diff --git a/lib/authentication/Authenticator.inc b/lib/authentication/Authenticator.inc index 860143b..f12baf7 100644 --- a/lib/authentication/Authenticator.inc +++ b/lib/authentication/Authenticator.inc @@ -18,79 +18,50 @@ class Authenticator { /** * Verifies the login credentials * - * @param userName - * the user name of the user logging in - * @param password - * the user's password - * @return array containing user details (userName, userID, groupID) - * and authentication status code + * @param userName the user name of the user logging in + * @param password the user's password + * @return array containing userID and authentication status code */ function login($userName, $password) { - // TODO: create session, add user details to the session global $default, $lang_err_database; + // initialise return array + $userDetails = array(); + if ($this->checkPassword($userName, $password)) { - // retrieve user details from the database and return - /* - $userID = lookupID($default->owl_users_table, "username", "'$userName'"); - $userDetails = UserManager::getUserDetails($userID); - if (!$userDetails) { - // we don't have a session yet, so return a general error message - $userDetails["status"] = -1; - } - */ - // FIXME: remove when user manager method coded - $sql = new Owl_DB(); - $query = "select * from $default->owl_users_table where username = '$userName'"; - $sql->query($query); - $numrows = $sql->num_rows($sql); - if ($numrows == "1") { - while($sql->next_record()) { - if ( $sql->f("disabled") == 1 ) { - $userDetails["status"] = 2; - } else { - $userDetails["status"] = 1; - $userDetails["userID"] = $sql->f("id"); - $userDetails["username"] = $sql->f("username"); - $userDetails["max_sessions"] = $sql->f("max_sessions") + 1; - } - } - - // retrieve user groups - $sql = new Owl_DB; - $query = "select group_id from $default->owl_users_groups_table where user_id = " . $userDetails["userID"]; - $sql->query($query); - $userDetails["groupID"] = array(); - while($sql->next_record()) { - $userDetails["groupID"][] = $sql->f("group_id"); - if (!isset($userDetails["unitID"])) { - $userDetails["unitID"] = lookupID($default->owl_groups_units_table, "group_id", $sql->f("group_id")); - $userDetails["organisationID"] = lookupField($default->owl_units_table, "organisation_id", "id", $userDetails["unitID"]); - } - } - // FIXME: remove when user manager method coded - + // retrieve the userID + $userID = lookupID($default->owl_users_table, "username", "$userName"); + $default->log->info("Authenticator::login authenticated user, id=$userID"); + if ($userID) { + // add this to the return array + $userDetails["userID"] = $userID; + $default->log->info("Authenticator::login authenticated user, userDetails[userID]=" . $userDetails["userID"]); // remove stale sessions from the database for the user // that is signing on. Session::removeStaleSessions($userDetails["userID"]); - // Check if Maxsessions has been reached + // lookup maxsessions + $maxSessions = lookupField($default->owl_users_table, "max_sessions", "id", $userID); $sql = new Owl_DB; if ($sql->query("SELECT * FROM $default->owl_sessions_table WHERE user_id = '".$userDetails["user_id"]."'")) { - if ($sql->num_rows($sql) >= $userDetails["max_sessions"]) { - // FIXME: change for multiple groups - if ( $userDetails["groupID"] == 0) { - // ignore maxsessions check for admin group - $userDetails["status"] = 1; - } else { - // return too many sessions status code - $userDetails["status"] = 3; - } + if ($sql->num_rows($sql) >= $maxSessions) { + // return too many sessions status code + $userDetails["status"] = 3; + } else { + // authenticated successfully + $userDetails["status"] = 1; } + // FIXME: account disabled status??? } else { + // db access failed $_SESSION["errorMessage"] = $lang_err_database; + $userDetails["status"] = 0; } - } + } else { + // db access failed + $_SESSION["errorMessage"] = $lang_err_database; + $userDetails["status"] = 0; + } } else { // authentication failed $userDetails["status"] = 0;