diff --git a/lib/authentication/Authenticator.inc b/lib/authentication/Authenticator.inc index 38cbd3f..dcacecd 100644 --- a/lib/authentication/Authenticator.inc +++ b/lib/authentication/Authenticator.inc @@ -1,5 +1,7 @@ owl_fs_root/lib/administration/UserManager.inc"); + /** * $Id$ * @@ -8,8 +10,8 @@ * Licensed under the GNU GPL. For full terms see the file COPYING. * * @version $Revision$ - * @author Michael Joseph, Jam Warehouse (Pty) Ltd, South Africa + * @package dmslib */ class Authenticator { @@ -25,13 +27,19 @@ class Authenticator { */ function login($userName, $password) { // TODO: create session, add user details to the session - global $default; + global $default, $lang_err_database; if ($this->checkPassword($userName, $password)) { // retrieve user details from the database and return - // $userDetails = UnitManager::getUserDetails($userName); - // TODO: refactor the code below (and change for new db) - // also need to add ldap dn to user table - $sql = new Owl_DB; + /* + $userID = lookupID($default->owl_users_table, "username", "'$userName'"); + $userDetails = UserManager::getUserDetails($userID); + if (!$userDetails) { + // we don't have a session yet, so return a general error message + $userDetails["status"] = -1; + } + */ + // FIXME: remove when user manager method coded + $sql = new Owl_DB(); $query = "select * from $default->owl_users_table where username = '$userName'"; $sql->query($query); $numrows = $sql->num_rows($sql); @@ -41,28 +49,46 @@ class Authenticator { $userDetails["status"] = 2; } else { $userDetails["status"] = 1; - $userDetails["user_id"] = $sql->f("id"); + $userDetails["userID"] = $sql->f("id"); $userDetails["username"] = $sql->f("username"); - //$userDetails["group_id"] = $sql->f("group_id"); $userDetails["max_sessions"] = $sql->f("max_sessions") + 1; } } + // retrieve user groups + $sql = new Owl_DB; + $query = "select group_id from $default->owl_users_groups_table where user_id = " . $userDetails["userID"]; + $sql->query($query); + $userDetails["groupID"] = array(); + while($sql->next_record()) { + $userDetails["groupID"][] = $sql->f("group_id"); + if (!isset($userDetails["unitID"])) { + $userDetails["unitID"] = lookupID($default->owl_groups_units_table, "group_id", $sql->f("group_id")); + $userDetails["organisationID"] = lookupField($default->owl_units_table, "organisation_id", "id", $userDetails["unitID"]); + } + } + // FIXME: remove when user manager method coded + // remove stale sessions from the database for the user // that is signing on. - Session::removeStaleSessions($userDetails["user_id"]); + Session::removeStaleSessions($userDetails["userID"]); - // Check if Maxsessions has been reached - $sql = new Owl_DB; - $sql->query("select * from $default->owl_sessions_table where id = '".$userDetails["user_id"]."'"); - if ($sql->num_rows($sql) >= $userDetails["max_sessions"]) { - if ( $userDetails["group_id"] == 0) { - // ignore maxsessions check for admin group - $userDetails["status"] = 1; - } else { - // return too many sessions status code - $userDetails["status"] = 3; + + // Check if Maxsessions has been reached + $sql = new Owl_DB; + if ($sql->query("SELECT * FROM $default->owl_sessions_table WHERE user_id = '".$userDetails["user_id"]."'")) { + if ($sql->num_rows($sql) >= $userDetails["max_sessions"]) { + // FIXME: change for multiple groups + if ( $userDetails["groupID"] == 0) { + // ignore maxsessions check for admin group + $userDetails["status"] = 1; + } else { + // return too many sessions status code + $userDetails["status"] = 3; + } } + } else { + $_SESSION["errorMessage"] = $lang_err_database; } } } else {