public static function checkCredentials($username, $password, &$error) { $validCreds = false; $error = null; // anonymous is not a real user if ($username == 'anonymous') { $error = 'invalid username'; return null; } $criteria = new Criteria(); $criteria->add(QubitUser::EMAIL, $username); $user = QubitUser::getOne($criteria); // user account exists? if ($user !== null) { // password is OK? if (sha1($user->getSalt() . $password) == $user->getSha1Password()) { $validCreds = true; } else { $error = 'invalid password'; } } else { $error = 'invalid username'; } return $validCreds ? $user : null; }
/** * Performs the actual authentication, calling parent if web request's data is missing * * @param string $usermail the mail address of the user to authenticate (entered or from Shibboleth) * @param string $password the password entered into the login form, empty in case of Shibboleth * @param sfWebRequest $request the current web request * */ public function authenticate($usermail, $password, $request = NULL) { $authenticated = false; // if Shibboleth Data is missing, hand back to default auth if (NULL === $request) { $authenticated = parent::authenticate($usermail, $password); // Load user $criteria = new Criteria(); $criteria->add(QubitUser::EMAIL, $usermail); $user = QubitUser::getOne($criteria); } else { $params = $request->getPathInfoArray(); if (strlen($params['Shib-Session-Index']) >= 8) { $authenticated = true; // Load user using username or, if one doesn't exist, create it $criteria = new Criteria(); $criteria->add(QubitUser::EMAIL, $usermail); if (null === ($user = QubitUser::getOne($criteria))) { $user = $this->createUserFromShibInfo($request); } $this->updateUserFromShibInfo($request, $user); } else { return false; } } // Sign in user if authentication was successful if ($authenticated) { $this->signIn($user); } return $authenticated; }