/**
* Given a username and password, this function looks them
* up using the currently selected authentication mechanism,
* and if the authentication is successful, it returns a
* valid $user object from the 'user' table.
*
* Uses auth_ functions from the currently active auth module
*
* After authenticate_user_login() returns success, you will need to
* log that the user has logged in, and call complete_user_login() to set
* the session up.
*
* @uses $CFG
* @param string $username User's username (with system magic quotes)
* @param string $password User's password (with system magic quotes)
* @return user|flase A {@link $USER} object or false if error
*/
function authenticate_user_login($username, $password)
{
global $CFG;
$authsenabled = get_enabled_auth_plugins();
if ($user = get_complete_user_data('username', $username)) {
$auth = empty($user->auth) ? 'manual' : $user->auth;
// use manual if auth not set
if ($auth == 'nologin' or !is_enabled_auth($auth)) {
add_to_log(0, 'login', 'error', 'index.php', $username);
error_log('[client ' . getremoteaddr() . "] {$CFG->wwwroot} Disabled Login: {$username} " . $_SERVER['HTTP_USER_AGENT']);
return false;
}
$auths = array($auth);
} else {
// check if there's a deleted record (cheaply)
if (get_field('user', 'id', 'username', $username, 'deleted', 1, '')) {
error_log('[client ' . $_SERVER['REMOTE_ADDR'] . "] {$CFG->wwwroot} Deleted Login: {$username} " . $_SERVER['HTTP_USER_AGENT']);
return false;
}
$auths = $authsenabled;
$user = new object();
$user->id = 0;
// User does not exist
}
foreach ($auths as $auth) {
$authplugin = get_auth_plugin($auth);
// on auth fail fall through to the next plugin
if (!$authplugin->user_login($username, $password)) {
continue;
}
// successful authentication
if ($user->id) {
// User already exists in database
if (empty($user->auth)) {
// For some reason auth isn't set yet
set_field('user', 'auth', $auth, 'username', $username);
$user->auth = $auth;
}
if (empty($user->firstaccess)) {
//prevent firstaccess from remaining 0 for manual account that never required confirmation
set_field('user', 'firstaccess', $user->timemodified, 'id', $user->id);
$user->firstaccess = $user->timemodified;
}
update_internal_user_password($user, $password);
// just in case salt or encoding were changed (magic quotes too one day)
if (!$authplugin->is_internal()) {
// update user record from external DB
$user = update_user_record($username, get_auth_plugin($user->auth));
}
} else {
// if user not found, create him
$user = create_user_record($username, $password, $auth);
}
$authplugin->sync_roles($user);
foreach ($authsenabled as $hau) {
$hauth = get_auth_plugin($hau);
$hauth->user_authenticated_hook($user, $username, $password);
}
/// Log in to a second system if necessary
/// NOTICE: /sso/ will be moved to auth and deprecated soon; use user_authenticated_hook() instead
if (!empty($CFG->sso)) {
include_once $CFG->dirroot . '/sso/' . $CFG->sso . '/lib.php';
if (function_exists('sso_user_login')) {
if (!sso_user_login($username, $password)) {
// Perform the signon process
notify('Second sign-on failed');
}
}
}
if ($user->id === 0) {
return false;
}
return $user;
}
// failed if all the plugins have failed
add_to_log(0, 'login', 'error', 'index.php', $username);
if (debugging('', DEBUG_ALL)) {
error_log('[client ' . getremoteaddr() . "] {$CFG->wwwroot} Failed Login: {$username} " . $_SERVER['HTTP_USER_AGENT']);
}
return false;
}
<?php
// $Id: login.php,v 1.3 2006/09/20 19:46:53 skodak Exp $
// login.php - action of the login form put up by expired.php.
require '../../config.php';
require 'lib.php';
require_login();
// get the login data
$frm = data_submitted('');
// log back into Hive
if (sso_user_login($frm->username, $frm->password)) {
/// reopen Hive
redirect($CFG->wwwroot . '/mod/resource/type/repository/hive/openlitebrowse.php');
} else {
redirect($CFG->wwwroot . '/sso/hive/expired.php');
}
?>
