/** * This function is called when a user initially tries to login. * It will return true if the user successfully logs in or false otherwise. * * @param STRING $username * @param STRING $password * @param ARRAY $PARAMS * @return boolean */ function login($username, $password, $PARAMS = array()) { $SESSION['loginAttempts'] = isset($SESSION['loginAttempts']) ? $SESSION['loginAttempts'] + 1 : 1; unset($GLOBALS['login_error']); if ($this->loggedIn) { return $this->loginSuccess; } $this->loginSuccess = $this->authController->loginAuthenticate($username, $password, $PARAMS); $this->loggedIn = true; if ($this->loginSuccess) { //Ensure the user is authorized checkAuthUserStatus(); loginLicense(); // PP 20061207 do not count/ignore the 'Please replace the SugarCRM logos.' error if (!empty($GLOBALS['login_error']) && $GLOBALS['login_error'] != 'Please replace the SugarCRM logos.') { session_unregister('authenticated_user_id'); $GLOBALS['log']->fatal('FAILED LOGIN: potential hack attempt'); $this->loginSuccess = false; return false; } $ut = $GLOBALS['current_user']->getPreference('ut'); if (empty($ut) && $_REQUEST['action'] != 'SaveTimezone') { $GLOBALS['module'] = 'Users'; $GLOBALS['action'] = 'SetTimezone'; ob_clean(); header("Location: index.php?module=Users&action=SetTimezone"); sugar_cleanup(true); } } else { $GLOBALS['log']->fatal('FAILED LOGIN:attempts[' . $SESSION['loginAttempts'] . '] - ' . $username); } return $this->loginSuccess; }
/** * this is called when a user logs in * * @param STRING $name * @param STRING $password * @return boolean */ function loadUserOnLogin($name, $password) { global $mod_strings; // Check if the LDAP extensions are loaded if (!function_exists('ldap_connect')) { $error = $mod_strings['LBL_LDAP_EXTENSION_ERROR']; $GLOBALS['log']->fatal($error); $_SESSION['login_error'] = $error; return false; } global $login_error; $GLOBALS['ldap_config'] = new Administration(); $GLOBALS['ldap_config']->retrieveSettings('ldap'); $GLOBALS['log']->debug("Starting user load for " . $name); if (empty($name) || empty($password)) { return false; } checkAuthUserStatus(); $user_id = $this->authenticateUser($name, $password); if (empty($user_id)) { //check if the user can login as a normal sugar user $GLOBALS['log']->fatal('SECURITY: User authentication for ' . $name . ' failed'); return false; } $this->loadUserOnSession($user_id); return true; }
/** * This function is called when a user initially tries to login. * * @param string $username * @param string $password * @param array $PARAMS * @return boolean true if the user successfully logs in or false otherwise. */ public function login($username, $password, $PARAMS = array()) { //kbrill bug #13225 $_SESSION['loginAttempts'] = isset($_SESSION['loginAttempts']) ? $_SESSION['loginAttempts'] + 1 : 1; unset($GLOBALS['login_error']); if ($this->loggedIn) { return $this->loginSuccess; } LogicHook::initialize()->call_custom_logic('Users', 'before_login'); $this->loginSuccess = $this->authController->loginAuthenticate($username, $password, false, $PARAMS); $this->loggedIn = true; if ($this->loginSuccess) { //Ensure the user is authorized checkAuthUserStatus(); //loginLicense(); if (!empty($GLOBALS['login_error'])) { unset($_SESSION['authenticated_user_id']); $GLOBALS['log']->fatal('FAILED LOGIN: potential hack attempt:' . $GLOBALS['login_error']); $this->loginSuccess = false; return false; } //call business logic hook if (isset($GLOBALS['current_user'])) { $GLOBALS['current_user']->call_custom_logic('after_login'); } // Check for running Admin Wizard $config = new Administration(); $config->retrieveSettings(); if (is_admin($GLOBALS['current_user']) && empty($config->settings['system_adminwizard']) && $_REQUEST['action'] != 'AdminWizard') { $GLOBALS['module'] = 'Configurator'; $GLOBALS['action'] = 'AdminWizard'; ob_clean(); header("Location: index.php?module=Configurator&action=AdminWizard"); sugar_cleanup(true); } $ut = $GLOBALS['current_user']->getPreference('ut'); $checkTimeZone = true; if (is_array($PARAMS) && !empty($PARAMS) && isset($PARAMS['passwordEncrypted'])) { $checkTimeZone = false; } // if if (empty($ut) && $checkTimeZone && $_REQUEST['action'] != 'SetTimezone' && $_REQUEST['action'] != 'SaveTimezone') { $GLOBALS['module'] = 'Users'; $GLOBALS['action'] = 'Wizard'; ob_clean(); header("Location: index.php?module=Users&action=Wizard"); sugar_cleanup(true); } } else { //kbrill bug #13225 LogicHook::initialize(); $GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed'); $GLOBALS['log']->fatal('FAILED LOGIN:attempts[' . $_SESSION['loginAttempts'] . '] - ' . $username); } // if password has expired, set a session variable return $this->loginSuccess; }
/** * Load a user based on the user_name in $this * @return -- this if load was successul and null if load failed. * Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.. * All Rights Reserved.. * Contributor(s): ______________________________________.. */ function load_user($user_password) { global $login_error; unset($GLOBALS['login_error']); if (isset($_SESSION['loginattempts'])) { $_SESSION['loginattempts'] += 1; } else { $_SESSION['loginattempts'] = 1; } if ($_SESSION['loginattempts'] > 5) { $GLOBALS['log']->fatal('SECURITY: ' . $this->user_name . ' has attempted to login ' . $_SESSION['loginattempts'] . ' times from IP address: ' . $_SERVER['REMOTE_ADDR'] . '.'); } $GLOBALS['log']->debug("Starting user load for {$this->user_name}"); if (!isset($this->user_name) || $this->user_name == "" || !isset($user_password) || $user_password == "") { return null; } checkAuthUserStatus(); $user_hash = strtolower(md5($user_password)); if ($this->authenticate_user($user_hash)) { $query = "SELECT * from {$this->table_name} where id='{$this->id}'"; } else { $GLOBALS['log']->fatal('SECURITY: User authentication for ' . $this->user_name . ' failed'); return null; } $r = $this->db->limitQuery($query, 0, 1, false); $a = $this->db->fetchByAssoc($r); if (empty($a) || !empty($GLOBALS['login_error'])) { $GLOBALS['log']->fatal('SECURITY: User authentication for ' . $this->user_name . ' failed - could not Load User from Database'); return null; } // Get the fields for the user $row = $a; // If there is no user_hash is not present or is out of date, then create a new one. if (!isset($row['user_hash']) || $row['user_hash'] != $user_hash) { $query = "UPDATE {$this->table_name} SET user_hash='{$user_hash}' where id='{$row['id']}'"; $this->db->query($query, true, "Error setting new hash for {$row['user_name']}: "); } // now fill in the fields. foreach ($this->column_fields as $field) { $GLOBALS['log']->info($field); if (isset($row[$field])) { $GLOBALS['log']->info("=" . $row[$field]); $this->{$field} = $row[$field]; } } $this->loadPreferences($this); require_once 'modules/Administration/updater_utils.php'; require_once 'modules/Versions/CheckVersions.php'; $invalid_versions = get_invalid_versions(); if (!empty($invalid_versions)) { if (isset($invalid_versions['Rebuild Relationships'])) { unset($invalid_versions['Rebuild Relationships']); // flag for pickup in DisplayWarnings.php $_SESSION['rebuild_relationships'] = true; } if (isset($invalid_versions['Rebuild Extensions'])) { unset($invalid_versions['Rebuild Extensions']); // flag for pickup in DisplayWarnings.php $_SESSION['rebuild_extensions'] = true; } $_SESSION['invalid_versions'] = $invalid_versions; } $this->fill_in_additional_detail_fields(); if ($this->status != "Inactive") { $this->authenticated = true; } unset($_SESSION['loginattempts']); return $this; }
/** * This function is called when a user initially tries to login. * It will return true if the user successfully logs in or false otherwise. * * @param STRING $username * @param STRING $password * @param ARRAY $PARAMS * @return boolean */ function login($username, $password, $PARAMS = array()) { //kbrill bug #13225 $_SESSION['loginAttempts'] = isset($_fSESSION['loginAttempts']) ? $_SESSION['loginAttempts'] + 1 : 1; unset($GLOBALS['login_error']); if ($this->loggedIn) { return $this->loginSuccess; } $this->loginSuccess = $this->authController->loginAuthenticate($username, $password, $PARAMS); $this->loggedIn = true; if ($this->loginSuccess) { //Ensure the user is authorized checkAuthUserStatus(); loginLicense(); if (!empty($GLOBALS['login_error'])) { session_unregister('authenticated_user_id'); $GLOBALS['log']->fatal('FAILED LOGIN: potential hack attempt'); $this->loginSuccess = false; return false; } $ut = $GLOBALS['current_user']->getPreference('ut'); if (empty($ut) && $_REQUEST['action'] != 'SaveTimezone') { $GLOBALS['module'] = 'Users'; $GLOBALS['action'] = 'SetTimezone'; ob_clean(); header("Location: index.php?module=Users&action=SetTimezone"); sugar_cleanup(true); } require_once 'modules/Users/expiration.php'; if (($GLOBALS['sugar_config']['passwordsetting']['userexpiration'] > 0 && hasPasswordExpired($username) || $GLOBALS['current_user']->system_generated_password == '1') && $_REQUEST['action'] != 'Save') { $GLOBALS['module'] = 'Users'; $GLOBALS['action'] = 'ChangePassword'; ob_clean(); header("Location: index.php?module=Users&action=ChangePassword"); $_SESSION['hasExpiredPassword'] = '******'; sugar_cleanup(true); } //call business logic hook if (isset($GLOBALS['current_user'])) { $GLOBALS['current_user']->call_custom_logic('after_login'); } } else { //kbrill bug #13225 LogicHook::initialize(); $GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed'); $GLOBALS['log']->fatal('FAILED LOGIN:attempts[' . $_SESSION['loginAttempts'] . '] - ' . $username); } return $this->loginSuccess; }