/**
* \brief See if a username/password is valid.
*
* @return boolean
*/
function checkUsernameAndPassword($userName, $password)
{
if (empty($userName) || $userName == 'Default User') {
return false;
}
try {
$row = $this->userDao->getUserAndDefaultGroupByUserName($userName);
} catch (Exception $e) {
return false;
}
if (empty($row['user_name'])) {
return false;
}
/* Check the password -- only if a password exists */
if (!empty($row['user_seed']) && !empty($row['user_pass'])) {
$passwordHash = sha1($row['user_seed'] . $password);
if (strcmp($passwordHash, $row['user_pass']) != 0) {
return false;
}
} else {
if (!empty($row['user_seed'])) {
/* Seed with no password hash = no login */
return false;
} else {
if (!empty($password)) {
/* empty password required */
return false;
}
}
}
/* If you make it here, then username and password were good! */
$this->updateSession($row);
$_SESSION['time_check'] = time() + 480 * 60;
/* No specified permission means ALL permission */
if ("X" . $row['user_perm'] == "X") {
$_SESSION[Auth::USER_LEVEL] = PLUGIN_DB_ADMIN;
} else {
$_SESSION[Auth::USER_LEVEL] = $row['user_perm'];
}
$_SESSION['checkip'] = GetParm("checkip", PARM_STRING);
/* Check for the no-popup flag */
if (GetParm("nopopup", PARM_INTEGER) == 1) {
$_SESSION['NoPopup'] = 1;
} else {
$_SESSION['NoPopup'] = 0;
}
return true;
}
