function anmelden() { ini_set("gc_maxlifetime", "3600"); global $ERPNAME; // ! das funzt nicht mit $_SESSION[ERPNAME] weil die Session in loginok.php zerstört wird... global $erpConfigFile; //Konfigurationsfile der ERP einlesen $deep = is_dir("../" . $ERPNAME) ? "../" : "../../"; // anmelden() aus einem Unterverzeichnis if (file_exists($deep . $ERPNAME . "/config/" . $erpConfigFile . ".conf")) { $lxo = fopen($deep . $ERPNAME . "/config/" . $erpConfigFile . ".conf", "r"); } else { if (file_exists($deep . $ERPNAME . "/config/" . $erpConfigFile . ".conf.default")) { $lxo = fopen($deep . $ERPNAME . "/config/" . $erpConfigFile . ".conf.default", "r"); } else { return false; } } $dbsec = false; $tmp = fgets($lxo, 512); //Parameter für die Auth-DB in der ERP-Konfiguration finden while (!feof($lxo)) { if (preg_match("/^[\\s]*#/", $tmp) || $tmp == "\n") { //Kommentar, ueberlesen $tmp = fgets($lxo, 512); continue; } if ($dbsec && preg_match("!\\[.+]!", $tmp)) { $dbsec = false; } if ($dbsec) { if (preg_match("/db[ ]*=[ ]*(.+)/", $tmp, $hits)) { $dbname = $hits[1]; } if (preg_match("/password[ ]*=[ ]*(.+)/", $tmp, $hits)) { $dbpasswd = $hits[1]; } if (preg_match("/user[ ]*=[ ]*(.+)/", $tmp, $hits)) { $dbuser = $hits[1]; } if (preg_match("/host[ ]*=[ ]*(.+)/", $tmp, $hits)) { $dbhost = $hits[1] ? $hits[1] : "localhost"; } if (preg_match("/port[ ]*=[ ]*([0-9]+)/", $tmp, $hits)) { $dbport = $hits[1] ? $hits[1] : "5432"; } if (preg_match("/\\[[a-z]+/", $tmp)) { $dbsec = false; } $tmp = fgets($lxo, 512); continue; } if (preg_match("/cookie_name[ ]*=[ ]*(.+)/", $tmp, $hits)) { $cookiename = $hits[1]; } //if ( preg_match("/dbcharset[ ]*=[ ]*(.+)/",$tmp,$hits) ) $dbcharset = $hits[1]; if (preg_match("/session_timeout[ ]*=[ ]*(.+)/", $tmp, $hits)) { $sesstime = $hits[1]; } if (preg_match("!\\[authentication/database\\]!", $tmp)) { $dbsec = true; } $tmp = fgets($lxo, 512); } if (!$cookiename) { $cookiename = $_SESSION['erpConfigFile'] . '_session_id'; } if (!$sesstime) { $sesstime = 480; } fclose($lxo); $cookie = $_COOKIE[$cookiename]; if (!$cookie) { header("location: ups.html"); } // Benutzer anmelden error_log("!{$ERPNAME}!{$dbhost},{$dbport},{$dbuser},{$dbpasswd},{$dbname},{$cookie}!", 0); $auth = authuser($dbhost, $dbport, $dbuser, $dbpasswd, $dbname, $cookie); if (!$auth) { return false; } // Anmeldung des Users fehlgeschlagen chkdir($auth["dbname"]); // gibt es unter dokumente ein Verzeichnis mit dem Instanznamen chkdir($auth["dbname"] . '/tmp/'); foreach ($auth as $key => $val) { $_SESSION[$key] = $val; } // Mandanten + Userdaten in Session speichern $_SESSION["sessid"] = $cookie; $_SESSION["cookie"] = $cookiename; $_SESSION["sesstime"] = $sesstime; // Benutzer/Gruppen/Gruppenzuordnung aus der ERP als Arrays in Session schreiben $db_new = new myDB($dbhost, $dbuser, $dbpasswd, $dbname, $dbport); $sql_all_users = "SELECT usr.id AS user_id, usr.login, usrc.cfg_value AS name FROM auth.user AS usr INNER JOIN auth.user_config AS usrc ON usr.id = usrc.user_id WHERE usrc.cfg_key = 'name' ORDER by usr.id"; $sql_all_groups = "SELECT grp.id AS grp_id, grp.name AS grp_name FROM auth.group AS grp ORDER by grp.id"; $sql_all_assignments = "SELECT usrg.user_id AS user_id, usrg.group_id AS group_id FROM auth.user_group AS usrg ORDER by usrg.user_id"; $all_users = $db_new->getAll($sql_all_users); $all_groups = $db_new->getAll($sql_all_groups); $all_assignments = $db_new->getAll($sql_all_assignments); // $_SESSSION['ok'] da anmelden 2x durchlaufen wird ?? Bessere Lösung ? if (!$_SESSION['ok']) { $_SESSION['all_erp_users'] = $all_users; $_SESSION['all_erp_groups'] = $all_groups; $_SESSION['all_erp_assignments'] = $all_assignments; } $_SESSION['ok'] = "1"; // Mit der Mandanten-DB verbinden $_SESSION["db"] = new myDB($_SESSION["dbhost"], $_SESSION["dbuser"], $_SESSION["dbpasswd"], $_SESSION["dbname"], $_SESSION["dbport"]); if (!$_SESSION["db"]) { return false; } else { $_SESSION['Admin'] = $auth['Admin']; $charset = ini_get("default_charset"); //if ( $charset == "" ) $charset = $dbcharset; if ($charset == "") { $charset = 'UTF8'; } $_SESSION["charset"] = $charset; include_once "inc/UserLib.php"; $user_data = getUserStamm(0, $_SESSION["login"]); $BaseUrl = empty($_SERVER['HTTPS']) ? 'http://' : 'https://'; $BaseUrl .= $_SERVER['HTTP_HOST']; $BaseUrl .= preg_replace("^crm/.*^", "", $_SERVER['REQUEST_URI']); if ($user_data) { foreach ($user_data as $key => $val) { $_SESSION[$key] = $val; } } if (isset($_SESSION['sql_error']) && $_SESSION['sql_error']) { $_SESSION['db']->setShowError(true); } else { $_SESSION['db']->setShowError(false); } $_SESSION['dir_mode'] = $user_data['dir_mode'] != '' ? octdec($user_data['dir_mode']) : 493; // 0755 $_SESSION["loginCRM"] = $user_data["id"]; $_SESSION['theme'] = $user_data['theme'] == '' || $user_data['theme'] == 'base' ? '' : $user_data['theme']; $sql = "SELECT * from schema_info where tag like 'relea%' order by itime desc limit 1"; $rs = $_SESSION["db"]->getOne($sql); $tmp = substr($rs['tag'], 8); $_SESSION["ERPver"] = strtr($tmp, '_', '.'); $_SESSION["menu"] = makeMenu($_SESSION["sessid"], $_SESSION["token"]); $_SESSION["basepath"] = $BaseUrl; $_SESSION['token'] = False; return true; } }
function authuser($dbhost, $dbport, $dbuser, $dbpasswd, $dbname, $cookie) { $db = new myDB($dbhost, $dbuser, $dbpasswd, $dbname, $dbport); //Hat sich ein User angemeldet $sql = "select sc.session_id,u.id,u.login from auth.session_content sc left join auth.\"user\" u on "; $sql .= "(E'--- ' || u.login || chr(10) )=sc.sess_value left join auth.session s on s.id=sc.session_id "; $sql .= "where session_id = '{$cookie}' and sc.sess_key='login'"; $rs = $db->getAll($sql); if (count($rs) != 1) { // Garnicht mit ERP angemeldet oder zu viele Sessions, sollte die ERP drauf achten unset($_SESSION); $Url = preg_replace("^crm/.*^", "", $_SERVER['REQUEST_URI']); header("location:" . $Url . "controller.pl?action=LoginScreen/user_login"); } $auth = array(); $uid = $rs[0]["id"]; $auth["login"] = $rs[0]["login"]; $sql = "select * from auth.user_config where user_id=" . $uid; $rs = $db->getAll($sql); $keys = array("countrycode", "stylesheet", "vclimit", "signature", "email", "tel", "fax", "name"); foreach ($rs as $row) { if (in_array($row["cfg_key"], $keys)) { $auth[$row["cfg_key"]] = $row["cfg_value"]; } } $auth["lang"] = $auth["countrycode"] != '' ? $auth["countrycode"] : 'en'; $auth["stylesheet"] = substr($auth["stylesheet"], 0, -4); //Welcer Mandant ist verbunden $sql = "SELECT sess_value FROM auth.session_content WHERE session_id = '{$cookie}' and sess_key='client_id'"; $rs = $db->getOne($sql); $mandant = substr($rs['sess_value'], 4); $sql = 'SELECT id as manid,name as mandant,dbhost,dbport,dbname,dbuser,dbpasswd FROM auth.clients WHERE id = ' . $mandant; $rs = $db->getOne($sql); $auth = array_merge($auth, $rs); //Eine der Gruppen des Users darf sales_all_edit $sql = "SELECT granted from auth.group_rights G where G.right = 'sales_all_edit' "; $sql .= "and G.group_id in (select group_id from auth.user_group where user_id = " . $uid . ")"; $rs3 = $db->getAll($sql); $auth["sales_edit_all"] = 'f'; if ($rs3) { foreach ($rs3 as $row) { if ($row["granted"] == 't') { $auth["sales_edit_all"] = 't'; break; } } } // Ist der User ein CRM-Supervisor? $sql = "SELECT count(*) as cnt from auth.user_group left join auth.group on id=group_id where name = 'CRMTL' and user_id = " . $uid; $rs = $db->getOne($sql); $auth['CRMTL'] = $rs['cnt']; //Session update $sql = "update auth.session set mtime = '" . date("Y-M-d H:i:s.100001") . "' where id = '" . $cookie . "'"; $db->query($sql, "authuser_3"); //Token lesen $sql = "SELECT * FROM auth.session WHERE id = '" . $cookie . "'"; $rsa = $db->getOne($sql); $auth['token'] = $rsa['api_token']; return $auth; }
function authuser($dbhost, $dbport, $dbuser, $dbpasswd, $dbname, $cookie) { $db = new myDB($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, true); $sql = "select sc.session_id,u.id from auth.session_content sc left join auth.user u on "; $sql .= "u.login=sc.sess_value left join auth.session s on s.id=sc.session_id "; $sql .= "where session_id = '{$cookie}' and sc.sess_key='login'"; // order by s.mtime desc"; $rs = $db->getAll($sql, "authuser_1"); if (!$rs) { return false; } $stmp = ""; if (count($rs) > 1) { header("location:../login.pl?action=logout"); /*foreach($rs as $row) { $stmp.=$row["session_id"].","; } $sql1="delete from session where id in (".substr($stmp,-1).")"; $sql2="delete from session_content where session_id in (".substr($stmp,-1).")"; $db->query($sql1,"authuser_A"); $db->query($sql2,"authuser_B"); $sql3="insert into session ";*/ } $sql = "select * from auth.user where id=" . $rs[0]["id"]; $rs1 = $db->getAll($sql, "authuser_1"); if (!$rs1) { return false; } $auth = array(); $auth["login"] = $rs1[0]["login"]; $sql = "select * from auth.user_config where user_id=" . $rs[0]["id"]; $rs1 = $db->getAll($sql, "authuser_2"); $keys = array("dbname", "dbpasswd", "dbhost", "dbport", "dbuser"); foreach ($rs1 as $row) { if (in_array($row["cfg_key"], $keys)) { $auth[$row["cfg_key"]] = $row["cfg_value"]; } } $sql = "update auth.session set mtime = '" . date("Y-M-d H:i:s.100001") . "' where id = '" . $rs[0]["session_id"] . "'"; $db->query($sql, "authuser_3"); return $auth; }