/**
* @brief
*
* If somebody arrives at our site using a zat, authenticate them
*
*/
function zat_init()
{
if (local_channel() || remote_channel()) {
return;
}
$r = q("select * from atoken where atoken_token = '%s' limit 1", dbesc($_REQUEST['zat']));
if ($r) {
$xchan = atoken_xchan($r[0]);
atoken_login($xchan);
}
}
call_hooks('authenticate', $addon_auth);
$atoken = null;
$account = null;
if ($addon_auth['authenticated'] && count($addon_auth['user_record'])) {
$account = $addon_auth['user_record'];
} else {
$verify = account_verify_password($_POST['username'], $_POST['password']);
if ($verify) {
$atoken = $verify['xchan'];
$channel = $verify['channel'];
$account = App::$account = $verify['account'];
}
if (App::$account) {
$_SESSION['account_id'] = App::$account['account_id'];
} elseif ($atoken) {
atoken_login($atoken);
} else {
notice(t('Failed authentication') . EOL);
}
}
if (!($account || $atoken)) {
$error = 'authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR'];
logger($error);
// Also log failed logins to a separate auth log to reduce overhead for server side intrusion prevention
$authlog = get_config('system', 'authlog');
if ($authlog) {
@file_put_contents($authlog, datetime_convert() . ':' . session_id() . ' ' . $error . "\n", FILE_APPEND);
}
notice(t('Login failed.') . EOL);
goaway(z_root() . '/login');
}
