function auth($user_name, $pwd, $email, $nt_domain)
{
global $dbh;
global $auth_method;
global $routing_domain;
global $address_rewriting_type;
$authenticated = false;
$user_name = trim(stripslashes($user_name));
$email = trim($email);
// Don't allow logins for domain-class pseudo-users
if (!empty($user_name) && $user_name[0] == "@" || !empty($email) && $email[0] == "@") {
return array(false, false);
}
$pwd = stripslashes($pwd);
if ($auth_method == "pop3") {
if (!empty($routing_domain)) {
if (!empty($user_name) && !empty($pwd)) {
$authenticated = auth_pop3($user_name, $pwd);
$email = $user_name . "@" . $routing_domain;
}
} else {
if (!empty($email) && !empty($pwd)) {
$user_name = get_user_from_email($email);
$authenticated = auth_pop3($user_name, $pwd);
}
}
} elseif ($auth_method == "imap") {
if (!empty($email) && !empty($pwd)) {
$email = get_rewritten_email_address($email, $address_rewriting_type);
if ($address_rewriting_type == 4) {
$user_name = $email;
} else {
$user_name = get_user_from_email($email);
}
$authenticated = auth_imap($user_name, $pwd);
}
} elseif ($auth_method == "ldap") {
if (!empty($user_name) && !empty($pwd)) {
$email = auth_ldap($user_name, $pwd);
$authenticated = !($email === false);
}
} elseif ($auth_method == "exchange") {
if (!empty($user_name) && !empty($pwd)) {
$authenticated = auth_exchange($user_name, $pwd, $nt_domain);
// BROKEN! No idea what e-mail address to return here.
}
} elseif ($auth_method == "sql") {
if (!empty($user_name) && !empty($pwd)) {
$email = auth_sql($user_name, $pwd);
if (PEAR::isError($email)) {
$authenticated = false;
} else {
$authenticated = !($email === false);
}
}
} elseif ($auth_method == "internal") {
if (!empty($user_name) && !empty($pwd)) {
$email = auth_internal($user_name, $pwd);
$authenticated = !($email === false);
}
} elseif ($auth_method == "external") {
if (!empty($user_name) && !empty($pwd)) {
$authenticated = auth_external($user_name, $pwd);
$email = $user_name;
}
}
return array($authenticated, $email);
}
function connexion_empr()
{
global $dbh, $msg, $opac_duration_session_auth;
global $time_expired, $erreur_session, $login, $password;
global $auth_ok, $lang, $code, $emprlogin;
global $first_log;
global $erreur_connexion;
global $opac_opac_view_activate, $pmb_opac_view_class, $opac_view_class;
global $opac_default_style;
//a positionner si authentification exterieure
global $ext_auth, $empty_pwd;
global $base_path, $class_path;
global $cms_build_activate;
//a positionner si les vues OPAC sont activées
global $include_path;
$erreur_connexion = 0;
$log_ok = 0;
if (!$_SESSION["user_code"]) {
if (!get_magic_quotes_gpc()) {
$p_login = addslashes($_POST['login']);
} else {
$p_login = $_POST['login'];
}
if ($time_expired == 0) {
// début if ($time_expired==0) 1
//Si pas de session en cours, vérification du login
$verif_query = "SELECT id_empr, empr_cb, empr_nom, empr_prenom, empr_password, empr_lang, empr_date_expiration<sysdate() as isexp, empr_login, empr_ldap,empr_location, allow_opac \n\t\t\t\t\tFROM empr\n\t\t\t\t\tJOIN empr_statut ON empr_statut=idstatut\n\t\t\t\t\tWHERE empr_login='******'";
$verif_result = mysql_query($verif_query);
// récupération des valeurs MySQL du lecteur et injection dans les variables
while ($verif_line = mysql_fetch_array($verif_result)) {
$verif_empr_cb = $verif_line['empr_cb'];
$verif_empr_login = $verif_line['empr_login'];
$verif_empr_ldap = $verif_line['empr_ldap'];
$verif_empr_password = $verif_line['empr_password'];
$verif_lang = $verif_line['empr_lang'] ? $verif_line['empr_lang'] : "fr_FR";
$verif_id_empr = $verif_line['id_empr'];
$verif_isexp = $verif_line['isexp'];
$verif_opac = $verif_line['allow_opac'];
$empr_location = $verif_line['empr_location'];
}
$auth_ok = 0;
if ($verif_opac) {
if ($ext_auth) {
$auth_ok = $ext_auth;
} elseif ($code) {
$auth_ok = connexion_auto();
} elseif ($verif_empr_ldap) {
$auth_ok = auth_ldap($p_login, $password);
} else {
$auth_ok = ($empty_pwd || !$empty_pwd && $verif_empr_password) && $verif_empr_password == stripslashes($password) && $verif_empr_login != "";
}
//auth standard
}
if ($auth_ok) {
// début if ($auth_ok) 1
//Si mot de passe correct, enregistrement dans la session de l'utilisateur
$log_ok = 1;
if ($_SESSION["cms_build_activate"]) {
$cms_build_activate = 1;
}
if ($_SESSION["build_id_version"]) {
$build_id_version = $_SESSION["build_id_version"];
}
//Récupération de l'environnement précédent
$requete = "select session from opac_sessions where empr_id=" . $verif_id_empr;
$res_session = mysql_query($requete);
if (@mysql_num_rows($res_session)) {
$temp_session = unserialize(mysql_result($res_session, 0, 0));
$_SESSION = $temp_session;
} else {
$_SESSION = array();
}
$_SESSION["cms_build_activate"] = $cms_build_activate;
$_SESSION["build_id_version"] = $build_id_version;
if (!$code) {
$_SESSION["connexion_empr_auto"] = 0;
}
$_SESSION["user_code"] = $verif_empr_login;
$_SESSION["id_empr_session"] = $verif_id_empr;
$_SESSION["connect_time"] = time();
$_SESSION["lang"] = $verif_lang;
$_SESSION["empr_location"] = $empr_location;
$req = "select location_libelle from docs_location where idlocation='" . $_SESSION["empr_location"] . "'";
$_SESSION["empr_location_libelle"] = mysql_result(mysql_query($req, $dbh), 0, 0);
// change language and charset after login
$lang = $_SESSION["lang"];
set_language($lang);
if (!$verif_isexp) {
recupere_pref_droits($_SESSION["user_code"]);
$_SESSION["user_expired"] = $verif_isexp;
} else {
recupere_pref_droits($_SESSION["user_code"], 1);
$_SESSION["user_expired"] = $verif_isexp;
echo "<script>alert(\"" . $msg["empr_expire"] . "\");</script>";
$erreur_connexion = 1;
}
if ($opac_opac_view_activate) {
$_SESSION["opac_view"] = 0;
$_SESSION['opac_view_query'] = 0;
if (!$pmb_opac_view_class) {
$pmb_opac_view_class = "opac_view";
}
require_once $base_path . "/classes/" . $pmb_opac_view_class . ".class.php";
$opac_view_class = new $pmb_opac_view_class($_SESSION["opac_view"], $_SESSION["id_empr_session"]);
if ($opac_view_class->id) {
$opac_view_class->set_parameters();
$opac_view_filter_class = $opac_view_class->opac_filters;
$_SESSION["opac_view"] = $opac_view_class->id;
if (!$opac_view_class->opac_view_wo_query) {
$_SESSION['opac_view_query'] = 1;
}
} else {
$_SESSION["opac_view"] = 0;
}
$css = $_SESSION["css"] = $opac_default_style;
}
$first_log = true;
} else {
//Sinon, on détruit la session créée
if ($_SESSION["cms_build_activate"]) {
$cms_build_activate = 1;
}
if ($_SESSION["build_id_version"]) {
$build_id_version = $_SESSION["build_id_version"];
}
@session_destroy();
if ($cms_build_activate) {
session_start();
$_SESSION["cms_build_activate"] = $cms_build_activate;
$_SESSION["build_id_version"] = $build_id_version;
}
if ($verif_empr_password != stripslashes($password) || $verif_empr_login == "" || $verif_empr_ldap || $code) {
// la saisie du mot de passe ou du login est incorrect ou erreur de connexion avec le ldap
$erreur_session = $empr_erreur_header;
$erreur_session .= $msg["empr_type_card_number"] . "<br />";
$erreur_session .= $empr_erreur_footer;
$erreur_connexion = 3;
} elseif ($verif_isexp) {
//Si l'abonnement est expiré
echo "<script>alert(\"" . $msg["empr_expire"] . "\");</script>";
$erreur_connexion = 1;
} elseif (!$verif_opac) {
//Si la connexion à l'opac est interdite
echo "<script>alert(\"" . $msg["empr_connexion_interdite"] . "\");</script>";
$erreur_connexion = 2;
} else {
// Autre cas au cas où...
$erreur_session = $empr_erreur_header;
$erreur_session .= $msg["empr_type_card_number"] . "<br />";
$erreur_session .= $empr_erreur_footer;
$erreur_connexion = 3;
}
$log_ok = 0;
$time_expired = 0;
}
// fin if ($auth_ok) 1
} else {
// la session a expiré, on va le lui dire
echo "<script>alert(\"" . sprintf($msg["session_expired"], round($opac_duration_session_auth / 60)) . "\");</script>";
}
} else {
//Si session en cours, pas de problème...
$log_ok = 1;
$login = $_SESSION["user_code"];
if ($_SESSION["user_expired"]) {
recupere_pref_droits($login, 1);
} else {
recupere_pref_droits($login);
}
if (!$code) {
$_SESSION["connexion_empr_auto"] = 0;
}
}
// pour visualiser une notice issue de DSI avec une connexion auto
if ($_SESSION["connexion_empr_auto"] && $log_ok) {
global $connexion_empr_auto, $tab, $lvl;
$connexion_empr_auto = 1;
if (!$code) {
if (!$tab) {
$tab = "dsi";
}
if (!$lvl) {
$lvl = "bannette";
}
}
}
return $log_ok;
}