private function login($redirect) { try { $user = VBX_User::login($this->input->post('email'), $this->input->post('pw'), $this->input->post('captcha'), $this->input->post('captcha_token')); if ($user) { $connect_auth = OpenVBX::connectAuthTenant($user->tenant_id); // we kick out non-admins, admins will have an opportunity to re-auth the account if (!$connect_auth && !$user->is_admin) { $this->session->set_flashdata('error', 'Connect auth denied'); return redirect('auth/connect/account_deauthorized'); } $userdata = array('email' => $user->email, 'user_id' => $user->id, 'is_admin' => $user->is_admin, 'loggedin' => TRUE, 'signature' => VBX_User::signature($user->id)); $this->session->set_userdata($userdata); if (OpenVBX::schemaVersion() >= 24) { return $this->after_login_completed($user, $redirect); } $this->redirect($redirect); } $this->session->set_flashdata('error', 'Email address and/or password is incorrect'); redirect('auth/login?redirect=' . urlencode($redirect)); } catch (GoogleCaptchaChallengeException $e) { $this->session->set_flashdata('error', $e->getMessage()); $data['error'] = $e->getMessage(); $data['captcha_url'] = $e->captcha_url; $data['captcha_token'] = $e->captcha_token; } }
function attempt_digest_auth() { $message = ''; if (isset($_SERVER['Authorization'])) { // Just in case they ever fix Apache to send the Authorization header on, the following code is included $headers['Authorization'] = $_SERVER['Authorization']; } if (function_exists('apache_request_headers')) { // We are running PHP as an Apache module, so we can get the Authorization header this way $headers = apache_request_headers(); } // Support cgi based auth via rewrite hack: // --------------------- // RewriteEngine on // RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] // $_SERVER['PHP_AUTH_USER'] = ''; // $_SERVER['PHP_AUTH_PW'] = ''; if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) { $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['REDIRECT_HTTP_AUTHORIZATION']; } if (isset($_SERVER['HTTP_AUTHORIZATION'])) { if (preg_match('/Basic (.*)$/', $_SERVER['HTTP_AUTHORIZATION'], $matches)) { list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6))); } } // Support standard PHP Authorization magic with apache if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) { // Basic authentication information can be retrieved from these server variables $username = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW']; } if (isset($headers['Authorization'])) { $_SERVER['PHP_AUTH_DIGEST'] = $headers['Authorization']; $data = $this->digest_parse($_SERVER['PHP_AUTH_DIGEST']); } $captcha = ''; if (isset($headers['Captcha'])) { $captcha = $headers['Captcha']; } $captcha_token = ''; if (isset($headers['CaptchaToken'])) { $captcha_token = $headers['CaptchaToken']; } if (isset($username) && isset($password)) { log_message('info', 'Logging in user: '******'next'); $this->session->unset_userdata('next'); $userdata = array('email' => $u->email, 'user_id' => $u->id, 'is_admin' => $u->is_admin, 'loggedin' => TRUE, 'signature' => VBX_User::signature($u->id)); $this->session->set_userdata($userdata); } } if (!$this->session->userdata('loggedin')) { header("WWW-Authenticate: Basic realm=\"OpenVBX\""); header("HTTP/1.0 401 Unauthorized"); exit; } return $message; }