From 4a051c0ffe31bdc5c9cf76284fd4116d0566693e Mon Sep 17 00:00:00 2001 From: fisharebest Date: Wed, 2 Nov 2011 21:13:10 +0000 Subject: Provide feedback for login when username/password is correct, but account is not verified or approved. --- includes/authentication.php | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) (limited to 'includes') diff --git a/includes/authentication.php b/includes/authentication.php index 9484f0fc93..73f60b1411 100644 --- a/includes/authentication.php +++ b/includes/authentication.php @@ -35,16 +35,10 @@ if (!defined('WT_WEBTREES')) { exit; } -/** - * authenticate a username and password - * - * This function takes the given $username and $password and authenticates - * them against the database. The passwords are encrypted using the crypt() function. - * The username is stored in the $_SESSION["wt_user"] session variable. - * @param string $user_name the username for the user attempting to login - * @param string $password the plain text password to test - * @return the user_id if successful, false otherwise - */ +// authenticate a username and password +// +// On success, store the user-id in the session and return it +// On failure, return an error code function authenticateUser($user_name, $password) { // If we were already logged in, log out first if (getUserId()) { @@ -53,17 +47,29 @@ function authenticateUser($user_name, $password) { if ($user_id=get_user_id($user_name)) { if (check_user_password($user_id, $password)) { - if (get_user_setting($user_id, 'verified') && get_user_setting($user_id, 'verified_by_admin') || get_user_setting($user_id, 'canadmin')) { + $is_admin=get_user_setting($user_id, 'canadmin'); + $verified=get_user_setting($user_id, 'verified'); + $approved=get_user_setting($user_id, 'verified_by_admin'); + if ($verified && $approved || $is_admin) { // Whenever we change our authorisation level change the session ID Zend_Session::regenerateId(); $_SESSION['wt_user'] = $user_id; AddToLog('Login successful', 'auth'); return $user_id; + } elseif (!$is_admin && !$verified) { + AddToLog('Login failed ->'.$user_name.'<- not verified', 'auth'); + return -1; + } elseif (!$is_admin && !$approved) { + AddToLog('Login failed ->'.$user_name.'<- not approved', 'auth'); + return -2; } + } else { + AddToLog('Login failed ->'.$user_name.'<- bad password', 'auth'); + return -3; } } - AddToLog('Login failed ->'.$user_name.'<-', 'auth'); - return false; + AddToLog('Login failed ->'.$user_name.'<- bad username', 'auth'); + return -4; } /** -- cgit v1.3