/** * \brief See if a username/password is valid. * * @return boolean */ function checkUsernameAndPassword($userName, $password) { if (empty($userName) || $userName == 'Default User') { return false; } try { $row = $this->userDao->getUserAndDefaultGroupByUserName($userName); } catch (Exception $e) { return false; } if (empty($row['user_name'])) { return false; } /* Check the password -- only if a password exists */ if (!empty($row['user_seed']) && !empty($row['user_pass'])) { $passwordHash = sha1($row['user_seed'] . $password); if (strcmp($passwordHash, $row['user_pass']) != 0) { return false; } } else { if (!empty($row['user_seed'])) { /* Seed with no password hash = no login */ return false; } else { if (!empty($password)) { /* empty password required */ return false; } } } /* If you make it here, then username and password were good! */ $this->updateSession($row); $_SESSION['time_check'] = time() + 480 * 60; /* No specified permission means ALL permission */ if ("X" . $row['user_perm'] == "X") { $_SESSION[Auth::USER_LEVEL] = PLUGIN_DB_ADMIN; } else { $_SESSION[Auth::USER_LEVEL] = $row['user_perm']; } $_SESSION['checkip'] = GetParm("checkip", PARM_STRING); /* Check for the no-popup flag */ if (GetParm("nopopup", PARM_INTEGER) == 1) { $_SESSION['NoPopup'] = 1; } else { $_SESSION['NoPopup'] = 0; } return true; }