/**
* Check if session ID is authenticated
*
* {@source}
* @access public
* @static
* @since 1.8
* @version 1
*
* @param _array $session
* @param array $session['sessionid'] Session ID
* @return boolean
*/
public static function checkAuthentication($user = null)
{
global $USER_DETAILS;
global $ZBX_LOCALNODEID;
global $ZBX_NODES;
$sessionid = is_null($user) ? null : $user['sessionid'];
$USER_DETAILS = NULL;
$login = FALSE;
if (!is_null($sessionid)) {
$sql = 'SELECT u.*,s.* ' . ' FROM sessions s,users u' . ' WHERE s.sessionid=' . zbx_dbstr($sessionid) . ' AND s.status=' . ZBX_SESSION_ACTIVE . ' AND s.userid=u.userid' . ' AND ((s.lastaccess+u.autologout>' . time() . ') OR (u.autologout=0))' . ' AND ' . DBin_node('u.userid', $ZBX_LOCALNODEID);
$login = $USER_DETAILS = DBfetch(DBselect($sql));
if (!$USER_DETAILS) {
$incorrect_session = true;
} else {
if ($login['attempt_failed']) {
DBexecute('UPDATE users SET attempt_failed=0 WHERE userid=' . $login['userid']);
}
}
}
if (!$USER_DETAILS && !isset($_SERVER['PHP_AUTH_USER'])) {
$sql = 'SELECT u.* ' . ' FROM users u ' . ' WHERE u.alias=' . zbx_dbstr(ZBX_GUEST_USER) . ' AND ' . DBin_node('u.userid', $ZBX_LOCALNODEID);
$login = $USER_DETAILS = DBfetch(DBselect($sql));
if (!$USER_DETAILS) {
$missed_user_guest = true;
} else {
$sessionid = zbx_session_start($USER_DETAILS['userid'], ZBX_GUEST_USER, '');
}
}
// Perm to login, perm to system
if ($login) {
$login = check_perm2login($USER_DETAILS['userid']) && check_perm2system($USER_DETAILS['userid']);
}
if (!$login) {
$USER_DETAILS = NULL;
}
if ($login && $sessionid && !isset($incorrect_session)) {
zbx_setcookie('zbx_sessionid', $sessionid, $USER_DETAILS['autologin'] ? time() + 86400 * 31 : 0);
//1 month
DBexecute('UPDATE sessions SET lastaccess=' . time() . ' WHERE sessionid=' . zbx_dbstr($sessionid));
if ($USER_DETAILS['autologout'] > 0) {
DBexecute('DELETE FROM sessions WHERE userid=' . $USER_DETAILS['userid'] . ' AND status=' . ZBX_SESSION_ACTIVE . ' AND lastaccess<' . (time() - $USER_DETAILS['autologout']));
}
} else {
self::logout($sessionid);
}
if ($USER_DETAILS) {
if (isset($ZBX_NODES[$ZBX_LOCALNODEID])) {
$USER_DETAILS['node'] = $ZBX_NODES[$ZBX_LOCALNODEID];
} else {
$USER_DETAILS['node'] = array();
$USER_DETAILS['node']['name'] = '- unknown -';
$USER_DETAILS['node']['nodeid'] = $ZBX_LOCALNODEID;
}
$USER_DETAILS['debug_mode'] = get_user_debug_mode($USER_DETAILS['userid']);
} else {
$USER_DETAILS = array('alias' => ZBX_GUEST_USER, 'userid' => 0, 'lang' => 'en_gb', 'type' => '0', 'node' => array('name' => '- unknown -', 'nodeid' => 0));
}
$userip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
$USER_DETAILS['userip'] = $userip;
if (!$login || isset($incorrect_session) || isset($missed_user_guest)) {
if (isset($incorrect_session)) {
$message = 'Session terminated, re-login, please';
} else {
if (isset($missed_user_guest)) {
$row = DBfetch(DBselect('SELECT count(u.userid) as user_cnt FROM users u'));
if (!$row || $row['user_cnt'] == 0) {
$message = 'Table users is empty. Possible database corruption.';
// S_CUSER_ERROR_TABLE_USERS_EMPTY
}
}
}
if (!isset($_REQUEST['message']) && isset($message)) {
$_REQUEST['message'] = $message;
}
return false;
}
return true;
}
function check_authentication($sessionid = null)
{
global $DB;
global $page;
global $PHP_AUTH_USER, $PHP_AUTH_PW;
global $USER_DETAILS;
global $ZBX_LOCALNODEID;
global $ZBX_NODES;
$USER_DETAILS = NULL;
$login = FALSE;
if (!is_null($sessionid)) {
$sql = 'SELECT u.*,s.* ' . ' FROM sessions s,users u' . ' WHERE s.sessionid=' . zbx_dbstr($sessionid) . ' AND s.status=' . ZBX_SESSION_ACTIVE . ' AND s.userid=u.userid' . ' AND ((s.lastaccess+u.autologout>' . time() . ') OR (u.autologout=0))' . ' AND ' . DBin_node('u.userid', $ZBX_LOCALNODEID);
$login = $USER_DETAILS = DBfetch(DBselect($sql));
if (!$USER_DETAILS) {
$incorrect_session = true;
} else {
if ($login['attempt_failed']) {
error(new CScript(array(bold($login['attempt_failed']), 'failed login attempts logged. Last failed attempt was from ', bold($login['attempt_ip']), ' on ', bold(date('d.m.Y H:i', $login['attempt_clock'])), '.')));
DBexecute('UPDATE users SET attempt_failed=0 WHERE userid=' . $login['userid']);
}
}
}
if (!$USER_DETAILS && !isset($_SERVER['PHP_AUTH_USER'])) {
$sql = 'SELECT u.* ' . ' FROM users u ' . ' WHERE u.alias=' . zbx_dbstr(ZBX_GUEST_USER) . ' AND ' . DBin_node('u.userid', $ZBX_LOCALNODEID);
$login = $USER_DETAILS = DBfetch(DBselect($sql));
if (!$USER_DETAILS) {
$missed_user_guest = true;
} else {
$sessionid = zbx_session_start($USER_DETAILS['userid'], ZBX_GUEST_USER, '');
}
}
if ($login) {
$login = check_perm2login($USER_DETAILS['userid']) && check_perm2system($USER_DETAILS['userid']);
}
if (!$login) {
$USER_DETAILS = NULL;
}
if ($login && $sessionid && !isset($incorrect_session)) {
zbx_setcookie('zbx_sessionid', $sessionid, $USER_DETAILS['autologin'] ? time() + 86400 * 31 : 0);
//1 month
DBexecute('UPDATE sessions SET lastaccess=' . time() . ' WHERE sessionid=' . zbx_dbstr($sessionid));
} else {
zbx_unsetcookie('zbx_sessionid');
DBexecute('UPDATE sessions SET status=' . ZBX_SESSION_PASSIVE . ' WHERE sessionid=' . zbx_dbstr($sessionid));
unset($sessionid);
}
if ($USER_DETAILS) {
// $USER_DETAILS['node'] = DBfetch(DBselect('SELECT * FROM nodes WHERE nodeid='.id2nodeid($USER_DETAILS['userid'])));
if (isset($ZBX_NODES[$ZBX_LOCALNODEID])) {
$USER_DETAILS['node'] = $ZBX_NODES[$ZBX_LOCALNODEID];
} else {
$USER_DETAILS['node'] = array();
$USER_DETAILS['node']['name'] = '- unknown -';
$USER_DETAILS['node']['nodeid'] = $ZBX_LOCALNODEID;
}
$USER_DETAILS['debug_mode'] = get_user_debug_mode($USER_DETAILS['userid']);
} else {
$USER_DETAILS = array('alias' => ZBX_GUEST_USER, 'userid' => 0, 'lang' => 'en_gb', 'type' => '0', 'node' => array('name' => '- unknown -', 'nodeid' => 0));
}
$userip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
$USER_DETAILS['userip'] = $userip;
if (!$login || isset($incorrect_session) || isset($missed_user_guest)) {
if (isset($incorrect_session)) {
$message = 'Session terminated, please re-login!';
} else {
if (isset($missed_user_guest)) {
$row = DBfetch(DBselect('SELECT count(u.userid) as user_cnt FROM users u'));
if (!$row || $row['user_cnt'] == 0) {
$message = 'Table users is empty. Possible database corruption.';
}
}
}
if (!isset($_REQUEST['message']) && isset($message)) {
$_REQUEST['message'] = $message;
}
return false;
}
return true;
}
