Commit 73f6017ba67dcd67fbe25f55a6c180b5b3a99b6c
1 parent
2a3527ce
updates for just adding userID to session
git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@295 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
29 additions
and
58 deletions
lib/authentication/Authenticator.inc
| ... | ... | @@ -18,79 +18,50 @@ class Authenticator { |
| 18 | 18 | /** |
| 19 | 19 | * Verifies the login credentials |
| 20 | 20 | * |
| 21 | - * @param userName | |
| 22 | - * the user name of the user logging in | |
| 23 | - * @param password | |
| 24 | - * the user's password | |
| 25 | - * @return array containing user details (userName, userID, groupID) | |
| 26 | - * and authentication status code | |
| 21 | + * @param userName the user name of the user logging in | |
| 22 | + * @param password the user's password | |
| 23 | + * @return array containing userID and authentication status code | |
| 27 | 24 | */ |
| 28 | 25 | function login($userName, $password) { |
| 29 | - // TODO: create session, add user details to the session | |
| 30 | 26 | global $default, $lang_err_database; |
| 27 | + // initialise return array | |
| 28 | + $userDetails = array(); | |
| 29 | + | |
| 31 | 30 | if ($this->checkPassword($userName, $password)) { |
| 32 | - // retrieve user details from the database and return | |
| 33 | - /* | |
| 34 | - $userID = lookupID($default->owl_users_table, "username", "'$userName'"); | |
| 35 | - $userDetails = UserManager::getUserDetails($userID); | |
| 36 | - if (!$userDetails) { | |
| 37 | - // we don't have a session yet, so return a general error message | |
| 38 | - $userDetails["status"] = -1; | |
| 39 | - } | |
| 40 | - */ | |
| 41 | - // FIXME: remove when user manager method coded | |
| 42 | - $sql = new Owl_DB(); | |
| 43 | - $query = "select * from $default->owl_users_table where username = '$userName'"; | |
| 44 | - $sql->query($query); | |
| 45 | - $numrows = $sql->num_rows($sql); | |
| 46 | - if ($numrows == "1") { | |
| 47 | - while($sql->next_record()) { | |
| 48 | - if ( $sql->f("disabled") == 1 ) { | |
| 49 | - $userDetails["status"] = 2; | |
| 50 | - } else { | |
| 51 | - $userDetails["status"] = 1; | |
| 52 | - $userDetails["userID"] = $sql->f("id"); | |
| 53 | - $userDetails["username"] = $sql->f("username"); | |
| 54 | - $userDetails["max_sessions"] = $sql->f("max_sessions") + 1; | |
| 55 | - } | |
| 56 | - } | |
| 57 | - | |
| 58 | - // retrieve user groups | |
| 59 | - $sql = new Owl_DB; | |
| 60 | - $query = "select group_id from $default->owl_users_groups_table where user_id = " . $userDetails["userID"]; | |
| 61 | - $sql->query($query); | |
| 62 | - $userDetails["groupID"] = array(); | |
| 63 | - while($sql->next_record()) { | |
| 64 | - $userDetails["groupID"][] = $sql->f("group_id"); | |
| 65 | - if (!isset($userDetails["unitID"])) { | |
| 66 | - $userDetails["unitID"] = lookupID($default->owl_groups_units_table, "group_id", $sql->f("group_id")); | |
| 67 | - $userDetails["organisationID"] = lookupField($default->owl_units_table, "organisation_id", "id", $userDetails["unitID"]); | |
| 68 | - } | |
| 69 | - } | |
| 70 | - // FIXME: remove when user manager method coded | |
| 71 | - | |
| 31 | + // retrieve the userID | |
| 32 | + $userID = lookupID($default->owl_users_table, "username", "$userName"); | |
| 33 | + $default->log->info("Authenticator::login authenticated user, id=$userID"); | |
| 34 | + if ($userID) { | |
| 35 | + // add this to the return array | |
| 36 | + $userDetails["userID"] = $userID; | |
| 37 | + $default->log->info("Authenticator::login authenticated user, userDetails[userID]=" . $userDetails["userID"]); | |
| 72 | 38 | // remove stale sessions from the database for the user |
| 73 | 39 | // that is signing on. |
| 74 | 40 | Session::removeStaleSessions($userDetails["userID"]); |
| 75 | 41 | |
| 76 | - | |
| 77 | 42 | // Check if Maxsessions has been reached |
| 43 | + // lookup maxsessions | |
| 44 | + $maxSessions = lookupField($default->owl_users_table, "max_sessions", "id", $userID); | |
| 78 | 45 | $sql = new Owl_DB; |
| 79 | 46 | if ($sql->query("SELECT * FROM $default->owl_sessions_table WHERE user_id = '".$userDetails["user_id"]."'")) { |
| 80 | - if ($sql->num_rows($sql) >= $userDetails["max_sessions"]) { | |
| 81 | - // FIXME: change for multiple groups | |
| 82 | - if ( $userDetails["groupID"] == 0) { | |
| 83 | - // ignore maxsessions check for admin group | |
| 84 | - $userDetails["status"] = 1; | |
| 85 | - } else { | |
| 86 | - // return too many sessions status code | |
| 87 | - $userDetails["status"] = 3; | |
| 88 | - } | |
| 47 | + if ($sql->num_rows($sql) >= $maxSessions) { | |
| 48 | + // return too many sessions status code | |
| 49 | + $userDetails["status"] = 3; | |
| 50 | + } else { | |
| 51 | + // authenticated successfully | |
| 52 | + $userDetails["status"] = 1; | |
| 89 | 53 | } |
| 54 | + // FIXME: account disabled status??? | |
| 90 | 55 | } else { |
| 56 | + // db access failed | |
| 91 | 57 | $_SESSION["errorMessage"] = $lang_err_database; |
| 58 | + $userDetails["status"] = 0; | |
| 92 | 59 | } |
| 93 | - } | |
| 60 | + } else { | |
| 61 | + // db access failed | |
| 62 | + $_SESSION["errorMessage"] = $lang_err_database; | |
| 63 | + $userDetails["status"] = 0; | |
| 64 | + } | |
| 94 | 65 | } else { |
| 95 | 66 | // authentication failed |
| 96 | 67 | $userDetails["status"] = 0; | ... | ... |