/**
* Perform standard authentication with a given username and password.
* Returns an ElggUser object for use with login.
*
* @see login
* @param string $username The username, optionally (for standard logins)
* @param string $password The password, optionally (for standard logins)
* @return ElggUser|false The authenticated user object, or false on failure.
*/
function authenticate($username, $password)
{
if (pam_authenticate(array('username' => $username, 'password' => $password))) {
return get_user_by_username($username);
}
return false;
}
public function testApiAuthenticate()
{
$this->assertFalse(pam_authenticate(null, "api"));
}
// Check to see if the api is available
if (isset($CONFIG->disable_api) && $CONFIG->disable_api == true) {
throw new SecurityException(elgg_echo('SecurityException:APIAccessDenied'));
}
// Register some default PAM methods, plugins can add their own
register_pam_handler('pam_auth_session_or_hmac');
// Command must either be authenticated by a hmac or the user is already logged in
register_pam_handler('pam_auth_usertoken', 'required');
// Either token present and valid OR method doesn't require one.
register_pam_handler('pam_auth_anonymous_method');
// Support anonymous functions
// Get parameter variables
$method = get_input('method');
$result = null;
// Authenticate session
if (pam_authenticate()) {
// Authenticated somehow, now execute.
$token = "";
$params = get_parameters_for_method($method);
// Use $CONFIG->input instead of $_REQUEST since this is called by the pagehandler
if (isset($params['auth_token'])) {
$token = $params['auth_token'];
}
$result = execute_method($method, $params, $token);
} else {
throw new SecurityException(elgg_echo('SecurityException:NoAuthMethods'));
}
// Finally output
if (!$result instanceof GenericResult) {
throw new APIException(elgg_echo('APIException:ApiResultUnknown'));
}
function profile_manager_authenticate($username, $password)
{
$result = false;
if (pam_authenticate(array("username" => $username, "password" => $password))) {
if (($users = get_user_by_email($username)) && count($users) == 1) {
$result = $users[0];
} elseif ($user = get_user_by_username($username)) {
$result = $user;
}
}
return $result;
}
/**
* Check that the method call has the proper API and user authentication
* @param string $method The api name that was exposed
* @return true or throws an exception
* @throws APIException
*/
function authenticate_method($method)
{
global $API_METHODS;
// method must be exposed
if (!isset($API_METHODS[$method])) {
throw new APIException(sprintf(elgg_echo('APIException:MethodCallNotImplemented'), $method));
}
// make sure that POST variables are available if relevant
if (get_call_method() === 'POST') {
include_post_data();
}
// check API authentication if required
if ($API_METHODS[$method]["require_api_auth"] == true) {
if (pam_authenticate(null, "api") == false) {
throw new APIException(elgg_echo('APIException:APIAuthenticationFailed'));
}
}
// check user authentication if required
if ($API_METHODS[$method]["require_user_auth"] == true) {
if (pam_authenticate() == false) {
throw new APIException(elgg_echo('APIException:UserAuthenticationFailed'));
}
}
return true;
}
