/**
* In the case where a user is attempting to authenticate but doesn't exist.
* Check if the authentication provider supports auto-creation of users and
* whether the password matches.
*
* @param string $p_username A prepared username.
* @param string $p_password A prepared password.
* @return int|boolean user id or false in case of failure.
* @access private
*/
function auth_auto_create_user($p_username, $p_password)
{
$t_login_method = config_get('login_method');
if ($t_login_method == BASIC_AUTH) {
$t_auto_create = true;
} else {
if ($t_login_method == LDAP && ldap_authenticate_by_username($p_username, $p_password)) {
$t_auto_create = true;
} else {
$t_auto_create = false;
}
}
if ($t_auto_create) {
# attempt to create the user
$t_cookie_string = user_create($p_username, md5($p_password));
if ($t_cookie_string === false) {
# it didn't work
return false;
}
# ok, we created the user, get the row again
return user_get_id_by_name($p_username);
}
return false;
}
/**
* Attempt to login the user with the given password
* If the user fails validation, false is returned
* If the user passes validation, the cookies are set and
* true is returned. If $p_perm_login is true, the long-term
* cookie is created.
* @param string $p_username a prepared username
* @param string $p_password a prepared password
* @param bool $p_perm_login whether to create a long-term cookie
* @return bool indicates if authentication was successful
* @access public
*/
function auth_attempt_login($p_username, $p_password, $p_perm_login = false)
{
$t_user_id = user_get_id_by_name($p_username);
$t_login_method = config_get('login_method');
if (false === $t_user_id) {
if (BASIC_AUTH == $t_login_method) {
$t_auto_create = true;
} else {
if (LDAP == $t_login_method && ldap_authenticate_by_username($p_username, $p_password)) {
$t_auto_create = true;
} else {
$t_auto_create = false;
}
}
if ($t_auto_create) {
# attempt to create the user
$t_cookie_string = user_create($p_username, md5($p_password));
if (false === $t_cookie_string) {
# it didn't work
return false;
}
# ok, we created the user, get the row again
$t_user_id = user_get_id_by_name($p_username);
if (false === $t_user_id) {
# uh oh, something must be really wrong
# @@@ trigger an error here?
return false;
}
} else {
return false;
}
}
# check for disabled account
if (!user_is_enabled($t_user_id)) {
return false;
}
# max. failed login attempts achieved...
if (!user_is_login_request_allowed($t_user_id)) {
return false;
}
# check for anonymous login
if (!user_is_anonymous($t_user_id)) {
# anonymous login didn't work, so check the password
if (!auth_does_password_match($t_user_id, $p_password)) {
user_increment_failed_login_count($t_user_id);
return false;
}
}
# ok, we're good to login now
# increment login count
user_increment_login_count($t_user_id);
user_reset_failed_login_count_to_zero($t_user_id);
user_reset_lost_password_in_progress_count_to_zero($t_user_id);
# set the cookies
auth_set_cookies($t_user_id, $p_perm_login);
auth_set_tokens($t_user_id);
return true;
}
/**
* Attempt to authenticate the user against the LDAP directory
* return true on successful authentication, false otherwise
* @param int $p_user_id
* @param string $p_password
* @return bool
*/
function ldap_authenticate($p_user_id, $p_password)
{
# if password is empty and ldap allows anonymous login, then
# the user will be able to login, hence, we need to check
# for this special case.
if (is_blank($p_password)) {
return false;
}
$t_username = user_get_field($p_user_id, 'username');
return ldap_authenticate_by_username($t_username, $p_password);
}
