/**
* This function is called when a user initially tries to login.
* It will return true if the user successfully logs in or false otherwise.
*
* @param STRING $username
* @param STRING $password
* @param ARRAY $PARAMS
* @return boolean
*/
function login($username, $password, $PARAMS = array())
{
$SESSION['loginAttempts'] = isset($SESSION['loginAttempts']) ? $SESSION['loginAttempts'] + 1 : 1;
unset($GLOBALS['login_error']);
if ($this->loggedIn) {
return $this->loginSuccess;
}
$this->loginSuccess = $this->authController->loginAuthenticate($username, $password, $PARAMS);
$this->loggedIn = true;
if ($this->loginSuccess) {
//Ensure the user is authorized
checkAuthUserStatus();
loginLicense();
// PP 20061207 do not count/ignore the 'Please replace the SugarCRM logos.' error
if (!empty($GLOBALS['login_error']) && $GLOBALS['login_error'] != 'Please replace the SugarCRM logos.') {
session_unregister('authenticated_user_id');
$GLOBALS['log']->fatal('FAILED LOGIN: potential hack attempt');
$this->loginSuccess = false;
return false;
}
$ut = $GLOBALS['current_user']->getPreference('ut');
if (empty($ut) && $_REQUEST['action'] != 'SaveTimezone') {
$GLOBALS['module'] = 'Users';
$GLOBALS['action'] = 'SetTimezone';
ob_clean();
header("Location: index.php?module=Users&action=SetTimezone");
sugar_cleanup(true);
}
} else {
$GLOBALS['log']->fatal('FAILED LOGIN:attempts[' . $SESSION['loginAttempts'] . '] - ' . $username);
}
return $this->loginSuccess;
}
/**
* this is called when a user logs in
*
* @param STRING $name
* @param STRING $password
* @return boolean
*/
function loadUserOnLogin($name, $password)
{
global $mod_strings;
// Check if the LDAP extensions are loaded
if (!function_exists('ldap_connect')) {
$error = $mod_strings['LBL_LDAP_EXTENSION_ERROR'];
$GLOBALS['log']->fatal($error);
$_SESSION['login_error'] = $error;
return false;
}
global $login_error;
$GLOBALS['ldap_config'] = new Administration();
$GLOBALS['ldap_config']->retrieveSettings('ldap');
$GLOBALS['log']->debug("Starting user load for " . $name);
if (empty($name) || empty($password)) {
return false;
}
checkAuthUserStatus();
$user_id = $this->authenticateUser($name, $password);
if (empty($user_id)) {
//check if the user can login as a normal sugar user
$GLOBALS['log']->fatal('SECURITY: User authentication for ' . $name . ' failed');
return false;
}
$this->loadUserOnSession($user_id);
return true;
}
/**
* This function is called when a user initially tries to login.
*
* @param string $username
* @param string $password
* @param array $PARAMS
* @return boolean true if the user successfully logs in or false otherwise.
*/
public function login($username, $password, $PARAMS = array())
{
//kbrill bug #13225
$_SESSION['loginAttempts'] = isset($_SESSION['loginAttempts']) ? $_SESSION['loginAttempts'] + 1 : 1;
unset($GLOBALS['login_error']);
if ($this->loggedIn) {
return $this->loginSuccess;
}
LogicHook::initialize()->call_custom_logic('Users', 'before_login');
$this->loginSuccess = $this->authController->loginAuthenticate($username, $password, false, $PARAMS);
$this->loggedIn = true;
if ($this->loginSuccess) {
//Ensure the user is authorized
checkAuthUserStatus();
//loginLicense();
if (!empty($GLOBALS['login_error'])) {
unset($_SESSION['authenticated_user_id']);
$GLOBALS['log']->fatal('FAILED LOGIN: potential hack attempt:' . $GLOBALS['login_error']);
$this->loginSuccess = false;
return false;
}
//call business logic hook
if (isset($GLOBALS['current_user'])) {
$GLOBALS['current_user']->call_custom_logic('after_login');
}
// Check for running Admin Wizard
$config = new Administration();
$config->retrieveSettings();
if (is_admin($GLOBALS['current_user']) && empty($config->settings['system_adminwizard']) && $_REQUEST['action'] != 'AdminWizard') {
$GLOBALS['module'] = 'Configurator';
$GLOBALS['action'] = 'AdminWizard';
ob_clean();
header("Location: index.php?module=Configurator&action=AdminWizard");
sugar_cleanup(true);
}
$ut = $GLOBALS['current_user']->getPreference('ut');
$checkTimeZone = true;
if (is_array($PARAMS) && !empty($PARAMS) && isset($PARAMS['passwordEncrypted'])) {
$checkTimeZone = false;
}
// if
if (empty($ut) && $checkTimeZone && $_REQUEST['action'] != 'SetTimezone' && $_REQUEST['action'] != 'SaveTimezone') {
$GLOBALS['module'] = 'Users';
$GLOBALS['action'] = 'Wizard';
ob_clean();
header("Location: index.php?module=Users&action=Wizard");
sugar_cleanup(true);
}
} else {
//kbrill bug #13225
LogicHook::initialize();
$GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed');
$GLOBALS['log']->fatal('FAILED LOGIN:attempts[' . $_SESSION['loginAttempts'] . '] - ' . $username);
}
// if password has expired, set a session variable
return $this->loginSuccess;
}
/**
* Load a user based on the user_name in $this
* @return -- this if load was successul and null if load failed.
* Portions created by SugarCRM are Copyright (C) SugarCRM, Inc..
* All Rights Reserved..
* Contributor(s): ______________________________________..
*/
function load_user($user_password)
{
global $login_error;
unset($GLOBALS['login_error']);
if (isset($_SESSION['loginattempts'])) {
$_SESSION['loginattempts'] += 1;
} else {
$_SESSION['loginattempts'] = 1;
}
if ($_SESSION['loginattempts'] > 5) {
$GLOBALS['log']->fatal('SECURITY: ' . $this->user_name . ' has attempted to login ' . $_SESSION['loginattempts'] . ' times from IP address: ' . $_SERVER['REMOTE_ADDR'] . '.');
}
$GLOBALS['log']->debug("Starting user load for {$this->user_name}");
if (!isset($this->user_name) || $this->user_name == "" || !isset($user_password) || $user_password == "") {
return null;
}
checkAuthUserStatus();
$user_hash = strtolower(md5($user_password));
if ($this->authenticate_user($user_hash)) {
$query = "SELECT * from {$this->table_name} where id='{$this->id}'";
} else {
$GLOBALS['log']->fatal('SECURITY: User authentication for ' . $this->user_name . ' failed');
return null;
}
$r = $this->db->limitQuery($query, 0, 1, false);
$a = $this->db->fetchByAssoc($r);
if (empty($a) || !empty($GLOBALS['login_error'])) {
$GLOBALS['log']->fatal('SECURITY: User authentication for ' . $this->user_name . ' failed - could not Load User from Database');
return null;
}
// Get the fields for the user
$row = $a;
// If there is no user_hash is not present or is out of date, then create a new one.
if (!isset($row['user_hash']) || $row['user_hash'] != $user_hash) {
$query = "UPDATE {$this->table_name} SET user_hash='{$user_hash}' where id='{$row['id']}'";
$this->db->query($query, true, "Error setting new hash for {$row['user_name']}: ");
}
// now fill in the fields.
foreach ($this->column_fields as $field) {
$GLOBALS['log']->info($field);
if (isset($row[$field])) {
$GLOBALS['log']->info("=" . $row[$field]);
$this->{$field} = $row[$field];
}
}
$this->loadPreferences($this);
require_once 'modules/Administration/updater_utils.php';
require_once 'modules/Versions/CheckVersions.php';
$invalid_versions = get_invalid_versions();
if (!empty($invalid_versions)) {
if (isset($invalid_versions['Rebuild Relationships'])) {
unset($invalid_versions['Rebuild Relationships']);
// flag for pickup in DisplayWarnings.php
$_SESSION['rebuild_relationships'] = true;
}
if (isset($invalid_versions['Rebuild Extensions'])) {
unset($invalid_versions['Rebuild Extensions']);
// flag for pickup in DisplayWarnings.php
$_SESSION['rebuild_extensions'] = true;
}
$_SESSION['invalid_versions'] = $invalid_versions;
}
$this->fill_in_additional_detail_fields();
if ($this->status != "Inactive") {
$this->authenticated = true;
}
unset($_SESSION['loginattempts']);
return $this;
}
/**
* This function is called when a user initially tries to login.
* It will return true if the user successfully logs in or false otherwise.
*
* @param STRING $username
* @param STRING $password
* @param ARRAY $PARAMS
* @return boolean
*/
function login($username, $password, $PARAMS = array())
{
//kbrill bug #13225
$_SESSION['loginAttempts'] = isset($_fSESSION['loginAttempts']) ? $_SESSION['loginAttempts'] + 1 : 1;
unset($GLOBALS['login_error']);
if ($this->loggedIn) {
return $this->loginSuccess;
}
$this->loginSuccess = $this->authController->loginAuthenticate($username, $password, $PARAMS);
$this->loggedIn = true;
if ($this->loginSuccess) {
//Ensure the user is authorized
checkAuthUserStatus();
loginLicense();
if (!empty($GLOBALS['login_error'])) {
session_unregister('authenticated_user_id');
$GLOBALS['log']->fatal('FAILED LOGIN: potential hack attempt');
$this->loginSuccess = false;
return false;
}
$ut = $GLOBALS['current_user']->getPreference('ut');
if (empty($ut) && $_REQUEST['action'] != 'SaveTimezone') {
$GLOBALS['module'] = 'Users';
$GLOBALS['action'] = 'SetTimezone';
ob_clean();
header("Location: index.php?module=Users&action=SetTimezone");
sugar_cleanup(true);
}
require_once 'modules/Users/expiration.php';
if (($GLOBALS['sugar_config']['passwordsetting']['userexpiration'] > 0 && hasPasswordExpired($username) || $GLOBALS['current_user']->system_generated_password == '1') && $_REQUEST['action'] != 'Save') {
$GLOBALS['module'] = 'Users';
$GLOBALS['action'] = 'ChangePassword';
ob_clean();
header("Location: index.php?module=Users&action=ChangePassword");
$_SESSION['hasExpiredPassword'] = '******';
sugar_cleanup(true);
}
//call business logic hook
if (isset($GLOBALS['current_user'])) {
$GLOBALS['current_user']->call_custom_logic('after_login');
}
} else {
//kbrill bug #13225
LogicHook::initialize();
$GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed');
$GLOBALS['log']->fatal('FAILED LOGIN:attempts[' . $_SESSION['loginAttempts'] . '] - ' . $username);
}
return $this->loginSuccess;
}
