function _securesite_digest_auth in Secure Site 7.2
Same name and namespace in other branches
- 6.2 securesite.inc \_securesite_digest_auth()
Perform digest authentication.
1 string reference to '_securesite_digest_auth'
- _securesite_boot in ./
securesite.inc - Boot with selected authentication mechanism.
File
- ./
securesite.inc, line 76 - Secure Site log-in functions.
Code
function _securesite_digest_auth($edit) {
global $user;
$realm = variable_get('securesite_realm', variable_get('site_name', 'Drupal'));
$header = _securesite_digest_validate($status, array(
'data' => $_SERVER['PHP_AUTH_DIGEST'],
'method' => $_SERVER['REQUEST_METHOD'],
'uri' => request_uri(),
'realm' => $realm,
));
$users = user_load_multiple(array(), array(
'name' => $edit['name'],
'status' => 1,
));
$account = reset($users);
if (empty($account->uid)) {
// Not a registered user. See if we have guest user credentials.
switch ($status) {
case 1:
drupal_add_http_header('Status', '400 Bad Request');
_securesite_dialog(securesite_type_get());
break;
case 0:
// Password is correct. Log user in.
drupal_add_http_header($header['name'], $header['value']);
$edit['pass'] = variable_get('securesite_guest_pass', '');
default:
_securesite_guest_login($edit);
break;
}
}
else {
switch ($status) {
case 0:
// Password is correct. Log user in.
drupal_add_http_header($header['name'], $header['value']);
_securesite_user_login($edit, $account);
break;
case 2:
// Password not stored. Request credentials using next most secure authentication method.
$mechanism = _securesite_mechanism();
$types = variable_get('securesite_type', array(
SECURESITE_BASIC,
));
rsort($types);
foreach ($types as $type) {
if ($type < $mechanism) {
break;
}
}
watchdog('user', 'Secure log-in failed for %user.', array(
'%user' => $edit['name'],
));
drupal_set_message(t('Secure log-in failed. Please try again.'), 'error');
_securesite_dialog($type);
break;
case 1:
drupal_add_http_header('Status', '400 Bad Request');
default:
// Authentication failed. Request credentials using most secure authentication method.
watchdog('user', 'Log-in attempt failed for %user.', array(
'%user' => $edit['name'],
));
drupal_set_message(t('Unrecognized user name and/or password.'), 'error');
_securesite_dialog(securesite_type_get());
break;
}
}
}