public static function checkCredentials($username, $password, &$error)
{
$validCreds = false;
$error = null;
// anonymous is not a real user
if ($username == 'anonymous') {
$error = 'invalid username';
return null;
}
$criteria = new Criteria();
$criteria->add(QubitUser::EMAIL, $username);
$user = QubitUser::getOne($criteria);
// user account exists?
if ($user !== null) {
// password is OK?
if (sha1($user->getSalt() . $password) == $user->getSha1Password()) {
$validCreds = true;
} else {
$error = 'invalid password';
}
} else {
$error = 'invalid username';
}
return $validCreds ? $user : null;
}
/**
* Performs the actual authentication, calling parent if web request's data is missing
*
* @param string $usermail the mail address of the user to authenticate (entered or from Shibboleth)
* @param string $password the password entered into the login form, empty in case of Shibboleth
* @param sfWebRequest $request the current web request
*
*/
public function authenticate($usermail, $password, $request = NULL)
{
$authenticated = false;
// if Shibboleth Data is missing, hand back to default auth
if (NULL === $request) {
$authenticated = parent::authenticate($usermail, $password);
// Load user
$criteria = new Criteria();
$criteria->add(QubitUser::EMAIL, $usermail);
$user = QubitUser::getOne($criteria);
} else {
$params = $request->getPathInfoArray();
if (strlen($params['Shib-Session-Index']) >= 8) {
$authenticated = true;
// Load user using username or, if one doesn't exist, create it
$criteria = new Criteria();
$criteria->add(QubitUser::EMAIL, $usermail);
if (null === ($user = QubitUser::getOne($criteria))) {
$user = $this->createUserFromShibInfo($request);
}
$this->updateUserFromShibInfo($request, $user);
} else {
return false;
}
}
// Sign in user if authentication was successful
if ($authenticated) {
$this->signIn($user);
}
return $authenticated;
}
