/** * @return array * obj->status_ok = true/false * obj->msg = message to explain what has happened to a human being. */ function auth_does_password_match(&$user, $cleartext_password) { $authCfg = config_get('authentication'); $ret = new stdClass(); $ret->status_ok = true; $ret->msg = 'ok'; switch ($authCfg['method']) { case 'LDAP': $msg[ERROR_LDAP_AUTH_FAILED] = lang_get('error_ldap_auth_failed'); $msg[ERROR_LDAP_SERVER_CONNECT_FAILED] = lang_get('error_ldap_server_connect_failed'); $msg[ERROR_LDAP_UPDATE_FAILED] = lang_get('error_ldap_update_failed'); $msg[ERROR_LDAP_USER_NOT_FOUND] = lang_get('error_ldap_user_not_found'); $msg[ERROR_LDAP_BIND_FAILED] = lang_get('error_ldap_bind_failed'); $dummy = ldap_authenticate($user->login, $cleartext_password); $ret->status_ok = $dummy->status_ok; $ret->msg = $msg[$dummy->status_code]; break; case 'LOCAL': if ($user->comparePassword($cleartext_password) != tl::OK) { $ret->status_ok = false; $ret->msg = lang_get('bad_user_passwd'); } break; default: // Custom implementation break; } return $ret; }
function auth_attempt_login($username = "", $password = "") { $login_method = LOGIN_METHOD; if ($login_method == 'LDAP') { if (ldap_authenticate($username, $password)) { #user successfully authenticated, proceed with login auth_login($username); } } else { if (auth_does_password_match($username, $password)) { #user successfully authenticated, proceed with login auth_login($username); } } # check if user logged in $logged_in = session_getLogged_in(); # if user not logged in, login failed, redirect back to the page where the user # tried to login if (!$logged_in) { $switch_project = $_POST['login']['switch_project']; $redirect_page = $_POST['login']['page']; $redirect_page_get = $_POST['login']['get']; # redirect to the appropriate page if (empty($redirect_page)) { error_report_show("home_page.php?", INVALID_LOGIN); } else { error_report_show($redirect_page . "?" . $redirect_page_get, INVALID_LOGIN); } } }
function auth_does_password_match(&$user, $cleartext_password) { $authCfg = config_get('authentication'); $ret = new stdClass(); $ret->status_ok = true; $ret->msg = 'ok'; if ('LDAP' == $authCfg['method']) { $msg[ERROR_LDAP_AUTH_FAILED] = lang_get('error_ldap_auth_failed'); $msg[ERROR_LDAP_SERVER_CONNECT_FAILED] = lang_get('error_ldap_server_connect_failed'); $msg[ERROR_LDAP_UPDATE_FAILED] = lang_get('error_ldap_update_failed'); $msg[ERROR_LDAP_USER_NOT_FOUND] = lang_get('error_ldap_user_not_found'); $msg[ERROR_LDAP_BIND_FAILED] = lang_get('error_ldap_bind_failed'); $xx = ldap_authenticate($user->login, $cleartext_password); $ret->status_ok = $xx->status_ok; $ret->msg = $msg[$xx->status_code]; } else { if ($user->comparePassword($cleartext_password) != tl::OK) { $ret->status_ok = false; } } return $ret; }
function user_load_authenticate($name, $credentials) { global $ldap_server; $user = user_load('name', $name); if (($user->flags & USER_FLAG_IS_LDAP_ACCOUNT) != 0 && $ldap_server) { if (!ldap_authenticate($name, $credentials)) { return false; } } else { if (sha1($user->salt . $credentials) != $user->pass) { return false; } } return $user; }
/** * Return true if the password for the user id given matches the given * password (taking into account the global login method) * @param int $p_user_id User id to check password against * @param string $p_test_password Password * @return bool indicating whether password matches given the user id * @access public */ function auth_does_password_match($p_user_id, $p_test_password) { $t_configured_login_method = config_get('login_method'); if (LDAP == $t_configured_login_method) { return ldap_authenticate($p_user_id, $p_test_password); } $t_password = user_get_field($p_user_id, 'password'); $t_login_methods = array(MD5, CRYPT, PLAIN); foreach ($t_login_methods as $t_login_method) { # pass the stored password in as the salt if (auth_process_plain_password($p_test_password, $t_password, $t_login_method) == $t_password) { # Do not support migration to PLAIN, since this would be a crazy thing to do. # Also if we do, then a user will be able to login by providing the MD5 value # that is copied from the database. See #8467 for more details. if ($t_configured_login_method != PLAIN && $t_login_method == PLAIN) { continue; } # Check for migration to another login method and test whether the password was encrypted # with our previously insecure implemention of the CRYPT method if ($t_login_method != $t_configured_login_method || CRYPT == $t_configured_login_method && utf8_substr($t_password, 0, 2) == utf8_substr($p_test_password, 0, 2)) { user_set_password($p_user_id, $p_test_password, true); } return true; } } return false; }
/** * @return array * obj->status_ok = true/false * obj->msg = message to explain what has happened to a human being. */ function auth_does_password_match(&$userObj, $cleartext_password) { $authCfg = config_get('authentication'); $ret = new stdClass(); $ret->status_ok = false; $ret->msg = sprintf(lang_get('unknown_authentication_method'), $authCfg['method']); $authMethod = $userObj->authentication; switch ($userObj->authentication) { case 'DB': case 'LDAP': break; default: $authMethod = $authCfg['method']; break; } // switch($authCfg['method']) switch ($authMethod) { case 'LDAP': $msg[ERROR_LDAP_AUTH_FAILED] = lang_get('error_ldap_auth_failed'); $msg[ERROR_LDAP_SERVER_CONNECT_FAILED] = lang_get('error_ldap_server_connect_failed'); $msg[ERROR_LDAP_UPDATE_FAILED] = lang_get('error_ldap_update_failed'); $msg[ERROR_LDAP_USER_NOT_FOUND] = lang_get('error_ldap_user_not_found'); $msg[ERROR_LDAP_BIND_FAILED] = lang_get('error_ldap_bind_failed'); $msg[ERROR_LDAP_START_TLS_FAILED] = lang_get('error_ldap_start_tls_failed'); $xx = ldap_authenticate($userObj->login, $cleartext_password); $ret->status_ok = $xx->status_ok; $ret->msg = $msg[$xx->status_code]; break; case 'MD5': case 'DB': default: $ret->status_ok = $userObj->comparePassword($cleartext_password) == tl::OK; $ret->msg = 'ok'; break; } return $ret; }
/** * Generate the API Key * * @param struct $args * @param string $args["user"] * @param string $args["pass"] * @return string * @access public */ public function generateAPIKey($args) { $this->_setArgs($args); $login = $this->args[self::$userParamName]; $pwd = $this->args['pass']; $user = new tlUser(); $user->login = $login; $login_exists = $user->readFromDB($this->dbObj, tlUser::USER_O_SEARCH_BYLOGIN) >= tl::OK; $checkBD = $user->comparePassword($pwd) == tl::OK; $checkLDAP = ldap_authenticate($login, $pwd); if ($checkBD or $checkLDAP->status_ok) { $user_id = tlUser::doesUserExist($this->dbObj, $login); if (is_null($user_id)) { $this->errors[] = new IXR_Error(NO_USER_BY_THIS_LOGIN, 'This is a valid user, but is not on TestLink DB'); } else { $op = new stdClass(); $op->status = tl::OK; $op->user_feedback = null; $APIKey = new APIKey(); $ak = $APIKey->getAPIKey($user_id); if (!is_null($ak)) { return $ak; } if ($APIKey->addKeyForUser($user_id) >= tl::OK) { return $APIKey->getAPIKey($user_id); } else { $this->errors[] = new IXR_Error(NO_DEV_KEY, NO_DEV_KEY_STR); } } } else { $this->errors[] = new IXR_Error(INVALID_AUTH, INVALID_AUTH_STR); } return $this->errors; }
*/ require_once __DIR__ . '/functions.php'; require_once __DIR__ . '/lib/password.php'; require_once __DIR__ . '/lib/hash_equals.php'; session_start(); if (isset($_SERVER['PHP_AUTH_USER'])) { $myusername = $_SERVER['PHP_AUTH_USER']; $mypassword = $_SERVER['PHP_AUTH_PW']; } else { // Define $myusername and $mypassword $myusername = $_POST['myusername']; $mypassword = $_POST['mypassword']; } $myusername = sanitizeInput($myusername); $mypassword = sanitizeInput($mypassword); if (USE_LDAP === true && ($result = ldap_authenticate($myusername, $mypassword)) !== null) { $_SESSION['user_ldap'] = '1'; $myusername = safe_value($result); } else { if ($mypassword != '') { $myusername = safe_value($myusername); $mypassword = safe_value($mypassword); } else { header("Location: login.php?error=emptypassword"); die; } } $sql = "SELECT * FROM users WHERE username='******'"; $result = dbquery($sql); if (!$result) { $message = 'Invalid query: ' . mysql_error() . "\n";
<?php /* * $Id$ * Copyright (c) 2010 Craig Watson [ craig@cwatson.org ] * Distributed Under the Mozilla Public License 1.1 [ http://www.mozilla.org/MPL/MPL-1.1.html ] */ define('IN_OB', true); $root_path = defined('ROOT_PATH') ? ROOT_PATH : './'; $phpExt = substr(strrchr(__FILE__, '.'), 1); require_once $root_path . 'includes/common.' . $phpExt; $template = array('page_title' => 'Login', 'page_header' => 'Login', 'page_slug' => 'login', 'files' => array('page-header.html')); // If form submitted, evaluate if (isset($_POST['submit'])) { require_once $root_path . 'includes/functions_login.php'; // Transfer POST variables to local and make safe $username = clean_string($_POST['username']); $password = clean_string($_POST['password']); if (strcmp($username, "") == 0 || strcmp($password, "") == 0) { $template['message'] = "<p><strong>Error: Please enter a username and password.</strong></p>"; $template['files'][] = "login_form.html"; } else { ldap_authenticate($username, $password); } } $template['files'][] = 'login_form.html'; $template['files'][] = 'page-footer.html'; template_parse($template['files']);
status_message("Der eingegebene Sicherheitscode ist falsch"); } // Sicherheitscode versenden if (!preg_match('#^[0-9A-Za-z_-]+$#', $_POST['fb_account'])) { status_message("Ungültige Eingabe!"); gotop("index.php?q=acc"); } $security_code = md5($secure_token . $_POST['fb_account'] . microtime()); mail($_POST['fb_account'] . $ssh_printing_email_suffix, 'Validierung Deines Accounts', "Hallo " . user()->name . "," . PHP_EOL . PHP_EOL . "Du bekommst diese Mail, weil Du beim Übungszetteldienst Deinen" . PHP_EOL . "Fachbereichsaccount registriert hast. Du musst jetzt den Sicherheitscode in den" . PHP_EOL . "Einstellungen eingeben und eine Datei in Deinem Fachbereichsaccount ändern." . PHP_EOL . "Dann steht Dir die Drucken-Funktion zur Verfügung." . PHP_EOL . PHP_EOL . "Der Sicherheitscode lautet:" . PHP_EOL . PHP_EOL . " " . $security_code . PHP_EOL . PHP_EOL . "In Deinem Fachbereichsaccount öffne bitte die Datei ~/.ssh/authorized_keys in" . PHP_EOL . "einem Editor. Eventuell musst Du diese Datei auch erst anlegen. Füge unten ans" . PHP_EOL . "Ende die folgende Zeile ein:" . PHP_EOL . PHP_EOL . file_get_contents($ssh_printing_pubkey_file) . PHP_EOL . PHP_EOL . "Den dort angegebenen Drucker musst Du gegebenenfalls auf Deinen Lieblingsdrucker am" . PHP_EOL . "Fachbereich ändern." . PHP_EOL . PHP_EOL . "Noch einmal als Info: Mit dieser Änderung erhalten wir die" . PHP_EOL . "Möglichkeit, uns auf Deinem Account einzuloggen. Dabei können wir aber nur den" . PHP_EOL . "am Anfang der Zeile angegebenen Befehl ausführen, in diesem Fall ein" . PHP_EOL . "Druckbefehl. Möchtest Du das nicht länger, reicht es, diese Zeile wieder zu" . PHP_EOL . "entfernen." . PHP_EOL . "" . PHP_EOL . "Gruß," . PHP_EOL . "Dein Übungszettelservice" . PHP_EOL . PHP_EOL . "Ps. Wenn Du diese Email unbeabsichtigt bekommst, schreibe uns " . "eine Antwort. Wir bestellen diesen Dienst dann für Dich ab.", "Content-type: text/plain; charset=UTF-8" . PHP_EOL . "From: =?utf-8?Q?=C3=9Cbungen?= <noreply@" . $_SERVER['SERVER_NAME'] . ">" . PHP_EOL . "Reply-To: " . $support_mail . PHP_EOL); user()->ssh = array('account' => $_POST['fb_account'], 'code' => $security_code); user_save(); status_message("Wir haben Dir Deinen neuen Sicherheitscode zugeschickt!"); gotop("index.php?q=acc"); } if (isset($_POST['ldap_connect']) && $ldap_server) { if (ldap_authenticate(user()->name, $_POST['ldap_pass'])) { user()->flags |= USER_FLAG_IS_LDAP_ACCOUNT; user()->pass = ''; user()->salt = ''; user_save(); $database->query('DELETE FROM user_autologin WHERE user_id = ' . user()->id); session_destroy(); session_start(); status_message("Dein Account ist jetzt mit dem LDAP-Server verknüpft."); gotop("index.php"); } else { status_message("Dein LDAP-Kennwort war nicht korrekt, oder Du hast keinen LDAP-Account"); } gotop("index.php?q=acc"); } } elseif (!empty($_POST)) {
} else { // Checken, ob der Name schon vergeben ist $name = str_replace(array('<', "\n", '>'), '', $name); $stmt = $database->prepare('SELECT count(*) FROM users WHERE name = ?'); $stmt->execute(array($name)); if ($stmt->fetchColumn() > 0) { $errName = 'Dieser Benutzername ist bereits vergeben.'; } } if (empty($pass)) { $errPass = '******'; } // LDAP Server gegenchecken $is_ldap_account = false; if ($ldap_server && !$errPass && !$errName && ldap_check_if_name_exists($name)) { if (!ldap_authenticate($name, $pass)) { $errName = 'Dieser Benutzername ist bereits im LDAP vergeben'; $errPass = '******'; } else { $is_ldap_account = true; } } if ($errPass == $errName && $errName == "") { // Benutzer erstellen $user = user(); $user->name = $name; if ($is_ldap_account) { $user->flags = USER_FLAG_IS_LDAP_ACCOUNT; } else { $salt = base_convert(rand(0, 36 * 36 - 1), 10, 36); $passSha = sha1($salt . $pass);
function auth_does_password_match($p_user_id, $p_test_password) { $t_configured_login_method = config_get('login_method'); if (LDAP == $t_configured_login_method) { return ldap_authenticate($p_user_id, $p_test_password); } $t_password = user_get_field($p_user_id, 'password'); $t_login_methods = array(MD5, CRYPT, PLAIN); foreach ($t_login_methods as $t_login_method) { # pass the stored password in as the salt if (auth_process_plain_password($p_test_password, $t_password, $t_login_method) == $t_password) { # Check for migration to another login method and test whether the password was encrypted # with our previously insecure implemention of the CRYPT method if ($t_login_method != $t_configured_login_method || CRYPT == $t_configured_login_method && substr($t_password, 0, 2) == substr($p_test_password, 0, 2)) { user_set_password($p_user_id, $p_test_password, true); } return true; } } return false; }