Peter M. Groen / knowledgetree

Commit fc29abbd9bebcf7ebc808ced8a74e50cc69876d5

Authored by michael
1 parent 38a3620b

removed extraneous code, changed to work with new Session class 


git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@50 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 52 additions and 67 deletions
lib/Authenticator.inc
  View file @fc29abb
... ... @@ -7,7 +7,7 @@
7 7 *
8 8 * @version $Revision$
9 9 * @author michael@jamwarehouse.com
10   - * @package dms
  10 + * @package dmslib
11 11 */
12 12 class Authenticator {
13 13  
... ... @@ -22,65 +22,53 @@ class Authenticator {
22 22 * and authentication status code
23 23 */
24 24 function login($userName, $password) {
25   -
  25 + // TODO: create session, add user details to the session
26 26 global $default;
27   - $sql = new Owl_DB;
28   - $query = "select * from $default->owl_users_table where username = '$username' and password = '" . md5($password) . "'";
29   - $sql->query($query);
30   - //$sql->query("select * from $default->owl_users_table where username = '$username' and password = '" . md5($password) . "'");
31   - $numrows = $sql->num_rows($sql);
32   - // Bozz Begin added Password Encryption above, but for now
33   - // I will allow admin to use non crypted password until he
34   - // upgrades all users
35   - if ($numrows == "1") {
36   - while($sql->next_record()) {
37   - if ( $sql->f("disabled") == 1 ) {
38   - $userDetails["status"] = 2;
39   - } else {
40   - $userDetails["status"] = 1;
41   - $userDetails["userName"] = $sql->f("username");
42   - $userDetails["userID"] = $sql->f("id");
43   - $userDetails["groupID"] = $sql->f("groupid");
44   - $maxsessions = $sql->f("maxsessions") + 1;
45   - }
46   - }
47   - // Remove this else in a future version
48   - } elseif ($username == "admin") {
49   - // username admin check password
50   - $sql->query("select * from $default->owl_users_table where username = '$username' and password = '$password'");
  27 + if ($this->checkPassword($userName, $password)) {
  28 + // retrieve user details from the database and return
  29 + // $userDetails = UnitManager::getUserDetails($userName);
  30 + // TODO: refactor the code below (and change for new db)
  31 + // also need to add ldap dn to user table
  32 + $sql = new Owl_DB;
  33 + $query = "select * from $default->owl_users_table where username = '$username'";
  34 + $sql->query($query);
  35 + //$sql->query("select * from $default->owl_users_table where username = '$username' and password = '" . md5($password) . "'");
51 36 $numrows = $sql->num_rows($sql);
52 37 if ($numrows == "1") {
53 38 while($sql->next_record()) {
54   - $userDetails["status"] = 1;
55   - $userDetails["userName"] = $sql->f("username");
56   - $userDetails["userID"] = $sql->f("id");
57   - $userDetails["groupID"] = $sql->f("groupid");
58   - $maxsessions = $sql->f("maxsessions") + 1;
  39 + if ( $sql->f("disabled") == 1 ) {
  40 + $userDetails["status"] = 2;
  41 + } else {
  42 + $userDetails["status"] = 1;
  43 + $userDetails["userName"] = $sql->f("username");
  44 + $userDetails["userID"] = $sql->f("id");
  45 + $userDetails["groupID"] = $sql->f("groupid");
  46 + $maxsessions = $sql->f("maxsessions") + 1;
  47 + }
  48 + }
  49 +
  50 + // remove stale sessions from the database for the user
  51 + // that is signing on.
  52 + Session::removeStaleSessions($userDetails["userID"]);
  53 +
  54 + // Check if Maxsessions has been reached
  55 + $sql = new Owl_DB;
  56 + $sql->query("select * from $default->owl_sessions_table where uid = '".$userDetails["userID"]."'");
  57 + if ($sql->num_rows($sql) >= $maxsessions) {
  58 + if ( $userDetails["groupID"] == 0) {
  59 + // ignore maxsessions check for admin group
  60 + $userDetails["status"] = 1;
  61 + } else {
  62 + // return too many sessions status code
  63 + $userDetails["status"] = 3;
  64 + }
59 65 }
60   - }
61   - // login failure
  66 + }
62 67 } else {
  68 + // authentication failed
63 69 $userDetails["status"] = 0;
64 70 }
65 71  
66   - if (isset($userDetails["userID"]) && ($userDetails["status"] != 0)) {
67   - // remove stale sessions from the database for the user
68   - // that is signing on.
69   - Owl_Session::removeStaleSessions($userDetails["userID"]);
70   -
71   - // Check if Maxsessions has been reached
72   - $sql = new Owl_DB;
73   - $sql->query("select * from $default->owl_sessions_table where uid = '".$userDetails["userID"]."'");
74   - if ($sql->num_rows($sql) >= $maxsessions && $userDetails["status"] != 0) {
75   - if ( $userDetails["groupID"] == 0) {
76   - // ignore maxsessions check for admin group
77   - $userDetails["status"] = 1;
78   - } else {
79   - // return too many sessions status code
80   - $userDetails["status"] = 3;
81   - }
82   - }
83   - }
84 72 return $userDetails;
85 73 }
86 74  
... ... @@ -94,22 +82,19 @@ class Authenticator {
94 82 */
95 83 function logout($userID, $sessionID) {
96 84 // remove session from db
97   - Owl_Session::remove($sessionID)
  85 + Session::destroy($sessionID);
98 86 }
99 87  
100   -
101   -}
102   -
103   -/**
104   - * Perform authentication tasks against the database.
105   - */
106   -class DBAuthenticator extends Authenticator {
107   -}
108   -
109   -/**
110   - * Perform authentication tasks against LDAP compliant directory server.
111   - */
112   -class LDAPAuthenticator extends Authenticator {
  88 + /**
  89 + * [Abstract] Checks the user's password
  90 + *
  91 + * @param $userName
  92 + * the name of the user to check
  93 + * @param $password
  94 + * the password to check
  95 + * @return true if the password is correct, else false
  96 + */
  97 + function checkPassword($userName, $password) {
  98 + }
113 99 }
114   -
115   -?>
  100 +?>
116 101 \ No newline at end of file
... ...