//no break here so that we can fall back to database if userman is broken
//no break here so that we can fall back to database if userman is broken
case 'database':
default:
// not logged in, and have provided a user/pass
$_SESSION['AMP_user'] = new ampuser($username);
if (!$_SESSION['AMP_user']->checkPassword($password)) {
// failed, one last chance -- fallback to amportal.conf db admin user
if ($amp_conf['AMP_ACCESS_DB_CREDS'] && $username == $amp_conf['AMPDBUSER'] && $password == $amp_conf['AMPDBPASS']) {
// password succesfully matched amportal.conf db admin user, set admin access
$_SESSION['AMP_user']->setAdmin();
} else {
// password failed and admin user fall-back failed
unset($_SESSION['AMP_user']);
$no_auth = true;
//for now because of how freepbx works
if (!empty($username)) {
$ip = getRemoteIp();
freepbx_log_security('Authentication failure for ' . (!empty($username) ? $username : '******') . ' from ' . $_SERVER['REMOTE_ADDR']);
if ($ip !== $_SERVER['REMOTE_ADDR']) {
freepbx_log_security('Possible proxy detected, forwarded headers for' . (!empty($username) ? $username : '******') . ' set to ' . $ip);
}
}
}
}
break;
}
}
if (isset($_SESSION['AMP_user'])) {
define('FREEPBX_IS_AUTH', 'TRUE');
}
}
break;
case 'none':
$_SESSION['AMP_user'] = new ampuser($amp_conf['AMPDBUSER']);
$_SESSION['AMP_user']->setAdmin();
break;
case 'database':
default:
// not logged in, and have provided a user/pass
$_SESSION['AMP_user'] = new ampuser($username);
if (!$_SESSION['AMP_user']->checkPassword(sha1($password))) {
// failed, one last chance -- fallback to amportal.conf db admin user
if ($amp_conf['AMP_ACCESS_DB_CREDS'] && $username == $amp_conf['AMPDBUSER'] && $password == $amp_conf['AMPDBPASS']) {
// password succesfully matched amportal.conf db admin user, set admin access
$_SESSION['AMP_user']->setAdmin();
} else {
// password failed and admin user fall-back failed
unset($_SESSION['AMP_user']);
$no_auth = true;
//for now because of how freepbx works
if (!empty($username)) {
freepbx_log_security('Authentication failure for ' . (!empty($username) ? $username : '******') . ' from ' . $_SERVER['REMOTE_ADDR']);
}
}
}
break;
}
}
if (isset($_SESSION['AMP_user'])) {
define('FREEPBX_IS_AUTH', 'TRUE');
}
/**
* Check the Credentials from FreePBX
*
* This will check the provided credentials to see if they are valid
* We encrypt it here first before passing it to the next step
*
* @return bool True if credentials were valid, otherwise false
*/
private function _authenticate($username, $password)
{
$result = $this->UCP->FreePBX->Ucp->checkCredentials($username, sha1($password));
if (!empty($result) && $this->_allowed($result)) {
$this->uid = $result;
return true;
}
if (function_exists('freepbx_log_security')) {
freepbx_log_security('Authentication failure for ' . (!empty($username) ? $username : '******') . ' from ' . $_SERVER['REMOTE_ADDR']);
}
return false;
}
