diff options
| -rw-r--r-- | includes/authentication.php | 32 | ||||
| -rw-r--r-- | login.php | 18 |
2 files changed, 34 insertions, 16 deletions
diff --git a/includes/authentication.php b/includes/authentication.php index 9484f0fc93..73f60b1411 100644 --- a/includes/authentication.php +++ b/includes/authentication.php @@ -35,16 +35,10 @@ if (!defined('WT_WEBTREES')) { exit; } -/** - * authenticate a username and password - * - * This function takes the given <var>$username</var> and <var>$password</var> and authenticates - * them against the database. The passwords are encrypted using the crypt() function. - * The username is stored in the <var>$_SESSION["wt_user"]</var> session variable. - * @param string $user_name the username for the user attempting to login - * @param string $password the plain text password to test - * @return the user_id if successful, false otherwise - */ +// authenticate a username and password +// +// On success, store the user-id in the session and return it +// On failure, return an error code function authenticateUser($user_name, $password) { // If we were already logged in, log out first if (getUserId()) { @@ -53,17 +47,29 @@ function authenticateUser($user_name, $password) { if ($user_id=get_user_id($user_name)) { if (check_user_password($user_id, $password)) { - if (get_user_setting($user_id, 'verified') && get_user_setting($user_id, 'verified_by_admin') || get_user_setting($user_id, 'canadmin')) { + $is_admin=get_user_setting($user_id, 'canadmin'); + $verified=get_user_setting($user_id, 'verified'); + $approved=get_user_setting($user_id, 'verified_by_admin'); + if ($verified && $approved || $is_admin) { // Whenever we change our authorisation level change the session ID Zend_Session::regenerateId(); $_SESSION['wt_user'] = $user_id; AddToLog('Login successful', 'auth'); return $user_id; + } elseif (!$is_admin && !$verified) { + AddToLog('Login failed ->'.$user_name.'<- not verified', 'auth'); + return -1; + } elseif (!$is_admin && !$approved) { + AddToLog('Login failed ->'.$user_name.'<- not approved', 'auth'); + return -2; } + } else { + AddToLog('Login failed ->'.$user_name.'<- bad password', 'auth'); + return -3; } } - AddToLog('Login failed ->'.$user_name.'<-', 'auth'); - return false; + AddToLog('Login failed ->'.$user_name.'<- bad username', 'auth'); + return -4; } /** @@ -52,7 +52,20 @@ if (empty($url)) { $message=''; if ($action=='login') { - if ($user_id=authenticateUser($username, $password)) { + $user_id=authenticateUser($username, $password); + switch ($user_id) { + case -1: // not validated + $message=WT_I18N::translate('This account has not been verified. Please check your email for a verification message.'); + break; + case -2: // not approved + $message=WT_I18N::translate('This account has not been approved. Please wait for an administrator to approve it.'); + break; + case -3: // bad password + case -4: // bad username + $message=WT_I18N::translate('The username or password is incorrect.'); + break; + + default: // Success if ($usertime) { $_SESSION['usertime']=@strtotime($usertime); } else { @@ -105,10 +118,9 @@ if ($action=='login') { $url .= "&ged=".$ged; $url = str_replace(array("&&", ".php&", ".php?&"), array("&", ".php?", ".php?"), $url); + // Redirect to the target URL header('Location: '.WT_SERVER_NAME.WT_SCRIPT_PATH.$url); exit; - } else { - $message = WT_I18N::translate('Unable to authenticate user.'); } } else { $tSERVER_URL = preg_replace(array("'https?://'", "'www.'", "'/$'"), array("","",""), WT_SERVER_NAME.WT_SCRIPT_PATH); |
