diff --git a/lib/Authenticator.inc b/lib/Authenticator.inc index 3f118be..f596c4f 100644 --- a/lib/Authenticator.inc +++ b/lib/Authenticator.inc @@ -7,7 +7,7 @@ * * @version $Revision$ * @author michael@jamwarehouse.com - * @package dms + * @package dmslib */ class Authenticator { @@ -22,65 +22,53 @@ class Authenticator { * and authentication status code */ function login($userName, $password) { - + // TODO: create session, add user details to the session global $default; - $sql = new Owl_DB; - $query = "select * from $default->owl_users_table where username = '$username' and password = '" . md5($password) . "'"; - $sql->query($query); - //$sql->query("select * from $default->owl_users_table where username = '$username' and password = '" . md5($password) . "'"); - $numrows = $sql->num_rows($sql); - // Bozz Begin added Password Encryption above, but for now - // I will allow admin to use non crypted password until he - // upgrades all users - if ($numrows == "1") { - while($sql->next_record()) { - if ( $sql->f("disabled") == 1 ) { - $userDetails["status"] = 2; - } else { - $userDetails["status"] = 1; - $userDetails["userName"] = $sql->f("username"); - $userDetails["userID"] = $sql->f("id"); - $userDetails["groupID"] = $sql->f("groupid"); - $maxsessions = $sql->f("maxsessions") + 1; - } - } - // Remove this else in a future version - } elseif ($username == "admin") { - // username admin check password - $sql->query("select * from $default->owl_users_table where username = '$username' and password = '$password'"); + if ($this->checkPassword($userName, $password)) { + // retrieve user details from the database and return + // $userDetails = UnitManager::getUserDetails($userName); + // TODO: refactor the code below (and change for new db) + // also need to add ldap dn to user table + $sql = new Owl_DB; + $query = "select * from $default->owl_users_table where username = '$username'"; + $sql->query($query); + //$sql->query("select * from $default->owl_users_table where username = '$username' and password = '" . md5($password) . "'"); $numrows = $sql->num_rows($sql); if ($numrows == "1") { while($sql->next_record()) { - $userDetails["status"] = 1; - $userDetails["userName"] = $sql->f("username"); - $userDetails["userID"] = $sql->f("id"); - $userDetails["groupID"] = $sql->f("groupid"); - $maxsessions = $sql->f("maxsessions") + 1; + if ( $sql->f("disabled") == 1 ) { + $userDetails["status"] = 2; + } else { + $userDetails["status"] = 1; + $userDetails["userName"] = $sql->f("username"); + $userDetails["userID"] = $sql->f("id"); + $userDetails["groupID"] = $sql->f("groupid"); + $maxsessions = $sql->f("maxsessions") + 1; + } + } + + // remove stale sessions from the database for the user + // that is signing on. + Session::removeStaleSessions($userDetails["userID"]); + + // Check if Maxsessions has been reached + $sql = new Owl_DB; + $sql->query("select * from $default->owl_sessions_table where uid = '".$userDetails["userID"]."'"); + if ($sql->num_rows($sql) >= $maxsessions) { + if ( $userDetails["groupID"] == 0) { + // ignore maxsessions check for admin group + $userDetails["status"] = 1; + } else { + // return too many sessions status code + $userDetails["status"] = 3; + } } - } - // login failure + } } else { + // authentication failed $userDetails["status"] = 0; } - if (isset($userDetails["userID"]) && ($userDetails["status"] != 0)) { - // remove stale sessions from the database for the user - // that is signing on. - Owl_Session::removeStaleSessions($userDetails["userID"]); - - // Check if Maxsessions has been reached - $sql = new Owl_DB; - $sql->query("select * from $default->owl_sessions_table where uid = '".$userDetails["userID"]."'"); - if ($sql->num_rows($sql) >= $maxsessions && $userDetails["status"] != 0) { - if ( $userDetails["groupID"] == 0) { - // ignore maxsessions check for admin group - $userDetails["status"] = 1; - } else { - // return too many sessions status code - $userDetails["status"] = 3; - } - } - } return $userDetails; } @@ -94,22 +82,19 @@ class Authenticator { */ function logout($userID, $sessionID) { // remove session from db - Owl_Session::remove($sessionID) + Session::destroy($sessionID); } - -} - -/** - * Perform authentication tasks against the database. - */ -class DBAuthenticator extends Authenticator { -} - -/** - * Perform authentication tasks against LDAP compliant directory server. - */ -class LDAPAuthenticator extends Authenticator { + /** + * [Abstract] Checks the user's password + * + * @param $userName + * the name of the user to check + * @param $password + * the password to check + * @return true if the password is correct, else false + */ + function checkPassword($userName, $password) { + } } - -?> +?> \ No newline at end of file