101 lines
3.8 KiB
Plaintext
101 lines
3.8 KiB
Plaintext
|
|
<cfparam name="ATTRIBUTES.do" type="string">
|
|
|
|
<cfswitch expression="#ATTRIBUTES.do#">
|
|
|
|
<cfcase value="login"><!--- остальные не реализованы --->
|
|
<cfparam name="ATTRIBUTES.username" type="string">
|
|
<cfparam name="ATTRIBUTES.password" type="string">
|
|
<cfparam name="ATTRIBUTES.granted">
|
|
|
|
<cfquery name="qUserAuth" datasource="#request.DS#">
|
|
select usr_id, locked,
|
|
<!--- pwdcompare(<cfqueryparam cfsqltype="cf_sql_varchar" value="#ATTRIBUTES.password#">, password, 0)--->
|
|
password as pwdhash
|
|
from usr
|
|
where login=<cfqueryparam cfsqltype="cf_sql_varchar" value="#ATTRIBUTES.username#">
|
|
</cfquery>
|
|
|
|
|
|
|
|
<cfset err=""/>
|
|
|
|
<cfif (qUserAuth.RecordCount NEQ 1)>
|
|
<cfset err="Пользователь не зарегистрирован в системе.<br/>Проверьте правильность указания имени пользователя и пароля."/>
|
|
<cfelseif qUserAuth.locked NEQ 0>
|
|
<cfset err="Учетная запись заблокирована."/>
|
|
<cfelseif request.passwordHashCheck(ATTRIBUTES.password, qUserAuth.pwdhash)<!--- or TRUE --->>
|
|
<cflock scope="session" type="exclusive" timeout="3">
|
|
<cfset session.authentication_source="LOCALDB"/>
|
|
</cflock>
|
|
<cfelse>
|
|
<cfset err="Неверное имя пользователя или пароль.">
|
|
<!--- <cfelse>
|
|
<cfset err="Неизвестная программная ошибка в модуле аутентификации."> --->
|
|
</cfif>
|
|
|
|
|
|
<cfif (len(err) EQ 0)>
|
|
<!---<cfquery name="qUserLast" datasource="#request.DS#">
|
|
update usr
|
|
set dt_lastlogin=getdate()
|
|
where usr_id=<cfqueryparam cfsqltype="cf_sql_integer" value="#qUserAuth.usr_id#">
|
|
</cfquery>--->
|
|
<cflock scope="session" type="exclusive" timeout="3">
|
|
<cfset session.usr_id = qUserAuth.usr_id>
|
|
<cfset request.usr_id = qUserAuth.usr_id>
|
|
</cflock>
|
|
|
|
<cfparam name="request.usr_id" default=""/>
|
|
<cfset authentication_source=""/>
|
|
<cflock scope="session" type="readonly" timeout="3">
|
|
<cfparam name="session.authentication_source" default=""/>
|
|
<cfset authentication_source=session.authentication_source/>
|
|
</cflock>
|
|
<cflog file="authentication" type="information" text="User login=#ATTRIBUTES.username# ID=#request.usr_id# successfully logged in through #authentication_source#"/>
|
|
<cfelse>
|
|
<cflog file="authentication" type="information" text="login=#ATTRIBUTES.username# #err#"/>
|
|
</cfif>
|
|
|
|
<cfif structKeyExists(ATTRIBUTES, "alert")>
|
|
<cfset setVariable("CALLER.#ATTRIBUTES.alert#", err)/>
|
|
</cfif>
|
|
|
|
<cfset setVariable("CALLER.#ATTRIBUTES.granted#", (len(err) EQ 0))/>
|
|
|
|
<!---сломать что-то при попытке логирования - очень частая ошибка, поэтому столько проверок--->
|
|
|
|
|
|
</cfcase>
|
|
|
|
</cfswitch>
|
|
|
|
<cfexit method="EXITTAG"/>
|
|
|
|
<cffunction name="ntauth" returntype="boolean">
|
|
<cfargument name="login" type="string"/>
|
|
<cfargument name="domain" type="string"/>
|
|
<cfargument name="passwd" type="string"/>
|
|
|
|
<cfset advapi32 = createObject("java","com.sun.jna.platform.win32.Advapi32")/>
|
|
<cfset winbase = createObject("java","com.sun.jna.platform.win32.WinBase")/>
|
|
<cfset phToken = createObject("java","com.sun.jna.platform.win32.WinNT$HANDLEByReference")/>
|
|
<cfset kernel32 = createObject("java","com.sun.jna.platform.win32.Kernel32")/>
|
|
<cfset res = advapi32.INSTANCE.LogonUser(ARGUMENTS.login, ARGUMENTS.domain, ARGUMENTS.passwd, winbase.LOGON32_LOGON_NETWORK, winbase.LOGON32_PROVIDER_DEFAULT, phToken)/>
|
|
|
|
<cfif res>
|
|
<cfreturn true/>
|
|
<cfelse>
|
|
<cfset errorCode = kernel32.INSTANCE.GetLastError()/>
|
|
<cfset ERROR_NO_TRUST_SAM_ACCOUNT = 1787/>
|
|
<cfif errorCode EQ ERROR_NO_TRUST_SAM_ACCOUNT>
|
|
<cfreturn true/>
|
|
</cfif>
|
|
</cfif>
|
|
|
|
<cfreturn false/>
|
|
</cffunction>
|
|
|
|
|
|
|