/**
* Authenticate user
*
* @access private
* @param string HTTP Authentication type (Basic, Digest, ...)
* @param string Username
* @param string Password
* @return bool true on successful authentication
*/
function checkAuth($sType, $sUser, $sPass)
{
$this->ktwebdavLog('Entering checkAuth params are: ', 'info', true);
$this->ktwebdavLog('sType: ' . $sType, 'info', true);
$this->ktwebdavLog('sUser: '******'info', true);
$this->ktwebdavLog('sPass: '******'info', true);
// Authenticate user
require_once KT_LIB_DIR . '/authentication/authenticationutil.inc.php';
if (empty($sUser)) {
$this->ktwebdavLog('sUser is empty, returning false.', 'info', true);
return false;
}
if (empty($sPass)) {
$this->ktwebdavLog('sPass is empty, returning false.', 'info', true);
return false;
}
$sUser = iconv('ISO-8859-1', 'UTF-8', $sUser);
$sPass = iconv('ISO-8859-1', 'UTF-8', $sPass);
$oUser =& User::getByUsername($sUser);
if (PEAR::isError($oUser) || $oUser === false) {
$this->ktwebdavLog('User not found: ' . $sUser . '.', 'error');
$this->lastMsg = 'User not found: ' . $sUser . '.';
return false;
}
$authenticated = KTAuthenticationUtil::checkPassword($oUser, $sPass);
if ($authenticated === false) {
$this->ktwebdavLog('Password incorrect for ' . $sUser . '.', 'error');
$this->lastMsg = 'Password incorrect for ' . $sUser . '.';
return false;
}
if (PEAR::isError($authenticated)) {
$this->ktwebdavLog('Password incorrect for ' . $sUser . '.', 'error');
$this->lastMsg = 'Password incorrect for ' . $sUser . '.';
return false;
}
$oUser->setLastLogin(date('Y-m-d H:i:s'));
$oUser->update();
$this->ktwebdavLog('Session ID is: ' . $sessionID, 'info', true);
$this->ktwebdavLog('UserID is: ' . $oUser->getId(), 'info', true);
$this->_setUserID($oUser->getId());
$_SESSION['userID'] = $this->_getUserID();
$this->ktwebdavLog('SESSION UserID is: ' . $_SESSION['userID'], 'info', true);
$this->ktwebdavLog("Authentication Success.", 'info', true);
return true;
}
function do_login()
{
$aExtra = array();
if (!loginUtil::check() && $_SESSION['userID'] != -2) {
// bounce here, potentially.
// User is already logged in - get the redirect
$redirect = strip_tags(KTUtil::arrayGet($_REQUEST, 'redirect'));
$cookietest = KTUtil::randomString();
setcookie("CookieTestCookie", $cookietest, 0);
$this->redirectTo('checkCookie', array('cookieVerify' => $cookietest, 'redirect' => $redirect));
exit(0);
}
global $default;
$language = KTUtil::arrayGet($_REQUEST, 'language');
if (empty($language)) {
$language = $default->defaultLanguage;
}
setcookie("kt_language", $language, 2147483647, '/');
$redirect = strip_tags(KTUtil::arrayGet($_REQUEST, 'redirect'));
$url = $_SERVER["PHP_SELF"];
$queryParams = array();
if (!empty($redirect)) {
$queryParams[] = 'redirect=' . urlencode($redirect);
}
$username = KTUtil::arrayGet($_REQUEST, 'username');
$password = KTUtil::arrayGet($_REQUEST, 'password');
if (empty($username)) {
$this->simpleRedirectToMain(_kt('Please enter your username.'), $url, $queryParams);
}
$oUser =& User::getByUsername($username);
if (PEAR::isError($oUser) || $oUser === false) {
if (is_a($oUser, 'ktentitynoobjects')) {
loginUtil::handleUserDoesNotExist($username, $password, $aExtra);
}
$this->simpleRedirectToMain(_kt('Login failed. Please check your username and password, and try again.'), $url, $queryParams);
exit(0);
}
if (empty($password)) {
$this->simpleRedirectToMain(_kt('Please enter your password.'), $url, $queryParams);
}
$authenticated = KTAuthenticationUtil::checkPassword($oUser, $password);
if (PEAR::isError($authenticated)) {
$this->simpleRedirectToMain(_kt('Authentication failure. Please try again.'), $url, $queryParams);
exit(0);
}
if ($authenticated !== true) {
$this->simpleRedirectToMain(_kt('Login failed. Please check your username and password, and try again.'), $url, $queryParams);
exit(0);
}
$res = loginUtil::performLogin($oUser);
if ($res) {
$this->simpleRedirectToMain($res->getMessage(), $url, $queryParams);
exit(0);
}
}
function do_login()
{
$aExtra = array();
$oUser =& KTInterceptorRegistry::checkInterceptorsForAuthenticated();
if (is_a($oUser, 'User')) {
$res = $this->performLogin($oUser);
if ($res) {
$oUser = array($res);
}
}
if (is_array($oUser)) {
foreach ($oUser as $oError) {
if (is_a($oError, 'KTNoLocalUser')) {
$aExtra = kt_array_merge($aExtra, $oError->aExtra);
}
}
}
KTInterceptorRegistry::checkInterceptorsForTakeOver();
$this->check();
global $default;
$language = KTUtil::arrayGet($_REQUEST, 'language');
if (empty($language)) {
$language = $default->defaultLanguage;
}
setcookie("kt_language", $language, 2147483647, '/');
$redirect = strip_tags(KTUtil::arrayGet($_REQUEST, 'redirect'));
$url = $_SERVER["PHP_SELF"];
$queryParams = array();
if (!empty($redirect)) {
$queryParams[] = 'redirect=' . urlencode($redirect);
}
$username = KTUtil::arrayGet($_REQUEST, 'username');
$password = KTUtil::arrayGet($_REQUEST, 'password');
if (empty($username)) {
$this->simpleRedirectToMain(_kt('Please enter your username.'), $url, $queryParams);
}
$oUser =& User::getByUsername($username);
if (PEAR::isError($oUser) || $oUser === false) {
if (is_a($oUser, 'ktentitynoobjects')) {
$this->handleUserDoesNotExist($username, $password, $aExtra);
}
$this->simpleRedirectToMain(_kt('Login failed. Please check your username and password, and try again.'), $url, $queryParams);
exit(0);
}
if (empty($password)) {
$this->simpleRedirectToMain(_kt('Please enter your password.'), $url, $queryParams);
}
$authenticated = KTAuthenticationUtil::checkPassword($oUser, $password);
if (PEAR::isError($authenticated)) {
$this->simpleRedirectToMain(_kt('Authentication failure. Please try again.'), $url, $queryParams);
exit(0);
}
if ($authenticated !== true) {
$this->simpleRedirectToMain(_kt('Login failed. Please check your username and password, and try again.'), $url, $queryParams);
exit(0);
}
$res = $this->performLogin($oUser);
if ($res) {
$this->simpleRedirectToMain($res->getMessage(), $url, $queryParams);
exit(0);
}
}
function validateUser($username, $password)
{
//return DBAuthenticator::checkPassword($username, $password);
$oUser =& User::getByUsername($username);
if (PEAR::isError($oUser) || is_a($oUser, 'KTEntityNoObjects')) {
return false;
}
return KTAuthenticationUtil::checkPassword($oUser, $password);
}
/**
* This returns a session object based on authentication credentials.
*
* @author KnowledgeTree Team
* @access public
* @static
* @param KTAPI $ktapi Instance of the KTAPI object
* @param string $username The users username
* @param string $password The users password
* @param string $ip Optional. The users IP address - if null, the method will attempt to resolve it
* @param string $app Optional. The originating application type - Default is ws => webservices | webapp => The web application
* @return KTAPI_Session|PEAR_Error Returns the KATPI_UserSession | a PEAR_Error on failure
*/
function &start_session(&$ktapi, $username, $password, $ip = null, $app = 'ws')
{
$this->active = false;
if (empty($username)) {
return new PEAR_Error(_kt('The username is empty.'));
}
$user =& User::getByUsername($username);
if (PEAR::isError($user) || $user === false) {
return new KTAPI_Error(_kt("The user '{$username}' cound not be found."), $user);
}
if (empty($password)) {
return new PEAR_Error(_kt('The password is empty.'));
}
$authenticated = KTAuthenticationUtil::checkPassword($user, $password);
if (PEAR::isError($authenticated) || $authenticated === false) {
return new KTAPI_Error(_kt("The password is invalid."), $authenticated);
}
if (is_null($ip)) {
//$ip = '127.0.0.1';
$ip = KTAPI_UserSession::resolveIP();
}
$result = KTAPI_UserSession::_check_session($user, $ip, $app);
if (PEAR::isError($result)) {
return $result;
}
list($session, $sessionid) = $result;
$session =& new KTAPI_UserSession($ktapi, $user, $session, $sessionid, $ip);
return $session;
}
<?php
require_once "../../config/dmsDefaults.php";
require_once KT_LIB_DIR . '/authentication/authenticationutil.inc.php';
$oUser =& User::getByUserName('nbm2');
if (0) {
$foo = KTAuthenticationUtil::checkPassword($oUser, 'asdf');
var_dump($foo);
} else {
$foo = KTAuthenticationUtil::checkPassword($oUser, 'asdjasdjk');
var_dump($foo);
}
