/**
  * Log the user from its credentials
  * @static
  * @param string $user_id The user id
  * @param string $pwd The password
  * @param bool $bypass_pwd Ignore password or not
  * @param bool $cookieLogin Is it a logging from the remember me cookie?
  * @param string $returnSeed The unique seed
  * @return int
  */
 static function logUser($user_id, $pwd, $bypass_pwd = false, $cookieLogin = false, $returnSeed = "")
 {
     $user_id = self::filterUserSensitivity($user_id);
     if ($cookieLogin && !isset($_COOKIE["AjaXplorer-remember"])) {
         return -5;
         // SILENT IGNORE
     }
     if ($cookieLogin) {
         list($user_id, $pwd) = explode(":", $_COOKIE["AjaXplorer-remember"]);
     }
     $confDriver = ConfService::getConfStorageImpl();
     if ($user_id == null) {
         if (isset($_SESSION["AJXP_USER"]) && is_object($_SESSION["AJXP_USER"])) {
             return 1;
         }
         if (ConfService::getCoreConf("ALLOW_GUEST_BROWSING", "auth")) {
             $authDriver = ConfService::getAuthDriverImpl();
             if (!$authDriver->userExists("guest")) {
                 AuthService::createUser("guest", "");
                 $guest = $confDriver->createUserObject("guest");
                 $guest->save("superuser");
             }
             AuthService::logUser("guest", null);
             return 1;
         }
         return 0;
     }
     $authDriver = ConfService::getAuthDriverImpl();
     // CHECK USER PASSWORD HERE!
     $loginAttempt = AuthService::getBruteForceLoginArray();
     $bruteForceLogin = AuthService::checkBruteForceLogin($loginAttempt);
     AuthService::setBruteForceLoginArray($loginAttempt);
     if (!$authDriver->userExists($user_id)) {
         if ($bruteForceLogin === FALSE) {
             return -4;
         } else {
             return 0;
         }
     }
     if (!$bypass_pwd) {
         if (!AuthService::checkPassword($user_id, $pwd, $cookieLogin, $returnSeed)) {
             if ($bruteForceLogin === FALSE) {
                 return -4;
             } else {
                 if ($cookieLogin) {
                     return -5;
                 }
                 return -1;
             }
         }
     }
     // Successful login attempt
     unset($loginAttempt[$_SERVER["REMOTE_ADDR"]]);
     AuthService::setBruteForceLoginArray($loginAttempt);
     // Setting session credentials if asked in config
     if (ConfService::getCoreConf("SESSION_SET_CREDENTIALS", "auth")) {
         list($authId, $authPwd) = $authDriver->filterCredentials($user_id, $pwd);
         AJXP_Safe::storeCredentials($authId, $authPwd);
     }
     $user = $confDriver->createUserObject($user_id);
     if ($authDriver->isAjxpAdmin($user_id)) {
         $user->setAdmin(true);
     }
     if ($user->isAdmin()) {
         $user = AuthService::updateAdminRights($user);
     } else {
         if (!$user->hasParent() && $user_id != "guest") {
             //$user->setRight("ajxp_shared", "rw");
         }
     }
     $_SESSION["AJXP_USER"] = $user;
     if ($authDriver->autoCreateUser() && !$user->storageExists()) {
         $user->save("superuser");
         // make sure update rights now
     }
     AJXP_Logger::logAction("Log In");
     return 1;
 }
Ejemplo n.º 2
0
 function logUser($user_id, $pwd, $bypass_pwd = false, $cookieLogin = false, $returnSeed = "")
 {
     $confDriver = ConfService::getConfStorageImpl();
     if ($user_id == null) {
         if (isset($_SESSION["AJXP_USER"]) && is_object($_SESSION["AJXP_USER"])) {
             return 1;
         }
         if (ALLOW_GUEST_BROWSING) {
             $authDriver = ConfService::getAuthDriverImpl();
             if (!$authDriver->userExists("guest")) {
                 AuthService::createUser("guest", "");
                 $guest = $confDriver->createUserObject("guest");
                 $guest->save();
             }
             AuthService::logUser("guest", null);
             return 1;
         }
         return 0;
     }
     $authDriver = ConfService::getAuthDriverImpl();
     // CHECK USER PASSWORD HERE!
     $loginAttempt = AuthService::getBruteForceLoginArray();
     $bruteForceLogin = AuthService::checkBruteForceLogin($loginAttempt);
     AuthService::setBruteForceLoginArray($loginAttempt);
     if ($bruteForceLogin === FALSE) {
         return -1;
     }
     if (!$authDriver->userExists($user_id)) {
         return 0;
     }
     if (!$bypass_pwd) {
         if (!AuthService::checkPassword($user_id, $pwd, $cookieLogin, $returnSeed)) {
             return -1;
         }
     }
     // Successful login attempt
     unset($loginAttempt[$_SERVER["REMOTE_ADDR"]]);
     AuthService::setBruteForceLoginArray($loginAttempt);
     $user = $confDriver->createUserObject($user_id);
     if ($authDriver->isAjxpAdmin($user_id)) {
         $user->setAdmin(true);
     }
     if ($user->isAdmin()) {
         $user = AuthService::updateAdminRights($user);
     }
     $_SESSION["AJXP_USER"] = $user;
     if ($authDriver->autoCreateUser() && !$user->storageExists()) {
         $user->save();
     }
     AJXP_Logger::logAction("Log In");
     return 1;
 }