Commit d134ec198060854b78263644ab1ea9f19f24f821
1 parent
d5d19568
only authenticating users that belong to a unit (unless they're a system adminst…
…rator or a guest user) git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@1129 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
49 additions
and
31 deletions
lib/authentication/Authenticator.inc
| 1 | <?php | 1 | <?php |
| 2 | 2 | ||
| 3 | +require_once("$default->fileSystemRoot/lib/users/User.inc"); | ||
| 4 | + | ||
| 3 | /** | 5 | /** |
| 4 | * $Id$ | 6 | * $Id$ |
| 5 | * | 7 | * |
| @@ -25,45 +27,61 @@ class Authenticator { | @@ -25,45 +27,61 @@ class Authenticator { | ||
| 25 | // initialise return array | 27 | // initialise return array |
| 26 | $aUserDetails = array(); | 28 | $aUserDetails = array(); |
| 27 | 29 | ||
| 28 | - if ($this->checkPassword($sUserName, $sPassword)) { | ||
| 29 | - // retrieve the userID | ||
| 30 | - $iUserID = lookupID($default->owl_users_table, "username", "$sUserName"); | ||
| 31 | - $default->log->info("Authenticator::login authenticated ($sUserName, $sPassword), id=$iUserID"); | ||
| 32 | - if ($iUserID) { | ||
| 33 | - // add this to the return array | ||
| 34 | - $aUserDetails["userID"] = $iUserID; | ||
| 35 | - // remove stale sessions from the database for the user | ||
| 36 | - // that is signing on. | ||
| 37 | - Session::removeStaleSessions($aUserDetails["userID"]); | 30 | + // retrieve the userID |
| 31 | + $iUserID = lookupID($default->owl_users_table, "username", "$sUserName"); | ||
| 32 | + if ($iUserID) { | ||
| 33 | + $oUser = & User::get($iUserID); | ||
| 34 | + | ||
| 35 | + // only check the password if the user is a system administrator or a guest user | ||
| 36 | + // or this user belongs to a unit (if its not a system admin) | ||
| 37 | + if (Permission::userIsSystemAdministrator($iUserID) || Permission::userIsGuest($iUserID) || User::getUnitID($iUserID)) { | ||
| 38 | + | ||
| 39 | + if ($this->checkPassword($sUserName, $sPassword)) { | ||
| 38 | 40 | ||
| 39 | - // Check if Maxsessions has been reached | ||
| 40 | - // FIXME: make this check work before production install | ||
| 41 | - $maxSessions = lookupField($default->owl_users_table, "max_sessions", "id", $iUserID); | ||
| 42 | - $default->log->debug("maxsessions=$maxSessions for userID=$iUserID"); | ||
| 43 | - $sql = $default->db; | ||
| 44 | - if ($sql->query("SELECT * FROM $default->owl_sessions_table WHERE user_id = '".$aUserDetails["user_id"]."'")) { | ||
| 45 | - if ($sql->num_rows() >= $maxSessions) { | ||
| 46 | - // return too many sessions status code | ||
| 47 | - $aUserDetails["status"] = 3; | 41 | + $default->log->info("Authenticator::login authenticated ($sUserName, $sPassword), id=$iUserID"); |
| 42 | + if ($iUserID) { | ||
| 43 | + // add this to the return array | ||
| 44 | + $aUserDetails["userID"] = $iUserID; | ||
| 45 | + // remove stale sessions from the database for the user | ||
| 46 | + // that is signing on. | ||
| 47 | + Session::removeStaleSessions($aUserDetails["userID"]); | ||
| 48 | + | ||
| 49 | + // Check if Maxsessions has been reached | ||
| 50 | + // FIXME: make this check work before production install | ||
| 51 | + $maxSessions = lookupField($default->owl_users_table, "max_sessions", "id", $iUserID); | ||
| 52 | + $default->log->debug("maxsessions=$maxSessions for userID=$iUserID"); | ||
| 53 | + $sql = $default->db; | ||
| 54 | + if ($sql->query("SELECT * FROM $default->owl_sessions_table WHERE user_id = '".$aUserDetails["user_id"]."'")) { | ||
| 55 | + if ($sql->num_rows() >= $maxSessions) { | ||
| 56 | + // return too many sessions status code | ||
| 57 | + $aUserDetails["status"] = 3; | ||
| 58 | + } else { | ||
| 59 | + // authenticated successfully | ||
| 60 | + $aUserDetails["status"] = 1; | ||
| 61 | + } | ||
| 62 | + // FIXME: account disabled status??? | ||
| 63 | + } | ||
| 64 | + else { | ||
| 65 | + // db access failed | ||
| 66 | + $_SESSION["errorMessage"] = $lang_err_database; | ||
| 67 | + $aUserDetails["status"] = 0; | ||
| 68 | + } | ||
| 48 | } else { | 69 | } else { |
| 49 | - // authenticated successfully | ||
| 50 | - $aUserDetails["status"] = 1; | 70 | + // db access failed |
| 71 | + $_SESSION["errorMessage"] = $lang_err_database; | ||
| 72 | + $aUserDetails["status"] = 0; | ||
| 51 | } | 73 | } |
| 52 | - // FIXME: account disabled status??? | ||
| 53 | - } | ||
| 54 | - else { | ||
| 55 | - // db access failed | ||
| 56 | - $_SESSION["errorMessage"] = $lang_err_database; | 74 | + } else { |
| 75 | + $default->log->info("Authenticator::login login failed ($sUserName, $sPassword)"); | ||
| 76 | + // authentication failed | ||
| 57 | $aUserDetails["status"] = 0; | 77 | $aUserDetails["status"] = 0; |
| 58 | } | 78 | } |
| 59 | } else { | 79 | } else { |
| 60 | - // db access failed | ||
| 61 | - $_SESSION["errorMessage"] = $lang_err_database; | ||
| 62 | - $aUserDetails["status"] = 0; | 80 | + // not a unit user |
| 81 | + $aUserDetails["status"] = 4; | ||
| 63 | } | 82 | } |
| 64 | } else { | 83 | } else { |
| 65 | - $default->log->info("Authenticator::login login failed ($sUserName, $sPassword)"); | ||
| 66 | - // authentication failed | 84 | + // username doesn't exist |
| 67 | $aUserDetails["status"] = 0; | 85 | $aUserDetails["status"] = 0; |
| 68 | } | 86 | } |
| 69 | return $aUserDetails; | 87 | return $aUserDetails; |