/**
 * Generate password and pin hash value for a given username
 * @param $username -- targeted string username
 */
function generatePasswordPin($username, $dbHandle, $site_prefix)
{
    global $log;
    $log->debug("generatePasswordPin for user: "******" site prefix " . $site_prefix);
    $userLayout = "[WEB] Login";
    $commit = false;
    $searchHandle = $dbHandle->newFindCommand($userLayout);
    $searchHandle->addFindCriterion('User_Name_ct', "==" . $username);
    $loginResult = $searchHandle->execute();
    $log->debug("Now connect to layout: " . $userLayout . " for user: "******"Authentication Failure";
        $log->error("FileMaker loginResult - generatePasswordPin() - Login Error: " . $loginResult->getMessage() . " Error String: " . $loginResult->getErrorString() . " username " . $username);
        header("location: " . $site_prefix . "login.php?error=" . $error);
        exit;
    }
    $log->debug("Connected and finished searching for user: "******"Contact System Adminstrator";
        $log->error("FoundSetCount - generatePasswordPin() - More than 1 username Error: " . $loginResult->getMessage() . " username " . $username);
        header("location: " . $site_prefix . "login.php?error=" . $error);
        exit;
    }
    $loginRecord = $loginResult->getFirstRecord();
    $rawPassword = $loginRecord->getField('User_Password_t');
    $rawPin = $loginRecord->getField('User_Pin_t');
    if (empty($rawPassword) && empty($rawPin)) {
        $error = "Missing Required Data";
        $log->error("No Password and Pin - generatePasswordPin() - Encryption Check Error: " . $loginResult->getMessage() . " username " . $username);
        header("location: " . $site_prefix . "login.php?error=" . $error);
        exit;
    }
    if (!empty($rawPassword)) {
        $userPasswordHash = $loginRecord->getField('User_Password_Hash_t');
        if (empty($userPasswordHash)) {
            $loginRecord->setField('User_Password_Hash_t', encryptPassowrdKey($rawPassword));
            $commit = true;
        }
    }
    if (!empty($rawPin)) {
        $userPinHash = $loginRecord->getField('User_Pin_Hash_t');
        if (empty($userPinHash)) {
            $loginRecord->setField('User_Pin_Hash_t', encryptPassowrdKey($rawPin));
            $commit = true;
        }
    }
    if ($commit) {
        $loginRecordResult = $loginRecord->commit();
        if (FileMaker::isError($loginRecordResult)) {
            $error = "loginRecordResult - generatePasswordPin() - failed to write record to database with message: " . $loginRecordResult->getMessage() . " username " . $username;
            $log->error($error);
            die($error);
        }
    }
}
Exemple #2
0
/**
 * Pure FileMaker login function to authenticate user with login form and FileMaker
 * @param $dbHandle -- FileMaker DB connection handle
 * @param $post -- $_POST[] array
 * @param $site_prefix -- Site prefix to include port type SSL or 80
 */
function authenticateFMOnly($dbHandle, $post, $site_prefix)
{
    global $log, $bypassPassword;
    $loginLayout = '[WEB] Login';
    $log->debug("Now entering FileMaker Authentication processing");
    $ePassword = encryptPassowrdKey($post['password']);
    $searchHandle = $dbHandle->newFindCommand($loginLayout);
    $searchHandle->addFindCriterion('User_Name_ct', "==" . $post['username']);
    $loginResult = $searchHandle->execute();
    if (FileMaker::isError($loginResult)) {
        $error = "Authentication Failure";
        $log->error("authenticateFMOnly - Login Error: " . $loginResult->getMessage() . " username " . $post['username']);
        header("location: " . $site_prefix . "login.php?error=" . $error);
        exit;
    }
    //More than one user record with the same username value is a serious error
    //TODO: redirect this error to the access error page as this is not something the user can correct on their own
    if ($loginResult->getFoundSetCount() > 1) {
        $error = "Contact System Adminstrator";
        $log->error("authenticateFMOnly - More than 1 username Error: " . $error . " username: "******"location: " . $site_prefix . "login.php?error=" . $error);
        exit;
    }
    $userRecord = $loginResult->getFirstRecord();
    $log->debug("Now have user record check if Pin or password matches");
    //TODO revisit this once the LDAP issuer is resolved at FOX this is temporary to bypass the validation
    //TODO the bypass flag should be removed once the LDAP is resolved
    if ($bypassPassword || isPasswordPinMatch($userRecord->getField('User_Password_Hash_t'), $ePassword) || isPasswordPinMatch($userRecord->getField('User_Pin_Hash_t'), $ePassword)) {
        $log->debug("Now call session creation for FM full authentication");
        setSessionData($userRecord, $site_prefix);
    } else {
        $error = "Authentication Failure";
        $log->info("loginProcessing.php - processLogin() - Last Check Authentication Error: " . $error . " username: "******"location: " . $site_prefix . "login.php?error=" . $error);
        exit;
    }
}