seeddms-code/inc/inc.ClassDbAuthentication.php

59 lines
1.6 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
/**
* Implementation of user authentication
*
* @category DMS
* @package SeedDMS
* @license GPL 2
* @version @version@
* @author Uwe Steinmann <uwe@steinmann.cx>
* @copyright Copyright (C) 2010-2016 Uwe Steinmann
* @version Release: @package_version@
*/
require_once "inc.ClassAuthentication.php";
/**
* Abstract class to authenticate user against ѕeeddms database
*
* @category DMS
* @package SeedDMS
* @author Uwe Steinmann <uwe@steinmann.cx>
* @copyright Copyright (C) 2010-2016 Uwe Steinmann
* @version Release: @package_version@
*/
class SeedDMS_DbAuthentication extends SeedDMS_Authentication {
/**
* Do Authentication
*
* @param string $username
* @param string $password
* @return object|boolean user object if authentication was successful otherwise false
*/
public function authenticate($username, $password) { /* {{{ */
$settings = $this->settings;
$dms = $this->dms;
// Try to find user with given login.
if($user = $dms->getUserByLogin($username)) {
$userid = $user->getID();
// Check if password matches (if not a guest user)
// Assume that the password has been sent via HTTP POST. It would be careless
// (and dangerous) for passwords to be sent via GET.
if (!seed_pass_verify($password, $user->getPwd())) {
/* if counting of login failures is turned on, then increment its value */
if($settings->_loginFailure) {
$failures = $user->addLoginFailure();
if($failures >= $settings->_loginFailure)
$user->setDisabled(true);
}
$user = false;
}
}
return $user;
} /* }}} */
}