Exemplo n.º 1
0
 /**
  * Creates a user with provided auth data
  *
  * @param array $authResult
  *
  * @return bool|eZUser
  */
 public static function createUser($authResult)
 {
     $ngConnectINI = eZINI::instance('ngconnect.ini');
     $siteINI = eZINI::instance('site.ini');
     $defaultUserPlacement = $ngConnectINI->variable('LoginMethod_' . $authResult['login_method'], 'DefaultUserPlacement');
     $placementNode = eZContentObjectTreeNode::fetch($defaultUserPlacement);
     if (!$placementNode instanceof eZContentObjectTreeNode) {
         $defaultUserPlacement = $siteINI->variable('UserSettings', 'DefaultUserPlacement');
         $placementNode = eZContentObjectTreeNode::fetch($defaultUserPlacement);
         if (!$placementNode instanceof eZContentObjectTreeNode) {
             return false;
         }
     }
     $contentClass = eZContentClass::fetch($siteINI->variable('UserSettings', 'UserClassID'));
     $userCreatorID = $siteINI->variable('UserSettings', 'UserCreatorID');
     $defaultSectionID = $siteINI->variable('UserSettings', 'DefaultSectionID');
     $db = eZDB::instance();
     $db->begin();
     $contentObject = $contentClass->instantiate($userCreatorID, $defaultSectionID);
     $contentObject->store();
     $nodeAssignment = eZNodeAssignment::create(array('contentobject_id' => $contentObject->attribute('id'), 'contentobject_version' => 1, 'parent_node' => $placementNode->attribute('node_id'), 'is_main' => 1));
     $nodeAssignment->store();
     $currentTimeStamp = eZDateTime::currentTimeStamp();
     /** @var eZContentObjectVersion $version */
     $version = $contentObject->currentVersion();
     $version->setAttribute('modified', $currentTimeStamp);
     $version->setAttribute('status', eZContentObjectVersion::STATUS_DRAFT);
     $version->store();
     $dataMap = $version->dataMap();
     self::fillUserObject($version->dataMap(), $authResult);
     if (!isset($dataMap['user_account'])) {
         $db->rollback();
         return false;
     }
     $userLogin = '******' . $authResult['login_method'] . '_' . $authResult['id'];
     $userPassword = (string) rand() . 'ngconnect_' . $authResult['login_method'] . '_' . $authResult['id'] . (string) rand();
     $userExists = false;
     if (eZUser::requireUniqueEmail()) {
         $userExists = eZUser::fetchByEmail($authResult['email']) instanceof eZUser;
     }
     if (empty($authResult['email']) || $userExists) {
         $email = md5('ngconnect_' . $authResult['login_method'] . '_' . $authResult['id']) . '@localhost.local';
     } else {
         $email = $authResult['email'];
     }
     $user = new eZUser(array('contentobject_id' => $contentObject->attribute('id'), 'email' => $email, 'login' => $userLogin, 'password_hash' => md5("{$userLogin}\n{$userPassword}"), 'password_hash_type' => 1));
     $user->store();
     $userSetting = new eZUserSetting(array('is_enabled' => true, 'max_login' => 0, 'user_id' => $contentObject->attribute('id')));
     $userSetting->store();
     $dataMap['user_account']->setContent($user);
     $dataMap['user_account']->store();
     $operationResult = eZOperationHandler::execute('content', 'publish', array('object_id' => $contentObject->attribute('id'), 'version' => $version->attribute('version')));
     if (array_key_exists('status', $operationResult) && $operationResult['status'] == eZModuleOperationInfo::STATUS_CONTINUE) {
         $db->commit();
         return $user;
     }
     $db->rollback();
     return false;
 }
Exemplo n.º 2
0
 /**
  * (called for each obj attribute)
  */
 public function checkObjectAttribute(array $contentObjectAttribute)
 {
     // we adopt the ez api instead of acting on raw data
     $contentObjectAttribute = new eZContentObjectAttribute($contentObjectAttribute);
     // for ezuser datatype, the user is always created even if attribute is set to nullable...
     $warnings = array();
     $userid = $contentObjectAttribute->attribute('contentobject_id');
     $user = $contentObjectAttribute->attribute('content');
     if (!$user) {
         $warnings[] = "No ezuser {$userid} found" . $this->postfixErrorMsg($contentObjectAttribute);
     }
     $settings = eZUserSetting::fetch($userid);
     if (!$settings) {
         $warnings[] = "No settings found for user {$userid}" . $this->postfixErrorMsg($contentObjectAttribute);
     }
     return $warnings;
 }
Exemplo n.º 3
0
 static function removeByUserID($userID)
 {
     eZPersistentObject::removeObject(eZUserSetting::definition(), array('user_id' => $userID));
 }
Exemplo n.º 4
0
 function isEnabled($useCache = true)
 {
     if (isset($this->UserCache['info'][$this->ContentObjectID]['is_enabled']) && $useCache) {
         return $this->UserCache['info'][$this->ContentObjectID]['is_enabled'];
     }
     $setting = eZUserSetting::fetch($this->attribute('contentobject_id'));
     if ($setting and !$setting->attribute('is_enabled')) {
         return false;
     }
     return true;
 }
Exemplo n.º 5
0
 function isEnabled()
 {
     if ($this == eZUser::currentUser()) {
         return true;
     }
     $setting = eZUserSetting::fetch($this->attribute('contentobject_id'));
     if ($setting and !$setting->attribute('is_enabled')) {
         return false;
     }
     return true;
 }
Exemplo n.º 6
0
    private function updateUserStatus( $enabled = true )
    {
        $userSetting = eZUserSetting::fetch(
            $this->userObject->attribute( 'id' )
        );
        $userSetting->setAttribute( 'is_enabled', (int)$enabled );
        $userSetting->store();

        $eZUser = eZUser::fetch( $this->userObject->attribute( 'id' ) );

        if( $enabled )
            $this->assertTrue( $eZUser->isEnabled() );
        else
            $this->assertFalse( $eZUser->isEnabled() );
    }
 /**
  * Activate user with user or deactivate and create new eZUserAccountKey with user hash
  * depending on $enableUser being true or not.
  *
  * @param int $userID
  * @param string $userHash
  * @param bool $enableUser
  *
  * @return array An array with operation status, always true if userID is ok
  */
 public static function activation($userID, $userHash, $enableUser = false)
 {
     $user = eZUser::fetch($userID);
     $userSetting = eZUserSetting::fetch($userID);
     if ($user && $userSetting) {
         $userChange = $userSetting->attribute('is_enabled') != $enableUser;
         if ($enableUser) {
             $userSetting->setAttribute('is_enabled', 1);
             $userSetting->store();
             eZUserAccountKey::removeByUserID($userID);
         } else {
             $userSetting->setAttribute('is_enabled', 0);
             $userSetting->store();
             $accountKey = eZUserAccountKey::createNew($userID, $userHash, time());
             $accountKey->store();
         }
         if ($userChange) {
             if (!$enableUser) {
                 eZUser::removeSessionData($userID);
             }
             eZContentCacheManager::clearContentCacheIfNeeded($userID);
         }
         return array('status' => true);
     } else {
         eZDebug::writeError("Failed to activate user {$userID} (could not fetch)", __METHOD__);
         return array('status' => false);
     }
 }
Exemplo n.º 8
0
 * @package kernel
 */
$Module = $Params['Module'];
if (isset($Params["UserID"])) {
    $UserID = $Params["UserID"];
}
$http = eZHTTPTool::instance();
$user = eZUser::fetch($UserID);
if (!$user) {
    return $Module->handleError(eZError::KERNEL_NOT_AVAILABLE, 'kernel');
}
$userObject = $user->attribute('contentobject');
if (!$userObject) {
    return $Module->handleError(eZError::KERNEL_NOT_AVAILABLE, 'kernel');
}
$userSetting = eZUserSetting::fetch($UserID);
if ($http->hasPostVariable("UpdateSettingButton")) {
    $isEnabled = 0;
    if ($http->hasPostVariable('max_login')) {
        $maxLogin = $http->postVariable('max_login');
    } else {
        $maxLogin = $userSetting->attribute('max_login');
    }
    if ($http->hasPostVariable('is_enabled')) {
        $isEnabled = 1;
    }
    if (eZOperationHandler::operationIsAvailable('user_setsettings')) {
        $operationResult = eZOperationHandler::execute('user', 'setsettings', array('user_id' => $UserID, 'is_enabled' => $isEnabled, 'max_login' => $maxLogin));
    } else {
        eZUserOperationCollection::setSettings($UserID, $isEnabled, $maxLogin);
    }
Exemplo n.º 9
0
    // execute operation to publish the user object
    $publishResult = eZOperationHandler::execute('user', 'register', array('user_id' => $userID));
    if ($publishResult['status'] === eZModuleOperationInfo::STATUS_HALTED) {
        $isPending = true;
    } else {
        // Log in user
        $user = eZUser::fetch($userID);
        if ($user === null) {
            return $Module->handleError(eZError::KERNEL_NOT_FOUND, 'kernel');
        }
        $user->loginCurrent();
    }
} elseif ($mainNodeID) {
    $userContentObject = eZContentObject::fetchByNodeID($mainNodeID);
    if ($userContentObject instanceof eZContentObject) {
        $userSetting = eZUserSetting::fetch($userContentObject->attribute('id'));
        if ($userSetting !== null && $userSetting->attribute('is_enabled')) {
            $alreadyActive = true;
        }
    }
}
// Template handling
$tpl = eZTemplate::factory();
$tpl->setVariable('module', $Module);
$tpl->setVariable('account_activated', $accountActivated);
$tpl->setVariable('already_active', $alreadyActive);
$tpl->setVariable('is_pending', $isPending);
// This line is deprecated, the correct name of the variable should
// be 'account_activated' as shown above.
// However it is kept for backwards compatibility.
$tpl->setVariable('account_avtivated', $accountActivated);
 * File containing a script responsible for disabling user accounts with suspicious user login (containing < and >).
 *
 * @copyright Copyright (C) 1999-2013 eZ Systems AS. All rights reserved.
 * @license http://www.gnu.org/licenses/gpl-2.0.txt GNU General Public License v2
 * @version  2013.11
 * @package update
 */
require 'autoload.php';
set_time_limit(0);
$cli = eZCLI::instance();
$script = eZScript::instance(array('description' => 'Script responsible for disabling user accounts with suspicious user login (containing < and >)', 'use-session' => false, 'use-modules' => false, 'use-extensions' => true));
$options = $script->getOptions('[disable]', '', array('-q' => 'Quiet mode', 'disable' => 'Disabling user accounts with suspicious user login.'));
$cli = eZCLI::instance();
$script->initialize();
$script->startup();
$db = eZDB::instance();
$rows = $db->arrayQuery("SELECT DISTINCT login FROM ezuser, ezuser_setting\n                            WHERE ( ezuser.login LIKE '%<%' OR ezuser.login LIKE '%>%' )\n                                AND ezuser.contentobject_id = ezuser_setting.user_id\n                                    AND ezuser_setting.is_enabled = '1'");
$cli->output('Script found ' . count($rows) . ' user accounts with suspicious login.');
$cli->output('Login list');
foreach ($rows as $index => $row) {
    $user = eZUser::fetchByName($row['login']);
    $userSetting = eZUserSetting::fetch($user->attribute('contentobject_id'));
    $cli->output($index + 1 . '. ' . $row['login']);
    if ($options['disable']) {
        $userSetting->setAttribute('is_enabled', 0);
        $userSetting->store();
        $cli->output('Disabled user account for login "' . $row['login'] . '" with ID "' . $user->attribute('contentobject_id') . "'");
    }
}
$cli->output('Done.');
$script->shutdown();
Exemplo n.º 11
0
 /**
  * Populates the user_account datatype with the correct values
  * based upon the string passed in $string.
  *
  * The string that must be passed looks like the following :
  * login|email|password_hash|hash_identifier|is_enabled
  *
  * Example:
  * <code>
  * foo|foo@ez.no|1234|md5_password|0
  * </code>
  *
  * @param object $contentObjectAttribute A contentobject attribute of type user_account.
  * @param string $string The string as described in the example.
  * @return object The newly created eZUser object
  */
 function fromString($contentObjectAttribute, $string)
 {
     if ($string == '') {
         return true;
     }
     $userData = explode('|', $string);
     if (count($userData) < 2) {
         return false;
     }
     $login = $userData[0];
     $email = $userData[1];
     $userByUsername = eZUser::fetchByName($login);
     if ($userByUsername && $userByUsername->attribute('contentobject_id') != $contentObjectAttribute->attribute('contentobject_id')) {
         return false;
     }
     if (eZUser::requireUniqueEmail()) {
         $userByEmail = eZUser::fetchByEmail($email);
         if ($userByEmail && $userByEmail->attribute('contentobject_id') != $contentObjectAttribute->attribute('contentobject_id')) {
             return false;
         }
     }
     $user = eZUser::create($contentObjectAttribute->attribute('contentobject_id'));
     $user->setAttribute('login', $login);
     $user->setAttribute('email', $email);
     if (isset($userData[2])) {
         $user->setAttribute('password_hash', $userData[2]);
     }
     if (isset($userData[3])) {
         $user->setAttribute('password_hash_type', eZUser::passwordHashTypeID($userData[3]));
     }
     if (isset($userData[4])) {
         $userSetting = eZUserSetting::fetch($contentObjectAttribute->attribute('contentobject_id'));
         $userSetting->setAttribute("is_enabled", (int) (bool) $userData[4]);
         $userSetting->store();
     }
     $user->store();
     return $user;
 }
 static function loginUser($login, $password, $authenticationMatch = false)
 {
     $http = eZHTTPTool::instance();
     $db = eZDB::instance();
     if ($authenticationMatch === false) {
         $authenticationMatch = eZUser::authenticationMatch();
     }
     $loginEscaped = $db->escapeString($login);
     $passwordEscaped = $db->escapeString($password);
     $loginArray = array();
     if ($authenticationMatch & eZUser::AUTHENTICATE_LOGIN) {
         $loginArray[] = "login='******'";
     }
     if ($authenticationMatch & eZUser::AUTHENTICATE_EMAIL) {
         $loginArray[] = "email='{$loginEscaped}'";
     }
     if (count($loginArray) == 0) {
         $loginArray[] = "login='******'";
     }
     $loginText = implode(' OR ', $loginArray);
     $contentObjectStatus = eZContentObject::STATUS_PUBLISHED;
     $ini = eZINI::instance();
     $textFileIni = eZINI::instance('textfile.ini');
     $databaseName = $db->databaseName();
     // if mysql
     if ($databaseName === 'mysql') {
         $query = "SELECT contentobject_id, password_hash, password_hash_type, email, login\n                      FROM ezuser, ezcontentobject\n                      WHERE ( {$loginText} ) AND\n                        ezcontentobject.status='{$contentObjectStatus}' AND\n                        ( ezcontentobject.id=contentobject_id OR ( password_hash_type=4 AND ( {$loginText} ) AND password_hash=PASSWORD('{$passwordEscaped}') ) )";
     } else {
         $query = "SELECT contentobject_id, password_hash, password_hash_type, email, login\n                      FROM ezuser, ezcontentobject\n                      WHERE ( {$loginText} ) AND\n                            ezcontentobject.status='{$contentObjectStatus}' AND\n                            ezcontentobject.id=contentobject_id";
     }
     $users = $db->arrayQuery($query);
     $exists = false;
     if (count($users) >= 1) {
         foreach ($users as $userRow) {
             $userID = $userRow['contentobject_id'];
             $hashType = $userRow['password_hash_type'];
             $hash = $userRow['password_hash'];
             $exists = eZUser::authenticateHash($userRow['login'], $password, eZUser::site(), $hashType, $hash);
             // If hash type is MySql
             if ($hashType == eZUser::PASSWORD_HASH_MYSQL and $databaseName === 'mysql') {
                 $queryMysqlUser = "******";
                 $mysqlUsers = $db->arrayQuery($queryMysqlUser);
                 if (count($mysqlUsers) >= 1) {
                     $exists = true;
                 }
             }
             eZDebugSetting::writeDebug('kernel-user', eZUser::createHash($userRow['login'], $password, eZUser::site(), $hashType), "check hash");
             eZDebugSetting::writeDebug('kernel-user', $hash, "stored hash");
             // If current user has been disabled after a few failed login attempts.
             $canLogin = eZUser::isEnabledAfterFailedLogin($userID);
             if ($exists) {
                 // We should store userID for warning message.
                 $GLOBALS['eZFailedLoginAttemptUserID'] = $userID;
                 $userSetting = eZUserSetting::fetch($userID);
                 $isEnabled = $userSetting->attribute("is_enabled");
                 if ($hashType != eZUser::hashType() and strtolower($ini->variable('UserSettings', 'UpdateHash')) == 'true') {
                     $hashType = eZUser::hashType();
                     $hash = eZUser::createHash($login, $password, eZUser::site(), $hashType);
                     $db->query("UPDATE ezuser SET password_hash='{$hash}', password_hash_type='{$hashType}' WHERE contentobject_id='{$userID}'");
                 }
                 break;
             }
         }
     }
     if ($exists and $isEnabled and $canLogin) {
         eZDebugSetting::writeDebug('kernel-user', $userRow, 'user row');
         $user = new eZUser($userRow);
         eZDebugSetting::writeDebug('kernel-user', $user, 'user');
         $userID = $user->attribute('contentobject_id');
         eZUser::updateLastVisit($userID);
         eZUser::setCurrentlyLoggedInUser($user, $userID);
         // Reset number of failed login attempts
         eZUser::setFailedLoginAttempts($userID, 0);
         return $user;
     } else {
         if ($textFileIni->variable('TextFileSettings', 'TextFileEnabled') == "true") {
             $fileName = $textFileIni->variable('TextFileSettings', 'FileName');
             $filePath = $textFileIni->variable('TextFileSettings', 'FilePath');
             $defaultUserPlacement = $ini->variable("UserSettings", "DefaultUserPlacement");
             $separator = $textFileIni->variable("TextFileSettings", "FileFieldSeparator");
             $loginColumnNr = $textFileIni->variable("TextFileSettings", "LoginAttribute");
             $passwordColumnNr = $textFileIni->variable("TextFileSettings", "PasswordAttribute");
             $emailColumnNr = $textFileIni->variable("TextFileSettings", "EmailAttribute");
             $lastNameColumnNr = $textFileIni->variable("TextFileSettings", "LastNameAttribute");
             $firstNameColumnNr = $textFileIni->variable("TextFileSettings", "FirstNameAttribute");
             if ($textFileIni->hasVariable('TextFileSettings', 'DefaultUserGroupType')) {
                 $UserGroupType = $textFileIni->variable('TextFileSettings', 'DefaultUserGroupType');
                 $UserGroup = $textFileIni->variable('TextFileSettings', 'DefaultUserGroup');
             }
             if ($UserGroupType != null) {
                 if ($UserGroupType == "name") {
                     $groupName = $UserGroup;
                     $groupQuery = "SELECT ezcontentobject_tree.node_id\n                                       FROM ezcontentobject, ezcontentobject_tree\n                                       WHERE ezcontentobject.name='{$groupName}'\n                                       AND ezcontentobject.id=ezcontentobject_tree.contentobject_id";
                     $groupObject = $db->arrayQuery($groupQuery);
                     if (count($groupObject) > 0) {
                         $defaultUserPlacement = $groupObject[0]['node_id'];
                     }
                 } else {
                     if ($UserGroupType == "id") {
                         $groupID = $UserGroup;
                         $groupQuery = "SELECT ezcontentobject_tree.node_id\n                                           FROM ezcontentobject, ezcontentobject_tree\n                                           WHERE ezcontentobject.id='{$groupID}'\n                                           AND ezcontentobject.id=ezcontentobject_tree.contentobject_id";
                         $groupObject = $db->arrayQuery($groupQuery);
                         if (count($groupObject) > 0) {
                             $defaultUserPlacement = $groupObject[0]['node_id'];
                         }
                     }
                 }
             }
             if ($filePath != "root" and $filePath != null) {
                 $fileName = $filePath . "/" . $fileName;
             }
             if (file_exists($fileName)) {
                 $handle = fopen($fileName, "r");
             } else {
                 // Increase number of failed login attempts.
                 if (isset($userID)) {
                     eZUser::setFailedLoginAttempts($userID);
                 }
                 return false;
             }
             while (!feof($handle)) {
                 $line = trim(fgets($handle, 4096));
                 if ($line === '') {
                     continue;
                 }
                 if ($separator == "tab") {
                     $userArray = explode("\t", $line);
                 } else {
                     $userArray = explode($separator, $line);
                 }
                 $uid = $userArray[$loginColumnNr - 1];
                 $email = $userArray[$emailColumnNr - 1];
                 $pass = $userArray[$passwordColumnNr - 1];
                 $firstName = $userArray[$firstNameColumnNr - 1];
                 $lastName = $userArray[$lastNameColumnNr - 1];
                 if ($login == $uid) {
                     if (trim($pass) == $password) {
                         $createNewUser = true;
                         $existUser = eZUser::fetchByName($login);
                         if ($existUser != null) {
                             $createNewUser = false;
                         }
                         if ($createNewUser) {
                             $userClassID = $ini->variable("UserSettings", "UserClassID");
                             $userCreatorID = $ini->variable("UserSettings", "UserCreatorID");
                             $defaultSectionID = $ini->variable("UserSettings", "DefaultSectionID");
                             $remoteID = "TextFile_" . $login;
                             $db->begin();
                             // The content object may already exist if this process has failed once before, before the eZUser object was created.
                             // Therefore we try to fetch the eZContentObject before instantiating it.
                             $contentObject = eZContentObject::fetchByRemoteID($remoteID);
                             if (!is_object($contentObject)) {
                                 $class = eZContentClass::fetch($userClassID);
                                 $contentObject = $class->instantiate($userCreatorID, $defaultSectionID);
                             }
                             $contentObject->setAttribute('remote_id', $remoteID);
                             $contentObject->store();
                             $contentObjectID = $contentObject->attribute('id');
                             $userID = $contentObjectID;
                             $nodeAssignment = eZNodeAssignment::create(array('contentobject_id' => $contentObjectID, 'contentobject_version' => 1, 'parent_node' => $defaultUserPlacement, 'is_main' => 1));
                             $nodeAssignment->store();
                             $version = $contentObject->version(1);
                             $version->setAttribute('modified', time());
                             $version->setAttribute('status', eZContentObjectVersion::STATUS_DRAFT);
                             $version->store();
                             $contentObjectID = $contentObject->attribute('id');
                             $contentObjectAttributes = $version->contentObjectAttributes();
                             $contentObjectAttributes[0]->setAttribute('data_text', $firstName);
                             $contentObjectAttributes[0]->store();
                             $contentObjectAttributes[1]->setAttribute('data_text', $lastName);
                             $contentObjectAttributes[1]->store();
                             $user = eZUser::create($userID);
                             $user->setAttribute('login', $login);
                             $user->setAttribute('email', $email);
                             $user->setAttribute('password_hash', "");
                             $user->setAttribute('password_hash_type', 0);
                             $user->store();
                             eZUser::updateLastVisit($userID);
                             eZUser::setCurrentlyLoggedInUser($user, $userID);
                             // Reset number of failed login attempts
                             eZUser::setFailedLoginAttempts($userID, 0);
                             $operationResult = eZOperationHandler::execute('content', 'publish', array('object_id' => $contentObjectID, 'version' => 1));
                             $db->commit();
                             return $user;
                         } else {
                             $db->begin();
                             // Update user information
                             $userID = $existUser->attribute('contentobject_id');
                             $contentObject = eZContentObject::fetch($userID);
                             $parentNodeID = $contentObject->attribute('main_parent_node_id');
                             $currentVersion = $contentObject->attribute('current_version');
                             $version = $contentObject->attribute('current');
                             $contentObjectAttributes = $version->contentObjectAttributes();
                             $contentObjectAttributes[0]->setAttribute('data_text', $firstName);
                             $contentObjectAttributes[0]->store();
                             $contentObjectAttributes[1]->setAttribute('data_text', $lastName);
                             $contentObjectAttributes[1]->store();
                             $existUser = eZUser::fetch($userID);
                             $existUser->setAttribute('email', $email);
                             $existUser->setAttribute('password_hash', "");
                             $existUser->setAttribute('password_hash_type', 0);
                             $existUser->store();
                             if ($defaultUserPlacement != $parentNodeID) {
                                 $newVersion = $contentObject->createNewVersion();
                                 $newVersion->assignToNode($defaultUserPlacement, 1);
                                 $newVersion->removeAssignment($parentNodeID);
                                 $newVersionNr = $newVersion->attribute('version');
                                 $operationResult = eZOperationHandler::execute('content', 'publish', array('object_id' => $userID, 'version' => $newVersionNr));
                             }
                             eZUser::updateLastVisit($userID);
                             eZUser::setCurrentlyLoggedInUser($existUser, $userID);
                             // Reset number of failed login attempts
                             eZUser::setFailedLoginAttempts($userID, 0);
                             $db->commit();
                             return $existUser;
                         }
                     } else {
                         // Increase number of failed login attempts.
                         if (isset($userID)) {
                             eZUser::setFailedLoginAttempts($userID);
                         }
                         return false;
                     }
                 }
             }
             fclose($handle);
         }
     }
     // Increase number of failed login attempts.
     if (isset($userID)) {
         eZUser::setFailedLoginAttempts($userID);
     }
     return false;
 }
Exemplo n.º 13
0
 static function loginUser($login, $password, $authenticationMatch = false)
 {
     $http = eZHTTPTool::instance();
     $db = eZDB::instance();
     if ($authenticationMatch === false) {
         $authenticationMatch = eZUser::authenticationMatch();
     }
     $loginEscaped = $db->escapeString($login);
     $passwordEscaped = $db->escapeString($password);
     $loginLdapEscaped = self::ldap_escape($login);
     $loginArray = array();
     if ($authenticationMatch & eZUser::AUTHENTICATE_LOGIN) {
         $loginArray[] = "login='******'";
     }
     if ($authenticationMatch & eZUser::AUTHENTICATE_EMAIL) {
         $loginArray[] = "email='{$loginEscaped}'";
     }
     if (count($loginArray) == 0) {
         $loginArray[] = "login='******'";
     }
     $loginText = implode(' OR ', $loginArray);
     $contentObjectStatus = eZContentObject::STATUS_PUBLISHED;
     $ini = eZINI::instance();
     $LDAPIni = eZINI::instance('ldap.ini');
     $databaseName = $db->databaseName();
     // if mysql
     if ($databaseName === 'mysql') {
         $query = "SELECT contentobject_id, password_hash, password_hash_type, email, login\n                      FROM ezuser, ezcontentobject\n                      WHERE ( {$loginText} ) AND\n                            ezcontentobject.status='{$contentObjectStatus}' AND\n                            ( ezcontentobject.id=contentobject_id OR ( password_hash_type=4 AND ( {$loginText} ) AND password_hash=PASSWORD('{$passwordEscaped}') ) )";
     } else {
         $query = "SELECT contentobject_id, password_hash, password_hash_type, email, login\n                      FROM ezuser, ezcontentobject\n                      WHERE ( {$loginText} ) AND\n                            ezcontentobject.status='{$contentObjectStatus}' AND\n                            ezcontentobject.id=contentobject_id";
     }
     $users = $db->arrayQuery($query);
     $exists = false;
     if (count($users) >= 1) {
         foreach ($users as $userRow) {
             $userID = $userRow['contentobject_id'];
             $hashType = $userRow['password_hash_type'];
             $hash = $userRow['password_hash'];
             $exists = eZUser::authenticateHash($userRow['login'], $password, eZUser::site(), $hashType, $hash);
             // If hash type is MySql
             if ($hashType == eZUser::PASSWORD_HASH_MYSQL and $databaseName === 'mysql') {
                 $queryMysqlUser = "******";
                 $mysqlUsers = $db->arrayQuery($queryMysqlUser);
                 if (count($mysqlUsers) >= 1) {
                     $exists = true;
                 }
             }
             eZDebugSetting::writeDebug('kernel-user', eZUser::createHash($userRow['login'], $password, eZUser::site(), $hashType), "check hash");
             eZDebugSetting::writeDebug('kernel-user', $hash, "stored hash");
             // If current user has been disabled after a few failed login attempts.
             $canLogin = eZUser::isEnabledAfterFailedLogin($userID);
             if ($exists) {
                 // We should store userID for warning message.
                 $GLOBALS['eZFailedLoginAttemptUserID'] = $userID;
                 $userSetting = eZUserSetting::fetch($userID);
                 $isEnabled = $userSetting->attribute("is_enabled");
                 if ($hashType != eZUser::hashType() and strtolower($ini->variable('UserSettings', 'UpdateHash')) == 'true') {
                     $hashType = eZUser::hashType();
                     $hash = eZUser::createHash($login, $password, eZUser::site(), $hashType);
                     $db->query("UPDATE ezuser SET password_hash='{$hash}', password_hash_type='{$hashType}' WHERE contentobject_id='{$userID}'");
                 }
                 break;
             }
         }
     }
     if ($exists and $isEnabled and $canLogin) {
         eZDebugSetting::writeDebug('kernel-user', $userRow, 'user row');
         $user = new eZUser($userRow);
         eZDebugSetting::writeDebug('kernel-user', $user, 'user');
         $userID = $user->attribute('contentobject_id');
         eZUser::updateLastVisit($userID);
         eZUser::setCurrentlyLoggedInUser($user, $userID);
         // Reset number of failed login attempts
         eZUser::setFailedLoginAttempts($userID, 0);
         return $user;
     } else {
         if ($LDAPIni->variable('LDAPSettings', 'LDAPEnabled') === 'true') {
             // read LDAP ini settings
             // and then try to bind to the ldap server
             $LDAPDebugTrace = $LDAPIni->variable('LDAPSettings', 'LDAPDebugTrace') === 'enabled';
             $LDAPVersion = $LDAPIni->variable('LDAPSettings', 'LDAPVersion');
             $LDAPServer = $LDAPIni->variable('LDAPSettings', 'LDAPServer');
             $LDAPPort = $LDAPIni->variable('LDAPSettings', 'LDAPPort');
             $LDAPFollowReferrals = (int) $LDAPIni->variable('LDAPSettings', 'LDAPFollowReferrals');
             $LDAPBaseDN = $LDAPIni->variable('LDAPSettings', 'LDAPBaseDn');
             $LDAPBindUser = $LDAPIni->variable('LDAPSettings', 'LDAPBindUser');
             $LDAPBindPassword = $LDAPIni->variable('LDAPSettings', 'LDAPBindPassword');
             $LDAPSearchScope = $LDAPIni->variable('LDAPSettings', 'LDAPSearchScope');
             $LDAPLoginAttribute = strtolower($LDAPIni->variable('LDAPSettings', 'LDAPLoginAttribute'));
             $LDAPFirstNameAttribute = strtolower($LDAPIni->variable('LDAPSettings', 'LDAPFirstNameAttribute'));
             $LDAPFirstNameIsCN = $LDAPIni->variable('LDAPSettings', 'LDAPFirstNameIsCommonName') === 'true';
             $LDAPLastNameAttribute = strtolower($LDAPIni->variable('LDAPSettings', 'LDAPLastNameAttribute'));
             $LDAPEmailAttribute = strtolower($LDAPIni->variable('LDAPSettings', 'LDAPEmailAttribute'));
             $defaultUserPlacement = $ini->variable("UserSettings", "DefaultUserPlacement");
             $LDAPUserGroupAttributeType = strtolower($LDAPIni->variable('LDAPSettings', 'LDAPUserGroupAttributeType'));
             $LDAPUserGroupAttribute = strtolower($LDAPIni->variable('LDAPSettings', 'LDAPUserGroupAttribute'));
             if ($LDAPIni->hasVariable('LDAPSettings', 'Utf8Encoding')) {
                 $Utf8Encoding = $LDAPIni->variable('LDAPSettings', 'Utf8Encoding');
                 if ($Utf8Encoding == "true") {
                     $isUtf8Encoding = true;
                 } else {
                     $isUtf8Encoding = false;
                 }
             } else {
                 $isUtf8Encoding = false;
             }
             if ($LDAPIni->hasVariable('LDAPSettings', 'LDAPSearchFilters')) {
                 $LDAPFilters = $LDAPIni->variable('LDAPSettings', 'LDAPSearchFilters');
             }
             if ($LDAPIni->hasVariable('LDAPSettings', 'LDAPUserGroupType') and $LDAPIni->hasVariable('LDAPSettings', 'LDAPUserGroup')) {
                 $LDAPUserGroupType = $LDAPIni->variable('LDAPSettings', 'LDAPUserGroupType');
                 $LDAPUserGroup = $LDAPIni->variable('LDAPSettings', 'LDAPUserGroup');
             }
             $LDAPFilter = "( &";
             if (count($LDAPFilters) > 0) {
                 foreach (array_keys($LDAPFilters) as $key) {
                     $LDAPFilter .= "(" . $LDAPFilters[$key] . ")";
                 }
             }
             $LDAPEqualSign = trim($LDAPIni->variable('LDAPSettings', "LDAPEqualSign"));
             $LDAPBaseDN = str_replace($LDAPEqualSign, "=", $LDAPBaseDN);
             $LDAPFilter = str_replace($LDAPEqualSign, "=", $LDAPFilter);
             $LDAPBindUser = str_replace($LDAPEqualSign, "=", $LDAPBindUser);
             if ($LDAPDebugTrace) {
                 $debugArray = array('stage' => '1/5: Connecting and Binding to LDAP server', 'LDAPServer' => $LDAPServer, 'LDAPPort' => $LDAPPort, 'LDAPBindUser' => $LDAPBindUser, 'LDAPVersion' => $LDAPVersion);
                 // Set debug trace mode for ldap connections
                 if (function_exists('ldap_set_option')) {
                     ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
                 }
                 eZDebug::writeNotice(var_export($debugArray, true), __METHOD__);
             }
             if (function_exists('ldap_connect')) {
                 $ds = ldap_connect($LDAPServer, $LDAPPort);
             } else {
                 $ds = false;
             }
             if ($ds) {
                 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $LDAPVersion);
                 ldap_set_option($ds, LDAP_OPT_REFERRALS, $LDAPFollowReferrals);
                 if ($LDAPBindUser == '') {
                     $r = ldap_bind($ds);
                 } else {
                     $r = ldap_bind($ds, $LDAPBindUser, $LDAPBindPassword);
                 }
                 if (!$r) {
                     // Increase number of failed login attempts.
                     eZDebug::writeError('Cannot bind to LDAP server, might be something wronge with connetion or bind user!', __METHOD__);
                     if (isset($userID)) {
                         eZUser::setFailedLoginAttempts($userID);
                     }
                     $user = false;
                     return $user;
                 }
                 $LDAPFilter .= "({$LDAPLoginAttribute}={$loginLdapEscaped})";
                 $LDAPFilter .= ")";
                 ldap_set_option($ds, LDAP_OPT_SIZELIMIT, 0);
                 ldap_set_option($ds, LDAP_OPT_TIMELIMIT, 0);
                 $retrieveAttributes = array($LDAPLoginAttribute, $LDAPFirstNameAttribute, $LDAPLastNameAttribute, $LDAPEmailAttribute);
                 if ($LDAPUserGroupAttributeType) {
                     $retrieveAttributes[] = $LDAPUserGroupAttribute;
                 }
                 if ($LDAPDebugTrace) {
                     $debugArray = array('stage' => '2/5: finding user', 'LDAPFilter' => $LDAPFilter, 'retrieveAttributes' => $retrieveAttributes, 'LDAPSearchScope' => $LDAPSearchScope, 'LDAPBaseDN' => $LDAPBaseDN);
                     eZDebug::writeNotice(var_export($debugArray, true), __METHOD__);
                 }
                 if ($LDAPSearchScope == "one") {
                     $sr = ldap_list($ds, $LDAPBaseDN, $LDAPFilter, $retrieveAttributes);
                 } else {
                     if ($LDAPSearchScope == "base") {
                         $sr = ldap_read($ds, $LDAPBaseDN, $LDAPFilter, $retrieveAttributes);
                     } else {
                         $sr = ldap_search($ds, $LDAPBaseDN, $LDAPFilter, $retrieveAttributes);
                     }
                 }
                 $info = ldap_get_entries($ds, $sr);
                 if ($info['count'] > 1) {
                     // More than one user with same uid, not allow login.
                     eZDebug::writeWarning('More then one user with same uid, not allowed to login!', __METHOD__);
                     $user = false;
                     return $user;
                 } else {
                     if ($info['count'] < 1) {
                         // Increase number of failed login attempts.
                         if (isset($userID)) {
                             eZUser::setFailedLoginAttempts($userID);
                         }
                         // user DN was not found
                         eZDebug::writeWarning('User DN was not found!', __METHOD__);
                         $user = false;
                         return $user;
                     } else {
                         if ($LDAPDebugTrace) {
                             $debugArray = array('stage' => '3/5: real authentication of user', 'info' => $info);
                             eZDebug::writeNotice(var_export($debugArray, true), __METHOD__);
                         }
                     }
                 }
                 if (!$password) {
                     $password = crypt(microtime());
                 }
                 // is it real authenticated LDAP user?
                 if (!@ldap_bind($ds, $info[0]['dn'], $password)) {
                     // Increase number of failed login attempts.
                     if (isset($userID)) {
                         eZUser::setFailedLoginAttempts($userID);
                     }
                     eZDebug::writeWarning("User {$userID} failed to login!", __METHOD__);
                     $user = false;
                     return $user;
                 }
                 $extraNodeAssignments = array();
                 $userGroupClassID = $ini->variable("UserSettings", "UserGroupClassID");
                 // default user group assigning
                 if ($LDAPUserGroupType != null) {
                     if ($LDAPUserGroupType == "name") {
                         if (is_array($LDAPUserGroup)) {
                             foreach (array_keys($LDAPUserGroup) as $key) {
                                 $groupName = $db->escapeString($LDAPUserGroup[$key]);
                                 $groupQuery = "SELECT ezcontentobject_tree.node_id\n                                                 FROM ezcontentobject, ezcontentobject_tree\n                                                WHERE ezcontentobject.name like '{$groupName}'\n                                                  AND ezcontentobject.id=ezcontentobject_tree.contentobject_id\n                                                  AND ezcontentobject.contentclass_id={$userGroupClassID}";
                                 $groupObject = $db->arrayQuery($groupQuery);
                                 if (count($groupObject) > 0 and $key == 0) {
                                     $defaultUserPlacement = $groupObject[0]['node_id'];
                                 } else {
                                     if (count($groupObject) > 0) {
                                         $extraNodeAssignments[] = $groupObject[0]['node_id'];
                                     }
                                 }
                             }
                         } else {
                             $groupName = $db->escapeString($LDAPUserGroup);
                             $groupQuery = "SELECT ezcontentobject_tree.node_id\n                                             FROM ezcontentobject, ezcontentobject_tree\n                                            WHERE ezcontentobject.name like '{$groupName}'\n                                              AND ezcontentobject.id=ezcontentobject_tree.contentobject_id\n                                              AND ezcontentobject.contentclass_id={$userGroupClassID}";
                             $groupObject = $db->arrayQuery($groupQuery);
                             if (count($groupObject) > 0) {
                                 $defaultUserPlacement = $groupObject[0]['node_id'];
                             }
                         }
                     } else {
                         if ($LDAPUserGroupType == "id") {
                             if (is_array($LDAPUserGroup)) {
                                 foreach (array_keys($LDAPUserGroup) as $key) {
                                     $groupID = $LDAPUserGroup[$key];
                                     $groupQuery = "SELECT ezcontentobject_tree.node_id\n                                                 FROM ezcontentobject, ezcontentobject_tree\n                                                WHERE ezcontentobject.id='{$groupID}'\n                                                  AND ezcontentobject.id=ezcontentobject_tree.contentobject_id\n                                                  AND ezcontentobject.contentclass_id={$userGroupClassID}";
                                     $groupObject = $db->arrayQuery($groupQuery);
                                     if (count($groupObject) > 0 and $key == 0) {
                                         $defaultUserPlacement = $groupObject[0]['node_id'];
                                     } else {
                                         if (count($groupObject) > 0) {
                                             $extraNodeAssignments[] = $groupObject[0]['node_id'];
                                         }
                                     }
                                 }
                             } else {
                                 $groupID = $LDAPUserGroup;
                                 $groupQuery = "SELECT ezcontentobject_tree.node_id\n                                             FROM ezcontentobject, ezcontentobject_tree\n                                            WHERE ezcontentobject.id='{$groupID}'\n                                              AND ezcontentobject.id=ezcontentobject_tree.contentobject_id\n                                              AND ezcontentobject.contentclass_id={$userGroupClassID}";
                                 $groupObject = $db->arrayQuery($groupQuery);
                                 if (count($groupObject) > 0) {
                                     $defaultUserPlacement = $groupObject[0]['node_id'];
                                 }
                             }
                         }
                     }
                 }
                 // read group mapping LDAP settings
                 $LDAPGroupMappingType = $LDAPIni->variable('LDAPSettings', 'LDAPGroupMappingType');
                 $LDAPUserGroupMap = $LDAPIni->variable('LDAPSettings', 'LDAPUserGroupMap');
                 if (!is_array($LDAPUserGroupMap)) {
                     $LDAPUserGroupMap = array();
                 }
                 // group mapping constants
                 $ByMemberAttribute = 'SimpleMapping';
                 // by group's member attributes (with mapping)
                 $ByMemberAttributeHierarhicaly = 'GetGroupsTree';
                 // by group's member attributes hierarhically
                 $ByGroupAttribute = 'UseGroupAttribute';
                 // by user's group attribute (old style)
                 $groupMappingTypes = array($ByMemberAttribute, $ByMemberAttributeHierarhicaly, $ByGroupAttribute);
                 $userData =& $info[0];
                 // default mapping using old style
                 if (!in_array($LDAPGroupMappingType, $groupMappingTypes)) {
                     $LDAPGroupMappingType = $ByGroupAttribute;
                 }
                 if ($LDAPDebugTrace) {
                     $debugArray = array('stage' => '4/5: group mapping init', 'LDAPUserGroupType' => $LDAPUserGroupType, 'LDAPGroupMappingType' => $LDAPGroupMappingType, 'LDAPUserGroup' => $LDAPUserGroup, 'defaultUserPlacement' => $defaultUserPlacement, 'extraNodeAssignments' => $extraNodeAssignments);
                     eZDebug::writeNotice(var_export($debugArray, true), __METHOD__);
                 }
                 if ($LDAPGroupMappingType == $ByMemberAttribute or $LDAPGroupMappingType == $ByMemberAttributeHierarhicaly) {
                     $LDAPGroupBaseDN = $LDAPIni->variable('LDAPSettings', 'LDAPGroupBaseDN');
                     $LDAPGroupBaseDN = str_replace($LDAPEqualSign, '=', $LDAPGroupBaseDN);
                     $LDAPGroupClass = $LDAPIni->variable('LDAPSettings', 'LDAPGroupClass');
                     $LDAPGroupNameAttribute = strtolower($LDAPIni->variable('LDAPSettings', 'LDAPGroupNameAttribute'));
                     $LDAPGroupMemberAttribute = strtolower($LDAPIni->variable('LDAPSettings', 'LDAPGroupMemberAttribute'));
                     $LDAPGroupDescriptionAttribute = strtolower($LDAPIni->variable('LDAPSettings', 'LDAPGroupDescriptionAttribute'));
                     $groupSearchingDepth = $LDAPGroupMappingType == '1' ? 1 : 1000;
                     // now, get all parents for currently ldap authenticated user
                     $requiredParams = array();
                     $requiredParams['LDAPLoginAttribute'] = $LDAPLoginAttribute;
                     $requiredParams['LDAPGroupBaseDN'] = $LDAPGroupBaseDN;
                     $requiredParams['LDAPGroupClass'] = $LDAPGroupClass;
                     $requiredParams['LDAPGroupNameAttribute'] = $LDAPGroupNameAttribute;
                     $requiredParams['LDAPGroupMemberAttribute'] = $LDAPGroupMemberAttribute;
                     $requiredParams['LDAPGroupDescriptionAttribute'] = $LDAPGroupDescriptionAttribute;
                     $requiredParams['ds'] =& $ds;
                     if ($LDAPIni->variable('LDAPSettings', 'LDAPGroupRootNodeId') !== '') {
                         $requiredParams['TopUserGroupNodeID'] = $LDAPIni->variable('LDAPSettings', 'LDAPGroupRootNodeId');
                     } else {
                         $requiredParams['TopUserGroupNodeID'] = 5;
                     }
                     $groupsTree = array();
                     $stack = array();
                     $newfilter = '(&(objectClass=' . $LDAPGroupClass . ')(' . $LDAPGroupMemberAttribute . '=' . $userData['dn'] . '))';
                     $groupsTree[$userData['dn']] = array('data' => &$userData, 'parents' => array(), 'children' => array());
                     eZLDAPUser::getUserGroupsTree($requiredParams, $newfilter, $userData['dn'], $groupsTree, $stack, $groupSearchingDepth);
                     $userRecord =& $groupsTree[$userData['dn']];
                     if ($LDAPGroupMappingType == $ByMemberAttribute) {
                         if (count($userRecord['parents']) > 0) {
                             $remappedGroupNames = array();
                             foreach (array_keys($userRecord['parents']) as $key) {
                                 $parentGroup =& $userRecord['parents'][$key];
                                 if (isset($parentGroup['data'][$LDAPGroupNameAttribute])) {
                                     $ldapGroupName = $parentGroup['data'][$LDAPGroupNameAttribute];
                                     if (is_array($ldapGroupName)) {
                                         $ldapGroupName = $ldapGroupName['count'] > 0 ? $ldapGroupName[0] : '';
                                     }
                                     // remap group name and check that group exists
                                     if (array_key_exists($ldapGroupName, $LDAPUserGroupMap)) {
                                         $remmapedGroupName = $db->escapeString($LDAPUserGroupMap[$ldapGroupName]);
                                         $groupQuery = "SELECT ezcontentobject_tree.node_id\n                                                         FROM ezcontentobject, ezcontentobject_tree\n                                                        WHERE ezcontentobject.name like '{$remmapedGroupName}'\n                                                          AND ezcontentobject.id=ezcontentobject_tree.contentobject_id\n                                                          AND ezcontentobject.contentclass_id={$userGroupClassID}";
                                         $groupRow = $db->arrayQuery($groupQuery);
                                         if (count($groupRow) > 0) {
                                             $userRecord['new_parents'][] = $groupRow[0]['node_id'];
                                         }
                                     }
                                 }
                             }
                         }
                     } else {
                         if ($LDAPGroupMappingType == $ByMemberAttributeHierarhicaly) {
                             $stack = array();
                             self::goAndPublishGroups($requiredParams, $userData['dn'], $groupsTree, $stack, $groupSearchingDepth, true);
                         }
                     }
                     if (isset($userRecord['new_parents']) and count($userRecord['new_parents']) > 0) {
                         $defaultUserPlacement = $userRecord['new_parents'][0];
                         $extraNodeAssignments = array_merge($extraNodeAssignments, $userRecord['new_parents']);
                     }
                 } else {
                     if ($LDAPGroupMappingType == $ByGroupAttribute) {
                         if ($LDAPUserGroupAttributeType) {
                             // Should we create user groups that are specified in LDAP, but not found in eZ Publish?
                             $createMissingGroups = $LDAPIni->variable('LDAPSettings', 'LDAPCreateMissingGroups') === 'enabled';
                             if ($LDAPIni->variable('LDAPSettings', 'LDAPGroupRootNodeId') !== '') {
                                 $parentNodeID = $LDAPIni->variable('LDAPSettings', 'LDAPGroupRootNodeId');
                             } else {
                                 $parentNodeID = 5;
                             }
                             $groupAttributeCount = $info[0][$LDAPUserGroupAttribute]['count'];
                             if ($LDAPUserGroupAttributeType == "name") {
                                 for ($i = 0; $i < $groupAttributeCount; $i++) {
                                     if ($isUtf8Encoding) {
                                         $groupName = utf8_decode($info[0][$LDAPUserGroupAttribute][$i]);
                                     } else {
                                         $groupName = $info[0][$LDAPUserGroupAttribute][$i];
                                     }
                                     // Save group node id to either defaultUserPlacement or extraNodeAssignments
                                     self::getNodeAssignmentsForGroupName($groupName, $i == 0, $defaultUserPlacement, $extraNodeAssignments, $createMissingGroups, $parentNodeID);
                                 }
                             } else {
                                 if ($LDAPUserGroupAttributeType == "id") {
                                     for ($i = 0; $i < $groupAttributeCount; $i++) {
                                         if ($isUtf8Encoding) {
                                             $groupID = utf8_decode($info[0][$LDAPUserGroupAttribute][$i]);
                                         } else {
                                             $groupID = $info[0][$LDAPUserGroupAttribute][$i];
                                         }
                                         $groupName = "LDAP {$groupID}";
                                         // Save group node id to either defaultUserPlacement or extraNodeAssignments
                                         self::getNodeAssignmentsForGroupName($groupName, $i == 0, $defaultUserPlacement, $extraNodeAssignments, $createMissingGroups, $parentNodeID);
                                     }
                                 } else {
                                     if ($LDAPUserGroupAttributeType == "dn") {
                                         for ($i = 0; $i < $groupAttributeCount; $i++) {
                                             $groupDN = $info[0][$LDAPUserGroupAttribute][$i];
                                             $groupName = self::getGroupNameByDN($ds, $groupDN);
                                             if ($groupName) {
                                                 // Save group node id to either defaultUserPlacement or extraNodeAssignments
                                                 self::getNodeAssignmentsForGroupName($groupName, $i == 0, $defaultUserPlacement, $extraNodeAssignments, $createMissingGroups, $parentNodeID);
                                             }
                                         }
                                     } else {
                                         eZDebug::writeError("Bad LDAPUserGroupAttributeType '{$LDAPUserGroupAttributeType}'. It must be either 'name', 'id' or 'dn'.", __METHOD__);
                                         $user = false;
                                         return $user;
                                     }
                                 }
                             }
                         }
                     }
                 }
                 // remove ' last_name' from first_name if cn is used for first name
                 if ($LDAPFirstNameIsCN && isset($userData[$LDAPFirstNameAttribute]) && isset($userData[$LDAPLastNameAttribute])) {
                     $userData[$LDAPFirstNameAttribute][0] = str_replace(' ' . $userData[$LDAPLastNameAttribute][0], '', $userData[$LDAPFirstNameAttribute][0]);
                 }
                 if (isset($userData[$LDAPEmailAttribute])) {
                     $LDAPuserEmail = $userData[$LDAPEmailAttribute][0];
                 } else {
                     if (trim($LDAPIni->variable('LDAPSettings', 'LDAPEmailEmptyAttributeSuffix'))) {
                         $LDAPuserEmail = $login . $LDAPIni->variable('LDAPSettings', 'LDAPEmailEmptyAttributeSuffix');
                     } else {
                         $LDAPuserEmail = false;
                     }
                 }
                 $userAttributes = array('login' => $login, 'first_name' => isset($userData[$LDAPFirstNameAttribute]) ? $userData[$LDAPFirstNameAttribute][0] : false, 'last_name' => isset($userData[$LDAPLastNameAttribute]) ? $userData[$LDAPLastNameAttribute][0] : false, 'email' => $LDAPuserEmail);
                 if ($LDAPDebugTrace) {
                     $debugArray = array('stage' => '5/5: storing user', 'userAttributes' => $userAttributes, 'isUtf8Encoding' => $isUtf8Encoding, 'defaultUserPlacement' => $defaultUserPlacement, 'extraNodeAssignments' => $extraNodeAssignments);
                     eZDebug::writeNotice(var_export($debugArray, true), __METHOD__);
                 }
                 $oldUser = clone eZUser::currentUser();
                 $existingUser = eZLDAPUser::publishUpdateUser($extraNodeAssignments, $defaultUserPlacement, $userAttributes, $isUtf8Encoding);
                 if (is_object($existingUser)) {
                     eZUser::setCurrentlyLoggedInUser($existingUser, $existingUser->attribute('contentobject_id'));
                 } else {
                     eZUser::setCurrentlyLoggedInUser($oldUser, $oldUser->attribute('contentobject_id'));
                 }
                 ldap_close($ds);
                 return $existingUser;
             } else {
                 eZDebug::writeError('Cannot initialize connection for LDAP server', __METHOD__);
                 $user = false;
                 return $user;
             }
         } else {
             // Increase number of failed login attempts.
             if (isset($userID)) {
                 eZUser::setFailedLoginAttempts($userID);
             }
             eZDebug::writeWarning('User does not exist or LDAP is not enabled in php', __METHOD__);
             $user = false;
             return $user;
         }
     }
 }