/**
* Hook into the PAM system which accepts a username and password and attempts to authenticate
* it against a known user.
*
* @param array $credentials Associated array of credentials passed to pam_authenticate. This function expects
* 'username' and 'password' (cleartext).
*/
function pam_auth_userpass($credentials = NULL)
{
$max_in_period = 3;
// max 3 login attempts in
$period_length = 5;
// 5 minutes
$periods = array();
if (is_array($credentials) && $credentials['username'] && $credentials['password']) {
//$dbpassword = md5($credentials['password']);
if ($user = get_user_by_username($credentials['username'])) {
// Let admins log in without validating their email, but normal users must have validated their email or been admin created
if (!$user->admin && !$user->validated && !$user->admin_created) {
return false;
}
// User has been banned, so bin them.
if ($user->isBanned()) {
return false;
}
if ($user->password == generate_user_password($user, $credentials['password'])) {
return true;
} else {
// Password failed, log.
log_login_failure($user->guid);
}
}
}
return false;
}
/**
* Hook into the PAM system which accepts a username and password and attempts to authenticate
* it against a known user.
*
* @param array $credentials Associated array of credentials passed to
* Elgg's PAM system. This function expects
* 'username' and 'password' (cleartext).
*
* @return bool
* @throws LoginException
* @access private
*/
function pam_auth_userpass(array $credentials = array())
{
if (!isset($credentials['username']) || !isset($credentials['password'])) {
return false;
}
$user = get_user_by_username($credentials['username']);
if (!$user) {
throw new \LoginException(_elgg_services()->translator->translate('LoginException:UsernameFailure'));
}
if (check_rate_limit_exceeded($user->guid)) {
throw new \LoginException(_elgg_services()->translator->translate('LoginException:AccountLocked'));
}
$password_svc = _elgg_services()->passwords;
$password = $credentials['password'];
$hash = $user->password_hash;
if (!$hash) {
// try legacy hash
$legacy_hash = $password_svc->generateLegacyHash($user, $password);
if ($user->password !== $legacy_hash) {
log_login_failure($user->guid);
throw new \LoginException(_elgg_services()->translator->translate('LoginException:PasswordFailure'));
}
// migrate password
$password_svc->forcePasswordReset($user, $password);
return true;
}
if (!$password_svc->verify($password, $hash)) {
log_login_failure($user->guid);
throw new \LoginException(_elgg_services()->translator->translate('LoginException:PasswordFailure'));
}
if ($password_svc->needsRehash($hash)) {
$password_svc->forcePasswordReset($user, $password);
}
return true;
}
/**
* Hook into the PAM system which accepts a username and password and attempts to authenticate
* it against a known user.
*
* @param array $credentials Associated array of credentials passed to
* Elgg's PAM system. This function expects
* 'username' and 'password' (cleartext).
*
* @return bool
* @throws LoginException
* @access private
*/
function pam_auth_userpass(array $credentials = array())
{
if (!isset($credentials['username']) || !isset($credentials['password'])) {
return false;
}
$user = get_user_by_username($credentials['username']);
if (!$user) {
throw new LoginException(elgg_echo('LoginException:UsernameFailure'));
}
if (check_rate_limit_exceeded($user->guid)) {
throw new LoginException(elgg_echo('LoginException:AccountLocked'));
}
if ($user->password !== generate_user_password($user, $credentials['password'])) {
log_login_failure($user->guid);
throw new LoginException(elgg_echo('LoginException:PasswordFailure'));
}
return true;
}
/**
* Hook into the PAM system which accepts a username and password and attempts to authenticate
* it against a known user.
*
* @param array $credentials Associated array of credentials passed to pam_authenticate. This function expects
* 'username' and 'password' (cleartext).
*/
function pam_auth_userpass($credentials = NULL)
{
if (is_array($credentials) && $credentials['username'] && $credentials['password']) {
if ($user = get_user_by_username($credentials['username'])) {
// Let admins log in without validating their email, but normal users must have validated their email or been admin created
if (!$user->admin && !$user->validated && !$user->admin_created) {
return false;
}
// User has been banned, so prevent from logging in
if ($user->isBanned()) {
return false;
}
if ($user->password == generate_user_password($user, $credentials['password'])) {
return true;
} else {
// Password failed, log.
log_login_failure($user->guid);
}
}
}
return false;
}
