New Feature OpenID Connect (#7355)

* Refactor authentication to allow for OpenID Connect
The authentication class has been refactored to separate the `validate` function for the method `create_user_session`. This is needed for the OpenID Connect module to authenticate a user without going through the process of all authentication plugins. Only the function `check_user_cidr` has been rewritten to use a single loop instead of a double-loop.
Due to the fact that create_user_function is public, the $result associative array is checked to ensure the required fields are present and the UUID fields are valid UUIDs. Further checking could be done against the database to ensure the UUIDs exist but this has been suppressed at this time because database queries would be required.

* Database class modified to allow for login banners for OpenID Connect
The database class is responsible for creating the view for login. The OpenID application required banners to be present so that any OpenID Connect authentication mechanism could be used. Each banner displayed has the properties of: name, image, alt, and url. The name is the class name of the authentication plugin. This will match the action in the URL. The image is the image banner used for the login. The alt is the alternate text used for screen readers. Each authenticator is responsible for providing each of the field values.

* Added PHPDocs for the check_cidr function

* Add backwards compatibility for PHP versions below 8

* Remove get_banner_alt

* Update check_cidr to allow cidr array

* Update authentication.php

* Update functions.php

* Update authentication.php

resources/functions.php

@@ -27,6 +27,21 @@
 	  Luis Daniel Lucio Quiroz <dlucio@okay.com.mx>
 	*/
 
+	if (!function_exists('str_contains')) {
+		/**
+		 * Determine if a string contains a given substring
+		 * <p>Performs a case-sensitive check indicating if <b>needle</b> is contained in <b>haystack</b>.</p>
+		 * @param string $haystack The string to search in.
+		 * @param string $needle The substring to search for in the <b>haystack</b>.
+		 * @return bool Returns <i>true</i> if <b>needle</b> is in <b>haystack</b>, <i>false</i> otherwise
+		 * @link https://www.php.net/manual/en/function.str-contains.php Official PHP documentation
+		 * @see str_ends_with(), str_starts_with(), strpos(), stripos(), strrpos(), strripos(), strstr(), strpbrk(), substr(), preg_match()
+		 */
+		function str_contains(string $haystack, string $needle): bool {
+			return strpos($haystack, $needle) !== false;
+		}
+	}
+
 	if (!function_exists('str_starts_with')) {
 		/**
 		 * Checks if a string starts with a given substring
@@ -116,13 +131,35 @@
 
 	if (!function_exists('check_cidr')) {
 
+		/**
+		 * Checks if the $ip_address is within the range of the given $cidr
+		 * @param string|array $cidr
+		 * @param string $ip_address
+		 * @return bool return true if the IP address is in CIDR or if it is empty
+		 */
 		function check_cidr($cidr, $ip_address) {
-			if (isset($cidr) && !empty($cidr)) {
-				list ($subnet, $mask) = explode('/', $cidr);
-				return ( ip2long($ip_address) & ~((1 << (32 - $mask)) - 1) ) == ip2long($subnet);
-			} else {
-				return false;
+
+			//no cidr restriction
+			if (empty($cidr)) {
+				return true;
 			}
+
+			//check to see if the user's remote address is in the cidr array
+			if (is_array($cidr) {
+			    	//cidr is an array
+				foreach ($cidr as $value) {
+					if (check_cidr($value, $ip_address)) {
+						return true;
+					}
+				}
+			} else {
+				//cidr is a string
+				list ($subnet, $mask) = explode('/', $cidr);
+				return (ip2long($ip_address) & ~((1 << (32 - $mask)) - 1)) == ip2long($subnet);
+			}
+
+			//value not found in cidr
+			return false;
 		}
 
 	}