/** * Attempt to login the user with the given password * If the user fails validation, false is returned * If the user passes validation, the cookies are set and * true is returned. If $p_perm_login is true, the long-term * cookie is created. * @param string $p_username a prepared username * @param string $p_password a prepared password * @param bool $p_perm_login whether to create a long-term cookie * @return bool indicates if authentication was successful * @access public */ function auth_attempt_login($p_username, $p_password, $p_perm_login = false) { $t_user_id = user_get_id_by_name($p_username); $t_login_method = config_get('login_method'); if (false === $t_user_id) { if (BASIC_AUTH == $t_login_method) { $t_auto_create = true; } else { if (LDAP == $t_login_method && ldap_authenticate_by_username($p_username, $p_password)) { $t_auto_create = true; } else { $t_auto_create = false; } } if ($t_auto_create) { # attempt to create the user $t_cookie_string = user_create($p_username, md5($p_password)); if (false === $t_cookie_string) { # it didn't work return false; } # ok, we created the user, get the row again $t_user_id = user_get_id_by_name($p_username); if (false === $t_user_id) { # uh oh, something must be really wrong # @@@ trigger an error here? return false; } } else { return false; } } # check for disabled account if (!user_is_enabled($t_user_id)) { return false; } # max. failed login attempts achieved... if (!user_is_login_request_allowed($t_user_id)) { return false; } # check for anonymous login if (!user_is_anonymous($t_user_id)) { # anonymous login didn't work, so check the password if (!auth_does_password_match($t_user_id, $p_password)) { user_increment_failed_login_count($t_user_id); return false; } } # ok, we're good to login now # increment login count user_increment_login_count($t_user_id); user_reset_failed_login_count_to_zero($t_user_id); user_reset_lost_password_in_progress_count_to_zero($t_user_id); # set the cookies auth_set_cookies($t_user_id, $p_perm_login); auth_set_tokens($t_user_id); return true; }
if (isset($_SESSION['access_token']) && $_SESSION['access_token']) { $client->setAccessToken($_SESSION['access_token']); } if ($client->getAccessToken()) { $userData = $objOAuthService->userinfo->get(); $data['userData'] = $userData; $_SESSION['access_token'] = $client->getAccessToken(); } $user_id = user_get_id_by_email($userData->email); # check for disabled account if (!user_is_enabled($user_id)) { echo "<p>Your email didn't to registration on this web site. Please register new account first. "; return false; } # max. failed login attempts achieved... if (!user_is_login_request_allowed($user_id)) { echo "<p>Your email didn't to registration on this web site. Please register new account first. "; return false; } # check for anonymous login if (user_is_anonymous($user_id)) { echo "<p>Your email didn't to registration on this web site. Please register new account first. "; return false; } user_increment_login_count($user_id); user_reset_failed_login_count_to_zero($user_id); user_reset_lost_password_in_progress_count_to_zero($user_id); # set the cookies auth_set_cookies($user_id, false); auth_set_tokens($user_id); print_header_redirect('../../../my_view_page.php');
/** * Attempt to login the user with the given password * If the user fails validation, false is returned * If the user passes validation, the cookies are set and * true is returned. If $p_perm_login is true, the long-term * cookie is created. * @param string $p_username A prepared username. * @param string $p_password A prepared password. * @param boolean $p_perm_login Whether to create a long-term cookie. * @return boolean indicates if authentication was successful * @access public */ function auth_attempt_login($p_username, $p_password, $p_perm_login = false) { $t_user_id = auth_get_user_id_from_login_name($p_username); if ($t_user_id === false) { $t_user_id = auth_auto_create_user($p_username, $p_password); if ($t_user_id === false) { return false; } } # check for disabled account if (!user_is_enabled($t_user_id)) { return false; } # max. failed login attempts achieved... if (!user_is_login_request_allowed($t_user_id)) { return false; } # check for anonymous login if (!user_is_anonymous($t_user_id)) { # anonymous login didn't work, so check the password if (!auth_does_password_match($t_user_id, $p_password)) { user_increment_failed_login_count($t_user_id); return false; } } # ok, we're good to login now # increment login count user_increment_login_count($t_user_id); user_reset_failed_login_count_to_zero($t_user_id); user_reset_lost_password_in_progress_count_to_zero($t_user_id); # set the cookies auth_set_cookies($t_user_id, $p_perm_login); auth_set_tokens($t_user_id); return true; }