C:/usr/local/lib/php/blueshoes-4.2/core/auth/cug/Bs_Cug.class.phpandrej arn <andrej at blueshoes dot org>this class is used to manage closed user groups. cug's are secured partsof a website that only some ppl can access, usually based on login (user/pass) information.this class needs a session. it uses the global one if it exists, otherwiseit creates the global one.it also needs the bs form stuff to show and handle the login form.dependencies: Bs_Password, Bs_Form (which starts a chain of includes),HtmlTable, Bs_SessionFileClosed User Group (Cug) Class4.0.$id$blueshoes.org(default is NULL which means use $_post. only pass something if really needed.) @2do session handling is to change (use Bs_SimpleSession) --samConstructor.if this returns false we need to display the login form to the user.tells if the session is registered, the user is logged in.cause it might be needed for other things.logs out the user from this cug, does *not* kill the sessionreturns the login form as html code. (see above)if there was a successful login, you get bool TRUE back.otherwise (or on the first display) you get an html string back (thehtml login form).in the past this function redirected automatically after a successfullogin. that changed now, cause you may need to do other stuff, egregister some session vars. feel free to use $this->redirect() yourself.2002/04/18 --andrejtreats the login form.redirects to the specified page.overwrite this method.(hash, see above) (string on failure, bool TRUE on success. on failure $this->errorMsg gets set too.)param $validateData:has at least the keys:'sentUser''sentPass''user''pass'and may have all these 3 keys (or none of them) for the lifecycle:'isActive' (bool (TRUE/FALE) or int(1/0) (numericthat evaluates to bool))'startDatetime' (eg 2002-12-31, empty = already)'endDatetime' (eg 2002-12-31, empty = never)if the lifecycle is there, it is used.big note: these keys have nothing to do with the $userFieldNames object var; theyare internal here.helper function, gets called from _validateLogin(). (also returns FALSE if we don't know.)uses Bs_Password which might need some mysql db tables.let's see if this failed attempt looks like a hack.overwrite this method.(if the login was ok or not.)(set if login failed. default is ''.)(TRUE if yes. FALSE if no, unknown or unchecked. default is FALSE.)(hash, see above. default is NULL.)if set then it is a hash and can have 0-n of the keys 'realUserID', 'realUsername'and 'realPassword'.if the user-given userID matches a real one, then we can log the real user/passto see how much they were different. but you don't need that, maybe you don't wantto log the real user/pass combinations or only the user without real pass.param $realData:alerts the webmaster by email about the hack attempt.makes the user wait on failed logins.reference to the global settings hash.an instance of bs_form.refenrece to global session object.gets set in the constructor.we could just use $_POST, but this way we have the optionto use something different. may be needed.reference to the HTTP_POST_VARS array.a session var with that name will be set to int 1.so this name really should be unique if you run different cug's.this var gets set in the constructor.the cug needs a name. once the user logged in successfully,'frameset.php'once the login was successful.the page (maybe with directory) to which the user will be redirected'_top'default is '_top'. i think that's a good thing for most forms.if you want no target, unset() this var. empty is not enough.the target the login form submits to.'en'the language used0 means 'no limit'.how many login attempts does the user have?TRUE$actionOnHacklogins like root/root, guest/guest, letmein etc are considered hacks.the 3rd such login attempt will result in some action.if we should check for hack attempts or not.$checkForHackblockCnetblockUsernamealertWebmaster...blockIP1!!! important !!!:due to the current setup, to be able to determine the number offailed logins in a row or hack attempts, we need to log *all* login attempts,also the good ones. otherwise that "in a row" thing won't work.it could be done differently by saving a counter in the user table, but it'snot. recode it if you feel like doing it, i don't.0 = no1 = yes, all (=default)2 = failed only3 = successful onlyshould we log login attempts?0 = yes (all case sensitive)1 = only username2 = only password3 = no (all case insensitive)how should username and password be compared? case sensitive or not?array( 'user' => 'user', 'pass' => 'pass', 'isActive' => 'isActive', 'startDatetime' => 'startDatetime', 'endDatetime' => 'endDatetime', 'email' => 'email' )these are the defaults and recommended, you may need to changethem based on your data structure (array or db or file implementation or whatever).var $userFieldNames = array('user' => 'user','pass' => 'pass','isActive' => 'isActive','startDatetime' => 'startDatetime','endDatetime' => 'endDatetime','email' => 'email');user and pass are for authentication, isActive startDatetime and endDatetimefor the lifecycle, email is to automatically send the password to the user.if something is not there, that feature cannot be used (lifecycle/email).note: take care that you don't choose reserved names, eg 'password' for mysql.the captions of the keys.4.0.$x$isexisexceptiontostringtohtmlpersistunpersistbs_objectbbsetoutputbbawakebbisawakebbxmsgbbxfunctionstartbbxfunctionendbbxechobbxvarbbxvardumpbbforcetracebbbufferstartbbbuffergetbbbufferendflushbbbufferendcleanbs_object_versionBs_ObjectBs_ObjectBs_CugArrayBs_CugDb