From aef2c0bd56406cee6b6e555d67a549c202afc5ad Mon Sep 17 00:00:00 2001 From: marcus Date: Mon, 16 Jun 2008 09:35:07 +0000 Subject: CLOSED - #27: Standard login system to go through PAM http://trac.elgg.org/elgg/ticket/27 git-svn-id: https://code.elgg.org/elgg/trunk@927 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/sessions.php | 37 +++++++++++++++++++++++++++++-------- 1 file changed, 29 insertions(+), 8 deletions(-) (limited to 'engine') diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php index 66758084b..57a2e8743 100644 --- a/engine/lib/sessions.php +++ b/engine/lib/sessions.php @@ -52,17 +52,35 @@ */ function authenticate($username, $password) { - - $dbpassword = md5($password); - - if ($user = get_user_by_username($username)) { - if ($user->password == $dbpassword) { - return $user; - } - } + + if (pam_authenticate(array('username' => $username, 'password' => $password))) + return get_user_by_username($username); return false; + } + + /** + * Hook into the PAM system which accepts a username and password and attempts to authenticate + * it against a known user. + * + * @param array $credentials Associated array of credentials passed to pam_authenticate. This function expects + * 'username' and 'password' (cleartext). + */ + function pam_auth_userpass($credentials = NULL) + { + if (is_array($credentials) && ($credentials['username']) && ($credentials['password'])) + { + $dbpassword = md5($credentials['password']); + + if ($user = get_user_by_username($credentials['username'])) { + if ($user->password == $dbpassword) { + return true; + } + } + } + + return false; } /** @@ -190,6 +208,9 @@ register_action("login",true); register_action("logout"); + + // Register a default PAM handler + register_pam_handler('pam_auth_userpass'); return true; -- cgit v1.2.3