r1613 + make hash ext test more complete
authorDenis Ovsienko <infrastation@yandex.ru>
Tue, 29 Jan 2008 18:18:51 +0000 (18:18 +0000)
committerDenis Ovsienko <infrastation@yandex.ru>
Tue, 29 Jan 2008 18:18:51 +0000 (18:18 +0000)
+ split SQL and LDAP auth functions

inc/auth.php

index b9767edd1d7dfce9ad25dd406d1dd42194a56467..56bbd0146151981da7bee39a1ca8ddee44491487 100644 (file)
@@ -9,11 +9,6 @@ Authentication library for RackTables.
 // username and password.
 function authenticate ()
 {
-       if (array_search (PASSWORD_HASH, hash_algos()) === FALSE)
-       {
-               showError ('Password hash not supported, authentication impossible.', __FUNCTION__);
-               die();
-       }
        if
        (
                !isset ($_SERVER['PHP_AUTH_USER']) or
@@ -44,10 +39,49 @@ function authorize ()
 function authenticated ($username, $password)
 {
        global $accounts;
-       if (!isset ($accounts[$username]['user_password_hash']))
-               return FALSE;
        if ($accounts[$username]['user_enabled'] != 'yes')
                return FALSE;
+       // Always authenticate the administrator locally, thus giving him a chance
+       // to fix broken installation.
+       if ($accounts[$username]['user_id'] == 1)
+               return authenticated_via_database ($username, $password);
+       switch (getConfigVar ('USER_AUTH_SRC'))
+       {
+               case 'database':
+                       return authenticated_via_database ($username, $password);
+                       break;
+               case 'ldap':
+                       return authenticated_via_ldap ($username, $password);
+                       break;
+               default:
+                       showError ("Unknown user authentication source configured.", __FUNCTION__);
+                       return FALSE;
+                       break;
+       }
+       // and just to be sure...
+       return FALSE;
+}
+
+function authenticated_via_ldap ($username, $password)
+{
+       return FALSE;
+}
+
+function authenticated_via_database ($username, $password)
+{
+       global $accounts;
+       if (!defined ('HASH_HMAC'))
+       {
+               showError ('Fatal error: PHP hash extension is missing', __FUNCTION__);
+               die();
+       }
+       if (array_search (PASSWORD_HASH, hash_algos()) === FALSE)
+       {
+               showError ('Password hash not supported, authentication impossible.', __FUNCTION__);
+               die();
+       }
+       if (!isset ($accounts[$username]['user_password_hash']))
+               return FALSE;
        if ($accounts[$username]['user_password_hash'] == hash (PASSWORD_HASH, $password))
                return TRUE;
        return FALSE;