/**
* Validate the user session based on user name and password hash.
*
* @param string $user_name -- The user name to create a session for
* @param string $password -- The MD5 sum of the user's password
* @return true -- If the session is created
* @return false -- If the session is not created
*/
function validate_user($user_name, $password)
{
global $server, $current_user, $sugar_config, $system_config;
$user = new User();
$user->user_name = $user_name;
$system_config = new Administration();
$system_config->retrieveSettings('system');
$authController = new AuthenticationController();
// Check to see if the user name and password are consistent.
if ($user->authenticate_user($password)) {
// we also need to set the current_user.
$user->retrieve($user->id);
$current_user = $user;
login_success();
return true;
} else {
if (function_exists('mcrypt_cbc')) {
$password = decrypt_string($password);
if ($authController->login($user_name, $password) && isset($_SESSION['authenticated_user_id'])) {
$user->retrieve($_SESSION['authenticated_user_id']);
$current_user = $user;
login_success();
return true;
}
} else {
$GLOBALS['log']->fatal("SECURITY: failed attempted login for {$user_name} using SOAP api");
$server->setError("Invalid username and/or password");
return false;
}
}
}
/**
* Validate the provided session information is correct and current. Load the session.
*
* @param String $session_id -- The session ID that was returned by a call to login.
* @return true -- If the session is valid and loaded.
* @return false -- if the session is not valid.
*/
function validate_authenticated($session_id)
{
if (!empty($session_id)) {
session_id($session_id);
session_start();
if (!empty($_SESSION['is_valid_session']) && is_valid_ip_address('ip_address') && $_SESSION['type'] == 'user') {
global $current_user;
$current_user = new User();
$current_user->retrieve($_SESSION['user_id']);
login_success();
return true;
}
session_destroy();
}
LogicHook::initialize();
$GLOBALS['log']->fatal('SECURITY: The session ID is invalid');
$GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed');
return false;
}
$token = uniqid();
setcookie("roll", $roll);
setcookie("token", $token);
$login_query = 'update students set token="' . $token . '" where roll=' . $roll;
if (db_exec_only($login_query)) {
$login_success = true;
}
}
}
theme_header('Login');
theme_navbar($login_success, $roll);
?>
<div class="col-lg-5">
<h2><i class="fa fa-sign-in fa-fw"></i> Login <small>Get access student database</small></h2>
<?
if($login_success)
login_success();
else {
if($_POST) {
login_error();
}
theme_login_form();
}
?>
</div>
<?
theme_footer();
db_close();
?>
function portal_validate_authenticated($session_id)
{
// $GLOBALS['log']->fatal('fds');
$old_error_reporting = error_reporting(0);
session_id($session_id);
// This little construct checks to see if the session validated
if (session_start()) {
$valid_session = true;
if (!empty($_SESSION['is_valid_session']) && $_SESSION['ip_address'] == $_SERVER['REMOTE_ADDR'] && $valid_session != null && ($_SESSION['type'] == 'contact' || $_SESSION['type'] == 'lead' || $_SESSION['type'] == 'portal')) {
global $current_user;
$valid_session->last_request_time = gmdate("Y-m-d H:i:s");
$valid_session->save();
$current_user = new User();
$current_user->retrieve($_SESSION['portal_id']);
login_success();
error_reporting($old_error_reporting);
return true;
}
}
session_destroy();
error_reporting($old_error_reporting);
return false;
}
function portal_validate_authenticated($session_id)
{
$old_error_reporting = error_reporting(0);
session_id($session_id);
// This little construct checks to see if the session validated
if (session_start()) {
$valid_session = true;
if (!empty($_SESSION['is_valid_session']) && $_SESSION['ip_address'] == query_client_ip() && $valid_session != null && ($_SESSION['type'] == 'contact' || $_SESSION['type'] == 'lead' || $_SESSION['type'] == 'portal')) {
global $current_user;
$current_user = new User();
$current_user->retrieve($_SESSION['portal_id']);
login_success();
error_reporting($old_error_reporting);
return true;
}
}
session_destroy();
$GLOBALS['log']->fatal('SECURITY: The session ID is invalid');
error_reporting($old_error_reporting);
return false;
}
function handle_access_code()
{
render_boilerplate();
$request = Flight::request();
$code = $request->query->access_code;
$code = strtolower(trim($code));
if (empty($code)) {
Flight::render('denied_code', array('msg' => _('No access code sent.')));
} else {
if ($code != ACCESS_CODE) {
Flight::render('denied_code', array('msg' => _('Wrong access code.')));
} else {
login_success();
}
}
}
/**
* Validate the provided session information is correct and current. Load the session.
*
* @param String $session_id -- The session ID that was returned by a call to login.
* @return true -- If the session is valid and loaded.
* @return false -- if the session is not valid.
*/
function validate_authenticated($session_id)
{
session_id($session_id);
session_start();
if (!empty($_SESSION['is_valid_session']) && $_SESSION['ip_address'] == $_SERVER['REMOTE_ADDR'] && $_SESSION['type'] == 'user') {
global $current_user;
require_once 'modules/Users/User.php';
$current_user = new User();
$current_user->retrieve($_SESSION['user_id']);
login_success();
return true;
}
session_destroy();
return false;
}
function portal_validate_authenticated($session_id)
{
$old_error_reporting = error_reporting(0);
session_id($session_id);
// This little construct checks to see if the session validated
if (session_start()) {
$valid_session = true;
$valid_session = SessionManager::getValidSession($session_id);
if (!empty($_SESSION['is_valid_session']) && $_SESSION['ip_address'] == query_client_ip() && $valid_session != null && ($_SESSION['type'] == 'contact' || $_SESSION['type'] == 'lead' || $_SESSION['type'] == 'portal')) {
global $current_user;
$valid_session->last_request_time = TimeDate::getInstance()->nowDb();
$valid_session->save();
$current_user = BeanFactory::getBean('Users', $_SESSION['portal_id']);
login_success();
error_reporting($old_error_reporting);
return true;
}
}
session_destroy();
$GLOBALS['log']->fatal('SECURITY: The session ID is invalid');
error_reporting($old_error_reporting);
return false;
}
function handle_access_code()
{
render_boilerplate();
$request = Flight::request();
$code = $request->query->access_code;
$code = strtolower(trim($code));
if (empty($code)) {
Flight::render('denied_code', array('msg' => _('Did you type anything?')));
} else {
if ($code != ACCESS_CODE) {
Flight::render('denied_code', array('msg' => _('Did you have a typo?')));
} else {
login_success();
}
}
}
/**
* Log the user into the application
*
* @param UserAuth array $user_auth -- Set user_name and password (password needs to be
* in the right encoding for the type of authentication the user is setup for. For Base
* sugar validation, password is the MD5 sum of the plain text password.
* @param String $application -- The name of the application you are logging in from. (Currently unused).
* @return Array(session_id) -- session_id is the id of the session that was created.
* @exception 'SoapFault' -- The SOAP error, if any
*/
function new_login($user_auth, $application)
{
global $sugar_config, $system_config;
$error = new SoapError();
$user = new User();
$success = false;
//rrs
$system_config = new Administration();
$system_config->retrieveSettings('system');
$authController = new AuthenticationController(!empty($sugar_config['authenticationClass']) ? $sugar_config['authenticationClass'] : 'SugarAuthenticate');
//rrs
$user = $user->retrieve_by_string_fields(array('user_name' => $user_auth['user_name'], 'user_hash' => $user_auth['password'], 'deleted' => 0, 'status' => 'Active', 'portal_only' => 0));
if (!empty($user) && !empty($user->id)) {
$success = true;
global $current_user;
$current_user = $user;
} else {
if (function_exists('mcrypt_cbc')) {
$password = decrypt_string($user_auth['password']);
if ($authController->login($user_auth['user_name'], $password) && isset($_SESSION['authenticated_user_id'])) {
$success = true;
}
// if
}
}
// else if
if ($success) {
session_start();
global $current_user;
//$current_user = $user;
login_success();
$current_user->loadPreferences();
$_SESSION['is_valid_session'] = true;
$_SESSION['ip_address'] = query_client_ip();
$_SESSION['user_id'] = $current_user->id;
$_SESSION['type'] = 'user';
$_SESSION['avail_modules'] = get_user_module_list($current_user);
$_SESSION['authenticated_user_id'] = $current_user->id;
$_SESSION['unique_key'] = $sugar_config['unique_key'];
$current_user->call_custom_logic('after_login');
return array('id' => session_id());
}
// if
LogicHook::initialize();
$GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed');
$error->set_error('invalid_login');
setFaultObject($error);
}
