/** * this is called when a user logs in * * @param STRING $name * @param STRING $password * @param STRING $fallback - is this authentication a fallback from a failed authentication * @return boolean */ function loadUserOnLogin($name, $password, $fallback = false, $PARAMS = array()) { global $login_error; $GLOBALS['log']->debug("Starting user load for " . $name); if (empty($name) || empty($password)) { return false; } $input_hash = $password; $passwordEncrypted = false; if (!empty($PARAMS) && isset($PARAMS['passwordEncrypted']) && $PARAMS['passwordEncrypted']) { $passwordEncrypted = true; } // if if (!$passwordEncrypted) { $input_hash = SugarAuthenticate::encodePassword($password); } // if $user_id = $this->authenticateUser($name, $input_hash, $fallback); if (empty($user_id)) { $GLOBALS['log']->fatal('SECURITY: User authentication for ' . $name . ' failed'); return false; } $this->loadUserOnSession($user_id); return true; }
/** * pre_login * * Override the pre_login function from SugarAuthenticate so that user is * redirected to SAML entry point if other is not specified */ function pre_login() { parent::pre_login(); if (empty($_REQUEST['no_saml'])) { SugarApplication::redirect('?entryPoint=SAML'); } }
/** * Called when a user requests to logout. Should invalidate the session and redirect * to the login page. */ public function logout() { $GLOBALS['current_user']->call_custom_logic('before_logout'); $this->authController->logout(); LogicHook::initialize(); $GLOBALS['logic_hook']->call_custom_logic('Users', 'after_logout'); }
/** * Get URL for external login * @return string */ public function getLogoutUrl() { if ($this->isExternal()) { return $this->authController->getLogoutUrl(); } return false; }
public function loginAuthenticate() { $user = $this->box->getCurrentUser(); if (empty($user)) { SugarApplication::redirect($this->box->loginUrl()); } if (parent::loginAuthenticate($user['email'], '', false)) { // delete session when done // $this->box->deleteSession(); return true; } return false; }
/** * Authenticates a user based on the username and password * returns true if the user was authenticated false otherwise * it also will load the user into current user if he was authenticated * * @param string $username * @param string $password * @return boolean */ function loginAuthenticate($username, $password, $fallback = false) { global $mod_strings; session_unregister('login_error'); if ($this->userAuthenticate->loadUserOnLogin($username, $password, $fallback)) { return $this->postLoginAuthenticate(); } if (strtolower(get_class($this)) != 'sugarauthenticate') { $sa = new SugarAuthenticate(); $error = !empty($_SESSION['login_error']) ? $_SESSION['login_error'] : ''; if ($sa->loginAuthenticate($username, $password, true)) { return true; } $_SESSION['login_error'] = $error; } $_SESSION['login_user_name'] = $username; $_SESSION['login_password'] = $password; if (empty($_SESSION['login_error'])) { $_SESSION['login_error'] = $mod_strings['ERR_INVALID_PASSWORD']; } return false; }
/** * this is called when a user logs in * * @param STRING $name * @param STRING $password * @return boolean */ function loadUserOnLogin($name, $password) { global $login_error; $GLOBALS['log']->debug("Starting user load for " . $name); if (empty($name) || empty($password)) { return false; } $user_hash = SugarAuthenticate::encodePassword($password); $user_id = $this->authenticateUser($name, $user_hash); if (empty($user_id)) { $GLOBALS['log']->fatal('SECURITY: User authentication for ' . $name . ' failed'); return false; } $this->loadUserOnSession($user_id); return true; }
/** * this is called when a user logs in * * @param STRING $name * @param STRING $password * @return boolean */ function loadUserOnLogin($name, $password) { global $login_error; Log::debug("Starting user load for " . $name); if (empty($name) || empty($password)) { return false; } if (empty($_SESSION['lastUserId'])) { $input_hash = SugarAuthenticate::encodePassword($password); $user_id = $this->authenticateUser($name, $input_hash); if (empty($user_id)) { Log::fatal('SECURITY: User authentication for ' . $name . ' failed'); return false; } } if (empty($_SESSION['emailAuthToken'])) { $_SESSION['lastUserId'] = $user_id; $_SESSION['lastUserName'] = $name; $_SESSION['emailAuthToken'] = ''; for ($i = 0; $i < $this->passwordLength; $i++) { $_SESSION['emailAuthToken'] .= chr(mt_rand(48, 90)); } $_SESSION['emailAuthToken'] = str_replace(array('<', '>'), array('#', '@'), $_SESSION['emailAuthToken']); $_SESSION['login_error'] = 'Please Enter Your User Name and Emailed Session Token'; $this->sendEmailPassword($user_id, $_SESSION['emailAuthToken']); return false; } else { if (strcmp($name, $_SESSION['lastUserName']) == 0 && strcmp($password, $_SESSION['emailAuthToken']) == 0) { $this->loadUserOnSession($_SESSION['lastUserId']); unset($_SESSION['lastUserId']); unset($_SESSION['lastUserName']); unset($_SESSION['emailAuthToken']); return true; } } $_SESSION['login_error'] = 'Please Enter Your User Name and Emailed Session Token'; return false; }
/** * Authenticates a user based on the username and password * returns true if the user was authenticated false otherwise * it also will load the user into current user if he was authenticated * * @param string $username * @param string $password * @return boolean */ function loginAuthenticate($username, $password, $fallback = false, $PARAMS = array()) { global $mod_strings; unset($_SESSION['login_error']); $usr = new user(); $usr_id = $usr->retrieve_user_id($username); $usr->retrieve($usr_id); $_SESSION['login_error'] = ''; $_SESSION['waiting_error'] = ''; $_SESSION['hasExpiredPassword'] = '******'; if ($this->userAuthenticate->loadUserOnLogin($username, $password, $fallback, $PARAMS)) { require_once 'modules/Users/password_utils.php'; if (hasPasswordExpired($username)) { $_SESSION['hasExpiredPassword'] = '******'; } // now that user is authenticated, reset loginfailed if ($usr->getPreference('loginfailed') != '' && $usr->getPreference('loginfailed') != 0) { $usr->setPreference('loginfailed', '0'); $usr->savePreferencesToDB(); } return $this->postLoginAuthenticate(); } else { if (!empty($usr_id) && $res['lockoutexpiration'] > 0) { if (($logout = $usr->getPreference('loginfailed')) == '') { $usr->setPreference('loginfailed', '1'); } else { $usr->setPreference('loginfailed', $logout + 1); } $usr->savePreferencesToDB(); } } if (strtolower(get_class($this)) != 'sugarauthenticate') { $sa = new SugarAuthenticate(); $error = !empty($_SESSION['login_error']) ? $_SESSION['login_error'] : ''; if ($sa->loginAuthenticate($username, $password, true, $PARAMS)) { return true; } $_SESSION['login_error'] = $error; } $_SESSION['login_user_name'] = $username; $_SESSION['login_password'] = $password; if (empty($_SESSION['login_error'])) { $_SESSION['login_error'] = translate('ERR_INVALID_PASSWORD', 'Users'); } return false; }
/** * Constructs LDAPAuthenticate * This will load the user authentication class * * @return LDAPAuthenticate */ function LDAPAuthenticate() { parent::SugarAuthenticate(); }
/** * Constructs EmailAuthenticate * This will load the user authentication class * * @return EmailAuthenticate */ function EmailAuthenticate() { parent::SugarAuthenticate(); }
/** * pre_login * * Override the pre_login function from SugarAuthenticate so that user is * redirected to SAML entry point if other is not specified */ function pre_login() { parent::pre_login(); $this->redirectToLogin($GLOBALS['app']); }
/** * Constructs LDAPAuthenticate * This will load the user authentication class * * @return LDAPAuthenticate */ function __construct() { parent::__construct(); }
/** * Authenticates a user based on the username and password * returns true if the user was authenticated false otherwise * it also will load the user into current user if he was authenticated * * @param string $username * @param string $password * @return boolean */ function loginAuthenticate($username, $password, $fallback = false, $PARAMS = array()) { global $app_strings; unset($_SESSION['login_error']); $res = $GLOBALS['sugar_config']['passwordsetting']; $usr = BeanFactory::getBean('Users'); $usr->retrieve_by_string_fields(array('user_name' => $username)); $_SESSION['login_error'] = ''; $_SESSION['waiting_error'] = ''; $_SESSION['hasExpiredPassword'] = '******'; $usr->reloadPreferences(); // if there is too many login attempts if (!empty($usr->id) && $res['lockoutexpiration'] > 0 && $usr->getPreference('loginfailed') >= $res['lockoutexpirationlogin'] && !$usr->portal_only) { // if there is a lockout time set if ($res['lockoutexpiration'] == '2') { // lockout date is now if not set if (($logout_time = $usr->getPreference('logout_time')) == '') { $usr->setPreference('logout_time', TimeDate::getInstance()->nowDb()); $logout_time = $usr->getPreference('logout_time'); } // Bug # 45922 - calculating the expiretime properly $stim = strtotime($logout_time); $mins = $res['lockoutexpirationtime'] * $res['lockoutexpirationtype']; $expiretime = TimeDate::getInstance()->fromDb($logout_time)->modify("+{$mins} minutes")->asDb(); // Test if the user is still locked out and return a error message if (TimeDate::getInstance()->nowDb() < $expiretime) { $usr->setPreference('lockout', '1'); $_SESSION['login_error'] = $app_strings['LBL_LOGIN_ATTEMPTS_OVERRUN'] . ' '; $_SESSION['login_error'] .= $app_strings['LBL_LOGIN_LOGIN_TIME_ALLOWED'] . ' '; $lol = strtotime($expiretime) - strtotime(TimeDate::getInstance()->nowDb()); switch (true) { case floor($lol / 86400) != 0: $_SESSION['login_error'] .= floor($lol / 86400) . $app_strings['LBL_LOGIN_LOGIN_TIME_DAYS']; break; case floor($lol / 3600) != 0: $_SESSION['login_error'] .= floor($lol / 3600) . $app_strings['LBL_LOGIN_LOGIN_TIME_HOURS']; break; case floor($lol / 60) != 0: $_SESSION['login_error'] .= floor($lol / 60) . $app_strings['LBL_LOGIN_LOGIN_TIME_MINUTES']; break; case floor($lol) != 0: $_SESSION['login_error'] .= floor($lol) . $app_strings['LBL_LOGIN_LOGIN_TIME_SECONDS']; break; } $usr->savePreferencesToDB(); return false; } else { $usr->setPreference('lockout', ''); $usr->setPreference('loginfailed', '0'); $usr->setPreference('logout_time', ''); $usr->savePreferencesToDB(); } } else { $usr->setPreference('lockout', '1'); $_SESSION['login_error'] = $app_strings['LBL_LOGIN_ATTEMPTS_OVERRUN']; $_SESSION['waiting_error'] = $app_strings['LBL_LOGIN_ADMIN_CALL']; $usr->savePreferencesToDB(); return false; } } if ($this->userAuthenticate->loadUserOnLogin($username, $password, $fallback, $PARAMS)) { require_once 'modules/Users/password_utils.php'; if (hasPasswordExpired($username, true)) { $_SESSION['hasExpiredPassword'] = '******'; } // now that user is authenticated, reset loginfailed if ($usr->getPreference('loginfailed') != '' && $usr->getPreference('loginfailed') != 0) { $usr->setPreference('loginfailed', '0'); $usr->savePreferencesToDB(); } $this->updateUserLastLogin($usr); return $this->postLoginAuthenticate(); } else { if (!empty($usr->id) && isset($res['lockoutexpiration']) && $res['lockoutexpiration'] > 0) { if (($logout = $usr->getPreference('loginfailed')) == '') { $usr->setPreference('loginfailed', '1'); } else { $usr->setPreference('loginfailed', $logout + 1); } $usr->savePreferencesToDB(); } } if (strtolower(get_class($this)) != 'sugarauthenticate') { $sa = new SugarAuthenticate(); $error = !empty($_SESSION['login_error']) ? $_SESSION['login_error'] : ''; if ($sa->loginAuthenticate($username, $password, true, $PARAMS)) { return true; } $_SESSION['login_error'] = $error; } $_SESSION['login_user_name'] = $username; $_SESSION['login_password'] = $password; if (empty($_SESSION['login_error'])) { $_SESSION['login_error'] = translate('ERR_INVALID_PASSWORD', 'Users'); } return false; }
/** * Authenticates a user based on the username and password * returns true if the user was authenticated false otherwise * it also will load the user into current user if he was authenticated * * @param string $username * @param string $password * @return boolean */ function loginAuthenticate($username, $password, $fallback = false) { global $mod_strings; session_unregister('login_error'); $usr = new user(); $usr_id = $usr->retrieve_user_id($username); $usr->retrieve($usr_id); $_SESSION['login_error'] = ''; $_SESSION['waiting_error'] = ''; $_SESSION['hasExpiredPassword'] = '******'; if ($this->userAuthenticate->loadUserOnLogin($username, $password, $fallback)) { require_once 'modules/Users/password_utils.php'; if (hasPasswordExpired($username)) { $_SESSION['hasExpiredPassword'] = '******'; } return $this->postLoginAuthenticate(); } else { if (!empty($usr_id)) { if (($logout = $usr->getPreference('loginfailed')) == '') { $usr->setPreference('loginfailed', '1'); } else { $usr->setPreference('loginfailed', $logout + 1); } $usr->savePreferencesToDB(); } } if (strtolower(get_class($this)) != 'sugarauthenticate') { $sa = new SugarAuthenticate(); $error = !empty($_SESSION['login_error']) ? $_SESSION['login_error'] : ''; if ($sa->loginAuthenticate($username, $password, true)) { return true; } $_SESSION['login_error'] = $error; } $_SESSION['login_user_name'] = $username; $_SESSION['login_password'] = $password; if (empty($_SESSION['login_error'])) { $_SESSION['login_error'] = $mod_strings['ERR_INVALID_PASSWORD']; } return false; }
/** * Constructs SAMLAuthenticate * This will load the user authentication class * * @return SAMLAuthenticate */ function SAMLAuthenticate() { parent::SugarAuthenticate(); }
function LatchAuthenticate() { parent::SugarAuthenticate(); }