/** * Authenticate the user login * * @return array * @param username * @param password * */ function api_authenticate_user($username, $password) { global $config, $ds, $rad; $auth_file = $config['html_dir'] . '/includes/authentication/' . $config['auth_mechanism'] . '.inc.php'; if (!is_file($auth_file)) { print_error('ERROR: no valid auth_mechanism defined!'); exit; } include $auth_file; // Include base auth functions calls include $config['html_dir'] . '/includes/authenticate-functions.inc.php'; $res = array('id' => '', 'level' => 0); if (authenticate($username, $password)) { $res['id'] = auth_user_id($username); $res['level'] = auth_user_level($username); } /** $row = dbFetchRow("SELECT user_id, username, password, level FROM `users` WHERE `username` = ?", array($username)); if ($row['username'] && $row['username'] == $username) { if ($row['password'] == crypt($password, $row['password'])) { $res = array("id"=>$row['user_id'], "level"=>$row['level']); } } */ api_show_debug("Returned User authentification", $res); return $res; }
/** * Authenticate the user login * * @return array * @param username * @param password * */ function api_authenticate_user($username, $password) { global $config, $ds, $rad; if (!file_exists('includes/authentication/' . $config['auth_mechanism'] . '.inc.php')) { print_error('ERROR: no valid auth_mechanism defined!'); exit; } include 'includes/authentication/' . $config['auth_mechanism'] . '.inc.php'; $res = array('id' => '', 'level' => 0); if (authenticate($username, $password)) { $res['id'] = auth_user_id($username); $res['level'] = auth_user_level($username); } /** $row = dbFetchRow("SELECT user_id, username, password, level FROM `users` WHERE `username` = ?", array($username)); if ($row['username'] && $row['username'] == $username) { if ($row['password'] == crypt($password, $row['password'])) { $res = array("id"=>$row['user_id'], "level"=>$row['level']); } } */ api_show_debug("返回用户认证", $res); return $res; }
dbInsert(array('user_encpass' => $encpass, 'expire' => $cookie_expire, 'username' => $_SESSION['username'], 'user_uniq' => $user_unique_id, 'user_ckey' => $ckey), 'users_ckeys'); setcookie("ckey", $ckey, $cookie_expire, $cookie_path, $cookie_domain, $cookie_https, $cookie_httponly); setcookie("dkey", $dkey, $cookie_expire, $cookie_path, $cookie_domain, $cookie_https, $cookie_httponly); unset($_SESSION['user_ckey_id']); } } else { if (!$_SESSION['authenticated']) { // Not authenticated $_SESSION['auth_message'] = "Authentication Failed"; session_logout(function_exists('auth_require_login')); } } // Retrieve user ID and permissions if ($_SESSION['authenticated']) { if (!is_numeric($_SESSION['userlevel']) || !is_numeric($_SESSION['user_id'])) { $_SESSION['userlevel'] = auth_user_level($_SESSION['username']); $_SESSION['user_id'] = auth_user_id($_SESSION['username']); } $level_permissions = auth_user_level_permissions($_SESSION['userlevel']); // If userlevel == 0 - user disabled an can not be logon if (!$level_permissions['permission_access']) { $_SESSION['auth_message'] = 'User login disabled'; session_logout(FALSE, 'User disabled'); header('Location: ' . $config['base_url']); exit; } else { if (!isset($_SESSION['user_limited']) || $_SESSION['user_limited'] != $level_permissions['limited']) { // Store user limited flag, required for quick permissions list generate $_SESSION['user_limited'] = $level_permissions['limited']; } }
$status = dbUpdate($update_array, 'users', '`user_id` = ?', array($vars['user_id'])); } if ($status) { print_success("User Info Changed."); } else { print_error("User Info not changed."); } } break; } if ($status) { // Reload user info //$user_data = dbFetchRow("SELECT * FROM `users` WHERE `user_id` = ?", array($vars['user_id'])); $user_data['username'] = auth_username_by_id($vars['user_id']); $user_data = auth_user_info($user_data['username']); $user_data['level'] = auth_user_level($user_data['username']); humanize_user($user_data); // Get level_label, level_real, label_class, row_class, etc } } // FIXME broken PoS code. /* if ($vars['action'] == "becomeuser") { $_SESSION['origusername'] = $_SESSION['username']; $_SESSION['username'] = $user_data['username']; header('Location: '.$config['base_url']); dbInsert(array('user' => $_SESSION['origusername'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => 'Became ' . $_SESSION['username']), 'authlog'); include($config['html_dir']."/includes/authenticate.inc.php"); }