function vtws_logout($sessionId, $user) { $sessionManager = new SessionManager(); $sid = $sessionManager->startSession($sessionId); if (!isset($sessionId) || !$sessionManager->isValid()) { return $sessionManager->getError(); } $sessionManager->destroy(); // $sessionManager->setExpire(1); return array("message" => "successfull"); }
function vtws_logout($sessionId, $user) { global $adb; $sql = "select type from vtiger_ws_operation where name=?"; $result = $adb->pquery($sql, array("logout")); $row = $adb->query_result_rowdata($result, 0); $requestType = $row['type']; if ($_SERVER['REQUEST_METHOD'] != $requestType) { throw new WebServiceException(WebServiceErrorCode::$OPERATIONNOTSUPPORTED, "Permission to perform the operation is denied"); } $sessionManager = new SessionManager(); $sid = $sessionManager->startSession($sessionId); if (!isset($sessionId) || !$sessionManager->isValid()) { return $sessionManager->getError(); } $sessionManager->destroy(); // $sessionManager->setExpire(1); return array("message" => "successfull"); }
function vtws_loginportal($username, $password) { $uname = 'portal'; $user = new Users(); $userId = $user->retrieve_user_id($uname); if (empty($userId)) { throw new WebServiceException(WebServiceErrorCode::$INVALIDUSERPWD, "User {$uname} does not exist"); } global $adb, $log; $log->debug('Entering LoginPortal function with parameter username: '******'select id from vtiger_portalinfo inner join vtiger_customerdetails on vtiger_portalinfo.id=vtiger_customerdetails.customerid inner join vtiger_crmentity on vtiger_crmentity.crmid=vtiger_portalinfo.id where vtiger_crmentity.deleted=0 and user_name=? and user_password=? and isactive=1 and vtiger_customerdetails.portal=1', array($username, $password)); if ($ctors and $adb->num_rows($ctors) == 1) { $user = $user->retrieveCurrentUserInfoFromFile($userId); if ($user->status != 'Inactive') { $result = $adb->query("SELECT id FROM vtiger_ws_entity WHERE name = 'Users'"); $wsid = $adb->query_result($result, 0, 'id'); $accessinfo = vtws_getchallenge($uname); $sessionManager = new SessionManager(); $sid = $sessionManager->startSession(null, false); if (!$sid) { throw new WebServiceException(WebServiceErrorCode::$SESSIONIDINVALID, 'Could not create session'); } $sessionManager->set("authenticatedUserId", $userId); $accessinfo['sessionName'] = $sessionManager->getSessionId(); $accessinfo['user'] = array('id' => $wsid . 'x' . $userId, 'user_name' => $user->column_fields['user_name'], 'accesskey' => $user->column_fields['accesskey']); return $accessinfo; } else { throw new WebServiceException(WebServiceErrorCode::$AUTHREQUIRED, 'Given user is inactive'); } } throw new WebServiceException(WebServiceErrorCode::$AUTHREQUIRED, "Given contact is inactive"); }
if (isset($input['operation'])) { // Workaround fix for PHP 5.3.x: $_REQUEST doesn't have PHPSESSID if (isset($_REQUEST['PHPSESSID'])) { $sessionId = vtws_getParameter($_REQUEST, "PHPSESSID"); } else { // NOTE: Need to evaluate for possible security issues $sessionId = vtws_getParameter($_COOKIE, 'PHPSESSID'); } // END $adoptSession = true; } else { writeErrorOutput($operationManager, new WebServiceException(WebServiceErrorCode::$AUTHREQUIRED, "Authentication required")); return; } } $sid = $sessionManager->startSession($sessionId, $adoptSession); if (!$sessionId && !$operationManager->isPreLoginOperation()) { writeErrorOutput($operationManager, new WebServiceException(WebServiceErrorCode::$AUTHREQUIRED, "Authentication required")); return; } if (!$sid) { writeErrorOutput($operationManager, $sessionManager->getError()); return; } $userid = $sessionManager->get("authenticatedUserId"); if ($userid) { $seed_user = new Users(); $current_user = $seed_user->retrieveCurrentUserInfoFromFile($userid); } else { $current_user = null; }
<?php define('MUMPHPI_MAINDIR', '..'); define('MUMPHPI_SECTION', 'viewer'); // Start timer for execution time of script first require_once MUMPHPI_MAINDIR . '/classes/PHPStats.php'; PHPStats::scriptExecTimeStart(); require_once MUMPHPI_MAINDIR . '/classes/MessageManager.php'; require_once MUMPHPI_MAINDIR . '/classes/SettingsManager.php'; require_once MUMPHPI_MAINDIR . '/classes/DBManager.php'; require_once MUMPHPI_MAINDIR . '/classes/Logger.php'; require_once MUMPHPI_MAINDIR . '/classes/SessionManager.php'; SessionManager::startSession(); require_once MUMPHPI_MAINDIR . '/classes/TranslationManager.php'; require_once MUMPHPI_MAINDIR . '/classes/ServerInterface.php'; require_once MUMPHPI_MAINDIR . '/classes/HelperFunctions.php'; require_once MUMPHPI_MAINDIR . '/classes/TemplateManager.php'; require_once MUMPHPI_MAINDIR . '/classes/ServerViewer.php'; if (SettingsManager::getInstance()->isDebugMode()) { error_reporting(E_ALL); } // Check for running Ice with Murmur try { ServerInterface::getInstance(); } catch (Ice_UnknownLocalException $ex) { MessageManager::addError(tr('error_noIce')); MessageManager::echoAll(); exit; } if (isset($_GET['ajax'])) { require_once MUMPHPI_MAINDIR . '/ajax/' . MUMPHPI_SECTION . '.ajax.php';
} elseif (isset($_COOKIE[$sessionName])) { $sessionId = vtws_getParameter($_COOKIE, $sessionName); } elseif (isset($_REQUEST['PHPSESSID'])) { $sessionId = vtws_getParameter($_REQUEST, "PHPSESSID"); } else { // NOTE: Need to evaluate for possible security issues $sessionId = vtws_getParameter($_COOKIE, 'PHPSESSID'); } // END $adoptSession = true; } else { writeErrorOutput($operationManager, new WebServiceException(WebServiceErrorCode::$AUTHREQUIRED, "Authentication required")); return; } } $sid = $sessionManager->startSession($sessionId, $adoptSession, $sessionName); if (!$sessionId && !$operationManager->isPreLoginOperation()) { writeErrorOutput($operationManager, new WebServiceException(WebServiceErrorCode::$AUTHREQUIRED, "Authentication required")); return; } if (!$sid) { writeErrorOutput($operationManager, $sessionManager->getError()); return; } $userid = $sessionManager->get("authenticatedUserId"); if ($userid) { $seed_user = new Users(); $current_user = $seed_user->retrieveCurrentUserInfoFromFile($userid); } else { $current_user = null; }