public static function getTimeZoneId($userId = null, $date = null) { $dateKey = $date === null ? 0 : $date; $userIdKey = $userId === null ? 0 : $userId; if ($userId === null) { $userId = $GLOBALS["USER"]->GetId(); } static $timezoneCache = array(); if (isset($timezoneCache[$userIdKey]) && isset($timezoneCache[$userIdKey][$dateKey])) { return $timezoneCache[$userIdKey][$dateKey]; } $autoTimeZone = $userZone = ''; $factOffset = 0; if ($date === null) { $date = time(); } static $userCache = array(); if ($userId === null) { $autoTimeZone = trim($GLOBALS["USER"]->GetParam("AUTO_TIME_ZONE")); $userZone = $GLOBALS["USER"]->GetParam("TIME_ZONE"); } else { if (!isset($userCache[$userId])) { $dbUser = CUser::GetByID($userId); if ($arUser = $dbUser->Fetch()) { $userCache[$userId] = array("AUTO_TIME_ZONE" => trim($arUser["AUTO_TIME_ZONE"]), "TIME_ZONE" => $arUser["TIME_ZONE"], "TIME_ZONE_OFFSET" => $arUser["TIME_ZONE_OFFSET"]); } } if (isset($userCache[$userId])) { $autoTimeZone = $userCache[$userId]["AUTO_TIME_ZONE"]; $userZone = $userCache[$userId]["TIME_ZONE"]; $factOffset = $userCache[$userId]["TIME_ZONE_OFFSET"]; } } if (CTimeZone::IsAutoTimeZone($autoTimeZone)) { static $userOffsetCache = array(); if (!isset($userOffsetCache[$userId === null ? 0 : $userId])) { $userOffsetCache[$userIdKey] = CTimeZone::GetOffset($userId); } $userOffset = $userOffsetCache[$userIdKey]; $localTime = new DateTime(); $localOffset = $localTime->getOffset(); $timezoneCache[$userIdKey][$dateKey] = CDavICalendarTimeZone::getTimezoneByOffset($date, $userOffset + $localOffset); } else { if ($userZone != '' && isset(self::$arTimeZones[$userZone])) { $timezoneCache[$userIdKey][$dateKey] = $userZone; } else { $localTime = new DateTime(); $localOffset = $localTime->getOffset(); $timezoneCache[$userIdKey][$dateKey] = CDavICalendarTimeZone::getTimezoneByOffset($date, $factOffset + $localOffset); } } return $timezoneCache[$userIdKey][$dateKey]; }
/** * Performs the user authorization: * fills session parameters; * remembers auth; * spreads auth through sites */ function Authorize($id, $bSave = false) { /** @global CMain $APPLICATION */ global $DB, $APPLICATION; unset($_SESSION["SESS_OPERATIONS"]); $_SESSION["BX_LOGIN_NEED_CAPTCHA"] = false; $strSql = "SELECT U.* " . "FROM b_user U " . "WHERE U.ID='" . intval($id) . "' "; $result = $DB->Query($strSql, false, "FILE: " . __FILE__ . "<br> LINE: " . __LINE__); if ($arUser = $result->Fetch()) { $_SESSION["SESS_AUTH"]["AUTHORIZED"] = "Y"; $_SESSION["SESS_AUTH"]["USER_ID"] = $arUser["ID"]; $_SESSION["SESS_AUTH"]["LOGIN"] = $arUser["LOGIN"]; $_SESSION["SESS_AUTH"]["LOGIN_COOKIES"] = $arUser["LOGIN"]; $_SESSION["SESS_AUTH"]["EMAIL"] = $arUser["EMAIL"]; $_SESSION["SESS_AUTH"]["PASSWORD_HASH"] = $arUser["PASSWORD"]; $_SESSION["SESS_AUTH"]["NAME"] = $arUser["NAME"] . ($arUser["NAME"] == '' || $arUser["LAST_NAME"] == '' ? "" : " ") . $arUser["LAST_NAME"]; $_SESSION["SESS_AUTH"]["FIRST_NAME"] = $arUser["NAME"]; $_SESSION["SESS_AUTH"]["SECOND_NAME"] = $arUser["SECOND_NAME"]; $_SESSION["SESS_AUTH"]["LAST_NAME"] = $arUser["LAST_NAME"]; $_SESSION["SESS_AUTH"]["ADMIN"] = false; $_SESSION["SESS_AUTH"]["CONTROLLER_ADMIN"] = false; $_SESSION["SESS_AUTH"]["POLICY"] = CUser::GetGroupPolicy($arUser["ID"]); $_SESSION["SESS_AUTH"]["AUTO_TIME_ZONE"] = trim($arUser["AUTO_TIME_ZONE"]); $_SESSION["SESS_AUTH"]["TIME_ZONE"] = $arUser["TIME_ZONE"]; $arGroups = array(); $strSql = "SELECT G.ID " . "FROM b_group G " . "WHERE G.ANONYMOUS='Y' " . "\tAND G.ACTIVE='Y' "; $result = $DB->Query($strSql, false, "FILE: " . __FILE__ . "<br> LINE: " . __LINE__); while ($ar = $result->Fetch()) { $arGroups[] = $ar["ID"]; } if (!in_array(2, $arGroups)) { $arGroups[] = 2; } $strSql = "SELECT G.ID " . "FROM b_user_group UG, b_group G " . "WHERE UG.USER_ID = " . $arUser["ID"] . " " . "\tAND G.ID=UG.GROUP_ID " . "\tAND G.ACTIVE='Y' " . "\tAND ((UG.DATE_ACTIVE_FROM IS NULL) OR (UG.DATE_ACTIVE_FROM <= " . $DB->CurrentTimeFunction() . ")) " . "\tAND ((UG.DATE_ACTIVE_TO IS NULL) OR (UG.DATE_ACTIVE_TO >= " . $DB->CurrentTimeFunction() . ")) " . "\tAND (G.ANONYMOUS<>'Y' OR G.ANONYMOUS IS NULL) "; $result = $DB->Query($strSql, false, "FILE: " . __FILE__ . "<br> LINE: " . __LINE__); while ($ar = $result->Fetch()) { $arGroups[] = $ar["ID"]; if ($ar["ID"] == 1) { $_SESSION["SESS_AUTH"]["ADMIN"] = true; } } sort($arGroups); $_SESSION["SESS_AUTH"]["GROUPS"] = $arGroups; $tz = ''; if (CTimeZone::Enabled()) { if (!CTimeZone::IsAutoTimeZone(trim($arUser["AUTO_TIME_ZONE"])) || CTimeZone::GetCookieValue() !== null) { $tz = ', TIME_ZONE_OFFSET = ' . CTimeZone::GetOffset(); } } $DB->Query("\n\t\t\t\tUPDATE b_user SET\n\t\t\t\t\tSTORED_HASH = NULL,\n\t\t\t\t\tLAST_LOGIN = "******",\n\t\t\t\t\tTIMESTAMP_X = TIMESTAMP_X,\n\t\t\t\t\tLOGIN_ATTEMPTS = 0\n\t\t\t\t\t" . $tz . "\n\t\t\t\tWHERE\n\t\t\t\t\tID=" . $arUser["ID"]); $APPLICATION->set_cookie("LOGIN", $_SESSION["SESS_AUTH"]["LOGIN_COOKIES"], time() + 60 * 60 * 24 * 30 * 60, '/', false, false, COption::GetOptionString("main", "auth_multisite", "N") == "Y"); if ($bSave || COption::GetOptionString("main", "auth_multisite", "N") == "Y") { $hash = $this->GetSessionHash(); $secure = COption::GetOptionString("main", "use_secure_password_cookies", "N") == "Y" && CMain::IsHTTPS(); if ($bSave) { $APPLICATION->set_cookie("UIDH", $hash, time() + 60 * 60 * 24 * 30 * 60, '/', false, $secure, BX_SPREAD_SITES | BX_SPREAD_DOMAIN); } else { $APPLICATION->set_cookie("UIDH", $hash, 0, '/', false, $secure, BX_SPREAD_SITES); } $stored_id = CUser::CheckStoredHash($arUser["ID"], $hash); if ($stored_id) { $DB->Query("UPDATE b_user_stored_auth SET\n\t\t\t\t\t\t\tLAST_AUTH=" . $DB->CurrentTimeFunction() . ",\n\t\t\t\t\t\t\t" . ($this->bLoginByHash ? "" : "TEMP_HASH='" . ($bSave ? "N" : "Y") . "', ") . "\n\t\t\t\t\t\t\tIP_ADDR='" . sprintf("%u", ip2long($_SERVER["REMOTE_ADDR"])) . "'\n\t\t\t\t\t\tWHERE ID=" . $stored_id); } else { $arFields = array('USER_ID' => $arUser["ID"], '~DATE_REG' => $DB->CurrentTimeFunction(), '~LAST_AUTH' => $DB->CurrentTimeFunction(), 'TEMP_HASH' => $bSave ? "N" : "Y", '~IP_ADDR' => sprintf("%u", ip2long($_SERVER["REMOTE_ADDR"])), 'STORED_HASH' => $hash); $stored_id = CDatabase::Add("b_user_stored_auth", $arFields); } $_SESSION["SESS_AUTH"]["STORED_AUTH_ID"] = $stored_id; } $this->admin = null; $arParams = array("user_fields" => $arUser, "save" => $bSave); foreach (GetModuleEvents("main", "OnAfterUserAuthorize", true) as $arEvent) { ExecuteModuleEventEx($arEvent, array(&$arParams)); } foreach (GetModuleEvents("main", "OnUserLogin", true) as $arEvent) { ExecuteModuleEventEx($arEvent, array($_SESSION["SESS_AUTH"]["USER_ID"])); } if (COption::GetOptionString("main", "event_log_login_success", "N") === "Y") { CEventLog::Log("SECURITY", "USER_AUTHORIZE", "main", $arUser["ID"]); } return true; } return false; }
/** * Performs the user authorization: * fills session parameters; * remembers auth; * spreads auth through sites */ function Authorize($id, $bSave = false, $bUpdate = true, $applicationId = null) { /** @global CMain $APPLICATION */ global $DB, $APPLICATION; unset($_SESSION["SESS_OPERATIONS"]); unset($_SESSION["MODULE_PERMISSIONS"]); $_SESSION["BX_LOGIN_NEED_CAPTCHA"] = false; $strSql = "SELECT U.* " . "FROM b_user U " . "WHERE U.ID='" . intval($id) . "' "; $result = $DB->Query($strSql, false, "FILE: " . __FILE__ . "<br> LINE: " . __LINE__); if ($arUser = $result->Fetch()) { $this->justAuthorized = true; $_SESSION["SESS_AUTH"]["AUTHORIZED"] = "Y"; $_SESSION["SESS_AUTH"]["USER_ID"] = $arUser["ID"]; $_SESSION["SESS_AUTH"]["LOGIN"] = $arUser["LOGIN"]; $_SESSION["SESS_AUTH"]["LOGIN_COOKIES"] = $arUser["LOGIN"]; $_SESSION["SESS_AUTH"]["EMAIL"] = $arUser["EMAIL"]; $_SESSION["SESS_AUTH"]["PASSWORD_HASH"] = $arUser["PASSWORD"]; $_SESSION["SESS_AUTH"]["TITLE"] = $arUser["TITLE"]; $_SESSION["SESS_AUTH"]["NAME"] = $arUser["NAME"] . ($arUser["NAME"] == '' || $arUser["LAST_NAME"] == '' ? "" : " ") . $arUser["LAST_NAME"]; $_SESSION["SESS_AUTH"]["FIRST_NAME"] = $arUser["NAME"]; $_SESSION["SESS_AUTH"]["SECOND_NAME"] = $arUser["SECOND_NAME"]; $_SESSION["SESS_AUTH"]["LAST_NAME"] = $arUser["LAST_NAME"]; $_SESSION["SESS_AUTH"]["PERSONAL_PHOTO"] = $arUser["PERSONAL_PHOTO"]; $_SESSION["SESS_AUTH"]["PERSONAL_GENDER"] = $arUser["PERSONAL_GENDER"]; $_SESSION["SESS_AUTH"]["ADMIN"] = false; $_SESSION["SESS_AUTH"]["CONTROLLER_ADMIN"] = false; $_SESSION["SESS_AUTH"]["POLICY"] = CUser::GetGroupPolicy($arUser["ID"]); $_SESSION["SESS_AUTH"]["AUTO_TIME_ZONE"] = trim($arUser["AUTO_TIME_ZONE"]); $_SESSION["SESS_AUTH"]["TIME_ZONE"] = $arUser["TIME_ZONE"]; $_SESSION["SESS_AUTH"]["APPLICATION_ID"] = $applicationId; $_SESSION["SESS_AUTH"]["BX_USER_ID"] = $arUser["BX_USER_ID"]; // groups $_SESSION["SESS_AUTH"]["GROUPS"] = Main\UserTable::getUserGroupIds($arUser["ID"]); foreach ($_SESSION["SESS_AUTH"]["GROUPS"] as $groupId) { if ($groupId == 1) { $_SESSION["SESS_AUTH"]["ADMIN"] = true; break; } } //sometimes we don't need to update db (REST) if ($bUpdate) { $tz = ''; if (CTimeZone::Enabled()) { if (!CTimeZone::IsAutoTimeZone(trim($arUser["AUTO_TIME_ZONE"])) || CTimeZone::GetCookieValue() !== null) { $tz = ', TIME_ZONE_OFFSET = ' . CTimeZone::GetOffset(); } } $bxUid = ''; if (!empty($_COOKIE['BX_USER_ID']) && preg_match('/^[0-9a-f]{32}$/', $_COOKIE['BX_USER_ID'])) { if ($_COOKIE['BX_USER_ID'] != $arUser['BX_USER_ID']) { // save new bxuid value $bxUid = ", BX_USER_ID = '" . $_COOKIE['BX_USER_ID'] . "'"; $arUser['BX_USER_ID'] = $_COOKIE['BX_USER_ID']; $_SESSION["SESS_AUTH"]["BX_USER_ID"] = $_COOKIE['BX_USER_ID']; } } $DB->Query("\n\t\t\t\t\tUPDATE b_user SET\n\t\t\t\t\t\tSTORED_HASH = NULL,\n\t\t\t\t\t\tLAST_LOGIN = "******",\n\t\t\t\t\t\tTIMESTAMP_X = TIMESTAMP_X,\n\t\t\t\t\t\tLOGIN_ATTEMPTS = 0\n\t\t\t\t\t\t" . $tz . "\n\t\t\t\t\t\t" . $bxUid . "\n\t\t\t\t\tWHERE\n\t\t\t\t\t\tID=" . $arUser["ID"]); if ($applicationId === null && ($bSave || COption::GetOptionString("main", "auth_multisite", "N") == "Y")) { $hash = $this->GetSessionHash(); $secure = COption::GetOptionString("main", "use_secure_password_cookies", "N") == "Y" && CMain::IsHTTPS(); if ($bSave) { $period = time() + 60 * 60 * 24 * 30 * 60; $spread = BX_SPREAD_SITES | BX_SPREAD_DOMAIN; } else { $period = 0; $spread = BX_SPREAD_SITES; } $APPLICATION->set_cookie("UIDH", $hash, $period, '/', false, $secure, $spread, false, true); $APPLICATION->set_cookie("UIDL", $arUser["LOGIN"], $period, '/', false, $secure, $spread, false, true); $stored_id = CUser::CheckStoredHash($arUser["ID"], $hash); if ($stored_id) { $DB->Query("UPDATE b_user_stored_auth SET\n\t\t\t\t\t\t\t\tLAST_AUTH=" . $DB->CurrentTimeFunction() . ",\n\t\t\t\t\t\t\t\t" . ($this->bLoginByHash ? "" : "TEMP_HASH='" . ($bSave ? "N" : "Y") . "', ") . "\n\t\t\t\t\t\t\t\tIP_ADDR='" . sprintf("%u", ip2long($_SERVER["REMOTE_ADDR"])) . "'\n\t\t\t\t\t\t\tWHERE ID=" . $stored_id); } else { $arFields = array('USER_ID' => $arUser["ID"], '~DATE_REG' => $DB->CurrentTimeFunction(), '~LAST_AUTH' => $DB->CurrentTimeFunction(), 'TEMP_HASH' => $bSave ? "N" : "Y", '~IP_ADDR' => sprintf("%u", ip2long($_SERVER["REMOTE_ADDR"])), 'STORED_HASH' => $hash); $stored_id = CDatabase::Add("b_user_stored_auth", $arFields); } $_SESSION["SESS_AUTH"]["STORED_AUTH_ID"] = $stored_id; } } $this->admin = null; $arParams = array("user_fields" => $arUser, "save" => $bSave, "update" => $bUpdate, "applicationId" => $applicationId); foreach (GetModuleEvents("main", "OnAfterUserAuthorize", true) as $arEvent) { ExecuteModuleEventEx($arEvent, array($arParams)); } foreach (GetModuleEvents("main", "OnUserLogin", true) as $arEvent) { ExecuteModuleEventEx($arEvent, array($_SESSION["SESS_AUTH"]["USER_ID"])); } if (COption::GetOptionString("main", "event_log_login_success", "N") === "Y") { CEventLog::Log("SECURITY", "USER_AUTHORIZE", "main", $arUser["ID"], $applicationId); } CHTMLPagesCache::OnUserLogin(); return true; } return false; }
public static function GetUserOffset($params) { $userOffset = 0; $localOffset = 0; if (!CTimeZone::Enabled()) { return 0; } try { $localTime = new DateTime(); $localOffset = $localTime->getOffset(); $autoTimeZone = trim($params["AUTO_TIME_ZONE"]); $userZone = $params["TIME_ZONE"]; $factOffset = $params["TIME_ZONE_OFFSET"]; if ($autoTimeZone == "N") { $userTime = $userZone != "" ? new DateTime(null, new DateTimeZone($userZone)) : $localTime; $userOffset = $userTime->getOffset(); } else { if (CTimeZone::IsAutoTimeZone($autoTimeZone)) { return intval($factOffset); } else { $serverZone = COption::GetOptionString("main", "default_time_zone", ""); $serverTime = $serverZone != "" ? new DateTime(null, new DateTimeZone($serverZone)) : $localTime; $userOffset = $serverTime->getOffset(); } } } catch (Exception $e) { return 0; } return intval($userOffset) - intval($localOffset); }