function check_modules_access($user, $module_name, $action = 'write')
{
if (!isset($_SESSION['avail_modules'])) {
$_SESSION['avail_modules'] = get_user_module_list($user);
}
if (isset($_SESSION['avail_modules'][$module_name])) {
if ($action == 'write' && $_SESSION['avail_modules'][$module_name] == 'read_only') {
if (is_admin($user)) {
return true;
}
return false;
} elseif ($action == 'write' && strcmp(strtolower($module_name), 'users') == 0 && !$user->isAdminForModule($module_name)) {
//rrs bug: 46000 - If the client is trying to write to the Users module and is not an admin then we need to stop them
return false;
}
return true;
}
return false;
}
/**
* Log the user into the application
*
* @param UserAuth array $user_auth -- Set user_name and password (password needs to be
* in the right encoding for the type of authentication the user is setup for. For Base
* sugar validation, password is the MD5 sum of the plain text password.
* @param String $application -- The name of the application you are logging in from. (Currently unused).
* @return Array(session_id, error) -- session_id is the id of the session that was
* created. Error is set if there was any error during creation.
*/
function login($user_auth, $application)
{
$error = new SoapError();
$user = new User();
$user = $user->retrieve_by_string_fields(array('user_name' => $user_auth['user_name'], 'user_hash' => $user_auth['password'], 'deleted' => 0, 'status' => 'Active', 'portal_only' => 0));
if (!empty($user) && !empty($user->id)) {
session_start();
global $current_user;
$current_user = $user;
$user->loadPreferences();
$_SESSION['is_valid_session'] = true;
$_SESSION['ip_address'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['user_id'] = $user->id;
$_SESSION['type'] = 'user';
$_SESSION['avail_modules'] = get_user_module_list($user);
login_success();
return array('id' => session_id(), 'error' => $error);
}
$error->set_error('invalid_login');
return array('id' => -1, 'error' => $error);
}
/**
* Log the user into the application
*
* @param UserAuth array $user_auth -- Set user_name and password (password needs to be
* in the right encoding for the type of authentication the user is setup for. For Base
* sugar validation, password is the MD5 sum of the plain text password.
* @param String $application -- The name of the application you are logging in from. (Currently unused).
* @return Array(session_id, error) -- session_id is the id of the session that was
* created. Error is set if there was any error during creation.
*/
function login($user_auth, $application)
{
global $sugar_config, $system_config;
$error = new SoapError();
$user = new User();
$success = false;
//rrs
$system_config = new Administration();
$system_config->retrieveSettings('system');
$authController = new AuthenticationController(!empty($sugar_config['authenticationClass']) ? $sugar_config['authenticationClass'] : 'SugarAuthenticate');
//rrs
$isLoginSuccess = $authController->login($user_auth['user_name'], $user_auth['password'], array('passwordEncrypted' => true));
$usr_id = $user->retrieve_user_id($user_auth['user_name']);
if ($usr_id) {
$user->retrieve($usr_id);
}
if ($isLoginSuccess) {
if ($_SESSION['hasExpiredPassword'] == '1') {
$error->set_error('password_expired');
$GLOBALS['log']->fatal('password expired for user ' . $user_auth['user_name']);
LogicHook::initialize();
$GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed');
return array('id' => -1, 'error' => $error);
}
// if
if (!empty($user) && !empty($user->id) && !$user->is_group) {
$success = true;
global $current_user;
$current_user = $user;
}
// if
} else {
if ($usr_id && isset($user->user_name) && $user->getPreference('lockout') == '1') {
$error->set_error('lockout_reached');
$GLOBALS['log']->fatal('Lockout reached for user ' . $user_auth['user_name']);
LogicHook::initialize();
$GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed');
return array('id' => -1, 'error' => $error);
} else {
if (function_exists('mcrypt_cbc')) {
$password = decrypt_string($user_auth['password']);
$authController = new AuthenticationController(!empty($sugar_config['authenticationClass']) ? $sugar_config['authenticationClass'] : 'SugarAuthenticate');
if ($authController->login($user_auth['user_name'], $password) && isset($_SESSION['authenticated_user_id'])) {
$success = true;
}
// if
}
}
}
// else if
if ($success) {
session_start();
global $current_user;
//$current_user = $user;
login_success();
$current_user->loadPreferences();
$_SESSION['is_valid_session'] = true;
$_SESSION['ip_address'] = query_client_ip();
$_SESSION['user_id'] = $current_user->id;
$_SESSION['type'] = 'user';
$_SESSION['avail_modules'] = get_user_module_list($current_user);
$_SESSION['authenticated_user_id'] = $current_user->id;
$_SESSION['unique_key'] = $sugar_config['unique_key'];
$current_user->call_custom_logic('after_login');
return array('id' => session_id(), 'error' => $error);
}
$error->set_error('invalid_login');
$GLOBALS['log']->fatal('SECURITY: User authentication for ' . $user_auth['user_name'] . ' failed');
LogicHook::initialize();
$GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed');
return array('id' => -1, 'error' => $error);
}
function check_modules_access($user, $module_name, $action = 'write')
{
if (!isset($_SESSION['avail_modules'])) {
$_SESSION['avail_modules'] = get_user_module_list($user);
}
if (isset($_SESSION['avail_modules'][$module_name])) {
if ($action == 'write' && $_SESSION['avail_modules'][$module_name] == 'read_only') {
if (is_admin($user)) {
return true;
}
return false;
}
return true;
}
return false;
}
/**
* Log the user into the application
*
* @param UserAuth array $user_auth -- Set user_name and password (password needs to be
* in the right encoding for the type of authentication the user is setup for. For Base
* sugar validation, password is the MD5 sum of the plain text password.
* @param String $application -- The name of the application you are logging in from. (Currently unused).
* @return Array(session_id, error) -- session_id is the id of the session that was
* created. Error is set if there was any error during creation.
*/
function login($user_auth, $application)
{
global $sugar_config, $system_config;
$error = new SoapError();
$user = new User();
$success = false;
//rrs
$system_config = new Administration();
$system_config->retrieveSettings('system');
$authController = new AuthenticationController(!empty($sugar_config['authenticationClass']) ? $sugar_config['authenticationClass'] : 'SugarAuthenticate');
//rrs
$user = $user->retrieve_by_string_fields(array('user_name' => $user_auth['user_name'], 'user_hash' => $user_auth['password'], 'deleted' => 0, 'status' => 'Active', 'portal_only' => 0));
if (!empty($user) && !empty($user->id) && !$user->is_group) {
$success = true;
global $current_user;
$current_user = $user;
} else {
if (function_exists('mcrypt_cbc')) {
$password = decrypt_string($user_auth['password']);
if ($authController->login($user_auth['user_name'], $password) && isset($_SESSION['authenticated_user_id'])) {
$success = true;
}
}
}
if ($success) {
session_start();
global $current_user;
//$current_user = $user;
login_success();
$current_user->loadPreferences();
$_SESSION['is_valid_session'] = true;
$_SESSION['ip_address'] = query_client_ip();
$_SESSION['user_id'] = $current_user->id;
$_SESSION['type'] = 'user';
$_SESSION['avail_modules'] = get_user_module_list($current_user);
$_SESSION['authenticated_user_id'] = $current_user->id;
$_SESSION['unique_key'] = $sugar_config['unique_key'];
$current_user->call_custom_logic('after_login');
return array('id' => session_id(), 'error' => $error);
}
$error->set_error('invalid_login');
$GLOBALS['log']->fatal('SECURITY: User authentication for ' . $user_auth['user_name'] . ' failed');
LogicHook::initialize();
$GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed');
return array('id' => -1, 'error' => $error);
}
function check_modules_access($user, $module_name, $action = 'write')
{
$GLOBALS['log']->info('Begin: SoapHelperWebServices->check_modules_access');
if (!isset($_SESSION['avail_modules'])) {
$_SESSION['avail_modules'] = get_user_module_list($user);
}
if (isset($_SESSION['avail_modules'][$module_name])) {
if ($action == 'write' && $_SESSION['avail_modules'][$module_name] == 'read_only') {
if (is_admin($user)) {
$GLOBALS['log']->info('End: SoapHelperWebServices->check_modules_access');
return true;
}
// if
$GLOBALS['log']->info('End: SoapHelperWebServices->check_modules_access');
return false;
}
$GLOBALS['log']->info('End: SoapHelperWebServices->check_modules_access');
return true;
}
$GLOBALS['log']->info('End: SoapHelperWebServices->check_modules_access');
return false;
}
