function login($success, $username, $password, $remember_me) { global $conf; $allow_auth = False; $obj = new Ldap(); $obj->load_config(); $obj->ldap_conn() or error_log("Unable to connect LDAP server : " . $obj->getErrorString()); // if there's a users group... if ($obj->config['users_group']) { // and the user is in if ($obj->user_membership($username, $obj->ldap_group($obj->config['users_group']))) { // it can continue $allow_auth = True; } else { // otherwise it means the user is not allowed to enter ! fail($username); } } else { // if there's no user group, we can continue. $allow_auth = True; } if ($allow_auth) { if ($obj->ldap_bind_as($username, $password)) { // bind with userdn // search user in piwigo database $query = ' SELECT ' . $conf['user_fields']['id'] . ' AS id FROM ' . USERS_TABLE . ' WHERE ' . $conf['user_fields']['username'] . ' = \'' . pwg_db_real_escape_string($username) . '\';'; $row = pwg_db_fetch_assoc(pwg_query($query)); // if query is not empty, it means everything is ok and we can continue, auth is done ! if (!empty($row['id'])) { update_user($username, $row['id']); log_user($row['id'], $remember_me); trigger_action('login_success', stripslashes($username)); return True; } else { // this is where we check we are allowed to create new users upon that. if ($obj->config['allow_newusers']) { // we got the email address if ($obj->ldap_mail($username)) { $mail = $obj->ldap_mail($username); } else { $mail = NULL; } // we actually register the new user $new_id = register_user($username, random_password(8), $mail); update_user($username, $new_id); // now we fetch again his id in the piwigo db, and we get them, as we just created him ! log_user($new_id, False); trigger_action('login_success', stripslashes($username)); redirect('profile.php'); return true; } else { fail($username); } } } else { fail($username); } } else { fail($username); } }
/** * Master trigger function, creates a new trigger * @author Kieran Hogg * @param $triggerid string The name of the trigger to fire * @param $paramarray array Extra parameters to pass the trigger * @return bool TRUE if the trigger created successfully, FALSE if not */ function trigger($triggerid, $paramarray = '') { global $sit, $CONFIG, $dbg, $dbTriggers, $triggerarray; global $dbTriggers; // Check that this is a defined trigger if (!array_key_exists($triggerid, $triggerarray)) { trigger_error("Trigger '{$triggerid}' not defined", E_USER_WARNING); return; } plugin_do($triggerid); if ($CONFIG['debug'] && $paramarray != '') { foreach (array_keys($paramarray) as $key) { //parse parameter array $dbg .= "\$paramarray[{$key}] = " . $paramarray[$key] . "\n"; if ($key == "user") { $userid = $paramarray[$key]; } // TODO do we need to check for any 'special' keys here? } } //find relevant triggers $sql = "SELECT * FROM `{$dbTriggers}` WHERE triggerid='{$triggerid}'"; if ($userid) { $sql .= "AND userid={$userid}"; } $result = mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_WARNING); } while ($triggerobj = mysql_fetch_object($result)) { //see if we have any checks first if (!empty($triggerobj->checks)) { if (!trigger_checks($triggerobj->checks, $paramarray)) { $checks = trigger_replace_specials($triggerid, $triggerobj->checks, $paramarray); $eresult = @eval("\$value = {$checks};return TRUE;"); if (!$eresult) { trigger_error("Error in trigger rule for {$triggerid}, check your <a href='triggers.php'>trigger rules</a>.", E_USER_WARNING); } if ($value === FALSE) { continue; } } } //if we have any params from the actual trigger, append to user params if (!empty($triggerobj->parameters)) { $resultparams = explode(",", $triggerobj->parameters); foreach ($resultparams as $assigns) { $values = explode("=", $assigns); $paramarray[$values[0]] = $values[1]; if ($CONFIG['debug']) { $dbg .= "\$paramarray[{$values[0]}] = {$values[1]}\n"; } } } if ($CONFIG['debug']) { $dbg .= "TRIGGER: trigger_action({$triggerobj->userid}, {$triggerid},\n {$triggerobj->action}, {$paramarray}) called \n"; } $return = trigger_action($triggerobj->userid, $triggerid, $triggerobj->action, $paramarray, $triggerobj->template); } return $return; }