a set of authentication credentials.
- Auth_customsql::removeUser() : Delete a set of authentication credentials.
- Auth_cyrsql::removeUser() : Delete a set of authentication credentials.
removeUserData (line 436)
Calls all applications' removeUser API methods.
- string $userId: The userId to delete.
setAuth (line 673)
Sets a variable in the session saying that authorization has succeeded, note which userId was authorized, and note when the login took place.
If a user name hook was defined in the configuration, it gets applied to the userId at this point.
- string $userId: The userId who has been authorized.
- array $credentials: The credentials of the user.
- string $realm: The authentication realm to use.
- boolean $changeRequested: Whether to request that the user change their password.
- Auth_kolab::setAuth() : Sets a variable in the session saying that authorization has succeeded, note which userId was authorized, and note when the login took place.
setCredential (line 645)
Sets the requested credential for the currently logged in user.
- string $credential: The credential to set.
- string $value: The value to set the credential to.
singleton (line 1358)
Attempts to return a reference to a concrete Auth instance based on $driver. It will only create a new instance if no Auth instance with the same parameters currently exists.
This should be used if multiple authentication sources (and, thus, multiple Auth instances) are required.
This method must be invoked as: $var = &Auth::singleton()
- string $driver: The type of concrete Auth subclass to return. This is based on the storage driver ($driver). The code is dynamically included.
- array $params: A hash containing any additional configuration or connection parameters a subclass might need.
transparent (line 496)
Automatic authentication.
- Auth_auto::transparent() : Automatic authentication: Set the user allowed IP block.
- Auth_composite::transparent() : Automatic authentication: Find out if the client matches an allowed IP block.
- Auth_cyrus::transparent() : Automatic authentication: Find out if the client matches an allowed IP block.
- Auth_http::transparent() : Automatic authentication: Find out if the client has HTTP authentication info present.
- Auth_ipbasic::transparent() : Automatic authentication: Find out if the client matches an allowed IP block.
- Auth_shibboleth::transparent() : Automatic authentication: Check if the username is set in the configured header.
updateUser (line 410)
Updates a set of authentication credentials.
- string $oldID: The old userId.
- string $newID: The new userId.
- array $credentials: The new credentials
- Auth_application::updateUser() : Update a set of authentication credentials.
- Auth_composite::updateUser() : Update a set of authentication credentials.
- Auth_cyrus::updateUser() : Update a set of authentication credentials.
- Auth_ldap::updateUser() : Update a set of authentication credentials.
- Auth_msad::updateUser() : Update a set of authentication credentials.
- Auth_passwd::updateUser() : Update a set of authentication credentials.
- Auth_sql::updateUser() : Update a set of authentication credentials.
- Auth_customsql::updateUser() : Update a set of authentication credentials.
- Auth_cyrsql::updateUser() : Update a set of authentication credentials.
_authenticate (line 1160)
Authentication stub.
_isAdmin (line 1173)
Driver-level admin check stub.
- $permission
- $permlevel
- $user
Documentation generated on Sun, 30 Jan 2011 05:15:19 +0000 by phpDocumentor 1.4.3