Ejemplo n.º 1
0
/**
 * process_user_login accepts $login and $pass and handles it according to current authentication scheme
 *
 * @param string $login 
 * @param string $pass
 *
 * @return mixed False in case of error or invalid credentials, the username in case it's correct.
 */
function process_user_login($login, $pass)
{
    if (!ldap_valid_login($login, $pass)) {
        return false;
    }
    global $config;
    $profile = get_db_value("id_usuario", "tusuario_perfil", "id_usuario", $login);
    if ($profile === false && empty($config["auth_methods"]["create_user_undefined"])) {
        $config["auth_error"] = "No profile";
        //Error message, don't translate
        return false;
        //User doesn't have a profile so doesn't have access
    } elseif ($profile === false && !empty($config["auth_methods"]["create_user_undefined"])) {
        $ret = profile_create_user_profile($login);
        //User doesn't have a profile but we are asked to create one
        if ($ret === false) {
            $config["auth_error"] = "Profile creation failed";
            //Error message, don't translate
            return false;
            //We couldn't create the profile for some or another reason
        }
    }
    return $login;
}
Ejemplo n.º 2
0
/**
 * process_user_login accepts $login and $pass and handles it according to current authentication scheme
 *
 * @param string $login 
 * @param string $pass
 *
 * @return mixed False in case of error or invalid credentials, the username in case it's correct.
 */
function process_user_login($login, $pass)
{
    global $config, $mysql_cache;
    include_once $config['homedir'] . "/include/functions_profile.php";
    // Always authenticate admins against the local database
    if (strtolower($config["auth_methods"]) == 'mysql' || dame_admin($login)) {
        $sql = sprintf("SELECT `id_usuario`, `password` FROM `tusuario` WHERE `disabled` = 0 AND `id_usuario` = '%s' AND `enable_login` = 1", $login);
        $row = get_db_row_sql($sql);
        //Check that row exists, that password is not empty and that password is the same hash
        if ($row !== false && $row["password"] !== md5("") && $row["password"] == md5($pass)) {
            // Login OK
            // Nick could be uppercase or lowercase (select in MySQL
            // is not case sensitive)
            // We get DB nick to put in PHP Session variable,
            // to avoid problems with case-sensitive usernames.
            // Thanks to David Muñiz for Bug discovery :)
            return $row["id_usuario"];
        } else {
            $mysql_cache["auth_error"] = "User not found in database or incorrect password";
        }
        return false;
        // Remote authentication
    } else {
        switch ($config["auth_methods"]) {
            // LDAP
            case 'ldap':
                $sql = sprintf("SELECT `disabled` FROM `tusuario` WHERE `id_usuario` = '%s'", $login);
                $disabled = get_db_sql($sql);
                // Check if user is disabled
                if ($disabled == 1) {
                    $config["auth_error"] = "User not found in database or incorrect password";
                    return false;
                }
                if (ldap_process_user_login($login, $pass) === false) {
                    $config["auth_error"] = "User not found in database or incorrect password";
                    return false;
                }
                break;
                // Active Directory
            // Active Directory
            case 'ad':
                if (enterprise_hook('ad_process_user_login', array($login, $pass)) === false) {
                    return false;
                }
                break;
                // Remote Pandora FMS
                /* case 'pandora':
                				
                				break;
                
                			// Remote Babel Enterprise
                			case 'babel':
                				
                				break;
                
                			// Remote Integria
                			case 'integria':
                				
                				break; */
                // Unknown authentication method
            // Remote Pandora FMS
            /* case 'pandora':
            				
            				break;
            
            			// Remote Babel Enterprise
            			case 'babel':
            				
            				break;
            
            			// Remote Integria
            			case 'integria':
            				
            				break; */
            // Unknown authentication method
            default:
                $config["auth_error"] = "User not found in database or incorrect password";
                return false;
        }
        // Authentication ok, check if the user exists in the local database
        if (is_user($login)) {
            return $login;
        }
        // The user does not exist and can not be created
        if ($config['autocreate_remote_users'] == 0 || is_user_blacklisted($login)) {
            $config["auth_error"] = "Ooops User not found in database or incorrect password";
            return false;
        }
        // Create the user in the local database
        if (create_user($login, $pass, array('nombre_real' => $login, 'comentarios' => 'Imported from ' . $config['auth_methods'])) === false) {
            $config["auth_error"] = "User not found in database or incorrect password";
            return false;
        }
        profile_create_user_profile($login, $config['default_remote_profile'], $config['default_remote_group']);
        return $login;
    }
    return false;
}