Commit d250d9b4 authored by Nigel McNie's avatar Nigel McNie Committed by Nigel McNie
Browse files

Catch correct type of exception when loading config.

parent f84bf953
......@@ -80,4 +80,127 @@ abstract class Auth {
}
/**
* Performs an authentication attempt, by cycling through all of the available
* authentication methods allowed for the user.
*
*/
function authenticate_user($username, $password, $institute) {
//
// Implementation:
//
// Well, institutes are tied to a particular authentication method - ONE particular authentication method
// And users are tied to an institution
// So they have ONE go at authentication, not like the rubbish mentioned in the technical spec.
// So, the algorithm should be roughly:
//
// based on the institute, get the auth method
// include the auth method implementation
// try {
// authenticate the user using username, password
// }
// catch (whothehellisthisexception) {
// return appropriate message
// }
// catch (wrongpasswordexception) {
// return appropriate message
// }
//
// all happy, return OK
//
//
// So, how is this function called exactly?
//
// Well, the login pages are generally completely transient, which means that once this is
// called successfully, the get and post information needs to be sent back to where we came
// from, which is the page name itself.
//
// Basically, in init.php or similar:
//
// do_authentication();
//
// do_authentication:
// if user logged in (check session data)
// if session timed out or otherwise invalid
// display login form
// else
// all good, continue
// elseif has correct guest key
// all good
// else
// display login form
//
// if user logged in (check session data) == this function
}
/**
* So how will this work? written above.
* try {
* authenticate();
* }
* catch (AuthenticationException $e) {
* // can't authenticate again, something bad happened
* // fall through to the default exception handler where this is a default, or otherwise exit the script
*/
function auth_setup () {
// auth stuff is run before init.php finishes, and index.php does the check
// for install. So this function might need to detect not installed and skip
// logging in
if (!session_id()) {
@session_start();
if (!session_id()) {
throw new AuthException('Could not start a session. Perhaps '
. 'something has been output before the page begins?');
}
}
$s =& $_SESSION;
$username = clean_requestdata('login_username', PARAM_ALPHA);
$password = clean_requestdata('login_password', PARAM_ALPHA);
if (!get_config('version')) {
// Not installed, so let the user through
log_dbg('system not installed, letting user through');
return;
}
if (isset($s['logged_in']) && $s['username'] != '') {
log_dbg('user logged in, fine just fine (user is ' . $s['username']);
return;
}
if ($username != '' && $password != '') {
log_dbg('auth attempt with username "' . $username . '" and password "' . $password . '"');
if (!auth_user($username, $password, $institution)) {
auth_draw_login_form();
exit;
}
// Login went fine
return;
}
if (false /* guest key is available */) {
return;
}
if (false /* site config claims public access ok */) {
return;
}
else {
log_dbg('dunno who this is, better get them to tell us');
auth_draw_login_form();
exit;
}
}
function auth_user ($username, $password, $institution) {
log_dbg('login attempt from user ' . $username);
return true;
}
function auth_draw_login_form() {
$smarty = smarty();
$smarty->display('login.tpl');
}
?>
......@@ -416,7 +416,7 @@ function load_config() {
try {
$dbconfig = get_records('config');
}
catch (ADODB_Exception $e) {
catch (DatalibException $e) {
return false;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment