/** * @brief * * If somebody arrives at our site using a zat, authenticate them * */ function zat_init() { if (local_channel() || remote_channel()) { return; } $r = q("select * from atoken where atoken_token = '%s' limit 1", dbesc($_REQUEST['zat'])); if ($r) { $xchan = atoken_xchan($r[0]); atoken_login($xchan); } }
call_hooks('authenticate', $addon_auth); $atoken = null; $account = null; if ($addon_auth['authenticated'] && count($addon_auth['user_record'])) { $account = $addon_auth['user_record']; } else { $verify = account_verify_password($_POST['username'], $_POST['password']); if ($verify) { $atoken = $verify['xchan']; $channel = $verify['channel']; $account = App::$account = $verify['account']; } if (App::$account) { $_SESSION['account_id'] = App::$account['account_id']; } elseif ($atoken) { atoken_login($atoken); } else { notice(t('Failed authentication') . EOL); } } if (!($account || $atoken)) { $error = 'authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR']; logger($error); // Also log failed logins to a separate auth log to reduce overhead for server side intrusion prevention $authlog = get_config('system', 'authlog'); if ($authlog) { @file_put_contents($authlog, datetime_convert() . ':' . session_id() . ' ' . $error . "\n", FILE_APPEND); } notice(t('Login failed.') . EOL); goaway(z_root() . '/login'); }