/** * In the case where a user is attempting to authenticate but doesn't exist. * Check if the authentication provider supports auto-creation of users and * whether the password matches. * * @param string $p_username A prepared username. * @param string $p_password A prepared password. * @return int|boolean user id or false in case of failure. * @access private */ function auth_auto_create_user($p_username, $p_password) { $t_login_method = config_get('login_method'); if ($t_login_method == BASIC_AUTH) { $t_auto_create = true; } else { if ($t_login_method == LDAP && ldap_authenticate_by_username($p_username, $p_password)) { $t_auto_create = true; } else { $t_auto_create = false; } } if ($t_auto_create) { # attempt to create the user $t_cookie_string = user_create($p_username, md5($p_password)); if ($t_cookie_string === false) { # it didn't work return false; } # ok, we created the user, get the row again return user_get_id_by_name($p_username); } return false; }
/** * Attempt to login the user with the given password * If the user fails validation, false is returned * If the user passes validation, the cookies are set and * true is returned. If $p_perm_login is true, the long-term * cookie is created. * @param string $p_username a prepared username * @param string $p_password a prepared password * @param bool $p_perm_login whether to create a long-term cookie * @return bool indicates if authentication was successful * @access public */ function auth_attempt_login($p_username, $p_password, $p_perm_login = false) { $t_user_id = user_get_id_by_name($p_username); $t_login_method = config_get('login_method'); if (false === $t_user_id) { if (BASIC_AUTH == $t_login_method) { $t_auto_create = true; } else { if (LDAP == $t_login_method && ldap_authenticate_by_username($p_username, $p_password)) { $t_auto_create = true; } else { $t_auto_create = false; } } if ($t_auto_create) { # attempt to create the user $t_cookie_string = user_create($p_username, md5($p_password)); if (false === $t_cookie_string) { # it didn't work return false; } # ok, we created the user, get the row again $t_user_id = user_get_id_by_name($p_username); if (false === $t_user_id) { # uh oh, something must be really wrong # @@@ trigger an error here? return false; } } else { return false; } } # check for disabled account if (!user_is_enabled($t_user_id)) { return false; } # max. failed login attempts achieved... if (!user_is_login_request_allowed($t_user_id)) { return false; } # check for anonymous login if (!user_is_anonymous($t_user_id)) { # anonymous login didn't work, so check the password if (!auth_does_password_match($t_user_id, $p_password)) { user_increment_failed_login_count($t_user_id); return false; } } # ok, we're good to login now # increment login count user_increment_login_count($t_user_id); user_reset_failed_login_count_to_zero($t_user_id); user_reset_lost_password_in_progress_count_to_zero($t_user_id); # set the cookies auth_set_cookies($t_user_id, $p_perm_login); auth_set_tokens($t_user_id); return true; }
/** * Attempt to authenticate the user against the LDAP directory * return true on successful authentication, false otherwise * @param int $p_user_id * @param string $p_password * @return bool */ function ldap_authenticate($p_user_id, $p_password) { # if password is empty and ldap allows anonymous login, then # the user will be able to login, hence, we need to check # for this special case. if (is_blank($p_password)) { return false; } $t_username = user_get_field($p_user_id, 'username'); return ldap_authenticate_by_username($t_username, $p_password); }