/** * Validate the user session based on user name and password hash. * * @param string $user_name -- The user name to create a session for * @param string $password -- The MD5 sum of the user's password * @return true -- If the session is created * @return false -- If the session is not created */ function validate_user($user_name, $password) { global $server, $current_user, $sugar_config, $system_config; $user = new User(); $user->user_name = $user_name; $system_config = new Administration(); $system_config->retrieveSettings('system'); $authController = new AuthenticationController(); // Check to see if the user name and password are consistent. if ($user->authenticate_user($password)) { // we also need to set the current_user. $user->retrieve($user->id); $current_user = $user; login_success(); return true; } else { if (function_exists('mcrypt_cbc')) { $password = decrypt_string($password); if ($authController->login($user_name, $password) && isset($_SESSION['authenticated_user_id'])) { $user->retrieve($_SESSION['authenticated_user_id']); $current_user = $user; login_success(); return true; } } else { $GLOBALS['log']->fatal("SECURITY: failed attempted login for {$user_name} using SOAP api"); $server->setError("Invalid username and/or password"); return false; } } }
/** * Validate the provided session information is correct and current. Load the session. * * @param String $session_id -- The session ID that was returned by a call to login. * @return true -- If the session is valid and loaded. * @return false -- if the session is not valid. */ function validate_authenticated($session_id) { if (!empty($session_id)) { session_id($session_id); session_start(); if (!empty($_SESSION['is_valid_session']) && is_valid_ip_address('ip_address') && $_SESSION['type'] == 'user') { global $current_user; $current_user = new User(); $current_user->retrieve($_SESSION['user_id']); login_success(); return true; } session_destroy(); } LogicHook::initialize(); $GLOBALS['log']->fatal('SECURITY: The session ID is invalid'); $GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed'); return false; }
$token = uniqid(); setcookie("roll", $roll); setcookie("token", $token); $login_query = 'update students set token="' . $token . '" where roll=' . $roll; if (db_exec_only($login_query)) { $login_success = true; } } } theme_header('Login'); theme_navbar($login_success, $roll); ?> <div class="col-lg-5"> <h2><i class="fa fa-sign-in fa-fw"></i> Login <small>Get access student database</small></h2> <? if($login_success) login_success(); else { if($_POST) { login_error(); } theme_login_form(); } ?> </div> <? theme_footer(); db_close(); ?>
function portal_validate_authenticated($session_id) { // $GLOBALS['log']->fatal('fds'); $old_error_reporting = error_reporting(0); session_id($session_id); // This little construct checks to see if the session validated if (session_start()) { $valid_session = true; if (!empty($_SESSION['is_valid_session']) && $_SESSION['ip_address'] == $_SERVER['REMOTE_ADDR'] && $valid_session != null && ($_SESSION['type'] == 'contact' || $_SESSION['type'] == 'lead' || $_SESSION['type'] == 'portal')) { global $current_user; $valid_session->last_request_time = gmdate("Y-m-d H:i:s"); $valid_session->save(); $current_user = new User(); $current_user->retrieve($_SESSION['portal_id']); login_success(); error_reporting($old_error_reporting); return true; } } session_destroy(); error_reporting($old_error_reporting); return false; }
function portal_validate_authenticated($session_id) { $old_error_reporting = error_reporting(0); session_id($session_id); // This little construct checks to see if the session validated if (session_start()) { $valid_session = true; if (!empty($_SESSION['is_valid_session']) && $_SESSION['ip_address'] == query_client_ip() && $valid_session != null && ($_SESSION['type'] == 'contact' || $_SESSION['type'] == 'lead' || $_SESSION['type'] == 'portal')) { global $current_user; $current_user = new User(); $current_user->retrieve($_SESSION['portal_id']); login_success(); error_reporting($old_error_reporting); return true; } } session_destroy(); $GLOBALS['log']->fatal('SECURITY: The session ID is invalid'); error_reporting($old_error_reporting); return false; }
function handle_access_code() { render_boilerplate(); $request = Flight::request(); $code = $request->query->access_code; $code = strtolower(trim($code)); if (empty($code)) { Flight::render('denied_code', array('msg' => _('No access code sent.'))); } else { if ($code != ACCESS_CODE) { Flight::render('denied_code', array('msg' => _('Wrong access code.'))); } else { login_success(); } } }
/** * Validate the provided session information is correct and current. Load the session. * * @param String $session_id -- The session ID that was returned by a call to login. * @return true -- If the session is valid and loaded. * @return false -- if the session is not valid. */ function validate_authenticated($session_id) { session_id($session_id); session_start(); if (!empty($_SESSION['is_valid_session']) && $_SESSION['ip_address'] == $_SERVER['REMOTE_ADDR'] && $_SESSION['type'] == 'user') { global $current_user; require_once 'modules/Users/User.php'; $current_user = new User(); $current_user->retrieve($_SESSION['user_id']); login_success(); return true; } session_destroy(); return false; }
function portal_validate_authenticated($session_id) { $old_error_reporting = error_reporting(0); session_id($session_id); // This little construct checks to see if the session validated if (session_start()) { $valid_session = true; $valid_session = SessionManager::getValidSession($session_id); if (!empty($_SESSION['is_valid_session']) && $_SESSION['ip_address'] == query_client_ip() && $valid_session != null && ($_SESSION['type'] == 'contact' || $_SESSION['type'] == 'lead' || $_SESSION['type'] == 'portal')) { global $current_user; $valid_session->last_request_time = TimeDate::getInstance()->nowDb(); $valid_session->save(); $current_user = BeanFactory::getBean('Users', $_SESSION['portal_id']); login_success(); error_reporting($old_error_reporting); return true; } } session_destroy(); $GLOBALS['log']->fatal('SECURITY: The session ID is invalid'); error_reporting($old_error_reporting); return false; }
function handle_access_code() { render_boilerplate(); $request = Flight::request(); $code = $request->query->access_code; $code = strtolower(trim($code)); if (empty($code)) { Flight::render('denied_code', array('msg' => _('Did you type anything?'))); } else { if ($code != ACCESS_CODE) { Flight::render('denied_code', array('msg' => _('Did you have a typo?'))); } else { login_success(); } } }
/** * Log the user into the application * * @param UserAuth array $user_auth -- Set user_name and password (password needs to be * in the right encoding for the type of authentication the user is setup for. For Base * sugar validation, password is the MD5 sum of the plain text password. * @param String $application -- The name of the application you are logging in from. (Currently unused). * @return Array(session_id) -- session_id is the id of the session that was created. * @exception 'SoapFault' -- The SOAP error, if any */ function new_login($user_auth, $application) { global $sugar_config, $system_config; $error = new SoapError(); $user = new User(); $success = false; //rrs $system_config = new Administration(); $system_config->retrieveSettings('system'); $authController = new AuthenticationController(!empty($sugar_config['authenticationClass']) ? $sugar_config['authenticationClass'] : 'SugarAuthenticate'); //rrs $user = $user->retrieve_by_string_fields(array('user_name' => $user_auth['user_name'], 'user_hash' => $user_auth['password'], 'deleted' => 0, 'status' => 'Active', 'portal_only' => 0)); if (!empty($user) && !empty($user->id)) { $success = true; global $current_user; $current_user = $user; } else { if (function_exists('mcrypt_cbc')) { $password = decrypt_string($user_auth['password']); if ($authController->login($user_auth['user_name'], $password) && isset($_SESSION['authenticated_user_id'])) { $success = true; } // if } } // else if if ($success) { session_start(); global $current_user; //$current_user = $user; login_success(); $current_user->loadPreferences(); $_SESSION['is_valid_session'] = true; $_SESSION['ip_address'] = query_client_ip(); $_SESSION['user_id'] = $current_user->id; $_SESSION['type'] = 'user'; $_SESSION['avail_modules'] = get_user_module_list($current_user); $_SESSION['authenticated_user_id'] = $current_user->id; $_SESSION['unique_key'] = $sugar_config['unique_key']; $current_user->call_custom_logic('after_login'); return array('id' => session_id()); } // if LogicHook::initialize(); $GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed'); $error->set_error('invalid_login'); setFaultObject($error); }