/** * Check if a username+password pair is a valid login. * The name will be normalized to MediaWiki's requirements, so * you might need to munge it (for instance, for lowercase initial * letters). * * @param $username String: username. * @param $password String: user password. * @return bool * @public */ function authenticate($user, $pass) { if ($this->debug) { echo 'authenticate<br>'; } $user = strtolower(addslashes(htmlspecialchars(strip_tags($user), ENT_QUOTES))); // Username $pass = getPasswordHash($pass); if (isset($GLOBALS['authpluginjmTillatteBrukere']) && !in_array(strtolower($username), $GLOBALS['authpluginjmTillatteBrukere'])) { return false; } $is_external = isExternal(); if ($this->debug) { echo 'is_external=' . $is_external . '<br>'; } // Checking against database $Q_login = mysql_query("select user_id, deactivated, user_password_complex, user_password_lastchanged from `users` where lower(user_name_short) = '" . $user . "' and user_password = '******' limit 1", $this->database); if (mysql_num_rows($Q_login) > '0') { if ($is_external) { try { $user_login = array('user_password_lastchanged' => mysql_result($Q_login, 0, 'user_password_lastchanged')); loginPWcheckAge($user_login); } catch (Exception $e) { if ($this->debug) { echo 'auth failed, password to old for external user<br>'; } return false; } } if (mysql_result($Q_login, 0, 'deactivated')) { if ($this->debug) { echo 'auth failed, user deactivated<br>'; } return false; } elseif ($is_external && !mysql_result($Q_login, 0, 'user_password_complex')) { if ($this->debug) { echo 'auth failed, password not complex for external user<br>'; } return false; } elseif (!$external_failed) { if ($this->debug) { echo 'auth=true<br>'; } return true; } } else { if ($this->debug) { echo 'auth failed, user not found (' . $user . ', ' . $pass . ')<br>'; } return false; } }
if (isset($_POST['WEBAUTH_USER'])) { $user = getUserName(); $pass = getUserPassword(); // Check if we do not have a username/password if (empty($user) || empty($pass)) { } else { $user = slashes(htmlspecialchars(strip_tags($user), ENT_QUOTES)); // Username $pass = getPasswordHash($pass); // Checking against database $Q_login = mysql_query("select user_id, deactivated, user_password_complex, user_password_lastchanged from `users` where user_name_short = '" . $user . "' and user_password = '******' limit 1"); if (mysql_num_rows($Q_login) > '0') { if ($is_external) { try { $user_login = array('user_password_lastchanged' => mysql_result($Q_login, 0, 'user_password_lastchanged')); loginPWcheckAge($user_login); } catch (Exception $e) { $external_failed = true; $age_failed = true; } } if (mysql_result($Q_login, 0, 'deactivated')) { $deactivated = true; } elseif ($is_external && !mysql_result($Q_login, 0, 'user_password_complex')) { $external_failed = true; $complex_failed = true; } elseif (!$external_failed) { $_SESSION['WEBAUTH_VALID'] = true; $_SESSION['WEBAUTH_USER'] = $user; $_SESSION['WEBAUTH_PW'] = $pass; // New variabels (JM-booking)
/** * Validates if a password is suitable for external use * * @param array User (from getUser()) * @param string Password */ function loginPWcheckExternal($user, $password) { global $login_password_external_complex, $login_password_external_minchar, $login_password_external_maxage; // Check length if (strlen($password) < $login_password_external_minchar) { throw new Exception(_h('Password too short. Must be at least ') . $login_password_external_minchar . ' ' . _h('characters') . '.'); } loginPWcheckAge($user); // Check complexity // http://technet.microsoft.com/en-us/library/cc786468%28WS.10%29.aspx if ($login_password_external_complex) { // TODO: // Must not contain user_name $names = split(' ', $user['user_name']); // Do not parse for all the delimiters foreach ($names as $name) { if (strlen($name) > 1 && strpos(strtolower($password), strtolower($name)) !== FALSE) { throw new Exception(_h('Password can not contain on of the users names (first or last).')); } } // Must contain 3 of 4: $contains = 0; if (preg_match('([A-Z])', $password)) { $contains++; } if (preg_match('([a-z])', $password)) { $contains++; } if (preg_match('([0-9])', $password)) { $contains++; } $found = false; $checkfor = '~!@#$%^&*_-+=`|\\(){}[]:;"\'<>,.?/'; for ($i = 0; $i < +strlen($checkfor); $i++) { if (strpos($password, $checkfor[$i]) !== FALSE) { $found = true; } } if ($found) { $contains++; } if ($contains < 3) { throw new Exception(_h('Password not complex enough. Must contain lower and upper case characters and a number.')); } } }
echo ' '; } echo '</td>' . chr(10); echo ' <td class="rightsHover" title="' . $rights['sync'] . '">'; if ($user['user_ews_sync']) { echo 'X'; } else { echo ' '; } echo '</td>' . chr(10); echo ' <td class="rightsHover" title="' . $rights['external'] . '">'; try { if ($user['user_password_complex'] != '1') { throw new Exception(''); } loginPWcheckAge($user); echo 'X'; } catch (Exception $e) { echo ' '; } echo '</td>' . chr(10); echo ' </tr>' . chr(10) . chr(10); //echo '- <br>'.chr(10); } echo '</table>' . chr(10); echo '<ul>' . '<li>1, ' . $rights[1] . '</li>' . '<li>2, ' . $rights[2] . '</li>' . '<li>3, ' . $rights[3] . '</li>' . '<li>4, ' . $rights[4] . '</li>' . '<li>5, ' . $rights[5] . '</li>' . '<li>6, ' . $rights[6] . '</li>' . '<li>7, ' . $rights[7] . '</li>' . '<li>8, ' . $rights[8] . '</li>' . '<li>9, ' . $rights[9] . '</li>' . '<li>10, ' . $rights[10] . '</li>' . '<li>11, ' . $rights[11] . '</li>' . '</ul>'; } } echo '</td> </tr> </table>