public function deleteUser($userid)
{
$loggedInUser = CxSessionHandler::getItem('userid');
// check if user has permission to delete users
if (!RoleController::hasRole($loggedInUser, ADMINISTRATOR)) {
$response_array = array(JsonResponse::P_STATUS => JsonResponse::STATUS_ERROR, JsonResponse::P_MESSAGE => 'You are not authorized to delete users!');
return $response_array;
}
$user_deleted = $this->user->deleteUser($userid);
if ($user_deleted) {
// log user out from database level, once delete is succesful
$authenticator = new AuthenticationController();
$authenticator->flagUserOffline($userid);
}
return $user_deleted;
}
public function __construct()
{
// Call the Controller constructor
parent::__construct();
$this->load->model('guest_model');
$this->is_authenticated = $this->is_authenticated && $this->input->is_ajax_request();
}
/**
* Validate the user session based on user name and password hash.
*
* @param string $user_name -- The user name to create a session for
* @param string $password -- The MD5 sum of the user's password
* @return true -- If the session is created
* @return false -- If the session is not created
*/
function validate_user($user_name, $password)
{
global $server, $current_user, $sugar_config;
$user = BeanFactory::getBean('Users');
$user->user_name = $user_name;
$authController = AuthenticationController::getInstance();
// Check to see if the user name and password are consistent.
if ($user->authenticate_user($password)) {
// we also need to set the current_user.
$user->retrieve($user->id);
$current_user = $user;
login_success();
return true;
} else {
if (function_exists('mcrypt_cbc')) {
$password = decrypt_string($password);
if ($authController->login($user_name, $password) && isset($_SESSION['authenticated_user_id'])) {
$user->retrieve($_SESSION['authenticated_user_id']);
$current_user = $user;
login_success();
return true;
}
} else {
$GLOBALS['log']->fatal("SECURITY: failed attempted login for {$user_name} using SOAP api");
$server->setError("Invalid username and/or password");
return false;
}
}
}
public static function sweep()
{
$watch_path = LookoutController::watchPath();
$inactive_users = array();
$orig_dir = getcwd();
chdir($watch_path);
$worked = false;
$watch_files = glob('*.sess');
foreach ($watch_files as $file) {
$file_access_time = fileatime($file);
$current_time = time();
$inactive = $current_time - $file_access_time > MAX_INACTIVE_TIME;
if ($inactive) {
$userid = explode('.', $file);
array_push($inactive_users, $userid[0]);
}
$worked = true;
}
chdir($orig_dir);
if (sizeof($inactive_users) > 0) {
LookoutController::deleteInactiveWatch($inactive_users);
AuthenticationController::autoLogout($inactive_users);
$worked = true;
}
return $worked;
}
/**
* Returns an instance of the authentication controller
*
* @param string $type this is the type of authetnication you want to use default is SugarAuthenticate
* @return an instance of the authetnciation controller
*/
public static function getInstance($type = 'SugarAuthenticate')
{
if (empty(self::$authcontrollerinstance)) {
self::$authcontrollerinstance = new AuthenticationController($type);
}
return self::$authcontrollerinstance;
}
public function __construct()
{
// Call the Controller constructor
parent::__construct();
if (!$this->is_authenticated || is_null($this->current_user)) {
$this->redirect_to_login();
}
$this->load->model('position_model');
}
/**
* Log the user into the application
*
* @param UserAuth array $user_auth -- Set user_name and password (password needs to be
* in the right encoding for the type of authentication the user is setup for. For Base
* sugar validation, password is the MD5 sum of the plain text password.
* @param String $application -- The name of the application you are logging in from. (Currently unused).
* @return Array(session_id, error) -- session_id is the id of the session that was
* created. Error is set if there was any error during creation.
*/
function login($user_auth, $application)
{
global $sugar_config, $system_config;
$error = new SoapError();
$user = new User();
$success = false;
//rrs
$system_config = new Administration();
$system_config->retrieveSettings('system');
$authController = new AuthenticationController(!empty($sugar_config['authenticationClass']) ? $sugar_config['authenticationClass'] : 'SugarAuthenticate');
//rrs
$user = $user->retrieve_by_string_fields(array('user_name' => $user_auth['user_name'], 'user_hash' => $user_auth['password'], 'deleted' => 0, 'status' => 'Active', 'portal_only' => 0));
if (!empty($user) && !empty($user->id) && !$user->is_group) {
$success = true;
global $current_user;
$current_user = $user;
} else {
if (function_exists('mcrypt_cbc')) {
$password = decrypt_string($user_auth['password']);
if ($authController->login($user_auth['user_name'], $password) && isset($_SESSION['authenticated_user_id'])) {
$success = true;
}
}
}
if ($success) {
session_start();
global $current_user;
//$current_user = $user;
login_success();
$current_user->loadPreferences();
$_SESSION['is_valid_session'] = true;
$_SESSION['ip_address'] = query_client_ip();
$_SESSION['user_id'] = $current_user->id;
$_SESSION['type'] = 'user';
$_SESSION['avail_modules'] = get_user_module_list($current_user);
$_SESSION['authenticated_user_id'] = $current_user->id;
$_SESSION['unique_key'] = $sugar_config['unique_key'];
$current_user->call_custom_logic('after_login');
return array('id' => session_id(), 'error' => $error);
}
$error->set_error('invalid_login');
$GLOBALS['log']->fatal('SECURITY: User authentication for ' . $user_auth['user_name'] . ' failed');
LogicHook::initialize();
$GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed');
return array('id' => -1, 'error' => $error);
}
/**
* Gets configs
*
* @return array
*/
protected function getConfigs()
{
$sugarConfig = $this->getSugarConfig();
$administration = new Administration();
$administration->retrieveSettings();
$properties = $this->getConfigProperties();
$properties = $this->parseConfigProperties($sugarConfig, $properties);
$configs = $this->handleConfigPropertiesExceptions($properties);
// FIXME: Clean up properties bellow in order to fit standards
// regarding property names
if (isset($administration->settings['honeypot_on'])) {
$configs['honeypot_on'] = true;
}
if (isset($sugarConfig['passwordsetting']['forgotpasswordON'])) {
if ($sugarConfig['passwordsetting']['forgotpasswordON'] === '1' || $sugarConfig['passwordsetting']['forgotpasswordON'] === true) {
$configs['forgotpasswordON'] = true;
} else {
$configs['forgotpasswordON'] = false;
}
}
if (!empty($sugarConfig['authenticationClass'])) {
$auth = new AuthenticationController($sugarConfig['authenticationClass']);
if ($auth->isExternal()) {
$configs['externalLogin'] = true;
}
}
if (isset($sugarConfig['analytics'])) {
$configs['analytics'] = $sugarConfig['analytics'];
} else {
$configs['analytics'] = array('enabled' => false);
}
$caseBean = BeanFactory::getBean('Cases');
if (!empty($caseBean)) {
$configs['inboundEmailCaseSubjectMacro'] = $caseBean->getEmailSubjectMacro();
}
// System name setting for sidecar modules
if (!empty($administration->settings['system_name'])) {
$configs['systemName'] = $administration->settings['system_name'];
}
return $configs;
}
/**
* Load the authenticated user. If there is not an authenticated user then redirect to login screen.
*/
function loadUser()
{
global $authController, $sugar_config;
// Double check the server's unique key is in the session. Make sure this is not an attempt to hijack a session
$user_unique_key = isset($_SESSION['unique_key']) ? $_SESSION['unique_key'] : '';
$server_unique_key = isset($sugar_config['unique_key']) ? $sugar_config['unique_key'] : '';
if (!empty($this->controller->allowed_actions)) {
$allowed_actions = $this->controller->allowed_actions;
} else {
$allowed_actions = array('Authenticate', 'Login', 'LoggedOut');
}
if ($user_unique_key != $server_unique_key && !in_array($this->controller->action, $allowed_actions) && !isset($_SESSION['login_error'])) {
session_destroy();
if (!empty($this->controller->action)) {
if (strtolower($this->controller->action) == 'delete') {
$this->controller->action = 'DetailView';
} elseif (strtolower($this->controller->action) == 'save') {
$this->controller->action = 'EditView';
} elseif (strtolower($this->controller->action) == 'quickcreate') {
$this->controller->action = 'index';
$this->controller->module = 'home';
} elseif (isset($_REQUEST['massupdate']) || isset($_GET['massupdate']) || isset($_POST['massupdate'])) {
$this->controller->action = 'index';
} elseif (!in_array($this->controller->action, $this->whiteListActions) && $this->isModifyAction()) {
$this->controller->action = 'index';
}
}
header('Location: ' . $this->getUnauthenticatedHomeUrl(true));
exit;
}
$authController = AuthenticationController::getInstance();
$GLOBALS['current_user'] = BeanFactory::getBean('Users');
if (isset($_SESSION['authenticated_user_id'])) {
// set in modules/Users/Authenticate.php
if (!$authController->sessionAuthenticate()) {
// if the object we get back is null for some reason, this will break - like user prefs are corrupted
$GLOBALS['log']->fatal('User retrieval for ID: (' . $_SESSION['authenticated_user_id'] . ') does not exist in database or retrieval failed catastrophically. Calling session_destroy() and sending user to Login page.');
session_destroy();
SugarApplication::redirect($this->getUnauthenticatedHomeUrl());
die;
} else {
$trackerManager = TrackerManager::getInstance();
$monitor = $trackerManager->getMonitor('tracker_sessions');
$active = $monitor->getValue('active');
if ($active == 0 && (!isset($GLOBALS['current_user']->portal_only) || $GLOBALS['current_user']->portal_only != 1)) {
// We are starting a new session
$result = $GLOBALS['db']->query("SELECT id FROM " . $monitor->name . " WHERE user_id = '" . $GLOBALS['db']->quote($GLOBALS['current_user']->id) . "' AND active = 1 AND session_id <> '" . $GLOBALS['db']->quote($monitor->getValue('session_id')) . "' ORDER BY date_end DESC");
$activeCount = 0;
while ($row = $GLOBALS['db']->fetchByAssoc($result)) {
$activeCount++;
if ($activeCount > 1) {
$GLOBALS['db']->query("UPDATE " . $monitor->name . " SET active = 0 WHERE id = '" . $GLOBALS['db']->quote($row['id']) . "'");
}
}
}
}
}
$GLOBALS['log']->debug('Current user is: ' . $GLOBALS['current_user']->user_name);
$GLOBALS['logic_hook']->call_custom_logic('', 'after_load_user');
// Reset ACLs in case after_load_user hook changed ACL setups
SugarACL::resetACLs();
//set cookies
if (isset($_SESSION['authenticated_user_theme'])) {
$GLOBALS['log']->debug("setting cookie ck_login_theme_20 to " . $_SESSION['authenticated_user_theme']);
self::setCookie('ck_login_theme_20', $_SESSION['authenticated_user_theme'], time() + 86400 * 90);
}
if (isset($_SESSION['authenticated_user_theme_color'])) {
$GLOBALS['log']->debug("setting cookie ck_login_theme_color_20 to " . $_SESSION['authenticated_user_theme_color']);
self::setCookie('ck_login_theme_color_20', $_SESSION['authenticated_user_theme_color'], time() + 86400 * 90);
}
if (isset($_SESSION['authenticated_user_theme_font'])) {
$GLOBALS['log']->debug("setting cookie ck_login_theme_font_20 to " . $_SESSION['authenticated_user_theme_font']);
self::setCookie('ck_login_theme_font_20', $_SESSION['authenticated_user_theme_font'], time() + 86400 * 90);
}
if (isset($_SESSION['authenticated_user_language'])) {
$GLOBALS['log']->debug("setting cookie ck_login_language_20 to " . $_SESSION['authenticated_user_language']);
self::setCookie('ck_login_language_20', $_SESSION['authenticated_user_language'], time() + 86400 * 90);
}
//check if user can access
}
/**
* Validate the user session based on user name and password hash.
*
* @param string $user_name -- The user name to create a session for
* @param string $password -- The MD5 sum of the user's password
* @return true -- If the session is created
* @return false -- If the session is not created
*/
function validate_user($user_name, $password)
{
global $server, $current_user, $sugar_config, $system_config;
$user = new User();
$user->user_name = $user_name;
$system_config = new Administration();
$system_config->retrieveSettings('system');
$authController = new AuthenticationController();
// Check to see if the user name and password are consistent.
if ($user->authenticate_user($password)) {
// we also need to set the current_user.
$user->retrieve($user->id);
$current_user = $user;
login_success();
return true;
} else {
if (function_exists('mcrypt_cbc')) {
$password = decrypt_string($password);
if ($authController->login($user_name, $password) && isset($_SESSION['authenticated_user_id'])) {
$user->retrieve($_SESSION['authenticated_user_id']);
$current_user = $user;
login_success();
return true;
}
} else {
Log::fatal("SECURITY: failed attempted login for {$user_name} using SOAP api");
$server->setError("Invalid username and/or password");
return false;
}
}
}
/**
* Log the user into the application
*
* @param UserAuth array $user_auth -- Set user_name and password (password needs to be
* in the right encoding for the type of authentication the user is setup for. For Base
* sugar validation, password is the MD5 sum of the plain text password.
* @param String $application -- The name of the application you are logging in from. (Currently unused).
* @return Array(session_id, error) -- session_id is the id of the session that was
* created. Error is set if there was any error during creation.
*/
function login($user_auth, $application)
{
global $sugar_config, $system_config;
$error = new SoapError();
$user = new User();
$success = false;
//rrs
$system_config = new Administration();
$system_config->retrieveSettings('system');
$authController = new AuthenticationController(!empty($sugar_config['authenticationClass']) ? $sugar_config['authenticationClass'] : 'SugarAuthenticate');
//rrs
$isLoginSuccess = $authController->login($user_auth['user_name'], $user_auth['password'], array('passwordEncrypted' => true));
$usr_id = $user->retrieve_user_id($user_auth['user_name']);
if ($usr_id) {
$user->retrieve($usr_id);
}
if ($isLoginSuccess) {
if ($_SESSION['hasExpiredPassword'] == '1') {
$error->set_error('password_expired');
$GLOBALS['log']->fatal('password expired for user ' . $user_auth['user_name']);
LogicHook::initialize();
$GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed');
return array('id' => -1, 'error' => $error);
}
// if
if (!empty($user) && !empty($user->id) && !$user->is_group) {
$success = true;
global $current_user;
$current_user = $user;
}
// if
} else {
if ($usr_id && isset($user->user_name) && $user->getPreference('lockout') == '1') {
$error->set_error('lockout_reached');
$GLOBALS['log']->fatal('Lockout reached for user ' . $user_auth['user_name']);
LogicHook::initialize();
$GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed');
return array('id' => -1, 'error' => $error);
} else {
if (function_exists('mcrypt_cbc')) {
$password = decrypt_string($user_auth['password']);
$authController = new AuthenticationController(!empty($sugar_config['authenticationClass']) ? $sugar_config['authenticationClass'] : 'SugarAuthenticate');
if ($authController->login($user_auth['user_name'], $password) && isset($_SESSION['authenticated_user_id'])) {
$success = true;
}
// if
}
}
}
// else if
if ($success) {
session_start();
global $current_user;
//$current_user = $user;
login_success();
$current_user->loadPreferences();
$_SESSION['is_valid_session'] = true;
$_SESSION['ip_address'] = query_client_ip();
$_SESSION['user_id'] = $current_user->id;
$_SESSION['type'] = 'user';
$_SESSION['avail_modules'] = get_user_module_list($current_user);
$_SESSION['authenticated_user_id'] = $current_user->id;
$_SESSION['unique_key'] = $sugar_config['unique_key'];
$current_user->call_custom_logic('after_login');
return array('id' => session_id(), 'error' => $error);
}
$error->set_error('invalid_login');
$GLOBALS['log']->fatal('SECURITY: User authentication for ' . $user_auth['user_name'] . ' failed');
LogicHook::initialize();
$GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed');
return array('id' => -1, 'error' => $error);
}
/**
* Handles authentication of the current user
*
* @param string $platform The platform type for this request
* @returns bool Was the login successful
* @throws SugarApiExceptionRequestTooLarge gets thrown on file uploads if the request failed
*/
protected function authenticateUser()
{
$valid = false;
$token = $this->grabToken();
if (!empty($token)) {
try {
$oauthServer = SugarOAuth2Server::getOAuth2Server();
$oauthServer->verifyAccessToken($token);
if (isset($_SESSION['authenticated_user_id'])) {
$authController = AuthenticationController::getInstance();
// This will return false if anything is wrong with the session
// (mismatched IP, mismatched unique_key, etc)
$valid = $authController->apiSessionAuthenticate();
if ($valid) {
$valid = $this->userAfterAuthenticate($_SESSION['authenticated_user_id'], $oauthServer);
}
if (!$valid) {
// Need to populate the exception here so later code
// has it and can send the correct status back to the client
$e = new SugarApiExceptionInvalidGrant();
}
}
} catch (OAuth2AuthenticateException $e) {
// This was failing if users were passing an oauth token up to a public url.
$valid = false;
} catch (SugarApiException $e) {
// If we get an exception during this we'll assume authentication failed
$valid = false;
}
}
if (!$valid) {
// If token is invalid, clear the session for bwc
// It looks like a big upload can cause no auth error,
// so we do it here instead of the catch block above
$_SESSION = array();
$exception = isset($e) ? $e : false;
return array('isLoggedIn' => false, 'exception' => $exception);
}
return array('isLoggedIn' => true, 'exception' => false);
}
/**
* Set currect instance (for testing)
* @param AuthenticationController $instance
*/
public static function setInstance($instance)
{
self::$authcontrollerinstance = $instance;
}
/**
* Log the user into the application
*
* @param UserAuth array $user_auth -- Set user_name and password (password needs to be
* in the right encoding for the type of authentication the user is setup for. For Base
* sugar validation, password is the MD5 sum of the plain text password.
* @param String $application -- The name of the application you are logging in from. (Currently unused).
* @param array $name_value_list -- Array of name value pair of extra parameters. As of today only 'language' and 'notifyonsave' is supported
* @return Array - id - String id is the session_id of the session that was created.
* - module_name - String - module name of user
* - name_value_list - Array - The name value pair of user_id, user_name, user_language, user_currency_id, user_currency_name,
* - user_default_team_id, user_is_admin, user_default_dateformat, user_default_timeformat
* @exception 'SoapFault' -- The SOAP error, if any
*/
public function login($user_auth, $application, $name_value_list)
{
$GLOBALS['log']->info('Begin: SugarWebServiceImpl->login');
global $sugar_config, $system_config;
$error = new SoapError();
$user = new User();
$success = false;
if (!empty($user_auth['encryption']) && $user_auth['encryption'] === 'PLAIN') {
$user_auth['password'] = md5($user_auth['password']);
}
//rrs
$system_config = new Administration();
$system_config->retrieveSettings('system');
$authController = new AuthenticationController();
//rrs
$isLoginSuccess = $authController->login($user_auth['user_name'], $user_auth['password'], array('passwordEncrypted' => true));
$usr_id = $user->retrieve_user_id($user_auth['user_name']);
if ($usr_id) {
$user->retrieve($usr_id);
}
if ($isLoginSuccess) {
if ($_SESSION['hasExpiredPassword'] == '1') {
$error->set_error('password_expired');
$GLOBALS['log']->fatal('password expired for user ' . $user_auth['user_name']);
LogicHook::initialize();
$GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed');
self::$helperObject->setFaultObject($error);
return;
}
if (!empty($user) && !empty($user->id) && !$user->is_group) {
$success = true;
global $current_user;
$current_user = $user;
}
} else {
if ($usr_id && isset($user->user_name) && $user->getPreference('lockout') == '1') {
$error->set_error('lockout_reached');
$GLOBALS['log']->fatal('Lockout reached for user ' . $user_auth['user_name']);
LogicHook::initialize();
$GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed');
self::$helperObject->setFaultObject($error);
return;
} else {
if (function_exists('mcrypt_cbc')) {
$password = self::$helperObject->decrypt_string($user_auth['password']);
if ($authController->login($user_auth['user_name'], $password) && isset($_SESSION['authenticated_user_id'])) {
$success = true;
}
}
}
}
if ($success) {
session_start();
global $current_user;
//$current_user = $user;
self::$helperObject->login_success($name_value_list);
$current_user->loadPreferences();
$_SESSION['is_valid_session'] = true;
$_SESSION['ip_address'] = query_client_ip();
$_SESSION['user_id'] = $current_user->id;
$_SESSION['type'] = 'user';
$_SESSION['avail_modules'] = self::$helperObject->get_user_module_list($current_user);
$_SESSION['authenticated_user_id'] = $current_user->id;
$_SESSION['unique_key'] = $sugar_config['unique_key'];
$current_user->call_custom_logic('after_login');
$GLOBALS['log']->info('End: SugarWebServiceImpl->login - succesful login');
$nameValueArray = array();
global $current_language;
$nameValueArray['user_id'] = self::$helperObject->get_name_value('user_id', $current_user->id);
$nameValueArray['user_name'] = self::$helperObject->get_name_value('user_name', $current_user->user_name);
$nameValueArray['user_language'] = self::$helperObject->get_name_value('user_language', $current_language);
$cur_id = $current_user->getPreference('currency');
$nameValueArray['user_currency_id'] = self::$helperObject->get_name_value('user_currency_id', $cur_id);
$nameValueArray['user_is_admin'] = self::$helperObject->get_name_value('user_is_admin', is_admin($current_user));
$nameValueArray['user_default_team_id'] = self::$helperObject->get_name_value('user_default_team_id', $current_user->default_team);
$nameValueArray['user_default_dateformat'] = self::$helperObject->get_name_value('user_default_dateformat', $current_user->getPreference('datef'));
$nameValueArray['user_default_timeformat'] = self::$helperObject->get_name_value('user_default_timeformat', $current_user->getPreference('timef'));
$currencyObject = new Currency();
$currencyObject->retrieve($cur_id);
$nameValueArray['user_currency_name'] = self::$helperObject->get_name_value('user_currency_name', $currencyObject->name);
$_SESSION['user_language'] = $current_language;
return array('id' => session_id(), 'module_name' => 'Users', 'name_value_list' => $nameValueArray);
}
LogicHook::initialize();
$GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed');
$error->set_error('invalid_login');
self::$helperObject->setFaultObject($error);
$GLOBALS['log']->info('End: SugarWebServiceImpl->login - failed login');
}
<?php
define('sugarEntry', true);
$post = $_POST;
$get = $_GET;
$current_directory = getcwd();
chdir('../');
include 'include/MVC/preDispatch.php';
$startTime = microtime(true);
require_once 'include/entryPoint.php';
require_once 'include/MVC/SugarApplication.php';
$app = new SugarApplication();
$app->startSession();
$user_unique_key = isset($_SESSION['unique_key']) ? $_SESSION['unique_key'] : '';
$server_unique_key = isset($sugar_config['unique_key']) ? $sugar_config['unique_key'] : '';
$authController = new AuthenticationController();
if ($user_unique_key != $server_unique_key && !isset($_SESSION['login_error'])) {
session_destroy();
header("Location: ../index.php?action=Login&module=Users");
die;
}
$GLOBALS['current_user'] = new User();
if (isset($_SESSION['authenticated_user_id'])) {
// set in modules/Users/Authenticate.php
if (!$authController->sessionAuthenticate()) {
// if the object we get back is null for some reason, this will break - like user prefs are corrupted
session_destroy();
header("Location: ../index.php?action=Login&module=Users");
die;
}
//fi
/**
* Load the authenticated user. If there is not an authenticated user then redirect to login screen.
*/
function loadUser()
{
global $authController, $sugar_config;
// Double check the server's unique key is in the session. Make sure this is not an attempt to hijack a session
$user_unique_key = isset($_SESSION['unique_key']) ? $_SESSION['unique_key'] : '';
$server_unique_key = isset($sugar_config['unique_key']) ? $sugar_config['unique_key'] : '';
$allowed_actions = !empty($this->controller->allowed_actions) ? $this->controller->allowed_actions : ($allowed_actions = array('Authenticate', 'Login', 'LoggedOut'));
$authController = new AuthenticationController();
if ($user_unique_key != $server_unique_key && !in_array($this->controller->action, $allowed_actions) && !isset($_SESSION['login_error'])) {
session_destroy();
if (!empty($this->controller->action)) {
if (strtolower($this->controller->action) == 'delete') {
$this->controller->action = 'DetailView';
} elseif (strtolower($this->controller->action) == 'save') {
$this->controller->action = 'EditView';
} elseif (strtolower($this->controller->action) == 'quickcreate') {
$this->controller->action = 'index';
$this->controller->module = 'home';
} elseif (isset($_REQUEST['massupdate']) || isset($_GET['massupdate']) || isset($_POST['massupdate'])) {
$this->controller->action = 'index';
} elseif ($this->isModifyAction()) {
$this->controller->action = 'index';
} elseif ($this->controller->action == $this->default_action && $this->controller->module == $this->default_module) {
$this->controller->action = '';
$this->controller->module = '';
}
}
$authController->authController->redirectToLogin($this);
}
$GLOBALS['current_user'] = new User();
if (isset($_SESSION['authenticated_user_id'])) {
// set in modules/Users/Authenticate.php
if (!$authController->sessionAuthenticate()) {
// if the object we get back is null for some reason, this will break - like user prefs are corrupted
$GLOBALS['log']->fatal('User retrieval for ID: (' . $_SESSION['authenticated_user_id'] . ') does not exist in database or retrieval failed catastrophically. Calling session_destroy() and sending user to Login page.');
session_destroy();
SugarApplication::redirect('index.php?action=Login&module=Users');
die;
}
//fi
} elseif (!($this->controller->module == 'Users' && in_array($this->controller->action, $allowed_actions))) {
session_destroy();
SugarApplication::redirect('index.php?action=Login&module=Users');
die;
}
$GLOBALS['log']->debug('Current user is: ' . $GLOBALS['current_user']->user_name);
//set cookies
if (isset($_SESSION['authenticated_user_id'])) {
$GLOBALS['log']->debug("setting cookie ck_login_id_20 to " . $_SESSION['authenticated_user_id']);
self::setCookie('ck_login_id_20', $_SESSION['authenticated_user_id'], time() + 86400 * 90);
}
if (isset($_SESSION['authenticated_user_theme'])) {
$GLOBALS['log']->debug("setting cookie ck_login_theme_20 to " . $_SESSION['authenticated_user_theme']);
self::setCookie('ck_login_theme_20', $_SESSION['authenticated_user_theme'], time() + 86400 * 90);
}
if (isset($_SESSION['authenticated_user_theme_color'])) {
$GLOBALS['log']->debug("setting cookie ck_login_theme_color_20 to " . $_SESSION['authenticated_user_theme_color']);
self::setCookie('ck_login_theme_color_20', $_SESSION['authenticated_user_theme_color'], time() + 86400 * 90);
}
if (isset($_SESSION['authenticated_user_theme_font'])) {
$GLOBALS['log']->debug("setting cookie ck_login_theme_font_20 to " . $_SESSION['authenticated_user_theme_font']);
self::setCookie('ck_login_theme_font_20', $_SESSION['authenticated_user_theme_font'], time() + 86400 * 90);
}
if (isset($_SESSION['authenticated_user_language'])) {
$GLOBALS['log']->debug("setting cookie ck_login_language_20 to " . $_SESSION['authenticated_user_language']);
self::setCookie('ck_login_language_20', $_SESSION['authenticated_user_language'], time() + 86400 * 90);
}
//check if user can access
}
/**
* Validate the user session based on user name and password hash.
*
* @param string $user_name -- The user name to create a session for
* @param string $password -- The MD5 sum of the user's password
* @return true -- If the session is created
* @return false -- If the session is not created
*/
function validate_user($user_name, $password)
{
$GLOBALS['log']->info('Begin: SoapHelperWebServices->validate_user');
global $server, $current_user, $sugar_config, $system_config;
$user = new User();
$user->user_name = $user_name;
$system_config = new Administration();
$system_config->retrieveSettings('system');
$authController = new AuthenticationController(!empty($sugar_config['authenticationClass']) ? $sugar_config['authenticationClass'] : 'SugarAuthenticate');
// Check to see if the user name and password are consistent.
if ($user->authenticate_user($password)) {
// we also need to set the current_user.
$user->retrieve($user->id);
$current_user = $user;
$GLOBALS['log']->info('End: SoapHelperWebServices->validate_user - validation passed');
return true;
} else {
if (function_exists('mcrypt_cbc')) {
$password = $this->decrypt_string($password);
if ($authController->login($user_name, $password) && isset($_SESSION['authenticated_user_id'])) {
$user->retrieve($_SESSION['authenticated_user_id']);
$current_user = $user;
$GLOBALS['log']->info('End: SoapHelperWebServices->validate_user - validation passed');
return true;
}
} else {
$GLOBALS['log']->fatal("SECURITY: failed attempted login for {$user_name} using SOAP api");
$server->setError("Invalid username and/or password");
return false;
}
}
}
/**
* Log the user into the application
*
* @param UserAuth array $user_auth -- Set user_name and password (password needs to be
* in the right encoding for the type of authentication the user is setup for. For Base
* sugar validation, password is the MD5 sum of the plain text password.
* @param String $application -- The name of the application you are logging in from. (Currently unused).
* @param array $name_value_list -- Array of name value pair of extra parameters. As of today only 'language' and 'notifyonsave' is supported
* @return Array - id - String id is the session_id of the session that was created.
* - module_name - String - module name of user
* - name_value_list - Array - The name value pair of user_id, user_name, user_language
* @exception 'SoapFault' -- The SOAP error, if any
*/
public function login($user_auth, $application, $name_value_list)
{
$GLOBALS['log']->info('Begin: SugarWebServiceImpl->login');
global $sugar_config, $system_config;
$error = new SoapError();
$user = new User();
$success = false;
if (!empty($user_auth['encryption']) && $user_auth['encryption'] === 'PLAIN') {
$user_auth['password'] = md5($user_auth['password']);
}
//rrs
$system_config = new Administration();
$system_config->retrieveSettings('system');
$authController = new AuthenticationController(!empty($sugar_config['authenticationClass']) ? $sugar_config['authenticationClass'] : 'SugarAuthenticate');
//rrs
$user = $user->retrieve_by_string_fields(array('user_name' => $user_auth['user_name'], 'user_hash' => $user_auth['password'], 'deleted' => 0, 'status' => 'Active', 'portal_only' => 0));
if (!empty($user) && !empty($user->id) && !$user->is_group) {
$success = true;
global $current_user;
$current_user = $user;
} else {
if (function_exists('mcrypt_cbc')) {
$password = self::$helperObject->decrypt_string($user_auth['password']);
if ($authController->login($user_auth['user_name'], $password) && isset($_SESSION['authenticated_user_id'])) {
$success = true;
}
// if
}
}
// else if
if ($success) {
session_start();
global $current_user;
//$current_user = $user;
self::$helperObject->login_success($name_value_list);
$current_user->loadPreferences();
$_SESSION['is_valid_session'] = true;
$_SESSION['ip_address'] = query_client_ip();
$_SESSION['user_id'] = $current_user->id;
$_SESSION['type'] = 'user';
$_SESSION['avail_modules'] = self::$helperObject->get_user_module_list($current_user);
$_SESSION['authenticated_user_id'] = $current_user->id;
$_SESSION['unique_key'] = $sugar_config['unique_key'];
$current_user->call_custom_logic('after_login');
$GLOBALS['log']->info('End: SugarWebServiceImpl->login - succesful login');
$nameValueArray = array();
global $current_language;
$nameValueArray[] = self::$helperObject->get_name_value('user_id', $current_user->id);
$nameValueArray[] = self::$helperObject->get_name_value('user_name', $current_user->user_name);
$nameValueArray[] = self::$helperObject->get_name_value('user_language', $current_language);
$_SESSION['user_language'] = $current_language;
return array('id' => session_id(), 'module_name' => 'Users', 'name_value_list' => $nameValueArray);
}
// if
LogicHook::initialize();
$GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed');
$error->set_error('invalid_login');
self::$helperObject->setFaultObject($error);
$GLOBALS['log']->info('End: SugarWebServiceImpl->login - failed login');
}
public function logout($api, $args)
{
$oauth2Server = $this->getOAuth2Server($args);
if (!empty($api->user)) {
$api->user->call_custom_logic('before_logout');
}
if (isset($args['refresh_token'])) {
// Nuke the refresh token as well.
// No security checks needed here to make sure the refresh token is theirs,
// because if someone else has your refresh token logging out is the nicest possible thing they could do.
$oauth2Server->unsetRefreshToken($args['refresh_token']);
}
setcookie(RestService::DOWNLOAD_COOKIE . '_' . $api->platform, false, -1, ini_get('session.cookie_path'), ini_get('session.cookie_domain'), ini_get('session.cookie_secure'), true);
// The OAuth access token is actually just a session, so we can nuke that here.
$_SESSION = array();
session_regenerate_id(true);
// Whack the cookie that was set in BWC mode
$this->killSessionCookie();
$GLOBALS['logic_hook']->call_custom_logic('Users', 'after_logout');
$auth = AuthenticationController::getInstance();
$res = array('success' => true);
if ($auth->isExternal()) {
$logout = $auth->getLogoutUrl();
if ($logout) {
$res['url'] = $logout;
}
}
return $res;
}
case 'auth.store':
$controller = new AuthenticationController();
$controller->store();
break;
case 'auth.attempt':
$controller = new AuthenticationController();
$controller->attempt();
break;
case 'login':
$controller = new AuthenticationController();
$controller->login();
break;
case 'account.edit':
$controller = new AccountController();
$controller->edit();
case 'upload':
$controller = new AccountController();
$controller->upload();
break;
case 'logout':
$controller = new AuthenticationController();
$controller->logout();
break;
case 'comment.create':
$controller = new CommentController();
$controller->create();
break;
default:
echo "404";
break;
}
/**
* Log the user into the application
*
* @param UserAuth array $user_auth -- Set user_name and password (password needs to be
* in the right encoding for the type of authentication the user is setup for. For Base
* sugar validation, password is the MD5 sum of the plain text password.
* @param String $application -- The name of the application you are logging in from. (Currently unused).
* @param array $name_value_list -- Array of name value pair of extra parameters. As of today only 'language' and 'notifyonsave' is supported
* @return Array - id - String id is the session_id of the session that was created.
* - module_name - String - module name of user
* - name_value_list - Array - The name value pair of user_id, user_name, user_language, user_currency_id, user_currency_name,
* - user_default_team_id, user_is_admin, user_default_dateformat, user_default_timeformat
* @exception 'SoapFault' -- The SOAP error, if any
*/
public function login($user_auth, $application, $name_value_list = array())
{
$GLOBALS['log']->info('Begin: SugarWebServiceImpl->login');
global $sugar_config;
$error = new SoapError();
$user = BeanFactory::getBean('Users');
$success = false;
$authController = AuthenticationController::getInstance();
if (!empty($user_auth['encryption']) && $user_auth['encryption'] === 'PLAIN' && $authController->authController->userAuthenticateClass != "LDAPAuthenticateUser") {
$user_auth['password'] = md5($user_auth['password']);
}
$isLoginSuccess = $authController->login($user_auth['user_name'], $user_auth['password'], array('passwordEncrypted' => true));
$usr_id = $user->retrieve_user_id($user_auth['user_name']);
if ($usr_id) {
$user->retrieve($usr_id);
}
if ($isLoginSuccess) {
if ($_SESSION['hasExpiredPassword'] == '1') {
$error->set_error('password_expired');
$GLOBALS['log']->fatal('password expired for user ' . $user_auth['user_name']);
LogicHook::initialize();
$GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed');
self::$helperObject->setFaultObject($error);
return;
}
if (!empty($user) && !empty($user->id) && !$user->is_group) {
$success = true;
global $current_user;
$current_user = $user;
}
} else {
if ($usr_id && isset($user->user_name) && $user->getPreference('lockout') == '1') {
$error->set_error('lockout_reached');
$GLOBALS['log']->fatal('Lockout reached for user ' . $user_auth['user_name']);
LogicHook::initialize();
$GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed');
self::$helperObject->setFaultObject($error);
return;
} else {
if ($authController->authController->userAuthenticateClass == "LDAPAuthenticateUser" && (empty($user_auth['encryption']) || $user_auth['encryption'] !== 'PLAIN')) {
$error->set_error('ldap_error');
LogicHook::initialize();
$GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed');
self::$helperObject->setFaultObject($error);
return;
} else {
if (function_exists('mcrypt_cbc')) {
$password = self::$helperObject->decrypt_string($user_auth['password']);
if ($authController->login($user_auth['user_name'], $password) && isset($_SESSION['authenticated_user_id'])) {
$success = true;
}
}
}
}
}
if ($success) {
session_start();
global $current_user;
//$current_user = $user;
self::$helperObject->login_success($name_value_list);
$current_user->loadPreferences();
$_SESSION['is_valid_session'] = true;
$_SESSION['ip_address'] = query_client_ip();
$_SESSION['user_id'] = $current_user->id;
$_SESSION['type'] = 'user';
$_SESSION['avail_modules'] = self::$helperObject->get_user_module_list($current_user);
$_SESSION['authenticated_user_id'] = $current_user->id;
$_SESSION['unique_key'] = $sugar_config['unique_key'];
$current_user->call_custom_logic('after_login');
$GLOBALS['log']->info('End: SugarWebServiceImpl->login - succesful login');
$nameValueArray = array();
global $current_language;
$nameValueArray['user_id'] = self::$helperObject->get_name_value('user_id', $current_user->id);
$nameValueArray['user_name'] = self::$helperObject->get_name_value('user_name', $current_user->user_name);
$nameValueArray['user_language'] = self::$helperObject->get_name_value('user_language', $current_language);
$cur_id = $current_user->getPreference('currency');
$nameValueArray['user_currency_id'] = self::$helperObject->get_name_value('user_currency_id', $cur_id);
$nameValueArray['user_is_admin'] = self::$helperObject->get_name_value('user_is_admin', is_admin($current_user));
$nameValueArray['user_default_team_id'] = self::$helperObject->get_name_value('user_default_team_id', $current_user->default_team);
$nameValueArray['user_default_dateformat'] = self::$helperObject->get_name_value('user_default_dateformat', $current_user->getPreference('datef'));
$nameValueArray['user_default_timeformat'] = self::$helperObject->get_name_value('user_default_timeformat', $current_user->getPreference('timef'));
$num_grp_sep = $current_user->getPreference('num_grp_sep');
$dec_sep = $current_user->getPreference('dec_sep');
$nameValueArray['user_number_seperator'] = self::$helperObject->get_name_value('user_number_seperator', empty($num_grp_sep) ? $sugar_config['default_number_grouping_seperator'] : $num_grp_sep);
$nameValueArray['user_decimal_seperator'] = self::$helperObject->get_name_value('user_decimal_seperator', empty($dec_sep) ? $sugar_config['default_decimal_seperator'] : $dec_sep);
$nameValueArray['mobile_max_list_entries'] = self::$helperObject->get_name_value('mobile_max_list_entries', $sugar_config['wl_list_max_entries_per_page']);
$nameValueArray['mobile_max_subpanel_entries'] = self::$helperObject->get_name_value('mobile_max_subpanel_entries', $sugar_config['wl_list_max_entries_per_subpanel']);
if ($application == 'mobile') {
$modules = $availModuleNames = array();
$availModules = array_keys($_SESSION['avail_modules']);
//ACL check already performed.
$modules = self::$helperObject->get_visible_mobile_modules($availModules);
$nameValueArray['available_modules'] = $modules;
//Get the vardefs md5
foreach ($modules as $mod_def) {
$availModuleNames[] = $mod_def['module_key'];
}
$nameValueArray['vardefs_md5'] = self::get_module_fields_md5(session_id(), $availModuleNames);
}
$currencyObject = BeanFactory::getBean('Currencies', $cur_id);
$nameValueArray['user_currency_name'] = self::$helperObject->get_name_value('user_currency_name', $currencyObject->name);
$_SESSION['user_language'] = $current_language;
return array('id' => session_id(), 'module_name' => 'Users', 'name_value_list' => $nameValueArray);
}
LogicHook::initialize();
$GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed');
$error->set_error('invalid_login');
self::$helperObject->setFaultObject($error);
$GLOBALS['log']->info('End: SugarWebServiceImpl->login - failed login');
}
public function executeRequest()
{
return parent::getUserData();
}
<!DOCTYPE HTML> <?php //require_once($_SERVER['DOCUMENT_ROOT'] . "/kenneth/cs2102_admin/model/admin.php"); //require_once($_SERVER['DOCUMENT_ROOT'] . "/kenneth/cs2102_admin/model/database.php"); //require_once($_SERVER['DOCUMENT_ROOT'] . "/kenneth/cs2102_admin/model/job_applicant.php"); //require_once($_SERVER['DOCUMENT_ROOT'] . "/kenneth/cs2102_admin/controller/admin/authentication/index.php"); require_once $_SERVER['DOCUMENT_ROOT'] . "/cs2102/model/admin.php"; require_once $_SERVER['DOCUMENT_ROOT'] . "/cs2102/model/database.php"; require_once $_SERVER['DOCUMENT_ROOT'] . "/cs2102/model/job_applicant.php"; require_once $_SERVER['DOCUMENT_ROOT'] . "/cs2102/controller/admin/authentication/index.php"; use model\Admin; use model\Database; use model\JobApplicant; session_start(); AuthenticationController::authenticate(); $database = new Database(); $connection = $database->get_connection(); $job_applicants = JobApplicant::get_all_job_applicant($connection); ?> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Management System</title> <!-- stylesheets --> <link href="../../../stylesheet/reset.css" rel="stylesheet" type="text/css"> <link href="../../../stylesheet/icon.css" rel="stylesheet" type="text/css"> <link href="../../../stylesheet/default.css" rel="stylesheet" type="text/css"> <link href="../../../stylesheet/content.css" rel="stylesheet" type="text/css">
/**
* Calls the Authentication Controller's verify function
* @param string
* @return string
*/
private function callVerifyForToken($token = NULL)
{
return AuthenticationController::verify($token);
}
protected function _getValidUser($userId, $password)
{
if ($userId == null) {
header('WWW-Authenticate: Basic realm="' . Zend_Registry::getInstance()->config->application->id . '"');
header('HTTP/1.1 401 Unauthorized');
echo '<h1>401 Unauthorized</h1>';
exit;
}
require_once APPLICATION_PATH . '/controllers/AuthenticationController.php';
return AuthenticationController::authenticate($userId, $password);
}
$change = $authenticator->changePassword($_REQUEST['userid'], $_REQUEST['passcode'], $status);
if ($change) {
//DESTROY SESSION TO LOG USER OUT
CxSessionHandler::destroy();
//CONSTRUCT RESPONSE
$response = array();
$response[P_MESSAGE] = "Password change successful!";
//SET MESSAGE FOR USER ON NEXT LOGIN
CxSessionHandler::setViewBag("You just changed your password. Log in again with your new password.");
//ECHO RESPONSE
echo JsonResponse::success($response);
exit;
} else {
echo JsonResponse::error("Unable to change password! Please try again.");
exit;
}
} else {
echo JsonResponse::error('Incomplete request parameters!');
exit;
}
} elseif ($intent == "logout") {
$authenticator = new AuthenticationController();
$userid = CxSessionHandler::getItem(UserAuthTable::userid);
$authenticator->flagUserOffline($userid);
CxSessionHandler::destroy();
echo JsonResponse::message(STATUS_OK, "Logout successful");
exit;
} else {
echo JsonResponse::error('Invalid intent!');
exit;
}
/**
* Grant access tokens for basic user credentials.
*
* Check the supplied username and password for validity.
*
* You can also use the $client_id param to do any checks required based
* on a client, if you need that.
*
* Required for OAuth2::GRANT_TYPE_USER_CREDENTIALS.
*
* @param $client_id
* Client identifier to be check with.
* @param $username
* Username to be check with.
* @param $password
* Password to be check with.
*
* @return
* TRUE if the username and password are valid, and FALSE if it isn't.
* Moreover, if the username and password are valid, and you want to
* verify the scope of a user's access, return an associative array
* with the scope values as below. We'll check the scope you provide
* against the requested scope before providing an access token:
* @code
* return array(
* 'scope' => <stored scope values (space-separated string)>,
* );
* @endcode
*
* @see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-4.3
*
* @ingroup oauth2_section_4
*/
public function checkUserCredentials(IOAuth2GrantUser $storage, $client_id, $username, $password)
{
$clientInfo = $storage->getClientDetails($client_id);
if ($clientInfo === false) {
return false;
}
// Is just a regular Sugar User
$auth = AuthenticationController::getInstance();
// noHooks since we'll take care of the hooks on API level, to make it more generalized
$loginSuccess = $auth->login($username, $password, array('passwordEncrypted' => false, 'noRedirect' => true, 'noHooks' => true));
if ($loginSuccess && !empty($auth->nextStep)) {
// Set it here, and then load it in to the session on the next pass
// TODO: How do we pass the next required step to the client via the REST API?
$GLOBALS['nextStep'] = $auth->nextStep;
}
if ($loginSuccess) {
$this->userBean = $this->loadUserFromName($username);
return array('user_id' => $this->userBean->id);
} else {
if (!empty($_SESSION['login_error'])) {
$message = $_SESSION['login_error'];
} else {
$message = null;
}
throw new SugarApiExceptionNeedLogin($message);
}
}
}
if (isset($_REQUEST['view'])) {
$view = $_REQUEST['view'];
} else {
$view = "";
}
if (isset($_REQUEST['record'])) {
$record = $_REQUEST['record'];
} else {
$record = "";
}
//// REDIRECTION VARS
///////////////////////////////////////////////////////////////////////////////
$system_config = new Administration();
$system_config->retrieveSettings('system');
$authController = new AuthenticationController(!empty($sugar_config['authenticationClass']) ? $sugar_config['authenticationClass'] : 'SugarAuthenticate');
///////////////////////////////////////////////////////////////////////////////
//// USER LOGIN AUTHENTICATION
//FIRST PLACE YOU CAN INSTANTIATE A SUGARBEAN;
// for Disconnected Client
if (isset($_REQUEST['MSID'])) {
session_id($_REQUEST['MSID']);
session_start();
if (isset($_SESSION['user_id']) && isset($_SESSION['seamless_login'])) {
unset($_SESSION['seamless_login']);
global $current_user;
$authController->sessionAuthenticate($_SESSION['user_id']);
$current_user->authenticated = true;
$use_current_user_login = true;
} else {
if (isset($_COOKIE['PHPSESSID'])) {
/**
* Log the user into the application
*
* @param UserAuth array $user_auth -- Set user_name and password (password needs to be
* in the right encoding for the type of authentication the user is setup for. For Base
* sugar validation, password is the MD5 sum of the plain text password.
* @param String $application -- The name of the application you are logging in from. (Currently unused).
* @param array $name_value_list -- Array of name value pair of extra parameters. As of today only 'language' and 'notifyonsave' is supported
* @return Array - id - String id is the session_id of the session that was created.
* - module_name - String - module name of user
* - name_value_list - Array - The name value pair of user_id, user_name, user_language, user_currency_id, user_currency_name,
* - user_default_team_id, user_is_admin, user_default_dateformat, user_default_timeformat
* @exception 'SoapFault' -- The SOAP error, if any
*/
public function login($user_auth, $application, $name_value_list = array())
{
$GLOBALS['log']->info("Begin: SugarWebServiceImpl->login({$user_auth['user_name']}, {$application}, " . print_r($name_value_list, true) . ")");
global $sugar_config, $system_config;
$error = new SoapError();
$user = new User();
$success = false;
//rrs
$system_config = new Administration();
$system_config->retrieveSettings('system');
$authController = new AuthenticationController(!empty($sugar_config['authenticationClass']) ? $sugar_config['authenticationClass'] : 'SugarAuthenticate');
//rrs
if (!empty($user_auth['encryption']) && $user_auth['encryption'] === 'PLAIN' && $authController->authController->userAuthenticateClass != "LDAPAuthenticateUser") {
$user_auth['password'] = md5($user_auth['password']);
}
$isLoginSuccess = $authController->login($user_auth['user_name'], $user_auth['password'], array('passwordEncrypted' => true));
$usr_id = $user->retrieve_user_id($user_auth['user_name']);
if ($usr_id) {
$user->retrieve($usr_id);
}
if ($isLoginSuccess) {
if ($_SESSION['hasExpiredPassword'] == '1') {
$error->set_error('password_expired');
$GLOBALS['log']->fatal('password expired for user ' . $user_auth['user_name']);
LogicHook::initialize();
$GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed');
self::$helperObject->setFaultObject($error);
return;
}
if (!empty($user) && !empty($user->id) && !$user->is_group) {
$success = true;
global $current_user;
$current_user = $user;
}
} else {
if ($usr_id && isset($user->user_name) && $user->getPreference('lockout') == '1') {
$error->set_error('lockout_reached');
$GLOBALS['log']->fatal('Lockout reached for user ' . $user_auth['user_name']);
LogicHook::initialize();
$GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed');
self::$helperObject->setFaultObject($error);
return;
} else {
if (function_exists('mcrypt_cbc') && $authController->authController->userAuthenticateClass == "LDAPAuthenticateUser" && (empty($user_auth['encryption']) || $user_auth['encryption'] !== 'PLAIN')) {
$password = self::$helperObject->decrypt_string($user_auth['password']);
$authController->loggedIn = false;
// reset login attempt to try again with decrypted password
if ($authController->login($user_auth['user_name'], $password) && isset($_SESSION['authenticated_user_id'])) {
$success = true;
}
} else {
if ($authController->authController->userAuthenticateClass == "LDAPAuthenticateUser" && (empty($user_auth['encryption']) || $user_auth['encryption'] == 'PLAIN')) {
$authController->loggedIn = false;
// reset login attempt to try again with md5 password
if ($authController->login($user_auth['user_name'], md5($user_auth['password']), array('passwordEncrypted' => true)) && isset($_SESSION['authenticated_user_id'])) {
$success = true;
} else {
$error->set_error('ldap_error');
LogicHook::initialize();
$GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed');
self::$helperObject->setFaultObject($error);
return;
}
}
}
}
}
if ($success) {
session_start();
global $current_user;
//$current_user = $user;
self::$helperObject->login_success($name_value_list);
$current_user->loadPreferences();
$_SESSION['is_valid_session'] = true;
$_SESSION['ip_address'] = query_client_ip();
$_SESSION['user_id'] = $current_user->id;
$_SESSION['type'] = 'user';
$_SESSION['avail_modules'] = self::$helperObject->get_user_module_list($current_user);
$_SESSION['authenticated_user_id'] = $current_user->id;
$_SESSION['unique_key'] = $sugar_config['unique_key'];
$GLOBALS['log']->info('End: SugarWebServiceImpl->login - successful login');
$current_user->call_custom_logic('after_login');
$nameValueArray = array();
global $current_language;
$nameValueArray['user_id'] = self::$helperObject->get_name_value('user_id', $current_user->id);
$nameValueArray['user_name'] = self::$helperObject->get_name_value('user_name', $current_user->user_name);
$nameValueArray['user_language'] = self::$helperObject->get_name_value('user_language', $current_language);
$cur_id = $current_user->getPreference('currency');
$nameValueArray['user_currency_id'] = self::$helperObject->get_name_value('user_currency_id', $cur_id);
$nameValueArray['user_is_admin'] = self::$helperObject->get_name_value('user_is_admin', is_admin($current_user));
$nameValueArray['user_default_team_id'] = self::$helperObject->get_name_value('user_default_team_id', $current_user->default_team);
$nameValueArray['user_default_dateformat'] = self::$helperObject->get_name_value('user_default_dateformat', $current_user->getPreference('datef'));
$nameValueArray['user_default_timeformat'] = self::$helperObject->get_name_value('user_default_timeformat', $current_user->getPreference('timef'));
$num_grp_sep = $current_user->getPreference('num_grp_sep');
$dec_sep = $current_user->getPreference('dec_sep');
$nameValueArray['user_number_seperator'] = self::$helperObject->get_name_value('user_number_seperator', empty($num_grp_sep) ? $sugar_config['default_number_grouping_seperator'] : $num_grp_sep);
$nameValueArray['user_decimal_seperator'] = self::$helperObject->get_name_value('user_decimal_seperator', empty($dec_sep) ? $sugar_config['default_decimal_seperator'] : $dec_sep);
$nameValueArray['mobile_max_list_entries'] = self::$helperObject->get_name_value('mobile_max_list_entries', $sugar_config['wl_list_max_entries_per_page']);
$nameValueArray['mobile_max_subpanel_entries'] = self::$helperObject->get_name_value('mobile_max_subpanel_entries', $sugar_config['wl_list_max_entries_per_subpanel']);
$currencyObject = new Currency();
$currencyObject->retrieve($cur_id);
$nameValueArray['user_currency_name'] = self::$helperObject->get_name_value('user_currency_name', $currencyObject->name);
$_SESSION['user_language'] = $current_language;
return array('id' => session_id(), 'module_name' => 'Users', 'name_value_list' => $nameValueArray);
}
LogicHook::initialize();
$GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed');
$error->set_error('invalid_login');
self::$helperObject->setFaultObject($error);
$GLOBALS['log']->error('End: SugarWebServiceImpl->login - failed login');
}
/**
* Handle the situation where the API needs login
* @param Exception $e Exception that caused the login problem, if any
* @throws SugarApiExceptionNeedLogin
*/
public function needLogin(Exception $e = null)
{
if ($e) {
$message = $e->getMessage();
} else {
// @TODO Localize exception strings
$message = "No valid authentication for user.";
}
$login_exc = new SugarApiExceptionNeedLogin($message);
$auth = AuthenticationController::getInstance();
if ($auth->isExternal()) {
$login_exc->setExtraData("url", $auth->getLoginUrl(array('platform' => $this->platform)))->setExtraData('platform', $this->platform);
}
throw $login_exc;
}
