aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-06-16 09:35:07 +0000
committermarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-06-16 09:35:07 +0000
commitaef2c0bd56406cee6b6e555d67a549c202afc5ad (patch)
tree5da7fc6f733cab092f9445c9c891ab0286d59bb0
parent4a25dfa6b3e9fabfb1ac0a13b89e609a1b59f548 (diff)
downloadelgg-aef2c0bd56406cee6b6e555d67a549c202afc5ad.tar.gz
elgg-aef2c0bd56406cee6b6e555d67a549c202afc5ad.tar.bz2
CLOSED - #27: Standard login system to go through PAM
http://trac.elgg.org/elgg/ticket/27 git-svn-id: https://code.elgg.org/elgg/trunk@927 36083f99-b078-4883-b0ff-0f9b5a30f544
-rw-r--r--engine/lib/sessions.php37
1 files changed, 29 insertions, 8 deletions
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index 66758084b..57a2e8743 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -52,17 +52,35 @@
*/
function authenticate($username, $password) {
-
- $dbpassword = md5($password);
-
- if ($user = get_user_by_username($username)) {
- if ($user->password == $dbpassword) {
- return $user;
- }
- }
+
+ if (pam_authenticate(array('username' => $username, 'password' => $password)))
+ return get_user_by_username($username);
return false;
+ }
+
+ /**
+ * Hook into the PAM system which accepts a username and password and attempts to authenticate
+ * it against a known user.
+ *
+ * @param array $credentials Associated array of credentials passed to pam_authenticate. This function expects
+ * 'username' and 'password' (cleartext).
+ */
+ function pam_auth_userpass($credentials = NULL)
+ {
+ if (is_array($credentials) && ($credentials['username']) && ($credentials['password']))
+ {
+ $dbpassword = md5($credentials['password']);
+
+ if ($user = get_user_by_username($credentials['username'])) {
+ if ($user->password == $dbpassword) {
+ return true;
+ }
+ }
+ }
+
+ return false;
}
/**
@@ -190,6 +208,9 @@
register_action("login",true);
register_action("logout");
+
+ // Register a default PAM handler
+ register_pam_handler('pam_auth_userpass');
return true;