public function setUp() { LogicHookTest::$called = false; unset($GLOBALS['logic_hook']); $GLOBALS['logic_hook'] = LogicHook::initialize(); LogicHook::refreshHooks(); }
/** * Validate the provided session information is correct and current. Load the session. * * @param String $session_id -- The session ID that was returned by a call to login. * @return true -- If the session is valid and loaded. * @return false -- if the session is not valid. */ function validate_authenticated($session_id) { $GLOBALS['log']->info('Begin: SoapHelperWebServices->validate_authenticated'); if (!empty($session_id)) { // only initialize session once in case this method is called multiple times if (!session_id()) { session_id($session_id); session_start(); } if (!empty($_SESSION['is_valid_session']) && $this->is_valid_ip_address('ip_address') && $_SESSION['type'] == 'user') { global $current_user; require_once 'modules/Users/User.php'; $current_user = BeanFactory::getBean('Users', $_SESSION['user_id']); $this->login_success(); $GLOBALS['log']->info('Begin: SoapHelperWebServices->validate_authenticated - passed'); $GLOBALS['log']->info('End: SoapHelperWebServices->validate_authenticated'); return true; } $GLOBALS['log']->debug("calling destroy"); session_destroy(); } LogicHook::initialize(); $GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed'); $GLOBALS['log']->info('End: SoapHelperWebServices->validate_authenticated - validation failed'); return false; }
/** * Called when a user requests to logout. Should invalidate the session and redirect * to the login page. */ public function logout() { $GLOBALS['current_user']->call_custom_logic('before_logout'); $this->authController->logout(); LogicHook::initialize(); $GLOBALS['logic_hook']->call_custom_logic('Users', 'after_logout'); }
/** * Log the user into the application * * @param UserAuth array $user_auth -- Set user_name and password (password needs to be * in the right encoding for the type of authentication the user is setup for. For Base * sugar validation, password is the MD5 sum of the plain text password. * @param String $application -- The name of the application you are logging in from. (Currently unused). * @param array $name_value_list -- Array of name value pair of extra parameters. As of today only 'language' and 'notifyonsave' is supported * @return Array - id - String id is the session_id of the session that was created. * - module_name - String - module name of user * - name_value_list - Array - The name value pair of user_id, user_name, user_language, user_currency_id, user_currency_name, * - user_default_team_id, user_is_admin, user_default_dateformat, user_default_timeformat * @exception 'SoapFault' -- The SOAP error, if any */ public function login($user_auth, $application, $name_value_list = array()) { $GLOBALS['log']->info('Begin: SugarWebServiceImpl->login'); global $sugar_config; $error = new SoapError(); $user = BeanFactory::getBean('Users'); $success = false; $authController = AuthenticationController::getInstance(); if (!empty($user_auth['encryption']) && $user_auth['encryption'] === 'PLAIN' && $authController->authController->userAuthenticateClass != "LDAPAuthenticateUser") { $user_auth['password'] = md5($user_auth['password']); } $isLoginSuccess = $authController->login($user_auth['user_name'], $user_auth['password'], array('passwordEncrypted' => true)); $usr_id = $user->retrieve_user_id($user_auth['user_name']); if ($usr_id) { $user->retrieve($usr_id); } if ($isLoginSuccess) { if ($_SESSION['hasExpiredPassword'] == '1') { $error->set_error('password_expired'); $GLOBALS['log']->fatal('password expired for user ' . $user_auth['user_name']); LogicHook::initialize(); $GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed'); self::$helperObject->setFaultObject($error); return; } if (!empty($user) && !empty($user->id) && !$user->is_group) { $success = true; global $current_user; $current_user = $user; } } else { if ($usr_id && isset($user->user_name) && $user->getPreference('lockout') == '1') { $error->set_error('lockout_reached'); $GLOBALS['log']->fatal('Lockout reached for user ' . $user_auth['user_name']); LogicHook::initialize(); $GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed'); self::$helperObject->setFaultObject($error); return; } else { if ($authController->authController->userAuthenticateClass == "LDAPAuthenticateUser" && (empty($user_auth['encryption']) || $user_auth['encryption'] !== 'PLAIN')) { $error->set_error('ldap_error'); LogicHook::initialize(); $GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed'); self::$helperObject->setFaultObject($error); return; } else { if (function_exists('mcrypt_cbc')) { $password = self::$helperObject->decrypt_string($user_auth['password']); if ($authController->login($user_auth['user_name'], $password) && isset($_SESSION['authenticated_user_id'])) { $success = true; } } } } } if ($success) { session_start(); global $current_user; //$current_user = $user; self::$helperObject->login_success($name_value_list); $current_user->loadPreferences(); $_SESSION['is_valid_session'] = true; $_SESSION['ip_address'] = query_client_ip(); $_SESSION['user_id'] = $current_user->id; $_SESSION['type'] = 'user'; $_SESSION['avail_modules'] = self::$helperObject->get_user_module_list($current_user); $_SESSION['authenticated_user_id'] = $current_user->id; $_SESSION['unique_key'] = $sugar_config['unique_key']; $current_user->call_custom_logic('after_login'); $GLOBALS['log']->info('End: SugarWebServiceImpl->login - succesful login'); $nameValueArray = array(); global $current_language; $nameValueArray['user_id'] = self::$helperObject->get_name_value('user_id', $current_user->id); $nameValueArray['user_name'] = self::$helperObject->get_name_value('user_name', $current_user->user_name); $nameValueArray['user_language'] = self::$helperObject->get_name_value('user_language', $current_language); $cur_id = $current_user->getPreference('currency'); $nameValueArray['user_currency_id'] = self::$helperObject->get_name_value('user_currency_id', $cur_id); $nameValueArray['user_is_admin'] = self::$helperObject->get_name_value('user_is_admin', is_admin($current_user)); $nameValueArray['user_default_team_id'] = self::$helperObject->get_name_value('user_default_team_id', $current_user->default_team); $nameValueArray['user_default_dateformat'] = self::$helperObject->get_name_value('user_default_dateformat', $current_user->getPreference('datef')); $nameValueArray['user_default_timeformat'] = self::$helperObject->get_name_value('user_default_timeformat', $current_user->getPreference('timef')); $num_grp_sep = $current_user->getPreference('num_grp_sep'); $dec_sep = $current_user->getPreference('dec_sep'); $nameValueArray['user_number_seperator'] = self::$helperObject->get_name_value('user_number_seperator', empty($num_grp_sep) ? $sugar_config['default_number_grouping_seperator'] : $num_grp_sep); $nameValueArray['user_decimal_seperator'] = self::$helperObject->get_name_value('user_decimal_seperator', empty($dec_sep) ? $sugar_config['default_decimal_seperator'] : $dec_sep); $nameValueArray['mobile_max_list_entries'] = self::$helperObject->get_name_value('mobile_max_list_entries', $sugar_config['wl_list_max_entries_per_page']); $nameValueArray['mobile_max_subpanel_entries'] = self::$helperObject->get_name_value('mobile_max_subpanel_entries', $sugar_config['wl_list_max_entries_per_subpanel']); if ($application == 'mobile') { $modules = $availModuleNames = array(); $availModules = array_keys($_SESSION['avail_modules']); //ACL check already performed. $modules = self::$helperObject->get_visible_mobile_modules($availModules); $nameValueArray['available_modules'] = $modules; //Get the vardefs md5 foreach ($modules as $mod_def) { $availModuleNames[] = $mod_def['module_key']; } $nameValueArray['vardefs_md5'] = self::get_module_fields_md5(session_id(), $availModuleNames); } $currencyObject = BeanFactory::getBean('Currencies', $cur_id); $nameValueArray['user_currency_name'] = self::$helperObject->get_name_value('user_currency_name', $currencyObject->name); $_SESSION['user_language'] = $current_language; return array('id' => session_id(), 'module_name' => 'Users', 'name_value_list' => $nameValueArray); } LogicHook::initialize(); $GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed'); $error->set_error('invalid_login'); self::$helperObject->setFaultObject($error); $GLOBALS['log']->info('End: SugarWebServiceImpl->login - failed login'); }
if (!empty($_COOKIE['PHPSESSID']) && strcmp($_GET['PHPSESSID'], $_COOKIE['PHPSESSID']) == 0) { session_id($_REQUEST['PHPSESSID']); } else { unset($_GET['PHPSESSID']); } } if (!empty($sugar_config['session_dir'])) { session_save_path($sugar_config['session_dir']); } SugarApplication::preLoadLanguages(); $timedate = TimeDate::getInstance(); $GLOBALS['sugar_version'] = $sugar_version; $GLOBALS['sugar_flavor'] = $sugar_flavor; $GLOBALS['timedate'] = $timedate; $GLOBALS['js_version_key'] = md5($GLOBALS['sugar_config']['unique_key'] . $GLOBALS['sugar_version'] . $GLOBALS['sugar_flavor']); $db = DBManagerFactory::getInstance(); $db->resetQueryCount(); $locale = new Localization(); // Emails uses the REQUEST_URI later to construct dynamic URLs. // IIS does not pass this field to prevent an error, if it is not set, we will assign it to ''. if (!isset($_SERVER['REQUEST_URI'])) { $_SERVER['REQUEST_URI'] = ''; } $current_user = new User(); $current_entity = null; $system_config = new Administration(); $system_config->retrieveSettings(); LogicHook::initialize()->call_custom_logic('', 'after_entry_point'); } //// END SETTING DEFAULT VAR VALUES ///////////////////////////////////////////////////////////////////////////////
function startSession() { $sessionIdCookie = isset($_COOKIE['PHPSESSID']) ? $_COOKIE['PHPSESSID'] : null; if (isset($_REQUEST['MSID'])) { session_id($_REQUEST['MSID']); session_start(); if (isset($_SESSION['user_id']) && isset($_SESSION['seamless_login'])) { unset($_SESSION['seamless_login']); } else { if (isset($_COOKIE['PHPSESSID'])) { self::setCookie('PHPSESSID', '', time() - 42000, '/'); } sugar_cleanup(false); session_destroy(); exit('Not a valid entry method'); } } else { if (can_start_session()) { session_start(); } } if (isset($_REQUEST['login_module']) && isset($_REQUEST['login_action']) && !($_REQUEST['login_module'] == 'Home' && $_REQUEST['login_action'] == 'index')) { if (!is_null($sessionIdCookie) && empty($_SESSION)) { self::setCookie('loginErrorMessage', 'LBL_SESSION_EXPIRED', time() + 30, '/'); } } self::trackLogin(); LogicHook::initialize()->call_custom_logic('', 'after_session_start'); }
/** * Returning all after_save logic hook * * @return array */ protected function getHooks() { $hooks = LogicHook::initialize()->getHooks('application'); return $hooks['after_save']; }
/** * Log the user into the application * * @param UserAuth array $user_auth -- Set user_name and password (password needs to be * in the right encoding for the type of authentication the user is setup for. For Base * sugar validation, password is the MD5 sum of the plain text password. * @param String $application -- The name of the application you are logging in from. (Currently unused). * @param array $name_value_list -- Array of name value pair of extra parameters. As of today only 'language' and 'notifyonsave' is supported * @return Array - id - String id is the session_id of the session that was created. * - module_name - String - module name of user * - name_value_list - Array - The name value pair of user_id, user_name, user_language, user_currency_id, user_currency_name, * - user_default_team_id, user_is_admin, user_default_dateformat, user_default_timeformat * @exception 'SoapFault' -- The SOAP error, if any */ public function login($user_auth, $application, $name_value_list = array()) { $GLOBALS['log']->info("Begin: SugarWebServiceImpl->login({$user_auth['user_name']}, {$application}, " . print_r($name_value_list, true) . ")"); global $sugar_config, $system_config; $error = new SoapError(); $user = new User(); $success = false; //rrs $system_config = new Administration(); $system_config->retrieveSettings('system'); $authController = new AuthenticationController(!empty($sugar_config['authenticationClass']) ? $sugar_config['authenticationClass'] : 'SugarAuthenticate'); //rrs if (!empty($user_auth['encryption']) && $user_auth['encryption'] === 'PLAIN' && $authController->authController->userAuthenticateClass != "LDAPAuthenticateUser") { $user_auth['password'] = md5($user_auth['password']); } $isLoginSuccess = $authController->login($user_auth['user_name'], $user_auth['password'], array('passwordEncrypted' => true)); $usr_id = $user->retrieve_user_id($user_auth['user_name']); if ($usr_id) { $user->retrieve($usr_id); } if ($isLoginSuccess) { if ($_SESSION['hasExpiredPassword'] == '1') { $error->set_error('password_expired'); $GLOBALS['log']->fatal('password expired for user ' . $user_auth['user_name']); LogicHook::initialize(); $GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed'); self::$helperObject->setFaultObject($error); return; } if (!empty($user) && !empty($user->id) && !$user->is_group) { $success = true; global $current_user; $current_user = $user; } } else { if ($usr_id && isset($user->user_name) && $user->getPreference('lockout') == '1') { $error->set_error('lockout_reached'); $GLOBALS['log']->fatal('Lockout reached for user ' . $user_auth['user_name']); LogicHook::initialize(); $GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed'); self::$helperObject->setFaultObject($error); return; } else { if (function_exists('mcrypt_cbc') && $authController->authController->userAuthenticateClass == "LDAPAuthenticateUser" && (empty($user_auth['encryption']) || $user_auth['encryption'] !== 'PLAIN')) { $password = self::$helperObject->decrypt_string($user_auth['password']); $authController->loggedIn = false; // reset login attempt to try again with decrypted password if ($authController->login($user_auth['user_name'], $password) && isset($_SESSION['authenticated_user_id'])) { $success = true; } } else { if ($authController->authController->userAuthenticateClass == "LDAPAuthenticateUser" && (empty($user_auth['encryption']) || $user_auth['encryption'] == 'PLAIN')) { $authController->loggedIn = false; // reset login attempt to try again with md5 password if ($authController->login($user_auth['user_name'], md5($user_auth['password']), array('passwordEncrypted' => true)) && isset($_SESSION['authenticated_user_id'])) { $success = true; } else { $error->set_error('ldap_error'); LogicHook::initialize(); $GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed'); self::$helperObject->setFaultObject($error); return; } } } } } if ($success) { session_start(); global $current_user; //$current_user = $user; self::$helperObject->login_success($name_value_list); $current_user->loadPreferences(); $_SESSION['is_valid_session'] = true; $_SESSION['ip_address'] = query_client_ip(); $_SESSION['user_id'] = $current_user->id; $_SESSION['type'] = 'user'; $_SESSION['avail_modules'] = self::$helperObject->get_user_module_list($current_user); $_SESSION['authenticated_user_id'] = $current_user->id; $_SESSION['unique_key'] = $sugar_config['unique_key']; $GLOBALS['log']->info('End: SugarWebServiceImpl->login - successful login'); $current_user->call_custom_logic('after_login'); $nameValueArray = array(); global $current_language; $nameValueArray['user_id'] = self::$helperObject->get_name_value('user_id', $current_user->id); $nameValueArray['user_name'] = self::$helperObject->get_name_value('user_name', $current_user->user_name); $nameValueArray['user_language'] = self::$helperObject->get_name_value('user_language', $current_language); $cur_id = $current_user->getPreference('currency'); $nameValueArray['user_currency_id'] = self::$helperObject->get_name_value('user_currency_id', $cur_id); $nameValueArray['user_is_admin'] = self::$helperObject->get_name_value('user_is_admin', is_admin($current_user)); $nameValueArray['user_default_team_id'] = self::$helperObject->get_name_value('user_default_team_id', $current_user->default_team); $nameValueArray['user_default_dateformat'] = self::$helperObject->get_name_value('user_default_dateformat', $current_user->getPreference('datef')); $nameValueArray['user_default_timeformat'] = self::$helperObject->get_name_value('user_default_timeformat', $current_user->getPreference('timef')); $num_grp_sep = $current_user->getPreference('num_grp_sep'); $dec_sep = $current_user->getPreference('dec_sep'); $nameValueArray['user_number_seperator'] = self::$helperObject->get_name_value('user_number_seperator', empty($num_grp_sep) ? $sugar_config['default_number_grouping_seperator'] : $num_grp_sep); $nameValueArray['user_decimal_seperator'] = self::$helperObject->get_name_value('user_decimal_seperator', empty($dec_sep) ? $sugar_config['default_decimal_seperator'] : $dec_sep); $nameValueArray['mobile_max_list_entries'] = self::$helperObject->get_name_value('mobile_max_list_entries', $sugar_config['wl_list_max_entries_per_page']); $nameValueArray['mobile_max_subpanel_entries'] = self::$helperObject->get_name_value('mobile_max_subpanel_entries', $sugar_config['wl_list_max_entries_per_subpanel']); $currencyObject = new Currency(); $currencyObject->retrieve($cur_id); $nameValueArray['user_currency_name'] = self::$helperObject->get_name_value('user_currency_name', $currencyObject->name); $_SESSION['user_language'] = $current_language; return array('id' => session_id(), 'module_name' => 'Users', 'name_value_list' => $nameValueArray); } LogicHook::initialize(); $GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed'); $error->set_error('invalid_login'); self::$helperObject->setFaultObject($error); $GLOBALS['log']->error('End: SugarWebServiceImpl->login - failed login'); }
/** * Log out of the session. This will destroy the session and prevent other's from using it. * * @param String $session -- Session ID returned by a previous call to login. * @return Empty * @exception 'SoapFault' -- The SOAP error, if any */ function logout($session) { global $current_user; $GLOBALS['log']->info('Begin: SugarWebServiceImpl->logout'); $error = new SoapError(); LogicHook::initialize(); if (!self::$helperObject->checkSessionAndModuleAccess($session, 'invalid_session', '', '', '', $error)) { $GLOBALS['logic_hook']->call_custom_logic('Users', 'after_logout'); $GLOBALS['log']->info('End: SugarWebServiceImpl->logout'); return; } // if $current_user->call_custom_logic('before_logout'); session_destroy(); $GLOBALS['logic_hook']->call_custom_logic('Users', 'after_logout'); $GLOBALS['log']->info('End: SugarWebServiceImpl->logout'); }
/** * This method will be called from the controller and is not meant to be overridden. */ public function process() { LogicHook::initialize(); $this->_checkModule(); //trackView has to be here in order to track for breadcrumbs $this->_trackView(); if ($this->_getOption('show_header')) { $this->displayHeader(); } else { $this->renderJavascript(); } $this->_buildModuleList(); $this->preDisplay(); $this->displayErrors(); $this->display(); if (!empty($this->module)) { $GLOBALS['logic_hook']->call_custom_logic($this->module, 'after_ui_frame'); } $GLOBALS['logic_hook']->call_custom_logic('', 'after_ui_frame'); if ($this->_getOption('show_subpanels')) { $this->_displaySubPanels(); } if ($this->action === 'Login') { //this is needed for a faster loading login page ie won't render unless the tables are closed ob_flush(); } if ($this->_getOption('show_footer')) { $this->displayFooter(); } $GLOBALS['logic_hook']->call_custom_logic('', 'after_ui_footer'); //Do not track if there is no module or if module is not a String $this->_track(); }
/** * Sets up a user after successful authentication and session setup * * @returns bool Was the login successful */ protected function userAfterAuthenticate($userId, $oauthServer) { $valid = false; if (!empty($GLOBALS['current_user'])) { $valid = true; $GLOBALS['logic_hook']->call_custom_logic('', 'after_load_user'); } if ($GLOBALS['current_user']->status == 'Inactive' || $GLOBALS['current_user']->deleted == true) { $valid = false; } if ($valid) { SugarApplication::trackLogin(); // Setup visibility where needed $oauthServer->setupVisibility(); LogicHook::initialize()->call_custom_logic('', 'after_session_start'); $this->user = $GLOBALS['current_user']; $this->user->setupSession(); } return $valid; }
/** * Validate the provided session information is correct and current. Load the session. * * @param String $session_id -- The session ID that was returned by a call to login. * @return true -- If the session is valid and loaded. * @return false -- if the session is not valid. */ function validate_authenticated($session_id) { $GLOBALS['log']->info('Begin: SoapHelperWebServices->validate_authenticated'); if (!empty($session_id)) { session_id($session_id); session_start(); if (!empty($_SESSION['is_valid_session']) && $_SESSION['ip_address'] == query_client_ip() && $_SESSION['type'] == 'user') { global $current_user; require_once 'modules/Users/User.php'; $current_user = new User(); $current_user->retrieve($_SESSION['user_id']); $this->login_success(); $GLOBALS['log']->info('Begin: SoapHelperWebServices->validate_authenticated - passed'); $GLOBALS['log']->info('End: SoapHelperWebServices->validate_authenticated'); return true; } $GLOBALS['log']->debug("calling destroy"); session_destroy(); } LogicHook::initialize(); $GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed'); $GLOBALS['log']->info('End: SoapHelperWebServices->validate_authenticated - validation failed'); return false; }
public function testinitialize() { //execute the method and test if it returns correct class instances $LogicHook = LogicHook::initialize(); $this->assertInstanceOf('LogicHook', $LogicHook); }
function sugar_cleanup($exit = false) { static $called = false; if ($called) { return; } $called = true; set_include_path(realpath(dirname(__FILE__) . '/..') . PATH_SEPARATOR . get_include_path()); chdir(realpath(dirname(__FILE__) . '/..')); global $sugar_config; LogicHook::initialize(); $GLOBALS['logic_hook']->call_custom_logic('', 'server_round_trip'); //added this check to avoid errors during install. if (empty($sugar_config['dbconfig'])) { if ($exit) { exit; } else { return; } } if (!class_exists('Tracker', true)) { require_once 'modules/Trackers/Tracker.php'; } Tracker::logPage(); // Now write the cached tracker_queries if (!empty($GLOBALS['savePreferencesToDB']) && $GLOBALS['savePreferencesToDB']) { if (!class_exists('UserPreference', true)) { } UserPreference::savePreferencesToDB(); } pre_login_check(); if (class_exists('DBManagerFactory')) { $db = DBManagerFactory::getInstance(); $db->disconnect(); if ($exit) { exit; } } }
/** * Clean up Sugar environment * @param bool $exit Should we exit() after we're done? */ function sugar_cleanup($exit = false) { static $called = false; if ($called) { return; } $called = true; $root_path = sugar_root_dir(); $paths = explode(PATH_SEPARATOR, get_include_path()); if (in_array($root_path, $paths) == false) { set_include_path($root_path . PATH_SEPARATOR . get_include_path()); } chdir($root_path); // if cleanup runs before autoloader was loaded then init autoloader. if (!class_exists('SugarAutoLoader')) { require_once 'include/utils/autoloader.php'; SugarAutoLoader::init(); } global $sugar_config; require_once 'include/utils/LogicHook.php'; LogicHook::initialize(); $GLOBALS['logic_hook']->call_custom_logic('', 'server_round_trip'); //added this check to avoid errors during install. if (empty($sugar_config['dbconfig'])) { if ($exit) { exit; } else { return; } } if (!class_exists('Tracker', true)) { require_once 'modules/Trackers/Tracker.php'; } Tracker::logPage(); // Now write the cached tracker_queries if (class_exists("TrackerManager")) { $trackerManager = TrackerManager::getInstance(); if ($monitor = $trackerManager->getMonitor('tracker_queries')) { $trackerManager->saveMonitor($monitor, true); } } if (!empty($GLOBALS['savePreferencesToDB']) && $GLOBALS['savePreferencesToDB']) { if (isset($GLOBALS['current_user']) && $GLOBALS['current_user'] instanceof User) { $GLOBALS['current_user']->savePreferencesToDB(); } } //check to see if this is not an `ajax call AND the user preference error flag is set if (isset($_SESSION['USER_PREFRENCE_ERRORS']) && $_SESSION['USER_PREFRENCE_ERRORS'] && ($_REQUEST['action'] != 'modulelistmenu' && $_REQUEST['action'] != 'DynamicAction') && ($_REQUEST['action'] != 'favorites' && $_REQUEST['action'] != 'DynamicAction') && (empty($_REQUEST['to_pdf']) || !$_REQUEST['to_pdf']) && (empty($_REQUEST['sugar_body_only']) || !$_REQUEST['sugar_body_only'])) { global $app_strings; //this is not an ajax call and the user preference error flag is set, so reset the flag and print js to flash message $err_mess = $app_strings['ERROR_USER_PREFS']; $_SESSION['USER_PREFRENCE_ERRORS'] = false; echo "\n <script>\n ajaxStatus.flashStatus('{$err_mess}',7000);\n </script>"; } SugarAutoLoader::saveClassMap(); if (class_exists('DBManagerFactory', false)) { DBManagerFactory::disconnectAll(); } if ($exit) { exit; } }
function startSession() { $sessionIdCookie = isset($_COOKIE['PHPSESSID']) ? $_COOKIE['PHPSESSID'] : null; if (isset($_REQUEST['MSID'])) { session_id($_REQUEST['MSID']); session_start(); if (!isset($_SESSION['user_id'])) { if (isset($_COOKIE['PHPSESSID'])) { self::setCookie('PHPSESSID', '', time() - 42000, '/'); } sugar_cleanup(false); session_destroy(); exit('Not a valid entry method'); } } else { if (can_start_session()) { session_start(); } } //set the default module to either Home or specified default $default_module = !empty($GLOBALS['sugar_config']['default_module']) ? $GLOBALS['sugar_config']['default_module'] : 'Home'; //set session expired message if login module and action are set to a non login default //AND session id in cookie is set but super global session array is empty if (isset($_REQUEST['login_module']) && isset($_REQUEST['login_action']) && !($_REQUEST['login_module'] == $default_module && $_REQUEST['login_action'] == 'index')) { if (!is_null($sessionIdCookie) && empty($_SESSION)) { self::setCookie('loginErrorMessage', 'LBL_SESSION_EXPIRED', time() + 30, '/'); } } LogicHook::initialize()->call_custom_logic('', 'after_session_start'); }
/** * This method will be called from the controller and is not meant to be overridden. */ public function process() { LogicHook::initialize(); $this->_checkModule(); //trackView has to be here in order to track for breadcrumbs $this->_trackView(); //For the ajaxUI, we need to use output buffering to return the page in an ajax friendly format if ($this->_getOption('json_output')) { ob_start(); if (!empty($_REQUEST['ajax_load']) && !empty($_REQUEST['loadLanguageJS'])) { echo $this->_getModLanguageJS(); } } if ($this->_getOption('show_header')) { $this->displayHeader(); } else { $this->renderJavascript(); } $this->_buildModuleList(); $this->preDisplay(); $this->displayErrors(); $this->display(); if (!empty($this->module)) { $GLOBALS['logic_hook']->call_custom_logic($this->module, 'after_ui_frame'); } else { $GLOBALS['logic_hook']->call_custom_logic('', 'after_ui_frame'); } if ($this->_getOption('show_subpanels') && !empty($_REQUEST['record'])) { $this->_displaySubPanels(); } if ($this->action === 'Login') { //this is needed for a faster loading login page ie won't render unless the tables are closed ob_flush(); } if ($this->_getOption('show_footer')) { $this->displayFooter(); } $GLOBALS['logic_hook']->call_custom_logic('', 'after_ui_footer'); if ($this->_getOption('json_output')) { $content = ob_get_clean(); $module = $this->module; $ajax_ret = array('content' => mb_detect_encoding($content) == "UTF-8" ? $content : utf8_encode($content), 'menu' => array('module' => $module, 'label' => translate($module), $this->getMenu($module)), 'title' => $this->getBrowserTitle(), 'action' => isset($_REQUEST['action']) ? $_REQUEST['action'] : "", 'record' => isset($_REQUEST['record']) ? $_REQUEST['record'] : "", 'favicon' => $this->getFavicon()); if (SugarThemeRegistry::current()->name == 'Classic') { $ajax_ret['moduleList'] = $this->displayHeader(true); } if (empty($this->responseTime)) { $this->_calculateFooterMetrics(); } $ajax_ret['responseTime'] = $this->responseTime; $json = getJSONobj(); echo $json->encode($ajax_ret); $GLOBALS['app']->headerDisplayed = false; ob_flush(); } //Do not track if there is no module or if module is not a String $this->_track(); }
/** * Log out of the session. This will destroy the session and prevent other's from using it. * * @param String $session -- Session ID returned by a previous call to login. * @return Empty error on success, Error on failure */ function logout($session) { global $current_user; $error = new SoapError(); LogicHook::initialize(); if (validate_authenticated($session)) { $current_user->call_custom_logic('before_logout'); session_destroy(); $GLOBALS['logic_hook']->call_custom_logic('Users', 'after_logout'); return $error->get_soap_array(); } $error->set_error('no_session'); $GLOBALS['logic_hook']->call_custom_logic('Users', 'after_logout'); return $error->get_soap_array(); }
/** * Log the user into the application * * @param UserAuth array $user_auth -- Set user_name and password (password needs to be * in the right encoding for the type of authentication the user is setup for. For Base * sugar validation, password is the MD5 sum of the plain text password. * @param String $application -- The name of the application you are logging in from. (Currently unused). * @param array $name_value_list -- Array of name value pair of extra parameters. As of today only 'language' and 'notifyonsave' is supported * @return Array - id - String id is the session_id of the session that was created. * - module_name - String - module name of user * - name_value_list - Array - The name value pair of user_id, user_name, user_language, user_currency_id, user_currency_name, * - user_default_team_id, user_is_admin, user_default_dateformat, user_default_timeformat * @exception 'SoapFault' -- The SOAP error, if any */ public function login($user_auth, $application, $name_value_list) { $GLOBALS['log']->info('Begin: SugarWebServiceImpl->login'); global $sugar_config, $system_config; $error = new SoapError(); $user = new User(); $success = false; if (!empty($user_auth['encryption']) && $user_auth['encryption'] === 'PLAIN') { $user_auth['password'] = md5($user_auth['password']); } //rrs $system_config = new Administration(); $system_config->retrieveSettings('system'); $authController = new AuthenticationController(); //rrs $isLoginSuccess = $authController->login($user_auth['user_name'], $user_auth['password'], array('passwordEncrypted' => true)); $usr_id = $user->retrieve_user_id($user_auth['user_name']); if ($usr_id) { $user->retrieve($usr_id); } if ($isLoginSuccess) { if ($_SESSION['hasExpiredPassword'] == '1') { $error->set_error('password_expired'); $GLOBALS['log']->fatal('password expired for user ' . $user_auth['user_name']); LogicHook::initialize(); $GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed'); self::$helperObject->setFaultObject($error); return; } if (!empty($user) && !empty($user->id) && !$user->is_group) { $success = true; global $current_user; $current_user = $user; } } else { if ($usr_id && isset($user->user_name) && $user->getPreference('lockout') == '1') { $error->set_error('lockout_reached'); $GLOBALS['log']->fatal('Lockout reached for user ' . $user_auth['user_name']); LogicHook::initialize(); $GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed'); self::$helperObject->setFaultObject($error); return; } else { if (function_exists('mcrypt_cbc')) { $password = self::$helperObject->decrypt_string($user_auth['password']); if ($authController->login($user_auth['user_name'], $password) && isset($_SESSION['authenticated_user_id'])) { $success = true; } } } } if ($success) { session_start(); global $current_user; //$current_user = $user; self::$helperObject->login_success($name_value_list); $current_user->loadPreferences(); $_SESSION['is_valid_session'] = true; $_SESSION['ip_address'] = query_client_ip(); $_SESSION['user_id'] = $current_user->id; $_SESSION['type'] = 'user'; $_SESSION['avail_modules'] = self::$helperObject->get_user_module_list($current_user); $_SESSION['authenticated_user_id'] = $current_user->id; $_SESSION['unique_key'] = $sugar_config['unique_key']; $current_user->call_custom_logic('after_login'); $GLOBALS['log']->info('End: SugarWebServiceImpl->login - succesful login'); $nameValueArray = array(); global $current_language; $nameValueArray['user_id'] = self::$helperObject->get_name_value('user_id', $current_user->id); $nameValueArray['user_name'] = self::$helperObject->get_name_value('user_name', $current_user->user_name); $nameValueArray['user_language'] = self::$helperObject->get_name_value('user_language', $current_language); $cur_id = $current_user->getPreference('currency'); $nameValueArray['user_currency_id'] = self::$helperObject->get_name_value('user_currency_id', $cur_id); $nameValueArray['user_is_admin'] = self::$helperObject->get_name_value('user_is_admin', is_admin($current_user)); $nameValueArray['user_default_team_id'] = self::$helperObject->get_name_value('user_default_team_id', $current_user->default_team); $nameValueArray['user_default_dateformat'] = self::$helperObject->get_name_value('user_default_dateformat', $current_user->getPreference('datef')); $nameValueArray['user_default_timeformat'] = self::$helperObject->get_name_value('user_default_timeformat', $current_user->getPreference('timef')); $currencyObject = new Currency(); $currencyObject->retrieve($cur_id); $nameValueArray['user_currency_name'] = self::$helperObject->get_name_value('user_currency_name', $currencyObject->name); $_SESSION['user_language'] = $current_language; return array('id' => session_id(), 'module_name' => 'Users', 'name_value_list' => $nameValueArray); } LogicHook::initialize(); $GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed'); $error->set_error('invalid_login'); self::$helperObject->setFaultObject($error); $GLOBALS['log']->info('End: SugarWebServiceImpl->login - failed login'); }
* Portions created by SugarCRM are Copyright (C) SugarCRM, Inc. * All Rights Reserved. * Contributor(s): ______________________________________.. ********************************************************************************/ // record the last theme the user used $current_user->setPreference('lastTheme', $theme); $GLOBALS['current_user']->call_custom_logic('before_logout'); // submitted by Tim Scott from SugarCRM forums foreach ($_SESSION as $key => $val) { $_SESSION[$key] = ''; // cannot just overwrite session data, causes segfaults in some versions of PHP } if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time() - 42000, '/'); } //Update the tracker_sessions table $trackerManager = TrackerManager::getInstance(); if ($monitor = $trackerManager->getMonitor('tracker_sessions')) { $monitor->setValue('user_id', $GLOBALS['current_user']->id); $monitor->setValue('date_end', TimeDate::getInstance()->nowDb()); $seconds = strtotime($monitor->date_end) - strtotime($monitor->date_start); $monitor->setValue('seconds', $seconds); $monitor->setValue('active', 0); $trackerManager->saveMonitor($monitor); } // clear out the authenticating flag session_destroy(); LogicHook::initialize(); $GLOBALS['logic_hook']->call_custom_logic('Users', 'after_logout'); /** @var AuthenticationController $authController */ $authController->authController->logout();
function sugar_cleanup($exit = false) { static $called = false; if ($called) { return; } $called = true; set_include_path(realpath(dirname(__FILE__) . '/..') . PATH_SEPARATOR . get_include_path()); chdir(realpath(dirname(__FILE__) . '/..')); global $sugar_config; require_once 'include/utils/LogicHook.php'; LogicHook::initialize(); $GLOBALS['logic_hook']->call_custom_logic('', 'server_round_trip'); //added this check to avoid errors during install. if (empty($sugar_config['dbconfig'])) { if ($exit) { exit; } else { return; } } if (!class_exists('Tracker', true)) { require_once 'modules/Trackers/Tracker.php'; } Tracker::logPage(); // Now write the cached tracker_queries if (!empty($GLOBALS['savePreferencesToDB']) && $GLOBALS['savePreferencesToDB']) { if (isset($GLOBALS['current_user']) && $GLOBALS['current_user'] instanceof User) { $GLOBALS['current_user']->savePreferencesToDB(); } } //check to see if this is not an `ajax call AND the user preference error flag is set if (isset($_SESSION['USER_PREFRENCE_ERRORS']) && $_SESSION['USER_PREFRENCE_ERRORS'] && ($_REQUEST['action'] != 'modulelistmenu' && $_REQUEST['action'] != 'DynamicAction') && (empty($_REQUEST['to_pdf']) || !$_REQUEST['to_pdf']) && (empty($_REQUEST['sugar_body_only']) || !$_REQUEST['sugar_body_only'])) { global $app_strings; //this is not an ajax call and the user preference error flag is set, so reset the flag and print js to flash message $err_mess = $app_strings['ERROR_USER_PREFS']; $_SESSION['USER_PREFRENCE_ERRORS'] = false; echo "\n\t\t<script>\n\t\t\tajaxStatus.flashStatus('{$err_mess}',7000);\n\t\t</script>"; } pre_login_check(); if (class_exists('DBManagerFactory')) { $db = DBManagerFactory::getInstance(); $db->disconnect(); if ($exit) { exit; } } }
/** * Log out of the session. This will destroy the session and prevent other's from using it. * * @param String $session -- Session ID returned by a previous call to login. * @return Empty * @exception 'SoapFault' -- The SOAP error, if any */ function new_logout($session) { global $current_user; $error = new SoapError(); LogicHook::initialize(); if (!checkSessionAndModuleAccess($session, 'invalid_session', '', '', '', $error)) { $GLOBALS['logic_hook']->call_custom_logic('Users', 'after_logout'); return; } // if $current_user->call_custom_logic('before_logout'); session_destroy(); $GLOBALS['logic_hook']->call_custom_logic('Users', 'after_logout'); }