/**
* Take a username and password and try to authenticate the
* user
*
* @param string $username
* @param string $password
* @return bool
*/
public function login($username, $password)
{
$sql = 'SELECT
*,
' . db_format_tsfield('expiry') . ',
' . db_format_tsfield('lastlogin') . ',
' . db_format_tsfield('lastlastlogin') . ',
' . db_format_tsfield('lastaccess') . ',
' . db_format_tsfield('suspendedctime') . ',
' . db_format_tsfield('ctime') . '
FROM
{usr}
WHERE
LOWER(username) = ?';
if (function_exists('mb_strtolower')) {
$user = get_record_sql($sql, array(mb_strtolower($username, 'UTF-8')));
} else {
$user = get_record_sql($sql, array(strtolower($username)));
}
if ($user == false) {
throw new AuthUnknownUserException("\"{$username}\" is not known");
}
if (isset($user->logintries) && $user->logintries >= MAXLOGINTRIES) {
global $SESSION;
$SESSION->add_error_msg(get_string('toomanytries', 'auth'));
return false;
}
if (is_site_closed($user->admin)) {
return false;
}
// Authentication instances that have parents do so because they cannot
// use Mahara's normal login mechanism - for example, XMLRPC. If the
// user is using one of these authentication instances, we look and try
// to use the parent.
//
// There's no code here that prevents the authinstance being tried if
// it has no parent, mainly because that's an extra database lookup for
// the general case, and the authentication will probably just fail
// anyway. (XMLRPC, for example, leaves implementation of
// authenticate_user_account to the parent Auth class, which says 'not
// authorised' by default).
$instanceid = $user->authinstance;
if ($parentid = get_field('auth_instance_config', 'value', 'field', 'parent', 'instance', $instanceid)) {
$instanceid = $parentid;
}
// Check for a suspended institution
// If a user in more than one institution and one of them is suspended
// make sure their authinstance is not set to the suspended institution
// otherwise they will not be able to login.
$authinstance = get_record_sql('
SELECT i.suspended, i.displayname
FROM {institution} i JOIN {auth_instance} a ON a.institution = i.name
WHERE a.id = ?', array($instanceid));
if ($authinstance->suspended) {
$sitename = get_config('sitename');
throw new AccessTotallyDeniedException(get_string('accesstotallydenied_institutionsuspended', 'mahara', $authinstance->displayname, $sitename));
return false;
}
$auth = AuthFactory::create($instanceid);
// catch the AuthInstanceException that allows authentication plugins to
// fail but pass onto the next possible plugin
try {
if ($auth->authenticate_user_account($user, $password)) {
$this->authenticate($user, $auth->instanceid);
return true;
}
} catch (AuthInstanceException $e) {
return false;
}
// Display a message to users who are only allowed to login via their
// external application.
if ($auth->authloginmsg != '') {
global $SESSION;
$SESSION->add_error_msg(clean_html($auth->authloginmsg), false, 'loginbox');
}
if (empty($user->logintries)) {
$user->logintries = 0;
}
if ($user->logintries < MAXLOGINTRIES) {
$record = get_record('usr', 'id', $user->id, null, null, null, null, 'id, logintries');
$record->logintries = $user->logintries + 1;
update_record('usr', $record, false);
}
return false;
}
public function login($email)
{
// This will do one of 3 things
// 1 - If a user has an account, log them in
// 2 - If a user doesn't have an account, and there is an auth method (which also has weautocreate), create acc and login
// 3 - If a user doesn't have an account, and there is more than one auth method, show a registration page
$sql = "SELECT\n a.id, i.name AS institutionname\n FROM\n {auth_instance} a\n JOIN\n {institution} i ON a.institution = i.name\n WHERE\n a.authname = 'browserid' AND\n i.suspended = 0";
$authinstances = get_records_sql_array($sql, array());
if (!$authinstances) {
throw new ConfigException(get_string('browseridnotenabled', 'auth.browserid'));
}
$autocreate = array();
// Remember the authinstances that are happy to create users
foreach ($authinstances as $authinstance) {
$auth = AuthFactory::create($authinstance->id);
$institutionjoin = '';
$institutionwhere = '';
$sqlvalues = array($email);
if ($authinstance->institutionname != 'mahara') {
// Make sure that user is in the right institution
$institutionjoin = 'JOIN {usr_institution} ui ON ui.usr = u.id';
$institutionwhere = 'AND ui.institution = ?';
$sqlvalues[] = $authinstance->institutionname;
}
$sql = "SELECT\n u.*,\n " . db_format_tsfield('u.expiry', 'expiry') . ",\n " . db_format_tsfield('u.lastlogin', 'lastlogin') . ",\n " . db_format_tsfield('u.lastlastlogin', 'lastlastlogin') . ",\n " . db_format_tsfield('u.lastaccess', 'lastaccess') . ",\n " . db_format_tsfield('u.suspendedctime', 'suspendedctime') . ",\n " . db_format_tsfield('u.ctime', 'ctime') . "\n FROM\n {usr} u\n JOIN\n {artefact_internal_profile_email} a ON a.owner = u.id\n {$institutionjoin}\n WHERE\n a.verified = 1 AND\n a.email = ?\n {$institutionwhere}";
$user = get_record_sql($sql, $sqlvalues);
if (!$user) {
if ($auth->weautocreateusers) {
if ($authinstance->institutionname == 'mahara') {
array_unshift($autocreate, $auth);
// Try "No Instititution" first when creating users below
} else {
$autocreate[] = $auth;
}
}
continue;
// skip to the next auth_instance
}
if (is_site_closed($user->admin)) {
return false;
}
ensure_user_account_is_active($user);
$this->authenticate($user, $auth->instanceid);
return true;
}
foreach ($autocreate as $auth) {
if (!($user = $auth->create_new_user($email))) {
continue;
}
$this->authenticate($user, $auth->instanceid);
return;
}
// Autocreation failed; try registration.
list($form, $registerconfirm) = auth_generate_registration_form('register', 'browserid', '/register.php');
if (!$form) {
throw new AuthUnknownUserException(get_string('emailnotfound', 'auth.browserid', $email));
}
if (record_exists('usr', 'email', $email) || record_exists('artefact_internal_profile_email', 'email', $email)) {
throw new AuthUnknownUserException(get_string('emailalreadytaken', 'auth.internal', $email));
}
$form['elements']['email'] = array('type' => 'hidden', 'value' => $email);
$form['elements']['authtype'] = array('type' => 'hidden', 'value' => 'browserid');
list($formhtml, $js) = auth_generate_registration_form_js($form, $registerconfirm);
$registerdescription = get_string('registerwelcome');
if ($registerterms = get_config('registerterms')) {
$registerdescription .= ' ' . get_string('registeragreeterms');
}
$registerdescription .= ' ' . get_string('registerprivacy');
$smarty = smarty();
$smarty->assign('register_form', $formhtml);
$smarty->assign('registerdescription', $registerdescription);
if ($registerterms) {
$smarty->assign('termsandconditions', get_site_page_content('termsandconditions'));
}
$smarty->assign('PAGEHEADING', get_string('register', 'auth.browserid'));
$smarty->assign('INLINEJAVASCRIPT', $js);
$smarty->display('register.tpl');
die;
}
