Commit fc29abbd9bebcf7ebc808ced8a74e50cc69876d5
1 parent
38a3620b
removed extraneous code, changed to work with new Session class
git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@50 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
52 additions
and
67 deletions
lib/Authenticator.inc
| @@ -7,7 +7,7 @@ | @@ -7,7 +7,7 @@ | ||
| 7 | * | 7 | * |
| 8 | * @version $Revision$ | 8 | * @version $Revision$ |
| 9 | * @author michael@jamwarehouse.com | 9 | * @author michael@jamwarehouse.com |
| 10 | - * @package dms | 10 | + * @package dmslib |
| 11 | */ | 11 | */ |
| 12 | class Authenticator { | 12 | class Authenticator { |
| 13 | 13 | ||
| @@ -22,65 +22,53 @@ class Authenticator { | @@ -22,65 +22,53 @@ class Authenticator { | ||
| 22 | * and authentication status code | 22 | * and authentication status code |
| 23 | */ | 23 | */ |
| 24 | function login($userName, $password) { | 24 | function login($userName, $password) { |
| 25 | - | 25 | + // TODO: create session, add user details to the session |
| 26 | global $default; | 26 | global $default; |
| 27 | - $sql = new Owl_DB; | ||
| 28 | - $query = "select * from $default->owl_users_table where username = '$username' and password = '" . md5($password) . "'"; | ||
| 29 | - $sql->query($query); | ||
| 30 | - //$sql->query("select * from $default->owl_users_table where username = '$username' and password = '" . md5($password) . "'"); | ||
| 31 | - $numrows = $sql->num_rows($sql); | ||
| 32 | - // Bozz Begin added Password Encryption above, but for now | ||
| 33 | - // I will allow admin to use non crypted password until he | ||
| 34 | - // upgrades all users | ||
| 35 | - if ($numrows == "1") { | ||
| 36 | - while($sql->next_record()) { | ||
| 37 | - if ( $sql->f("disabled") == 1 ) { | ||
| 38 | - $userDetails["status"] = 2; | ||
| 39 | - } else { | ||
| 40 | - $userDetails["status"] = 1; | ||
| 41 | - $userDetails["userName"] = $sql->f("username"); | ||
| 42 | - $userDetails["userID"] = $sql->f("id"); | ||
| 43 | - $userDetails["groupID"] = $sql->f("groupid"); | ||
| 44 | - $maxsessions = $sql->f("maxsessions") + 1; | ||
| 45 | - } | ||
| 46 | - } | ||
| 47 | - // Remove this else in a future version | ||
| 48 | - } elseif ($username == "admin") { | ||
| 49 | - // username admin check password | ||
| 50 | - $sql->query("select * from $default->owl_users_table where username = '$username' and password = '$password'"); | 27 | + if ($this->checkPassword($userName, $password)) { |
| 28 | + // retrieve user details from the database and return | ||
| 29 | + // $userDetails = UnitManager::getUserDetails($userName); | ||
| 30 | + // TODO: refactor the code below (and change for new db) | ||
| 31 | + // also need to add ldap dn to user table | ||
| 32 | + $sql = new Owl_DB; | ||
| 33 | + $query = "select * from $default->owl_users_table where username = '$username'"; | ||
| 34 | + $sql->query($query); | ||
| 35 | + //$sql->query("select * from $default->owl_users_table where username = '$username' and password = '" . md5($password) . "'"); | ||
| 51 | $numrows = $sql->num_rows($sql); | 36 | $numrows = $sql->num_rows($sql); |
| 52 | if ($numrows == "1") { | 37 | if ($numrows == "1") { |
| 53 | while($sql->next_record()) { | 38 | while($sql->next_record()) { |
| 54 | - $userDetails["status"] = 1; | ||
| 55 | - $userDetails["userName"] = $sql->f("username"); | ||
| 56 | - $userDetails["userID"] = $sql->f("id"); | ||
| 57 | - $userDetails["groupID"] = $sql->f("groupid"); | ||
| 58 | - $maxsessions = $sql->f("maxsessions") + 1; | 39 | + if ( $sql->f("disabled") == 1 ) { |
| 40 | + $userDetails["status"] = 2; | ||
| 41 | + } else { | ||
| 42 | + $userDetails["status"] = 1; | ||
| 43 | + $userDetails["userName"] = $sql->f("username"); | ||
| 44 | + $userDetails["userID"] = $sql->f("id"); | ||
| 45 | + $userDetails["groupID"] = $sql->f("groupid"); | ||
| 46 | + $maxsessions = $sql->f("maxsessions") + 1; | ||
| 47 | + } | ||
| 48 | + } | ||
| 49 | + | ||
| 50 | + // remove stale sessions from the database for the user | ||
| 51 | + // that is signing on. | ||
| 52 | + Session::removeStaleSessions($userDetails["userID"]); | ||
| 53 | + | ||
| 54 | + // Check if Maxsessions has been reached | ||
| 55 | + $sql = new Owl_DB; | ||
| 56 | + $sql->query("select * from $default->owl_sessions_table where uid = '".$userDetails["userID"]."'"); | ||
| 57 | + if ($sql->num_rows($sql) >= $maxsessions) { | ||
| 58 | + if ( $userDetails["groupID"] == 0) { | ||
| 59 | + // ignore maxsessions check for admin group | ||
| 60 | + $userDetails["status"] = 1; | ||
| 61 | + } else { | ||
| 62 | + // return too many sessions status code | ||
| 63 | + $userDetails["status"] = 3; | ||
| 64 | + } | ||
| 59 | } | 65 | } |
| 60 | - } | ||
| 61 | - // login failure | 66 | + } |
| 62 | } else { | 67 | } else { |
| 68 | + // authentication failed | ||
| 63 | $userDetails["status"] = 0; | 69 | $userDetails["status"] = 0; |
| 64 | } | 70 | } |
| 65 | 71 | ||
| 66 | - if (isset($userDetails["userID"]) && ($userDetails["status"] != 0)) { | ||
| 67 | - // remove stale sessions from the database for the user | ||
| 68 | - // that is signing on. | ||
| 69 | - Owl_Session::removeStaleSessions($userDetails["userID"]); | ||
| 70 | - | ||
| 71 | - // Check if Maxsessions has been reached | ||
| 72 | - $sql = new Owl_DB; | ||
| 73 | - $sql->query("select * from $default->owl_sessions_table where uid = '".$userDetails["userID"]."'"); | ||
| 74 | - if ($sql->num_rows($sql) >= $maxsessions && $userDetails["status"] != 0) { | ||
| 75 | - if ( $userDetails["groupID"] == 0) { | ||
| 76 | - // ignore maxsessions check for admin group | ||
| 77 | - $userDetails["status"] = 1; | ||
| 78 | - } else { | ||
| 79 | - // return too many sessions status code | ||
| 80 | - $userDetails["status"] = 3; | ||
| 81 | - } | ||
| 82 | - } | ||
| 83 | - } | ||
| 84 | return $userDetails; | 72 | return $userDetails; |
| 85 | } | 73 | } |
| 86 | 74 | ||
| @@ -94,22 +82,19 @@ class Authenticator { | @@ -94,22 +82,19 @@ class Authenticator { | ||
| 94 | */ | 82 | */ |
| 95 | function logout($userID, $sessionID) { | 83 | function logout($userID, $sessionID) { |
| 96 | // remove session from db | 84 | // remove session from db |
| 97 | - Owl_Session::remove($sessionID) | 85 | + Session::destroy($sessionID); |
| 98 | } | 86 | } |
| 99 | 87 | ||
| 100 | - | ||
| 101 | -} | ||
| 102 | - | ||
| 103 | -/** | ||
| 104 | - * Perform authentication tasks against the database. | ||
| 105 | - */ | ||
| 106 | -class DBAuthenticator extends Authenticator { | ||
| 107 | -} | ||
| 108 | - | ||
| 109 | -/** | ||
| 110 | - * Perform authentication tasks against LDAP compliant directory server. | ||
| 111 | - */ | ||
| 112 | -class LDAPAuthenticator extends Authenticator { | 88 | + /** |
| 89 | + * [Abstract] Checks the user's password | ||
| 90 | + * | ||
| 91 | + * @param $userName | ||
| 92 | + * the name of the user to check | ||
| 93 | + * @param $password | ||
| 94 | + * the password to check | ||
| 95 | + * @return true if the password is correct, else false | ||
| 96 | + */ | ||
| 97 | + function checkPassword($userName, $password) { | ||
| 98 | + } | ||
| 113 | } | 99 | } |
| 114 | - | ||
| 115 | -?> | 100 | +?> |
| 116 | \ No newline at end of file | 101 | \ No newline at end of file |