/** * Authenticates a user (Check various conditions for the user that might invalidate its * authentication, e.g., password match, domain, IP, etc.). * * @param array $user Data of user. * @return int|FALSE */ public function authUser(array $user) { if (!Configuration::isInitialized()) { // Early return since LDAP is not configured return static::STATUS_AUTHENTICATION_FAILURE_CONTINUE; } if (TYPO3_MODE === 'BE') { $status = Configuration::getValue('BEfailsafe') ? static::STATUS_AUTHENTICATION_FAILURE_CONTINUE : static::STATUS_AUTHENTICATION_FAILURE_BREAK; } else { $status = static::STATUS_AUTHENTICATION_FAILURE_CONTINUE; } $enableFrontendSso = TYPO3_MODE === 'FE' && (bool) $this->config['enableFESSO'] && !empty($_SERVER['REMOTE_USER']); if (($this->login['uident'] && $this->login['uname'] || $enableFrontendSso) && !empty($user['tx_igldapssoauth_dn'])) { if (isset($user['tx_igldapssoauth_from'])) { $status = static::STATUS_AUTHENTICATION_SUCCESS_BREAK; } elseif (TYPO3_MODE === 'BE' && Configuration::getValue('BEfailsafe')) { return static::STATUS_AUTHENTICATION_FAILURE_CONTINUE; } else { // Failed login attempt (wrong password) - write that to the log! static::getLogger()->warning('Password not accepted: ' . array('username' => $this->login['uname'], 'remote' => sprintf('%s (%s)', $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST']))); $status = static::STATUS_AUTHENTICATION_FAILURE_BREAK; } // Checking the domain (lockToDomain) if ($status && $user['lockToDomain'] && $user['lockToDomain'] != $this->authInfo['HTTP_HOST']) { // Lock domain didn't match, so error: static::getLogger()->error(sprintf('Locked domain "%s" did not match "%s"', $user['lockToDomain'], $this->authInfo['HTTP_HOST']), array('username' => $user[$this->db_user['username_column']], 'remote' => sprintf('%s (%s)', $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST']))); $status = static::STATUS_AUTHENTICATION_FAILURE_BREAK; } } return $status; }