/** * process_user_login accepts $login and $pass and handles it according to current authentication scheme * * @param string $login * @param string $pass * * @return mixed False in case of error or invalid credentials, the username in case it's correct. */ function process_user_login($login, $pass) { if (!ldap_valid_login($login, $pass)) { return false; } global $config; $profile = get_db_value("id_usuario", "tusuario_perfil", "id_usuario", $login); if ($profile === false && empty($config["auth_methods"]["create_user_undefined"])) { $config["auth_error"] = "No profile"; //Error message, don't translate return false; //User doesn't have a profile so doesn't have access } elseif ($profile === false && !empty($config["auth_methods"]["create_user_undefined"])) { $ret = profile_create_user_profile($login); //User doesn't have a profile but we are asked to create one if ($ret === false) { $config["auth_error"] = "Profile creation failed"; //Error message, don't translate return false; //We couldn't create the profile for some or another reason } } return $login; }
/** * process_user_login accepts $login and $pass and handles it according to current authentication scheme * * @param string $login * @param string $pass * * @return mixed False in case of error or invalid credentials, the username in case it's correct. */ function process_user_login($login, $pass) { global $config, $mysql_cache; include_once $config['homedir'] . "/include/functions_profile.php"; // Always authenticate admins against the local database if (strtolower($config["auth_methods"]) == 'mysql' || dame_admin($login)) { $sql = sprintf("SELECT `id_usuario`, `password` FROM `tusuario` WHERE `disabled` = 0 AND `id_usuario` = '%s' AND `enable_login` = 1", $login); $row = get_db_row_sql($sql); //Check that row exists, that password is not empty and that password is the same hash if ($row !== false && $row["password"] !== md5("") && $row["password"] == md5($pass)) { // Login OK // Nick could be uppercase or lowercase (select in MySQL // is not case sensitive) // We get DB nick to put in PHP Session variable, // to avoid problems with case-sensitive usernames. // Thanks to David Muñiz for Bug discovery :) return $row["id_usuario"]; } else { $mysql_cache["auth_error"] = "User not found in database or incorrect password"; } return false; // Remote authentication } else { switch ($config["auth_methods"]) { // LDAP case 'ldap': $sql = sprintf("SELECT `disabled` FROM `tusuario` WHERE `id_usuario` = '%s'", $login); $disabled = get_db_sql($sql); // Check if user is disabled if ($disabled == 1) { $config["auth_error"] = "User not found in database or incorrect password"; return false; } if (ldap_process_user_login($login, $pass) === false) { $config["auth_error"] = "User not found in database or incorrect password"; return false; } break; // Active Directory // Active Directory case 'ad': if (enterprise_hook('ad_process_user_login', array($login, $pass)) === false) { return false; } break; // Remote Pandora FMS /* case 'pandora': break; // Remote Babel Enterprise case 'babel': break; // Remote Integria case 'integria': break; */ // Unknown authentication method // Remote Pandora FMS /* case 'pandora': break; // Remote Babel Enterprise case 'babel': break; // Remote Integria case 'integria': break; */ // Unknown authentication method default: $config["auth_error"] = "User not found in database or incorrect password"; return false; } // Authentication ok, check if the user exists in the local database if (is_user($login)) { return $login; } // The user does not exist and can not be created if ($config['autocreate_remote_users'] == 0 || is_user_blacklisted($login)) { $config["auth_error"] = "Ooops User not found in database or incorrect password"; return false; } // Create the user in the local database if (create_user($login, $pass, array('nombre_real' => $login, 'comentarios' => 'Imported from ' . $config['auth_methods'])) === false) { $config["auth_error"] = "User not found in database or incorrect password"; return false; } profile_create_user_profile($login, $config['default_remote_profile'], $config['default_remote_group']); return $login; } return false; }