function auth_user_login($auth, $test_username, $test_password, $settings)
{
global $webDir;
$testauth = false;
switch ($auth) {
case '1':
$unamewhere = get_config('case_insensitive_usernames') ? "= " : "COLLATE utf8_bin = ";
$result = Database::get()->querySingle("SELECT password FROM user WHERE username {$unamewhere} ?s", $test_username);
if ($result) {
foreach ($result as $myrow) {
$hasher = new PasswordHash(8, false);
if ($hasher->CheckPassword($test_password, $myrow->password)) {
$testauth = true;
} else {
if (strlen($myrow->password) < 60 && md5($test_password) == $myrow->password) {
$testauth = true;
// password is in old md5 format, update transparently
$password_encrypted = $hasher->HashPassword($test_password);
Database::get()->query("UPDATE user SET password = ?s WHERE username COLLATE utf8_bin = ?s", $password_encrypted, $test_username);
}
}
}
}
break;
case '2':
$pop3 = new pop3_class();
$pop3->hostname = $settings['pop3host'];
// POP 3 server host name
$pop3->port = 110;
// POP 3 server host port
$user = $test_username;
// Authentication user name
$password = $test_password;
// Authentication password
$pop3->realm = '';
// Authentication realm or domain
$pop3->workstation = '';
// Workstation for NTLM authentication
$apop = 0;
// Use APOP authentication
$pop3->authentication_mechanism = 'USER';
// SASL authentication mechanism
$pop3->debug = 0;
// Output debug information
$pop3->html_debug = 1;
// Debug information is in HTML
$pop3->join_continuation_header_lines = 1;
// Concatenate headers split in multiple lines
if (($error = $pop3->Open()) == '') {
if (($error = $pop3->Login($user, $password, $apop)) == '') {
if ($error == '' and ($error = $pop3->Close()) == '') {
$testauth = true;
}
}
}
if ($error != '') {
$testauth = false;
}
break;
case '3':
$imaphost = $settings['imaphost'];
$imapauth = imap_auth($imaphost, $test_username, $test_password);
if ($imapauth) {
$testauth = true;
}
break;
case '4':
$ldap = ldap_connect($settings['ldaphost']);
if (!$ldap) {
$GLOBALS['auth_errors'] = 'Error connecting to LDAP host';
return false;
} else {
// LDAP connection established - now search for user dn
@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
if (@ldap_bind($ldap, $settings['ldapbind_dn'], $settings['ldapbind_pw'])) {
if (empty($settings['ldap_login_attr2'])) {
$search_filter = "({$settings['ldap_login_attr']}={$test_username})";
} else {
$search_filter = "(|({$settings['ldap_login_attr']}={$test_username})\n ({$settings['ldap_login_attr2']}={$test_username}))";
}
$userinforequest = ldap_search($ldap, $settings['ldap_base'], $search_filter);
if ($entry_id = ldap_first_entry($ldap, $userinforequest)) {
$user_dn = ldap_get_dn($ldap, $entry_id);
if (@ldap_bind($ldap, $user_dn, $test_password)) {
$testauth = true;
$userinfo = ldap_get_entries($ldap, $userinforequest);
if ($userinfo['count'] == 1) {
$lastname = get_ldap_attribute($userinfo, 'sn');
$firstname = get_ldap_attribute($userinfo, 'givenname');
if (empty($firstname)) {
$cn = get_ldap_attribute($userinfo, 'cn');
$firstname = trim(str_replace($lastname, '', $cn));
}
$GLOBALS['auth_user_info'] = array('firstname' => $firstname, 'lastname' => $lastname, 'email' => get_ldap_attribute($userinfo, 'mail'));
}
}
}
} else {
$GLOBALS['auth_errors'] = ldap_error($ldap);
return false;
}
@ldap_unbind($ldap);
}
break;
case '5':
$link = new Database($settings['dbhost'], $settings['dbname'], $settings['dbuser'], $settings['dbpass']);
if ($link) {
if ($link) {
$res = $link->querySingle("SELECT `{$settings['dbfieldpass']}`\n FROM `{$settings['dbtable']}`\n WHERE `{$settings['dbfielduser']}` = ?s", $test_username);
if ($res) {
$testauth = external_DB_Check_Pass($test_password, $res->{$settings}['dbfieldpass'], $settings['dbpassencr']);
}
}
}
break;
case '6':
$path = "{$webDir}secure/";
if (!file_exists($path)) {
if (!mkdir($path, 0700)) {
$testauth = false;
}
} else {
$indexfile = $path . 'index.php';
$index_regfile = $path . 'index_reg.php';
// creation of secure/index.php file
$f = fopen($indexfile, 'w');
$filecontents = '<?php
session_start();
$_SESSION[\'shib_email\'] = ' . $settings['shibemail'] . ';
$_SESSION[\'shib_uname\'] = ' . $settings['shibuname'] . ';
$_SESSION[\'shib_surname\'] = ' . $settings['shibcn'] . ';
header("Location: ../index.php");
';
if (fwrite($f, $filecontents)) {
$testauth = true;
}
fclose($f);
// creation of secure/index_reg.php
// used in professor request registration process via shibboleth
$f = fopen($index_regfile, "w");
$filecontents = '<?php
session_start();
$_SESSION[\'shib_email\'] = ' . $settings['shibemail'] . ';
$_SESSION[\'shib_uname\'] = ' . $settings['shibuname'] . ';
$_SESSION[\'shib_surname\'] = ' . $settings['shibcn'] . ';
$_SESSION[\'shib_status\'] = $_SERVER[\'unscoped-affiliation\'];
$_SESSION[\'shib_auth\'] = true;
header("Location: ../modules/auth/altsearch.php" . (isset($_GET["p"]) && $_GET["p"]? "?p=1": ""));
';
if (fwrite($f, $filecontents)) {
$testauth = true;
}
fclose($f);
}
break;
case '7':
cas_authenticate($auth);
if (phpCAS::checkAuthentication()) {
$testauth = true;
}
break;
}
return $testauth;
}
