You are here

Home » API reference » LDAP integration 5 » ldapauth.module

function _ldapauth_user_authenticate in LDAP integration 5

Same name and namespace in other branches
  1. 5.2 ldapauth.module \_ldapauth_user_authenticate()
1 call to _ldapauth_user_authenticate()
ldapauth_login_validate in ./ldapauth.module

File

./ldapauth.module, line 900

Code

function _ldapauth_user_authenticate($name, $pass) {
  global $user, $ldapauth_ldap;
  if ($account = user_load(array(
    'name' => $name,
    'pass' => $pass,
    'status' => 1,
  ))) {
    if (drupal_is_denied('mail', $account->mail)) {
      form_set_error('name', t('The name %name is registered using a reserved e-mail address and therefore could not be logged in.', array(
        '%name' => $account->name,
      )));
      return;
    }
  }

  // (Design decision) uid=1 (admin user) must always authenticate to local database
  // this user is critical for all drupal admin and upgrade operations so it is best
  // left with drupal's native authentication
  $result = db_query("SELECT uid FROM {users} WHERE name = '%s'", $name);
  if (($_user = db_fetch_object($result)) && $_user->uid == 1) {
    $user = user_authenticate($name, $pass);
  }
  else {

    // http://drupal.org/node/113884
    if (variable_get('ldap_login_process', LDAP_FIRST_DRUPAL) != LDAP_FIRST_LDAP) {

      // authenticate local users first
      $result = db_query("SELECT name,data FROM {users} WHERE name='%s'", $name);
      $local_user_count = db_num_rows($result);
      $data = db_fetch_array($result);
      $data = unserialize($data['data']);
      if ($local_user_count > 0 && (!isset($data['ldap_authentified']) || $data['ldap_authentified'] == 0)) {

        // a local user with same name exists -- authenticate that user
        // nullify global ldap resource for good measure
        $ldapauth_ldap = "";
        $user = user_authenticate($name, $pass);
      }
      else {

        // no such local user - check ldap
        if (ldapauth_auth($name, $pass, null)) {

          // login successful - user exists in LDAP - if not registered in LDAP, register; set cookie
          $user = _ldapauth_save_user($name, $pass);
        }
      }
    }
    else {

      // direct ldap authentication - check with ldap
      if (ldapauth_auth($name, $pass, null)) {

        // login successful - user exists in LDAP - if not registered in LDAP, register; set cookie
        $user = _ldapauth_save_user($name, $pass);
      }
    }
  }
  return $user;
}