function login($success, $username, $password, $remember_me)
{
global $conf;
$allow_auth = False;
$obj = new Ldap();
$obj->load_config();
$obj->ldap_conn() or error_log("Unable to connect LDAP server : " . $obj->getErrorString());
// if there's a users group...
if ($obj->config['users_group']) {
// and the user is in
if ($obj->user_membership($username, $obj->ldap_group($obj->config['users_group']))) {
// it can continue
$allow_auth = True;
} else {
// otherwise it means the user is not allowed to enter !
fail($username);
}
} else {
// if there's no user group, we can continue.
$allow_auth = True;
}
if ($allow_auth) {
if ($obj->ldap_bind_as($username, $password)) {
// bind with userdn
// search user in piwigo database
$query = '
SELECT ' . $conf['user_fields']['id'] . ' AS id
FROM ' . USERS_TABLE . '
WHERE ' . $conf['user_fields']['username'] . ' = \'' . pwg_db_real_escape_string($username) . '\';';
$row = pwg_db_fetch_assoc(pwg_query($query));
// if query is not empty, it means everything is ok and we can continue, auth is done !
if (!empty($row['id'])) {
update_user($username, $row['id']);
log_user($row['id'], $remember_me);
trigger_action('login_success', stripslashes($username));
return True;
} else {
// this is where we check we are allowed to create new users upon that.
if ($obj->config['allow_newusers']) {
// we got the email address
if ($obj->ldap_mail($username)) {
$mail = $obj->ldap_mail($username);
} else {
$mail = NULL;
}
// we actually register the new user
$new_id = register_user($username, random_password(8), $mail);
update_user($username, $new_id);
// now we fetch again his id in the piwigo db, and we get them, as we just created him !
log_user($new_id, False);
trigger_action('login_success', stripslashes($username));
redirect('profile.php');
return true;
} else {
fail($username);
}
}
} else {
fail($username);
}
} else {
fail($username);
}
}
/**
* Master trigger function, creates a new trigger
* @author Kieran Hogg
* @param $triggerid string The name of the trigger to fire
* @param $paramarray array Extra parameters to pass the trigger
* @return bool TRUE if the trigger created successfully, FALSE if not
*/
function trigger($triggerid, $paramarray = '')
{
global $sit, $CONFIG, $dbg, $dbTriggers, $triggerarray;
global $dbTriggers;
// Check that this is a defined trigger
if (!array_key_exists($triggerid, $triggerarray)) {
trigger_error("Trigger '{$triggerid}' not defined", E_USER_WARNING);
return;
}
plugin_do($triggerid);
if ($CONFIG['debug'] && $paramarray != '') {
foreach (array_keys($paramarray) as $key) {
//parse parameter array
$dbg .= "\$paramarray[{$key}] = " . $paramarray[$key] . "\n";
if ($key == "user") {
$userid = $paramarray[$key];
}
// TODO do we need to check for any 'special' keys here?
}
}
//find relevant triggers
$sql = "SELECT * FROM `{$dbTriggers}` WHERE triggerid='{$triggerid}'";
if ($userid) {
$sql .= "AND userid={$userid}";
}
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_WARNING);
}
while ($triggerobj = mysql_fetch_object($result)) {
//see if we have any checks first
if (!empty($triggerobj->checks)) {
if (!trigger_checks($triggerobj->checks, $paramarray)) {
$checks = trigger_replace_specials($triggerid, $triggerobj->checks, $paramarray);
$eresult = @eval("\$value = {$checks};return TRUE;");
if (!$eresult) {
trigger_error("Error in trigger rule for {$triggerid}, check your <a href='triggers.php'>trigger rules</a>.", E_USER_WARNING);
}
if ($value === FALSE) {
continue;
}
}
}
//if we have any params from the actual trigger, append to user params
if (!empty($triggerobj->parameters)) {
$resultparams = explode(",", $triggerobj->parameters);
foreach ($resultparams as $assigns) {
$values = explode("=", $assigns);
$paramarray[$values[0]] = $values[1];
if ($CONFIG['debug']) {
$dbg .= "\$paramarray[{$values[0]}] = {$values[1]}\n";
}
}
}
if ($CONFIG['debug']) {
$dbg .= "TRIGGER: trigger_action({$triggerobj->userid}, {$triggerid},\n {$triggerobj->action}, {$paramarray}) called \n";
}
$return = trigger_action($triggerobj->userid, $triggerid, $triggerobj->action, $paramarray, $triggerobj->template);
}
return $return;
}
