function register_valid($user_id, CSRFSynchronizerToken $csrf, EventManager $event_manager) { $request = HTTPRequest::instance(); if (!$request->isPost() || !$request->exist('Update')) { return 0; } $csrf->check(); // check against old pw $user_manager = UserManager::instance(); $user = $user_manager->getUserById($user_id); if ($user === null) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'user_not_found')); return 0; } $password_expiration_checker = new User_PasswordExpirationChecker(); $password_handler = PasswordHandlerFactory::getPasswordHandler(); $login_manager = new User_LoginManager($event_manager, $user_manager, $password_expiration_checker, $password_handler); if (!$login_manager->verifyPassword($user, $request->get('form_oldpw'))) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'incorrect_old_password')); return 0; } try { $status_manager = new User_UserStatusManager(); $status_manager->checkStatus($user); } catch (User_StatusInvalidException $exception) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'account_inactive')); return 0; } if (!$request->exist('form_pw')) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'password_needed')); return 0; } if ($request->get('form_pw') != $request->get('form_pw2')) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'password_not_match')); return 0; } if ($request->get('form_pw') === $request->get('form_oldpw')) { $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('account_change_pw', 'identical_password')); return 0; } if (!account_pwvalid($request->get('form_pw'), $errors)) { foreach ($errors as $e) { $GLOBALS['Response']->addFeedback('error', $e); } return 0; } // if we got this far, it must be good $user->setPassword($request->get('form_pw')); if (!$user_manager->updateDb($user)) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'internal_error_update')); return 0; } return 1; }
private function authenticate(Git_HTTP_Command $command) { if (!isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER'] == '') { $this->basicAuthenticationChallenge(); } else { try { $user = $this->login_manager->authenticate($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); $this->logger->debug('LOGGED AS ' . $user->getUnixName()); return $this->getGitoliteCommand($user, $command); } catch (Exception $exception) { $this->logger->debug('LOGIN ERROR ' . $exception->getMessage()); $this->basicAuthenticationChallenge(); } } }
/** * Login the user * * @deprected * @param $name string The login name submitted by the user * @param $pwd string The password submitted by the user * @param $allowpending boolean True if pending users are allowed (for verify.php). Default is false * @return PFUser Registered user or anonymous if the authentication failed */ function login($name, $pwd, $allowpending = false) { try { $password_expiration_checker = new User_PasswordExpirationChecker(); $password_handler = PasswordHandlerFactory::getPasswordHandler(); $login_manager = new User_LoginManager(EventManager::instance(), $this, $password_expiration_checker, $password_handler); $status_manager = new User_UserStatusManager(); $user = $login_manager->authenticate($name, $pwd); if ($allowpending) { $status_manager->checkStatusOnVerifyPage($user); } else { $status_manager->checkStatus($user); } $this->openWebSession($user); $password_expiration_checker->checkPasswordLifetime($user); $password_expiration_checker->warnUserAboutPasswordExpiration($user); $this->warnUserAboutAuthenticationAttempts($user); return $this->setCurrentUser($user); } catch (User_InvalidPasswordWithUserException $exception) { $GLOBALS['Response']->addFeedback(Feedback::ERROR, $exception->getMessage()); $accessInfo = $this->getUserAccessInfo($exception->getUser()); $this->getDao()->storeLoginFailure($name, $_SERVER['REQUEST_TIME']); } catch (User_InvalidPasswordException $exception) { $GLOBALS['Response']->addFeedback(Feedback::ERROR, $exception->getMessage()); } catch (User_PasswordExpiredException $exception) { $GLOBALS['Response']->addFeedback(Feedback::ERROR, $exception->getMessage()); $GLOBALS['Response']->redirect('/account/change_pw.php?user_id=' . $exception->getUser()->getId()); } catch (User_StatusInvalidException $exception) { $GLOBALS['Response']->addFeedback(Feedback::ERROR, $exception->getMessage()); } catch (SessionNotCreatedException $exception) { $GLOBALS['Response']->addFeedback(Feedback::ERROR, $exception->getMessage()); } catch (User_LoginException $exception) { $GLOBALS['Response']->addFeedback(Feedback::ERROR, $exception->getMessage()); } return $this->setCurrentUser($this->createAnonymousUser()); }
$first_artifact_id = $argv[3]; $last_artifact_id = $argv[4]; $password = null; if (!isset($password)) { echo "Password for {$user_name}: "; if (PHP_OS != 'WINNT') { shell_exec('stty -echo'); $password = fgets(STDIN); shell_exec('stty echo'); } else { $password = fgets(STDIN); } $password = substr($password, 0, strlen($password) - 1); echo PHP_EOL; } $login_manager = new User_LoginManager(EventManager::instance(), UserManager::instance(), new User_PasswordExpirationChecker(), PasswordHandlerFactory::getPasswordHandler()); try { $tuleap_user = $login_manager->authenticate($user_name, $password); } catch (Exception $exception) { fwrite(STDERR, 'Login or password invalid. Exit' . PHP_EOL); exit(1); } $tracker = TrackerFactory::instance()->getTrackerById($tracker_id); if (!$tracker) { fwrite(STDERR, 'Tracker id does not exist' . PHP_EOL); exit(1); } if (!$tracker->userIsAdmin($tuleap_user)) { fwrite(STDERR, $user_name . ' is not administrator of Tracker #' . $tracker_id . '. Exit.' . PHP_EOL); exit(1); }