public static function ldapAuthenticate(User $user, $password, PropelPDO $con = null) { $account = $user->getAccount($con); if ($account === null) { throw new Exception('Could not determine account of user #' . $user->getId() . ' "' . $user->getName . '".'); } $ldapSettings = PropertyPeer::getAll($account, null, null, array(self::LDAP_SETTING_HOST, self::LDAP_SETTING_LOGIN_NAME, self::LDAP_SETTING_OPTIONS, self::LDAP_SETTING_PORT), $con); if (!isset($ldapSettings[self::LDAP_SETTING_HOST], $ldapSettings[self::LDAP_SETTING_LOGIN_NAME])) { return false; } $ldapLoginName = KeyReplace::replace($ldapSettings[self::LDAP_SETTING_LOGIN_NAME], array('user' => $user->getName(), 'account' => $account->getIdentifier())); if ((string) $password === '') { return false; } //throw new Exception('Password must not be empty for LDAP authentication.'); try { new LDAP($ldapSettings[self::LDAP_SETTING_HOST], $ldapLoginName, $password, (isset($ldapSettings[self::LDAP_SETTING_OPTIONS]) and is_array($ldapSettings[self::LDAP_SETTING_OPTIONS])) ? $ldapSettings[self::LDAP_SETTING_OPTIONS] : array(), isset($ldapSettings[self::LDAP_SETTING_PORT]) ? $ldapSettings[self::LDAP_SETTING_PORT] : null); return true; } catch (Exception $e) { return false; } }
/** * Checks whether the clocking's start and end dates are within the time limit. * Throws an exception if the time limit is exceeded. * * @return void * @see pastGraceTimeExceeded() */ private function validateTimeLimits(Account $account, User $authUser, Clocking $clocking, PropelPDO $con = null) { $type = $clocking->getClockingType($con); if ($type === null) { throw new Exception('Could not get clocking type with ID #' . $clocking->getTypeId() . ' for clocking #' . $clocking->getId() . '.'); } // Check time limit in seconds $propertyName = KeyReplace::replace(self::PROPERTY_CLOCKING_TIME_LIMIT, array('type' => $type->getIdentifier())); $domain = $authUser->getDomain($con); $lastChanged = $clocking->getLastChanged('U'); $end = $clocking->getEnd('U'); // Check clocking-type-specific limit first, fall back to default $editTimeLimit = PropertyPeer::get($propertyName, $account, $domain, $authUser, $con); if ($editTimeLimit === null) { $editTimeLimit = PropertyPeer::get(self::PROPERTY_CLOCKING_TIME_LIMIT_DEFAULT, $account, $domain, $authUser, $con); } $errorData = array('changed' => $lastChanged, 'end' => $end, 'limit' => $editTimeLimit); if ($editTimeLimit !== null and !is_numeric($editTimeLimit)) { throw new APIException(self::ERROR_TIME_LIMIT, 'Invalid non-numeric value ' . json_encode($editTimeLimit) . ' encountered for property "' . $propertyName . '".', $errorData); } $minTimeAllowed = time() - $editTimeLimit; $result = ((double) $end > $minTimeAllowed and ($clocking->isNew() or (double) $lastChanged > $minTimeAllowed)); if ($result) { return; } throw new APIException(self::ERROR_TIME_LIMIT, 'Clocking cannot be edited any more after ' . round($editTimeLimit / 3600.0, 2) . ' hours.', $errorData); }