Example #1
0
 public static function getValidUsersDB($userIDs)
 {
     if (!$userIDs) {
         return array();
     }
     $invalid = array();
     // Get any of these users that are known to be invalid
     $sql = "SELECT UserID FROM LUM_User WHERE RoleID=2 AND UserID IN (" . implode(', ', array_fill(0, sizeOf($userIDs), '?')) . ")";
     try {
         $invalid = Zotero_WWW_DB_2::columnQuery($sql, $userIDs);
         Zotero_WWW_DB_2::close();
     } catch (Exception $e) {
         try {
             Z_Core::logError("WARNING: {$e} -- retrying on primary");
             $invalid = Zotero_WWW_DB_1::columnQuery($sql, $userIDs);
             Zotero_WWW_DB_1::close();
         } catch (Exception $e2) {
             Z_Core::logError("WARNING: " . $e2);
             // If not available, assume valid
         }
     }
     if ($invalid) {
         $userIDs = array_diff($userIDs, $invalid);
     }
     return $userIDs;
 }
Example #2
0
 public static function authenticate($data)
 {
     $salt = Z_CONFIG::$AUTH_SALT;
     // TODO: config
     $dev = Z_ENV_TESTING_SITE ? "_test" : "";
     $databaseName = "zotero_www{$dev}";
     $username = $data['username'];
     $password = $data['password'];
     $isEmailAddress = strpos($username, '@') !== false;
     $cacheKey = 'userAuthHash_' . hash('sha256', $username . $password);
     $userID = Z_Core::$MC->get($cacheKey);
     if ($userID) {
         return $userID;
     }
     // Username
     if (!$isEmailAddress) {
         $sql = "SELECT userID, username, password AS hash FROM {$databaseName}.users WHERE username=?";
         $params = [$username];
     } else {
         $sql = "SELECT userID, username, password AS hash FROM {$databaseName}.users\n\t\t\t   WHERE username = ?\n\t\t\t   UNION\n\t\t\t   SELECT userID, username, password AS hash FROM {$databaseName}.users\n\t\t\t   WHERE email = ?\n\t\t\t   ORDER BY username = ? DESC";
         $params = [$username, $username, $username];
     }
     try {
         $retry = true;
         $rows = Zotero_WWW_DB_2::query($sql, $params);
         Zotero_WWW_DB_2::close();
         if (!$rows) {
             $retry = false;
             $rows = Zotero_WWW_DB_1::query($sql, $params);
             Zotero_WWW_DB_1::close();
         }
     } catch (Exception $e) {
         if ($retry) {
             Z_Core::logError("WARNING: {$e} -- retrying on primary");
             $rows = Zotero_WWW_DB_1::query($sql, $params);
             Zotero_WWW_DB_1::close();
         }
     }
     if (!$rows) {
         return false;
     }
     $found = false;
     foreach ($rows as $row) {
         // Try bcrypt
         $found = password_verify($password, $row['hash']);
         // Try salted SHA1
         if (!$found) {
             $found = sha1($salt . $password) == $row['hash'];
         }
         // Try MD5
         if (!$found) {
             $found = md5($password) == $row['hash'];
         }
         if ($found) {
             $foundRow = $row;
             break;
         }
     }
     if (!$found) {
         return false;
     }
     self::updateUser($foundRow['userID'], $foundRow['username']);
     Z_Core::$MC->set($cacheKey, $foundRow['userID'], 60);
     return $foundRow['userID'];
 }