global $arrLangMenu; global $arrLang; $arrLang = array_merge($arrLang, $arrLangMenu); } $pdbACL = new paloDB($arrConf['elastix_dsn']['elastix']); $pACL = new paloACL($pdbACL); if (!empty($pACL->errMsg)) { echo "ERROR DE DB: {$pACL->errMsg} <br>"; } // Load smarty $smarty = getSmarty($arrConf['mainTheme']); //- 1) SUBMIT. Si se hizo submit en el formulario de ingreso //- autentico al usuario y lo ingreso a la sesion if (isset($_POST['submit_login']) and !empty($_POST['input_user'])) { $pass_md5 = md5(trim($_POST['input_pass'])); if ($pACL->authenticateUser($_POST['input_user'], $pass_md5)) { session_regenerate_id(TRUE); $_SESSION['elastix_user'] = trim($_POST['input_user']); $_SESSION['elastix_pass'] = $pass_md5; //fue necesario incluir esto aqui porque cuando te logueas en la interfaz //de usario final haces uso de esta variable $_SESSION['elastix_pass2'] = $_POST['input_pass']; header("Location: index.php"); writeLOG("audit.log", "LOGIN {$_POST['input_user']}: Web Interface login successful. Accepted password for {$_POST['input_user']} from {$_SERVER['REMOTE_ADDR']}."); update_theme(); exit; } else { $user = urlencode(substr($_POST['input_user'], 0, 20)); if (!$pACL->getIdUser($_POST['input_user'])) { // not exists user? writeLOG("audit.log", "LOGIN {$user}: Authentication Failure to Web Interface login. Invalid user {$user} from {$_SERVER['REMOTE_ADDR']}.");
/** * Function that verifies if the user in the variable $_SERVER['PHP_AUTH_USER'] is correctly authenticated * * @return boolean True if the authentication was successfully, or false if not */ public function authentication() { global $arrConf; // Obligar a pedir un usuario y contraseƱa de ACL if (!isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER'] == '') { $this->errorMSG["fc"] = 'UNAUTHORIZED'; $this->errorMSG["fm"] = 'Not authorized'; $this->errorMSG["fd"] = 'This method requires username/password authentication.'; $this->errorMSG["cn"] = get_class($this); return false; } $pDB = new paloDB($arrConf['elastix_dsn']['acl']); $pACL = new paloACL($pDB); if (!empty($pACL->errMsg)) { $this->errorMSG["fc"] = 'UNAUTHORIZED'; $this->errorMSG["fm"] = 'Authentication failed'; $this->errorMSG["fd"] = 'Unable to authenticate due to DB error: ' . $pACL->errMsg; $this->errorMSG["cn"] = get_class($this); return false; } if (!$pACL->authenticateUser($_SERVER['PHP_AUTH_USER'], md5($_SERVER['PHP_AUTH_PW']))) { $this->errorMSG["fc"] = 'UNAUTHORIZED'; $this->errorMSG["fm"] = 'Authentication failed'; $this->errorMSG["fd"] = 'Invalid username or password'; $this->errorMSG["cn"] = get_class($this); return false; } return true; }
function setUserPassword() { include_once "libs/paloSantoACL.class.php"; $old_pass = getParameter("oldPassword"); $new_pass = getParameter("newPassword"); $new_repass = getParameter("newRePassword"); $arrResult = array(); $arrResult['status'] = FALSE; if ($old_pass == "") { $arrResult['msg'] = _tr("Please write your current password."); return $arrResult; } if ($new_pass == "" || $new_repass == "") { $arrResult['msg'] = _tr("Please write the new password and confirm the new password."); return $arrResult; } if ($new_pass != $new_repass) { $arrResult['msg'] = _tr("The new password doesn't match with retype new password."); return $arrResult; } $user = isset($_SESSION['elastix_user']) ? $_SESSION['elastix_user'] : ""; global $arrConf; $pdbACL = new paloDB("sqlite3:///{$arrConf['elastix_dbdir']}/acl.db"); $pACL = new paloACL($pdbACL); $uid = $pACL->getIdUser($user); if ($uid === FALSE) { $arrResult['msg'] = _tr("Please your session id does not exist. Refresh the browser and try again."); } else { // verificando la clave vieja $val = $pACL->authenticateUser($user, md5($old_pass)); if ($val === TRUE) { $status = $pACL->changePassword($uid, md5($new_pass)); if ($status) { $arrResult['status'] = TRUE; $arrResult['msg'] = _tr("Elastix password has been changed."); $_SESSION['elastix_pass'] = md5($new_pass); } else { $arrResult['msg'] = _tr("Impossible to change your Elastix password."); } } else { $arrResult['msg'] = _tr("Impossible to change your Elastix password. User does not exist or password is wrong"); } } return $arrResult; }
session_start(); load_language(); $pDB = new paloDB($arrConf['elastix_dsn']['acl']); if (!empty($pDB->errMsg)) { echo "ERROR DE DB: {$pDB->errMsg} <br>"; } $pACL = new paloACL($pDB); if (!empty($pACL->errMsg)) { echo "ERROR DE DB: {$pACL->errMsg} <br>"; } // Load smarty $arrConf['mainTheme'] = load_theme($arrConf['basePath'] . "/"); $smarty = getSmarty($arrConf['mainTheme']); $pDBMenu = new paloDB($arrConf['elastix_dsn']['elastix']); // 2) Autentico usuario if (isset($_SESSION['elastix_user']) && isset($_SESSION['elastix_pass']) && $pACL->authenticateUser($_SESSION['elastix_user'], $_SESSION['elastix_pass']) or $developerMode == true) { $idUser = $pACL->getIdUser($_SESSION['elastix_user']); // rawmode es un modo de operacion que pasa directamente a la pantalla la salida // del modulo. Esto es util en ciertos casos. $rawmode = getParameter("rawmode"); if (isset($rawmode) && $rawmode == 'yes') { // Autorizacion si es usuario admin echo _moduleContent($smarty, $module); } } else { $smarty->assign("THEMENAME", $arrConf['mainTheme']); $smarty->assign("currentyear", date("Y")); $smarty->assign("PAGE_NAME", _tr('Login page')); $smarty->assign("WELCOME", _tr('Welcome to Elastix')); $smarty->assign("ENTER_USER_PASSWORD", _tr('Please enter your username and password')); $smarty->assign("USERNAME", _tr('Username'));
function setUserPassword() { global $arrConf; include_once "libs/paloSantoACL.class.php"; include_once "libs/paloSantoOrganization.class.php"; $old_pass = getParameter("oldPassword"); $new_pass = getParameter("newPassword"); $new_repass = getParameter("newRePassword"); $arrResult = array(); $arrResult['status'] = FALSE; if ($old_pass == "") { $arrResult['msg'] = _tr("Please write your current password."); return $arrResult; } if ($new_pass == "" || $new_repass == "") { $arrResult['msg'] = _tr("Please write the new password and confirm the new password."); return $arrResult; } if ($new_pass != $new_repass) { $arrResult['msg'] = _tr("The new password doesn't match with retype new password."); return $arrResult; } //verificamos que la nueva contraseƱa sea fuerte if (!isStrongPassword($new_pass)) { $arrResult['msg'] = _tr("The new password can not be empty. It must have at least 10 characters and contain digits, uppers and little case letters"); return $arrResult; } $user = isset($_SESSION['elastix_user']) ? $_SESSION['elastix_user'] : ""; $pDB = new paloDB($arrConf['elastix_dsn']['elastix']); $pACL = new paloACL($pDB); $uid = $pACL->getIdUser($user); if ($uid === FALSE) { $arrResult['msg'] = _tr("Please your session id does not exist. Refresh the browser and try again."); } else { // verificando la clave vieja $val = $pACL->authenticateUser($user, md5($old_pass)); if ($val === TRUE) { $pORG = new paloSantoOrganization($pDB); $status = $pORG->changeUserPassword($user, $new_pass); if ($status) { $arrResult['status'] = TRUE; $arrResult['msg'] = _tr("Elastix password has been changed."); $_SESSION['elastix_pass'] = md5($new_pass); $_SESSION['elastix_pass2'] = $new_pass; } else { $arrResult['msg'] = _tr("Impossible to change your Elastix password.") . " " . $pORG->errMsg; } } else { $arrResult['msg'] = _tr("Impossible to change your Elastix password. User does not exist or password is wrong"); } } return $arrResult; }
header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: Basic realm="ElastixWebService"'); $json->set_status("ERROR"); $json->set_error("This method requires authentication"); echo $json->createJSON(); exit; } $pACL = new paloACL($arrConf['elastix_dsn']['acl']); if (!empty($pACL->errMsg)) { header("HTTP/1.1 500 Internal Server Error"); $json->set_status("ERROR"); $json->set_error("Unable to authenticate due to DB error: " . $pACL->errMsg); echo $json->createJSON(); exit; } if (!$pACL->authenticateUser($_SERVER['PHP_AUTH_USER'], md5($_SERVER['PHP_AUTH_PW']))) { header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: Basic realm="ElastixWebService"'); $json->set_status("ERROR"); $json->set_error("Invalid username or password"); echo $json->createJSON(); exit; } /*************End of authentication*******************************************/ //Verifico si se ha pasado una ruta hacia un recurso if (!isset($_SERVER["PATH_INFO"])) { header('HTTP/1.1 400 Bad Request'); $json->set_status("ERROR"); $json->set_error("You need to specify a menu id"); echo $json->createJSON(); exit;
if (isset($_SESSION['elastix_user']) && isset($_SESSION['elastix_pass'])) { $auth_user = $_SESSION['elastix_user']; $auth_md5pass = $_SESSION['elastix_pass']; $_SERVER['PHP_AUTH_USER'] = $_SESSION['elastix_user']; } elseif (isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_USER'] != '') { $auth_user = $_SERVER['PHP_AUTH_USER']; $auth_md5pass = md5($_SERVER['PHP_AUTH_PW']); } else { header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: Basic realm="ElastixWebService"'); $json->set_status("ERROR"); $json->set_error("This method requires authentication"); echo $json->createJSON(); exit; } if (!$pACL->authenticateUser($auth_user, $auth_md5pass)) { header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: Basic realm="ElastixWebService"'); $json->set_status("ERROR"); $json->set_error("Invalid username or password"); echo $json->createJSON(); exit; } /*************End of authentication*******************************************/ //Verifico si se ha pasado una ruta hacia un recurso if (!isset($_SERVER["PATH_INFO"])) { header('HTTP/1.1 400 Bad Request'); $json->set_status("ERROR"); $json->set_error("You need to specify a menu id"); echo $json->createJSON(); exit;