/** * Used to vaidate a user's credentials. (uname, pass) * @param array $creds the uname and password passed in as an array. * @return bool */ function validateCredentials($creds) { $pwent = posix_getpwnam(strtolower($creds['uname'])); if ($pwent == false) { API::Error("Invalid Username/Password"); } $cryptpw = crypt($creds['password'], $pwent['passwd']); if ($cryptpw == $pwent['passwd']) { API::DEBUG("[Auth_NIS::validateCredentials] returning TRUE", 8); $_SESSION['authed_user'] = $pwent['uid']; $this->authed_user = $pwent['uid']; $names = explode(" ", $pwent['gecos'], 2); $names['fname'] = $names[0]; $names['lname'] = $names[1]; unset($names[1]); unset($names[0]); $prefs = new Prefs(); if ($prefs->checkUID($this->authed_user, $this->config->prefs_auto, NULL, $names)) { return TRUE; } else { API::Error("Username Not Valid in system. Error: 3304"); } } return FALSE; }
/** * Check to see if a user has a permission set * @param integer $uid the user id to check * @param string $perm the perm to check for */ function checkPerm($uid, $perm) { if ($uid <= 0) { return FALSE; } // get the user's prefs info $prefs = new Prefs(); // check to make sure the user has some prefs, if not // this will fill in defaults. $prefs->checkUID($uid, true); $prefs->where_clause(new WhereClause('uid', $uid)); $user_info = $prefs->getUsingWhere(); $user_info = $user_info[0]; // first, check to see if the user is a System Admin // System Admin is a special perm with a value of -1 if ($user_info->perms == -1) { // *ding* *ding* *ding* WE HAVE A SYS ADMIN! // nothing further here, just return. return TRUE; } // if we are requesting sys_admin perms, but are not // a sys admin, then return false. if ($perm == 'sys_admin' && $user_info->perms != -1) { return FALSE; } // anything else is a db based perm, let's pull it. // get this perm's info $this->where_clause(new WhereClause('name', $perm)); $perm_info = $this->getOneUsingWhere(); // now let's check this user's perms for the // perm requested if (is_object($perm_info)) { if ($user_info->perms & 1 << $perm_info->id) { return TRUE; } } // anything else, return false. return FALSE; }
/** * Used to vaidate a user's credentials. (uname, password) * @param array $creds the uname and password passed in as an array. * @return bool */ function validateCredentials($creds) { global $conf; if (!$this->_connectLDAP()) { return false; } else { # see if you can find the user $search_res = $this->_searchUser($creds['uname']); if ($search_res != NULL) { if (!is_array($search_res)) { error_log("LDAP - Something went wrong with the LDAP search."); return false; } # get the user attributs $userdn = $search_res[0]; $user_attrs = $search_res[1]; # Bind with old password error_log("UserDN: " . $userdn); $bind = ldap_bind($this->ldap, $userdn, $creds['password']); $errno = ldap_errno($this->ldap); if ($errno == 49 && $ad_mode) { if (ldap_get_option($this->ldap, 0x32, $extended_error)) { error_log("LDAP - Bind user extended_error {$extended_error} (" . ldap_error($this->ldap) . ")"); $extended_error = explode(', ', $extended_error); if (strpos($extended_error[2], '773')) { error_log("LDAP - Bind user password needs to be changed"); $errno = 0; return false; } if (strpos($extended_error[2], '532') and $ad_options['change_expired_password']) { error_log("LDAP - Bind user password is expired"); $errno = 0; return false; } unset($extended_error); } } if ($errno) { error_log("LDAP - Bind user error {$errno} (" . ldap_error($this->ldap) . ")"); return false; } else { // got a good bind, user is valid. Let's populate some stuff $this->authed_user = $user_attrs[$conf->auth_ldap->uid_attr]; $names = array(); $names['fname'] = $user_attrs[$conf->auth_ldap->fname_attr]; $names['lname'] = $user_attrs[$conf->auth_ldap->lname_attr]; $prefs = new Prefs(); if ($prefs->checkUID($this->authed_user, $conf->prefs_auto, NULL, $names)) { $_SESSION['authed_user'] = $this->authed_user; API::Debug("auth_ldap: checkUID passed"); return true; } else { API::Error("Username Not Valid in system. Error: 3304"); } } } } return FALSE; }