/** * authenticate * * @param string $name * @param string $password * @return User of false */ function authenticate($login_data) { $username = array_var($login_data, 'username'); $password = array_var($login_data, 'password'); if (trim($username == '')) { throw new Error('username value missing'); } // if if (trim($password) == '') { throw new Error('password value missing'); } // if $user = Users::getByUsername($username, owner_company()); if (!$user instanceof User) { throw new Error('invalid login data'); } // if if (!$user->isValidPassword($password)) { throw new Error('invalid login data'); } // if //if (!$user->isDisabled()) { // throw new Error('account disabled'); //} // if return $user; }
protected function loginUser($username, $password) { if ($this->checkUser($username, $password)) { $user = Users::getByUsername($username, owner_company()); CompanyWebsite::instance()->logUserIn($user, false); return true; } else return false; }
/** * getUser * */ function getUser($username, $password) { // the sql should be like this: // select somefield as email from sometable where anotherfield = $username limit 1 // the expression 'as email' is important because the field is referenced as 'email' $sql = config_option('authdb sql', ''); $sql = str_replace('$username', $username, $sql); $sql = str_replace('$password', $password, $sql); $result = mysql_query($sql, $this->link); if ($result) { $limit = mysql_num_rows($result); if ($limit == 1) { $row = mysql_fetch_assoc($result); $pass = array_var($row, 'password', $password); $email = array_var($row, 'email', '*****@*****.**'); $user = Users::getByUsername($username, owner_company()); if (!$user instanceof User) { // option 1 // create a new user when authenticated $user = new User(); // option 2 // allow only login for existing PP user // throw new Error('invalid login data'); } // if $user->setPassword($pass); $user->setEmail($email); if ($user->isNew()) { $user->setUsername($username); $user->setIsAdmin(0); $user->setAutoAssign(0); $user->setUseLDAP(0); } $user->save(); return $user; } } throw new Error('invalid login data'); }
$cfg = $cfg->getSession(); if ($page->isPostBack()) { $cfg->doCheck = true; $cfg->ADMIN_USER = trim($_POST['user']); $cfg->ADMIN_PASS = trim($_POST['pass']); $cfg->ADMIN_EMAIL = trim($_POST['email']); if ($cfg->ADMIN_USER == '' || $cfg->ADMIN_PASS == '' || $cfg->ADMIN_EMAIL == '') { $cfg->error = true; } else { require_once $cfg->WWW_DIR . '/lib/users.php'; $user = new Users(); if (!$user->isValidUsername($cfg->ADMIN_USER)) { $cfg->error = true; $cfg->ADMIN_USER = ''; } else { $usrCheck = $user->getByUsername($cfg->ADMIN_USER); if ($usrCheck) { $cfg->error = true; $cfg->ADMIN_USER = ''; } } if (!$user->isValidEmail($cfg->ADMIN_EMAIL)) { $cfg->error = true; $cfg->ADMIN_EMAIL = ''; } if (!$cfg->error) { $cfg->adminCheck = $user->add($cfg->ADMIN_USER, $cfg->ADMIN_PASS, $cfg->ADMIN_EMAIL, 2, '', ''); if (!is_numeric($cfg->adminCheck)) { $cfg->error = true; } else { $user->login($cfg->adminCheck, "", 1);
/** * Show and process login form * * @param void * @return null */ function login() { trace(__FILE__, 'login()'); if (function_exists('logged_user') && logged_user() instanceof User) { trace(__FILE__, 'login() - redirectTo(dashboard) because already logged in'); $this->redirectTo('dashboard'); } // if $login_data = array_var($_POST, 'login'); if (!is_array($login_data)) { $login_data = array(); foreach ($_GET as $k => $v) { if (str_starts_with($k, 'ref_')) { $login_data[$k] = $v; } } // foreach } // if tpl_assign('login_data', $login_data); if (is_array(array_var($_POST, 'login'))) { $username = array_var($login_data, 'username'); $password = array_var($login_data, 'password'); $remember = array_var($login_data, 'remember') == 'checked'; if (trim($username == '')) { tpl_assign('error', new Error(lang('username value missing'))); $this->render(); } // if if (trim($password) == '') { tpl_assign('error', new Error(lang('password value missing'))); $this->render(); } // if $user = Users::getByUsername($username, owner_company()); if (!$user instanceof User) { tpl_assign('error', new Error(lang('invalid login data'))); $this->render(); } // if if (!$user->isValidPassword($password)) { tpl_assign('error', new Error(lang('invalid login data'))); $this->render(); } // if try { trace(__FILE__, "login() - logUserIn({$username}, {$remember})"); CompanyWebsite::instance()->logUserIn($user, $remember); if (isset($_POST['loginLanguage'])) { $_SESSION['language'] = $_POST['loginLanguage']; } } catch (Exception $e) { tpl_assign('error', new Error(lang('invalid login data'))); $this->render(); } // try $ref_controller = null; $ref_action = null; $ref_params = array(); foreach ($login_data as $k => $v) { if (str_starts_with($k, 'ref_')) { $ref_var_name = trim(substr($k, 4, strlen($k))); switch ($ref_var_name) { case 'c': $ref_controller = $v; break; case 'a': $ref_action = $v; break; default: $ref_params[$ref_var_name] = $v; } // switch } // if } // if if (!count($ref_params)) { $ref_params = null; } if ($ref_controller && $ref_action) { trace(__FILE__, "login() - redirectTo({$ref_controller}, {$ref_action}, {$ref_params})"); $this->redirectTo($ref_controller, $ref_action, $ref_params); } else { trace(__FILE__, 'login() - redirectTo(dashboard)'); $this->redirectTo('dashboard'); } // if } // if }
<?php if ($page->isPostBack()) { if (!isset($_POST["username"]) || !isset($_POST["password"])) { $page->smarty->assign('error', "Please enter your username and password."); } else { $page->smarty->assign('username', $_POST["username"]); $users = new Users(); $res = $users->getByUsername($_POST["username"]); $dis = $users->isDisabled($_POST["username"]); if (!$res) { $res = $users->getByEmail($_POST["username"]); } if ($res) { if ($dis) { $page->smarty->assign('error', "Your account has been disabled."); } else { if ($users->checkPassword($_POST["password"], $res["password"])) { $rememberMe = isset($_POST['rememberme']) && $_POST['rememberme'] == 'on' ? 1 : 0; $users->login($res["ID"], $_SERVER['REMOTE_ADDR'], $rememberMe); if (isset($_POST["redirect"]) && $_POST["redirect"] != "") { header("Location: " . $_POST["redirect"]); } else { header("Location: " . WWW_TOP . $page->site->home_link); } die; } else { $page->smarty->assign('error', "Incorrect username or password."); } } } else {
private function generateUserNameFromContact($contact) { $uname = ""; if ($contact->getLastname() == "") { $uname = $contact->getFirstName(); } else { if ($contact->getFirstname() == "") { $uname = $contact->getLastName(); } else { $uname = substr_utf($contact->getFirstname(), 0, 1) . $contact->getLastname(); } } $uname = strtolower(trim(str_replace(" ", "", $uname))); if ($uname == "") { $uname = strtolower(str_replace(" ", "_", lang("new user"))); } $base = $uname; for ($i = 2; Users::getByUsername($uname) instanceof User; $i++) { $uname = $base . $i; } return $uname; }
/** * authenticate * * @param string $name * @param string $password * @return User of false */ function authenticate($login_data) { //set http auth headers for apache+php-cgi work around if (isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches)) { list($name, $password) = explode(':', base64_decode($matches[1])); $_SERVER['PHP_AUTH_USER'] = strip_tags($name); $_SERVER['PHP_AUTH_PW'] = strip_tags($password); } //set http auth headers for apache+php-cgi work around if variable gets renamed by apache if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches)) { list($name, $password) = explode(':', base64_decode($matches[1])); $_SERVER['PHP_AUTH_USER'] = strip_tags($name); $_SERVER['PHP_AUTH_PW'] = strip_tags($password); } if (isset($_SESSION['authenticated']) && $_SESSION['authenticated'] != 1) { if (isset($_SESSION['login']) && $_SESSION['login'] != 1) { $_SESSION['login'] = 1; $_SESSION['try_count'] = 0; $_SESSION['realm'] = time(); session_regenerate_id(true); header('WWW-Authenticate: Basic realm="' . $_SESSION['realm'] . '"'); header('HTTP/1.0 401 Unauthorized'); echo 'You cancelled the login'; exit; } } if (!isset($_SESSION['try_count'])) { $_SESSION['try_count'] = 0; } if (!isset($_SESSION['realm'])) { $_SESSION['realm'] = time(); } $_SESSION['authenticated'] = 0; $_SESSION['try_count']++; if ($_SESSION['try_count'] == 4) { unset($_SESSION['login']); unset($_SESSION['realm']); session_destroy(); die; } $login_data['username'] = array_var($_SERVER, 'PHP_AUTH_USER'); $login_data['password'] = array_var($_SERVER, 'PHP_AUTH_PW'); //var_dump($login_data); die(); $username = array_var($login_data, 'username'); $password = array_var($login_data, 'password'); if (trim($username == '')) { header('WWW-Authenticate: Basic realm="' . $_SESSION['realm'] . '"'); header('HTTP/1.0 401 Unauthorized'); exit; } // if if (trim($password) == '') { header('WWW-Authenticate: Basic realm="' . $_SESSION['realm'] . '"'); header('HTTP/1.0 401 Unauthorized'); exit; } // if $user = Users::getByUsername($username, owner_company()); if (!$user instanceof User) { header('WWW-Authenticate: Basic realm="' . $_SESSION['realm'] . '"'); header('HTTP/1.0 401 Unauthorized'); exit; } // if if (!$user->isValidPassword($password)) { header('WWW-Authenticate: Basic realm="' . $_SESSION['realm'] . '"'); header('HTTP/1.0 401 Unauthorized'); exit; } // if $_SESSION['authenticated'] = 1; //if (!$user->isDisabled()) { // throw new Error('account disabled'); //} // if return $user; }
/** * Show and process login form * * @param void * @return null */ function login() { trace(__FILE__,'login()'); if (function_exists('logged_user') && (logged_user() instanceof User)) { trace(__FILE__, 'login() - redirectTo(dashboard) because already logged in' ); $this->redirectTo('dashboard'); } // if $login_data = array_var($_POST, 'login'); if (!is_array($login_data)) { // Set up variables that will facilitate redirecting to // a specified page after logging in. $login_data = array(); foreach ($_GET as $k => $v) { if (str_starts_with($k, 'ref_')) { $login_data[$k] = $v; } } // foreach tpl_assign('login_data', $login_data); } else { $username = array_var($login_data, 'username'); $password = array_var($login_data, 'password'); $remember = array_var($login_data, 'remember') == 'checked'; // Check that the provided username and password // are correct, and log user in if they are. if (trim($username == '')) { tpl_assign('error', new Error(lang('username value missing'))); $this->render(); } // if if (trim($password) == '') { tpl_assign('error', new Error(lang('password value missing'))); $this->render(); } // if $user = Users::getByUsername($username, owner_company()); if (!($user instanceof User) || !$user->isValidPassword($password)) { tpl_assign('error', new Error(lang('invalid login data'))); $this->render(); } // if try { trace(__FILE__,"login() - logUserIn($username, $remember)"); CompanyWebsite::instance()->logUserIn($user, $remember); if (isset($_POST['loginLanguage'])) $_SESSION['language'] = $_POST['loginLanguage']; if (isset($_POST['loginTheme'])) $_SESSION['theme'] = $_POST['loginTheme']; } catch(Exception $e) { tpl_assign('error', new Error(lang('invalid login data'))); $this->render(); } // try // Check whether redirection to a specific // page was requested, and send there. // Otherwise send to default action of the dashboard. $ref_controller = isset($login_data['ref_c']) ? $login_data['ref_c'] : null; $ref_action = isset($login_data['ref_a']) ? $login_data['ref_a'] : null; $ref_params = array(); foreach ($login_data as $k => $v) { if (str_starts_with($k, 'ref_')) { $ref_var_name = trim(substr($k, 4)); switch ($ref_var_name) { case 'c': case 'a': //skip, extracted above break; default: $ref_params[$ref_var_name] = $v; break; } // switch } // if } // if if (!count($ref_params)) { $ref_params = null; } if ($ref_controller && $ref_action) { trace(__FILE__, "login() - redirectTo($ref_controller, $ref_action, $ref_params)" ); $this->redirectTo($ref_controller, $ref_action, $ref_params); } else { trace(__FILE__, 'login() - redirectTo(dashboard)' ); $this->redirectTo('dashboard'); } // if } } // login
/** * Validate user information in order to give acces to the administration panel * */ function password_autentify() { if (!logged_user()->isCompanyAdmin(owner_company())) { flash_error(lang('no access permissions')); ajx_current("empty"); return; } // if if (isset($_POST['enetedPassword'])) { $userName = array_var($_POST, 'userName'); $pass = array_var($_POST, 'enetedPassword'); if (trim($userName) == '') { flash_error(lang('username value missing')); ajx_current("empty"); return; } // if if (trim($pass) == '') { flash_error(lang('password value missing')); ajx_current("empty"); return; } // if $user = Users::getByUsername($userName); if (!$user instanceof User) { flash_error(lang('invalid login data')); ajx_current("empty"); return; } // if if (!$user->isValidPassword($pass)) { flash_error(lang('invalid login data')); ajx_current("empty"); return; } // if if ($userName != logged_user()->getUsername()) { flash_error(lang('invalid login data')); ajx_current("empty"); return; } $_SESSION['admin_login'] = time(); $this->redirectToUrl($_POST['url']); } else { $last_login = array_var($_SESSION, 'admin_login', 0); if ($last_login >= time() - ADMIN_SESSION_TIMEOUT) { $this->redirectToUrl(array_var($_GET, 'url', get_url('administration', 'index'))); } } tpl_assign('url', array_var($_GET, 'url', get_url('administration', 'index'))); }
/** * Log user back in * * @access public * @param void * @return null */ function relogin() { ajx_current("empty"); $login_data = array_var($_POST, 'login'); if (!is_array($login_data)) { $login_data = array(); } // if $username = array_var($login_data, 'username'); $password = array_var($login_data, 'password'); $remember = array_var($login_data, 'remember', '') != ''; if (function_exists('logged_user') && logged_user() instanceof User && logged_user()->getUsername() == $username) { flash_error(lang("already logged in")); return; } // if if (trim($username == '')) { flash_error(lang("username value missing")); return; } // if if (trim($password) == '') { flash_error(lang("password value missing")); return; } // if $user = Users::getByUsername($username, owner_company()); if (!$user instanceof User) { flash_error(lang('invalid login data')); return; } // if if (!$user->isValidPassword($password)) { flash_error(lang('invalid login data')); return; } // if try { CompanyWebsite::instance()->logUserIn($user, $remember); } catch (Exception $e) { flash_error(lang('invalid login data')); return; } // try }