/** * validate * * @param array $pUser * @param array $pPass * @param array $pChallenge * @param array $pResponse * @access public * @return TRUE on success, FALSE on failure - mErrors will contain reason for failure * @todo rewrite this mess. this is horrible stuff. - xing - Thursday Oct 16, 2008 09:47:20 CEST */ function validate($pUser, $pPass, $pChallenge, $pResponse) { global $gBitSystem; // these will help us keep tabs of what is going on $authValid = $authPresent = FALSE; $createAuth = $gBitSystem->getConfig("users_create_user_auth", "n") == "y"; for ($i = 0; $i < BaseAuth::getAuthMethodCount(); $i++) { $instance = BaseAuth::init($i); if ($instance) { $result = $instance->validate($pUser, $pPass, $pChallenge, $pResponse); switch ($result) { case USER_VALID: unset($this->mErrors['login']); $authPresent = TRUE; $authValid = TRUE; break; case PASSWORD_INCORRECT: // this mErrors assignment is CRUCIAL so that bit auth fails properly. DO NOT F**K WITH THIS unless you know what you are doing and have checked with me first. XOXOX - spiderr // This might have broken other auth, but at this point, bw auth was TOTALLY busted. If you need to fix, please come find me. $this->mErrors['login'] = '******'; $authPresent = TRUE; break; case USER_NOT_FOUND: break; } if ($authValid) { if (empty($instance->mInfo['email'])) { $instance->mInfo['email'] = $pUser; } //If we're given a user_id then the user is already in the database: if (!empty($instance->mInfo['user_id'])) { $this->mUserId = $instance->mInfo['user_id']; //Is the user already in the database: } elseif ($this->mDb->getOne("SELECT COUNT(*) FROM `" . BIT_DB_PREFIX . "users_users` WHERE `login` = ?", array($instance->mLogin)) > 0) { // Update Details $authUserInfo = array('login' => $instance->mInfo['login'], 'password' => $instance->mInfo['password'], 'real_name' => $instance->mInfo['real_name'], 'email' => $instance->mInfo['email']); $userInfo = $this->getUserInfo(array('login' => $pUser)); $this->mUserId = $userInfo['user_id']; $this->store($authUserInfo); $this->mErrors = array(); } else { $authUserInfo = array('login' => $instance->mInfo['login'], 'password' => $instance->mInfo['password'], 'real_name' => $instance->mInfo['real_name'], 'email' => $instance->mInfo['email']); // TODO somehow, mUserId gets set to -1 at this point - no idea how // set to NULL to prevent overwriting Guest user - wolff_borg $this->mUserId = NULL; $this->store($authUserInfo); } if ($createAuth && $i > 0) { // if the user was logged into this system and we should progate users down other auth methods for ($j = $i; $i >= 0; $j--) { $probMethodName = $gBitSystem->getConfig("users_auth_method_{$j}", $default); if (!empty($probMethodName)) { $probInstance = BaseAuth::init($probMethodName); if ($probInstance && $probInstance->canManageAuth()) { $result = $probInstance->validate($pUser, $pPass, $pChallenge, $pResponse); if ($result == USER_VALID || $result == PASSWORD_INCORRECT) { // see if we can create a new account $userattr = $instance->getUserData(); if (empty($userattr['login'])) { $userattr['login'] = $pUser; } if (empty($userattr['password'])) { $userattr['password'] = $pPass; } $probInstance->createUser($userattr); } } $this->mErrors = array_merge($this->mErrors, $probInstance->mErrors); } } } $this->mAuth = $instance; break; } $this->mErrors = array_merge($this->mErrors, $instance->mErrors); } } if ($this->mUserId != ANONYMOUS_USER_ID) { $this->load(); //on first time login we run the users registation service if ($this->mInfo['last_login'] == NULL) { $this->invokeServices('users_register_function'); } $this->updateLastLogin($this->mUserId); } return count($this->mErrors) == 0; }
header('Location: ' . $url); exit; } } else { $gBitSystem->setHttpStatus(HttpStatusCodes::HTTP_BAD_REQUEST); $gBitSmarty->assignByRef('errors', $newUser->mErrors); } $gBitSmarty->assignByRef('reg', $reg); } else { if ($gBitSystem->isFeatureActive('custom_user_fields')) { $fields = explode(',', $gBitSystem->getConfig('custom_user_fields')); trim_array($fields); $gBitSmarty->assign('customFields', $fields); } for ($i = 0; $i < BaseAuth::getAuthMethodCount(); $i++) { $instance = BaseAuth::init($i); if ($instance && $instance->canManageAuth()) { $auth_reg_fields = $instance->getRegistrationFields(); foreach (array_keys($auth_reg_fields) as $auth_field) { $auth_reg_fields[$auth_field]['value'] = $auth_reg_fields[$auth_field]['default']; } $gBitSmarty->assign('auth_reg_fields', $auth_reg_fields); break; } } } $languages = array(); $languages = $gBitLanguage->listLanguages(); $gBitSmarty->assignByRef('languages', $languages); $gBitSmarty->assignByRef('gBitLanguage', $gBitLanguage); // Get flags here
public static function getConfig() { global $gBitSystem; $authSettings = array(); foreach (BaseAuth::getAuthMethods() as $meth_name => $method) { $instance = BaseAuth::init($meth_name); if ($instance) { foreach ($instance->getSettings() as $op_id => $op) { if (!empty($_REQUEST[$op_id])) { if ($op['type'] == 'checkbox') { simple_set_toggle($op_id, USERS_PKG_NAME); } else { simple_set_value($op_id, USERS_PKG_NAME); } } $value = $gBitSystem->getConfig($op_id, $op['default']); $op['value'] = $value; $method['options'][$op_id] = $op; } $method['canManageAuth'] = $instance->canManageAuth(); $authSettings['avail'][$meth_name] = $method; } elseif (is_object($instance)) { $authSettings['err'][$meth_name] = implode("<br />", $instance->mErrors); } } if (!empty($_REQUEST["loginprefs"])) { $used = array(); for ($i = 0, $j = 0; $i < count($authSettings['avail']); $i++, $j++) { $gBitSystem->storeConfig("users_auth_method_{$i}", null, USERS_PKG_NAME); if (empty($_REQUEST["users_auth_method_{$i}"])) { $j--; } elseif (!empty($used[$_REQUEST["users_auth_method_{$i}"]])) { $j--; } else { $used[$_REQUEST["users_auth_method_{$i}"]] = "stored_{$j}"; $gBitSystem->storeConfig("users_auth_method_{$j}", $_REQUEST["users_auth_method_{$i}"], USERS_PKG_NAME); } } } $canManageAuth = false; for ($i = 0; $i < count($authSettings['avail']); $i++) { $default = ""; if ($i == 0) { $default = "bit"; } $authSettings['avail_method'][$i]['value'] = $gBitSystem->getConfig("users_auth_method_{$i}", $default); if (!$canManageAuth && !empty($authSettings['avail_method'][$i]['value'])) { $canManageAuth = $authSettings['avail'][$authSettings['avail_method'][$i]['value']]['canManageAuth']; } } if ($gBitSystem->getConfig('users_allow_register', 'y') == 'y' && !$canManageAuth) { $authSettings['err']['bit_reg'] = "Registration is enabled but there are no Auth Methods that support this, Registration won't work!"; } $method['active'] = BaseAuth::isActive($meth_name); return $authSettings; }