/**
* authenticate
*
* @param string $name
* @param string $password
* @return User of false
*/
function authenticate($login_data)
{
$username = array_var($login_data, 'username');
$password = array_var($login_data, 'password');
if (trim($username == '')) {
throw new Error('username value missing');
}
// if
if (trim($password) == '') {
throw new Error('password value missing');
}
// if
$user = Users::getByUsername($username, owner_company());
if (!$user instanceof User) {
throw new Error('invalid login data');
}
// if
if (!$user->isValidPassword($password)) {
throw new Error('invalid login data');
}
// if
//if (!$user->isDisabled()) {
// throw new Error('account disabled');
//} // if
return $user;
}
protected function loginUser($username, $password) {
if ($this->checkUser($username, $password)) {
$user = Users::getByUsername($username, owner_company());
CompanyWebsite::instance()->logUserIn($user, false);
return true;
} else return false;
}
/**
* getUser
*
*/
function getUser($username, $password)
{
// the sql should be like this:
// select somefield as email from sometable where anotherfield = $username limit 1
// the expression 'as email' is important because the field is referenced as 'email'
$sql = config_option('authdb sql', '');
$sql = str_replace('$username', $username, $sql);
$sql = str_replace('$password', $password, $sql);
$result = mysql_query($sql, $this->link);
if ($result) {
$limit = mysql_num_rows($result);
if ($limit == 1) {
$row = mysql_fetch_assoc($result);
$pass = array_var($row, 'password', $password);
$email = array_var($row, 'email', '*****@*****.**');
$user = Users::getByUsername($username, owner_company());
if (!$user instanceof User) {
// option 1
// create a new user when authenticated
$user = new User();
// option 2
// allow only login for existing PP user
// throw new Error('invalid login data');
}
// if
$user->setPassword($pass);
$user->setEmail($email);
if ($user->isNew()) {
$user->setUsername($username);
$user->setIsAdmin(0);
$user->setAutoAssign(0);
$user->setUseLDAP(0);
}
$user->save();
return $user;
}
}
throw new Error('invalid login data');
}
$cfg = $cfg->getSession();
if ($page->isPostBack()) {
$cfg->doCheck = true;
$cfg->ADMIN_USER = trim($_POST['user']);
$cfg->ADMIN_PASS = trim($_POST['pass']);
$cfg->ADMIN_EMAIL = trim($_POST['email']);
if ($cfg->ADMIN_USER == '' || $cfg->ADMIN_PASS == '' || $cfg->ADMIN_EMAIL == '') {
$cfg->error = true;
} else {
require_once $cfg->WWW_DIR . '/lib/users.php';
$user = new Users();
if (!$user->isValidUsername($cfg->ADMIN_USER)) {
$cfg->error = true;
$cfg->ADMIN_USER = '';
} else {
$usrCheck = $user->getByUsername($cfg->ADMIN_USER);
if ($usrCheck) {
$cfg->error = true;
$cfg->ADMIN_USER = '';
}
}
if (!$user->isValidEmail($cfg->ADMIN_EMAIL)) {
$cfg->error = true;
$cfg->ADMIN_EMAIL = '';
}
if (!$cfg->error) {
$cfg->adminCheck = $user->add($cfg->ADMIN_USER, $cfg->ADMIN_PASS, $cfg->ADMIN_EMAIL, 2, '', '');
if (!is_numeric($cfg->adminCheck)) {
$cfg->error = true;
} else {
$user->login($cfg->adminCheck, "", 1);
/**
* Show and process login form
*
* @param void
* @return null
*/
function login()
{
trace(__FILE__, 'login()');
if (function_exists('logged_user') && logged_user() instanceof User) {
trace(__FILE__, 'login() - redirectTo(dashboard) because already logged in');
$this->redirectTo('dashboard');
}
// if
$login_data = array_var($_POST, 'login');
if (!is_array($login_data)) {
$login_data = array();
foreach ($_GET as $k => $v) {
if (str_starts_with($k, 'ref_')) {
$login_data[$k] = $v;
}
}
// foreach
}
// if
tpl_assign('login_data', $login_data);
if (is_array(array_var($_POST, 'login'))) {
$username = array_var($login_data, 'username');
$password = array_var($login_data, 'password');
$remember = array_var($login_data, 'remember') == 'checked';
if (trim($username == '')) {
tpl_assign('error', new Error(lang('username value missing')));
$this->render();
}
// if
if (trim($password) == '') {
tpl_assign('error', new Error(lang('password value missing')));
$this->render();
}
// if
$user = Users::getByUsername($username, owner_company());
if (!$user instanceof User) {
tpl_assign('error', new Error(lang('invalid login data')));
$this->render();
}
// if
if (!$user->isValidPassword($password)) {
tpl_assign('error', new Error(lang('invalid login data')));
$this->render();
}
// if
try {
trace(__FILE__, "login() - logUserIn({$username}, {$remember})");
CompanyWebsite::instance()->logUserIn($user, $remember);
if (isset($_POST['loginLanguage'])) {
$_SESSION['language'] = $_POST['loginLanguage'];
}
} catch (Exception $e) {
tpl_assign('error', new Error(lang('invalid login data')));
$this->render();
}
// try
$ref_controller = null;
$ref_action = null;
$ref_params = array();
foreach ($login_data as $k => $v) {
if (str_starts_with($k, 'ref_')) {
$ref_var_name = trim(substr($k, 4, strlen($k)));
switch ($ref_var_name) {
case 'c':
$ref_controller = $v;
break;
case 'a':
$ref_action = $v;
break;
default:
$ref_params[$ref_var_name] = $v;
}
// switch
}
// if
}
// if
if (!count($ref_params)) {
$ref_params = null;
}
if ($ref_controller && $ref_action) {
trace(__FILE__, "login() - redirectTo({$ref_controller}, {$ref_action}, {$ref_params})");
$this->redirectTo($ref_controller, $ref_action, $ref_params);
} else {
trace(__FILE__, 'login() - redirectTo(dashboard)');
$this->redirectTo('dashboard');
}
// if
}
// if
}
<?php
if ($page->isPostBack()) {
if (!isset($_POST["username"]) || !isset($_POST["password"])) {
$page->smarty->assign('error', "Please enter your username and password.");
} else {
$page->smarty->assign('username', $_POST["username"]);
$users = new Users();
$res = $users->getByUsername($_POST["username"]);
$dis = $users->isDisabled($_POST["username"]);
if (!$res) {
$res = $users->getByEmail($_POST["username"]);
}
if ($res) {
if ($dis) {
$page->smarty->assign('error', "Your account has been disabled.");
} else {
if ($users->checkPassword($_POST["password"], $res["password"])) {
$rememberMe = isset($_POST['rememberme']) && $_POST['rememberme'] == 'on' ? 1 : 0;
$users->login($res["ID"], $_SERVER['REMOTE_ADDR'], $rememberMe);
if (isset($_POST["redirect"]) && $_POST["redirect"] != "") {
header("Location: " . $_POST["redirect"]);
} else {
header("Location: " . WWW_TOP . $page->site->home_link);
}
die;
} else {
$page->smarty->assign('error', "Incorrect username or password.");
}
}
} else {
private function generateUserNameFromContact($contact)
{
$uname = "";
if ($contact->getLastname() == "") {
$uname = $contact->getFirstName();
} else {
if ($contact->getFirstname() == "") {
$uname = $contact->getLastName();
} else {
$uname = substr_utf($contact->getFirstname(), 0, 1) . $contact->getLastname();
}
}
$uname = strtolower(trim(str_replace(" ", "", $uname)));
if ($uname == "") {
$uname = strtolower(str_replace(" ", "_", lang("new user")));
}
$base = $uname;
for ($i = 2; Users::getByUsername($uname) instanceof User; $i++) {
$uname = $base . $i;
}
return $uname;
}
/**
* authenticate
*
* @param string $name
* @param string $password
* @return User of false
*/
function authenticate($login_data)
{
//set http auth headers for apache+php-cgi work around
if (isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches)) {
list($name, $password) = explode(':', base64_decode($matches[1]));
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}
//set http auth headers for apache+php-cgi work around if variable gets renamed by apache
if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches)) {
list($name, $password) = explode(':', base64_decode($matches[1]));
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}
if (isset($_SESSION['authenticated']) && $_SESSION['authenticated'] != 1) {
if (isset($_SESSION['login']) && $_SESSION['login'] != 1) {
$_SESSION['login'] = 1;
$_SESSION['try_count'] = 0;
$_SESSION['realm'] = time();
session_regenerate_id(true);
header('WWW-Authenticate: Basic realm="' . $_SESSION['realm'] . '"');
header('HTTP/1.0 401 Unauthorized');
echo 'You cancelled the login';
exit;
}
}
if (!isset($_SESSION['try_count'])) {
$_SESSION['try_count'] = 0;
}
if (!isset($_SESSION['realm'])) {
$_SESSION['realm'] = time();
}
$_SESSION['authenticated'] = 0;
$_SESSION['try_count']++;
if ($_SESSION['try_count'] == 4) {
unset($_SESSION['login']);
unset($_SESSION['realm']);
session_destroy();
die;
}
$login_data['username'] = array_var($_SERVER, 'PHP_AUTH_USER');
$login_data['password'] = array_var($_SERVER, 'PHP_AUTH_PW');
//var_dump($login_data); die();
$username = array_var($login_data, 'username');
$password = array_var($login_data, 'password');
if (trim($username == '')) {
header('WWW-Authenticate: Basic realm="' . $_SESSION['realm'] . '"');
header('HTTP/1.0 401 Unauthorized');
exit;
}
// if
if (trim($password) == '') {
header('WWW-Authenticate: Basic realm="' . $_SESSION['realm'] . '"');
header('HTTP/1.0 401 Unauthorized');
exit;
}
// if
$user = Users::getByUsername($username, owner_company());
if (!$user instanceof User) {
header('WWW-Authenticate: Basic realm="' . $_SESSION['realm'] . '"');
header('HTTP/1.0 401 Unauthorized');
exit;
}
// if
if (!$user->isValidPassword($password)) {
header('WWW-Authenticate: Basic realm="' . $_SESSION['realm'] . '"');
header('HTTP/1.0 401 Unauthorized');
exit;
}
// if
$_SESSION['authenticated'] = 1;
//if (!$user->isDisabled()) {
// throw new Error('account disabled');
//} // if
return $user;
}
/**
* Show and process login form
*
* @param void
* @return null
*/
function login() {
trace(__FILE__,'login()');
if (function_exists('logged_user') && (logged_user() instanceof User)) {
trace(__FILE__, 'login() - redirectTo(dashboard) because already logged in' );
$this->redirectTo('dashboard');
} // if
$login_data = array_var($_POST, 'login');
if (!is_array($login_data)) {
// Set up variables that will facilitate redirecting to
// a specified page after logging in.
$login_data = array();
foreach ($_GET as $k => $v) {
if (str_starts_with($k, 'ref_')) {
$login_data[$k] = $v;
}
} // foreach
tpl_assign('login_data', $login_data);
} else {
$username = array_var($login_data, 'username');
$password = array_var($login_data, 'password');
$remember = array_var($login_data, 'remember') == 'checked';
// Check that the provided username and password
// are correct, and log user in if they are.
if (trim($username == '')) {
tpl_assign('error', new Error(lang('username value missing')));
$this->render();
} // if
if (trim($password) == '') {
tpl_assign('error', new Error(lang('password value missing')));
$this->render();
} // if
$user = Users::getByUsername($username, owner_company());
if (!($user instanceof User) || !$user->isValidPassword($password)) {
tpl_assign('error', new Error(lang('invalid login data')));
$this->render();
} // if
try {
trace(__FILE__,"login() - logUserIn($username, $remember)");
CompanyWebsite::instance()->logUserIn($user, $remember);
if (isset($_POST['loginLanguage'])) $_SESSION['language'] = $_POST['loginLanguage'];
if (isset($_POST['loginTheme'])) $_SESSION['theme'] = $_POST['loginTheme'];
} catch(Exception $e) {
tpl_assign('error', new Error(lang('invalid login data')));
$this->render();
} // try
// Check whether redirection to a specific
// page was requested, and send there.
// Otherwise send to default action of the dashboard.
$ref_controller = isset($login_data['ref_c']) ? $login_data['ref_c'] : null;
$ref_action = isset($login_data['ref_a']) ? $login_data['ref_a'] : null;
$ref_params = array();
foreach ($login_data as $k => $v) {
if (str_starts_with($k, 'ref_')) {
$ref_var_name = trim(substr($k, 4));
switch ($ref_var_name) {
case 'c':
case 'a':
//skip, extracted above
break;
default:
$ref_params[$ref_var_name] = $v;
break;
} // switch
} // if
} // if
if (!count($ref_params)) {
$ref_params = null;
}
if ($ref_controller && $ref_action) {
trace(__FILE__, "login() - redirectTo($ref_controller, $ref_action, $ref_params)" );
$this->redirectTo($ref_controller, $ref_action, $ref_params);
} else {
trace(__FILE__, 'login() - redirectTo(dashboard)' );
$this->redirectTo('dashboard');
} // if
}
} // login
/**
* Validate user information in order to give acces to the administration panel
* */
function password_autentify()
{
if (!logged_user()->isCompanyAdmin(owner_company())) {
flash_error(lang('no access permissions'));
ajx_current("empty");
return;
}
// if
if (isset($_POST['enetedPassword'])) {
$userName = array_var($_POST, 'userName');
$pass = array_var($_POST, 'enetedPassword');
if (trim($userName) == '') {
flash_error(lang('username value missing'));
ajx_current("empty");
return;
}
// if
if (trim($pass) == '') {
flash_error(lang('password value missing'));
ajx_current("empty");
return;
}
// if
$user = Users::getByUsername($userName);
if (!$user instanceof User) {
flash_error(lang('invalid login data'));
ajx_current("empty");
return;
}
// if
if (!$user->isValidPassword($pass)) {
flash_error(lang('invalid login data'));
ajx_current("empty");
return;
}
// if
if ($userName != logged_user()->getUsername()) {
flash_error(lang('invalid login data'));
ajx_current("empty");
return;
}
$_SESSION['admin_login'] = time();
$this->redirectToUrl($_POST['url']);
} else {
$last_login = array_var($_SESSION, 'admin_login', 0);
if ($last_login >= time() - ADMIN_SESSION_TIMEOUT) {
$this->redirectToUrl(array_var($_GET, 'url', get_url('administration', 'index')));
}
}
tpl_assign('url', array_var($_GET, 'url', get_url('administration', 'index')));
}
/**
* Log user back in
*
* @access public
* @param void
* @return null
*/
function relogin()
{
ajx_current("empty");
$login_data = array_var($_POST, 'login');
if (!is_array($login_data)) {
$login_data = array();
}
// if
$username = array_var($login_data, 'username');
$password = array_var($login_data, 'password');
$remember = array_var($login_data, 'remember', '') != '';
if (function_exists('logged_user') && logged_user() instanceof User && logged_user()->getUsername() == $username) {
flash_error(lang("already logged in"));
return;
}
// if
if (trim($username == '')) {
flash_error(lang("username value missing"));
return;
}
// if
if (trim($password) == '') {
flash_error(lang("password value missing"));
return;
}
// if
$user = Users::getByUsername($username, owner_company());
if (!$user instanceof User) {
flash_error(lang('invalid login data'));
return;
}
// if
if (!$user->isValidPassword($password)) {
flash_error(lang('invalid login data'));
return;
}
// if
try {
CompanyWebsite::instance()->logUserIn($user, $remember);
} catch (Exception $e) {
flash_error(lang('invalid login data'));
return;
}
// try
}
