function isLoggedIn() { global $login; // $login['user_id'], $login['user_password'] // password is a hash (from getPasswordHash ()) if (!isset($login['user_id']) || $login['user_id'] == '' || $login['user_id'] == '0' || $login['user_password'] == '') { return FALSE; } else { $external_failed = false; $Q_login = mysql_query("select user_id, deactivated, user_password_complex, user_password_lastchanged from `users` where user_id = '" . $login['user_id'] . "' and user_password = '******'user_password'] . "' limit 1"); if (mysql_num_rows($Q_login) > '0') { $is_external = isExternal(); if ($is_external) { try { $user_login = array('user_password_lastchanged' => mysql_result($Q_login, 0, 'user_password_lastchanged')); loginPWcheckAge($user_login); } catch (Exception $e) { return false; } } if (mysql_result($Q_login, 0, 'deactivated')) { return false; } elseif ($is_external && !mysql_result($Q_login, 0, 'user_password_complex')) { return false; } elseif (!$external_failed) { return TRUE; } } else { return FALSE; } } return FALSE; }
/** * Check if a username+password pair is a valid login. * The name will be normalized to MediaWiki's requirements, so * you might need to munge it (for instance, for lowercase initial * letters). * * @param $username String: username. * @param $password String: user password. * @return bool * @public */ function authenticate($user, $pass) { if ($this->debug) { echo 'authenticate<br>'; } $user = strtolower(addslashes(htmlspecialchars(strip_tags($user), ENT_QUOTES))); // Username $pass = getPasswordHash($pass); if (isset($GLOBALS['authpluginjmTillatteBrukere']) && !in_array(strtolower($username), $GLOBALS['authpluginjmTillatteBrukere'])) { return false; } $is_external = isExternal(); if ($this->debug) { echo 'is_external=' . $is_external . '<br>'; } // Checking against database $Q_login = mysql_query("select user_id, deactivated, user_password_complex, user_password_lastchanged from `users` where lower(user_name_short) = '" . $user . "' and user_password = '******' limit 1", $this->database); if (mysql_num_rows($Q_login) > '0') { if ($is_external) { try { $user_login = array('user_password_lastchanged' => mysql_result($Q_login, 0, 'user_password_lastchanged')); loginPWcheckAge($user_login); } catch (Exception $e) { if ($this->debug) { echo 'auth failed, password to old for external user<br>'; } return false; } } if (mysql_result($Q_login, 0, 'deactivated')) { if ($this->debug) { echo 'auth failed, user deactivated<br>'; } return false; } elseif ($is_external && !mysql_result($Q_login, 0, 'user_password_complex')) { if ($this->debug) { echo 'auth failed, password not complex for external user<br>'; } return false; } elseif (!$external_failed) { if ($this->debug) { echo 'auth=true<br>'; } return true; } } else { if ($this->debug) { echo 'auth failed, user not found (' . $user . ', ' . $pass . ')<br>'; } return false; } }
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ /* JM-booking - login */ include 'glob_inc.inc.php'; $deactivated = false; $external_failed = false; $complex_failed = false; $age_failed = false; $is_external = isExternal(); if (isset($_POST['WEBAUTH_USER'])) { $user = getUserName(); $pass = getUserPassword(); // Check if we do not have a username/password if (empty($user) || empty($pass)) { } else { $user = slashes(htmlspecialchars(strip_tags($user), ENT_QUOTES)); // Username $pass = getPasswordHash($pass); // Checking against database $Q_login = mysql_query("select user_id, deactivated, user_password_complex, user_password_lastchanged from `users` where user_name_short = '" . $user . "' and user_password = '******' limit 1"); if (mysql_num_rows($Q_login) > '0') { if ($is_external) { try { $user_login = array('user_password_lastchanged' => mysql_result($Q_login, 0, 'user_password_lastchanged'));