/**
* @return array
* obj->status_ok = true/false
* obj->msg = message to explain what has happened to a human being.
*/
function auth_does_password_match(&$user, $cleartext_password)
{
$authCfg = config_get('authentication');
$ret = new stdClass();
$ret->status_ok = true;
$ret->msg = 'ok';
switch ($authCfg['method']) {
case 'LDAP':
$msg[ERROR_LDAP_AUTH_FAILED] = lang_get('error_ldap_auth_failed');
$msg[ERROR_LDAP_SERVER_CONNECT_FAILED] = lang_get('error_ldap_server_connect_failed');
$msg[ERROR_LDAP_UPDATE_FAILED] = lang_get('error_ldap_update_failed');
$msg[ERROR_LDAP_USER_NOT_FOUND] = lang_get('error_ldap_user_not_found');
$msg[ERROR_LDAP_BIND_FAILED] = lang_get('error_ldap_bind_failed');
$dummy = ldap_authenticate($user->login, $cleartext_password);
$ret->status_ok = $dummy->status_ok;
$ret->msg = $msg[$dummy->status_code];
break;
case 'LOCAL':
if ($user->comparePassword($cleartext_password) != tl::OK) {
$ret->status_ok = false;
$ret->msg = lang_get('bad_user_passwd');
}
break;
default:
// Custom implementation
break;
}
return $ret;
}
function auth_attempt_login($username = "", $password = "")
{
$login_method = LOGIN_METHOD;
if ($login_method == 'LDAP') {
if (ldap_authenticate($username, $password)) {
#user successfully authenticated, proceed with login
auth_login($username);
}
} else {
if (auth_does_password_match($username, $password)) {
#user successfully authenticated, proceed with login
auth_login($username);
}
}
# check if user logged in
$logged_in = session_getLogged_in();
# if user not logged in, login failed, redirect back to the page where the user
# tried to login
if (!$logged_in) {
$switch_project = $_POST['login']['switch_project'];
$redirect_page = $_POST['login']['page'];
$redirect_page_get = $_POST['login']['get'];
# redirect to the appropriate page
if (empty($redirect_page)) {
error_report_show("home_page.php?", INVALID_LOGIN);
} else {
error_report_show($redirect_page . "?" . $redirect_page_get, INVALID_LOGIN);
}
}
}
function auth_does_password_match(&$user, $cleartext_password)
{
$authCfg = config_get('authentication');
$ret = new stdClass();
$ret->status_ok = true;
$ret->msg = 'ok';
if ('LDAP' == $authCfg['method']) {
$msg[ERROR_LDAP_AUTH_FAILED] = lang_get('error_ldap_auth_failed');
$msg[ERROR_LDAP_SERVER_CONNECT_FAILED] = lang_get('error_ldap_server_connect_failed');
$msg[ERROR_LDAP_UPDATE_FAILED] = lang_get('error_ldap_update_failed');
$msg[ERROR_LDAP_USER_NOT_FOUND] = lang_get('error_ldap_user_not_found');
$msg[ERROR_LDAP_BIND_FAILED] = lang_get('error_ldap_bind_failed');
$xx = ldap_authenticate($user->login, $cleartext_password);
$ret->status_ok = $xx->status_ok;
$ret->msg = $msg[$xx->status_code];
} else {
if ($user->comparePassword($cleartext_password) != tl::OK) {
$ret->status_ok = false;
}
}
return $ret;
}
function user_load_authenticate($name, $credentials)
{
global $ldap_server;
$user = user_load('name', $name);
if (($user->flags & USER_FLAG_IS_LDAP_ACCOUNT) != 0 && $ldap_server) {
if (!ldap_authenticate($name, $credentials)) {
return false;
}
} else {
if (sha1($user->salt . $credentials) != $user->pass) {
return false;
}
}
return $user;
}
/**
* Return true if the password for the user id given matches the given
* password (taking into account the global login method)
* @param int $p_user_id User id to check password against
* @param string $p_test_password Password
* @return bool indicating whether password matches given the user id
* @access public
*/
function auth_does_password_match($p_user_id, $p_test_password)
{
$t_configured_login_method = config_get('login_method');
if (LDAP == $t_configured_login_method) {
return ldap_authenticate($p_user_id, $p_test_password);
}
$t_password = user_get_field($p_user_id, 'password');
$t_login_methods = array(MD5, CRYPT, PLAIN);
foreach ($t_login_methods as $t_login_method) {
# pass the stored password in as the salt
if (auth_process_plain_password($p_test_password, $t_password, $t_login_method) == $t_password) {
# Do not support migration to PLAIN, since this would be a crazy thing to do.
# Also if we do, then a user will be able to login by providing the MD5 value
# that is copied from the database. See #8467 for more details.
if ($t_configured_login_method != PLAIN && $t_login_method == PLAIN) {
continue;
}
# Check for migration to another login method and test whether the password was encrypted
# with our previously insecure implemention of the CRYPT method
if ($t_login_method != $t_configured_login_method || CRYPT == $t_configured_login_method && utf8_substr($t_password, 0, 2) == utf8_substr($p_test_password, 0, 2)) {
user_set_password($p_user_id, $p_test_password, true);
}
return true;
}
}
return false;
}
/**
* @return array
* obj->status_ok = true/false
* obj->msg = message to explain what has happened to a human being.
*/
function auth_does_password_match(&$userObj, $cleartext_password)
{
$authCfg = config_get('authentication');
$ret = new stdClass();
$ret->status_ok = false;
$ret->msg = sprintf(lang_get('unknown_authentication_method'), $authCfg['method']);
$authMethod = $userObj->authentication;
switch ($userObj->authentication) {
case 'DB':
case 'LDAP':
break;
default:
$authMethod = $authCfg['method'];
break;
}
// switch($authCfg['method'])
switch ($authMethod) {
case 'LDAP':
$msg[ERROR_LDAP_AUTH_FAILED] = lang_get('error_ldap_auth_failed');
$msg[ERROR_LDAP_SERVER_CONNECT_FAILED] = lang_get('error_ldap_server_connect_failed');
$msg[ERROR_LDAP_UPDATE_FAILED] = lang_get('error_ldap_update_failed');
$msg[ERROR_LDAP_USER_NOT_FOUND] = lang_get('error_ldap_user_not_found');
$msg[ERROR_LDAP_BIND_FAILED] = lang_get('error_ldap_bind_failed');
$msg[ERROR_LDAP_START_TLS_FAILED] = lang_get('error_ldap_start_tls_failed');
$xx = ldap_authenticate($userObj->login, $cleartext_password);
$ret->status_ok = $xx->status_ok;
$ret->msg = $msg[$xx->status_code];
break;
case 'MD5':
case 'DB':
default:
$ret->status_ok = $userObj->comparePassword($cleartext_password) == tl::OK;
$ret->msg = 'ok';
break;
}
return $ret;
}
/**
* Generate the API Key
*
* @param struct $args
* @param string $args["user"]
* @param string $args["pass"]
* @return string
* @access public
*/
public function generateAPIKey($args)
{
$this->_setArgs($args);
$login = $this->args[self::$userParamName];
$pwd = $this->args['pass'];
$user = new tlUser();
$user->login = $login;
$login_exists = $user->readFromDB($this->dbObj, tlUser::USER_O_SEARCH_BYLOGIN) >= tl::OK;
$checkBD = $user->comparePassword($pwd) == tl::OK;
$checkLDAP = ldap_authenticate($login, $pwd);
if ($checkBD or $checkLDAP->status_ok) {
$user_id = tlUser::doesUserExist($this->dbObj, $login);
if (is_null($user_id)) {
$this->errors[] = new IXR_Error(NO_USER_BY_THIS_LOGIN, 'This is a valid user, but is not on TestLink DB');
} else {
$op = new stdClass();
$op->status = tl::OK;
$op->user_feedback = null;
$APIKey = new APIKey();
$ak = $APIKey->getAPIKey($user_id);
if (!is_null($ak)) {
return $ak;
}
if ($APIKey->addKeyForUser($user_id) >= tl::OK) {
return $APIKey->getAPIKey($user_id);
} else {
$this->errors[] = new IXR_Error(NO_DEV_KEY, NO_DEV_KEY_STR);
}
}
} else {
$this->errors[] = new IXR_Error(INVALID_AUTH, INVALID_AUTH_STR);
}
return $this->errors;
}
*/
require_once __DIR__ . '/functions.php';
require_once __DIR__ . '/lib/password.php';
require_once __DIR__ . '/lib/hash_equals.php';
session_start();
if (isset($_SERVER['PHP_AUTH_USER'])) {
$myusername = $_SERVER['PHP_AUTH_USER'];
$mypassword = $_SERVER['PHP_AUTH_PW'];
} else {
// Define $myusername and $mypassword
$myusername = $_POST['myusername'];
$mypassword = $_POST['mypassword'];
}
$myusername = sanitizeInput($myusername);
$mypassword = sanitizeInput($mypassword);
if (USE_LDAP === true && ($result = ldap_authenticate($myusername, $mypassword)) !== null) {
$_SESSION['user_ldap'] = '1';
$myusername = safe_value($result);
} else {
if ($mypassword != '') {
$myusername = safe_value($myusername);
$mypassword = safe_value($mypassword);
} else {
header("Location: login.php?error=emptypassword");
die;
}
}
$sql = "SELECT * FROM users WHERE username='******'";
$result = dbquery($sql);
if (!$result) {
$message = 'Invalid query: ' . mysql_error() . "\n";
<?php
/*
* $Id$
* Copyright (c) 2010 Craig Watson [ craig@cwatson.org ]
* Distributed Under the Mozilla Public License 1.1 [ http://www.mozilla.org/MPL/MPL-1.1.html ]
*/
define('IN_OB', true);
$root_path = defined('ROOT_PATH') ? ROOT_PATH : './';
$phpExt = substr(strrchr(__FILE__, '.'), 1);
require_once $root_path . 'includes/common.' . $phpExt;
$template = array('page_title' => 'Login', 'page_header' => 'Login', 'page_slug' => 'login', 'files' => array('page-header.html'));
// If form submitted, evaluate
if (isset($_POST['submit'])) {
require_once $root_path . 'includes/functions_login.php';
// Transfer POST variables to local and make safe
$username = clean_string($_POST['username']);
$password = clean_string($_POST['password']);
if (strcmp($username, "") == 0 || strcmp($password, "") == 0) {
$template['message'] = "<p><strong>Error: Please enter a username and password.</strong></p>";
$template['files'][] = "login_form.html";
} else {
ldap_authenticate($username, $password);
}
}
$template['files'][] = 'login_form.html';
$template['files'][] = 'page-footer.html';
template_parse($template['files']);
status_message("Der eingegebene Sicherheitscode ist falsch");
}
// Sicherheitscode versenden
if (!preg_match('#^[0-9A-Za-z_-]+$#', $_POST['fb_account'])) {
status_message("Ungültige Eingabe!");
gotop("index.php?q=acc");
}
$security_code = md5($secure_token . $_POST['fb_account'] . microtime());
mail($_POST['fb_account'] . $ssh_printing_email_suffix, 'Validierung Deines Accounts', "Hallo " . user()->name . "," . PHP_EOL . PHP_EOL . "Du bekommst diese Mail, weil Du beim Übungszetteldienst Deinen" . PHP_EOL . "Fachbereichsaccount registriert hast. Du musst jetzt den Sicherheitscode in den" . PHP_EOL . "Einstellungen eingeben und eine Datei in Deinem Fachbereichsaccount ändern." . PHP_EOL . "Dann steht Dir die Drucken-Funktion zur Verfügung." . PHP_EOL . PHP_EOL . "Der Sicherheitscode lautet:" . PHP_EOL . PHP_EOL . " " . $security_code . PHP_EOL . PHP_EOL . "In Deinem Fachbereichsaccount öffne bitte die Datei ~/.ssh/authorized_keys in" . PHP_EOL . "einem Editor. Eventuell musst Du diese Datei auch erst anlegen. Füge unten ans" . PHP_EOL . "Ende die folgende Zeile ein:" . PHP_EOL . PHP_EOL . file_get_contents($ssh_printing_pubkey_file) . PHP_EOL . PHP_EOL . "Den dort angegebenen Drucker musst Du gegebenenfalls auf Deinen Lieblingsdrucker am" . PHP_EOL . "Fachbereich ändern." . PHP_EOL . PHP_EOL . "Noch einmal als Info: Mit dieser Änderung erhalten wir die" . PHP_EOL . "Möglichkeit, uns auf Deinem Account einzuloggen. Dabei können wir aber nur den" . PHP_EOL . "am Anfang der Zeile angegebenen Befehl ausführen, in diesem Fall ein" . PHP_EOL . "Druckbefehl. Möchtest Du das nicht länger, reicht es, diese Zeile wieder zu" . PHP_EOL . "entfernen." . PHP_EOL . "" . PHP_EOL . "Gruß," . PHP_EOL . "Dein Übungszettelservice" . PHP_EOL . PHP_EOL . "Ps. Wenn Du diese Email unbeabsichtigt bekommst, schreibe uns " . "eine Antwort. Wir bestellen diesen Dienst dann für Dich ab.", "Content-type: text/plain; charset=UTF-8" . PHP_EOL . "From: =?utf-8?Q?=C3=9Cbungen?= <noreply@" . $_SERVER['SERVER_NAME'] . ">" . PHP_EOL . "Reply-To: " . $support_mail . PHP_EOL);
user()->ssh = array('account' => $_POST['fb_account'], 'code' => $security_code);
user_save();
status_message("Wir haben Dir Deinen neuen Sicherheitscode zugeschickt!");
gotop("index.php?q=acc");
}
if (isset($_POST['ldap_connect']) && $ldap_server) {
if (ldap_authenticate(user()->name, $_POST['ldap_pass'])) {
user()->flags |= USER_FLAG_IS_LDAP_ACCOUNT;
user()->pass = '';
user()->salt = '';
user_save();
$database->query('DELETE FROM user_autologin WHERE user_id = ' . user()->id);
session_destroy();
session_start();
status_message("Dein Account ist jetzt mit dem LDAP-Server verknüpft.");
gotop("index.php");
} else {
status_message("Dein LDAP-Kennwort war nicht korrekt, oder Du hast keinen LDAP-Account");
}
gotop("index.php?q=acc");
}
} elseif (!empty($_POST)) {
} else {
// Checken, ob der Name schon vergeben ist
$name = str_replace(array('<', "\n", '>'), '', $name);
$stmt = $database->prepare('SELECT count(*) FROM users WHERE name = ?');
$stmt->execute(array($name));
if ($stmt->fetchColumn() > 0) {
$errName = 'Dieser Benutzername ist bereits vergeben.';
}
}
if (empty($pass)) {
$errPass = '******';
}
// LDAP Server gegenchecken
$is_ldap_account = false;
if ($ldap_server && !$errPass && !$errName && ldap_check_if_name_exists($name)) {
if (!ldap_authenticate($name, $pass)) {
$errName = 'Dieser Benutzername ist bereits im LDAP vergeben';
$errPass = '******';
} else {
$is_ldap_account = true;
}
}
if ($errPass == $errName && $errName == "") {
// Benutzer erstellen
$user = user();
$user->name = $name;
if ($is_ldap_account) {
$user->flags = USER_FLAG_IS_LDAP_ACCOUNT;
} else {
$salt = base_convert(rand(0, 36 * 36 - 1), 10, 36);
$passSha = sha1($salt . $pass);
function auth_does_password_match($p_user_id, $p_test_password)
{
$t_configured_login_method = config_get('login_method');
if (LDAP == $t_configured_login_method) {
return ldap_authenticate($p_user_id, $p_test_password);
}
$t_password = user_get_field($p_user_id, 'password');
$t_login_methods = array(MD5, CRYPT, PLAIN);
foreach ($t_login_methods as $t_login_method) {
# pass the stored password in as the salt
if (auth_process_plain_password($p_test_password, $t_password, $t_login_method) == $t_password) {
# Check for migration to another login method and test whether the password was encrypted
# with our previously insecure implemention of the CRYPT method
if ($t_login_method != $t_configured_login_method || CRYPT == $t_configured_login_method && substr($t_password, 0, 2) == substr($p_test_password, 0, 2)) {
user_set_password($p_user_id, $p_test_password, true);
}
return true;
}
}
return false;
}
