/**
* Attempt to login the user with the given password
* If the user fails validation, false is returned
* If the user passes validation, the cookies are set and
* true is returned. If $p_perm_login is true, the long-term
* cookie is created.
* @param string $p_username a prepared username
* @param string $p_password a prepared password
* @param bool $p_perm_login whether to create a long-term cookie
* @return bool indicates if authentication was successful
* @access public
*/
function auth_attempt_login($p_username, $p_password, $p_perm_login = false)
{
$t_user_id = user_get_id_by_name($p_username);
$t_login_method = config_get('login_method');
if (false === $t_user_id) {
if (BASIC_AUTH == $t_login_method) {
$t_auto_create = true;
} else {
if (LDAP == $t_login_method && ldap_authenticate_by_username($p_username, $p_password)) {
$t_auto_create = true;
} else {
$t_auto_create = false;
}
}
if ($t_auto_create) {
# attempt to create the user
$t_cookie_string = user_create($p_username, md5($p_password));
if (false === $t_cookie_string) {
# it didn't work
return false;
}
# ok, we created the user, get the row again
$t_user_id = user_get_id_by_name($p_username);
if (false === $t_user_id) {
# uh oh, something must be really wrong
# @@@ trigger an error here?
return false;
}
} else {
return false;
}
}
# check for disabled account
if (!user_is_enabled($t_user_id)) {
return false;
}
# max. failed login attempts achieved...
if (!user_is_login_request_allowed($t_user_id)) {
return false;
}
# check for anonymous login
if (!user_is_anonymous($t_user_id)) {
# anonymous login didn't work, so check the password
if (!auth_does_password_match($t_user_id, $p_password)) {
user_increment_failed_login_count($t_user_id);
return false;
}
}
# ok, we're good to login now
# increment login count
user_increment_login_count($t_user_id);
user_reset_failed_login_count_to_zero($t_user_id);
user_reset_lost_password_in_progress_count_to_zero($t_user_id);
# set the cookies
auth_set_cookies($t_user_id, $p_perm_login);
auth_set_tokens($t_user_id);
return true;
}
$f_user_id = gpc_get_string('id');
$f_confirm_hash = gpc_get_string('confirm_hash');
# force logout on the current user if already authenticated
if( auth_is_user_authenticated() ) {
auth_logout();
# reload the page after logout
print_header_redirect( "verify.php?id=$f_user_id&confirm_hash=$f_confirm_hash" );
}
$t_calculated_confirm_hash = auth_generate_confirm_hash( $f_user_id );
if ( $f_confirm_hash != $t_calculated_confirm_hash ) {
trigger_error( ERROR_LOST_PASSWORD_CONFIRM_HASH_INVALID, ERROR );
}
# set a temporary cookie so the login information is passed between pages.
auth_set_cookies( $f_user_id, false );
user_reset_failed_login_count_to_zero( $f_user_id );
user_reset_lost_password_in_progress_count_to_zero( $f_user_id );
# fake login so the user can set their password
auth_attempt_script_login( user_get_field( $f_user_id, 'username' ) );
user_increment_failed_login_count( $f_user_id );
include ( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'account_page.php' );
/**
* Attempt to login the user with the given password
* If the user fails validation, false is returned
* If the user passes validation, the cookies are set and
* true is returned. If $p_perm_login is true, the long-term
* cookie is created.
* @param string $p_username A prepared username.
* @param string $p_password A prepared password.
* @param boolean $p_perm_login Whether to create a long-term cookie.
* @return boolean indicates if authentication was successful
* @access public
*/
function auth_attempt_login($p_username, $p_password, $p_perm_login = false)
{
$t_user_id = auth_get_user_id_from_login_name($p_username);
if ($t_user_id === false) {
$t_user_id = auth_auto_create_user($p_username, $p_password);
if ($t_user_id === false) {
return false;
}
}
# check for disabled account
if (!user_is_enabled($t_user_id)) {
return false;
}
# max. failed login attempts achieved...
if (!user_is_login_request_allowed($t_user_id)) {
return false;
}
# check for anonymous login
if (!user_is_anonymous($t_user_id)) {
# anonymous login didn't work, so check the password
if (!auth_does_password_match($t_user_id, $p_password)) {
user_increment_failed_login_count($t_user_id);
return false;
}
}
# ok, we're good to login now
# increment login count
user_increment_login_count($t_user_id);
user_reset_failed_login_count_to_zero($t_user_id);
user_reset_lost_password_in_progress_count_to_zero($t_user_id);
# set the cookies
auth_set_cookies($t_user_id, $p_perm_login);
auth_set_tokens($t_user_id);
return true;
}
