private function auth($user, $pass) { $error = ''; $t = Variable::get('host_ban_time'); if ($t > 0) { $fails = DB::GetOne('SELECT count(*) FROM user_login_ban WHERE failed_on>%d AND from_addr=%s', array(time() - $t, $_SERVER['REMOTE_ADDR'])); if ($fails >= 3) { $error = 'Host banned.'; } } if ($error === '') { $ret = Base_User_LoginCommon::check_login($user, $pass); if (!$ret) { $error = 'Login failed.'; if ($t > 0) { DB::Execute('DELETE FROM user_login_ban WHERE failed_on<=%d', array(time() - $t)); DB::Execute('INSERT INTO user_login_ban(failed_on,from_addr) VALUES(%d,%s)', array(time(), $_SERVER['REMOTE_ADDR'])); $fails = DB::GetOne('SELECT count(*) FROM user_login_ban WHERE failed_on>%d AND from_addr=%s', array(time() - $t, $_SERVER['REMOTE_ADDR'])); if ($fails >= 3) { $error .= ' Host banned.'; } } } else { $uid = Base_UserCommon::get_user_id($user); Acl::set_user($uid, true); } } return $error; }
public function applet($v, $o) { $all = Tools_WhoIsOnlineCommon::get(); $map = array(); foreach ($all as $id => $x) { $c = CRM_ContactsCommon::get_contact_by_user_id(Base_UserCommon::get_user_id($x)); if ($c) { $all[$id] = CRM_ContactsCommon::contact_format_no_company($c); $map[$id] = $c['last_name']; } else { $map[$id] = $x; } } asort($map); $c = count($all); if ($c == 1) { $o['title'] = __('%d user online', array($c)); } else { $o['title'] = __('%d users online', array($c)); } print '<ul>'; foreach ($map as $id => $x) { print '<li>' . $all[$id] . '</li>'; } print '</ul>'; }
static function form() { try { $anonymous = Variable::get('anonymous_setup'); } catch (NoSuchVariableException $e) { $anonymous = true; } if (!Base_AclCommon::is_user() && Base_User_LoginCommon::is_banned()) { return self::t('You have exceeded the number of allowed login attempts.'); } require_once 'modules/Libs/QuickForm/requires.php'; if (!Base_AclCommon::is_user() && !$anonymous) { Base_User_LoginCommon::autologin(); } if (!Base_AclCommon::is_user() && !$anonymous) { $get = count($_GET) ? '?' . http_build_query($_GET) : ''; $form = new HTML_QuickForm('loginform', 'post', $_SERVER['PHP_SELF'] . $get); $form->setRequiredNote('<span style="font-size:80%; color:#ff0000;">*</span><span style="font-size:80%;">' . self::t('denotes required field') . '</span>'); $form->addElement('text', 'username', self::t('Username')); $form->addRule('username', 'Field required', 'required'); $form->addElement('password', 'password', self::t('Password')); $form->addRule('password', 'Field required', 'required'); // register and add a rule to check if user is banned $form->registerRule('check_user_banned', 'callback', 'rule_login_banned', 'Base_User_LoginCommon'); $form->addRule('username', self::t('You have exceeded the number of allowed login attempts.'), 'check_user_banned'); // register and add a rule to check if user and password exists $form->registerRule('check_login', 'callback', 'submit_login', 'Base_User_LoginCommon'); $form->addRule(array('username', 'password'), self::t('Login or password incorrect'), 'check_login', $form); $form->addElement('submit', null, self::t('Login')); if ($form->validate()) { $user = $form->exportValue('username'); Base_AclCommon::set_user(Base_UserCommon::get_user_id($user), true); // redirect below is used to better browser refresh behavior. header('Location: ' . $_SERVER['REQUEST_URI']); } else { return "<center>" . $form->toHtml() . "</center>"; } } }
public function submit_recover($data) { $mail = $data['mail']; $username = $data['username']; if (DEMO_MODE && $username == 'admin') { print 'In demo you cannot recover \'admin\' user password. If you want to login please type \'admin\' as password.'; return false; } $user_id = Base_UserCommon::get_user_id($username); DB::Execute('DELETE FROM user_reset_pass WHERE created_on<%T', array(time() - 3600 * 2)); if ($user_id === false) { print 'No such user!'; return false; } $hash = md5($user_id . '' . time()); DB::Execute('INSERT INTO user_reset_pass(user_login_id,hash_id,created_on) VALUES (%d,%s,%T)', array($user_id, $hash, time())); $subject = __('Password recovery'); $message = __('A password recovery for the account with the e-mail address %s has been requested.', array($mail)) . "\n\n" . __('If you want to reset your password, visit the following URL:') . "\n" . get_epesi_url() . '/modules/Base/User/Login/reset_pass.php?hash=' . $hash . "\n" . __('or just ignore this message and your login and password will remain unchanged.') . "\n\n" . __('If you did not use the Password Recovery form, inform your administrator about a potential unauthorized attempt to login using your credentials.') . "\n\n" . __('This e-mail was generated automatically and you do not need to respond to it.'); $sendMail = Base_MailCommon::send_critical($mail, $subject, $message); return true; }
/** * Add user and send password by mail. * * @param string username * @param string mail address * @param string password * @return bool everything is ok? */ public static function add_user($username, $mail, $pass = null, $send_mail = true) { if ($pass == null) { $pass = generate_password(); } if (!Base_UserCommon::add_user($username)) { print __('Account creation failed.') . '<br>' . __('Unable to add user to database.') . '<br>'; return false; } $user_id = Base_UserCommon::get_user_id($username); if ($user_id === false) { print __('Account creation failed.') . '<br>' . __('Unable to get id of added user.') . '<br>'; return false; } $pass_hash = function_exists('password_hash') ? password_hash($pass, PASSWORD_DEFAULT) : md5($pass); $ret = DB::Execute('INSERT INTO user_password(user_login_id,password,mail) VALUES(%d,%s, %s)', array($user_id, $pass_hash, $mail)); if ($send_mail) { if (!self::send_mail_with_password($username, $pass, $mail)) { print __('Warning: Unable to send e-mail with password. Check Mail module configuration or contact system administrator for password recovery.'); } } return $ret !== false; }
public static function submit_contact($values, $mode) { switch ($mode) { case 'cloning': $values['login'] = ''; return $values; case 'display': // display copy company data button and do update if needed self::copy_company_data_subroutine($values); $is_employee = false; if (isset($values['related_companies']) && is_array($values['related_companies']) && in_array(CRM_ContactsCommon::get_main_company(), $values['related_companies'])) { $is_employee = true; } if (isset($values['company_name']) && $values['company_name'] == CRM_ContactsCommon::get_main_company()) { $is_employee = true; } $me = CRM_ContactsCommon::get_my_record(); $emp = array($me['id']); $cus = array(); if ($is_employee) { $emp[] = $values['id']; } else { $cus[] = 'P:' . $values['id']; } $ret = array(); $ret['new'] = array(); $ret['new']['crm_filter'] = '<a ' . Utils_TooltipCommon::open_tag_attrs(__('Set CRM Filter')) . ' ' . Module::create_href(array('set_crm_filter' => 1)) . '>F</a>'; if (isset($_REQUEST['set_crm_filter'])) { CRM_FiltersCommon::set_profile('c' . $values['id']); } if (ModuleManager::is_installed('CRM/Meeting') !== -1 && Utils_RecordBrowserCommon::get_access('crm_meeting', 'add')) { $ret['new']['event'] = '<a ' . Utils_TooltipCommon::open_tag_attrs(__('New Meeting')) . ' ' . Utils_RecordBrowserCommon::create_new_record_href('crm_meeting', array('employees' => $emp, 'customers' => $cus, 'status' => 0, 'priority' => 1, 'permission' => 0)) . '><img border="0" src="' . Base_ThemeCommon::get_template_file('CRM_Calendar', 'icon-small.png') . '"></a>'; } if (ModuleManager::is_installed('CRM/Tasks') !== -1 && Utils_RecordBrowserCommon::get_access('task', 'add')) { $ret['new']['task'] = '<a ' . Utils_TooltipCommon::open_tag_attrs(__('New Task')) . ' ' . Utils_RecordBrowserCommon::create_new_record_href('task', array('employees' => $emp, 'customers' => $cus, 'status' => 0, 'priority' => 1, 'permission' => 0)) . '><img border="0" src="' . Base_ThemeCommon::get_template_file('CRM_Tasks', 'icon-small.png') . '"></a>'; } if (ModuleManager::is_installed('CRM/PhoneCall') !== -1 && Utils_RecordBrowserCommon::get_access('phonecall', 'add')) { $ret['new']['phonecall'] = '<a ' . Utils_TooltipCommon::open_tag_attrs(__('New Phonecall')) . ' ' . Utils_RecordBrowserCommon::create_new_record_href('phonecall', array('date_and_time' => date('Y-m-d H:i:s'), 'customer' => 'P:' . $values['id'], 'employees' => $me['id'], 'status' => 0, 'permission' => 0, 'priority' => 1), 'none', false) . '><img border="0" src="' . Base_ThemeCommon::get_template_file('CRM_PhoneCall', 'icon-small.png') . '"></a>'; } $ret['new']['note'] = Utils_RecordBrowser::$rb_obj->add_note_button('contact/' . $values['id']); return $ret; case 'adding': $values['permission'] = Base_User_SettingsCommon::get('CRM_Common', 'default_record_permission'); break; case 'add': if (isset($values['email']) && $values['email'] == '' && $values['login'] != 0 && $mode == 'add') { $values['email'] = DB::GetOne('SELECT mail FROM user_password WHERE user_login_id=%d', array($values['login'])); } case 'edit': if (isset($values['create_company'])) { $comp_id = Utils_RecordBrowserCommon::new_record('company', array('company_name' => $values['create_company_name'], 'address_1' => $values['address_1'], 'address_2' => $values['address_2'], 'country' => $values['country'], 'city' => $values['city'], 'zone' => isset($values['zone']) ? $values['zone'] : '', 'postal_code' => $values['postal_code'], 'phone' => $values['work_phone'], 'fax' => $values['fax'], 'web_address' => $values['web_address'], 'permission' => $values['permission'])); if (!isset($values['company_name'])) { $values['company_name'] = null; } if (!isset($values['related_companies'])) { $values['related_companies'] = array(); } if (!is_array($values['related_companies'])) { $values['related_companies'] = array($values['related_companies']); } if (!$values['company_name']) { $values['company_name'] = $comp_id; } else { $values['related_companies'][] = $comp_id; } } if (Base_AclCommon::i_am_admin()) { if ($values['login'] == 'new') { if (!$values['set_password']) { $values['set_password'] = null; } Base_User_LoginCommon::add_user($values['username'], $values['email'], $values['set_password']); $values['login'] = Base_UserCommon::get_user_id($values['username']); } else { if ($values['login']) { Base_User_LoginCommon::change_user_preferences($values['login'], isset($values['email']) ? $values['email'] : '', isset($values['set_password']) ? $values['set_password'] : null); if (isset($values['username']) && $values['username']) { Base_UserCommon::rename_user($values['login'], $values['username']); } } } if (Base_AclCommon::i_am_sa() && $values['login'] && isset($values['admin']) && $values['admin'] !== '') { $old_admin = Base_AclCommon::get_admin_level($values['login']); if ($old_admin != $values['admin']) { $admin_arr = array(0 => 'No', 1 => 'Administrator', 2 => 'Super Administrator'); if (Base_UserCommon::change_admin($values['login'], $values['admin']) !== true) { Utils_RecordBrowserCommon::new_record_history('contact', $values['id'], 'Admin set from "' . $admin_arr[$old_admin] . '" to "' . $admin_arr[$values['admin']]); } } } } unset($values['admin']); unset($values['username']); unset($values['set_password']); unset($values['confirm_password']); } return $values; }
public function done($d) { @set_time_limit(0); if (count($this->ini) == 1) { $pkgs = reset($this->ini); $pkgs = $pkgs['package']; } else { $pkgs = isset($this->ini[$d[0]['setup_type']]['package']) ? $this->ini[$d[0]['setup_type']]['package'] : array(); } $t = microtime(true); error_log(date('Y-m-d H:i:s') . ': installing "Base" ...' . "\n", 3, DATA_DIR . '/firstrun.log'); if (!ModuleManager::install('Base', null, false)) { print 'Unable to install Base module pack.'; return false; } error_log(date('Y-m-d H:i:s') . ': done (' . (microtime(true) - $t) . "s).\n", 3, DATA_DIR . '/firstrun.log'); $t = microtime(true); error_log(date('Y-m-d H:i:s') . ': creating admin user ...' . "\n", 3, DATA_DIR . '/firstrun.log'); if (!Base_UserCommon::add_user($d['simple_user']['login'])) { print 'Unable to create user'; return false; } $user_id = Base_UserCommon::get_user_id($d['simple_user']['login']); if ($user_id === false) { print 'Unable to get admin user id'; return false; } if (!DB::Execute('INSERT INTO user_password(user_login_id,password,mail) VALUES(%d,%s, %s)', array($user_id, md5($d['simple_user']['pass']), $d['simple_user']['mail']))) { print 'Unable to set user password'; return false; } if (!Base_UserCommon::change_admin($user_id, 2)) { print 'Unable to update admin account data (groups).'; return false; } Acl::set_user($user_id, true); Variable::set('anonymous_setup', false); error_log(date('Y-m-d H:i:s') . ': done (' . (microtime(true) - $t) . "s).\n", 3, DATA_DIR . '/firstrun.log'); $t = microtime(true); error_log(date('Y-m-d H:i:s') . ': setting mail server ...' . "\n", 3, DATA_DIR . '/firstrun.log'); $method = $d['simple_mail']['mail_method']; Variable::set('mail_method', $method); Variable::set('mail_from_addr', $d['simple_user']['mail']); Variable::set('mail_from_name', $d['simple_user']['login']); if ($method == 'smtp') { Variable::set('mail_host', $d['simple_mail_smtp']['mail_host']); if ($d['simple_mail_smtp']['mail_user'] !== '' && $d['simple_mail_smtp']['mail_user'] !== '') { $auth = true; } else { $auth = false; } Variable::set('mail_auth', $auth); if ($auth) { Variable::set('mail_user', $d['simple_mail_smtp']['mail_user']); Variable::set('mail_password', $d['simple_mail_smtp']['mail_password']); } } error_log(date('Y-m-d H:i:s') . ': done (' . (microtime(true) - $t) . "s).\n", 3, DATA_DIR . '/firstrun.log'); $t = microtime(true); error_log(date('Y-m-d H:i:s') . ': Installing modules ...' . "\n", 3, DATA_DIR . '/firstrun.log'); foreach ($pkgs as $p) { if (!is_dir('modules/' . $p)) { continue; } $t2 = microtime(true); error_log(' * ' . date('Y-m-d H:i:s') . ' - ' . $p . ' (', 3, DATA_DIR . '/firstrun.log'); if (!ModuleManager::install(str_replace('/', '_', $p), null, false)) { print '<b>Unable to install ' . str_replace('_', '/', $p) . ' module.</b>'; } error_log(microtime(true) - $t2 . "s)\n", 3, DATA_DIR . '/firstrun.log'); } error_log(date('Y-m-d H:i:s') . ': done (' . (microtime(true) - $t) . "s).\n", 3, DATA_DIR . '/firstrun.log'); $t = microtime(true); error_log(date('Y-m-d H:i:s') . ': Refreshing cache of modules ...' . "\n", 3, DATA_DIR . '/firstrun.log'); ModuleManager::create_load_priority_array(); Base_SetupCommon::refresh_available_modules(); error_log(date('Y-m-d H:i:s') . ': done (' . (microtime(true) - $t) . "s).\n", 3, DATA_DIR . '/firstrun.log'); $t = microtime(true); error_log(date('Y-m-d H:i:s') . ': Creating cache of template files ...' . "\n", 3, DATA_DIR . '/firstrun.log'); Base_ThemeCommon::create_cache(); error_log(date('Y-m-d H:i:s') . ': done (' . (microtime(true) - $t) . "s).\n", 3, DATA_DIR . '/firstrun.log'); $t = microtime(true); error_log(date('Y-m-d H:i:s') . ': Updating translation files ...' . "\n", 3, DATA_DIR . '/firstrun.log'); Base_LangCommon::update_translations(); error_log(date('Y-m-d H:i:s') . ': done (' . (microtime(true) - $t) . "s).\n", 3, DATA_DIR . '/firstrun.log'); $processed = ModuleManager::get_processed_modules(); $_SESSION['first-run_post-install'] = $processed['install']; location(); }
public function submit_edit_user_form($data) { $mail = $data['mail']; $username = $data['username']; if (DEMO_MODE) { print 'You cannot change user password or e-mail address in demo'; return false; } $pass = $data['pass']; $edit_id = $this->get_unique_href_variable('edit_user'); if ($edit_id < 0) { if (!Base_User_LoginCommon::add_user($username, $mail, $pass)) { return false; } $edit_id = Base_UserCommon::get_user_id($username); } else { Base_UserCommon::rename_user($edit_id, $username); if (Base_User_LoginCommon::change_user_preferences($edit_id, $mail, $pass) === false) { print __('Unable to update account data (password and mail).'); return false; } if (!Base_UserCommon::change_active_state($edit_id, $data['active'])) { print __('Unable to update account data (active).'); return false; } } if (!Base_UserCommon::change_admin($edit_id, $data['admin'])) { print __('Unable to update account data (admin).'); return false; } return true; }