Commit 73f6017ba67dcd67fbe25f55a6c180b5b3a99b6c
1 parent
2a3527ce
updates for just adding userID to session
git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@295 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
29 additions
and
58 deletions
lib/authentication/Authenticator.inc
| @@ -18,79 +18,50 @@ class Authenticator { | @@ -18,79 +18,50 @@ class Authenticator { | ||
| 18 | /** | 18 | /** |
| 19 | * Verifies the login credentials | 19 | * Verifies the login credentials |
| 20 | * | 20 | * |
| 21 | - * @param userName | ||
| 22 | - * the user name of the user logging in | ||
| 23 | - * @param password | ||
| 24 | - * the user's password | ||
| 25 | - * @return array containing user details (userName, userID, groupID) | ||
| 26 | - * and authentication status code | 21 | + * @param userName the user name of the user logging in |
| 22 | + * @param password the user's password | ||
| 23 | + * @return array containing userID and authentication status code | ||
| 27 | */ | 24 | */ |
| 28 | function login($userName, $password) { | 25 | function login($userName, $password) { |
| 29 | - // TODO: create session, add user details to the session | ||
| 30 | global $default, $lang_err_database; | 26 | global $default, $lang_err_database; |
| 27 | + // initialise return array | ||
| 28 | + $userDetails = array(); | ||
| 29 | + | ||
| 31 | if ($this->checkPassword($userName, $password)) { | 30 | if ($this->checkPassword($userName, $password)) { |
| 32 | - // retrieve user details from the database and return | ||
| 33 | - /* | ||
| 34 | - $userID = lookupID($default->owl_users_table, "username", "'$userName'"); | ||
| 35 | - $userDetails = UserManager::getUserDetails($userID); | ||
| 36 | - if (!$userDetails) { | ||
| 37 | - // we don't have a session yet, so return a general error message | ||
| 38 | - $userDetails["status"] = -1; | ||
| 39 | - } | ||
| 40 | - */ | ||
| 41 | - // FIXME: remove when user manager method coded | ||
| 42 | - $sql = new Owl_DB(); | ||
| 43 | - $query = "select * from $default->owl_users_table where username = '$userName'"; | ||
| 44 | - $sql->query($query); | ||
| 45 | - $numrows = $sql->num_rows($sql); | ||
| 46 | - if ($numrows == "1") { | ||
| 47 | - while($sql->next_record()) { | ||
| 48 | - if ( $sql->f("disabled") == 1 ) { | ||
| 49 | - $userDetails["status"] = 2; | ||
| 50 | - } else { | ||
| 51 | - $userDetails["status"] = 1; | ||
| 52 | - $userDetails["userID"] = $sql->f("id"); | ||
| 53 | - $userDetails["username"] = $sql->f("username"); | ||
| 54 | - $userDetails["max_sessions"] = $sql->f("max_sessions") + 1; | ||
| 55 | - } | ||
| 56 | - } | ||
| 57 | - | ||
| 58 | - // retrieve user groups | ||
| 59 | - $sql = new Owl_DB; | ||
| 60 | - $query = "select group_id from $default->owl_users_groups_table where user_id = " . $userDetails["userID"]; | ||
| 61 | - $sql->query($query); | ||
| 62 | - $userDetails["groupID"] = array(); | ||
| 63 | - while($sql->next_record()) { | ||
| 64 | - $userDetails["groupID"][] = $sql->f("group_id"); | ||
| 65 | - if (!isset($userDetails["unitID"])) { | ||
| 66 | - $userDetails["unitID"] = lookupID($default->owl_groups_units_table, "group_id", $sql->f("group_id")); | ||
| 67 | - $userDetails["organisationID"] = lookupField($default->owl_units_table, "organisation_id", "id", $userDetails["unitID"]); | ||
| 68 | - } | ||
| 69 | - } | ||
| 70 | - // FIXME: remove when user manager method coded | ||
| 71 | - | 31 | + // retrieve the userID |
| 32 | + $userID = lookupID($default->owl_users_table, "username", "$userName"); | ||
| 33 | + $default->log->info("Authenticator::login authenticated user, id=$userID"); | ||
| 34 | + if ($userID) { | ||
| 35 | + // add this to the return array | ||
| 36 | + $userDetails["userID"] = $userID; | ||
| 37 | + $default->log->info("Authenticator::login authenticated user, userDetails[userID]=" . $userDetails["userID"]); | ||
| 72 | // remove stale sessions from the database for the user | 38 | // remove stale sessions from the database for the user |
| 73 | // that is signing on. | 39 | // that is signing on. |
| 74 | Session::removeStaleSessions($userDetails["userID"]); | 40 | Session::removeStaleSessions($userDetails["userID"]); |
| 75 | 41 | ||
| 76 | - | ||
| 77 | // Check if Maxsessions has been reached | 42 | // Check if Maxsessions has been reached |
| 43 | + // lookup maxsessions | ||
| 44 | + $maxSessions = lookupField($default->owl_users_table, "max_sessions", "id", $userID); | ||
| 78 | $sql = new Owl_DB; | 45 | $sql = new Owl_DB; |
| 79 | if ($sql->query("SELECT * FROM $default->owl_sessions_table WHERE user_id = '".$userDetails["user_id"]."'")) { | 46 | if ($sql->query("SELECT * FROM $default->owl_sessions_table WHERE user_id = '".$userDetails["user_id"]."'")) { |
| 80 | - if ($sql->num_rows($sql) >= $userDetails["max_sessions"]) { | ||
| 81 | - // FIXME: change for multiple groups | ||
| 82 | - if ( $userDetails["groupID"] == 0) { | ||
| 83 | - // ignore maxsessions check for admin group | ||
| 84 | - $userDetails["status"] = 1; | ||
| 85 | - } else { | ||
| 86 | - // return too many sessions status code | ||
| 87 | - $userDetails["status"] = 3; | ||
| 88 | - } | 47 | + if ($sql->num_rows($sql) >= $maxSessions) { |
| 48 | + // return too many sessions status code | ||
| 49 | + $userDetails["status"] = 3; | ||
| 50 | + } else { | ||
| 51 | + // authenticated successfully | ||
| 52 | + $userDetails["status"] = 1; | ||
| 89 | } | 53 | } |
| 54 | + // FIXME: account disabled status??? | ||
| 90 | } else { | 55 | } else { |
| 56 | + // db access failed | ||
| 91 | $_SESSION["errorMessage"] = $lang_err_database; | 57 | $_SESSION["errorMessage"] = $lang_err_database; |
| 58 | + $userDetails["status"] = 0; | ||
| 92 | } | 59 | } |
| 93 | - } | 60 | + } else { |
| 61 | + // db access failed | ||
| 62 | + $_SESSION["errorMessage"] = $lang_err_database; | ||
| 63 | + $userDetails["status"] = 0; | ||
| 64 | + } | ||
| 94 | } else { | 65 | } else { |
| 95 | // authentication failed | 66 | // authentication failed |
| 96 | $userDetails["status"] = 0; | 67 | $userDetails["status"] = 0; |