private function login($redirect)
{
try {
$user = VBX_User::login($this->input->post('email'), $this->input->post('pw'), $this->input->post('captcha'), $this->input->post('captcha_token'));
if ($user) {
$connect_auth = OpenVBX::connectAuthTenant($user->tenant_id);
// we kick out non-admins, admins will have an opportunity to re-auth the account
if (!$connect_auth && !$user->is_admin) {
$this->session->set_flashdata('error', 'Connect auth denied');
return redirect('auth/connect/account_deauthorized');
}
$userdata = array('email' => $user->email, 'user_id' => $user->id, 'is_admin' => $user->is_admin, 'loggedin' => TRUE, 'signature' => VBX_User::signature($user->id));
$this->session->set_userdata($userdata);
if (OpenVBX::schemaVersion() >= 24) {
return $this->after_login_completed($user, $redirect);
}
$this->redirect($redirect);
}
$this->session->set_flashdata('error', 'Email address and/or password is incorrect');
redirect('auth/login?redirect=' . urlencode($redirect));
} catch (GoogleCaptchaChallengeException $e) {
$this->session->set_flashdata('error', $e->getMessage());
$data['error'] = $e->getMessage();
$data['captcha_url'] = $e->captcha_url;
$data['captcha_token'] = $e->captcha_token;
}
}
function attempt_digest_auth()
{
$message = '';
if (isset($_SERVER['Authorization'])) {
// Just in case they ever fix Apache to send the Authorization header on, the following code is included
$headers['Authorization'] = $_SERVER['Authorization'];
}
if (function_exists('apache_request_headers')) {
// We are running PHP as an Apache module, so we can get the Authorization header this way
$headers = apache_request_headers();
}
// Support cgi based auth via rewrite hack:
// ---------------------
// RewriteEngine on
// RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
// $_SERVER['PHP_AUTH_USER'] = '';
// $_SERVER['PHP_AUTH_PW'] = '';
if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
}
if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
if (preg_match('/Basic (.*)$/', $_SERVER['HTTP_AUTHORIZATION'], $matches)) {
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
}
}
// Support standard PHP Authorization magic with apache
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
// Basic authentication information can be retrieved from these server variables
$username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
}
if (isset($headers['Authorization'])) {
$_SERVER['PHP_AUTH_DIGEST'] = $headers['Authorization'];
$data = $this->digest_parse($_SERVER['PHP_AUTH_DIGEST']);
}
$captcha = '';
if (isset($headers['Captcha'])) {
$captcha = $headers['Captcha'];
}
$captcha_token = '';
if (isset($headers['CaptchaToken'])) {
$captcha_token = $headers['CaptchaToken'];
}
if (isset($username) && isset($password)) {
log_message('info', 'Logging in user: '******'next');
$this->session->unset_userdata('next');
$userdata = array('email' => $u->email, 'user_id' => $u->id, 'is_admin' => $u->is_admin, 'loggedin' => TRUE, 'signature' => VBX_User::signature($u->id));
$this->session->set_userdata($userdata);
}
}
if (!$this->session->userdata('loggedin')) {
header("WWW-Authenticate: Basic realm=\"OpenVBX\"");
header("HTTP/1.0 401 Unauthorized");
exit;
}
return $message;
}
