/**
* authorization function verifies login & password and set user session data
* return map
*
* we need an option to skip existent session block, in order to use
* feature that requires login when session has expired and user has some data
* not saved. (ajaxlogin on login.php page)
*/
function doAuthorize(&$db, $login, $pwd, $options = null)
{
global $g_tlLogger;
$result = array('status' => tl::ERROR, 'msg' => null);
$_SESSION['locale'] = TL_DEFAULT_LOCALE;
$my['options'] = array('doSessionExistsCheck' => true);
$my['options'] = array_merge($my['options'], (array) $options);
$doLogin = false;
if (!is_null($pwd) && !is_null($login)) {
$user = new tlUser();
$user->login = $login;
$login_exists = $user->readFromDB($db, tlUser::USER_O_SEARCH_BYLOGIN) >= tl::OK;
if ($login_exists) {
$password_check = auth_does_password_match($user, $pwd);
if (!$password_check->status_ok) {
$result = array('status' => tl::ERROR, 'msg' => null);
}
$doLogin = $password_check->status_ok && $user->isActive;
if (!$doLogin) {
logAuditEvent(TLS("audit_login_failed", $login, $_SERVER['REMOTE_ADDR']), "LOGIN_FAILED", $user->dbID, "users");
}
} else {
$authCfg = config_get('authentication');
if ($authCfg['ldap_automatic_user_creation']) {
$user->authentication = 'LDAP';
// force for auth_does_password_match
$check = auth_does_password_match($user, $pwd);
if ($check->status_ok) {
$user = new tlUser();
$user->login = $login;
$user->authentication = 'LDAP';
$user->isActive = true;
$user->setPassword($pwd);
// write password on DB anyway
$user->emailAddress = ldap_get_field_from_username($user->login, strtolower($authCfg['ldap_email_field']));
$user->firstName = ldap_get_field_from_username($user->login, strtolower($authCfg['ldap_firstname_field']));
$user->lastName = ldap_get_field_from_username($user->login, strtolower($authCfg['ldap_surname_field']));
$user->firstName = is_null($user->firstName) || strlen($user->firstName) == 0 ? $login : $user->firstName;
$user->lastName = is_null($user->lastName) || strlen($user->lastName) == 0 ? $login : $user->lastName;
$doLogin = $user->writeToDB($db) == tl::OK;
}
}
}
}
if ($doLogin) {
// After some tests (I'm very tired), seems that re-reading is best option
$user = new tlUser();
$user->login = $login;
$user->readFromDB($db, tlUser::USER_O_SEARCH_BYLOGIN);
// Need to do set COOKIE following Mantis model
$auth_cookie_name = config_get('auth_cookie');
$expireOnBrowserClose = false;
setcookie($auth_cookie_name, $user->getSecurityCookie(), $expireOnBrowserClose, '/');
// Disallow two sessions within one browser
if ($my['options']['doSessionExistsCheck'] && isset($_SESSION['currentUser']) && !is_null($_SESSION['currentUser'])) {
$result['msg'] = lang_get('login_msg_session_exists1') . ' <a style="color:white;" href="logout.php">' . lang_get('logout_link') . '</a>' . lang_get('login_msg_session_exists2');
} else {
// Setting user's session information
$_SESSION['currentUser'] = $user;
$_SESSION['lastActivity'] = time();
$g_tlLogger->endTransaction();
$g_tlLogger->startTransaction();
setUserSession($db, $user->login, $user->dbID, $user->globalRoleID, $user->emailAddress, $user->locale, null);
$result['status'] = tl::OK;
}
}
return $result;
}
/**
* Gets a user real name given their user name.
*
* @param string $p_username The user's name.
* @return string The user's real name.
*/
function ldap_realname_from_username($p_username)
{
if (ldap_simulation_is_enabled()) {
return ldap_simulatiom_realname_from_username($p_username);
}
$t_ldap_realname_field = config_get('ldap_realname_field');
$t_realname = ldap_get_field_from_username($p_username, $t_ldap_realname_field);
if ($t_realname === null) {
return '';
}
return $t_realname;
}
