/**
* Log the user from its credentials
* @static
* @param string $user_id The user id
* @param string $pwd The password
* @param bool $bypass_pwd Ignore password or not
* @param bool $cookieLogin Is it a logging from the remember me cookie?
* @param string $returnSeed The unique seed
* @return int
*/
static function logUser($user_id, $pwd, $bypass_pwd = false, $cookieLogin = false, $returnSeed = "")
{
$user_id = self::filterUserSensitivity($user_id);
if ($cookieLogin && !isset($_COOKIE["AjaXplorer-remember"])) {
return -5;
// SILENT IGNORE
}
if ($cookieLogin) {
list($user_id, $pwd) = explode(":", $_COOKIE["AjaXplorer-remember"]);
}
$confDriver = ConfService::getConfStorageImpl();
if ($user_id == null) {
if (isset($_SESSION["AJXP_USER"]) && is_object($_SESSION["AJXP_USER"])) {
return 1;
}
if (ConfService::getCoreConf("ALLOW_GUEST_BROWSING", "auth")) {
$authDriver = ConfService::getAuthDriverImpl();
if (!$authDriver->userExists("guest")) {
AuthService::createUser("guest", "");
$guest = $confDriver->createUserObject("guest");
$guest->save("superuser");
}
AuthService::logUser("guest", null);
return 1;
}
return 0;
}
$authDriver = ConfService::getAuthDriverImpl();
// CHECK USER PASSWORD HERE!
$loginAttempt = AuthService::getBruteForceLoginArray();
$bruteForceLogin = AuthService::checkBruteForceLogin($loginAttempt);
AuthService::setBruteForceLoginArray($loginAttempt);
if (!$authDriver->userExists($user_id)) {
if ($bruteForceLogin === FALSE) {
return -4;
} else {
return 0;
}
}
if (!$bypass_pwd) {
if (!AuthService::checkPassword($user_id, $pwd, $cookieLogin, $returnSeed)) {
if ($bruteForceLogin === FALSE) {
return -4;
} else {
if ($cookieLogin) {
return -5;
}
return -1;
}
}
}
// Successful login attempt
unset($loginAttempt[$_SERVER["REMOTE_ADDR"]]);
AuthService::setBruteForceLoginArray($loginAttempt);
// Setting session credentials if asked in config
if (ConfService::getCoreConf("SESSION_SET_CREDENTIALS", "auth")) {
list($authId, $authPwd) = $authDriver->filterCredentials($user_id, $pwd);
AJXP_Safe::storeCredentials($authId, $authPwd);
}
$user = $confDriver->createUserObject($user_id);
if ($authDriver->isAjxpAdmin($user_id)) {
$user->setAdmin(true);
}
if ($user->isAdmin()) {
$user = AuthService::updateAdminRights($user);
} else {
if (!$user->hasParent() && $user_id != "guest") {
//$user->setRight("ajxp_shared", "rw");
}
}
$_SESSION["AJXP_USER"] = $user;
if ($authDriver->autoCreateUser() && !$user->storageExists()) {
$user->save("superuser");
// make sure update rights now
}
AJXP_Logger::logAction("Log In");
return 1;
}
function logUser($user_id, $pwd, $bypass_pwd = false, $cookieLogin = false, $returnSeed = "")
{
$confDriver = ConfService::getConfStorageImpl();
if ($user_id == null) {
if (isset($_SESSION["AJXP_USER"]) && is_object($_SESSION["AJXP_USER"])) {
return 1;
}
if (ALLOW_GUEST_BROWSING) {
$authDriver = ConfService::getAuthDriverImpl();
if (!$authDriver->userExists("guest")) {
AuthService::createUser("guest", "");
$guest = $confDriver->createUserObject("guest");
$guest->save();
}
AuthService::logUser("guest", null);
return 1;
}
return 0;
}
$authDriver = ConfService::getAuthDriverImpl();
// CHECK USER PASSWORD HERE!
$loginAttempt = AuthService::getBruteForceLoginArray();
$bruteForceLogin = AuthService::checkBruteForceLogin($loginAttempt);
AuthService::setBruteForceLoginArray($loginAttempt);
if ($bruteForceLogin === FALSE) {
return -1;
}
if (!$authDriver->userExists($user_id)) {
return 0;
}
if (!$bypass_pwd) {
if (!AuthService::checkPassword($user_id, $pwd, $cookieLogin, $returnSeed)) {
return -1;
}
}
// Successful login attempt
unset($loginAttempt[$_SERVER["REMOTE_ADDR"]]);
AuthService::setBruteForceLoginArray($loginAttempt);
$user = $confDriver->createUserObject($user_id);
if ($authDriver->isAjxpAdmin($user_id)) {
$user->setAdmin(true);
}
if ($user->isAdmin()) {
$user = AuthService::updateAdminRights($user);
}
$_SESSION["AJXP_USER"] = $user;
if ($authDriver->autoCreateUser() && !$user->storageExists()) {
$user->save();
}
AJXP_Logger::logAction("Log In");
return 1;
}
