private function auth($username, $password)
{
global $config;
$login_ok = false;
if (!empty($username) && !empty($password)) {
$attributes = array();
$authcfg = auth_get_authserver($config['system']['webgui']['authmode']);
if (authenticate_user($username, $password, $authcfg, $attributes) || authenticate_user($username, $password)) {
$login_ok = true;
}
}
if (!$login_ok) {
log_auth("webConfigurator authentication error for '" . $username . "' from " . $this->remote_addr);
require_once "XML/RPC2/Exception.php";
throw new XML_RPC2_FaultException(gettext('Authentication failed: Invalid username or password'), -1);
}
$user_entry = getUserEntry($username);
/*
* admin (uid = 0) is allowed
* or regular user with necessary privilege
*/
if (isset($user_entry['uid']) && $user_entry['uid'] != '0' && !userHasPrivilege($user_entry, 'system-xmlrpc-ha-sync')) {
log_auth("webConfigurator authentication error for '" . $username . "' from " . $this->remote_addr . " not enough privileges");
require_once "XML/RPC2/Exception.php";
throw new XML_RPC2_FaultException(gettext('Authentication failed: not enough privileges'), -2);
}
return;
}
function xmlrpc_authfail()
{
log_auth("webConfigurator authentication error for 'admin' from {$_SERVER['REMOTE_ADDR']}");
}
