private static function authenticate_ovd_user($login_, $password_)
{
if (Preferences::fileExists() === false) {
Logger::info('api', 'Admin authentication: authenticate_ovd_user the system is not configured');
return false;
}
if (Preferences::moduleIsEnabled('UserDB') === false) {
Logger::info('api', 'Admin authentication: module UserDB is not enabled');
return false;
}
$userDB = UserDB::getInstance();
$user = $userDB->import($login_);
if (!is_object($user)) {
Logger::info('api', 'Admin authentication: authenticate_ovd_user authentication failed: user(login='******') does not exist');
return false;
}
$auth = $userDB->authenticate($user, $password_);
if (!$auth) {
Logger::info('api', 'Admin authentication: authentication failed for user(login='******'): wrong password');
return false;
}
// the user exists, does he have right to log in the admin panel ?
$policy = $user->getPolicy();
if (!array_key_exists('canUseAdminPanel', $policy) or $policy['canUseAdminPanel'] !== true) {
Logger::info('api', 'Admin authentication: failed to log in ' . $login_ . ' : access denied to admin panel');
return false;
}
return true;
}
function authenticate_ovd_user($login_, $password_)
{
// it's not the login&password from the conf file in /etc
// let's try to login a real user
if (Preferences::fileExists() === false) {
$_SESSION['admin_error'] = _('The system is not configured');
Logger::info('main', 'admin/login.php::authenticate_ovd_user the system is not configured');
return false;
}
if (Preferences::moduleIsEnabled('UserDB') === false) {
$_SESSION['admin_error'] = _('The module UserDB is not enabled');
Logger::info('main', 'admin/login.php::authenticate_ovd_user module UserDB is not enabled');
return false;
}
$userDB = UserDB::getInstance();
$user = $userDB->import($login_);
if (!is_object($user)) {
// the user does not exist
$_SESSION['admin_error'] = _('There was an error with your authentication');
Logger::info('main', 'admin/login.php::authenticate_ovd_user authentication failed: user(login='******') does not exist');
return false;
}
$auth = $userDB->authenticate($user, $password_);
if (!$auth) {
$_SESSION['admin_error'] = _('There was an error with your authentication');
Logger::info('main', 'admin/login.php::authenticate_ovd_user authentication failed for user(login='******'): wrong password');
return false;
}
// the user exists, does he have right to log in the admin panel ?
$policy = $user->getPolicy();
if (isset($policy['canUseAdminPanel']) && $policy['canUseAdminPanel'] == true) {
return $user;
}
Logger::info('main', 'login.php failed to log in ' . $login_ . ' : access denied to admin panel');
$_SESSION['admin_error'] = _('Unauthorized access');
return false;
}
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; version 2
* of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
**/
require_once dirname(__FILE__) . '/../includes/core-minimal.inc.php';
if (Preferences::fileExists() === false) {
exit(1);
}
//BEGIN Sessions expiration
$sessions = Abstract_Session::load_all();
foreach ($sessions as $session) {
if (!Abstract_Session::exists($session->id)) {
// avoid operation on an already deleted Session (parallel processing)
continue;
}
if ($session->start_time != 0 && array_key_exists('timeout', $session->settings) && $session->settings['timeout'] > 0) {
if ($session->start_time + $session->settings['timeout'] < time()) {
Logger::info('main', '(minutely cron) Session \'' . $session->id . '\' has expired, ending...');
$session->orderDeletion(true, Session::SESSION_END_STATUS_TIMEOUT);
}
}