/** * Check if a user provided the right credentials * @param string $username * @param string $password * @param string $method '', 'oauth', 'ldap', 'native' * @access public static * @return integer user_id on success, 0 if account or user is disabled, -1 if password is wrong * @version 1.0 */ public static function checkLogin($username, $password, $method = 'native') { global $db; $email_address = $username; //handle multiple email addresses $temp = $db->Query("SELECT id FROM {user_emails} WHERE email_address = ?", $email_address); $user_id = $db->FetchRow($temp); $user_id = $user_id["id"]; $result = $db->Query("SELECT uig.*, g.group_open, u.account_enabled, u.user_pass,\n lock_until, login_attempts\n FROM {users_in_groups} uig\n LEFT JOIN {groups} g ON uig.group_id = g.group_id\n LEFT JOIN {users} u ON uig.user_id = u.user_id\n WHERE u.user_id = ? OR u.user_name = ? AND g.project_id = ?\n ORDER BY g.group_id ASC", array($user_id, $username, 0)); $auth_details = $db->FetchRow($result); if ($auth_details === false) { return -2; } if (!$result || !count($auth_details)) { return 0; } if ($method != 'ldap') { //encrypt the password with the method used in the db switch (strlen($auth_details['user_pass'])) { case 40: $password = sha1($password); break; case 32: $password = md5($password); break; default: $password = crypt($password, $auth_details['user_pass']); //using the salt from db break; } } if ($auth_details['lock_until'] > 0 && $auth_details['lock_until'] < time()) { $db->Query('UPDATE {users} SET lock_until = 0, account_enabled = 1, login_attempts = 0 WHERE user_id = ?', array($auth_details['user_id'])); $auth_details['account_enabled'] = 1; $_SESSION['was_locked'] = true; } // skip password check if the user is using oauth if ($method == 'oauth') { $pwOk = true; } elseif ($method == 'ldap') { $pwOk = Flyspray::checkForLDAPUser($username, $password); } else { // Compare the crypted password to the one in the database $pwOk = $password == $auth_details['user_pass']; } // Admin users cannot be disabled if ($auth_details['group_id'] == 1 && $pwOk) { return $auth_details['user_id']; } if ($pwOk && $auth_details['account_enabled'] == '1' && $auth_details['group_open'] == '1') { return $auth_details['user_id']; } return $auth_details['account_enabled'] && $auth_details['group_open'] ? 0 : -1; }