function auth_user_login($auth, $test_username, $test_password, $settings) { global $webDir; $testauth = false; switch ($auth) { case '1': $unamewhere = get_config('case_insensitive_usernames') ? "= " : "COLLATE utf8_bin = "; $result = Database::get()->querySingle("SELECT password FROM user WHERE username {$unamewhere} ?s", $test_username); if ($result) { foreach ($result as $myrow) { $hasher = new PasswordHash(8, false); if ($hasher->CheckPassword($test_password, $myrow->password)) { $testauth = true; } else { if (strlen($myrow->password) < 60 && md5($test_password) == $myrow->password) { $testauth = true; // password is in old md5 format, update transparently $password_encrypted = $hasher->HashPassword($test_password); Database::get()->query("UPDATE user SET password = ?s WHERE username COLLATE utf8_bin = ?s", $password_encrypted, $test_username); } } } } break; case '2': $pop3 = new pop3_class(); $pop3->hostname = $settings['pop3host']; // POP 3 server host name $pop3->port = 110; // POP 3 server host port $user = $test_username; // Authentication user name $password = $test_password; // Authentication password $pop3->realm = ''; // Authentication realm or domain $pop3->workstation = ''; // Workstation for NTLM authentication $apop = 0; // Use APOP authentication $pop3->authentication_mechanism = 'USER'; // SASL authentication mechanism $pop3->debug = 0; // Output debug information $pop3->html_debug = 1; // Debug information is in HTML $pop3->join_continuation_header_lines = 1; // Concatenate headers split in multiple lines if (($error = $pop3->Open()) == '') { if (($error = $pop3->Login($user, $password, $apop)) == '') { if ($error == '' and ($error = $pop3->Close()) == '') { $testauth = true; } } } if ($error != '') { $testauth = false; } break; case '3': $imaphost = $settings['imaphost']; $imapauth = imap_auth($imaphost, $test_username, $test_password); if ($imapauth) { $testauth = true; } break; case '4': $ldap = ldap_connect($settings['ldaphost']); if (!$ldap) { $GLOBALS['auth_errors'] = 'Error connecting to LDAP host'; return false; } else { // LDAP connection established - now search for user dn @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); if (@ldap_bind($ldap, $settings['ldapbind_dn'], $settings['ldapbind_pw'])) { if (empty($settings['ldap_login_attr2'])) { $search_filter = "({$settings['ldap_login_attr']}={$test_username})"; } else { $search_filter = "(|({$settings['ldap_login_attr']}={$test_username})\n ({$settings['ldap_login_attr2']}={$test_username}))"; } $userinforequest = ldap_search($ldap, $settings['ldap_base'], $search_filter); if ($entry_id = ldap_first_entry($ldap, $userinforequest)) { $user_dn = ldap_get_dn($ldap, $entry_id); if (@ldap_bind($ldap, $user_dn, $test_password)) { $testauth = true; $userinfo = ldap_get_entries($ldap, $userinforequest); if ($userinfo['count'] == 1) { $lastname = get_ldap_attribute($userinfo, 'sn'); $firstname = get_ldap_attribute($userinfo, 'givenname'); if (empty($firstname)) { $cn = get_ldap_attribute($userinfo, 'cn'); $firstname = trim(str_replace($lastname, '', $cn)); } $GLOBALS['auth_user_info'] = array('firstname' => $firstname, 'lastname' => $lastname, 'email' => get_ldap_attribute($userinfo, 'mail')); } } } } else { $GLOBALS['auth_errors'] = ldap_error($ldap); return false; } @ldap_unbind($ldap); } break; case '5': $link = new Database($settings['dbhost'], $settings['dbname'], $settings['dbuser'], $settings['dbpass']); if ($link) { if ($link) { $res = $link->querySingle("SELECT `{$settings['dbfieldpass']}`\n FROM `{$settings['dbtable']}`\n WHERE `{$settings['dbfielduser']}` = ?s", $test_username); if ($res) { $testauth = external_DB_Check_Pass($test_password, $res->{$settings}['dbfieldpass'], $settings['dbpassencr']); } } } break; case '6': $path = "{$webDir}secure/"; if (!file_exists($path)) { if (!mkdir($path, 0700)) { $testauth = false; } } else { $indexfile = $path . 'index.php'; $index_regfile = $path . 'index_reg.php'; // creation of secure/index.php file $f = fopen($indexfile, 'w'); $filecontents = '<?php session_start(); $_SESSION[\'shib_email\'] = ' . $settings['shibemail'] . '; $_SESSION[\'shib_uname\'] = ' . $settings['shibuname'] . '; $_SESSION[\'shib_surname\'] = ' . $settings['shibcn'] . '; header("Location: ../index.php"); '; if (fwrite($f, $filecontents)) { $testauth = true; } fclose($f); // creation of secure/index_reg.php // used in professor request registration process via shibboleth $f = fopen($index_regfile, "w"); $filecontents = '<?php session_start(); $_SESSION[\'shib_email\'] = ' . $settings['shibemail'] . '; $_SESSION[\'shib_uname\'] = ' . $settings['shibuname'] . '; $_SESSION[\'shib_surname\'] = ' . $settings['shibcn'] . '; $_SESSION[\'shib_status\'] = $_SERVER[\'unscoped-affiliation\']; $_SESSION[\'shib_auth\'] = true; header("Location: ../modules/auth/altsearch.php" . (isset($_GET["p"]) && $_GET["p"]? "?p=1": "")); '; if (fwrite($f, $filecontents)) { $testauth = true; } fclose($f); } break; case '7': cas_authenticate($auth); if (phpCAS::checkAuthentication()) { $testauth = true; } break; } return $testauth; }