/** * Hook into the PAM system which accepts a username and password and attempts to authenticate * it against a known user. * * @param array $credentials Associated array of credentials passed to pam_authenticate. This function expects * 'username' and 'password' (cleartext). */ function pam_auth_userpass($credentials = NULL) { $max_in_period = 3; // max 3 login attempts in $period_length = 5; // 5 minutes $periods = array(); if (is_array($credentials) && $credentials['username'] && $credentials['password']) { //$dbpassword = md5($credentials['password']); if ($user = get_user_by_username($credentials['username'])) { // Let admins log in without validating their email, but normal users must have validated their email or been admin created if (!$user->admin && !$user->validated && !$user->admin_created) { return false; } // User has been banned, so bin them. if ($user->isBanned()) { return false; } if ($user->password == generate_user_password($user, $credentials['password'])) { return true; } else { // Password failed, log. log_login_failure($user->guid); } } } return false; }
/** * Hook into the PAM system which accepts a username and password and attempts to authenticate * it against a known user. * * @param array $credentials Associated array of credentials passed to * Elgg's PAM system. This function expects * 'username' and 'password' (cleartext). * * @return bool * @throws LoginException * @access private */ function pam_auth_userpass(array $credentials = array()) { if (!isset($credentials['username']) || !isset($credentials['password'])) { return false; } $user = get_user_by_username($credentials['username']); if (!$user) { throw new \LoginException(_elgg_services()->translator->translate('LoginException:UsernameFailure')); } if (check_rate_limit_exceeded($user->guid)) { throw new \LoginException(_elgg_services()->translator->translate('LoginException:AccountLocked')); } $password_svc = _elgg_services()->passwords; $password = $credentials['password']; $hash = $user->password_hash; if (!$hash) { // try legacy hash $legacy_hash = $password_svc->generateLegacyHash($user, $password); if ($user->password !== $legacy_hash) { log_login_failure($user->guid); throw new \LoginException(_elgg_services()->translator->translate('LoginException:PasswordFailure')); } // migrate password $password_svc->forcePasswordReset($user, $password); return true; } if (!$password_svc->verify($password, $hash)) { log_login_failure($user->guid); throw new \LoginException(_elgg_services()->translator->translate('LoginException:PasswordFailure')); } if ($password_svc->needsRehash($hash)) { $password_svc->forcePasswordReset($user, $password); } return true; }
/** * Hook into the PAM system which accepts a username and password and attempts to authenticate * it against a known user. * * @param array $credentials Associated array of credentials passed to * Elgg's PAM system. This function expects * 'username' and 'password' (cleartext). * * @return bool * @throws LoginException * @access private */ function pam_auth_userpass(array $credentials = array()) { if (!isset($credentials['username']) || !isset($credentials['password'])) { return false; } $user = get_user_by_username($credentials['username']); if (!$user) { throw new LoginException(elgg_echo('LoginException:UsernameFailure')); } if (check_rate_limit_exceeded($user->guid)) { throw new LoginException(elgg_echo('LoginException:AccountLocked')); } if ($user->password !== generate_user_password($user, $credentials['password'])) { log_login_failure($user->guid); throw new LoginException(elgg_echo('LoginException:PasswordFailure')); } return true; }
/** * Hook into the PAM system which accepts a username and password and attempts to authenticate * it against a known user. * * @param array $credentials Associated array of credentials passed to pam_authenticate. This function expects * 'username' and 'password' (cleartext). */ function pam_auth_userpass($credentials = NULL) { if (is_array($credentials) && $credentials['username'] && $credentials['password']) { if ($user = get_user_by_username($credentials['username'])) { // Let admins log in without validating their email, but normal users must have validated their email or been admin created if (!$user->admin && !$user->validated && !$user->admin_created) { return false; } // User has been banned, so prevent from logging in if ($user->isBanned()) { return false; } if ($user->password == generate_user_password($user, $credentials['password'])) { return true; } else { // Password failed, log. log_login_failure($user->guid); } } } return false; }