Changeset 582 for trunk/lib

Timestamp:

Feb 27, 2017 2:29:26 PM (7 years ago)

Author:

anonymous

Message:

Created stand-alone createSession() function from code that was in the login() function (which now just calls createSession() internaly).

File:

• trunk/lib/Auth_SQL.inc.php (modified) (5 diffs)

trunk/lib/Auth_SQL.inc.php

@@ -425 +425 @@
 
     /**
-     * If user authenticated, register login into session.
+     * Check username and password, and create new session if authenticated.
      *
      * @access private
      * @param string $username     The username to check.
-     * @param string $password     The password to compare to username.
+     * @param string $password     The password to compare for username.
      * @return boolean  Whether or not the credentials are valid.
      */
@@ -437 +437 @@
         $db =& DB::getInstance();
 
+        if ($user_data = $this->authenticate($username, $password)) {
+            // The credentials match. Now setup the session.
+            return $this->createSession($user_data);
+        }
+        // No login: failed authentication!
+        return false;
+    }
+
+    /**
+     * Create new login session for given user.
+     *
+     * @access private
+     * @param string $user_data User data that is normally returned from this->authenticate(). If provided manually:
+     *                          Required array values:
+     *                              'user_id' => '1'
+     *                              'username' => 'name'
+     *                          Optional array values:
+     *                              'match_remote_ip_exempt' => true
+     *                              'login_abuse_exempt' => true
+     *                              'abuse_warning_level' => true
+     *                              'blocked' => true
+     *                              'blocked_reason' => ''
+     *                              '
' => '
' (any other values that should be retrievable via this->get())
+     * @return boolean          Whether or not the session was created. It will return true unless abuse detection is enabled and triggered.
+     */
+    public function createSession($user_data)
+    {
+        $app =& App::getInstance();
+        $db =& DB::getInstance();
+
         $this->initDB();
 
         $this->clear();
-
-        if (!($user_data = $this->authenticate($username, $password))) {
-            // No login: failed authentication!
-            return false;
-        }
 
         // Convert 'priv' to 'user_type' nomenclature to support older implementations.
@@ -455 +480 @@
             'authenticated'         => true,
             'user_id'               => $user_data['user_id'],
-            'username'              => $username,
+            'username'              => $user_data['username'],
             'login_datetime'        => date('Y-m-d H:i:s'),
             'last_access_datetime'  => date('Y-m-d H:i:s'),
             'remote_ip'             => getRemoteAddr(),
-            'login_abuse_exempt'    => isset($user_data['login_abuse_exempt']) ? !empty($user_data['login_abuse_exempt']) : in_array(strtolower($username), $this->_params['login_abuse_exempt_usernames']),
-            'match_remote_ip_exempt'=> isset($user_data['match_remote_ip_exempt']) ? !empty($user_data['match_remote_ip_exempt']) : in_array(strtolower($username), $this->_params['match_remote_ip_exempt_usernames']),
+            'login_abuse_exempt'    => isset($user_data['login_abuse_exempt']) ? !empty($user_data['login_abuse_exempt']) : in_array(strtolower($user_data['username']), $this->_params['login_abuse_exempt_usernames']),
+            'match_remote_ip_exempt'=> isset($user_data['match_remote_ip_exempt']) ? !empty($user_data['match_remote_ip_exempt']) : in_array(strtolower($user_data['username']), $this->_params['match_remote_ip_exempt_usernames']),
             'user_data'             => $user_data
         );
@@ -468 +493 @@
          */
         if ($this->getParam('blocking')) {
-            if (!empty($user_data['blocked'])) {
-
+            if (isset($user_data['blocked']) && !empty($user_data['blocked'])) {
+                switch ($this->get('blocked_reason')) {
+                case 'account abuse' :
+                    $app->raiseMsg(sprintf(_("This account has been blocked due to possible account abuse. Please contact an administrator to reactivate."), null), MSG_WARNING, __FILE__, __LINE__);
+                    break;
+                default :
+                    $app->raiseMsg(sprintf(_("This account is currently not active. %s"), $this->get('blocked_reason')), MSG_WARNING, __FILE__, __LINE__);
+                    break;
+                }
+
+                // No login: user is blocked!
                 $app->logMsg(sprintf('User_id %s (%s) login failed due to blocked account: %s', $this->get('user_id'), $this->get('username'), $this->get('blocked_reason')), LOG_NOTICE, __FILE__, __LINE__);
-
-                switch ($user_data['blocked_reason']) {
-                    case 'account abuse' :
-                        $app->raiseMsg(sprintf(_("This account has been blocked due to possible account abuse. Please contact an administrator to reactivate."), null), MSG_WARNING, __FILE__, __LINE__);
-                        break;
-                    default :
-                        $app->raiseMsg(sprintf(_("This account is currently not active. %s"), $user_data['blocked_reason']), MSG_WARNING, __FILE__, __LINE__);
-                        break;
-                }
-
-                // No login: user is blocked!
                 $this->clear();
                 return false;
@@ -548 +571 @@
         ");
 
-        // We're logged-in!
+        // Session created! We're logged-in!
         return true;
     }