示例#1
0
 function method_setpassword($params, $error)
 {
     if (count($params) != 2) {
         $error->SetError(JsonRpcError_ParameterMismatch, "Expected 2 parameters; got " . count($params));
         return $error;
     }
     if (!check_permission($_SESSION['member_id'], "SET_PASSWORD")) {
         $error->SetError(JsonRpcError_PermissionDenied, "Permission Denied (SET_PASSWORD)");
         return $error;
     }
     $ret = "";
     /* Get username from member_id */
     $link = db_link2();
     if ($stmt = mysqli_prepare($link, "select m.username from members m where m.member_id = ?")) {
         mysqli_stmt_bind_param($stmt, "i", $params[0]);
         mysqli_stmt_execute($stmt);
         mysqli_stmt_bind_result($stmt, $username);
         mysqli_stmt_fetch($stmt);
         mysqli_stmt_close($stmt);
     } else {
         return "Failed to get username.";
     }
     /* Check user actaully exists in krb database, and create if not */
     $krb5 = krb_auth();
     switch ($krb5->user_exists($username)) {
         case TRUE:
             if (!$krb5->change_password($username, $params[1])) {
                 $ret = "Failed to set password";
             }
             break;
         case FALSE:
             if (!$krb5->add_user($username, $params[1])) {
                 $ret = "User didn't exist in krb5 database - and failed to add";
             }
             break;
         default:
             /* Probably a connection failure to kerberos */
             $ret = "Failed on checking krb5 database for user";
     }
     mysqli_close($link);
     return $ret;
 }
function login()
{
    $result = array();
    if (!isset($_POST["username"]) || !isset($_POST["password"])) {
        $result['access_granted'] = false;
        $result['error'] = 'Missing username/password';
    } else {
        $username = $_POST["username"];
        $password = $_POST["password"];
        /* Replace anything that isn't a-Z, 0-9 with an underscore (mostly after spaces...) */
        $username = preg_replace('/[^a-zA-Z0-9]/', '_', $username);
        $oInstDB = db_link();
        if ($oInstDB->sp_wiki_login($username, $email, $name, $ret)) {
            if ($ret == 1) {
                /* check password */
                $krb5 = krb_auth();
                if ($krb5->check_password($username, $password)) {
                    $result['access_granted'] = true;
                    $result['name'] = $name;
                    $result['email'] = $email;
                } else {
                    $result['access_granted'] = false;
                    $result['error'] = "Incorrect password / password check failed for [{$username}]";
                }
            } else {
                $result['access_granted'] = false;
                $result['error'] = 'Unknown username / no Wiki permission';
            }
        } else {
            $result['access_granted'] = false;
            $result['error'] = 'DB check failed';
        }
    }
    return $result;
}