public static function getUserByPassword($login, $password, $passwordIsOriginal = true) { if (empty($login)) { throw new Main\ArgumentNullException("login"); } $event = new Main\Event("main", "OnBeforeUserLogin", array(array("LOGIN" => $login, "PASSWORD" => $password, "PASSWORD_ORIGINAL" => $passwordIsOriginal))); $event->send(); if (($eventResults = $event->getResults()) !== null) { foreach ($eventResults as $eventResult) { if ($eventResult->getResultType() === Main\EventResult::ERROR) { static::$lastError = $eventResult->getParameters(); return null; } elseif ($eventResult->getResultType() === Main\EventResult::SUCCESS) { if (($resultParams = $eventResult->getParameters()) && is_array($resultParams)) { if (isset($resultParams["LOGIN"])) { $login = $resultParams["LOGIN"]; } if (isset($resultParams["PASSWORD"])) { $password = $resultParams["PASSWORD"]; } if (isset($resultParams["PASSWORD_ORIGINAL"])) { $passwordIsOriginal = $resultParams["PASSWORD_ORIGINAL"]; } } } } } $user = null; $event = new Main\Event("main", "OnUserLoginExternal", array(array("LOGIN" => $login, "PASSWORD" => $password, "PASSWORD_ORIGINAL" => $passwordIsOriginal))); $event->send(); if (($eventResults = $event->getResults()) !== null) { foreach ($eventResults as $eventResult) { if ($eventResult->getResultType() === Main\EventResult::SUCCESS) { $userId = $eventResult->getParameters(); if (!Main\Type\Int::isInteger($userId)) { throw new SecurityException(); } $user = new CurrentUser($userId); break; } } } $connection = Main\Application::getDbConnection(); $sqlHelper = $connection->getSqlHelper(); if (is_null($user)) { $sql = "SELECT U.ID, U.PASSWORD, U.LOGIN_ATTEMPTS " . "FROM b_user U " . "WHERE U.LOGIN = '******' " . "\tAND (U.EXTERNAL_AUTH_ID IS NULL OR U.EXTERNAL_AUTH_ID = '') " . " AND U.ACTIVE = 'Y' "; $userRecordset = $connection->query($sql); if ($userRecord = $userRecordset->fetch()) { $userTmp = new CurrentUser($userRecord["ID"]); $salt = substr($userRecord["PASSWORD"], 0, -32); $passwordFromDb = substr($userRecord["PASSWORD"], -32); if ($passwordIsOriginal) { $passwordFromUser = md5($salt . $password); } else { $passwordFromUser = strlen($password) > 32 ? substr($password, -32) : $password; } $policy = $userTmp->getPolicy(); $policyLoginAttempts = intval($policy["LOGIN_ATTEMPTS"]); $userLoginAttempts = intval($userRecord["LOGIN_ATTEMPTS"]) + 1; if ($policyLoginAttempts > 0 && $userLoginAttempts > $policyLoginAttempts) { // $_SESSION["BX_LOGIN_NEED_CAPTCHA"] = true; // if (!$APPLICATION->captchaCheckCode($_REQUEST["captcha_word"], $_REQUEST["captcha_sid"])) // { // $passwordUser = false; // } } if ($passwordFromDb === $passwordFromUser) { $user = $userTmp; //update digest hash for http digest authorization if ($passwordIsOriginal && Main\Config\Option::get('main', 'use_digest_auth', 'N') == 'Y') { static::updateDigest($user->getUserId(), $password); } } else { $connection->query("UPDATE b_user SET " . " LOGIN_ATTEMPTS = " . $userLoginAttempts . " " . "WHERE ID = " . intval($userRecord["ID"])); } } } if (is_null($user)) { if (Main\Config\Option::get("main", "event_log_login_fail", "N") === "Y") { \CEventLog::log("SECURITY", "USER_LOGIN", "main", $login, "LOGIN_FAILED"); } return null; } if ($user->getUserId() !== 1) { $limitUsersCount = intval(Main\Config\Option::get("main", "PARAM_MAX_USERS", 0)); if ($limitUsersCount > 0) { $usersCount = Main\UserTable::getActiveUsersCount(); if ($usersCount > $limitUsersCount) { $sql = "SELECT 'x' " . "FROM b_user " . "WHERE ACTIVE = 'Y' " . " AND ID = " . intval($user->getUserId()) . " " . " AND LAST_LOGIN IS NULL "; $recordset = $connection->query($sql); if ($recordset->fetch()) { $user = null; static::$lastError = array("CODE" => "LIMIT_USERS_COUNT", "MESSAGE" => Main\Localization\Loc::getMessage("LIMIT_USERS_COUNT")); } } } } if (is_null($user)) { if (Main\Config\Option::get("main", "event_log_login_fail", "N") === "Y") { \CEventLog::log("SECURITY", "USER_LOGIN", "main", $login, "LIMIT_USERS_COUNT"); } return null; } $user->setAuthType(static::AUTHENTICATED_BY_PASSWORD); $event = new \Bitrix\Main\Event("main", "OnAfterUserLogin", array(array("LOGIN" => $login, "PASSWORD" => $password, "PASSWORD_ORIGINAL" => $passwordIsOriginal, "USER_ID" => $user->getUserId()))); $event->send(); return $user; }