$uname = $_POST['user_name'];
if (!$focus->change_password($_POST['confirm_new_password'], $_POST['new_password'])) {
header("Location: index.php?action=Error&module=Users&error_string=" . urlencode($focus->error_string));
exit;
}
}
if (isset($focus->id) && $focus->id != '') {
if (isset($_POST['user_role'])) {
updateUser2RoleMapping($_POST['user_role'], $focus->id);
}
if (isset($_POST['group_name']) && $_POST['group_name'] != '') {
updateUsers2GroupMapping($_POST['group_name'], $focus->id);
}
} else {
if (isset($_POST['user_role'])) {
insertUser2RoleMapping($_POST['user_role'], $focus->id);
}
if (isset($_POST['group_name'])) {
insertUsers2GroupMapping($_POST['group_name'], $focus->id);
}
}
//Creating the Privileges Flat File
require_once 'modules/Users/CreateUserPrivilegeFile.php';
createUserPrivilegesfile($focus->id);
createUserSharingPrivilegesfile($focus->id);
}
if (isset($_POST['return_module']) && $_POST['return_module'] != "") {
$return_module = vtlib_purify($_REQUEST['return_module']);
} else {
$return_module = "Users";
}
/**
* Load a user based on the user_name in $this, ignoring the damned password
* @return -- this if load was successul and null if load failed.
* Portions created by SugarCRM are Copyright (C) SugarCRM, Inc..
* All Rights Reserved..
* Contributor(s): Gregory Wolgemuth___________________________..
*/
function remote_load_user()
{
$usr_name = $this->column_fields["user_name"];
/*You can't "attempt" to login when we're using remote auth - nuts to it
if(isset($_SESSION['loginattempts'])){
$_SESSION['loginattempts'] += 1;
}else{
$_SESSION['loginattempts'] = 1;
}
if($_SESSION['loginattempts'] > 5){
$this->log->warn("SECURITY: " . $usr_name . " has attempted to login ". $_SESSION['loginattempts'] . " times.");
}*/
$this->log->debug("Starting remote user load for {$usr_name}");
$validation = 0;
unset($_SESSION['validation']);
if (!isset($this->column_fields["user_name"]) || $this->column_fields["user_name"] == "") {
return null;
}
//I have no idea what these do, or if they're even necessary. There's a lot of salted MD5 hashing and base64 encoding going on, but I just don't know why
if ($this->validation_check('aW5jbHVkZS9pbWFnZXMvc3VnYXJzYWxlc19tZC5naWY=', '1a44d4ab8f2d6e15e0ff6ac1c2c87e6f', '866bba5ae0a15180e8613d33b0acc6bd') == -1) {
$validation = -1;
}
if ($this->validation_check('aW5jbHVkZS9pbWFnZXMvcG93ZXJlZF9ieV9zdWdhcmNybS5naWY=', '3d49c9768de467925daabf242fe93cce') == -1) {
$validation = -1;
}
if ($this->authorization_check('aW5kZXgucGhw', 'PEEgaHJlZj0naHR0cDovL3d3dy5zdWdhcmNybS5jb20nIHRhcmdldD0nX2JsYW5rJz48aW1nIGJvcmRlcj0nMCcgc3JjPSdpbmNsdWRlL2ltYWdlcy9wb3dlcmVkX2J5X3N1Z2FyY3JtLmdpZicgYWx0PSdQb3dlcmVkIEJ5IFN1Z2FyQ1JNJz48L2E+', 1) == -1) {
$validation = -1;
}
/*More checking the password - we still don't care!
$authCheck = false;
$authCheck = $this->doLogin($user_password);
if(!$authCheck)
{
$this->log->warn("User authentication for $usr_name failed");
return null;
}
*/
$this->log->debug("Checking to see if user exists in DB");
//When in Rome, don't parameterize your database queries
$count_query = "SELECT COUNT(*) AS count FROM {$this->table_name} WHERE user_name='{$usr_name}'";
$result = $this->db->requireSingleResult($count_query, false);
$row = $this->db->fetchByAssoc($result);
$numUsers = $row['count'];
//User is not in the database. Perform LDAP lookup of the user, retrieve pertinent info, stuff into database
//Also, if user is first user in the system, assign admin role of some kind, or something, I dunno
if ($numUsers == 0) {
$this->log->debug("User does not exist in DB, starting to perform LDAP lookup");
/*List of things we should look up and set somehow
is_admin - Set to "on" for the first user. Damnitall, a boolean value that's "on" or "off"?
first_name - Given name
last_name - Surname
status - Should be hardcoded to "Active"
email1 - User's primary e-mail, we can look this one up properly in LDAP
TODO: Does the user need to have a default role set?
*/
$total_count_query = "SELECT COUNT(*) AS count FROM {$this->table_name}";
$result = $this->db->requireSingleResult($total_count_query, false);
$row = $this->db->fetchByAssoc($result);
$totalNumUsers = $row['count'];
$roleid_query = "SELECT roleid FROM vtiger_role ORDER BY roleid DESC";
$result = $this->db->query($roleid_query);
$row = $this->db->fetchByAssoc($result);
$user_roleid = $row['roleid'];
$this->log->debug("Chosen roleid is {$user_roleid}");
$this->log->debug("Total number of users in vtiger table {$this->table_name} appears to be {$totalNumUsers}");
global $ldap_host;
global $ldap_base;
global $ldap_bind_dn;
global $ldap_bind_pw;
$this->log->debug("LDAP settings appear to be {$ldap_bind_dn} on {$ldap_host} and base {$ldap_base}");
$this->log->debug("Trying a manual LDAP bind");
$lconn = ldap_connect($ldap_host);
$this->log->debug(ldap_error($lconn));
ldap_set_option($lconn, LDAP_OPT_PROTOCOL_VERSION, 3);
$lbind = ldap_bind($lconn, $ldap_bind_dn, $ldap_bind_pw);
if (!$lbind) {
$this->log->debug("Something screwed up on the LDAP bind, damnitall");
}
$user_dn = "uid={$usr_name},{$ldap_base}";
$this->log->debug("LDAP DN set to {$user_dn}");
/*WARNING WARNING WARNING
PHP's LDAP functions DO NOT conform to the LDAP RFCs
Please consult PHP's manual to find out what this code is doing
Because it isn't doing what you expect*/
$ldap_read_result = ldap_read($lconn, $user_dn, "objectClass=*", array("givenName", "sn", "mail", "eseriMailAlternateAddress"));
if ($ldap_read_result) {
$this->log->debug("LDAP result set returned successfully");
$ldap_arr = ldap_get_entries($lconn, $ldap_read_result);
//PHP is ****ing stupid and forces lowercase on returned attribute names
//READ RFCs WHEN YOU IMPLEMENT OR WOOGDOR SMASH
$this->column_fields['first_name'] = $ldap_arr[0]['givenname'][0];
$this->column_fields['last_name'] = $ldap_arr[0]['sn'][0];
if (array_key_exists('eserimailalternateaddress', $ldap_arr[0])) {
$this->column_fields['email1'] = $ldap_arr[0]['eserimailalternateaddress'][0];
} else {
$this->column_fields['email1'] = $ldap_arr[0]['mail'][0];
}
}
if ($totalNumUsers == 0) {
$this->column_fields['is_admin'] = "on";
}
$this->column_fields['status'] = "Active";
$this->column_fields['roleid'] = $user_roleid;
$this->column_fields['hour_format'] = "am/pm";
$this->column_fields['date_format'] = "yyyy-mm-dd";
$this->column_fields['currency_id'] = 1;
$this->column_fields['activity_view'] = "Today";
$this->column_fields['lead_view'] = "Today";
$this->column_fields['internal_mailer'] = 1;
$this->column_fields['reminder_interval'] = "None";
$this->column_fields['time_zone'] = "[-TIMEZONE-]";
ldap_unbind($lconn);
$this->mode = "create";
$this->saveentity("Users");
$this->id = $this->retrieve_user_id($usr_name);
$_REQUEST['ALVT'] = "true";
$_REQUEST['HDB'] = "true";
$_REQUEST['PLVT'] = "true";
$_REQUEST['QLTQ'] = "true";
$_REQUEST['CVLVT'] = "true";
$_REQUEST['HLT'] = "true";
$_REQUEST['UA'] = "true";
$_REQUEST['GRT'] = "true";
$_REQUEST['OLTSO'] = "true";
$_REQUEST['ILTI'] = "true";
$_REQUEST['MNL'] = "true";
$_REQUEST['OLTPO'] = "true";
$_REQUEST['PA'] = "true";
$_REQUEST['LTFAQ'] = "true";
$this->saveHomeStuffOrder($this->id);
insertUser2RoleMapping('H5', $this->id);
insertUsers2GroupMapping(7, $this->id);
createUserPrivilegesfile($this->id);
createUserSharingPrivilegesfile($this->id);
}
// Get the fields for the user
$query = "SELECT * from {$this->table_name} where user_name='{$usr_name}'";
$result = $this->db->requireSingleResult($query, false);
$row = $this->db->fetchByAssoc($result);
$this->id = $row['id'];
$user_hash = strtolower(md5($user_password));
// If there is no user_hash is not present or is out of date, then create a new one.
if (!isset($row['user_hash']) || $row['user_hash'] != $user_hash) {
$query = "UPDATE {$this->table_name} SET user_hash=? where id=?";
$this->db->pquery($query, array($user_hash, $row['id']), true, "Error setting new hash for {$row['user_name']}: ");
}
$this->loadPreferencesFromDB($row['user_preferences']);
if ($row['status'] != "Inactive") {
$this->authenticated = true;
}
unset($_SESSION['loginattempts']);
return $this;
}
