search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
histogram: Make histograms crash less
[ninja.git] / application / helpers / ninja_auth.php
blob7056ecbe27c5a155521db50731d72dbe062fe4e4
1 <?php
2 /**
3 * This helper class provides various routines for authenticating
4 * users against a database that stores passwords with multiple
5 * different hash-types
6 */
7 class ninja_auth_Core
8 {
9 /**
10 * Does the required steps to log in a user via the specified auth_method
11 * (the last bit means you have to make sure that session/config has properly
12 * stringified auth_method).
13 *
14 * FIXME: what's an auth method in this context?
15 *
16 * @param $username The user's username
17 * @param $password The user's password
18 * @param $auth_method optional, authentication method to use
19 * @returns TRUE if everything was OK, or a string controller you're suggested to redirect to
20 */
21 public static function login_user($username, $password, $auth_method = false) {
22 $auth = Auth::instance();
23
24 $result = $auth->login($username, $password, $auth_method);
25
26 /*
27 * If no user: Not authenticated, handle event...
28 */
29 if (!$result) {
30 # This brute force protection is absolutely fool-proof, as long
31 # as nobody uses evil hacker tools like curl or "Clean History"
32 $session = Session::instance();
33
34 $session->set('login_attempts', $session->get('login_attempts')+1);
35
36 $max_attempts = Kohana::config('auth.max_attempts');
37 # set login error to user
38 $error_msg = _("Login failed - please try again");
39 if ($max_attempts) {
40 $error_msg .= " (".($max_attempts - $session->get('login_attempts'))." left)";
41 }
42
43 if ($max_attempts && $session->get('login_attempts') >= $max_attempts) {
44 $error_msg = sprintf(_("You have been locked out due to %s failed login attempts"), $session->get('login_attempts'));
45 $session->set('error_msg', $error_msg);
46 $session->set('locked_out', true);
47 return 'default/locked_out';
48 }
49
50 $session->set_flash('error_msg', $error_msg);
51 return 'default/show_login';
52 }
53 else {
54 /* FIXME: Is limited user? Treat all as limited for now...
55 * above else should be: else if(limited user) {
56 */
57
58 /**
59 * Take care of access for limited users
60 *
61 * Check that user has access to view some objects
62 * or logout with a message
63 */
64
65 $ls = Livestatus::instance();
66 $host_totals = $ls->getHostTotals();
67
68 $redirect = false;
69 if ($host_totals->total == 0) {
70 $service_totals = $ls->getServiceTotals();
71 if ($service_totals->total == 0) {
72 Session::instance()->set_flash('error_msg',
73 _("You have been denied access since you aren't authorized for any objects."));
74 return 'default/show_login';
75 }
76 }
77 }
78 return true;
79 }
80
81 /**
82 * Check if the user has tried
83 * to login too many times
84 *
85 * @return bool
86 */
87 public static function is_locked_out()
88 {
89 $session = Session::instance();
90 if ($session->get('locked_out') && Kohana::config('auth.max_attempts')) {
91 return true;
92 }
93 return false;
94 }
95 }
This is an effort to rewrite the Nagios GUI in PHP. It uses the Kohana framework to do much of the heavy lifting.