/** * authorization function verifies login & password and set user session data * return map * * we need an option to skip existent session block, in order to use * feature that requires login when session has expired and user has some data * not saved. (ajaxlogin on login.php page) */ function doAuthorize(&$db, $login, $pwd, $options = null) { global $g_tlLogger; $result = array('status' => tl::ERROR, 'msg' => null); $_SESSION['locale'] = TL_DEFAULT_LOCALE; $my['options'] = array('doSessionExistsCheck' => true); $my['options'] = array_merge($my['options'], (array) $options); $doLogin = false; if (!is_null($pwd) && !is_null($login)) { $user = new tlUser(); $user->login = $login; $login_exists = $user->readFromDB($db, tlUser::USER_O_SEARCH_BYLOGIN) >= tl::OK; if ($login_exists) { $password_check = auth_does_password_match($user, $pwd); if (!$password_check->status_ok) { $result = array('status' => tl::ERROR, 'msg' => null); } $doLogin = $password_check->status_ok && $user->isActive; if (!$doLogin) { logAuditEvent(TLS("audit_login_failed", $login, $_SERVER['REMOTE_ADDR']), "LOGIN_FAILED", $user->dbID, "users"); } } else { $authCfg = config_get('authentication'); if ($authCfg['ldap_automatic_user_creation']) { $user->authentication = 'LDAP'; // force for auth_does_password_match $check = auth_does_password_match($user, $pwd); if ($check->status_ok) { $user = new tlUser(); $user->login = $login; $user->authentication = 'LDAP'; $user->isActive = true; $user->setPassword($pwd); // write password on DB anyway $user->emailAddress = ldap_get_field_from_username($user->login, strtolower($authCfg['ldap_email_field'])); $user->firstName = ldap_get_field_from_username($user->login, strtolower($authCfg['ldap_firstname_field'])); $user->lastName = ldap_get_field_from_username($user->login, strtolower($authCfg['ldap_surname_field'])); $user->firstName = is_null($user->firstName) || strlen($user->firstName) == 0 ? $login : $user->firstName; $user->lastName = is_null($user->lastName) || strlen($user->lastName) == 0 ? $login : $user->lastName; $doLogin = $user->writeToDB($db) == tl::OK; } } } } if ($doLogin) { // After some tests (I'm very tired), seems that re-reading is best option $user = new tlUser(); $user->login = $login; $user->readFromDB($db, tlUser::USER_O_SEARCH_BYLOGIN); // Need to do set COOKIE following Mantis model $auth_cookie_name = config_get('auth_cookie'); $expireOnBrowserClose = false; setcookie($auth_cookie_name, $user->getSecurityCookie(), $expireOnBrowserClose, '/'); // Disallow two sessions within one browser if ($my['options']['doSessionExistsCheck'] && isset($_SESSION['currentUser']) && !is_null($_SESSION['currentUser'])) { $result['msg'] = lang_get('login_msg_session_exists1') . ' <a style="color:white;" href="logout.php">' . lang_get('logout_link') . '</a>' . lang_get('login_msg_session_exists2'); } else { // Setting user's session information $_SESSION['currentUser'] = $user; $_SESSION['lastActivity'] = time(); $g_tlLogger->endTransaction(); $g_tlLogger->startTransaction(); setUserSession($db, $user->login, $user->dbID, $user->globalRoleID, $user->emailAddress, $user->locale, null); $result['status'] = tl::OK; } } return $result; }
doDBConnect($db, database::ONERROREXIT); $message = lang_get('your_info_please'); if ($args->doEditUser) { if (strcmp($args->password, $args->password2)) { $message = lang_get('passwd_dont_match'); } else { $user = new tlUser(); $rx = $user->checkPasswordQuality($args->password); if ($rx['status_ok'] >= tl::OK) { $result = $user->setPassword($args->password); if ($result >= tl::OK) { $user->login = $args->login; $user->emailAddress = $args->email; $user->firstName = $args->firstName; $user->lastName = $args->lastName; $result = $user->writeToDB($db); $cfg = config_get('notifications'); if ($cfg->userSignUp->enabled) { notifyGlobalAdmins($db, $user); } logAuditEvent(TLS("audit_users_self_signup", $args->login), "CREATE", $user->dbID, "users"); redirect(TL_BASE_HREF . "login.php?note=first"); exit; } else { $message = getUserErrorMessage($result); } } else { $message = $rx['msg']; } } }
/** * Create user * * @param struct $args * @param string $args["devKey"] * @param string $args["user"] * @param string $args["email"] * @param string $args["firstName"] * @param string $args["lastName"] * @param boolean $args["admin"] * @return int * @access public */ public function createUser($args) { $this->_setArgs($args); if (!$this->authenticate()) { return $this->errors; } $login = $this->args[self::$userParamName]; $email = $this->args['email']; $firstName = $this->args['firstName']; $lastName = $this->args['lastName']; $admin = $this->args['admin']; $user_id = tlUser::doesUserExist($this->dbObj, $login); if (!is_null($user_id)) { $this->errors[] = new IXR_ERROR(100002, 'User already exists'); } else { $user = new tlUser(); $user->login = $login; $user->authentication = 'LDAP'; $user->isActive = true; $user->setPassword(''); $user->emailAddress = $email; $user->firstName = $firstName; $user->lastName = $lastName; $roleId = tlRole::doesRoleExist($this->dbObj, 'admin', 0); if (!is_null($roleId) and $admin) { $user->globalRoleID = $roleId; } if ($user->writeToDB($this->dbObj) == tl::OK) { return tlUser::doesUserExist($this->dbObj, $login); } $this->errors[] = new IXR_ERROR(100003, 'Error creating user'); } return $this->errors; }