Esempio n. 1
0
/**
 * Check for whether a login and pass match uname/active_email and hash, respectively.
 *
 * @return Array|boolean
 */
function authenticate($dirty_login, $p_pass, $limit_login_attempts = true)
{
    $login = strtolower(sanitize_to_text((string) $dirty_login));
    $recent_login_failure = false;
    $pass = (string) $p_pass;
    if ($limit_login_attempts) {
        $recent_login_failure = last_login_failure_was_recent(potential_account_id_from_login_username($login));
    }
    if ($login != '' && $pass != '' && !$recent_login_failure) {
        // Allow login via username or email.
        // Pull the account data regardless of whether the password matches, but create an int about whether it does match or not.
        // matches login string against active_email or username.
        $sql = "SELECT account_id, account_identity, uname, player_id, accounts.confirmed as confirmed,\n\t\t    CASE WHEN phash = crypt(:pass, phash) THEN 1 ELSE 0 END AS authenticated,\n\t\t    CASE WHEN accounts.operational THEN 1 ELSE 0 END AS operational\n\t\t\tFROM accounts\n\t\t\tJOIN account_players ON account_id = _account_id\n\t\t\tJOIN players ON player_id = _player_id\n\t\t\tWHERE (active_email = :login\n\t\t\t\t\tOR lower(uname) = :login)";
        $result = query($sql, [':login' => $login, ':pass' => $pass]);
        if ($result->rowCount() < 1) {
            // *** No record was found, user does not exist ***
            update_last_login_failure(potential_account_id_from_login_username($login));
            return false;
        } else {
            if ($result->rowCount() > 1) {
                // Just for later reference, check for duplicate usernames via:
                //select array_accum(uname), count(*) from players group by lower(trim(uname)) having count(*) > 1;
                error_log('Case-insensitive duplicate username found: ' . $login);
            }
            return $result->fetch();
            // Success, return results.
        }
    } else {
        // Update the last login failure timestamp.
        update_last_login_failure(potential_account_id_from_login_username($login));
        return false;
    }
}
Esempio n. 2
0
 public function testSanitizeToText()
 {
     $clean = 'abcdeghijklmnopqrstuvwxyz';
     $dirty = 'abcdegh*ijklmnopqrstuvwxyz';
     $this->assertEquals($clean, sanitize_to_text($clean));
     $this->assertNotEquals($dirty, sanitize_to_text($dirty));
 }