客户端单点实现
(需求是存在验证,不存在插入)
一、首先找到客户端登录的位置,如下:
owncloud\lib\private\connector\sabre\auth.php中的53行,validateUserPass方法,修改为
protected function validateUserPass($username, $password) {
if (OC_User::isLoggedIn() &&
$this->isDavAuthenticated(OC_User::getUser())
) {
OC_Util::setupFS(OC_User::getUser());
\OC::$server->getSession()->close();
return true;
} else {
OC_Util::setUpFS(); //login hooks may need early access to the filesystem
//$displayname=$username;
//查询用户id
$query = OC_DB::prepare('SELECT `uid` FROM `*PREFIX*users` WHERE LOWER(`displayname`) = LOWER(?)');
$result = $query->execute(array($username));
$row = $result->fetchRow();
//如果存在用户,则请求远端的restful借口验证
if($row){
$uid=$row['uid'];
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'http://******/uic/rest/v1/users/check/account_passwd?account='.$uid.'&password='.$password);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$re = curl_exec($curl);
curl_close($curl);
$arr=json_decode($re,true);
//var_dump($arr->result);die;
//file_put_contents("d:/2.txt",$arr['result'].OC_User::login($uid));
if($arr['result']&& OC_User::login($uid)) {
// make sure we use owncloud's internal username here
// and not the HTTP auth supplied one, see issue #14048
$ocUser = OC_User::getUser();
OC_Util::setUpFS($ocUser);
\OC::$server->getSession()->set(self::DAV_AUTHENTICATED, $ocUser);
\OC::$server->getSession()->close();
return true;
} else {
\OC::$server->getSession()->close();
return false;
}
}else{
//如果没有登录走到这里去到本地登录,在之后进行用户插入
if( OC_User::login($username,$password)) {
// make sure we use owncloud's internal username here
// and not the HTTP auth supplied one, see issue #14048
$ocUser = OC_User::getUser();
OC_Util::setUpFS($ocUser);
\OC::$server->getSession()->set(self::DAV_AUTHENTICATED, $ocUser);
\OC::$server->getSession()->close();
return true;
} else {
\OC::$server->getSession()->close();
return false;
}
return false;
}
//file_put_contents("d:/1.txt",$row.$uid.'http://******/uic/rest/v1/users/check/account_passwd?account='.$uid.'&password='.$password);
}
}
二、修改本地数据库验证方法:
owncloud\lib\private\user\database.php中的158行,checkPassword方法,修改为:
public function checkPassword($uid, $password) {
//查询数据库是否有当前用户
$query = OC_DB::prepare('SELECT `uid`, `password` FROM `*PREFIX*users` WHERE LOWER(`displayname`) = LOWER(?)');
$result = $query->execute(array($uid));
$row = $result->fetchRow();
if ($row) {
//存在则返回uid
/*$storedHash = $row['password'];
$newHash = '';
if(\OC::$server->getHasher()->verify($password, $storedHash, $newHash)) {
if(!empty($newHash)) {
$this->setPassword($uid, $password);
}*/
return $row['uid'];
//}
}else{
//不存在这个用户则开始插入用户过程
//如果存在本地web验证的CAS信息,则说明是web请求
if($_SESSION['phpCAS']) {
$uid = $_SESSION['phpCAS']['attributes']['loginid'];
$displayname = $_SESSION['phpCAS']['attributes']['nickname'];
if ($displayname == "") {
$displayname = $_SESSION['phpCAS']['attributes']['email'];
if ($displayname == "") {
$displayname = $_SESSION['phpCAS']['attributes']['cellphone'];
}
}
$query = OC_DB::prepare('INSERT INTO `*PREFIX*users` VALUES(?,?,?)');
$result = $query->execute(array($uid, $displayname, ''));
if ($result) {
return $uid;
}
}else{
//如果不存在本地session的CAS认证信息,则说明是客户端请求
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'http://*******/uic/rest/v1/users/check/account_passwd_return_loginid?account='.$uid.'&password='.$password);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$re = curl_exec($curl);
curl_close($curl);
$arr=json_decode($re,true);
$query = OC_DB::prepare('INSERT INTO `*PREFIX*users` VALUES(?,?,?)');
//file_put_contents("d:/1.txt",$uid.$password.$arr);
$result = $query->execute(array($arr['loginid'], $uid, ''));
if ($result) {
return $uid;
}
return false;
}
}
return false;
}
以上。
