function isLoggedIn()
{
global $login;
// $login['user_id'], $login['user_password']
// password is a hash (from getPasswordHash ())
if (!isset($login['user_id']) || $login['user_id'] == '' || $login['user_id'] == '0' || $login['user_password'] == '') {
return FALSE;
} else {
$external_failed = false;
$Q_login = mysql_query("select user_id, deactivated, user_password_complex, user_password_lastchanged from `users` where user_id = '" . $login['user_id'] . "' and user_password = '******'user_password'] . "' limit 1");
if (mysql_num_rows($Q_login) > '0') {
$is_external = isExternal();
if ($is_external) {
try {
$user_login = array('user_password_lastchanged' => mysql_result($Q_login, 0, 'user_password_lastchanged'));
loginPWcheckAge($user_login);
} catch (Exception $e) {
return false;
}
}
if (mysql_result($Q_login, 0, 'deactivated')) {
return false;
} elseif ($is_external && !mysql_result($Q_login, 0, 'user_password_complex')) {
return false;
} elseif (!$external_failed) {
return TRUE;
}
} else {
return FALSE;
}
}
return FALSE;
}
/**
* Check if a username+password pair is a valid login.
* The name will be normalized to MediaWiki's requirements, so
* you might need to munge it (for instance, for lowercase initial
* letters).
*
* @param $username String: username.
* @param $password String: user password.
* @return bool
* @public
*/
function authenticate($user, $pass)
{
if ($this->debug) {
echo 'authenticate<br>';
}
$user = strtolower(addslashes(htmlspecialchars(strip_tags($user), ENT_QUOTES)));
// Username
$pass = getPasswordHash($pass);
if (isset($GLOBALS['authpluginjmTillatteBrukere']) && !in_array(strtolower($username), $GLOBALS['authpluginjmTillatteBrukere'])) {
return false;
}
$is_external = isExternal();
if ($this->debug) {
echo 'is_external=' . $is_external . '<br>';
}
// Checking against database
$Q_login = mysql_query("select user_id, deactivated, user_password_complex, user_password_lastchanged from `users` where lower(user_name_short) = '" . $user . "' and user_password = '******' limit 1", $this->database);
if (mysql_num_rows($Q_login) > '0') {
if ($is_external) {
try {
$user_login = array('user_password_lastchanged' => mysql_result($Q_login, 0, 'user_password_lastchanged'));
loginPWcheckAge($user_login);
} catch (Exception $e) {
if ($this->debug) {
echo 'auth failed, password to old for external user<br>';
}
return false;
}
}
if (mysql_result($Q_login, 0, 'deactivated')) {
if ($this->debug) {
echo 'auth failed, user deactivated<br>';
}
return false;
} elseif ($is_external && !mysql_result($Q_login, 0, 'user_password_complex')) {
if ($this->debug) {
echo 'auth failed, password not complex for external user<br>';
}
return false;
} elseif (!$external_failed) {
if ($this->debug) {
echo 'auth=true<br>';
}
return true;
}
} else {
if ($this->debug) {
echo 'auth failed, user not found (' . $user . ', ' . $pass . ')<br>';
}
return false;
}
}
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
/*
JM-booking - login
*/
include 'glob_inc.inc.php';
$deactivated = false;
$external_failed = false;
$complex_failed = false;
$age_failed = false;
$is_external = isExternal();
if (isset($_POST['WEBAUTH_USER'])) {
$user = getUserName();
$pass = getUserPassword();
// Check if we do not have a username/password
if (empty($user) || empty($pass)) {
} else {
$user = slashes(htmlspecialchars(strip_tags($user), ENT_QUOTES));
// Username
$pass = getPasswordHash($pass);
// Checking against database
$Q_login = mysql_query("select user_id, deactivated, user_password_complex, user_password_lastchanged from `users` where user_name_short = '" . $user . "' and user_password = '******' limit 1");
if (mysql_num_rows($Q_login) > '0') {
if ($is_external) {
try {
$user_login = array('user_password_lastchanged' => mysql_result($Q_login, 0, 'user_password_lastchanged'));
