/** * Checks the config.php AUTHCFG value for login type and forks off to the proper module * * @param string $user_password - The password of the user to authenticate * @return true if the user is authenticated, false otherwise */ function doLogin($userPassword) { $userName = $this->column_fields["user_name"]; $userid = $this->retrieve_user_id($userName); $this->log->debug("Start of authentication for user: {$userName}"); $result = $this->db->pquery('SELECT * FROM yetiforce_auth'); $auth = []; for ($i = 0; $i < $this->db->num_rows($result); $i++) { $row = $this->db->raw_query_result_rowdata($result, $i); $auth[$row['type']][$row['param']] = $row['value']; } if ($auth['ldap']['active'] == 'true') { $this->log->debug('Start LDAP authentication'); $users = explode(',', $auth['ldap']['users']); if (in_array($userid, $users)) { $bind = FALSE; $port = $auth['ldap']['port'] == '' ? 389 : $auth['ldap']['port']; $ds = @ldap_connect($auth['ldap']['server'], $port); if (!$ds) { $this->log->error('Error LDAP authentication: Could not connect to LDAP server.'); } @ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); // Try version 3. Will fail and default to v2. @ldap_set_option($ds, LDAP_OPT_REFERRALS, 0); if ($port != 636) { @ldap_start_tls($ds); } $bind = @ldap_bind($ds, $userName . $auth['ldap']['domain'], $userPassword); if (!$bind) { $this->log->error('LDAP authentication: LDAP bind failed.'); } return $bind; } else { $this->log->error("{$userName} user does not belong to the LDAP"); } $this->log->debug('End LDAP authentication'); } //Default authentication $this->log->debug('Using integrated/SQL authentication'); $query = "SELECT crypt_type, user_name FROM {$this->table_name} WHERE user_name=?"; $result = $this->db->requirePsSingleResult($query, array($userName), false); if (empty($result)) { $this->log->error("User not found: {$userName}"); return FALSE; } $cryptType = $this->db->query_result($result, 0, 'crypt_type'); $this->column_fields["user_name"] = $this->db->query_result($result, 0, 'user_name'); $encryptedPassword = $this->encrypt_password($userPassword, $cryptType); $query = "SELECT 1 from {$this->table_name} where user_name=? AND user_password=? AND status = ?"; $result = $this->db->requirePsSingleResult($query, array($userName, $encryptedPassword, 'Active'), false); if (!empty($result)) { $this->log->debug("Authentication OK. User: {$userName}"); return TRUE; } $this->log->debug("Authentication failed. User: {$userName}"); return FALSE; }
/** Function to authenticate the current user with the given password * @param $password -- password::Type varchar * @returns true if authenticated or false if not authenticated */ function authenticate_user($password) { $usr_name = $this->column_fields["user_name"]; $query = "SELECT * from {$this->table_name} where user_name=? AND user_hash=?"; $params = array($usr_name, $password); $result = $this->db->requirePsSingleResult($query, $params, false); if (empty($result)) { $this->log->fatal("SECURITY: failed login by {$usr_name}"); return false; } return true; }
/** * Checks the config.php AUTHCFG value for login type and forks off to the proper module * * @param string $user_password - The password of the user to authenticate * @return true if the user is authenticated, false otherwise */ function doLogin($user_password) { global $AUTHCFG; $usr_name = $this->column_fields["user_name"]; switch (strtoupper($AUTHCFG['authType'])) { case 'LDAP': $this->log->debug("Using LDAP authentication"); require_once('modules/Users/authTypes/LDAP.php'); $result = ldapAuthenticate($this->column_fields["user_name"], $user_password); if ($result == NULL) { return false; } else { return true; } break; case 'AD': $this->log->debug("Using Active Directory authentication"); require_once('modules/Users/authTypes/adLDAP.php'); $adldap = new adLDAP(); if ($adldap->authenticate($this->column_fields["user_name"],$user_password)) { return true; } else { return false; } break; default: $this->log->debug("Using integrated/SQL authentication"); $query = "SELECT crypt_type, user_name FROM $this->table_name WHERE user_name=?"; $result = $this->db->requirePsSingleResult($query, array($usr_name), false); if (empty($result)) { return false; } $crypt_type = $this->db->query_result($result, 0, 'crypt_type'); $this->column_fields["user_name"] = $this->db->query_result($result, 0, 'user_name'); $encrypted_password = $this->encrypt_password($user_password, $crypt_type); $query = "SELECT 1 from $this->table_name where user_name=? AND user_password=? AND status = ?"; $result = $this->db->requirePsSingleResult($query, array($usr_name, $encrypted_password, 'Active'), false); if (empty($result)) { return false; } else { return true; } break; } return false; }