示例#1
0
 function autologin()
 {
     if (auth_is_user_authenticated()) {
         return;
     }
     $t_login_method = config_get('login_method');
     if ($t_login_method != BASIC_AUTH) {
         trigger_error("Invalid login method. ({$t_login_method})", ERROR);
     }
     $t_user_id = user_get_id_by_name($_SERVER['REMOTE_USER']);
     if (!$t_user_id) {
         trigger_error('Invalid user.', ERROR);
     }
     user_increment_login_count($t_user_id);
     user_reset_failed_login_count_to_zero($t_user_id);
     user_reset_lost_password_in_progress_count_to_zero($t_user_id);
     auth_set_cookies($t_user_id, true);
     auth_set_tokens($t_user_id);
 }
示例#2
0
$f_user_id = gpc_get_string('id');
$f_confirm_hash = gpc_get_string('confirm_hash');

# force logout on the current user if already authenticated
if( auth_is_user_authenticated() ) {
	auth_logout();

	# reload the page after logout
	print_header_redirect( "verify.php?id=$f_user_id&confirm_hash=$f_confirm_hash" );
}

$t_calculated_confirm_hash = auth_generate_confirm_hash( $f_user_id );

if ( $f_confirm_hash != $t_calculated_confirm_hash ) {
	trigger_error( ERROR_LOST_PASSWORD_CONFIRM_HASH_INVALID, ERROR );
}

# set a temporary cookie so the login information is passed between pages.
auth_set_cookies( $f_user_id, false );

user_reset_failed_login_count_to_zero( $f_user_id );
user_reset_lost_password_in_progress_count_to_zero( $f_user_id );

# fake login so the user can set their password
auth_attempt_script_login( user_get_field( $f_user_id, 'username' ) );

user_increment_failed_login_count( $f_user_id );

include ( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'account_page.php' );
示例#3
0
/**
 * Attempt to login the user with the given password
 * If the user fails validation, false is returned
 * If the user passes validation, the cookies are set and
 * true is returned.  If $p_perm_login is true, the long-term
 * cookie is created.
 * @param string $p_username a prepared username
 * @param string $p_password a prepared password
 * @param bool $p_perm_login whether to create a long-term cookie
 * @return bool indicates if authentication was successful
 * @access public
 */
function auth_attempt_login($p_username, $p_password, $p_perm_login = false)
{
    $t_user_id = user_get_id_by_name($p_username);
    $t_login_method = config_get('login_method');
    if (false === $t_user_id) {
        if (BASIC_AUTH == $t_login_method) {
            $t_auto_create = true;
        } else {
            if (LDAP == $t_login_method && ldap_authenticate_by_username($p_username, $p_password)) {
                $t_auto_create = true;
            } else {
                $t_auto_create = false;
            }
        }
        if ($t_auto_create) {
            # attempt to create the user
            $t_cookie_string = user_create($p_username, md5($p_password));
            if (false === $t_cookie_string) {
                # it didn't work
                return false;
            }
            # ok, we created the user, get the row again
            $t_user_id = user_get_id_by_name($p_username);
            if (false === $t_user_id) {
                # uh oh, something must be really wrong
                # @@@ trigger an error here?
                return false;
            }
        } else {
            return false;
        }
    }
    # check for disabled account
    if (!user_is_enabled($t_user_id)) {
        return false;
    }
    # max. failed login attempts achieved...
    if (!user_is_login_request_allowed($t_user_id)) {
        return false;
    }
    # check for anonymous login
    if (!user_is_anonymous($t_user_id)) {
        # anonymous login didn't work, so check the password
        if (!auth_does_password_match($t_user_id, $p_password)) {
            user_increment_failed_login_count($t_user_id);
            return false;
        }
    }
    # ok, we're good to login now
    # increment login count
    user_increment_login_count($t_user_id);
    user_reset_failed_login_count_to_zero($t_user_id);
    user_reset_lost_password_in_progress_count_to_zero($t_user_id);
    # set the cookies
    auth_set_cookies($t_user_id, $p_perm_login);
    auth_set_tokens($t_user_id);
    return true;
}
示例#4
0
/**
 * Impersonates the specified user by logging in.
 *
 * @param int $p_user_id The user id.
 * @return void
 */
function auth_impersonate($p_user_id)
{
    auth_ensure_can_impersonate($p_user_id);
    auth_set_cookies($p_user_id, false);
    auth_set_tokens($p_user_id);
}
示例#5
0
/**
 * Attempt to login the user with the given password
 * If the user fails validation, false is returned
 * If the user passes validation, the cookies are set and
 * true is returned.  If $p_perm_login is true, the long-term
 * cookie is created.
 * @param string  $p_username   A prepared username.
 * @param string  $p_password   A prepared password.
 * @param boolean $p_perm_login Whether to create a long-term cookie.
 * @return boolean indicates if authentication was successful
 * @access public
 */
function auth_attempt_login($p_username, $p_password, $p_perm_login = false)
{
    $t_user_id = auth_get_user_id_from_login_name($p_username);
    if ($t_user_id === false) {
        $t_user_id = auth_auto_create_user($p_username, $p_password);
        if ($t_user_id === false) {
            return false;
        }
    }
    # check for disabled account
    if (!user_is_enabled($t_user_id)) {
        return false;
    }
    # max. failed login attempts achieved...
    if (!user_is_login_request_allowed($t_user_id)) {
        return false;
    }
    # check for anonymous login
    if (!user_is_anonymous($t_user_id)) {
        # anonymous login didn't work, so check the password
        if (!auth_does_password_match($t_user_id, $p_password)) {
            user_increment_failed_login_count($t_user_id);
            return false;
        }
    }
    # ok, we're good to login now
    # increment login count
    user_increment_login_count($t_user_id);
    user_reset_failed_login_count_to_zero($t_user_id);
    user_reset_lost_password_in_progress_count_to_zero($t_user_id);
    # set the cookies
    auth_set_cookies($t_user_id, $p_perm_login);
    auth_set_tokens($t_user_id);
    return true;
}
示例#6
0
require_api('lang_api.php');
require_api('print_api.php');
require_api('string_api.php');
require_api('user_api.php');
require_api('utility_api.php');
form_security_validate('account_update');
# If token is set, it's a password reset request from verify.php, and if
# not we need to reauthenticate the user
$t_verify_user_id = gpc_get('verify_user_id', false);
$t_account_verification = $t_verify_user_id ? token_get_value(TOKEN_ACCOUNT_VERIFY, $t_verify_user_id) : false;
if (!$t_account_verification) {
    auth_reauthenticate();
    $t_user_id = auth_get_current_user_id();
} else {
    # set a temporary cookie so the login information is passed between pages.
    auth_set_cookies($t_verify_user_id, false);
    # fake login so the user can set their password
    auth_attempt_script_login(user_get_field($t_verify_user_id, 'username'));
    $t_user_id = $t_verify_user_id;
}
auth_ensure_user_authenticated();
current_user_ensure_unprotected();
$f_email = gpc_get_string('email', '');
$f_realname = gpc_get_string('realname', '');
$f_password_current = gpc_get_string('password_current', '');
$f_password = gpc_get_string('password', '');
$f_password_confirm = gpc_get_string('password_confirm', '');
$t_redirect_url = 'index.php';
# @todo Listing what fields were updated is not standard behaviour of MantisBT - it also complicates the code.
$t_update_email = null;
$t_update_password = null;