gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2024-10-04 07:02:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add constructor, authenticate() returns null if authentication fails

Browse Source
This commit is contained in:
Uwe Steinmann 2022-11-28 21:36:40 +01:00
parent 0f0ba03449
commit 28a4a24613
2 changed files with 22 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
inc/inc.ClassDbAuthentication.php
View File

@ -24,6 +24,15 @@ require_once "inc.ClassAuthentication.php";
*/
class SeedDMS_DbAuthentication extends SeedDMS_Authentication {
var $dms;
var $settings;
public function __construct($dms, $settings) { /* {{{ */
$this->dms = $dms;
$this->settings = $settings;
} /* }}} */
/**
* Do Authentication
*
@ -32,18 +41,15 @@ class SeedDMS_DbAuthentication extends SeedDMS_Authentication {
* @return object|boolean user object if authentication was successful otherwise false
*/
public function authenticate($username, $password) { /* {{{ */
$settings = $this->settings;
$dms = $this->dms;
// Try to find user with given login.
if($user = $dms->getUserByLogin($username)) {
$userid = $user->getID();
// Check if password matches (if not a guest user)
// Assume that the password has been sent via HTTP POST. It would be careless
// (and dangerous) for passwords to be sent via GET.
// Check if password matches
if (!seed_pass_verify($password, $user->getPwd())) {
$user = false;
$user = null;
}
}

13
inc/inc.ClassLdapAuthentication.php
View File

@ -24,6 +24,15 @@ require_once "inc.ClassAuthentication.php";
*/
class SeedDMS_LdapAuthentication extends SeedDMS_Authentication {
var $dms;
var $settings;
public function __construct($dms, $settings) { /* {{{ */
$this->dms = $dms;
$this->settings = $settings;
} /* }}} */
/**
* Do ldap authentication
*
@ -84,7 +93,7 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication {
$bind = @ldap_bind($ds);
}
$dn = false;
/* If bind succeed, then get the dn of for the user */
/* If bind succeed, then get the dn of the user */
if ($bind) {
if (isset($settings->_ldapFilter) && strlen($settings->_ldapFilter) > 0) {
$search = ldap_search($ds, $settings->_ldapBaseDN, "(&(".$ldapSearchAttribut.$username.")".$settings->_ldapFilter.")");
@ -106,7 +115,7 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication {
$dn = $tmpDN;
}
/* No do the actual authentication of the user */
/* Now do the actual authentication of the user */
$bind = @ldap_bind($ds, $dn, $password);
$user = $dms->getUserByLogin($username);
if($user === false) {