Пример #1
0
 /**
  * Check if a user provided the right credentials
  * @param string $username
  * @param string $password
  * @param string $method '', 'oauth', 'ldap', 'native'
  * @access public static
  * @return integer user_id on success, 0 if account or user is disabled, -1 if password is wrong
  * @version 1.0
  */
 public static function checkLogin($username, $password, $method = 'native')
 {
     global $db;
     $email_address = $username;
     //handle multiple email addresses
     $temp = $db->Query("SELECT id FROM {user_emails} WHERE email_address = ?", $email_address);
     $user_id = $db->FetchRow($temp);
     $user_id = $user_id["id"];
     $result = $db->Query("SELECT  uig.*, g.group_open, u.account_enabled, u.user_pass,\n                                        lock_until, login_attempts\n                                FROM  {users_in_groups} uig\n                           LEFT JOIN  {groups} g ON uig.group_id = g.group_id\n                           LEFT JOIN  {users} u ON uig.user_id = u.user_id\n                               WHERE  u.user_id = ? OR u.user_name = ? AND g.project_id = ?\n                            ORDER BY  g.group_id ASC", array($user_id, $username, 0));
     $auth_details = $db->FetchRow($result);
     if ($auth_details === false) {
         return -2;
     }
     if (!$result || !count($auth_details)) {
         return 0;
     }
     if ($method != 'ldap') {
         //encrypt the password with the method used in the db
         switch (strlen($auth_details['user_pass'])) {
             case 40:
                 $password = sha1($password);
                 break;
             case 32:
                 $password = md5($password);
                 break;
             default:
                 $password = crypt($password, $auth_details['user_pass']);
                 //using the salt from db
                 break;
         }
     }
     if ($auth_details['lock_until'] > 0 && $auth_details['lock_until'] < time()) {
         $db->Query('UPDATE {users} SET lock_until = 0, account_enabled = 1, login_attempts = 0
                        WHERE user_id = ?', array($auth_details['user_id']));
         $auth_details['account_enabled'] = 1;
         $_SESSION['was_locked'] = true;
     }
     // skip password check if the user is using oauth
     if ($method == 'oauth') {
         $pwOk = true;
     } elseif ($method == 'ldap') {
         $pwOk = Flyspray::checkForLDAPUser($username, $password);
     } else {
         // Compare the crypted password to the one in the database
         $pwOk = $password == $auth_details['user_pass'];
     }
     // Admin users cannot be disabled
     if ($auth_details['group_id'] == 1 && $pwOk) {
         return $auth_details['user_id'];
     }
     if ($pwOk && $auth_details['account_enabled'] == '1' && $auth_details['group_open'] == '1') {
         return $auth_details['user_id'];
     }
     return $auth_details['account_enabled'] && $auth_details['group_open'] ? 0 : -1;
 }