PHP Editor Review - Pear Manual Package authentication auth intro-storage

Overview

PEAR::Auth uses a number of so called storage containers to store the login data. The following passages describe all of them. If the containers that come with the package don't fit your needs, it is easy to create custom ones, also.

Database

PEAR::Auth uses the PEAR::DB abstraction layer for database access. That means that you can use all databases that are supported by the DB abstraction layer to store the login data.

The storage-specific argument for the Auth constructor() is an array.

Table 28-1. Array keys and values

Key	Description	Default value
"dsn"	A valid and well-formed DSN .	""
"table"	The name of the database table, where the authorization data is stored.	"auth"
"usernamecol"	The name of the colunm, where the username is stored	"username"
"passwordcol"	The name of the colunm, where the MD5-crypted password is stored. Make sure, that the password field can contain at least 32 characters.	"password"

File

The storage-specific argument for the Auth constructor() is the file name of the passwd-style file.

SMBPasswd

This storage container provides authentication against SAMBA smbpasswd files. The storage-specific argument for the Auth constructor() is the file name of the SAMBA passwd-style file.

IMAP

This storage container connects to the specified IMAP server and tries to login there with the specified username/password.

The storage-specific argument for the Auth constructor() is an array.

Table 28-2. Array keys and values

Key	Description	Default value
"host"	The hostname or the IP address of the IMAP server	"localhost"
"port"	The port where the IMAP server is listening	"143"

LDAP

The storage-specific argument for the Auth constructor() is an array.

Table 28-3. Array keys and values

Key	Description	Default value
"host"	The host name or IP-adress to access	"localhost"
"port"	The port of the LDAP server to access	"389"
"basedn"	The base distinguished name	"o=netsols,c=de"
"userattr"	Defines the attributes to request	"uid"

POP3

This storage container connects to the specified POP3 server and tries to login there with the specified username/password.

The storage-specific argument for the Auth constructor() is a string of the form server:port or just server.

RADIUS

You need Auth_RADIUS and the PECL radius in order to get this container to work.

The storage-specific argument for the Auth constructor() is an array.

Table 28-4. Array keys and values

Array of RADIUS servers, containing: host, port, shared secret, timeout, maxtries.

The host parameter specifies the server host, either as a fully qualified domain name or as a dotted-quad IP address in text form. The port parameter specifies the UDP port to contact on the server. If port is given as 0, the library looks up the radius/udp entry in the network services database, and uses the port found there. If no entry is found, the library uses the standard RADIUS port for authentication (1812). The shared secret for the server host is passed to the secret parameter. The RADIUS protocol ignores all but the leading 128 bytes of the shared secret. The timeout for receiving replies from the server is passed to the timeout parameter, in units of seconds. The maximum number of repeated requests to make before giving up is passed into the maxtries parameter.

At most 10 servers may be specified. When multiple servers are given, they are tried in round-robin fashion until a valid response is received, or until each server's maxtries limit has been reached.

array("localhost", 0, "testing123", 3, 3)

"authtype"

The authentication method for validating the request. Possible values are: PAP, CHAP_MD5, MSCHAPv1, MSCHAPv2.

There are dependencies for the different methods. For all authentication methods except PAP you need the Crypt_CHAP package, when you are using MS-CHAP you need also the mhash extension.

"PAP"

SOAP

The storage-specific argument for the Auth constructor() is an array.

Table 28-5. Array keys and values

Key	Description	Default value
"endpoint"	The URI where the service is located.
"namespace"	The namespace of the web service.
"method"	The SOAP method you wish to call.
"encoding"	The content encoding that should be used (e.g. `utf8`).
"usernamefield"	The name of the field where the username is stored.
"passwordfield"	The name of the field where the password is stored.

vpopmail

This container uses an existing vpopmail service to validate the username and the password.

It does not require any storage-specific argument.

Custom Storage Containers

Example for using your own storage container

Here is a skeleton for a custom Auth storage container

Example 28-1. CustomAuthContainer.php

include_once 'Auth/Container.php';

class CustomAuthContainer extends Auth_Container
{
    /**
     * Constructor
     */
    function CustomAuthContainer($params)
    {
      // Init Here
    }

    function fetchData($username, $password)
    {
        // Check If valid etc
        if($isvalid) {
            // Perform Some Actions
            return true;
        }
        return false;
    }
}

And here is how to use it.

Example 28-2. authcustom.php

include_once 'CustomAuthContainer.php';
include_once 'Auth/Auth.php';

$auth_container = new CustomAuthContainer($params);
$myauth = new Auth($auth_container);

$myauth->start();

Storage drivers

Overview

Database

File

SMBPasswd

IMAP

LDAP

POP3

RADIUS

SOAP

vpopmail

Custom Storage Containers