/* Create the new user */ $GLOBALS['user'] = User::get_from_username($_SESSION['userdata']['username']); /* If the user ID doesn't exist deny them */ if (!$GLOBALS['user']->id && !AmpConfig::get('demo_mode')) { Auth::logout(session_id()); exit; } /* Load preferences and theme */ $GLOBALS['user']->update_last_seen(); } elseif (!AmpConfig::get('use_auth')) { $auth['success'] = 1; $auth['username'] = '******'; $auth['fullname'] = "Ampache User"; $auth['id'] = -1; $auth['offset_limit'] = 50; $auth['access'] = AmpConfig::get('default_auth_level') ? User::access_name_to_level(AmpConfig::get('default_auth_level')) : '100'; if (!Session::exists('interface', $_COOKIE[AmpConfig::get('session_name')])) { Session::create_cookie(); Session::create($auth); Session::check(); $GLOBALS['user'] = new User($auth['username']); $GLOBALS['user']->username = $auth['username']; $GLOBALS['user']->fullname = $auth['fullname']; $GLOBALS['user']->access = $auth['access']; } else { Session::check(); if ($_SESSION['userdata']['username']) { $GLOBALS['user'] = User::get_from_username($_SESSION['userdata']['username']); } else { $GLOBALS['user'] = new User($auth['username']); $GLOBALS['user']->id = '-1';
$auth['success'] = false; Error::add('general', T_('User Disabled please contact Admin')); debug_event('Login', scrub_out($username) . ' is disabled and attempted to login', '1'); } elseif (AmpConfig::get('prevent_multiple_logins')) { $session_ip = $user->is_logged_in(); $current_ip = inet_pton($_SERVER['REMOTE_ADDR']); if ($current_ip && $current_ip != $session_ip) { $auth['success'] = false; Error::add('general', T_('User Already Logged in')); debug_event('Login', scrub_out($username) . ' is already logged in from ' . $session_ip . ' and attempted to login from ' . $current_ip, '1'); } // if logged in multiple times } elseif (AmpConfig::get('auto_create') && $auth['success'] && !$user->username) { /* This is run if we want to autocreate users who don't exist (useful for non-mysql auth) */ $access = AmpConfig::get('auto_user') ? User::access_name_to_level(AmpConfig::get('auto_user')) : '5'; $name = $auth['name']; $email = $auth['email']; $website = $auth['website']; /* Attempt to create the user */ if (User::create($username, $name, $email, $website, hash('sha256', mt_rand()), $access)) { $user = User::get_from_username($username); } else { $auth['success'] = false; Error::add('general', T_('Unable to create local account')); } } // End if auto_create // This allows stealing passwords validated by external means // such as LDAP if (AmpConfig::get('auth_password_save') && $auth['success'] && isset($password)) {