//no break here so that we can fall back to database if userman is broken //no break here so that we can fall back to database if userman is broken case 'database': default: // not logged in, and have provided a user/pass $_SESSION['AMP_user'] = new ampuser($username); if (!$_SESSION['AMP_user']->checkPassword($password)) { // failed, one last chance -- fallback to amportal.conf db admin user if ($amp_conf['AMP_ACCESS_DB_CREDS'] && $username == $amp_conf['AMPDBUSER'] && $password == $amp_conf['AMPDBPASS']) { // password succesfully matched amportal.conf db admin user, set admin access $_SESSION['AMP_user']->setAdmin(); } else { // password failed and admin user fall-back failed unset($_SESSION['AMP_user']); $no_auth = true; //for now because of how freepbx works if (!empty($username)) { $ip = getRemoteIp(); freepbx_log_security('Authentication failure for ' . (!empty($username) ? $username : '******') . ' from ' . $_SERVER['REMOTE_ADDR']); if ($ip !== $_SERVER['REMOTE_ADDR']) { freepbx_log_security('Possible proxy detected, forwarded headers for' . (!empty($username) ? $username : '******') . ' set to ' . $ip); } } } } break; } } if (isset($_SESSION['AMP_user'])) { define('FREEPBX_IS_AUTH', 'TRUE'); }
} break; case 'none': $_SESSION['AMP_user'] = new ampuser($amp_conf['AMPDBUSER']); $_SESSION['AMP_user']->setAdmin(); break; case 'database': default: // not logged in, and have provided a user/pass $_SESSION['AMP_user'] = new ampuser($username); if (!$_SESSION['AMP_user']->checkPassword(sha1($password))) { // failed, one last chance -- fallback to amportal.conf db admin user if ($amp_conf['AMP_ACCESS_DB_CREDS'] && $username == $amp_conf['AMPDBUSER'] && $password == $amp_conf['AMPDBPASS']) { // password succesfully matched amportal.conf db admin user, set admin access $_SESSION['AMP_user']->setAdmin(); } else { // password failed and admin user fall-back failed unset($_SESSION['AMP_user']); $no_auth = true; //for now because of how freepbx works if (!empty($username)) { freepbx_log_security('Authentication failure for ' . (!empty($username) ? $username : '******') . ' from ' . $_SERVER['REMOTE_ADDR']); } } } break; } } if (isset($_SESSION['AMP_user'])) { define('FREEPBX_IS_AUTH', 'TRUE'); }
/** * Check the Credentials from FreePBX * * This will check the provided credentials to see if they are valid * We encrypt it here first before passing it to the next step * * @return bool True if credentials were valid, otherwise false */ private function _authenticate($username, $password) { $result = $this->UCP->FreePBX->Ucp->checkCredentials($username, sha1($password)); if (!empty($result) && $this->_allowed($result)) { $this->uid = $result; return true; } if (function_exists('freepbx_log_security')) { freepbx_log_security('Authentication failure for ' . (!empty($username) ? $username : '******') . ' from ' . $_SERVER['REMOTE_ADDR']); } return false; }