/** * Given a username and password, this function looks them * up using the currently selected authentication mechanism, * and if the authentication is successful, it returns a * valid $user object from the 'user' table. * * Uses auth_ functions from the currently active auth module * * After authenticate_user_login() returns success, you will need to * log that the user has logged in, and call complete_user_login() to set * the session up. * * @uses $CFG * @param string $username User's username (with system magic quotes) * @param string $password User's password (with system magic quotes) * @return user|flase A {@link $USER} object or false if error */ function authenticate_user_login($username, $password) { global $CFG; $authsenabled = get_enabled_auth_plugins(); if ($user = get_complete_user_data('username', $username)) { $auth = empty($user->auth) ? 'manual' : $user->auth; // use manual if auth not set if ($auth == 'nologin' or !is_enabled_auth($auth)) { add_to_log(0, 'login', 'error', 'index.php', $username); error_log('[client ' . getremoteaddr() . "] {$CFG->wwwroot} Disabled Login: {$username} " . $_SERVER['HTTP_USER_AGENT']); return false; } $auths = array($auth); } else { // check if there's a deleted record (cheaply) if (get_field('user', 'id', 'username', $username, 'deleted', 1, '')) { error_log('[client ' . $_SERVER['REMOTE_ADDR'] . "] {$CFG->wwwroot} Deleted Login: {$username} " . $_SERVER['HTTP_USER_AGENT']); return false; } $auths = $authsenabled; $user = new object(); $user->id = 0; // User does not exist } foreach ($auths as $auth) { $authplugin = get_auth_plugin($auth); // on auth fail fall through to the next plugin if (!$authplugin->user_login($username, $password)) { continue; } // successful authentication if ($user->id) { // User already exists in database if (empty($user->auth)) { // For some reason auth isn't set yet set_field('user', 'auth', $auth, 'username', $username); $user->auth = $auth; } if (empty($user->firstaccess)) { //prevent firstaccess from remaining 0 for manual account that never required confirmation set_field('user', 'firstaccess', $user->timemodified, 'id', $user->id); $user->firstaccess = $user->timemodified; } update_internal_user_password($user, $password); // just in case salt or encoding were changed (magic quotes too one day) if (!$authplugin->is_internal()) { // update user record from external DB $user = update_user_record($username, get_auth_plugin($user->auth)); } } else { // if user not found, create him $user = create_user_record($username, $password, $auth); } $authplugin->sync_roles($user); foreach ($authsenabled as $hau) { $hauth = get_auth_plugin($hau); $hauth->user_authenticated_hook($user, $username, $password); } /// Log in to a second system if necessary /// NOTICE: /sso/ will be moved to auth and deprecated soon; use user_authenticated_hook() instead if (!empty($CFG->sso)) { include_once $CFG->dirroot . '/sso/' . $CFG->sso . '/lib.php'; if (function_exists('sso_user_login')) { if (!sso_user_login($username, $password)) { // Perform the signon process notify('Second sign-on failed'); } } } if ($user->id === 0) { return false; } return $user; } // failed if all the plugins have failed add_to_log(0, 'login', 'error', 'index.php', $username); if (debugging('', DEBUG_ALL)) { error_log('[client ' . getremoteaddr() . "] {$CFG->wwwroot} Failed Login: {$username} " . $_SERVER['HTTP_USER_AGENT']); } return false; }
<?php // $Id: login.php,v 1.3 2006/09/20 19:46:53 skodak Exp $ // login.php - action of the login form put up by expired.php. require '../../config.php'; require 'lib.php'; require_login(); // get the login data $frm = data_submitted(''); // log back into Hive if (sso_user_login($frm->username, $frm->password)) { /// reopen Hive redirect($CFG->wwwroot . '/mod/resource/type/repository/hive/openlitebrowse.php'); } else { redirect($CFG->wwwroot . '/sso/hive/expired.php'); } ?>