/** * Log the user from its credentials * @static * @param string $user_id The user id * @param string $pwd The password * @param bool $bypass_pwd Ignore password or not * @param bool $cookieLogin Is it a logging from the remember me cookie? * @param string $returnSeed The unique seed * @return int */ static function logUser($user_id, $pwd, $bypass_pwd = false, $cookieLogin = false, $returnSeed = "") { $user_id = self::filterUserSensitivity($user_id); if ($cookieLogin && !isset($_COOKIE["AjaXplorer-remember"])) { return -5; // SILENT IGNORE } if ($cookieLogin) { list($user_id, $pwd) = explode(":", $_COOKIE["AjaXplorer-remember"]); } $confDriver = ConfService::getConfStorageImpl(); if ($user_id == null) { if (isset($_SESSION["AJXP_USER"]) && is_object($_SESSION["AJXP_USER"])) { return 1; } if (ConfService::getCoreConf("ALLOW_GUEST_BROWSING", "auth")) { $authDriver = ConfService::getAuthDriverImpl(); if (!$authDriver->userExists("guest")) { AuthService::createUser("guest", ""); $guest = $confDriver->createUserObject("guest"); $guest->save("superuser"); } AuthService::logUser("guest", null); return 1; } return 0; } $authDriver = ConfService::getAuthDriverImpl(); // CHECK USER PASSWORD HERE! $loginAttempt = AuthService::getBruteForceLoginArray(); $bruteForceLogin = AuthService::checkBruteForceLogin($loginAttempt); AuthService::setBruteForceLoginArray($loginAttempt); if (!$authDriver->userExists($user_id)) { if ($bruteForceLogin === FALSE) { return -4; } else { return 0; } } if (!$bypass_pwd) { if (!AuthService::checkPassword($user_id, $pwd, $cookieLogin, $returnSeed)) { if ($bruteForceLogin === FALSE) { return -4; } else { if ($cookieLogin) { return -5; } return -1; } } } // Successful login attempt unset($loginAttempt[$_SERVER["REMOTE_ADDR"]]); AuthService::setBruteForceLoginArray($loginAttempt); // Setting session credentials if asked in config if (ConfService::getCoreConf("SESSION_SET_CREDENTIALS", "auth")) { list($authId, $authPwd) = $authDriver->filterCredentials($user_id, $pwd); AJXP_Safe::storeCredentials($authId, $authPwd); } $user = $confDriver->createUserObject($user_id); if ($authDriver->isAjxpAdmin($user_id)) { $user->setAdmin(true); } if ($user->isAdmin()) { $user = AuthService::updateAdminRights($user); } else { if (!$user->hasParent() && $user_id != "guest") { //$user->setRight("ajxp_shared", "rw"); } } $_SESSION["AJXP_USER"] = $user; if ($authDriver->autoCreateUser() && !$user->storageExists()) { $user->save("superuser"); // make sure update rights now } AJXP_Logger::logAction("Log In"); return 1; }
function logUser($user_id, $pwd, $bypass_pwd = false, $cookieLogin = false, $returnSeed = "") { $confDriver = ConfService::getConfStorageImpl(); if ($user_id == null) { if (isset($_SESSION["AJXP_USER"]) && is_object($_SESSION["AJXP_USER"])) { return 1; } if (ALLOW_GUEST_BROWSING) { $authDriver = ConfService::getAuthDriverImpl(); if (!$authDriver->userExists("guest")) { AuthService::createUser("guest", ""); $guest = $confDriver->createUserObject("guest"); $guest->save(); } AuthService::logUser("guest", null); return 1; } return 0; } $authDriver = ConfService::getAuthDriverImpl(); // CHECK USER PASSWORD HERE! $loginAttempt = AuthService::getBruteForceLoginArray(); $bruteForceLogin = AuthService::checkBruteForceLogin($loginAttempt); AuthService::setBruteForceLoginArray($loginAttempt); if ($bruteForceLogin === FALSE) { return -1; } if (!$authDriver->userExists($user_id)) { return 0; } if (!$bypass_pwd) { if (!AuthService::checkPassword($user_id, $pwd, $cookieLogin, $returnSeed)) { return -1; } } // Successful login attempt unset($loginAttempt[$_SERVER["REMOTE_ADDR"]]); AuthService::setBruteForceLoginArray($loginAttempt); $user = $confDriver->createUserObject($user_id); if ($authDriver->isAjxpAdmin($user_id)) { $user->setAdmin(true); } if ($user->isAdmin()) { $user = AuthService::updateAdminRights($user); } $_SESSION["AJXP_USER"] = $user; if ($authDriver->autoCreateUser() && !$user->storageExists()) { $user->save(); } AJXP_Logger::logAction("Log In"); return 1; }