/** * If user has exceeded time or number of attempts with a generated password, * this sets user data `is_password_expired` to true (otherwise false). Also, * if password has expired, than `password_expired_message` is set. */ public function setExpiredPassword($user_data) { $user_data['is_password_expired'] = false; $user_data['password_expired_message'] = ""; require_once 'modules/Users/password_utils.php'; if (hasPasswordExpired($user_data['user_name'])) { $messageLabel = $_SESSION['expiration_label']; $message = translate($messageLabel, 'Users'); $user_data['is_password_expired'] = true; $user_data['password_expired_message'] = $message; $passwordSettings = $GLOBALS['sugar_config']['passwordsetting']; $user_data['password_requirements'] = $this->getPasswordRequirements($passwordSettings); } return $user_data; }
/** * Authenticates a user based on the username and password * returns true if the user was authenticated false otherwise * it also will load the user into current user if he was authenticated * * @param string $username * @param string $password * @return boolean */ function loginAuthenticate($username, $password, $fallback = false, $PARAMS = array()) { global $mod_strings; unset($_SESSION['login_error']); $usr = new user(); $usr_id = $usr->retrieve_user_id($username); $usr->retrieve($usr_id); $_SESSION['login_error'] = ''; $_SESSION['waiting_error'] = ''; $_SESSION['hasExpiredPassword'] = '******'; if ($this->userAuthenticate->loadUserOnLogin($username, $password, $fallback, $PARAMS)) { require_once 'modules/Users/password_utils.php'; if (hasPasswordExpired($username)) { $_SESSION['hasExpiredPassword'] = '******'; } // now that user is authenticated, reset loginfailed if ($usr->getPreference('loginfailed') != '' && $usr->getPreference('loginfailed') != 0) { $usr->setPreference('loginfailed', '0'); $usr->savePreferencesToDB(); } return $this->postLoginAuthenticate(); } else { if (!empty($usr_id) && $res['lockoutexpiration'] > 0) { if (($logout = $usr->getPreference('loginfailed')) == '') { $usr->setPreference('loginfailed', '1'); } else { $usr->setPreference('loginfailed', $logout + 1); } $usr->savePreferencesToDB(); } } if (strtolower(get_class($this)) != 'sugarauthenticate') { $sa = new SugarAuthenticate(); $error = !empty($_SESSION['login_error']) ? $_SESSION['login_error'] : ''; if ($sa->loginAuthenticate($username, $password, true, $PARAMS)) { return true; } $_SESSION['login_error'] = $error; } $_SESSION['login_user_name'] = $username; $_SESSION['login_password'] = $password; if (empty($_SESSION['login_error'])) { $_SESSION['login_error'] = translate('ERR_INVALID_PASSWORD', 'Users'); } return false; }
/** * Authenticates a user based on the username and password * returns true if the user was authenticated false otherwise * it also will load the user into current user if he was authenticated * * @param string $username * @param string $password * @return boolean */ function loginAuthenticate($username, $password, $fallback = false) { global $mod_strings; session_unregister('login_error'); $usr = new user(); $usr_id = $usr->retrieve_user_id($username); $usr->retrieve($usr_id); $_SESSION['login_error'] = ''; $_SESSION['waiting_error'] = ''; $_SESSION['hasExpiredPassword'] = '******'; if ($this->userAuthenticate->loadUserOnLogin($username, $password, $fallback)) { require_once 'modules/Users/password_utils.php'; if (hasPasswordExpired($username)) { $_SESSION['hasExpiredPassword'] = '******'; } return $this->postLoginAuthenticate(); } else { if (!empty($usr_id)) { if (($logout = $usr->getPreference('loginfailed')) == '') { $usr->setPreference('loginfailed', '1'); } else { $usr->setPreference('loginfailed', $logout + 1); } $usr->savePreferencesToDB(); } } if (strtolower(get_class($this)) != 'sugarauthenticate') { $sa = new SugarAuthenticate(); $error = !empty($_SESSION['login_error']) ? $_SESSION['login_error'] : ''; if ($sa->loginAuthenticate($username, $password, true)) { return true; } $_SESSION['login_error'] = $error; } $_SESSION['login_user_name'] = $username; $_SESSION['login_password'] = $password; if (empty($_SESSION['login_error'])) { $_SESSION['login_error'] = $mod_strings['ERR_INVALID_PASSWORD']; } return false; }
/** * Authenticates a user based on the username and password * returns true if the user was authenticated false otherwise * it also will load the user into current user if he was authenticated * * @param string $username * @param string $password * @return boolean */ function loginAuthenticate($username, $password, $fallback = false, $PARAMS = array()) { global $app_strings; unset($_SESSION['login_error']); $res = $GLOBALS['sugar_config']['passwordsetting']; $usr = BeanFactory::getBean('Users'); $usr->retrieve_by_string_fields(array('user_name' => $username)); $_SESSION['login_error'] = ''; $_SESSION['waiting_error'] = ''; $_SESSION['hasExpiredPassword'] = '******'; $usr->reloadPreferences(); // if there is too many login attempts if (!empty($usr->id) && $res['lockoutexpiration'] > 0 && $usr->getPreference('loginfailed') >= $res['lockoutexpirationlogin'] && !$usr->portal_only) { // if there is a lockout time set if ($res['lockoutexpiration'] == '2') { // lockout date is now if not set if (($logout_time = $usr->getPreference('logout_time')) == '') { $usr->setPreference('logout_time', TimeDate::getInstance()->nowDb()); $logout_time = $usr->getPreference('logout_time'); } // Bug # 45922 - calculating the expiretime properly $stim = strtotime($logout_time); $mins = $res['lockoutexpirationtime'] * $res['lockoutexpirationtype']; $expiretime = TimeDate::getInstance()->fromDb($logout_time)->modify("+{$mins} minutes")->asDb(); // Test if the user is still locked out and return a error message if (TimeDate::getInstance()->nowDb() < $expiretime) { $usr->setPreference('lockout', '1'); $_SESSION['login_error'] = $app_strings['LBL_LOGIN_ATTEMPTS_OVERRUN'] . ' '; $_SESSION['login_error'] .= $app_strings['LBL_LOGIN_LOGIN_TIME_ALLOWED'] . ' '; $lol = strtotime($expiretime) - strtotime(TimeDate::getInstance()->nowDb()); switch (true) { case floor($lol / 86400) != 0: $_SESSION['login_error'] .= floor($lol / 86400) . $app_strings['LBL_LOGIN_LOGIN_TIME_DAYS']; break; case floor($lol / 3600) != 0: $_SESSION['login_error'] .= floor($lol / 3600) . $app_strings['LBL_LOGIN_LOGIN_TIME_HOURS']; break; case floor($lol / 60) != 0: $_SESSION['login_error'] .= floor($lol / 60) . $app_strings['LBL_LOGIN_LOGIN_TIME_MINUTES']; break; case floor($lol) != 0: $_SESSION['login_error'] .= floor($lol) . $app_strings['LBL_LOGIN_LOGIN_TIME_SECONDS']; break; } $usr->savePreferencesToDB(); return false; } else { $usr->setPreference('lockout', ''); $usr->setPreference('loginfailed', '0'); $usr->setPreference('logout_time', ''); $usr->savePreferencesToDB(); } } else { $usr->setPreference('lockout', '1'); $_SESSION['login_error'] = $app_strings['LBL_LOGIN_ATTEMPTS_OVERRUN']; $_SESSION['waiting_error'] = $app_strings['LBL_LOGIN_ADMIN_CALL']; $usr->savePreferencesToDB(); return false; } } if ($this->userAuthenticate->loadUserOnLogin($username, $password, $fallback, $PARAMS)) { require_once 'modules/Users/password_utils.php'; if (hasPasswordExpired($username, true)) { $_SESSION['hasExpiredPassword'] = '******'; } // now that user is authenticated, reset loginfailed if ($usr->getPreference('loginfailed') != '' && $usr->getPreference('loginfailed') != 0) { $usr->setPreference('loginfailed', '0'); $usr->savePreferencesToDB(); } $this->updateUserLastLogin($usr); return $this->postLoginAuthenticate(); } else { if (!empty($usr->id) && isset($res['lockoutexpiration']) && $res['lockoutexpiration'] > 0) { if (($logout = $usr->getPreference('loginfailed')) == '') { $usr->setPreference('loginfailed', '1'); } else { $usr->setPreference('loginfailed', $logout + 1); } $usr->savePreferencesToDB(); } } if (strtolower(get_class($this)) != 'sugarauthenticate') { $sa = new SugarAuthenticate(); $error = !empty($_SESSION['login_error']) ? $_SESSION['login_error'] : ''; if ($sa->loginAuthenticate($username, $password, true, $PARAMS)) { return true; } $_SESSION['login_error'] = $error; } $_SESSION['login_user_name'] = $username; $_SESSION['login_password'] = $password; if (empty($_SESSION['login_error'])) { $_SESSION['login_error'] = translate('ERR_INVALID_PASSWORD', 'Users'); } return false; }
/** * This function is called when a user initially tries to login. * It will return true if the user successfully logs in or false otherwise. * * @param STRING $username * @param STRING $password * @param ARRAY $PARAMS * @return boolean */ function login($username, $password, $PARAMS = array()) { //kbrill bug #13225 $_SESSION['loginAttempts'] = isset($_fSESSION['loginAttempts']) ? $_SESSION['loginAttempts'] + 1 : 1; unset($GLOBALS['login_error']); if ($this->loggedIn) { return $this->loginSuccess; } $this->loginSuccess = $this->authController->loginAuthenticate($username, $password, $PARAMS); $this->loggedIn = true; if ($this->loginSuccess) { //Ensure the user is authorized checkAuthUserStatus(); loginLicense(); if (!empty($GLOBALS['login_error'])) { session_unregister('authenticated_user_id'); $GLOBALS['log']->fatal('FAILED LOGIN: potential hack attempt'); $this->loginSuccess = false; return false; } $ut = $GLOBALS['current_user']->getPreference('ut'); if (empty($ut) && $_REQUEST['action'] != 'SaveTimezone') { $GLOBALS['module'] = 'Users'; $GLOBALS['action'] = 'SetTimezone'; ob_clean(); header("Location: index.php?module=Users&action=SetTimezone"); sugar_cleanup(true); } require_once 'modules/Users/expiration.php'; if (($GLOBALS['sugar_config']['passwordsetting']['userexpiration'] > 0 && hasPasswordExpired($username) || $GLOBALS['current_user']->system_generated_password == '1') && $_REQUEST['action'] != 'Save') { $GLOBALS['module'] = 'Users'; $GLOBALS['action'] = 'ChangePassword'; ob_clean(); header("Location: index.php?module=Users&action=ChangePassword"); $_SESSION['hasExpiredPassword'] = '******'; sugar_cleanup(true); } //call business logic hook if (isset($GLOBALS['current_user'])) { $GLOBALS['current_user']->call_custom_logic('after_login'); } } else { //kbrill bug #13225 LogicHook::initialize(); $GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed'); $GLOBALS['log']->fatal('FAILED LOGIN:attempts[' . $_SESSION['loginAttempts'] . '] - ' . $username); } return $this->loginSuccess; }
* * The interactive user interfaces in modified source and object code versions * of this program must display Appropriate Legal Notices, as required under * Section 5 of the GNU General Public License version 3. * * In accordance with Section 7(b) of the GNU General Public License version 3, * these Appropriate Legal Notices must retain the display of the "Powered by * SugarCRM" logo. If the display of the logo is not reasonably feasible for * technical reasons, the Appropriate Legal Notices must display the words * "Powered by SugarCRM". ********************************************************************************/ global $current_user; global $sugar_config; if (isset($_POST['timezone']) || isset($_GET['timezone'])) { if (isset($_POST['timezone'])) { $timezone = $_POST['timezone']; } else { $timezone = $_GET['timezone']; } $current_user->setPreference('timezone', $timezone); $current_user->setPreference('ut', 1); $current_user->savePreferencesToDB(); session_write_close(); require_once 'modules/Users/expiration.php'; if ($GLOBALS['sugar_config']['passwordsetting']['userexpiration'] > 0 && hasPasswordExpired($current_user->user_name) || $GLOBALS['current_user']->system_generated_password == '1') { header('Location: index.php?module=Users&action=ChangePassword'); } else { header('Location: index.php?action=index&module=Home'); } exit; }