Example #1
0
    /* Create the new user */
    $GLOBALS['user'] = User::get_from_username($_SESSION['userdata']['username']);
    /* If the user ID doesn't exist deny them */
    if (!$GLOBALS['user']->id && !AmpConfig::get('demo_mode')) {
        Auth::logout(session_id());
        exit;
    }
    /* Load preferences and theme */
    $GLOBALS['user']->update_last_seen();
} elseif (!AmpConfig::get('use_auth')) {
    $auth['success'] = 1;
    $auth['username'] = '-1';
    $auth['fullname'] = "Ampache User";
    $auth['id'] = -1;
    $auth['offset_limit'] = 50;
    $auth['access'] = AmpConfig::get('default_auth_level') ? User::access_name_to_level(AmpConfig::get('default_auth_level')) : '100';
    if (!Session::exists('interface', $_COOKIE[AmpConfig::get('session_name')])) {
        Session::create_cookie();
        Session::create($auth);
        Session::check();
        $GLOBALS['user'] = new User($auth['username']);
        $GLOBALS['user']->username = $auth['username'];
        $GLOBALS['user']->fullname = $auth['fullname'];
        $GLOBALS['user']->access = $auth['access'];
    } else {
        Session::check();
        if ($_SESSION['userdata']['username']) {
            $GLOBALS['user'] = User::get_from_username($_SESSION['userdata']['username']);
        } else {
            $GLOBALS['user'] = new User($auth['username']);
            $GLOBALS['user']->id = '-1';
Example #2
0
     $auth['success'] = false;
     Error::add('general', T_('User Disabled please contact Admin'));
     debug_event('Login', scrub_out($username) . ' is disabled and attempted to login', '1');
 } elseif (AmpConfig::get('prevent_multiple_logins')) {
     $session_ip = $user->is_logged_in();
     $current_ip = inet_pton($_SERVER['REMOTE_ADDR']);
     if ($current_ip && $current_ip != $session_ip) {
         $auth['success'] = false;
         Error::add('general', T_('User Already Logged in'));
         debug_event('Login', scrub_out($username) . ' is already logged in from ' . $session_ip . ' and attempted to login from ' . $current_ip, '1');
     }
     // if logged in multiple times
 } elseif (AmpConfig::get('auto_create') && $auth['success'] && !$user->username) {
     /* This is run if we want to autocreate users who don't
        exist (useful for non-mysql auth) */
     $access = AmpConfig::get('auto_user') ? User::access_name_to_level(AmpConfig::get('auto_user')) : '5';
     $name = $auth['name'];
     $email = $auth['email'];
     $website = $auth['website'];
     /* Attempt to create the user */
     if (User::create($username, $name, $email, $website, hash('sha256', mt_rand()), $access)) {
         $user = User::get_from_username($username);
     } else {
         $auth['success'] = false;
         Error::add('general', T_('Unable to create local account'));
     }
 }
 // End if auto_create
 // This allows stealing passwords validated by external means
 // such as LDAP
 if (AmpConfig::get('auth_password_save') && $auth['success'] && isset($password)) {