check local auth first, then remote auth methods, eg. imap, pop3, ...

Signed-off-by: Janos SUTO <sj@acts.hu>
This commit is contained in:
Janos SUTO 2018-05-13 08:53:16 +02:00
parent d975966a7a
commit 2331cd7546

View File

@ -20,7 +20,6 @@ class ModelUserAuth extends Model {
public function checkLogin($username = '', $password = '') { public function checkLogin($username = '', $password = '') {
$session = Registry::get('session');
$ok = 0; $ok = 0;
$imap_server = array(); $imap_server = array();
@ -37,13 +36,20 @@ class ModelUserAuth extends Model {
$data['emails'] = array(); $data['emails'] = array();
$data['folders'] = array(); $data['folders'] = array();
if($username == '' || $password == '') { return 0; } if($username == '' || $password == '') { return $ok; }
if(CUSTOM_PRE_AUTH_FUNCTION && function_exists(CUSTOM_PRE_AUTH_FUNCTION)) { if(CUSTOM_PRE_AUTH_FUNCTION && function_exists(CUSTOM_PRE_AUTH_FUNCTION)) {
call_user_func(CUSTOM_PRE_AUTH_FUNCTION, $username); call_user_func(CUSTOM_PRE_AUTH_FUNCTION, $username);
} }
// Check the fallback login first to prevent sending local account
// data (admin@local or auditor@local passwords) to remote imap, etc. servers.
$ok = $this->checkFallbackLogin($username, $password, $data);
if($ok == 1) { return $ok; }
if(ENABLE_LDAP_AUTH == 1) { if(ENABLE_LDAP_AUTH == 1) {
$ok = $this->checkLoginAgainstLDAP($username, $password, $data); $ok = $this->checkLoginAgainstLDAP($username, $password, $data);
if($ok == 1) { if($ok == 1) {
@ -86,7 +92,14 @@ class ModelUserAuth extends Model {
} }
} }
// fallback local auth return $ok;
}
// fallback local auth
private function checkFallbackLogin(username = '', $password = '', $data = array()) {
$session = Registry::get('session');
$query = $this->db->query("SELECT u.username, u.uid, u.realname, u.dn, u.password, u.isadmin, u.domain FROM " . TABLE_USER . " u, " . TABLE_EMAIL . " e WHERE e.email=? AND e.uid=u.uid", array($username)); $query = $this->db->query("SELECT u.username, u.uid, u.realname, u.dn, u.password, u.isadmin, u.domain FROM " . TABLE_USER . " u, " . TABLE_EMAIL . " e WHERE e.email=? AND e.uid=u.uid", array($username));