Пример #1
0
 function autologin()
 {
     if (auth_is_user_authenticated()) {
         return;
     }
     $t_login_method = config_get('login_method');
     if ($t_login_method != BASIC_AUTH) {
         trigger_error("Invalid login method. ({$t_login_method})", ERROR);
     }
     $t_user_id = user_get_id_by_name($_SERVER['REMOTE_USER']);
     if (!$t_user_id) {
         trigger_error('Invalid user.', ERROR);
     }
     user_increment_login_count($t_user_id);
     user_reset_failed_login_count_to_zero($t_user_id);
     user_reset_lost_password_in_progress_count_to_zero($t_user_id);
     auth_set_cookies($t_user_id, true);
     auth_set_tokens($t_user_id);
 }
Пример #2
0
$f_user_id = gpc_get_string('id');
$f_confirm_hash = gpc_get_string('confirm_hash');

# force logout on the current user if already authenticated
if( auth_is_user_authenticated() ) {
	auth_logout();

	# reload the page after logout
	print_header_redirect( "verify.php?id=$f_user_id&confirm_hash=$f_confirm_hash" );
}

$t_calculated_confirm_hash = auth_generate_confirm_hash( $f_user_id );

if ( $f_confirm_hash != $t_calculated_confirm_hash ) {
	trigger_error( ERROR_LOST_PASSWORD_CONFIRM_HASH_INVALID, ERROR );
}

# set a temporary cookie so the login information is passed between pages.
auth_set_cookies( $f_user_id, false );

user_reset_failed_login_count_to_zero( $f_user_id );
user_reset_lost_password_in_progress_count_to_zero( $f_user_id );

# fake login so the user can set their password
auth_attempt_script_login( user_get_field( $f_user_id, 'username' ) );

user_increment_failed_login_count( $f_user_id );

include ( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'account_page.php' );

Пример #3
0
/**
 * Reset the user's password
 *  Take into account the 'send_reset_password' setting
 *   - if it is ON, generate a random password and send an email
 *      (unless the second parameter is false)
 *   - if it is OFF, set the password to blank
 *  Return false if the user is protected, true if the password was
 *   successfully reset
 *
 * @param integer $p_user_id    A valid user identifier.
 * @param boolean $p_send_email Whether to send confirmation email.
 * @return boolean
 */
function user_reset_password($p_user_id, $p_send_email = true)
{
    $t_protected = user_get_field($p_user_id, 'protected');
    # Go with random password and email it to the user
    if (ON == $t_protected) {
        return false;
    }
    # @@@ do we want to force blank password instead of random if
    #      email notifications are turned off?
    #     How would we indicate that we had done this with a return value?
    #     Should we just have two functions? (user_reset_password_random()
    #     and user_reset_password() )?
    if (ON == config_get('send_reset_password') && ON == config_get('enable_email_notification')) {
        $t_email = user_get_field($p_user_id, 'email');
        if (is_blank($t_email)) {
            trigger_error(ERROR_LOST_PASSWORD_NO_EMAIL_SPECIFIED, ERROR);
        }
        # Create random password
        $t_password = auth_generate_random_password();
        $t_password2 = auth_process_plain_password($t_password);
        user_set_field($p_user_id, 'password', $t_password2);
        # Send notification email
        if ($p_send_email) {
            $t_confirm_hash = auth_generate_confirm_hash($p_user_id);
            email_send_confirm_hash_url($p_user_id, $t_confirm_hash);
        }
    } else {
        # use blank password, no emailing
        $t_password = auth_process_plain_password('');
        user_set_field($p_user_id, 'password', $t_password);
        # reset the failed login count because in this mode there is no emailing
        user_reset_failed_login_count_to_zero($p_user_id);
    }
    return true;
}
Пример #4
0
/**
 * Attempt to login the user with the given password
 * If the user fails validation, false is returned
 * If the user passes validation, the cookies are set and
 * true is returned.  If $p_perm_login is true, the long-term
 * cookie is created.
 * @param string $p_username a prepared username
 * @param string $p_password a prepared password
 * @param bool $p_perm_login whether to create a long-term cookie
 * @return bool indicates if authentication was successful
 * @access public
 */
function auth_attempt_login($p_username, $p_password, $p_perm_login = false)
{
    $t_user_id = user_get_id_by_name($p_username);
    $t_login_method = config_get('login_method');
    if (false === $t_user_id) {
        if (BASIC_AUTH == $t_login_method) {
            $t_auto_create = true;
        } else {
            if (LDAP == $t_login_method && ldap_authenticate_by_username($p_username, $p_password)) {
                $t_auto_create = true;
            } else {
                $t_auto_create = false;
            }
        }
        if ($t_auto_create) {
            # attempt to create the user
            $t_cookie_string = user_create($p_username, md5($p_password));
            if (false === $t_cookie_string) {
                # it didn't work
                return false;
            }
            # ok, we created the user, get the row again
            $t_user_id = user_get_id_by_name($p_username);
            if (false === $t_user_id) {
                # uh oh, something must be really wrong
                # @@@ trigger an error here?
                return false;
            }
        } else {
            return false;
        }
    }
    # check for disabled account
    if (!user_is_enabled($t_user_id)) {
        return false;
    }
    # max. failed login attempts achieved...
    if (!user_is_login_request_allowed($t_user_id)) {
        return false;
    }
    # check for anonymous login
    if (!user_is_anonymous($t_user_id)) {
        # anonymous login didn't work, so check the password
        if (!auth_does_password_match($t_user_id, $p_password)) {
            user_increment_failed_login_count($t_user_id);
            return false;
        }
    }
    # ok, we're good to login now
    # increment login count
    user_increment_login_count($t_user_id);
    user_reset_failed_login_count_to_zero($t_user_id);
    user_reset_lost_password_in_progress_count_to_zero($t_user_id);
    # set the cookies
    auth_set_cookies($t_user_id, $p_perm_login);
    auth_set_tokens($t_user_id);
    return true;
}
Пример #5
0
/**
 * Attempt to login the user with the given password
 * If the user fails validation, false is returned
 * If the user passes validation, the cookies are set and
 * true is returned.  If $p_perm_login is true, the long-term
 * cookie is created.
 * @param string  $p_username   A prepared username.
 * @param string  $p_password   A prepared password.
 * @param boolean $p_perm_login Whether to create a long-term cookie.
 * @return boolean indicates if authentication was successful
 * @access public
 */
function auth_attempt_login($p_username, $p_password, $p_perm_login = false)
{
    $t_user_id = auth_get_user_id_from_login_name($p_username);
    if ($t_user_id === false) {
        $t_user_id = auth_auto_create_user($p_username, $p_password);
        if ($t_user_id === false) {
            return false;
        }
    }
    # check for disabled account
    if (!user_is_enabled($t_user_id)) {
        return false;
    }
    # max. failed login attempts achieved...
    if (!user_is_login_request_allowed($t_user_id)) {
        return false;
    }
    # check for anonymous login
    if (!user_is_anonymous($t_user_id)) {
        # anonymous login didn't work, so check the password
        if (!auth_does_password_match($t_user_id, $p_password)) {
            user_increment_failed_login_count($t_user_id);
            return false;
        }
    }
    # ok, we're good to login now
    # increment login count
    user_increment_login_count($t_user_id);
    user_reset_failed_login_count_to_zero($t_user_id);
    user_reset_lost_password_in_progress_count_to_zero($t_user_id);
    # set the cookies
    auth_set_cookies($t_user_id, $p_perm_login);
    auth_set_tokens($t_user_id);
    return true;
}