Changeset 582 for trunk/lib/Auth_SQL.inc.php
- Timestamp:
- Feb 27, 2017 2:29:26 PM (7 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/Auth_SQL.inc.php
r564 r582 425 425 426 426 /** 427 * If user authenticated, register login into session.427 * Check username and password, and create new session if authenticated. 428 428 * 429 429 * @access private 430 430 * @param string $username The username to check. 431 * @param string $password The password to compare tousername.431 * @param string $password The password to compare for username. 432 432 * @return boolean Whether or not the credentials are valid. 433 433 */ … … 437 437 $db =& DB::getInstance(); 438 438 439 if ($user_data = $this->authenticate($username, $password)) { 440 // The credentials match. Now setup the session. 441 return $this->createSession($user_data); 442 } 443 // No login: failed authentication! 444 return false; 445 } 446 447 /** 448 * Create new login session for given user. 449 * 450 * @access private 451 * @param string $user_data User data that is normally returned from this->authenticate(). If provided manually: 452 * Required array values: 453 * 'user_id' => '1' 454 * 'username' => 'name' 455 * Optional array values: 456 * 'match_remote_ip_exempt' => true 457 * 'login_abuse_exempt' => true 458 * 'abuse_warning_level' => true 459 * 'blocked' => true 460 * 'blocked_reason' => '' 461 * 'âŠ' => 'âŠ' (any other values that should be retrievable via this->get()) 462 * @return boolean Whether or not the session was created. It will return true unless abuse detection is enabled and triggered. 463 */ 464 public function createSession($user_data) 465 { 466 $app =& App::getInstance(); 467 $db =& DB::getInstance(); 468 439 469 $this->initDB(); 440 470 441 471 $this->clear(); 442 443 if (!($user_data = $this->authenticate($username, $password))) {444 // No login: failed authentication!445 return false;446 }447 472 448 473 // Convert 'priv' to 'user_type' nomenclature to support older implementations. … … 455 480 'authenticated' => true, 456 481 'user_id' => $user_data['user_id'], 457 'username' => $user name,482 'username' => $user_data['username'], 458 483 'login_datetime' => date('Y-m-d H:i:s'), 459 484 'last_access_datetime' => date('Y-m-d H:i:s'), 460 485 'remote_ip' => getRemoteAddr(), 461 'login_abuse_exempt' => isset($user_data['login_abuse_exempt']) ? !empty($user_data['login_abuse_exempt']) : in_array(strtolower($user name), $this->_params['login_abuse_exempt_usernames']),462 'match_remote_ip_exempt'=> isset($user_data['match_remote_ip_exempt']) ? !empty($user_data['match_remote_ip_exempt']) : in_array(strtolower($user name), $this->_params['match_remote_ip_exempt_usernames']),486 'login_abuse_exempt' => isset($user_data['login_abuse_exempt']) ? !empty($user_data['login_abuse_exempt']) : in_array(strtolower($user_data['username']), $this->_params['login_abuse_exempt_usernames']), 487 'match_remote_ip_exempt'=> isset($user_data['match_remote_ip_exempt']) ? !empty($user_data['match_remote_ip_exempt']) : in_array(strtolower($user_data['username']), $this->_params['match_remote_ip_exempt_usernames']), 463 488 'user_data' => $user_data 464 489 ); … … 468 493 */ 469 494 if ($this->getParam('blocking')) { 470 if (!empty($user_data['blocked'])) { 471 495 if (isset($user_data['blocked']) && !empty($user_data['blocked'])) { 496 switch ($this->get('blocked_reason')) { 497 case 'account abuse' : 498 $app->raiseMsg(sprintf(_("This account has been blocked due to possible account abuse. Please contact an administrator to reactivate."), null), MSG_WARNING, __FILE__, __LINE__); 499 break; 500 default : 501 $app->raiseMsg(sprintf(_("This account is currently not active. %s"), $this->get('blocked_reason')), MSG_WARNING, __FILE__, __LINE__); 502 break; 503 } 504 505 // No login: user is blocked! 472 506 $app->logMsg(sprintf('User_id %s (%s) login failed due to blocked account: %s', $this->get('user_id'), $this->get('username'), $this->get('blocked_reason')), LOG_NOTICE, __FILE__, __LINE__); 473 474 switch ($user_data['blocked_reason']) {475 case 'account abuse' :476 $app->raiseMsg(sprintf(_("This account has been blocked due to possible account abuse. Please contact an administrator to reactivate."), null), MSG_WARNING, __FILE__, __LINE__);477 break;478 default :479 $app->raiseMsg(sprintf(_("This account is currently not active. %s"), $user_data['blocked_reason']), MSG_WARNING, __FILE__, __LINE__);480 break;481 }482 483 // No login: user is blocked!484 507 $this->clear(); 485 508 return false; … … 548 571 "); 549 572 550 // We're logged-in!573 // Session created! We're logged-in! 551 574 return true; 552 575 }
Note: See TracChangeset
for help on using the changeset viewer.