//// REDIRECTION VARS /////////////////////////////////////////////////////////////////////////////// $system_config = new Administration(); $system_config->retrieveSettings('system'); $authController = new AuthenticationController(!empty($sugar_config['authenticationClass']) ? $sugar_config['authenticationClass'] : 'SugarAuthenticate'); /////////////////////////////////////////////////////////////////////////////// //// USER LOGIN AUTHENTICATION //FIRST PLACE YOU CAN INSTANTIATE A SUGARBEAN; // for Disconnected Client if (isset($_REQUEST['MSID'])) { session_id($_REQUEST['MSID']); session_start(); if (isset($_SESSION['user_id']) && isset($_SESSION['seamless_login'])) { unset($_SESSION['seamless_login']); global $current_user; $authController->sessionAuthenticate($_SESSION['user_id']); $current_user->authenticated = true; $use_current_user_login = true; } else { if (isset($_COOKIE['PHPSESSID'])) { setcookie('PHPSESSID', '', time() - 42000, '/'); } sugar_cleanup(false); session_destroy(); exit('Not a valid entry method'); } } else { session_start(); } // If recording is available, call the recorder to record this round trip. if (is_file("recorder.php")) {
/** * Load the authenticated user. If there is not an authenticated user then redirect to login screen. */ function loadUser() { global $authController, $sugar_config; // Double check the server's unique key is in the session. Make sure this is not an attempt to hijack a session $user_unique_key = isset($_SESSION['unique_key']) ? $_SESSION['unique_key'] : ''; $server_unique_key = isset($sugar_config['unique_key']) ? $sugar_config['unique_key'] : ''; $allowed_actions = !empty($this->controller->allowed_actions) ? $this->controller->allowed_actions : ($allowed_actions = array('Authenticate', 'Login', 'LoggedOut')); $authController = new AuthenticationController(); if ($user_unique_key != $server_unique_key && !in_array($this->controller->action, $allowed_actions) && !isset($_SESSION['login_error'])) { session_destroy(); if (!empty($this->controller->action)) { if (strtolower($this->controller->action) == 'delete') { $this->controller->action = 'DetailView'; } elseif (strtolower($this->controller->action) == 'save') { $this->controller->action = 'EditView'; } elseif (strtolower($this->controller->action) == 'quickcreate') { $this->controller->action = 'index'; $this->controller->module = 'home'; } elseif (isset($_REQUEST['massupdate']) || isset($_GET['massupdate']) || isset($_POST['massupdate'])) { $this->controller->action = 'index'; } elseif ($this->isModifyAction()) { $this->controller->action = 'index'; } elseif ($this->controller->action == $this->default_action && $this->controller->module == $this->default_module) { $this->controller->action = ''; $this->controller->module = ''; } } $authController->authController->redirectToLogin($this); } $GLOBALS['current_user'] = new User(); if (isset($_SESSION['authenticated_user_id'])) { // set in modules/Users/Authenticate.php if (!$authController->sessionAuthenticate()) { // if the object we get back is null for some reason, this will break - like user prefs are corrupted $GLOBALS['log']->fatal('User retrieval for ID: (' . $_SESSION['authenticated_user_id'] . ') does not exist in database or retrieval failed catastrophically. Calling session_destroy() and sending user to Login page.'); session_destroy(); SugarApplication::redirect('index.php?action=Login&module=Users'); die; } //fi } elseif (!($this->controller->module == 'Users' && in_array($this->controller->action, $allowed_actions))) { session_destroy(); SugarApplication::redirect('index.php?action=Login&module=Users'); die; } $GLOBALS['log']->debug('Current user is: ' . $GLOBALS['current_user']->user_name); //set cookies if (isset($_SESSION['authenticated_user_id'])) { $GLOBALS['log']->debug("setting cookie ck_login_id_20 to " . $_SESSION['authenticated_user_id']); self::setCookie('ck_login_id_20', $_SESSION['authenticated_user_id'], time() + 86400 * 90); } if (isset($_SESSION['authenticated_user_theme'])) { $GLOBALS['log']->debug("setting cookie ck_login_theme_20 to " . $_SESSION['authenticated_user_theme']); self::setCookie('ck_login_theme_20', $_SESSION['authenticated_user_theme'], time() + 86400 * 90); } if (isset($_SESSION['authenticated_user_theme_color'])) { $GLOBALS['log']->debug("setting cookie ck_login_theme_color_20 to " . $_SESSION['authenticated_user_theme_color']); self::setCookie('ck_login_theme_color_20', $_SESSION['authenticated_user_theme_color'], time() + 86400 * 90); } if (isset($_SESSION['authenticated_user_theme_font'])) { $GLOBALS['log']->debug("setting cookie ck_login_theme_font_20 to " . $_SESSION['authenticated_user_theme_font']); self::setCookie('ck_login_theme_font_20', $_SESSION['authenticated_user_theme_font'], time() + 86400 * 90); } if (isset($_SESSION['authenticated_user_language'])) { $GLOBALS['log']->debug("setting cookie ck_login_language_20 to " . $_SESSION['authenticated_user_language']); self::setCookie('ck_login_language_20', $_SESSION['authenticated_user_language'], time() + 86400 * 90); } //check if user can access }
require_once 'include/entryPoint.php'; require_once 'include/MVC/SugarApplication.php'; $app = new SugarApplication(); $app->startSession(); $user_unique_key = isset($_SESSION['unique_key']) ? $_SESSION['unique_key'] : ''; $server_unique_key = isset($sugar_config['unique_key']) ? $sugar_config['unique_key'] : ''; $authController = new AuthenticationController(); if ($user_unique_key != $server_unique_key && !isset($_SESSION['login_error'])) { session_destroy(); header("Location: ../index.php?action=Login&module=Users"); die; } $GLOBALS['current_user'] = new User(); if (isset($_SESSION['authenticated_user_id'])) { // set in modules/Users/Authenticate.php if (!$authController->sessionAuthenticate()) { // if the object we get back is null for some reason, this will break - like user prefs are corrupted session_destroy(); header("Location: ../index.php?action=Login&module=Users"); die; } //fi } else { session_destroy(); header("Location: ../index.php?action=Login&module=Users"); die; } //set cookies if (isset($_SESSION['authenticated_user_id'])) { setCookie('ck_login_id_20', $_SESSION['authenticated_user_id'], time() + 86400 * 90); }