function check_modules_access($user, $module_name, $action = 'write') { if (!isset($_SESSION['avail_modules'])) { $_SESSION['avail_modules'] = get_user_module_list($user); } if (isset($_SESSION['avail_modules'][$module_name])) { if ($action == 'write' && $_SESSION['avail_modules'][$module_name] == 'read_only') { if (is_admin($user)) { return true; } return false; } elseif ($action == 'write' && strcmp(strtolower($module_name), 'users') == 0 && !$user->isAdminForModule($module_name)) { //rrs bug: 46000 - If the client is trying to write to the Users module and is not an admin then we need to stop them return false; } return true; } return false; }
/** * Log the user into the application * * @param UserAuth array $user_auth -- Set user_name and password (password needs to be * in the right encoding for the type of authentication the user is setup for. For Base * sugar validation, password is the MD5 sum of the plain text password. * @param String $application -- The name of the application you are logging in from. (Currently unused). * @return Array(session_id, error) -- session_id is the id of the session that was * created. Error is set if there was any error during creation. */ function login($user_auth, $application) { $error = new SoapError(); $user = new User(); $user = $user->retrieve_by_string_fields(array('user_name' => $user_auth['user_name'], 'user_hash' => $user_auth['password'], 'deleted' => 0, 'status' => 'Active', 'portal_only' => 0)); if (!empty($user) && !empty($user->id)) { session_start(); global $current_user; $current_user = $user; $user->loadPreferences(); $_SESSION['is_valid_session'] = true; $_SESSION['ip_address'] = $_SERVER['REMOTE_ADDR']; $_SESSION['user_id'] = $user->id; $_SESSION['type'] = 'user'; $_SESSION['avail_modules'] = get_user_module_list($user); login_success(); return array('id' => session_id(), 'error' => $error); } $error->set_error('invalid_login'); return array('id' => -1, 'error' => $error); }
/** * Log the user into the application * * @param UserAuth array $user_auth -- Set user_name and password (password needs to be * in the right encoding for the type of authentication the user is setup for. For Base * sugar validation, password is the MD5 sum of the plain text password. * @param String $application -- The name of the application you are logging in from. (Currently unused). * @return Array(session_id, error) -- session_id is the id of the session that was * created. Error is set if there was any error during creation. */ function login($user_auth, $application) { global $sugar_config, $system_config; $error = new SoapError(); $user = new User(); $success = false; //rrs $system_config = new Administration(); $system_config->retrieveSettings('system'); $authController = new AuthenticationController(!empty($sugar_config['authenticationClass']) ? $sugar_config['authenticationClass'] : 'SugarAuthenticate'); //rrs $isLoginSuccess = $authController->login($user_auth['user_name'], $user_auth['password'], array('passwordEncrypted' => true)); $usr_id = $user->retrieve_user_id($user_auth['user_name']); if ($usr_id) { $user->retrieve($usr_id); } if ($isLoginSuccess) { if ($_SESSION['hasExpiredPassword'] == '1') { $error->set_error('password_expired'); $GLOBALS['log']->fatal('password expired for user ' . $user_auth['user_name']); LogicHook::initialize(); $GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed'); return array('id' => -1, 'error' => $error); } // if if (!empty($user) && !empty($user->id) && !$user->is_group) { $success = true; global $current_user; $current_user = $user; } // if } else { if ($usr_id && isset($user->user_name) && $user->getPreference('lockout') == '1') { $error->set_error('lockout_reached'); $GLOBALS['log']->fatal('Lockout reached for user ' . $user_auth['user_name']); LogicHook::initialize(); $GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed'); return array('id' => -1, 'error' => $error); } else { if (function_exists('mcrypt_cbc')) { $password = decrypt_string($user_auth['password']); $authController = new AuthenticationController(!empty($sugar_config['authenticationClass']) ? $sugar_config['authenticationClass'] : 'SugarAuthenticate'); if ($authController->login($user_auth['user_name'], $password) && isset($_SESSION['authenticated_user_id'])) { $success = true; } // if } } } // else if if ($success) { session_start(); global $current_user; //$current_user = $user; login_success(); $current_user->loadPreferences(); $_SESSION['is_valid_session'] = true; $_SESSION['ip_address'] = query_client_ip(); $_SESSION['user_id'] = $current_user->id; $_SESSION['type'] = 'user'; $_SESSION['avail_modules'] = get_user_module_list($current_user); $_SESSION['authenticated_user_id'] = $current_user->id; $_SESSION['unique_key'] = $sugar_config['unique_key']; $current_user->call_custom_logic('after_login'); return array('id' => session_id(), 'error' => $error); } $error->set_error('invalid_login'); $GLOBALS['log']->fatal('SECURITY: User authentication for ' . $user_auth['user_name'] . ' failed'); LogicHook::initialize(); $GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed'); return array('id' => -1, 'error' => $error); }
function check_modules_access($user, $module_name, $action = 'write') { if (!isset($_SESSION['avail_modules'])) { $_SESSION['avail_modules'] = get_user_module_list($user); } if (isset($_SESSION['avail_modules'][$module_name])) { if ($action == 'write' && $_SESSION['avail_modules'][$module_name] == 'read_only') { if (is_admin($user)) { return true; } return false; } return true; } return false; }
/** * Log the user into the application * * @param UserAuth array $user_auth -- Set user_name and password (password needs to be * in the right encoding for the type of authentication the user is setup for. For Base * sugar validation, password is the MD5 sum of the plain text password. * @param String $application -- The name of the application you are logging in from. (Currently unused). * @return Array(session_id, error) -- session_id is the id of the session that was * created. Error is set if there was any error during creation. */ function login($user_auth, $application) { global $sugar_config, $system_config; $error = new SoapError(); $user = new User(); $success = false; //rrs $system_config = new Administration(); $system_config->retrieveSettings('system'); $authController = new AuthenticationController(!empty($sugar_config['authenticationClass']) ? $sugar_config['authenticationClass'] : 'SugarAuthenticate'); //rrs $user = $user->retrieve_by_string_fields(array('user_name' => $user_auth['user_name'], 'user_hash' => $user_auth['password'], 'deleted' => 0, 'status' => 'Active', 'portal_only' => 0)); if (!empty($user) && !empty($user->id) && !$user->is_group) { $success = true; global $current_user; $current_user = $user; } else { if (function_exists('mcrypt_cbc')) { $password = decrypt_string($user_auth['password']); if ($authController->login($user_auth['user_name'], $password) && isset($_SESSION['authenticated_user_id'])) { $success = true; } } } if ($success) { session_start(); global $current_user; //$current_user = $user; login_success(); $current_user->loadPreferences(); $_SESSION['is_valid_session'] = true; $_SESSION['ip_address'] = query_client_ip(); $_SESSION['user_id'] = $current_user->id; $_SESSION['type'] = 'user'; $_SESSION['avail_modules'] = get_user_module_list($current_user); $_SESSION['authenticated_user_id'] = $current_user->id; $_SESSION['unique_key'] = $sugar_config['unique_key']; $current_user->call_custom_logic('after_login'); return array('id' => session_id(), 'error' => $error); } $error->set_error('invalid_login'); $GLOBALS['log']->fatal('SECURITY: User authentication for ' . $user_auth['user_name'] . ' failed'); LogicHook::initialize(); $GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed'); return array('id' => -1, 'error' => $error); }
function check_modules_access($user, $module_name, $action = 'write') { $GLOBALS['log']->info('Begin: SoapHelperWebServices->check_modules_access'); if (!isset($_SESSION['avail_modules'])) { $_SESSION['avail_modules'] = get_user_module_list($user); } if (isset($_SESSION['avail_modules'][$module_name])) { if ($action == 'write' && $_SESSION['avail_modules'][$module_name] == 'read_only') { if (is_admin($user)) { $GLOBALS['log']->info('End: SoapHelperWebServices->check_modules_access'); return true; } // if $GLOBALS['log']->info('End: SoapHelperWebServices->check_modules_access'); return false; } $GLOBALS['log']->info('End: SoapHelperWebServices->check_modules_access'); return true; } $GLOBALS['log']->info('End: SoapHelperWebServices->check_modules_access'); return false; }