[dev] new third party for login

steve mailling at gmx.co.uk
Sun Jun 29 13:54:21 PDT 2003


I improved the coding to match the CODING_STANDARDS. Let me know if you 
find any errors I missed.

I did this class for 2 reasons:
- I want to be able to log in from web site (so yahoo, lycos or other web 
portals)
- I have the 'vision' that Horde could be a application portal (with 
e-mails, news, ...). Data for the calendar will come from yahoo, the 
e-mails from hotmail,...  but the portal will stay horde.org and we will 
still use IMP for e-mails, kronolith for the calendar, .... A little bit 
like the Passeport from Microsoft where the authentification process is 
Microsoft based. Therefore, we need drivers to work properly with Web 
application (not SOAP, just Web applications).

At 21:00 28/06/2003, you wrote:
>Date: Fri, 27 Jun 2003 15:46:11 -0400
>From: Chuck Hagenbuch <chuck at horde.org>
>Subject: Re: [dev] new third party for login
>To: dev at lists.horde.org
>Message-ID: <1056743171.a4ee5ef1b3499 at marina.horde.org>
>Content-Type: text/plain; charset="ISO-8859-1"
>
>Quoting steve <mailling at gmx.co.uk>:
>
> > I developed a new way to work with login from a web site (the goal is to
> > add new services from other web sites).
>
>I'm not entirely sure what we gain from this? It requires subclassing, so 
>at the
>moment, we get no additional functionality without more classes. Also, please
>read docs/CODING_STANDARDS - lots of little things in the code that I'd 
>have to
>go through and fix. And sending the code as a plain text attachment would
>preserve the formatting which would be nice.
>
> > -- Here is a new yahoo.php
> > -- I didn't provide a diff since the file doesn't change so often and the
> > changes are important
>
>If the changes are important, a diff calls them out. Please always send diffs;
>full files are hell to deal with especially if the file happens to have
>changed.
>
> > What do you think about it? What do you think about the place of url.php in
> > the tree?
>
>It's the right place for it; I'd just like a cleaner patch and more of an
>explanation of what we get out of this, or a matching parameter so that you
>don't need a subclass, or ... etc.
>
>-chuck



---lib/auth/url.php
<?php
/**
  * The Auth_url:: class checks login credentials against a login/password
  * feature of a web site
  *
  * $Horde: horde/lib/Auth/yahoo.php,v 1.7 2003/06/19 18:47:45 chuck Exp $
  *
  * Copyright 1999-2003 Stephane Huther <smailling at free.fr>
  *
  * Required values for $params:
  *   'login_url'        Url of the login page (without http://)
  *   'logout_url'       Url of the logout page (without http://)
  *   'https'            True if https has to be used
  *   'usernamefield'    Name of the 'username' field
  *   'passwordfield'    Name of the 'password' field
  *   'method'           Method (POST, ...)
  *   'allowRedirects'   Allow redirections
  *
  * See the enclosed file COPYING for license information (LGPL). If you
  * did not receive this file, see yahoo://www.fsf.org/copyleft/lgpl.html.
  *
  * @author  Stephane Huther <smailling at free.fr>
  * @version $Revision: 1.7 $
  * @since   Horde 3.0
  * @package horde.auth
  * @todo add support for cookies
  */
class Auth_url extends Auth {

     /**
      * Constructs a new Url authentication object.
      *
      * @access public
      *
      * @param optional array $params  A hash containing parameters.
      */
     function Auth_url($params = array())
     {
         $this->_params = $params;
     }

     /**
      * Find out if a set of login credentials are valid.
      *
      * @access private
      *
      * @param string $userID       The userID to check.
      * @param array  $credentials  The credentials to use.
      *
      * @return boolean  Whether or not the credentials are valid.
      */
     function _authenticate($userID, $credentials)
     {
         if (!isset($this->_params['login_url'])) {
             Horde::fatal(PEAR::raiseError(_("Required 'login_url' not 
specified in authentication configuration.")), __FILE__, __LINE__);
         }
         if (!isset($this->_params['logout_url'])) {
             Horde::fatal(PEAR::raiseError(_("Required 'logout_url' not 
specified in authentication configuration.")), __FILE__, __LINE__);
         }
         if (!isset($this->_params['https'])) {
             Horde::fatal(PEAR::raiseError(_("Required 'https' not 
specified in authentication configuration.")), __FILE__, __LINE__);
         }
         if (!isset($this->_params['usernamefield'])) {
             Horde::fatal(PEAR::raiseError(_("Required 'usernamefield' not 
specified in authentication configuration.")), __FILE__, __LINE__);
         }
         if (!isset($this->_params['passwordfield'])) {
             Horde::fatal(PEAR::raiseError(_("Required 'passwordfield' not 
specified in authentication configuration.")), __FILE__, __LINE__);
         }
         if (!isset($this->_params['method'])) {
             Horde::fatal(PEAR::raiseError(_("Required 'method' not 
specified in authentication configuration.")), __FILE__, __LINE__);
         }
         if (!isset($this->_params['allowRedirects'])) {
             Horde::fatal(PEAR::raiseError(_("Required 'allowRedirects' not 
specified in authentication configuration.")), __FILE__, __LINE__);
         }

         $options['method'] = $this->_params['method'];
         $options['timeout'] = 5;
         $options['allowRedirects'] = $this->_params['allowRedirects'];

         require_once 'HTTP/Request.php';
         if ($this->_params['https']) {
             $url='https://' . $this->_params['login_url'] ;
         } else {
             $url='http://' . $this->_params['login_url'] ;
         }

         $http = &new HTTP_Request($url, $options);

         $http->addPostData($this->_params['usernamefield'], $userID);
         $http->addPostData($this->_params['passwordfield'], 
$credentials['password']);

         $result = $http->sendRequest();
         if (is_a($result, 'PEAR_Error')) {
             $result = $result->getMessage();
         } else {
             $result = $http->getResponseBody();
         }

         $login_status=$this->_checkauthenticate($userID, $credentials, $http);
         if (is_a($login_status, 'PEAR_Error') || !$login_status ) {
             Horde::logMessage($result, __FILE__, __LINE__, PEAR_LOG_DEBUG);
             $this->_setAuthError();
             return false;
         } else {
             return true;
         }
     }

     /**
      * Analyse the result page after the login process to check if the login
          * procedure went fine.
      * Must be overwritten
      *
      * @access private
      *
      * @param string $userID       The userID to check.
      * @param array  $credentials  The credentials to use.
      * @param object $http         Used $http
      *
      * @return boolean  Whether or not the credentials are valid.
      */
     function _checkauthenticate($userID, $credentials, $http)
     {
         return PEAR::raiseError('unsupported');
     }

}






More information about the dev mailing list