function attemptLogin()
{
$user = getUserByUsernameOrEmail($_POST['username']);
$login_ok = $user != null && isValidLogin($user, $_POST['password']);
if ($login_ok) {
setUserSession($user);
}
routeOnSuccessfulLoginOrReturnError($login_ok);
}
}
};
};
$app->post('/login', function () use($app) {
try {
// get user and pass from post if from form as dataType=html
//$username = $app->request->post('username');
//$password = $app->request->post('password');
// get user and pass from post - get and decode JSON request body
$body = $app->request()->getBody();
$input = json_decode($body);
$username = (string) $input->username;
$password = (string) $input->password;
// this is how you can check what has been passed. Look into responds from ajaxPost.php
//var_dump($password);
if (isValidLogin($username, $password)) {
// if username and pass are valid set Cookie
$app->setCookie('username', $username, '1 day');
$app->setCookie('password', $password, '1 day');
$app->response()->header('Content-Type', 'application/json');
$app->response()->status(200);
// OK
echo json_encode(array('operation' => 'login', 'status' => 'ok'));
} else {
throw new AuthenticateFailedException();
}
} catch (AuthenticateFailedException $e) {
$app->response()->status(401);
$app->response()->header('X-Status-Reason', 'Login failure');
} catch (Exception $e) {
$app->response()->status(400);
/**
* Try to get login of external auth method
*
* @param $authtype extenral auth type
*
* @return boolean : user login success
**/
function getAlternateAuthSystemsUserLogin($authtype = 0)
{
global $CFG_GLPI;
switch ($authtype) {
case self::CAS:
include GLPI_PHPCAS;
phpCAS::client(CAS_VERSION_2_0, $CFG_GLPI["cas_host"], intval($CFG_GLPI["cas_port"]), $CFG_GLPI["cas_uri"], false);
// no SSL validation for the CAS server
phpCAS::setNoCasServerValidation();
// force CAS authentication
phpCAS::forceAuthentication();
$this->user->fields['name'] = phpCAS::getUser();
return true;
case self::EXTERNAL:
$login_string = $_SERVER[$CFG_GLPI["existing_auth_server_field"]];
$login = $login_string;
$pos = stripos($login_string, "\\");
if (!$pos === false) {
$login = substr($login_string, $pos + 1);
}
if ($CFG_GLPI['existing_auth_server_field_clean_domain']) {
$pos = stripos($login, "@");
if (!$pos === false) {
$login = substr($login, 0, $pos);
}
}
if (isValidLogin($login)) {
$this->user->fields['name'] = $login;
return true;
}
break;
case self::X509:
// From eGroupWare http://www.egroupware.org
// an X.509 subject looks like:
// CN=john.doe/OU=Department/O=Company/C=xx/Email=john@comapy.tld/L=City/
$sslattribs = explode('/', $_SERVER['SSL_CLIENT_S_DN']);
while ($sslattrib = next($sslattribs)) {
list($key, $val) = explode('=', $sslattrib);
$sslattributes[$key] = $val;
}
if (isset($sslattributes[$CFG_GLPI["x509_email_field"]]) && NotificationMail::isUserAddressValid($sslattributes[$CFG_GLPI["x509_email_field"]]) && isValidLogin($sslattributes[$CFG_GLPI["x509_email_field"]])) {
$this->user->fields['name'] = $sslattributes[$CFG_GLPI["x509_email_field"]];
// Can do other things if need : only add it here
$this->user->fields['email'] = $this->user->fields['name'];
return true;
}
break;
}
return false;
}
