/**
* If user has exceeded time or number of attempts with a generated password,
* this sets user data `is_password_expired` to true (otherwise false). Also,
* if password has expired, than `password_expired_message` is set.
*/
public function setExpiredPassword($user_data)
{
$user_data['is_password_expired'] = false;
$user_data['password_expired_message'] = "";
require_once 'modules/Users/password_utils.php';
if (hasPasswordExpired($user_data['user_name'])) {
$messageLabel = $_SESSION['expiration_label'];
$message = translate($messageLabel, 'Users');
$user_data['is_password_expired'] = true;
$user_data['password_expired_message'] = $message;
$passwordSettings = $GLOBALS['sugar_config']['passwordsetting'];
$user_data['password_requirements'] = $this->getPasswordRequirements($passwordSettings);
}
return $user_data;
}
/**
* Authenticates a user based on the username and password
* returns true if the user was authenticated false otherwise
* it also will load the user into current user if he was authenticated
*
* @param string $username
* @param string $password
* @return boolean
*/
function loginAuthenticate($username, $password, $fallback = false, $PARAMS = array())
{
global $mod_strings;
unset($_SESSION['login_error']);
$usr = new user();
$usr_id = $usr->retrieve_user_id($username);
$usr->retrieve($usr_id);
$_SESSION['login_error'] = '';
$_SESSION['waiting_error'] = '';
$_SESSION['hasExpiredPassword'] = '******';
if ($this->userAuthenticate->loadUserOnLogin($username, $password, $fallback, $PARAMS)) {
require_once 'modules/Users/password_utils.php';
if (hasPasswordExpired($username)) {
$_SESSION['hasExpiredPassword'] = '******';
}
// now that user is authenticated, reset loginfailed
if ($usr->getPreference('loginfailed') != '' && $usr->getPreference('loginfailed') != 0) {
$usr->setPreference('loginfailed', '0');
$usr->savePreferencesToDB();
}
return $this->postLoginAuthenticate();
} else {
if (!empty($usr_id) && $res['lockoutexpiration'] > 0) {
if (($logout = $usr->getPreference('loginfailed')) == '') {
$usr->setPreference('loginfailed', '1');
} else {
$usr->setPreference('loginfailed', $logout + 1);
}
$usr->savePreferencesToDB();
}
}
if (strtolower(get_class($this)) != 'sugarauthenticate') {
$sa = new SugarAuthenticate();
$error = !empty($_SESSION['login_error']) ? $_SESSION['login_error'] : '';
if ($sa->loginAuthenticate($username, $password, true, $PARAMS)) {
return true;
}
$_SESSION['login_error'] = $error;
}
$_SESSION['login_user_name'] = $username;
$_SESSION['login_password'] = $password;
if (empty($_SESSION['login_error'])) {
$_SESSION['login_error'] = translate('ERR_INVALID_PASSWORD', 'Users');
}
return false;
}
/**
* Authenticates a user based on the username and password
* returns true if the user was authenticated false otherwise
* it also will load the user into current user if he was authenticated
*
* @param string $username
* @param string $password
* @return boolean
*/
function loginAuthenticate($username, $password, $fallback = false)
{
global $mod_strings;
session_unregister('login_error');
$usr = new user();
$usr_id = $usr->retrieve_user_id($username);
$usr->retrieve($usr_id);
$_SESSION['login_error'] = '';
$_SESSION['waiting_error'] = '';
$_SESSION['hasExpiredPassword'] = '******';
if ($this->userAuthenticate->loadUserOnLogin($username, $password, $fallback)) {
require_once 'modules/Users/password_utils.php';
if (hasPasswordExpired($username)) {
$_SESSION['hasExpiredPassword'] = '******';
}
return $this->postLoginAuthenticate();
} else {
if (!empty($usr_id)) {
if (($logout = $usr->getPreference('loginfailed')) == '') {
$usr->setPreference('loginfailed', '1');
} else {
$usr->setPreference('loginfailed', $logout + 1);
}
$usr->savePreferencesToDB();
}
}
if (strtolower(get_class($this)) != 'sugarauthenticate') {
$sa = new SugarAuthenticate();
$error = !empty($_SESSION['login_error']) ? $_SESSION['login_error'] : '';
if ($sa->loginAuthenticate($username, $password, true)) {
return true;
}
$_SESSION['login_error'] = $error;
}
$_SESSION['login_user_name'] = $username;
$_SESSION['login_password'] = $password;
if (empty($_SESSION['login_error'])) {
$_SESSION['login_error'] = $mod_strings['ERR_INVALID_PASSWORD'];
}
return false;
}
/**
* Authenticates a user based on the username and password
* returns true if the user was authenticated false otherwise
* it also will load the user into current user if he was authenticated
*
* @param string $username
* @param string $password
* @return boolean
*/
function loginAuthenticate($username, $password, $fallback = false, $PARAMS = array())
{
global $app_strings;
unset($_SESSION['login_error']);
$res = $GLOBALS['sugar_config']['passwordsetting'];
$usr = BeanFactory::getBean('Users');
$usr->retrieve_by_string_fields(array('user_name' => $username));
$_SESSION['login_error'] = '';
$_SESSION['waiting_error'] = '';
$_SESSION['hasExpiredPassword'] = '******';
$usr->reloadPreferences();
// if there is too many login attempts
if (!empty($usr->id) && $res['lockoutexpiration'] > 0 && $usr->getPreference('loginfailed') >= $res['lockoutexpirationlogin'] && !$usr->portal_only) {
// if there is a lockout time set
if ($res['lockoutexpiration'] == '2') {
// lockout date is now if not set
if (($logout_time = $usr->getPreference('logout_time')) == '') {
$usr->setPreference('logout_time', TimeDate::getInstance()->nowDb());
$logout_time = $usr->getPreference('logout_time');
}
// Bug # 45922 - calculating the expiretime properly
$stim = strtotime($logout_time);
$mins = $res['lockoutexpirationtime'] * $res['lockoutexpirationtype'];
$expiretime = TimeDate::getInstance()->fromDb($logout_time)->modify("+{$mins} minutes")->asDb();
// Test if the user is still locked out and return a error message
if (TimeDate::getInstance()->nowDb() < $expiretime) {
$usr->setPreference('lockout', '1');
$_SESSION['login_error'] = $app_strings['LBL_LOGIN_ATTEMPTS_OVERRUN'] . ' ';
$_SESSION['login_error'] .= $app_strings['LBL_LOGIN_LOGIN_TIME_ALLOWED'] . ' ';
$lol = strtotime($expiretime) - strtotime(TimeDate::getInstance()->nowDb());
switch (true) {
case floor($lol / 86400) != 0:
$_SESSION['login_error'] .= floor($lol / 86400) . $app_strings['LBL_LOGIN_LOGIN_TIME_DAYS'];
break;
case floor($lol / 3600) != 0:
$_SESSION['login_error'] .= floor($lol / 3600) . $app_strings['LBL_LOGIN_LOGIN_TIME_HOURS'];
break;
case floor($lol / 60) != 0:
$_SESSION['login_error'] .= floor($lol / 60) . $app_strings['LBL_LOGIN_LOGIN_TIME_MINUTES'];
break;
case floor($lol) != 0:
$_SESSION['login_error'] .= floor($lol) . $app_strings['LBL_LOGIN_LOGIN_TIME_SECONDS'];
break;
}
$usr->savePreferencesToDB();
return false;
} else {
$usr->setPreference('lockout', '');
$usr->setPreference('loginfailed', '0');
$usr->setPreference('logout_time', '');
$usr->savePreferencesToDB();
}
} else {
$usr->setPreference('lockout', '1');
$_SESSION['login_error'] = $app_strings['LBL_LOGIN_ATTEMPTS_OVERRUN'];
$_SESSION['waiting_error'] = $app_strings['LBL_LOGIN_ADMIN_CALL'];
$usr->savePreferencesToDB();
return false;
}
}
if ($this->userAuthenticate->loadUserOnLogin($username, $password, $fallback, $PARAMS)) {
require_once 'modules/Users/password_utils.php';
if (hasPasswordExpired($username, true)) {
$_SESSION['hasExpiredPassword'] = '******';
}
// now that user is authenticated, reset loginfailed
if ($usr->getPreference('loginfailed') != '' && $usr->getPreference('loginfailed') != 0) {
$usr->setPreference('loginfailed', '0');
$usr->savePreferencesToDB();
}
$this->updateUserLastLogin($usr);
return $this->postLoginAuthenticate();
} else {
if (!empty($usr->id) && isset($res['lockoutexpiration']) && $res['lockoutexpiration'] > 0) {
if (($logout = $usr->getPreference('loginfailed')) == '') {
$usr->setPreference('loginfailed', '1');
} else {
$usr->setPreference('loginfailed', $logout + 1);
}
$usr->savePreferencesToDB();
}
}
if (strtolower(get_class($this)) != 'sugarauthenticate') {
$sa = new SugarAuthenticate();
$error = !empty($_SESSION['login_error']) ? $_SESSION['login_error'] : '';
if ($sa->loginAuthenticate($username, $password, true, $PARAMS)) {
return true;
}
$_SESSION['login_error'] = $error;
}
$_SESSION['login_user_name'] = $username;
$_SESSION['login_password'] = $password;
if (empty($_SESSION['login_error'])) {
$_SESSION['login_error'] = translate('ERR_INVALID_PASSWORD', 'Users');
}
return false;
}
/**
* This function is called when a user initially tries to login.
* It will return true if the user successfully logs in or false otherwise.
*
* @param STRING $username
* @param STRING $password
* @param ARRAY $PARAMS
* @return boolean
*/
function login($username, $password, $PARAMS = array())
{
//kbrill bug #13225
$_SESSION['loginAttempts'] = isset($_fSESSION['loginAttempts']) ? $_SESSION['loginAttempts'] + 1 : 1;
unset($GLOBALS['login_error']);
if ($this->loggedIn) {
return $this->loginSuccess;
}
$this->loginSuccess = $this->authController->loginAuthenticate($username, $password, $PARAMS);
$this->loggedIn = true;
if ($this->loginSuccess) {
//Ensure the user is authorized
checkAuthUserStatus();
loginLicense();
if (!empty($GLOBALS['login_error'])) {
session_unregister('authenticated_user_id');
$GLOBALS['log']->fatal('FAILED LOGIN: potential hack attempt');
$this->loginSuccess = false;
return false;
}
$ut = $GLOBALS['current_user']->getPreference('ut');
if (empty($ut) && $_REQUEST['action'] != 'SaveTimezone') {
$GLOBALS['module'] = 'Users';
$GLOBALS['action'] = 'SetTimezone';
ob_clean();
header("Location: index.php?module=Users&action=SetTimezone");
sugar_cleanup(true);
}
require_once 'modules/Users/expiration.php';
if (($GLOBALS['sugar_config']['passwordsetting']['userexpiration'] > 0 && hasPasswordExpired($username) || $GLOBALS['current_user']->system_generated_password == '1') && $_REQUEST['action'] != 'Save') {
$GLOBALS['module'] = 'Users';
$GLOBALS['action'] = 'ChangePassword';
ob_clean();
header("Location: index.php?module=Users&action=ChangePassword");
$_SESSION['hasExpiredPassword'] = '******';
sugar_cleanup(true);
}
//call business logic hook
if (isset($GLOBALS['current_user'])) {
$GLOBALS['current_user']->call_custom_logic('after_login');
}
} else {
//kbrill bug #13225
LogicHook::initialize();
$GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed');
$GLOBALS['log']->fatal('FAILED LOGIN:attempts[' . $_SESSION['loginAttempts'] . '] - ' . $username);
}
return $this->loginSuccess;
}
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU General Public License version 3.
*
* In accordance with Section 7(b) of the GNU General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "Powered by
* SugarCRM" logo. If the display of the logo is not reasonably feasible for
* technical reasons, the Appropriate Legal Notices must display the words
* "Powered by SugarCRM".
********************************************************************************/
global $current_user;
global $sugar_config;
if (isset($_POST['timezone']) || isset($_GET['timezone'])) {
if (isset($_POST['timezone'])) {
$timezone = $_POST['timezone'];
} else {
$timezone = $_GET['timezone'];
}
$current_user->setPreference('timezone', $timezone);
$current_user->setPreference('ut', 1);
$current_user->savePreferencesToDB();
session_write_close();
require_once 'modules/Users/expiration.php';
if ($GLOBALS['sugar_config']['passwordsetting']['userexpiration'] > 0 && hasPasswordExpired($current_user->user_name) || $GLOBALS['current_user']->system_generated_password == '1') {
header('Location: index.php?module=Users&action=ChangePassword');
} else {
header('Location: index.php?action=index&module=Home');
}
exit;
}
