From 7811aa4409fef095f46ac121a340d2c8cb8c31a1 Mon Sep 17 00:00:00 2001 From: Tamas DAJKA Date: Sun, 15 Apr 2018 17:36:38 +0200 Subject: [PATCH 1/6] - added examples - added class to support auth - added credentials page support (Mantis support is needed to work!) --- SampleAuth.php | 67 ++++++++++++--- core/CustomAuthPlugin.php | 166 ++++++++++++++++++++++++++++++++++++++ pages/credentials.php | 56 +++++++++++++ pages/login.php | 33 +++++++- pages/logout.php | 11 ++- readme.md | 35 +++++++- 6 files changed, 347 insertions(+), 21 deletions(-) create mode 100644 core/CustomAuthPlugin.php create mode 100644 pages/credentials.php diff --git a/SampleAuth.php b/SampleAuth.php index 39f0e5b..33d0136 100644 --- a/SampleAuth.php +++ b/SampleAuth.php @@ -15,9 +15,9 @@ function register() { $this->description = plugin_lang_get( 'description' ); $this->page = ''; - $this->version = '0.1'; + $this->version = '0.2'; $this->requires = array( - 'MantisCore' => '2.3.0-dev', + 'MantisCore' => '2.14.0-dev', ); $this->author = 'MantisBT Team'; @@ -37,16 +37,23 @@ function hooks() { return $t_hooks; } + function config() { + return array( + # set to 'true', if the plugin can do autoprovisioning - otherwise only "known" users will be able to log in + 'autoprovision' => true, + # sets the access level configured by autoprov; defaults to system configures default access level + 'default_access_level' => config_get( 'default_new_account_access_level' ) + ); + } + function auth_user_flags( $p_event_name, $p_args ) { # Don't access DB if db_is_connected() is false. - $t_username = $p_args['username']; $t_user_id = $p_args['user_id']; - # If user is unknown, don't handle authentication for it, since this plugin doesn't do - # auto-provisioning - if( !$t_user_id ) { + # If user is unknown and autoprovision is not set, than don't handle authentication for it + if( !$t_user_id && ! plugin_config_get( 'autoprovision' ) ) { return null; } @@ -55,14 +62,29 @@ function auth_user_flags( $p_event_name, $p_args ) { return null; } - $t_access_level = user_get_access_level( $t_user_id, ALL_PROJECTS ); + if( $t_user_id ) { + $t_access_level = user_get_access_level( $t_user_id, ALL_PROJECTS ); - # Have administrators use default login flow - if( $t_access_level >= ADMINISTRATOR ) { + # Have administrators use default login flow + if( $t_access_level >= ADMINISTRATOR ) { return null; + } } - # for everybody else use the custom authentication + /* + * + * add any filter parameters here + * + * e.g. if you want the plugin to handle usernames only which contain '@': + * + * if ( ! preg_match('/^.*@.*$/',$t_username) ) { + * return null; + * } + * + * or to use this custom authenticateion for everybody else: + * + */ + $t_flags = new AuthFlags(); # Passwords managed externally for all users @@ -71,9 +93,28 @@ function auth_user_flags( $p_event_name, $p_args ) { # No one can use standard auth mechanism - # Override Login page and Logout Redirect - $t_flags->setCredentialsPage( helper_url_combine( plugin_page( 'login', /* redirect */ true ), 'username=' . $t_username ) ); - $t_flags->setLogoutRedirectPage( plugin_page( 'logout', /* redirect */ true ) ); + # Override Credentials, Authenticator page and Logout Redirect - see 'pages' subdirectory + /* + * + * custom Credentials Page for user. This is displayed after the user did input his username (and the username is known to Mantis or plugin is autoprov capable) + * + */ + //$t_flags->setCredentialsPage( helper_url_combine( plugin_page( 'credentials', /* redirect */ true ), 'username=' . $t_username ) ); + /* + * + * custom Authenticator Page for user. This is called, when the user entered both username and password in the standard MantisBT login flow + * username and password in $_POST + * + * Please NOTE: if you don't do any filtering - e.g. e-mail - than this will be the only Auth Plugin besides the built-in! Stacking is not (yes) supported + * + */ + $t_flags->setAuthenticatorPage( helper_url_combine( plugin_page( 'login', /* redirect */ true ), ( !empty($t_username) ? 'username=' . $t_username : '' ) ) ); + /* + * + * custom Logout Page for user. + * + */ + //$t_flags->setLogoutRedirectPage( plugin_page( 'logout', /* redirect */ true ) ); # No long term session for identity provider to be able to kick users out. $t_flags->setPermSessionEnabled( false ); diff --git a/core/CustomAuthPlugin.php b/core/CustomAuthPlugin.php new file mode 100644 index 0000000..efdd293 --- /dev/null +++ b/core/CustomAuthPlugin.php @@ -0,0 +1,166 @@ +. + * + * @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net + */ + +/** + * Class for dealing with custom authentication requests + * + * Class is written for demonstration purposes + * + * @copyright Tamas Dajka 2018 + * @author Tamas Dajka + * @link http://www.mantisbt.org + * @package MantisBT + * @subpackage classes + * @plugin SampleAuth + */ + +/* +* +* User API is needed for user auto provision +* +*/ +require_api( 'user_api.php' ); +require_api( 'email_api.php' ); + +class CustomAuthPlugin { + + /** + * Constructor + */ + function __construct() { + # spaceholder + } + + /** + * login + * + * @params: username, password + * @return: + * - false on login failure + * - username on login success + */ + function login($username,$password) { + /* + * + * Check access/auth in remote system + * + */ + if ( ! $this->auth($username,$password) ) { + return false; + } + + /* + * + * Should we autoprovision the user? + * + */ + if( plugin_config_get( 'autoprovision' ) ) { + /* + * Check if user exists, probably needs customization + */ + if( ! user_get_id_by_name($username) ) { + /* + * data needed for autorpovision: + * - username + * - password + * + * Optional params: + * + * - email + * - access_level (null) + * - protected (false) + * - enabled (true) + * - realname + * - admin_name + * + */ + + $user_data = $this->get_user_data($username); + + /* + * create user, but with empty e-mail => prevent mantis from sending signup e-mail + * we set a strong random password + */ + user_create( $username, auth_generate_random_password(24), '', $user_data['access_level'], false, true, $user_data['realname'] ); + /* + * Set user e-mail + */ + if( ! is_blank($user_data['email']) && email_is_valid($user_data['email']) && ( $t_user_id = user_get_id_by_name($username) ) ) { + user_set_field($t_user_id,'email',$user_data['email']); + } + } + } + + return $username; + } + + /** + * logout + * + * @return: bool + */ + function logout() { + # spaceholder + return true; + } + + /** + * collects user data from auth system + * + * @return: array() + */ + function get_user_data($username='') { + if ( empty($username) ) { + return array(); + } + + /* + * dummy data for now, access_level 25 is REPORTER -> see /core/constant_inc.php + */ + return array( 'username' => $username, 'email' => 'john.doe@gmail.com', 'access_level' => config_get( 'default_new_account_access_level' ), 'realname' => 'John Doe' ); + } + + /** + * Auth validity check + * + * @params: username, password + * @return: bool + */ + function auth($username,$password) { + if ( empty($username) || empty($password) ) { + return false; + } + + /* + * We should check for external auth here + * + * dummy return for now + */ + + # comment this out for testing or write your own + return false; + + if( $username == 'john.doe' && $password == 'Abc.123' ) { + return true; + } else { + return false; + } + } +} diff --git a/pages/credentials.php b/pages/credentials.php new file mode 100644 index 0000000..3c17cd1 --- /dev/null +++ b/pages/credentials.php @@ -0,0 +1,56 @@ + 1, + 'username' => $f_username, + ); + + if( !is_blank( 'return' ) ) { + $t_query_args['return'] = $t_return; + } + + if( $f_reauthenticate ) { + $t_query_args['reauthenticate'] = 1; + } + + $t_query_text = http_build_query( $t_query_args, '', '&' ); + // we will create a loop this way - this will redirect us again to this login page... + //$t_uri = auth_login_page( $t_query_text ); + // no "stack like" auth mechs, forcing default page on error + $t_uri = helper_url_combine( AUTH_PAGE_USERNAME, $t_query_args); + + print_header_redirect( $t_uri ); +} + +# Let user into MantisBT +auth_login_user( $t_user_id ); + +# Redirect to original page user wanted to access before authentication +if( !is_blank( $t_return ) ) { + print_header_redirect( 'login_cookie_test.php?return=' . $t_return ); +} + +# If no return page, redirect to default page +print_header_redirect( config_get( 'default_home_page' ) ); diff --git a/pages/login.php b/pages/login.php index 3bb29a7..dc8622a 100644 --- a/pages/login.php +++ b/pages/login.php @@ -6,13 +6,36 @@ require_api( 'authentication_api.php' ); require_api( 'user_api.php' ); -$f_username = gpc_get( 'username' ); +$f_username = gpc_get_string( 'username', '' ); +$f_password = gpc_get_string( 'password', '' ); $f_reauthenticate = gpc_get_bool( 'reauthenticate', false ); $f_return = gpc_get_string( 'return', config_get( 'default_home_page' ) ); $t_return = string_url( string_sanitize_url( $f_return ) ); -# TODO: use custom authentication method here. +$f_username = auth_prepare_username( $f_username ); +$f_password = auth_prepare_password( $f_password ); + +/* +* +* Log in the user with the custom class +* +* class should return username/false upon successful/failed login +* +*/ + +plugin_require_api( 'core/CustomAuthPlugin.php' ); +$cap = new CustomAuthPlugin(); +if ( ( $f_username = $cap->login($f_username,$f_password) ) ) { + /* + * + * All set, good to go + * + * if you want to assign the user to project(s) based on a criteria + * than this is the right palce. Don't forget to check if it's already assigned + * + */ +} $t_user_id = is_blank( $f_username ) ? false : user_get_id_by_name( $f_username ); @@ -31,8 +54,10 @@ } $t_query_text = http_build_query( $t_query_args, '', '&' ); - - $t_uri = auth_login_page( $t_query_text ); + // we will create a loop this way - this will redirect us again to this login page... + //$t_uri = auth_login_page( $t_query_text ); + // no "stack like" auth mechs, forcing default page on error + $t_uri = helper_url_combine( AUTH_PAGE_USERNAME, $t_query_args); print_header_redirect( $t_uri ); } diff --git a/pages/logout.php b/pages/logout.php index 1b9d0c4..1d18f70 100644 --- a/pages/logout.php +++ b/pages/logout.php @@ -6,6 +6,15 @@ require_api( 'authentication_api.php' ); # User is already logged out from Mantis -# TODO: logout from external identity provider +# TODO by the plugin: logout from external identity provider if necessary or redirect to custom page +/** +* +* plugin_require_api( 'core/CustomAuthPlugin.php' ); +* $cap = new CustomAuthPlugin(); +* $cap->logout(); +* +*/ + +# default redirect to Mantis login page print_header_redirect( auth_login_page(), true, false ); diff --git a/readme.md b/readme.md index f3f5efa..24dbbe4 100644 --- a/readme.md +++ b/readme.md @@ -1,5 +1,9 @@ # SampleAuth Plugin +# +# Autoprov and authenticator support added by Tamas Dajka (viper@vipernet.hu) +# + This is a sample authentication plugin showing how a MantisBT authentication plugin can implement its own authentication and control authentication related flags on a per user basis. The authentication mechanism implemented by this plugin works as follows: @@ -11,14 +15,19 @@ Users that are auto-signed in, can't manage or use passwords that are stored in The plugin can be easily modified to redirect to an identity provider and validate the token returned or validate a username and password against a database or LDAP. +## Config parameters +- `autoprovision` set to 'true', if the plugin can do autoprovisioning - otherwise only "known" users will be able to log in +- `default_access_level` sets the access level configured by autoprov; defaults to system configures default access level + ## Authentication Flags The authentication flags events enables the plugin to control MantisBT core authentication behavior on a per user basis. Plugins can also show their own pages to accept credentials from the user. - `password_managed_elsewhere_message` message to show in MantisBT UI to indicate that password is managed externally. If left blank or not set, the default message will be used. - `can_use_standard_login` true then standard password form and validation is used, false: otherwise. -- `login_page` Custom login page to use. -- `credential_apge` The page to show to ask the user for their credential. +- `login_page` Custom login page to use. Will be called, if Mantis fails to authenticate the user against it's own mechanisms +- `credential_page` The page to show to ask the user for their credential. +- `authenticator_page` The page to validate the username AND password - `logout_page` Custom logout page to use. - `logout_redirect_page` Page to redirect to after user is logged out. - `session_lifetime` Default session lifetime in seconds or 0 for browser session. @@ -36,6 +45,26 @@ the user typed in the first login page that asks for username. If plugin doesn't want to handle a specific user, it should return null. Otherwise, it should return the `AuthFlags` with the overriden settings. +## Options/Setup possibilities + +If you want to use multiple auth backends, than you'll have to do filtering. You'll have two possibilities to do so: +- use authenticator_page and setup the login there +- setup filtering in class and have multiple instances of the class (not yet tested) + +1) Set login_page +- if you set the login page, than the user will be validated after Mantis runs login.php. It's difficult to properly set up, due to Mantis logic +- only works, if the user is known to Mantis. Autoprovisioning is not possible. + +2) Set credential_page +- you'll be able to use SSO or orher 3rd party auth provider +- this is called, once Mantis asks for the username +- you'll have to ask for the user's password +- will only work, if the user is known to Mantis OR you set up and turn on autoprovisioning! + +3) Set authenticator_page +- you'll make use of Mantis built in login mech (username/password page) +- you'll have to use your own method to authenticate the user, with the possibility of autoprovision it (and assign to projects, etc) + ## Screenshots Native Login Page for Username @@ -51,4 +80,4 @@ User My Account Page ![Profile Page](doc/sample_auth_no_password_change.png "Profile Page") ## Dependencies -MantisBT v2.3.0-dev once auth plugin support is added. +MantisBT v2.14.0-dev once authenticator and autoprovision support is added. From 2a18ba2e56689194dc8a1684a62fe30b370e6e61 Mon Sep 17 00:00:00 2001 From: Tamas DAJKA Date: Sun, 15 Apr 2018 18:36:15 +0200 Subject: [PATCH 2/6] added Mantis Authflow description; minor formatting changes --- readme.md | 41 +++++++++++++++++++++++++---------------- 1 file changed, 25 insertions(+), 16 deletions(-) diff --git a/readme.md b/readme.md index 24dbbe4..5818ffc 100644 --- a/readme.md +++ b/readme.md @@ -1,14 +1,12 @@ # SampleAuth Plugin -# -# Autoprov and authenticator support added by Tamas Dajka (viper@vipernet.hu) -# - This is a sample authentication plugin showing how a MantisBT authentication plugin can implement its own authentication and control authentication related flags on a per user basis. +Autoprov and authenticator support added by Tamas Dajka (viper@vipernet.hu) + The authentication mechanism implemented by this plugin works as follows: - If user is administrator, use standard authentication. -- If user is not registered in the db, user standard behavior. +- If user is not registered in the db, use standard behavior; or if autoprovision is set then provision the user - Otherwise, auto-signin the user without a password. Users that are auto-signed in, can't manage or use passwords that are stored in the MantisBT database. @@ -51,19 +49,30 @@ If you want to use multiple auth backends, than you'll have to do filtering. You - use authenticator_page and setup the login there - setup filtering in class and have multiple instances of the class (not yet tested) -1) Set login_page -- if you set the login page, than the user will be validated after Mantis runs login.php. It's difficult to properly set up, due to Mantis logic -- only works, if the user is known to Mantis. Autoprovisioning is not possible. +1. Set login_page + - if you set the login page, than the user will be validated after Mantis runs login.php. It's difficult to properly set up, due to Mantis logic + - only works, if the user is known to Mantis. Autoprovisioning is not possible. + +2. Set credential_page + - you'll be able to use SSO or orher 3rd party auth provider + - this is called, once Mantis asks for the username + - you'll have to ask for the user's password + - will only work, if the user is known to Mantis OR you set up and turn on autoprovisioning! + +3. Set authenticator_page + - you'll make use of Mantis built in login mech (username/password page) + - you'll have to use your own method to authenticate the user, with the possibility of autoprovision it (and assign to projects, etc) + + +## About Mantis login flow -2) Set credential_page -- you'll be able to use SSO or orher 3rd party auth provider -- this is called, once Mantis asks for the username -- you'll have to ask for the user's password -- will only work, if the user is known to Mantis OR you set up and turn on autoprovisioning! +The following describes the standard login flow of Mantis; if user is not logged in, then login_page is shown to aquire the username. -3) Set authenticator_page -- you'll make use of Mantis built in login mech (username/password page) -- you'll have to use your own method to authenticate the user, with the possibility of autoprovision it (and assign to projects, etc) +- Login Page to aquire username +- Username is sent to Login Password page + - if CredentialsPage authflag is set, then user is redirected to it _(please note, user must be known to Mantis or user autoprovision must be configured and enabled)_ + - if AuthenticatorPage authflag is set then the password is aquired, but all data is POST-ed to the page provided +- Username and Password is POST-ed to login.php, which validates the data. If you set LoginPage authflag, than the user will be redirected to it, if her/his credentials (password) were not valid _(NOTE that user must be known to Mantis for this to work!)_ ## Screenshots From d252c5619c3249efe9b06ce93e171471204c6c58 Mon Sep 17 00:00:00 2001 From: Tamas DAJKA Date: Tue, 12 Jun 2018 23:05:46 +0200 Subject: [PATCH 3/6] modified user creation: this DEMO will change $g_allow_blank_email to disable signup e-mails when doing autoprov some minor tidyup --- core/CustomAuthPlugin.php | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/core/CustomAuthPlugin.php b/core/CustomAuthPlugin.php index efdd293..83d9d20 100644 --- a/core/CustomAuthPlugin.php +++ b/core/CustomAuthPlugin.php @@ -21,7 +21,16 @@ /** * Class for dealing with custom authentication requests * - * Class is written for demonstration purposes + * + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * + * Class is written for demonstration purposes ONLY!!! + * + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! * * @copyright Tamas Dajka 2018 * @author Tamas Dajka @@ -56,7 +65,7 @@ function __construct() { * - false on login failure * - username on login success */ - function login($username,$password) { + function login( $username, $password ) { /* * * Check access/auth in remote system @@ -92,18 +101,25 @@ function login($username,$password) { * */ - $user_data = $this->get_user_data($username); + $user_data = $this->get_user_data( $username ); /* * create user, but with empty e-mail => prevent mantis from sending signup e-mail - * we set a strong random password + * we set a strong random password + * + * To get this work, you either have to set $g_allow_blank_email = ON, or change the value here on-the-fly (don't forget to set it back) + * */ + $original_g_allow_blank_email = config_get( 'allow_blank_email' ); + config_set_global( '$allow_blank_email', 'ON' ); user_create( $username, auth_generate_random_password(24), '', $user_data['access_level'], false, true, $user_data['realname'] ); + config_set_global('$allow_blank_email', $original_g_allow_blank_email ); + /* * Set user e-mail */ - if( ! is_blank($user_data['email']) && email_is_valid($user_data['email']) && ( $t_user_id = user_get_id_by_name($username) ) ) { - user_set_field($t_user_id,'email',$user_data['email']); + if( !is_blank( $user_data['email'] ) && email_is_valid( $user_data['email'] ) && ( $t_user_id = user_get_id_by_name( $username ) ) ) { + user_set_field( $t_user_id,'email', $user_data['email'] ); } } } @@ -126,7 +142,7 @@ function logout() { * * @return: array() */ - function get_user_data($username='') { + function get_user_data( $username = '' ) { if ( empty($username) ) { return array(); } @@ -143,8 +159,8 @@ function get_user_data($username='') { * @params: username, password * @return: bool */ - function auth($username,$password) { - if ( empty($username) || empty($password) ) { + function auth( $username, $password ) { + if ( empty( $username ) || empty( $password ) ) { return false; } From d1094390f5d037fefc1fcd27c11545e2134913f6 Mon Sep 17 00:00:00 2001 From: Tamas DAJKA Date: Wed, 13 Jun 2018 09:59:57 +0200 Subject: [PATCH 4/6] config_set fix + code ident fix --- core/CustomAuthPlugin.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/CustomAuthPlugin.php b/core/CustomAuthPlugin.php index 83d9d20..5566296 100644 --- a/core/CustomAuthPlugin.php +++ b/core/CustomAuthPlugin.php @@ -111,9 +111,9 @@ function login( $username, $password ) { * */ $original_g_allow_blank_email = config_get( 'allow_blank_email' ); - config_set_global( '$allow_blank_email', 'ON' ); + config_set_global( '$allow_blank_email', ON ); user_create( $username, auth_generate_random_password(24), '', $user_data['access_level'], false, true, $user_data['realname'] ); - config_set_global('$allow_blank_email', $original_g_allow_blank_email ); + config_set_global( 'allow_blank_email', $original_g_allow_blank_email ); /* * Set user e-mail From 9feb9b4c086f7300aaa764d8112bed9cf8e99d65 Mon Sep 17 00:00:00 2001 From: Tamas DAJKA Date: Wed, 13 Jun 2018 10:06:13 +0200 Subject: [PATCH 5/6] damn typo, don't program late. --- core/CustomAuthPlugin.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/CustomAuthPlugin.php b/core/CustomAuthPlugin.php index 5566296..fffb69e 100644 --- a/core/CustomAuthPlugin.php +++ b/core/CustomAuthPlugin.php @@ -111,7 +111,7 @@ function login( $username, $password ) { * */ $original_g_allow_blank_email = config_get( 'allow_blank_email' ); - config_set_global( '$allow_blank_email', ON ); + config_set_global( 'allow_blank_email', ON ); user_create( $username, auth_generate_random_password(24), '', $user_data['access_level'], false, true, $user_data['realname'] ); config_set_global( 'allow_blank_email', $original_g_allow_blank_email ); From 5c96390b62de894a25b7c49f102e7a75a03ac9df Mon Sep 17 00:00:00 2001 From: Tamas DAJKA Date: Sun, 24 May 2020 14:06:10 +0200 Subject: [PATCH 6/6] Changed requested things for PR --- SampleAuth.php | 4 ++-- core/CustomAuthPlugin.php | 11 ++++++----- pages/login.php | 2 +- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/SampleAuth.php b/SampleAuth.php index 33d0136..d8c3411 100644 --- a/SampleAuth.php +++ b/SampleAuth.php @@ -105,10 +105,10 @@ function auth_user_flags( $p_event_name, $p_args ) { * custom Authenticator Page for user. This is called, when the user entered both username and password in the standard MantisBT login flow * username and password in $_POST * - * Please NOTE: if you don't do any filtering - e.g. e-mail - than this will be the only Auth Plugin besides the built-in! Stacking is not (yes) supported + * Please NOTE: if you don't do any filtering - e.g. e-mail - than this will be the only Auth Plugin besides the built-in! Stacking is not (yet) supported * */ - $t_flags->setAuthenticatorPage( helper_url_combine( plugin_page( 'login', /* redirect */ true ), ( !empty($t_username) ? 'username=' . $t_username : '' ) ) ); + $t_flags->setAuthenticatorPage( helper_url_combine( plugin_page( 'login', /* redirect */ true ), ( !empty($t_username) ? 'username=' . urlencode($t_username) : '' ) ) ); /* * * custom Logout Page for user. diff --git a/core/CustomAuthPlugin.php b/core/CustomAuthPlugin.php index fffb69e..820fa25 100644 --- a/core/CustomAuthPlugin.php +++ b/core/CustomAuthPlugin.php @@ -71,7 +71,7 @@ function login( $username, $password ) { * Check access/auth in remote system * */ - if ( ! $this->auth($username,$password) ) { + if ( !$this->auth($username,$password) ) { return false; } @@ -101,7 +101,7 @@ function login( $username, $password ) { * */ - $user_data = $this->get_user_data( $username ); + $t_user_data = $this->get_user_data( $username ); /* * create user, but with empty e-mail => prevent mantis from sending signup e-mail @@ -112,14 +112,14 @@ function login( $username, $password ) { */ $original_g_allow_blank_email = config_get( 'allow_blank_email' ); config_set_global( 'allow_blank_email', ON ); - user_create( $username, auth_generate_random_password(24), '', $user_data['access_level'], false, true, $user_data['realname'] ); + user_create( $username, auth_generate_random_password(24), '', $t_user_data['access_level'], false, true, $t_user_data['realname'] ); config_set_global( 'allow_blank_email', $original_g_allow_blank_email ); /* * Set user e-mail */ - if( !is_blank( $user_data['email'] ) && email_is_valid( $user_data['email'] ) && ( $t_user_id = user_get_id_by_name( $username ) ) ) { - user_set_field( $t_user_id,'email', $user_data['email'] ); + if( !is_blank( $t_user_data['email'] ) && email_is_valid( $t_user_data['email'] ) && ( $t_user_id = user_get_id_by_name( $username ) ) ) { + user_set_field( $t_user_id,'email', $t_user_data['email'] ); } } } @@ -173,6 +173,7 @@ function auth( $username, $password ) { # comment this out for testing or write your own return false; + /* example authentication */ if( $username == 'john.doe' && $password == 'Abc.123' ) { return true; } else { diff --git a/pages/login.php b/pages/login.php index dc8622a..559ec94 100644 --- a/pages/login.php +++ b/pages/login.php @@ -32,7 +32,7 @@ * All set, good to go * * if you want to assign the user to project(s) based on a criteria - * than this is the right palce. Don't forget to check if it's already assigned + * than this is the right place. Don't forget to check if it's already assigned * */ }