/** * Take a username and password and try to authenticate the * user * * @param string $username * @param string $password * @return bool */ public function login($username, $password) { $sql = 'SELECT *, ' . db_format_tsfield('expiry') . ', ' . db_format_tsfield('lastlogin') . ', ' . db_format_tsfield('lastlastlogin') . ', ' . db_format_tsfield('lastaccess') . ', ' . db_format_tsfield('suspendedctime') . ', ' . db_format_tsfield('ctime') . ' FROM {usr} WHERE LOWER(username) = ?'; if (function_exists('mb_strtolower')) { $user = get_record_sql($sql, array(mb_strtolower($username, 'UTF-8'))); } else { $user = get_record_sql($sql, array(strtolower($username))); } if ($user == false) { throw new AuthUnknownUserException("\"{$username}\" is not known"); } if (isset($user->logintries) && $user->logintries >= MAXLOGINTRIES) { global $SESSION; $SESSION->add_error_msg(get_string('toomanytries', 'auth')); return false; } if (is_site_closed($user->admin)) { return false; } // Authentication instances that have parents do so because they cannot // use Mahara's normal login mechanism - for example, XMLRPC. If the // user is using one of these authentication instances, we look and try // to use the parent. // // There's no code here that prevents the authinstance being tried if // it has no parent, mainly because that's an extra database lookup for // the general case, and the authentication will probably just fail // anyway. (XMLRPC, for example, leaves implementation of // authenticate_user_account to the parent Auth class, which says 'not // authorised' by default). $instanceid = $user->authinstance; if ($parentid = get_field('auth_instance_config', 'value', 'field', 'parent', 'instance', $instanceid)) { $instanceid = $parentid; } // Check for a suspended institution // If a user in more than one institution and one of them is suspended // make sure their authinstance is not set to the suspended institution // otherwise they will not be able to login. $authinstance = get_record_sql(' SELECT i.suspended, i.displayname FROM {institution} i JOIN {auth_instance} a ON a.institution = i.name WHERE a.id = ?', array($instanceid)); if ($authinstance->suspended) { $sitename = get_config('sitename'); throw new AccessTotallyDeniedException(get_string('accesstotallydenied_institutionsuspended', 'mahara', $authinstance->displayname, $sitename)); return false; } $auth = AuthFactory::create($instanceid); // catch the AuthInstanceException that allows authentication plugins to // fail but pass onto the next possible plugin try { if ($auth->authenticate_user_account($user, $password)) { $this->authenticate($user, $auth->instanceid); return true; } } catch (AuthInstanceException $e) { return false; } // Display a message to users who are only allowed to login via their // external application. if ($auth->authloginmsg != '') { global $SESSION; $SESSION->add_error_msg(clean_html($auth->authloginmsg), false, 'loginbox'); } if (empty($user->logintries)) { $user->logintries = 0; } if ($user->logintries < MAXLOGINTRIES) { $record = get_record('usr', 'id', $user->id, null, null, null, null, 'id, logintries'); $record->logintries = $user->logintries + 1; update_record('usr', $record, false); } return false; }
public function login($email) { // This will do one of 3 things // 1 - If a user has an account, log them in // 2 - If a user doesn't have an account, and there is an auth method (which also has weautocreate), create acc and login // 3 - If a user doesn't have an account, and there is more than one auth method, show a registration page $sql = "SELECT\n a.id, i.name AS institutionname\n FROM\n {auth_instance} a\n JOIN\n {institution} i ON a.institution = i.name\n WHERE\n a.authname = 'browserid' AND\n i.suspended = 0"; $authinstances = get_records_sql_array($sql, array()); if (!$authinstances) { throw new ConfigException(get_string('browseridnotenabled', 'auth.browserid')); } $autocreate = array(); // Remember the authinstances that are happy to create users foreach ($authinstances as $authinstance) { $auth = AuthFactory::create($authinstance->id); $institutionjoin = ''; $institutionwhere = ''; $sqlvalues = array($email); if ($authinstance->institutionname != 'mahara') { // Make sure that user is in the right institution $institutionjoin = 'JOIN {usr_institution} ui ON ui.usr = u.id'; $institutionwhere = 'AND ui.institution = ?'; $sqlvalues[] = $authinstance->institutionname; } $sql = "SELECT\n u.*,\n " . db_format_tsfield('u.expiry', 'expiry') . ",\n " . db_format_tsfield('u.lastlogin', 'lastlogin') . ",\n " . db_format_tsfield('u.lastlastlogin', 'lastlastlogin') . ",\n " . db_format_tsfield('u.lastaccess', 'lastaccess') . ",\n " . db_format_tsfield('u.suspendedctime', 'suspendedctime') . ",\n " . db_format_tsfield('u.ctime', 'ctime') . "\n FROM\n {usr} u\n JOIN\n {artefact_internal_profile_email} a ON a.owner = u.id\n {$institutionjoin}\n WHERE\n a.verified = 1 AND\n a.email = ?\n {$institutionwhere}"; $user = get_record_sql($sql, $sqlvalues); if (!$user) { if ($auth->weautocreateusers) { if ($authinstance->institutionname == 'mahara') { array_unshift($autocreate, $auth); // Try "No Instititution" first when creating users below } else { $autocreate[] = $auth; } } continue; // skip to the next auth_instance } if (is_site_closed($user->admin)) { return false; } ensure_user_account_is_active($user); $this->authenticate($user, $auth->instanceid); return true; } foreach ($autocreate as $auth) { if (!($user = $auth->create_new_user($email))) { continue; } $this->authenticate($user, $auth->instanceid); return; } // Autocreation failed; try registration. list($form, $registerconfirm) = auth_generate_registration_form('register', 'browserid', '/register.php'); if (!$form) { throw new AuthUnknownUserException(get_string('emailnotfound', 'auth.browserid', $email)); } if (record_exists('usr', 'email', $email) || record_exists('artefact_internal_profile_email', 'email', $email)) { throw new AuthUnknownUserException(get_string('emailalreadytaken', 'auth.internal', $email)); } $form['elements']['email'] = array('type' => 'hidden', 'value' => $email); $form['elements']['authtype'] = array('type' => 'hidden', 'value' => 'browserid'); list($formhtml, $js) = auth_generate_registration_form_js($form, $registerconfirm); $registerdescription = get_string('registerwelcome'); if ($registerterms = get_config('registerterms')) { $registerdescription .= ' ' . get_string('registeragreeterms'); } $registerdescription .= ' ' . get_string('registerprivacy'); $smarty = smarty(); $smarty->assign('register_form', $formhtml); $smarty->assign('registerdescription', $registerdescription); if ($registerterms) { $smarty->assign('termsandconditions', get_site_page_content('termsandconditions')); } $smarty->assign('PAGEHEADING', get_string('register', 'auth.browserid')); $smarty->assign('INLINEJAVASCRIPT', $js); $smarty->display('register.tpl'); die; }