/** * Logs the user in * @param string $login login * @param string $pass password * @param string $cookieVal y or n if we are using cookie * @param string $isCookie id value of user stored in the cookie * @param string $resume page to forward the user to after a login * @param string $lang language code to set * @return any error message that occured during login */ function doLogin($login, $pass, $cookieVal = null, $isCookie = false, $resume = '', $lang = '', $domain = '') { global $conf; $msg = ''; $allowedToLogin = true; if (empty($resume)) { $resume = 'summary.php'; } // Go to control panel by default $_SESSION['sessionID'] = null; $_SESSION['sessionName'] = null; $_SESSION['sessionMail'] = null; $_SESSION['sessionAdmin'] = null; $_SESSION['sessionMailAdmin'] = null; $_SESSION['sessionNav'] = null; $login = stripslashes($login); $pass = stripslashes($pass); $ok_user = $ok_pass = false; $authMethod = $conf['auth']['serverType']; if ($isCookie != false) { // Cookie is set $id = $isCookie; if ($this->db->verifyID($id)) { $ok_user = $ok_pass = true; } else { $ok_user = $ok_pass = false; setcookie('ID', '', time() - 3600, '/'); // Clear out all cookies $msg .= translate('That cookie seems to be invalid') . '<br/>'; } } else { switch (strtolower($authMethod)) { case "ad": case "ldap": // Added this check for LDAP servers that switch to anonymous bind whenever // provided password is left blank if ($pass == '') { return translate('Invalid User Name/Password.'); } // Include LDAPEngine class include_once 'LDAPEngine.class.php'; $ldap = new LDAPEngine(); if ($ldap->connect()) { // Get user DN // For AD it could be of the form of 'user@domain' or standard LDAP dn $dn = $ldap->getUserDN($login); // Check if user is allowed to log in if (!$this->isAllowedToLogin($login)) { $allowedToLogin = false; $msg .= 'User is not allowed to login'; // If user is allowed to log in try a bind } elseif ($dn != '' && $ldap->authBind($dn, $pass)) { $ldap->logonName = $login; $ldap->loadUserData($dn); $data = $ldap->getUserData(); $ok_user = true; $ok_pass = true; } else { $msg .= 'Invalid User Name/Password.'; } $ldap->disconnect(); } break; case "sql": // Include DBAuth class include_once 'DBAuth.class.php'; $db = new DBAuth(); // Check if user is allowed to log in if (!$this->isAllowedToLogin($login)) { $allowedToLogin = false; $msg .= 'User is not allowed to login'; // If user is allowed to log in try to authenticate } elseif ($db->authUser($login, $pass)) { $data = $db->getUserData(); $ok_user = true; $ok_pass = true; } else { $msg .= 'Invalid User Name/Password.'; } break; case "exchange": // Include ExchAuth class include_once 'ExchAuth.class.php'; $exch = new ExchAuth(); // Check if user is allowed to log in if (!$this->isAllowedToLogin($login)) { $allowedToLogin = false; $msg .= 'User is not allowed to login'; // If user is allowed to log in try to authenticate } elseif ($exch->authUser($login, $pass, $domain)) { $data = $exch->getUserData(); $ok_user = true; $ok_pass = true; } else { $msg .= 'Invalid User Name/Password.'; } break; case "imap": // Include IMAPAuth class include_once 'IMAPAuth.class.php'; $imap = new IMAPAuth(); // Check if user is allowed to log in if (!$this->isAllowedToLogin($login)) { $allowedToLogin = false; $msg .= 'User is not allowed to login'; // If user is allowed to log in try to authenticate } elseif ($imap->authUser($login, $pass)) { $data = $imap->getUserData(); $ok_user = true; $ok_pass = true; } else { $msg .= 'Invalid User Name/Password.'; } break; default: CmnFns::do_error_box(translate('Unknown server type'), '', false); break; } } // If the login failed, notify the user and quit the app if (!$ok_user || !$ok_pass || !$allowedToLogin) { CmnFns::write_log('Authentication failed' . ', ' . $msg, $login); return translate($msg); } else { $this->is_loggedin = true; CmnFns::write_log('Authentication successful', $login); /* $user = new User($id); // Get user info // If the user wants to set a cookie, set it // for their ID and fname. Expires in 30 days (2592000 seconds) if (!empty($cookieVal)) { //die ('Setting cookie'); setcookie('ID', $user->get_id(), time() + 2592000, '/'); } */ // Set other session variables $_SESSION['sessionID'] = $data['logonName']; $_SESSION['sessionName'] = $data['firstName']; $_SESSION['sessionMail'] = $data['emailAddress']; // If it is the super admin, set session variable foreach ($conf['auth']['s_admins'] as $s_admin) { if (strtolower($s_admin) == strtolower($_SESSION['sessionID'])) { $_SESSION['sessionAdmin'] = true; } } // If it is the mail admin, set session variable foreach ($conf['auth']['m_admins'] as $m_admin) { if (strtolower($m_admin) == strtolower($_SESSION['sessionID'])) { $_SESSION['sessionMailAdmin'] = true; } } if ($lang != '') { set_language($lang); } // Send them to the control panel CmnFns::redirect(urldecode($resume)); } }
/** * Logs the user in * @param string $uname username * @param string $pass password * @param string $cookieVal y or n if we are using cookie * @param string $isCookie id value of user stored in the cookie * @param string $resume page to forward the user to after a login * @param string $lang language code to set * @return any error message that occured during login */ function doLogin($uname, $pass, $cookieVal = null, $isCookie = false, $resume = '', $lang = '') { global $conf; $msg = ''; if (empty($resume)) { $resume = 'ctrlpnl.php'; } // Go to control panel by default $_SESSION['sessionID'] = null; $_SESSION['sessionName'] = null; $_SESSION['sessionAdmin'] = null; $_SESSION['hourOffset'] = null; $uname = stripslashes($uname); $pass = stripslashes($pass); $ok_user = $ok_pass = false; $use_logonname = (bool) $conf['app']['useLogonName']; $adminemail = strtolower($conf['app']['adminEmail']); if ($isCookie !== false) { // Cookie is set $cookieValue = $isCookie; if (($id = $this->verifyCookie($cookieValue)) !== false) { $ok_user = $ok_pass = true; } else { $ok_user = $ok_pass = false; setcookie('ID', '', time() - 3600, '/'); // Clear out all cookies $msg .= translate('That cookie seems to be invalid') . '<br/>'; } } else { if ($conf['ldap']['authentication']) { // Include LDAPEngine class include_once 'LDAPEngine.class.php'; $ldap = new LDAPEngine($uname, $pass); if ($ldap->connected()) { $mail = $ldap->getUserEmail(); if ($mail) { $id = $this->db->userExists($mail); if ($id) { // check if LDAP and local DB are in consistancy. $updates = $ldap->getUserData(); if ($this->db->check_updates($id, $updates)) { $this->db->update_user($id, $updates); } } else { $data = $ldap->getUserData(); $id = $this->do_register_user($data, false); } $ok_user = true; $ok_pass = true; } else { $msg .= translate('This system requires that you have an email address.'); } } else { $msg .= translate('Invalid User Name/Password.'); } $ldap->disconnect(); } else { // If we cant find email, set message and flag if (!($id = $this->db->userExists($uname, $use_logonname))) { $msg .= translate('We could not find that logon in our database.') . '<br/>'; $ok_user = false; } else { $ok_user = true; } // If password is incorrect, set message and flag if ($ok_user && !$this->db->isPassword($uname, $pass, $use_logonname)) { $msg .= translate('That password did not match the one in our database.') . '<br/>'; $ok_pass = false; } else { $ok_pass = true; } } } // If the login failed, notify the user and quit the app if (!$ok_user || !$ok_pass) { $msg .= translate('You can try'); return $msg; } else { $this->is_loggedin = true; $user = new User($id); // Get user info // If the user wants to set a cookie, set it // for their ID and fname. Expires in 30 days (2592000 seconds) if (!empty($cookieVal)) { //die ('Setting cookie'); setcookie('ID', $this->generateCookie($user->get_id()), time() + 2592000, '/'); } // If it is the admin, set session variable if ($user->get_email() == $adminemail || $user->get_isadmin()) { $_SESSION['sessionAdmin'] = $user->get_email(); } // Set other session variables $_SESSION['sessionID'] = $user->get_id(); $_SESSION['sessionName'] = $user->get_fname(); $_SESSION['hourOffset'] = $user->get_timezone() - $conf['app']['timezone']; if ($lang != '') { set_language($lang); if ($lang != $user->get_lang()) { $user->set_lang($lang); // Language changed so update the DB } } // Send them to the control panel CmnFns::redirect(urldecode($resume)); } }