function attemptLogin() { $user = getUserByUsernameOrEmail($_POST['username']); $login_ok = $user != null && isValidLogin($user, $_POST['password']); if ($login_ok) { setUserSession($user); } routeOnSuccessfulLoginOrReturnError($login_ok); }
} }; }; $app->post('/login', function () use($app) { try { // get user and pass from post if from form as dataType=html //$username = $app->request->post('username'); //$password = $app->request->post('password'); // get user and pass from post - get and decode JSON request body $body = $app->request()->getBody(); $input = json_decode($body); $username = (string) $input->username; $password = (string) $input->password; // this is how you can check what has been passed. Look into responds from ajaxPost.php //var_dump($password); if (isValidLogin($username, $password)) { // if username and pass are valid set Cookie $app->setCookie('username', $username, '1 day'); $app->setCookie('password', $password, '1 day'); $app->response()->header('Content-Type', 'application/json'); $app->response()->status(200); // OK echo json_encode(array('operation' => 'login', 'status' => 'ok')); } else { throw new AuthenticateFailedException(); } } catch (AuthenticateFailedException $e) { $app->response()->status(401); $app->response()->header('X-Status-Reason', 'Login failure'); } catch (Exception $e) { $app->response()->status(400);
/** * Try to get login of external auth method * * @param $authtype extenral auth type * * @return boolean : user login success **/ function getAlternateAuthSystemsUserLogin($authtype = 0) { global $CFG_GLPI; switch ($authtype) { case self::CAS: include GLPI_PHPCAS; phpCAS::client(CAS_VERSION_2_0, $CFG_GLPI["cas_host"], intval($CFG_GLPI["cas_port"]), $CFG_GLPI["cas_uri"], false); // no SSL validation for the CAS server phpCAS::setNoCasServerValidation(); // force CAS authentication phpCAS::forceAuthentication(); $this->user->fields['name'] = phpCAS::getUser(); return true; case self::EXTERNAL: $login_string = $_SERVER[$CFG_GLPI["existing_auth_server_field"]]; $login = $login_string; $pos = stripos($login_string, "\\"); if (!$pos === false) { $login = substr($login_string, $pos + 1); } if ($CFG_GLPI['existing_auth_server_field_clean_domain']) { $pos = stripos($login, "@"); if (!$pos === false) { $login = substr($login, 0, $pos); } } if (isValidLogin($login)) { $this->user->fields['name'] = $login; return true; } break; case self::X509: // From eGroupWare http://www.egroupware.org // an X.509 subject looks like: // CN=john.doe/OU=Department/O=Company/C=xx/Email=john@comapy.tld/L=City/ $sslattribs = explode('/', $_SERVER['SSL_CLIENT_S_DN']); while ($sslattrib = next($sslattribs)) { list($key, $val) = explode('=', $sslattrib); $sslattributes[$key] = $val; } if (isset($sslattributes[$CFG_GLPI["x509_email_field"]]) && NotificationMail::isUserAddressValid($sslattributes[$CFG_GLPI["x509_email_field"]]) && isValidLogin($sslattributes[$CFG_GLPI["x509_email_field"]])) { $this->user->fields['name'] = $sslattributes[$CFG_GLPI["x509_email_field"]]; // Can do other things if need : only add it here $this->user->fields['email'] = $this->user->fields['name']; return true; } break; } return false; }