private function login($redirect)
{
try {
$user = VBX_User::authenticate($this->input->post('email'), $this->input->post('pw'), $this->input->post('captcha'), $this->input->post('captcha_token'));
if ($user) {
$connect_auth = OpenVBX::connectAuthTenant($user->tenant_id);
// we kick out non-admins, admins will have an opportunity to re-auth the account
if (!$connect_auth && !$user->is_admin) {
$this->session->set_flashdata('error', 'Connect auth denied');
return redirect('auth/connect/account_deauthorized');
}
$userdata = array('email' => $user->email, 'user_id' => $user->id, 'is_admin' => $user->is_admin, 'loggedin' => TRUE, 'signature' => VBX_User::signature($user->id));
$this->session->set_userdata($userdata);
if (OpenVBX::schemaVersion() >= 24) {
return $this->after_login_completed($user, $redirect);
}
return $this->redirect($redirect);
}
$this->session->set_flashdata('error', 'Email address and/or password is incorrect');
return redirect('auth/login?redirect=' . urlencode($redirect));
} catch (GoogleCaptchaChallengeException $e) {
$this->session->set_flashdata('error', $e->getMessage());
$data['error'] = $e->getMessage();
$data['captcha_url'] = $e->captcha_url;
$data['captcha_token'] = $e->captcha_token;
}
}
private function login($redirect)
{
try {
$user = VBX_User::authenticate($this->input->post('email'), $this->input->post('pw'), $this->input->post('captcha'), $this->input->post('captcha_token'));
if ($user) {
$userdata = array('email' => $user->email, 'user_id' => $user->id, 'is_admin' => $user->is_admin, 'loggedin' => TRUE, 'signature' => VBX_User::signature($user->id));
$this->session->set_userdata($userdata);
if (OpenVBX::schemaVersion() >= 24) {
return $this->after_login_completed($user, $redirect);
}
return $this->redirect($redirect);
}
$this->session->set_flashdata('error', 'Email address and/or password is incorrect');
return redirect('auth/login?redirect=' . urlencode($redirect));
} catch (GoogleCaptchaChallengeException $e) {
$this->session->set_flashdata('error', $e->getMessage());
$data['error'] = $e->getMessage();
$data['captcha_url'] = $e->captcha_url;
$data['captcha_token'] = $e->captcha_token;
}
}
private function login_call($singlepass)
{
/* Rest API Authentication - one time pass only */
if (!empty($singlepass)) {
$ra = new VBX_Rest_access();
$user_id = $ra->auth_key($singlepass);
unset($_COOKIE['singlepass']);
if ($user_id) {
$this->session->set_userdata('user_id', $user_id);
$this->session->set_userdata('loggedin', true);
$this->session->set_userdata('signature', VBX_User::signature($user_id));
return true;
}
}
return false;
}
public function password($user_id)
{
$user_id = intval($user_id);
$is_admin = $this->session->userdata('is_admin');
if ($user_id != $this->session->userdata('user_id') && !$is_admin) {
$this->session->set_flashdata('message_edit', 'You are not allowed to update' . ' other users');
redirect('/');
}
$user = VBX_user::get(array('id' => $user_id));
$old_pw = $this->input->post('old_pw');
$new_pw = $this->input->post('new_pw1');
$new_pw2 = $this->input->post('new_pw2');
$this->data['error'] = false;
$message = '';
if (VBX_User::authenticate($user, $old_pw)) {
try {
$user->set_password($new_pw, $new_pw2);
$message = 'Password Updated';
} catch (Exception $e) {
$this->data['error'] = true;
$message = $e->getMessage();
}
} else {
$this->data['error'] = true;
$message = 'Incorrect Password';
}
if ($user_id == $this->session->userdata('user_id')) {
$this->session->set_userdata('signature', VBX_User::signature($user_id));
}
$this->data['message'] = $message;
echo json_encode($this->data);
}
public function password()
{
if (!$this->session->userdata('loggedin')) {
redirect('auth/login');
}
$user = VBX_user::get(array('id' => $this->user_id));
$old_pw = $this->input->post('old_pw');
$new_pw = $this->input->post('new_pw1');
$new_pw2 = $this->input->post('new_pw2');
$this->data['error'] = false;
$message = '';
if ($user->password != VBX_User::salt_encrypt($old_pw)) {
$this->data['error'] = true;
$message = 'Password incorrect';
} else {
if ($new_pw != $new_pw2) {
$this->data['error'] = true;
$message = 'Password mismatch';
} else {
$user->password = VBX_User::salt_encrypt($new_pw);
try {
$user->save();
$message = 'Password changed';
$this->session->set_userdata('signature', VBX_User::signature($user->id));
} catch (VBX_UserException $e) {
$this->data['error'] = true;
$message = 'Unable to set password, please try again later.';
error_log($e->getMessage());
}
}
}
$this->data['message'] = $message;
echo json_encode($this->data);
}
function attempt_digest_auth()
{
$message = '';
if (isset($_SERVER['Authorization'])) {
// Just in case they ever fix Apache to send the Authorization header on, the following code is included
$headers['Authorization'] = $_SERVER['Authorization'];
}
if (function_exists('apache_request_headers')) {
// We are running PHP as an Apache module, so we can get the Authorization header this way
$headers = apache_request_headers();
}
// Support cgi based auth via rewrite hack:
// ---------------------
// RewriteEngine on
// RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
// $_SERVER['PHP_AUTH_USER'] = '';
// $_SERVER['PHP_AUTH_PW'] = '';
if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
}
if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
if (preg_match('/Basic (.*)$/', $_SERVER['HTTP_AUTHORIZATION'], $matches)) {
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
}
}
// Support standard PHP Authorization magic with apache
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
// Basic authentication information can be retrieved from these server variables
$username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
}
if (isset($headers['Authorization'])) {
$_SERVER['PHP_AUTH_DIGEST'] = $headers['Authorization'];
$data = $this->digest_parse($_SERVER['PHP_AUTH_DIGEST']);
}
$captcha = '';
if (isset($headers['Captcha'])) {
$captcha = $headers['Captcha'];
}
$captcha_token = '';
if (isset($headers['CaptchaToken'])) {
$captcha_token = $headers['CaptchaToken'];
}
if (isset($username) && isset($password)) {
log_message('info', 'Logging in user: '******'next');
$this->session->unset_userdata('next');
$userdata = array('email' => $u->email, 'user_id' => $u->id, 'is_admin' => $u->is_admin, 'loggedin' => TRUE, 'signature' => VBX_User::signature($u->id));
$this->session->set_userdata($userdata);
}
}
if (!$this->session->userdata('loggedin')) {
header("WWW-Authenticate: Basic realm=\"OpenVBX\"");
header("HTTP/1.0 401 Unauthorized");
exit;
}
return $message;
}
function attempt_digest_auth()
{
$message = '';
if (isset($_SERVER['Authorization'])) {
// Just in case they ever fix Apache to send the Authorization header on, the following code is included
$headers['Authorization'] = $_SERVER['Authorization'];
}
if (function_exists('apache_request_headers')) {
// We are running PHP as an Apache module, so we can get the Authorization header this way
$headers = apache_request_headers();
}
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
// Basic authentication information can be retrieved from these server variables
$username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
}
if (isset($headers['Authorization'])) {
$_SERVER['PHP_AUTH_DIGEST'] = $headers['Authorization'];
$data = $this->digest_parse($_SERVER['PHP_AUTH_DIGEST']);
}
$captcha = '';
if (isset($headers['Captcha'])) {
$captcha = $headers['Captcha'];
}
$captcha_token = '';
if (isset($headers['CaptchaToken'])) {
$captcha_token = $headers['CaptchaToken'];
}
if (isset($username) && isset($password)) {
log_message('info', 'Authenticating user: '******'next');
$this->session->unset_userdata('next');
$userdata = array('email' => $u->email, 'user_id' => $u->id, 'is_admin' => $u->is_admin, 'loggedin' => TRUE, 'signature' => VBX_User::signature($u->id));
$this->session->set_userdata($userdata);
}
}
if (!$this->session->userdata('loggedin')) {
header("WWW-Authenticate: Basic realm=\"OpenVBX\"");
header("HTTP/1.0 401 Unauthorized");
exit;
}
return $message;
}
