Beispiel #1
0
function alt_login($user_info_object, $uname, $pass)
{
    global $warning, $auth_ids;
    $auth = array_search($user_info_object->password, $auth_ids);
    $auth_method_settings = get_auth_settings($auth);
    $auth_allow = 1;
    // a CAS user might enter a username/password in the form, instead of doing CAS login
    // check auth according to the defined alternative authentication method of CAS
    if ($auth == 7) {
        $cas = explode('|', $auth_method_settings['auth_settings']);
        $cas_altauth = intval(str_replace('cas_altauth=', '', $cas[7]));
        // check if alt auth is valid and active
        if ($cas_altauth > 0 && check_auth_active($cas_altauth)) {
            $auth = $cas_altauth;
            // fetch settings of alt auth
            $auth_method_settings = get_auth_settings($auth);
        } else {
            return 7;
            // Redirect to CAS login
        }
    }
    if ($auth == 6) {
        return 6;
        // Redirect to Shibboleth login
    }
    if ($user_info_object->password == $auth_method_settings['auth_name'] || !empty($cas_altauth)) {
        $is_valid = auth_user_login($auth, $uname, $pass, $auth_method_settings);
        if ($is_valid) {
            $is_active = check_activity($user_info_object->id);
            // check for admin privileges
            $admin_rights = get_admin_rights($user_info_object->id);
            if ($admin_rights == ADMIN_USER) {
                $is_active = 1;
                // admin user is always active
                $_SESSION['is_admin'] = 1;
            } elseif ($admin_rights == POWER_USER) {
                $_SESSION['is_power_user'] = 1;
            } elseif ($admin_rights == USERMANAGE_USER) {
                $_SESSION['is_usermanage_user'] = 1;
            } elseif ($admin_rights == DEPARTMENTMANAGE_USER) {
                $_SESSION['is_departmentmanage_user'] = 1;
            }
            if (!empty($is_active)) {
                $auth_allow = 1;
            } else {
                $auth_allow = 3;
                $user = $user_info_object->id;
            }
        } else {
            $auth_allow = 2;
            // log invalid logins
            Log::record(0, 0, LOG_LOGIN_FAILURE, array('uname' => $uname, 'pass' => $pass));
        }
        if ($auth_allow == 1) {
            $_SESSION['uid'] = $user_info_object->id;
            $_SESSION['uname'] = $user_info_object->username;
            // if ldap entries have changed update database
            if (!empty($auth_user_info['firstname']) and !empty($auth_user_info['lastname']) and ($user_info_object->givenname != $auth_user_info['firstname'] or $user_info_object->surname != $auth_user_info['lastname'])) {
                Database::get()->query("UPDATE user SET givenname = '" . $auth_user_info['firstname'] . "',\n                                                          surname = '" . $auth_user_info['lastname'] . "'\n                                                      WHERE id = " . $user_info_object->id . "");
                $_SESSION['surname'] = $auth_user_info['firstname'];
                $_SESSION['givenname'] = $auth_user_info['lastname'];
            } else {
                $_SESSION['surname'] = $user_info_object->surname;
                $_SESSION['givenname'] = $user_info_object->givenname;
            }
            $_SESSION['status'] = $user_info_object->status;
            $_SESSION['email'] = $user_info_object->email;
            $GLOBALS['language'] = $_SESSION['langswitch'] = $user_info_object->lang;
        }
    } else {
        $warning .= "<br>{$langInvalidAuth}<br>";
    }
    return $auth_allow;
}
Beispiel #2
0
$session_id = $_GET['session'];
session_id($session_id);
session_start();
require_once '../../include/init.php';
require_once 'modules/auth/auth.inc.php';
// validate token timestamp
if (!token_validate($username . $session_id, $token, 500)) {
    exit;
}
$exists = Database::get()->querySingle("SELECT 1 AS `exists` FROM user_sso WHERE username = ?s AND token = ?s AND session_id = ?s", $username, $token, $session_id);
if ($exists && intval($exists->exists) === 1) {
    foreach (array_keys($_SESSION) as $key) {
        unset($_SESSION[$key]);
    }
    $user = Database::get()->querySingle("SELECT * FROM user WHERE username COLLATE utf8_bin = ?s", $username);
    $is_active = check_activity($user->id);
    $admin_rights = get_admin_rights($user->id);
    if ($admin_rights == ADMIN_USER) {
        $is_active = 1;
        // admin user is always active
        $_SESSION['is_admin'] = 1;
    } elseif ($admin_rights == POWER_USER) {
        $_SESSION['is_power_user'] = 1;
    } elseif ($admin_rights == USERMANAGE_USER) {
        $_SESSION['is_usermanage_user'] = 1;
    } elseif ($admin_rights == DEPARTMENTMANAGE_USER) {
        $_SESSION['is_departmentmanage_user'] = 1;
    }
    if ($is_active) {
        $_SESSION['uid'] = intval($user->id);
        $_SESSION['uname'] = $user->username;
Beispiel #3
0
    case 'check_introduce':
        check_introduce();
        break;
    case 'check_content':
        check_content();
        break;
        //视频审核
    //视频审核
    case 'video':
        check_video();
        break;
        //查看会员的视频并审核
    //查看会员的视频并审核
    case 'member_video':
        check_member_video();
        break;
        //录音审核
    //录音审核
    case 'voice':
        check_voice();
        break;
        //查看会员的录音并审核
    //查看会员的录音并审核
    case 'member_voice':
        check_member_voice();
        break;
    case 'activity':
        //组织活动
        check_activity();
        break;
}