コード例 #1
0
 function autologin()
 {
     if (auth_is_user_authenticated()) {
         return;
     }
     $t_login_method = config_get('login_method');
     if ($t_login_method != BASIC_AUTH) {
         trigger_error("Invalid login method. ({$t_login_method})", ERROR);
     }
     $t_user_id = user_get_id_by_name($_SERVER['REMOTE_USER']);
     if (!$t_user_id) {
         trigger_error('Invalid user.', ERROR);
     }
     user_increment_login_count($t_user_id);
     user_reset_failed_login_count_to_zero($t_user_id);
     user_reset_lost_password_in_progress_count_to_zero($t_user_id);
     auth_set_cookies($t_user_id, true);
     auth_set_tokens($t_user_id);
 }
コード例 #2
0
ファイル: verify.php プロジェクト: Tarendai/spring-website
 */
# don't auto-login when trying to verify new user
$g_login_anonymous = false;
/**
 * MantisBT Core API's
 */
require_once 'core.php';
# check if at least one way to get here is enabled
if (OFF == config_get('allow_signup') && OFF == config_get('lost_password_feature') && OFF == config_get('send_reset_password')) {
    trigger_error(ERROR_LOST_PASSWORD_NOT_ENABLED, ERROR);
}
$f_user_id = gpc_get_string('id');
$f_confirm_hash = gpc_get_string('confirm_hash');
# force logout on the current user if already authenticated
if (auth_is_user_authenticated()) {
    auth_logout();
    # reload the page after logout
    print_header_redirect("verify.php?id={$f_user_id}&confirm_hash={$f_confirm_hash}");
}
$t_calculated_confirm_hash = auth_generate_confirm_hash($f_user_id);
if ($f_confirm_hash != $t_calculated_confirm_hash) {
    trigger_error(ERROR_LOST_PASSWORD_CONFIRM_HASH_INVALID, ERROR);
}
# set a temporary cookie so the login information is passed between pages.
auth_set_cookies($f_user_id, false);
user_reset_failed_login_count_to_zero($f_user_id);
user_reset_lost_password_in_progress_count_to_zero($f_user_id);
# fake login so the user can set their password
auth_attempt_script_login(user_get_field($f_user_id, 'username'));
user_increment_login_count($f_user_id);
include dirname(__FILE__) . DIRECTORY_SEPARATOR . 'account_page.php';
コード例 #3
0
ファイル: authentication_api.php プロジェクト: kaos/mantisbt
/**
 * Attempt to login the user with the given password
 * If the user fails validation, false is returned
 * If the user passes validation, the cookies are set and
 * true is returned.  If $p_perm_login is true, the long-term
 * cookie is created.
 * @param string $p_username a prepared username
 * @param string $p_password a prepared password
 * @param bool $p_perm_login whether to create a long-term cookie
 * @return bool indicates if authentication was successful
 * @access public
 */
function auth_attempt_login($p_username, $p_password, $p_perm_login = false)
{
    $t_user_id = user_get_id_by_name($p_username);
    $t_login_method = config_get('login_method');
    if (false === $t_user_id) {
        if (BASIC_AUTH == $t_login_method) {
            $t_auto_create = true;
        } else {
            if (LDAP == $t_login_method && ldap_authenticate_by_username($p_username, $p_password)) {
                $t_auto_create = true;
            } else {
                $t_auto_create = false;
            }
        }
        if ($t_auto_create) {
            # attempt to create the user
            $t_cookie_string = user_create($p_username, md5($p_password));
            if (false === $t_cookie_string) {
                # it didn't work
                return false;
            }
            # ok, we created the user, get the row again
            $t_user_id = user_get_id_by_name($p_username);
            if (false === $t_user_id) {
                # uh oh, something must be really wrong
                # @@@ trigger an error here?
                return false;
            }
        } else {
            return false;
        }
    }
    # check for disabled account
    if (!user_is_enabled($t_user_id)) {
        return false;
    }
    # max. failed login attempts achieved...
    if (!user_is_login_request_allowed($t_user_id)) {
        return false;
    }
    # check for anonymous login
    if (!user_is_anonymous($t_user_id)) {
        # anonymous login didn't work, so check the password
        if (!auth_does_password_match($t_user_id, $p_password)) {
            user_increment_failed_login_count($t_user_id);
            return false;
        }
    }
    # ok, we're good to login now
    # increment login count
    user_increment_login_count($t_user_id);
    user_reset_failed_login_count_to_zero($t_user_id);
    user_reset_lost_password_in_progress_count_to_zero($t_user_id);
    # set the cookies
    auth_set_cookies($t_user_id, $p_perm_login);
    auth_set_tokens($t_user_id);
    return true;
}
コード例 #4
0
/**
 * Attempt to login the user with the given password
 * If the user fails validation, false is returned
 * If the user passes validation, the cookies are set and
 * true is returned.  If $p_perm_login is true, the long-term
 * cookie is created.
 * @param string  $p_username   A prepared username.
 * @param string  $p_password   A prepared password.
 * @param boolean $p_perm_login Whether to create a long-term cookie.
 * @return boolean indicates if authentication was successful
 * @access public
 */
function auth_attempt_login($p_username, $p_password, $p_perm_login = false)
{
    $t_user_id = auth_get_user_id_from_login_name($p_username);
    if ($t_user_id === false) {
        $t_user_id = auth_auto_create_user($p_username, $p_password);
        if ($t_user_id === false) {
            return false;
        }
    }
    # check for disabled account
    if (!user_is_enabled($t_user_id)) {
        return false;
    }
    # max. failed login attempts achieved...
    if (!user_is_login_request_allowed($t_user_id)) {
        return false;
    }
    # check for anonymous login
    if (!user_is_anonymous($t_user_id)) {
        # anonymous login didn't work, so check the password
        if (!auth_does_password_match($t_user_id, $p_password)) {
            user_increment_failed_login_count($t_user_id);
            return false;
        }
    }
    # ok, we're good to login now
    # increment login count
    user_increment_login_count($t_user_id);
    user_reset_failed_login_count_to_zero($t_user_id);
    user_reset_lost_password_in_progress_count_to_zero($t_user_id);
    # set the cookies
    auth_set_cookies($t_user_id, $p_perm_login);
    auth_set_tokens($t_user_id);
    return true;
}
コード例 #5
0
function auth_attempt_script_login($p_username, $p_password = null)
{
    global $g_script_login_cookie, $g_cache_current_user_id;
    $t_user_id = user_get_id_by_name($p_username);
    $t_user = user_get_row($t_user_id);
    # check for disabled account
    if (OFF == $t_user['enabled']) {
        return false;
    }
    # validate password if supplied
    if (null !== $p_password) {
        if (!auth_does_password_match($t_user_id, $p_password)) {
            return false;
        }
    }
    # ok, we're good to login now
    # increment login count
    user_increment_login_count($t_user_id);
    # set the cookies
    $g_script_login_cookie = $t_user['cookie_string'];
    # cache user id for future reference
    $g_cache_current_user_id = $t_user_id;
    return true;
}