[Jaws-commits] r13352 - trunk/jaws/html/include/Jaws

afz at jaws-project.com afz at jaws-project.com
Fri Aug 10 06:01:18 UTC 2012


Author: afz
Date: 2012-08-10 06:01:18 +0000 (Fri, 10 Aug 2012)
New Revision: 13352

Modified:
   trunk/jaws/html/include/Jaws/User.php
Log:
Check logon hours when user try login to system

Modified: trunk/jaws/html/include/Jaws/User.php
===================================================================
--- trunk/jaws/html/include/Jaws/User.php	2012-08-09 19:49:54 UTC (rev 13351)
+++ trunk/jaws/html/include/Jaws/User.php	2012-08-10 06:01:18 UTC (rev 13352)
@@ -44,7 +44,7 @@
      */
     function Valid($user, $password, $onlyAdmin = false)
     {
-        $params         = array();
+        $params = array();
         $params['user'] = Jaws_UTF8::strtolower($user);
         $GLOBALS['db']->dbc->loadModule('Function', null, true);
         $username = $GLOBALS['db']->dbc->function->lower('[username]');
@@ -63,12 +63,7 @@
         }
 
         if (isset($result['id'])) {
-            if ($onlyAdmin && !$result['superadmin']) {
-                return Jaws_Error::raiseError(_t('GLOBAL_ERROR_LOGIN_ONLY_ADMIN'),
-                                              __FUNCTION__,
-                                              JAWS_ERROR_NOTICE);
-            }
-
+            // bad_passwd_count & lockedout time
             if ($result['bad_passwd_count'] >= $GLOBALS['app']->Registry->Get('/policy/passwd_bad_count') &&
                ((time() - $result['last_access']) <= $GLOBALS['app']->Registry->Get('/policy/passwd_lockedout_time')))
             {
@@ -77,27 +72,47 @@
                                               JAWS_ERROR_NOTICE);
             }
 
+            // password
             // compare md5ed password for backward compatibility
             if ($result['passwd'] === Jaws_User::GetHashedPassword($password, $result['passwd']) ||
                 trim($result['passwd']) === md5($password))
             {
+                // only superadmin
+                if ($onlyAdmin && !$result['superadmin']) {
+                    return Jaws_Error::raiseError(_t('GLOBAL_ERROR_LOGIN_ONLY_ADMIN'),
+                                                  __FUNCTION__,
+                                                  JAWS_ERROR_NOTICE);
+                }
+
+                // status
                 if ($result['status'] !== 1) {
                     return Jaws_Error::raiseError(_t('GLOBAL_ERROR_LOGIN_STATUS_'. $result['status']),
                                                   __FUNCTION__,
                                                   JAWS_ERROR_NOTICE);
                 }
 
+                // expiry date
                 if (!empty($result['expiry_date']) && $result['expiry_date'] <= time()) {
                     return Jaws_Error::raiseError(_t('GLOBAL_ERROR_LOGIN_EXPIRED'),
                                                   __FUNCTION__,
                                                   JAWS_ERROR_NOTICE);
                 }
 
+                // logon hours
+                $wdhour = explode(',', $GLOBALS['app']->UTC2UserTime(time(), 'w,G'));
+                $lhByte = hexdec($result['logon_hours']{$wdhour[0]*6 + floor($wdhour[1]/4)});
+                if ((pow(2, fmod($wdhour[1], 4)) & $lhByte) == 0) {
+                    return Jaws_Error::raiseError(_t('GLOBAL_ERROR_LOGIN_LOGON_HOURS'),
+                                                  __FUNCTION__,
+                                                  JAWS_ERROR_NOTICE);
+                }
+
                 return array('id' => $result['id'],
                             'superadmin' => $result['superadmin'],
                             'concurrent_logins' => $result['concurrent_logins']);
 
             } else {
+                // bad_passwd_count + 1
                 $params['id']          = $result['id'];
                 $params['bad_count']   = $result['bad_passwd_count'] + 1;
                 $params['last_access'] = time();



More information about the Jaws-commits mailing list