/**
* Generate password and pin hash value for a given username
* @param $username -- targeted string username
*/
function generatePasswordPin($username, $dbHandle, $site_prefix)
{
global $log;
$log->debug("generatePasswordPin for user: "******" site prefix " . $site_prefix);
$userLayout = "[WEB] Login";
$commit = false;
$searchHandle = $dbHandle->newFindCommand($userLayout);
$searchHandle->addFindCriterion('User_Name_ct', "==" . $username);
$loginResult = $searchHandle->execute();
$log->debug("Now connect to layout: " . $userLayout . " for user: "******"Authentication Failure";
$log->error("FileMaker loginResult - generatePasswordPin() - Login Error: " . $loginResult->getMessage() . " Error String: " . $loginResult->getErrorString() . " username " . $username);
header("location: " . $site_prefix . "login.php?error=" . $error);
exit;
}
$log->debug("Connected and finished searching for user: "******"Contact System Adminstrator";
$log->error("FoundSetCount - generatePasswordPin() - More than 1 username Error: " . $loginResult->getMessage() . " username " . $username);
header("location: " . $site_prefix . "login.php?error=" . $error);
exit;
}
$loginRecord = $loginResult->getFirstRecord();
$rawPassword = $loginRecord->getField('User_Password_t');
$rawPin = $loginRecord->getField('User_Pin_t');
if (empty($rawPassword) && empty($rawPin)) {
$error = "Missing Required Data";
$log->error("No Password and Pin - generatePasswordPin() - Encryption Check Error: " . $loginResult->getMessage() . " username " . $username);
header("location: " . $site_prefix . "login.php?error=" . $error);
exit;
}
if (!empty($rawPassword)) {
$userPasswordHash = $loginRecord->getField('User_Password_Hash_t');
if (empty($userPasswordHash)) {
$loginRecord->setField('User_Password_Hash_t', encryptPassowrdKey($rawPassword));
$commit = true;
}
}
if (!empty($rawPin)) {
$userPinHash = $loginRecord->getField('User_Pin_Hash_t');
if (empty($userPinHash)) {
$loginRecord->setField('User_Pin_Hash_t', encryptPassowrdKey($rawPin));
$commit = true;
}
}
if ($commit) {
$loginRecordResult = $loginRecord->commit();
if (FileMaker::isError($loginRecordResult)) {
$error = "loginRecordResult - generatePasswordPin() - failed to write record to database with message: " . $loginRecordResult->getMessage() . " username " . $username;
$log->error($error);
die($error);
}
}
}
/**
* Pure FileMaker login function to authenticate user with login form and FileMaker
* @param $dbHandle -- FileMaker DB connection handle
* @param $post -- $_POST[] array
* @param $site_prefix -- Site prefix to include port type SSL or 80
*/
function authenticateFMOnly($dbHandle, $post, $site_prefix)
{
global $log, $bypassPassword;
$loginLayout = '[WEB] Login';
$log->debug("Now entering FileMaker Authentication processing");
$ePassword = encryptPassowrdKey($post['password']);
$searchHandle = $dbHandle->newFindCommand($loginLayout);
$searchHandle->addFindCriterion('User_Name_ct', "==" . $post['username']);
$loginResult = $searchHandle->execute();
if (FileMaker::isError($loginResult)) {
$error = "Authentication Failure";
$log->error("authenticateFMOnly - Login Error: " . $loginResult->getMessage() . " username " . $post['username']);
header("location: " . $site_prefix . "login.php?error=" . $error);
exit;
}
//More than one user record with the same username value is a serious error
//TODO: redirect this error to the access error page as this is not something the user can correct on their own
if ($loginResult->getFoundSetCount() > 1) {
$error = "Contact System Adminstrator";
$log->error("authenticateFMOnly - More than 1 username Error: " . $error . " username: "******"location: " . $site_prefix . "login.php?error=" . $error);
exit;
}
$userRecord = $loginResult->getFirstRecord();
$log->debug("Now have user record check if Pin or password matches");
//TODO revisit this once the LDAP issuer is resolved at FOX this is temporary to bypass the validation
//TODO the bypass flag should be removed once the LDAP is resolved
if ($bypassPassword || isPasswordPinMatch($userRecord->getField('User_Password_Hash_t'), $ePassword) || isPasswordPinMatch($userRecord->getField('User_Pin_Hash_t'), $ePassword)) {
$log->debug("Now call session creation for FM full authentication");
setSessionData($userRecord, $site_prefix);
} else {
$error = "Authentication Failure";
$log->info("loginProcessing.php - processLogin() - Last Check Authentication Error: " . $error . " username: "******"location: " . $site_prefix . "login.php?error=" . $error);
exit;
}
}
