/** * Authenticate user * * @access private * @param string HTTP Authentication type (Basic, Digest, ...) * @param string Username * @param string Password * @return bool true on successful authentication */ function checkAuth($sType, $sUser, $sPass) { $this->ktwebdavLog('Entering checkAuth params are: ', 'info', true); $this->ktwebdavLog('sType: ' . $sType, 'info', true); $this->ktwebdavLog('sUser: '******'info', true); $this->ktwebdavLog('sPass: '******'info', true); // Authenticate user require_once KT_LIB_DIR . '/authentication/authenticationutil.inc.php'; if (empty($sUser)) { $this->ktwebdavLog('sUser is empty, returning false.', 'info', true); return false; } if (empty($sPass)) { $this->ktwebdavLog('sPass is empty, returning false.', 'info', true); return false; } $sUser = iconv('ISO-8859-1', 'UTF-8', $sUser); $sPass = iconv('ISO-8859-1', 'UTF-8', $sPass); $oUser =& User::getByUsername($sUser); if (PEAR::isError($oUser) || $oUser === false) { $this->ktwebdavLog('User not found: ' . $sUser . '.', 'error'); $this->lastMsg = 'User not found: ' . $sUser . '.'; return false; } $authenticated = KTAuthenticationUtil::checkPassword($oUser, $sPass); if ($authenticated === false) { $this->ktwebdavLog('Password incorrect for ' . $sUser . '.', 'error'); $this->lastMsg = 'Password incorrect for ' . $sUser . '.'; return false; } if (PEAR::isError($authenticated)) { $this->ktwebdavLog('Password incorrect for ' . $sUser . '.', 'error'); $this->lastMsg = 'Password incorrect for ' . $sUser . '.'; return false; } $oUser->setLastLogin(date('Y-m-d H:i:s')); $oUser->update(); $this->ktwebdavLog('Session ID is: ' . $sessionID, 'info', true); $this->ktwebdavLog('UserID is: ' . $oUser->getId(), 'info', true); $this->_setUserID($oUser->getId()); $_SESSION['userID'] = $this->_getUserID(); $this->ktwebdavLog('SESSION UserID is: ' . $_SESSION['userID'], 'info', true); $this->ktwebdavLog("Authentication Success.", 'info', true); return true; }
function do_login() { $aExtra = array(); if (!loginUtil::check() && $_SESSION['userID'] != -2) { // bounce here, potentially. // User is already logged in - get the redirect $redirect = strip_tags(KTUtil::arrayGet($_REQUEST, 'redirect')); $cookietest = KTUtil::randomString(); setcookie("CookieTestCookie", $cookietest, 0); $this->redirectTo('checkCookie', array('cookieVerify' => $cookietest, 'redirect' => $redirect)); exit(0); } global $default; $language = KTUtil::arrayGet($_REQUEST, 'language'); if (empty($language)) { $language = $default->defaultLanguage; } setcookie("kt_language", $language, 2147483647, '/'); $redirect = strip_tags(KTUtil::arrayGet($_REQUEST, 'redirect')); $url = $_SERVER["PHP_SELF"]; $queryParams = array(); if (!empty($redirect)) { $queryParams[] = 'redirect=' . urlencode($redirect); } $username = KTUtil::arrayGet($_REQUEST, 'username'); $password = KTUtil::arrayGet($_REQUEST, 'password'); if (empty($username)) { $this->simpleRedirectToMain(_kt('Please enter your username.'), $url, $queryParams); } $oUser =& User::getByUsername($username); if (PEAR::isError($oUser) || $oUser === false) { if (is_a($oUser, 'ktentitynoobjects')) { loginUtil::handleUserDoesNotExist($username, $password, $aExtra); } $this->simpleRedirectToMain(_kt('Login failed. Please check your username and password, and try again.'), $url, $queryParams); exit(0); } if (empty($password)) { $this->simpleRedirectToMain(_kt('Please enter your password.'), $url, $queryParams); } $authenticated = KTAuthenticationUtil::checkPassword($oUser, $password); if (PEAR::isError($authenticated)) { $this->simpleRedirectToMain(_kt('Authentication failure. Please try again.'), $url, $queryParams); exit(0); } if ($authenticated !== true) { $this->simpleRedirectToMain(_kt('Login failed. Please check your username and password, and try again.'), $url, $queryParams); exit(0); } $res = loginUtil::performLogin($oUser); if ($res) { $this->simpleRedirectToMain($res->getMessage(), $url, $queryParams); exit(0); } }
function do_login() { $aExtra = array(); $oUser =& KTInterceptorRegistry::checkInterceptorsForAuthenticated(); if (is_a($oUser, 'User')) { $res = $this->performLogin($oUser); if ($res) { $oUser = array($res); } } if (is_array($oUser)) { foreach ($oUser as $oError) { if (is_a($oError, 'KTNoLocalUser')) { $aExtra = kt_array_merge($aExtra, $oError->aExtra); } } } KTInterceptorRegistry::checkInterceptorsForTakeOver(); $this->check(); global $default; $language = KTUtil::arrayGet($_REQUEST, 'language'); if (empty($language)) { $language = $default->defaultLanguage; } setcookie("kt_language", $language, 2147483647, '/'); $redirect = strip_tags(KTUtil::arrayGet($_REQUEST, 'redirect')); $url = $_SERVER["PHP_SELF"]; $queryParams = array(); if (!empty($redirect)) { $queryParams[] = 'redirect=' . urlencode($redirect); } $username = KTUtil::arrayGet($_REQUEST, 'username'); $password = KTUtil::arrayGet($_REQUEST, 'password'); if (empty($username)) { $this->simpleRedirectToMain(_kt('Please enter your username.'), $url, $queryParams); } $oUser =& User::getByUsername($username); if (PEAR::isError($oUser) || $oUser === false) { if (is_a($oUser, 'ktentitynoobjects')) { $this->handleUserDoesNotExist($username, $password, $aExtra); } $this->simpleRedirectToMain(_kt('Login failed. Please check your username and password, and try again.'), $url, $queryParams); exit(0); } if (empty($password)) { $this->simpleRedirectToMain(_kt('Please enter your password.'), $url, $queryParams); } $authenticated = KTAuthenticationUtil::checkPassword($oUser, $password); if (PEAR::isError($authenticated)) { $this->simpleRedirectToMain(_kt('Authentication failure. Please try again.'), $url, $queryParams); exit(0); } if ($authenticated !== true) { $this->simpleRedirectToMain(_kt('Login failed. Please check your username and password, and try again.'), $url, $queryParams); exit(0); } $res = $this->performLogin($oUser); if ($res) { $this->simpleRedirectToMain($res->getMessage(), $url, $queryParams); exit(0); } }
function validateUser($username, $password) { //return DBAuthenticator::checkPassword($username, $password); $oUser =& User::getByUsername($username); if (PEAR::isError($oUser) || is_a($oUser, 'KTEntityNoObjects')) { return false; } return KTAuthenticationUtil::checkPassword($oUser, $password); }
/** * This returns a session object based on authentication credentials. * * @author KnowledgeTree Team * @access public * @static * @param KTAPI $ktapi Instance of the KTAPI object * @param string $username The users username * @param string $password The users password * @param string $ip Optional. The users IP address - if null, the method will attempt to resolve it * @param string $app Optional. The originating application type - Default is ws => webservices | webapp => The web application * @return KTAPI_Session|PEAR_Error Returns the KATPI_UserSession | a PEAR_Error on failure */ function &start_session(&$ktapi, $username, $password, $ip = null, $app = 'ws') { $this->active = false; if (empty($username)) { return new PEAR_Error(_kt('The username is empty.')); } $user =& User::getByUsername($username); if (PEAR::isError($user) || $user === false) { return new KTAPI_Error(_kt("The user '{$username}' cound not be found."), $user); } if (empty($password)) { return new PEAR_Error(_kt('The password is empty.')); } $authenticated = KTAuthenticationUtil::checkPassword($user, $password); if (PEAR::isError($authenticated) || $authenticated === false) { return new KTAPI_Error(_kt("The password is invalid."), $authenticated); } if (is_null($ip)) { //$ip = '127.0.0.1'; $ip = KTAPI_UserSession::resolveIP(); } $result = KTAPI_UserSession::_check_session($user, $ip, $app); if (PEAR::isError($result)) { return $result; } list($session, $sessionid) = $result; $session =& new KTAPI_UserSession($ktapi, $user, $session, $sessionid, $ip); return $session; }
<?php require_once "../../config/dmsDefaults.php"; require_once KT_LIB_DIR . '/authentication/authenticationutil.inc.php'; $oUser =& User::getByUserName('nbm2'); if (0) { $foo = KTAuthenticationUtil::checkPassword($oUser, 'asdf'); var_dump($foo); } else { $foo = KTAuthenticationUtil::checkPassword($oUser, 'asdjasdjk'); var_dump($foo); }