• Модуль: main
  • Путь к файлу: ~/bitrix/modules/main/lib/security/authentication.php
  • Класс: BitrixMainSecurityAuthentication
  • Вызов: Authentication::getUserByPassword
static function getUserByPassword($login, $password, $passwordIsOriginal = true)
{
	if (empty($login))
		throw new MainArgumentNullException("login");

	$event = new MainEvent(
		"main",
		"OnBeforeUserLogin",
		array(array("LOGIN" => $login, "PASSWORD" => $password, "PASSWORD_ORIGINAL" => $passwordIsOriginal))
	);
	$event->send();
	if (($eventResults = $event->getResults()) !== null)
	{
		foreach ($eventResults as $eventResult)
		{
			if ($eventResult->getResultType() === MainEventResult::ERROR)
			{
				static::$lastError = $eventResult->getParameters();
				return null;
			}
			elseif ($eventResult->getResultType() === MainEventResult::SUCCESS)
			{
				if (($resultParams = $eventResult->getParameters()) && is_array($resultParams))
				{
					if (isset($resultParams["LOGIN"]))
						$login = $resultParams["LOGIN"];
					if (isset($resultParams["PASSWORD"]))
						$password = $resultParams["PASSWORD"];
					if (isset($resultParams["PASSWORD_ORIGINAL"]))
						$passwordIsOriginal = $resultParams["PASSWORD_ORIGINAL"];
				}
			}
		}
	}

	$user = null;

	$event = new MainEvent(
		"main",
		"OnUserLoginExternal",
		array(array("LOGIN" => $login, "PASSWORD" => $password, "PASSWORD_ORIGINAL" => $passwordIsOriginal))
	);
	$event->send();
	if (($eventResults = $event->getResults()) !== null)
	{
		foreach ($eventResults as $eventResult)
		{
			if ($eventResult->getResultType() === MainEventResult::SUCCESS)
			{
				$userId = $eventResult->getParameters();
				if (!MainTypeInt::isInteger($userId))
					throw new SecurityException();

				$user = new CurrentUser($userId);
				break;
			}
		}
	}

	$connection = MainApplication::getDbConnection();
	$sqlHelper = $connection->getSqlHelper();

	if (is_null($user))
	{
		$sql =
			"SELECT U.ID, U.PASSWORD, U.LOGIN_ATTEMPTS ".
			"FROM b_user U  ".
			"WHERE U.LOGIN = '".$sqlHelper->forSql($login)."' ".
			"	AND (U.EXTERNAL_AUTH_ID IS NULL OR U.EXTERNAL_AUTH_ID = '') ".
			"   AND U.ACTIVE = 'Y' ";
		$userRecordset = $connection->query($sql);
		if ($userRecord = $userRecordset->fetch())
		{
			$userTmp = new CurrentUser($userRecord["ID"]);

			$salt = substr($userRecord["PASSWORD"], 0, -32);
			$passwordFromDb = substr($userRecord["PASSWORD"], -32);

			if ($passwordIsOriginal)
				$passwordFromUser = md5($salt.$password);
			else
				$passwordFromUser = (strlen($password) > 32) ? substr($password, -32) : $password;

			$policy = $userTmp->getPolicy();
			$policyLoginAttempts = intval($policy["LOGIN_ATTEMPTS"]);
			$userLoginAttempts = intval($userRecord["LOGIN_ATTEMPTS"]) + 1;
			if ($policyLoginAttempts > 0 && $userLoginAttempts > $policyLoginAttempts)
			{
//					$_SESSION["BX_LOGIN_NEED_CAPTCHA"] = true;
//					if (!$APPLICATION->captchaCheckCode($_REQUEST["captcha_word"], $_REQUEST["captcha_sid"]))
//					{
//						$passwordUser = false;
//					}
			}

			if ($passwordFromDb === $passwordFromUser)
			{
				$user = $userTmp;

				//update digest hash for http digest authorization
				if ($passwordIsOriginal && MainConfigOption::get('main', 'use_digest_auth', 'N') == 'Y')
					static::updateDigest($user->getUserId(), $password);
			}
			else
			{
				$connection->query(
					"UPDATE b_user SET ".
					"   LOGIN_ATTEMPTS = ".$userLoginAttempts." ".
					"WHERE ID = ".intval($userRecord["ID"])
				);
			}
		}
	}

	if (is_null($user))
	{
		if ((MainConfigOption::get("main", "event_log_login_fail", "N") === "Y"))
			CEventLog::log("SECURITY", "USER_LOGIN", "main", $login, "LOGIN_FAILED");

		return null;
	}

	if ($user->getUserId() !== 1)
	{
		$limitUsersCount = intval(MainConfigOption::get("main", "PARAM_MAX_USERS", 0));
		if ($limitUsersCount > 0)
		{
			$usersCount = MainUserTable::getActiveUsersCount();
			if ($usersCount > $limitUsersCount)
			{
				$sql = "SELECT 'x' ".
					"FROM b_user ".
					"WHERE ACTIVE = 'Y' ".
					"   AND ID = ".intval($user->getUserId())." ".
					"   AND LAST_LOGIN IS NULL ";
				$recordset = $connection->query($sql);
				if ($recordset->fetch())
				{
					$user = null;
					static::$lastError = array(
						"CODE" => "LIMIT_USERS_COUNT",
						"MESSAGE" => MainLocalizationLoc::getMessage("LIMIT_USERS_COUNT"),
					);
				}
			}
		}
	}

	if (is_null($user))
	{
		if ((MainConfigOption::get("main", "event_log_login_fail", "N") === "Y"))
			CEventLog::log("SECURITY", "USER_LOGIN", "main", $login, "LIMIT_USERS_COUNT");

		return null;
	}

	$user->setAuthType(static::AUTHENTICATED_BY_PASSWORD);

	$event = new BitrixMainEvent(
		"main",
		"OnAfterUserLogin",
		array(array(
			"LOGIN" => $login, "PASSWORD" => $password, "PASSWORD_ORIGINAL" => $passwordIsOriginal,
			"USER_ID" => $user->getUserId()
		))
	);
	$event->send();

	return $user;
}