/**
* Performs the user authorization:
* fills session parameters;
* remembers auth;
* spreads auth through sites
*/
function Authorize($id, $bSave = false, $bUpdate = true, $applicationId = null)
{
/** @global CMain $APPLICATION */
global $DB, $APPLICATION;
unset($_SESSION["SESS_OPERATIONS"]);
unset($_SESSION["MODULE_PERMISSIONS"]);
$_SESSION["BX_LOGIN_NEED_CAPTCHA"] = false;
$strSql = "SELECT U.* " . "FROM b_user U " . "WHERE U.ID='" . intval($id) . "' ";
$result = $DB->Query($strSql, false, "FILE: " . __FILE__ . "<br> LINE: " . __LINE__);
if ($arUser = $result->Fetch()) {
$this->justAuthorized = true;
$_SESSION["SESS_AUTH"]["AUTHORIZED"] = "Y";
$_SESSION["SESS_AUTH"]["USER_ID"] = $arUser["ID"];
$_SESSION["SESS_AUTH"]["LOGIN"] = $arUser["LOGIN"];
$_SESSION["SESS_AUTH"]["LOGIN_COOKIES"] = $arUser["LOGIN"];
$_SESSION["SESS_AUTH"]["EMAIL"] = $arUser["EMAIL"];
$_SESSION["SESS_AUTH"]["PASSWORD_HASH"] = $arUser["PASSWORD"];
$_SESSION["SESS_AUTH"]["TITLE"] = $arUser["TITLE"];
$_SESSION["SESS_AUTH"]["NAME"] = $arUser["NAME"] . ($arUser["NAME"] == '' || $arUser["LAST_NAME"] == '' ? "" : " ") . $arUser["LAST_NAME"];
$_SESSION["SESS_AUTH"]["FIRST_NAME"] = $arUser["NAME"];
$_SESSION["SESS_AUTH"]["SECOND_NAME"] = $arUser["SECOND_NAME"];
$_SESSION["SESS_AUTH"]["LAST_NAME"] = $arUser["LAST_NAME"];
$_SESSION["SESS_AUTH"]["PERSONAL_PHOTO"] = $arUser["PERSONAL_PHOTO"];
$_SESSION["SESS_AUTH"]["PERSONAL_GENDER"] = $arUser["PERSONAL_GENDER"];
$_SESSION["SESS_AUTH"]["ADMIN"] = false;
$_SESSION["SESS_AUTH"]["CONTROLLER_ADMIN"] = false;
$_SESSION["SESS_AUTH"]["POLICY"] = CUser::GetGroupPolicy($arUser["ID"]);
$_SESSION["SESS_AUTH"]["AUTO_TIME_ZONE"] = trim($arUser["AUTO_TIME_ZONE"]);
$_SESSION["SESS_AUTH"]["TIME_ZONE"] = $arUser["TIME_ZONE"];
$_SESSION["SESS_AUTH"]["APPLICATION_ID"] = $applicationId;
$_SESSION["SESS_AUTH"]["BX_USER_ID"] = $arUser["BX_USER_ID"];
// groups
$_SESSION["SESS_AUTH"]["GROUPS"] = Main\UserTable::getUserGroupIds($arUser["ID"]);
foreach ($_SESSION["SESS_AUTH"]["GROUPS"] as $groupId) {
if ($groupId == 1) {
$_SESSION["SESS_AUTH"]["ADMIN"] = true;
break;
}
}
//sometimes we don't need to update db (REST)
if ($bUpdate) {
$tz = '';
if (CTimeZone::Enabled()) {
if (!CTimeZone::IsAutoTimeZone(trim($arUser["AUTO_TIME_ZONE"])) || CTimeZone::GetCookieValue() !== null) {
$tz = ', TIME_ZONE_OFFSET = ' . CTimeZone::GetOffset();
}
}
$bxUid = '';
if (!empty($_COOKIE['BX_USER_ID']) && preg_match('/^[0-9a-f]{32}$/', $_COOKIE['BX_USER_ID'])) {
if ($_COOKIE['BX_USER_ID'] != $arUser['BX_USER_ID']) {
// save new bxuid value
$bxUid = ", BX_USER_ID = '" . $_COOKIE['BX_USER_ID'] . "'";
$arUser['BX_USER_ID'] = $_COOKIE['BX_USER_ID'];
$_SESSION["SESS_AUTH"]["BX_USER_ID"] = $_COOKIE['BX_USER_ID'];
}
}
$DB->Query("\n\t\t\t\t\tUPDATE b_user SET\n\t\t\t\t\t\tSTORED_HASH = NULL,\n\t\t\t\t\t\tLAST_LOGIN = "******",\n\t\t\t\t\t\tTIMESTAMP_X = TIMESTAMP_X,\n\t\t\t\t\t\tLOGIN_ATTEMPTS = 0\n\t\t\t\t\t\t" . $tz . "\n\t\t\t\t\t\t" . $bxUid . "\n\t\t\t\t\tWHERE\n\t\t\t\t\t\tID=" . $arUser["ID"]);
if ($applicationId === null && ($bSave || COption::GetOptionString("main", "auth_multisite", "N") == "Y")) {
$hash = $this->GetSessionHash();
$secure = COption::GetOptionString("main", "use_secure_password_cookies", "N") == "Y" && CMain::IsHTTPS();
if ($bSave) {
$period = time() + 60 * 60 * 24 * 30 * 60;
$spread = BX_SPREAD_SITES | BX_SPREAD_DOMAIN;
} else {
$period = 0;
$spread = BX_SPREAD_SITES;
}
$APPLICATION->set_cookie("UIDH", $hash, $period, '/', false, $secure, $spread, false, true);
$APPLICATION->set_cookie("UIDL", $arUser["LOGIN"], $period, '/', false, $secure, $spread, false, true);
$stored_id = CUser::CheckStoredHash($arUser["ID"], $hash);
if ($stored_id) {
$DB->Query("UPDATE b_user_stored_auth SET\n\t\t\t\t\t\t\t\tLAST_AUTH=" . $DB->CurrentTimeFunction() . ",\n\t\t\t\t\t\t\t\t" . ($this->bLoginByHash ? "" : "TEMP_HASH='" . ($bSave ? "N" : "Y") . "', ") . "\n\t\t\t\t\t\t\t\tIP_ADDR='" . sprintf("%u", ip2long($_SERVER["REMOTE_ADDR"])) . "'\n\t\t\t\t\t\t\tWHERE ID=" . $stored_id);
} else {
$arFields = array('USER_ID' => $arUser["ID"], '~DATE_REG' => $DB->CurrentTimeFunction(), '~LAST_AUTH' => $DB->CurrentTimeFunction(), 'TEMP_HASH' => $bSave ? "N" : "Y", '~IP_ADDR' => sprintf("%u", ip2long($_SERVER["REMOTE_ADDR"])), 'STORED_HASH' => $hash);
$stored_id = CDatabase::Add("b_user_stored_auth", $arFields);
}
$_SESSION["SESS_AUTH"]["STORED_AUTH_ID"] = $stored_id;
}
}
$this->admin = null;
$arParams = array("user_fields" => $arUser, "save" => $bSave, "update" => $bUpdate, "applicationId" => $applicationId);
foreach (GetModuleEvents("main", "OnAfterUserAuthorize", true) as $arEvent) {
ExecuteModuleEventEx($arEvent, array($arParams));
}
foreach (GetModuleEvents("main", "OnUserLogin", true) as $arEvent) {
ExecuteModuleEventEx($arEvent, array($_SESSION["SESS_AUTH"]["USER_ID"]));
}
if (COption::GetOptionString("main", "event_log_login_success", "N") === "Y") {
CEventLog::Log("SECURITY", "USER_AUTHORIZE", "main", $arUser["ID"], $applicationId);
}
CHTMLPagesCache::OnUserLogin();
return true;
}
return false;
}
/**
* Performs the user authorization:
* fills session parameters;
* remembers auth;
* spreads auth through sites
*/
function Authorize($id, $bSave = false, $bUpdate = true)
{
/** @global CMain $APPLICATION */
global $DB, $APPLICATION;
unset($_SESSION["SESS_OPERATIONS"]);
$_SESSION["FX_LOGIN_NEED_CAPTCHA"] = false;
$strSql = "SELECT U.* " . "FROM b_user U " . "WHERE U.ID='" . intval($id) . "' ";
$result = $DB->Query($strSql, false, "FILE: " . __FILE__ . "<br> LINE: " . __LINE__);
if ($arUser = $result->Fetch()) {
$_SESSION["SESS_AUTH"]["AUTHORIZED"] = "Y";
$_SESSION["SESS_AUTH"]["USER_ID"] = $arUser["ID"];
$_SESSION["SESS_AUTH"]["LOGIN"] = $arUser["LOGIN"];
$_SESSION["SESS_AUTH"]["LOGIN_COOKIES"] = $arUser["LOGIN"];
$_SESSION["SESS_AUTH"]["EMAIL"] = $arUser["EMAIL"];
$_SESSION["SESS_AUTH"]["PASSWORD_HASH"] = $arUser["PASSWORD"];
$_SESSION["SESS_AUTH"]["NAME"] = $arUser["NAME"] . ($arUser["NAME"] == '' || $arUser["LAST_NAME"] == '' ? "" : " ") . $arUser["LAST_NAME"];
$_SESSION["SESS_AUTH"]["FIRST_NAME"] = $arUser["NAME"];
$_SESSION["SESS_AUTH"]["SECOND_NAME"] = $arUser["SECOND_NAME"];
$_SESSION["SESS_AUTH"]["LAST_NAME"] = $arUser["LAST_NAME"];
$_SESSION["SESS_AUTH"]["ADMIN"] = false;
$_SESSION["SESS_AUTH"]["CONTROLLER_ADMIN"] = false;
$_SESSION["SESS_AUTH"]["POLICY"] = CUser::GetGroupPolicy($arUser["ID"]);
$_SESSION["SESS_AUTH"]["AUTO_TIME_ZONE"] = trim($arUser["AUTO_TIME_ZONE"]);
$_SESSION["SESS_AUTH"]["TIME_ZONE"] = $arUser["TIME_ZONE"];
$arGroups = array();
$strSql = "SELECT G.ID " . "FROM b_group G " . "WHERE G.ANONYMOUS='Y' " . "\tAND G.ACTIVE='Y' ";
$result = $DB->Query($strSql, false, "FILE: " . __FILE__ . "<br> LINE: " . __LINE__);
while ($ar = $result->Fetch()) {
$arGroups[] = $ar["ID"];
}
if (!in_array(2, $arGroups)) {
$arGroups[] = 2;
}
$strSql = "SELECT G.ID " . "FROM b_user_group UG, b_group G " . "WHERE UG.USER_ID = " . $arUser["ID"] . " " . "\tAND G.ID=UG.GROUP_ID " . "\tAND G.ACTIVE='Y' " . "\tAND ((UG.DATE_ACTIVE_FROM IS NULL) OR (UG.DATE_ACTIVE_FROM <= " . $DB->CurrentTimeFunction() . ")) " . "\tAND ((UG.DATE_ACTIVE_TO IS NULL) OR (UG.DATE_ACTIVE_TO >= " . $DB->CurrentTimeFunction() . ")) " . "\tAND (G.ANONYMOUS<>'Y' OR G.ANONYMOUS IS NULL) ";
$result = $DB->Query($strSql, false, "FILE: " . __FILE__ . "<br> LINE: " . __LINE__);
while ($ar = $result->Fetch()) {
$arGroups[] = $ar["ID"];
if ($ar["ID"] == 1) {
$_SESSION["SESS_AUTH"]["ADMIN"] = true;
}
}
sort($arGroups);
$_SESSION["SESS_AUTH"]["GROUPS"] = $arGroups;
//sometimes we don't need to update db (REST)
if ($bUpdate) {
$tz = '';
if (CTimeZone::Enabled()) {
if (!CTimeZone::IsAutoTimeZone(trim($arUser["AUTO_TIME_ZONE"])) || CTimeZone::GetCookieValue() !== null) {
$tz = ', TIME_ZONE_OFFSET = ' . CTimeZone::GetOffset();
}
}
$DB->Query("\n\t\t\t\t\tUPDATE b_user SET\n\t\t\t\t\t\tSTORED_HASH = NULL,\n\t\t\t\t\t\tLAST_LOGIN = "******",\n\t\t\t\t\t\tTIMESTAMP_X = TIMESTAMP_X,\n\t\t\t\t\t\tLOGIN_ATTEMPTS = 0\n\t\t\t\t\t\t" . $tz . "\n\t\t\t\t\tWHERE\n\t\t\t\t\t\tID=" . $arUser["ID"]);
$APPLICATION->set_cookie("LOGIN", $_SESSION["SESS_AUTH"]["LOGIN_COOKIES"], time() + 60 * 60 * 24 * 30 * 60, '/', false, false, COption::GetOptionString("main", "auth_multisite", "N") == "Y");
if ($bSave || COption::GetOptionString("main", "auth_multisite", "N") == "Y") {
$hash = $this->GetSessionHash();
$secure = COption::GetOptionString("main", "use_secure_password_cookies", "N") == "Y" && CMain::IsHTTPS();
if ($bSave) {
$APPLICATION->set_cookie("UIDH", $hash, time() + 60 * 60 * 24 * 30 * 60, '/', false, $secure, FX_SPREAD_SITES | FX_SPREAD_DOMAIN, false, true);
} else {
$APPLICATION->set_cookie("UIDH", $hash, 0, '/', false, $secure, FX_SPREAD_SITES, false, true);
}
$stored_id = CUser::CheckStoredHash($arUser["ID"], $hash);
if ($stored_id) {
$DB->Query("UPDATE b_user_stored_auth SET\n\t\t\t\t\t\t\t\tLAST_AUTH=" . $DB->CurrentTimeFunction() . ",\n\t\t\t\t\t\t\t\t" . ($this->bLoginByHash ? "" : "TEMP_HASH='" . ($bSave ? "N" : "Y") . "', ") . "\n\t\t\t\t\t\t\t\tIP_ADDR='" . sprintf("%u", ip2long($_SERVER["REMOTE_ADDR"])) . "'\n\t\t\t\t\t\t\tWHERE ID=" . $stored_id);
} else {
$arFields = array('USER_ID' => $arUser["ID"], '~DATE_REG' => $DB->CurrentTimeFunction(), '~LAST_AUTH' => $DB->CurrentTimeFunction(), 'TEMP_HASH' => $bSave ? "N" : "Y", '~IP_ADDR' => sprintf("%u", ip2long($_SERVER["REMOTE_ADDR"])), 'STORED_HASH' => $hash);
$stored_id = CDatabase::Add("b_user_stored_auth", $arFields);
}
$_SESSION["SESS_AUTH"]["STORED_AUTH_ID"] = $stored_id;
}
}
$this->admin = null;
$arParams = array("user_fields" => $arUser, "save" => $bSave, "update" => $bUpdate);
foreach (GetModuleEvents("main", "OnAfterUserAuthorize", true) as $arEvent) {
ExecuteModuleEventEx($arEvent, array(&$arParams));
}
foreach (GetModuleEvents("main", "OnUserLogin", true) as $arEvent) {
ExecuteModuleEventEx($arEvent, array($_SESSION["SESS_AUTH"]["USER_ID"]));
}
if (COption::GetOptionString("main", "event_log_login_success", "N") === "Y") {
CEventLog::Log("SECURITY", "USER_AUTHORIZE", "main", $arUser["ID"]);
}
CHTMLPagesCache::OnUserLogin();
return true;
}
return false;
}
