if ($login) {
if ($login['attempt_failed'] >= ZBX_LOGIN_ATTEMPTS) {
sleep(ZBX_LOGIN_BLOCK);
}
switch (get_user_auth($login['userid'])) {
case GROUP_GUI_ACCESS_INTERNAL:
$authentication_type = ZBX_AUTH_INTERNAL;
break;
case GROUP_GUI_ACCESS_SYSTEM:
case GROUP_GUI_ACCESS_DISABLED:
default:
break;
}
switch ($authentication_type) {
case ZBX_AUTH_LDAP:
$login = ldap_authentication($name, get_request('password', ''));
break;
case ZBX_AUTH_HTTP:
$login = true;
break;
case ZBX_AUTH_INTERNAL:
default:
$alt_auth = ZBX_AUTH_INTERNAL;
$login = true;
}
}
if ($login) {
$login = $row = DBfetch(DBselect('SELECT u.userid,u.alias,u.name,u.surname,u.url,u.refresh,u.passwd ' . ' FROM users u, users_groups ug, usrgrp g ' . ' WHERE u.alias=' . zbx_dbstr($name) . (ZBX_AUTH_INTERNAL == $authentication_type ? ' AND u.passwd=' . zbx_dbstr($password) : '') . ' AND ' . DBin_node('u.userid', $ZBX_LOCALNODEID)));
}
/* update internal pass if it's different
if($login && ($row['passwd']!=$password) && (ZBX_AUTH_INTERNAL!=$authentication_type)){
}
show_messages($result, S_LDAP . SPACE . S_UPDATED, S_LDAP . SPACE . S_WAS_NOT . SPACE . S_UPDATED);
if ($result) {
add_audit(AUDIT_ACTION_UPDATE, AUDIT_RESOURCE_ZABBIX_CONFIG, S_LDAP);
}
} else {
if (isset($_REQUEST['test'])) {
$alias = get_request('user', $USER_DETAILS['alias']);
$passwd = get_request('user_password', '');
$config = select_config();
foreach ($config as $id => $value) {
if (isset($_REQUEST[$id])) {
$ldap_cnf[str_replace('ldap_', '', $id)] = $_REQUEST[$id];
}
}
$result = ldap_authentication($alias, $passwd, $ldap_cnf);
show_messages($result, S_LDAP . SPACE . S_LOGIN . SPACE . S_SUCCESSFUL_SMALL, S_LDAP . SPACE . S_LOGIN . SPACE . S_WAS_NOT . SPACE . S_SUCCESSFUL_SMALL);
}
}
} else {
if (ZBX_AUTH_HTTP == $_REQUEST['config']) {
if (isset($_REQUEST['save'])) {
if (ZBX_AUTH_HTTP == $_REQUEST['authentication_type']) {
$sql = 'SELECT COUNT(g.usrgrpid) as cnt_usrgrp FROM usrgrp g WHERE g.gui_access=' . GROUP_GUI_ACCESS_INTERNAL;
$res = DBfetch(DBselect($sql));
if ($res['cnt_usrgrp'] > 0) {
info('Exists [' . $res['cnt_usrgrp'] . '] groups with [' . S_INTERNAL_S . '] GUI access.');
}
}
$config = select_config();
$cur_auth_type = $config['authentication_type'];
function user_login($name, $passwd, $auth_type)
{
global $USER_DETAILS, $ZBX_LOCALNODEID;
$password = md5($passwd);
$sql = 'SELECT u.userid,u.attempt_failed, u.attempt_clock, u.attempt_ip ' . ' FROM users u ' . ' WHERE u.alias=' . zbx_dbstr($name);
//SQL to BLOCK attempts
// .' AND ( attempt_failed<'.ZBX_LOGIN_ATTEMPTS.
// ' OR (attempt_failed>'.(ZBX_LOGIN_ATTEMPTS-1).
// ' AND ('.time().'-attempt_clock)>'.ZBX_LOGIN_BLOCK.'))';
$login = $attempt = DBfetch(DBselect($sql));
if ($name != ZBX_GUEST_USER && zbx_empty($passwd)) {
$login = $attempt = false;
}
if ($login) {
if ($login['attempt_failed'] >= ZBX_LOGIN_ATTEMPTS) {
sleep(ZBX_LOGIN_BLOCK);
}
switch (get_user_auth($login['userid'])) {
case GROUP_GUI_ACCESS_INTERNAL:
$auth_type = ZBX_AUTH_INTERNAL;
break;
case GROUP_GUI_ACCESS_SYSTEM:
case GROUP_GUI_ACCESS_DISABLED:
default:
break;
}
switch ($auth_type) {
case ZBX_AUTH_LDAP:
$login = ldap_authentication($name, $passwd);
break;
case ZBX_AUTH_HTTP:
$login = true;
break;
case ZBX_AUTH_INTERNAL:
default:
$alt_auth = ZBX_AUTH_INTERNAL;
$login = true;
}
}
if ($login) {
$sql = 'SELECT u.userid,u.alias,u.name,u.surname,u.url,u.refresh,u.passwd ' . ' FROM users u, users_groups ug, usrgrp g ' . ' WHERE u.alias=' . zbx_dbstr($name) . (ZBX_AUTH_INTERNAL == $auth_type ? ' AND u.passwd=' . zbx_dbstr($password) : '') . ' AND ' . DBin_node('u.userid', $ZBX_LOCALNODEID);
$login = $user = DBfetch(DBselect($sql));
}
/* update internal pass if it's different
if($login && ($row['passwd']!=$password) && (ZBX_AUTH_INTERNAL!=$auth_type)){
DBexecute('UPDATE users SET passwd='.zbx_dbstr($password).' WHERE userid='.$row['userid']);
}
*/
if ($login) {
$login = check_perm2login($user['userid']) && check_perm2system($user['userid']);
}
if ($login) {
$sessionid = zbx_session_start($user['userid'], $name, $password);
add_audit(AUDIT_ACTION_LOGIN, AUDIT_RESOURCE_USER, 'Correct login [' . $name . ']');
if (empty($user['url'])) {
$user['url'] = get_profile('web.menu.view.last', 'index.php');
}
$USER_DETAILS = $user;
$login = $sessionid;
} else {
$user = NULL;
$_REQUEST['message'] = 'Login name or password is incorrect';
add_audit(AUDIT_ACTION_LOGIN, AUDIT_RESOURCE_USER, 'Login failed [' . $name . ']');
if ($attempt) {
$ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
$attempt['attempt_failed']++;
$sql = 'UPDATE users SET attempt_failed=' . $attempt['attempt_failed'] . ', attempt_clock=' . time() . ', attempt_ip=' . zbx_dbstr($ip) . ' WHERE userid=' . $attempt['userid'];
DBexecute($sql);
}
}
return $login;
}
