Authenticator.inc
3.95 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
<?php
/**
* $Id$
*
* Interface class that performs all authentication functions.
*
* @version $Revision$
* @author michael@jamwarehouse.com
* @package dms
*/
class Authenticator {
/**
* Verifies the login credentials
*
* @param userName
* the user name of the user logging in
* @param password
* the user's password
* @return array containing user details (userName, userID, groupID)
* and authentication status code
*/
function login($userName, $password) {
global $default;
$sql = new Owl_DB;
$query = "select * from $default->owl_users_table where username = '$username' and password = '" . md5($password) . "'";
$sql->query($query);
//$sql->query("select * from $default->owl_users_table where username = '$username' and password = '" . md5($password) . "'");
$numrows = $sql->num_rows($sql);
// Bozz Begin added Password Encryption above, but for now
// I will allow admin to use non crypted password until he
// upgrades all users
if ($numrows == "1") {
while($sql->next_record()) {
if ( $sql->f("disabled") == 1 ) {
$userDetails["status"] = 2;
} else {
$userDetails["status"] = 1;
$userDetails["userName"] = $sql->f("username");
$userDetails["userID"] = $sql->f("id");
$userDetails["groupID"] = $sql->f("groupid");
$maxsessions = $sql->f("maxsessions") + 1;
}
}
// Remove this else in a future version
} elseif ($username == "admin") {
// username admin check password
$sql->query("select * from $default->owl_users_table where username = '$username' and password = '$password'");
$numrows = $sql->num_rows($sql);
if ($numrows == "1") {
while($sql->next_record()) {
$userDetails["status"] = 1;
$userDetails["userName"] = $sql->f("username");
$userDetails["userID"] = $sql->f("id");
$userDetails["groupID"] = $sql->f("groupid");
$maxsessions = $sql->f("maxsessions") + 1;
}
}
// login failure
} else {
$userDetails["status"] = 0;
}
if (isset($userDetails["userID"]) && ($userDetails["status"] != 0)) {
// remove stale sessions from the database for the user
// that is signing on.
Owl_Session::removeStaleSessions($userDetails["userID"]);
// Check if Maxsessions has been reached
$sql = new Owl_DB;
$sql->query("select * from $default->owl_sessions_table where uid = '".$userDetails["userID"]."'");
if ($sql->num_rows($sql) >= $maxsessions && $userDetails["status"] != 0) {
if ( $userDetails["groupID"] == 0) {
// ignore maxsessions check for admin group
$userDetails["status"] = 1;
} else {
// return too many sessions status code
$userDetails["status"] = 3;
}
}
}
return $userDetails;
}
/**
* Logs the user out of the application
*
* @param userID
* the ID of user logging out
* @param sessionID
* the user's sessionID
*/
function logout($userID, $sessionID) {
// remove session from db
Owl_Session::remove($sessionID)
}
}
/**
* Perform authentication tasks against the database.
*/
class DBAuthenticator extends Authenticator {
}
/**
* Perform authentication tasks against LDAP compliant directory server.
*/
class LDAPAuthenticator extends Authenticator {
}
?>