CLOSED - #27: Standard login system to go through PAM

http://trac.elgg.org/elgg/ticket/27

git-svn-id: https://code.elgg.org/elgg/trunk@927 36083f99-b078-4883-b0ff-0f9b5a30f544

1 files changed, 29 insertions, 8 deletions

diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index 66758084b..57a2e8743 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -52,17 +52,35 @@
 	 */

 		

 		function authenticate($username, $password) {

-            

-            $dbpassword = md5($password);

-            

-            if ($user = get_user_by_username($username)) {

-                 if ($user->password == $dbpassword) {

-                 	return $user;

-                 }

-            }

+            
+			if (pam_authenticate(array('username' => $username, 'password' => $password)))
+				return get_user_by_username($username);

             

             return false;

 			

+		}
+		
+		/**
+		 * Hook into the PAM system which accepts a username and password and attempts to authenticate
+		 * it against a known user.
+		 *
+		 * @param array $credentials Associated array of credentials passed to pam_authenticate. This function expects
+		 * 		'username' and 'password' (cleartext).
+		 */
+		function pam_auth_userpass($credentials = NULL)
+		{
+			if (is_array($credentials) && ($credentials['username']) && ($credentials['password']))
+			{
+				$dbpassword = md5($credentials['password']);
+            
+	            if ($user = get_user_by_username($credentials['username'])) {
+	                 if ($user->password == $dbpassword) {
+	                 	return true;
+	                 }
+	            }
+			}
+			
+			return false;
 		}

 		

 	/**

@@ -190,6 +208,9 @@
 	        

 	        register_action("login",true);

     		register_action("logout");

+    		
+    		// Register a default PAM handler
+    		register_pam_handler('pam_auth_userpass');
     		

     		return true;