Пример #1
0
 function signOn()
 {
     if (isset($_SERVER['REMOTE_USER']) && !empty($_SERVER['REMOTE_USER'])) {
         // User was authenticated by the HTTP server
         $username = $_SERVER['REMOTE_USER'];
     } elseif (isset($_SERVER['REDIRECT_REMOTE_USER']) && !empty($_SERVER['REDIRECT_REMOTE_USER'])) {
         $username = $_SERVER['REDIRECT_REMOTE_USER'];
     }
     if ($username) {
         // Support ActiveDirectory domain specification with either
         // "user@domain" or "domain\user" formats
         if (strpos('@', $username) !== false) {
             list($username, $domain) = explode('@', $username, 2);
         } elseif (strpos('\\', $username) !== false) {
             list($domain, $username) = explode('\\', $username, 2);
         }
         $username = trim(strtolower($username));
         if (($user = new StaffSession($username)) && $user->getId()) {
             return $user;
         }
         // TODO: Consider client sessions
     }
 }
Пример #2
0
 function lookupAndSync($username)
 {
     if (($user = new StaffSession($username)) && $user->getId()) {
         return $user;
     }
     // TODO: Auto-create users, etc.
 }
Пример #3
0
 function login($username, $passwd, &$errors, $strike = true)
 {
     global $ost, $cfg;
     if ($_SESSION['_staff']['laststrike']) {
         if (time() - $_SESSION['_staff']['laststrike'] < $cfg->getStaffLoginTimeout()) {
             $errors['err'] = 'Max. failed login attempts reached';
             $_SESSION['_staff']['laststrike'] = time();
             //reset timer.
         } else {
             //Timeout is over.
             //Reset the counter for next round of attempts after the timeout.
             $_SESSION['_staff']['laststrike'] = null;
             $_SESSION['_staff']['strikes'] = 0;
         }
     }
     if (!$username || !$passwd || is_numeric($username)) {
         $errors['err'] = 'Username and password required';
     }
     if ($errors) {
         return false;
     }
     if (($user = new StaffSession(trim($username))) && $user->getId() && $user->check_passwd($passwd)) {
         self::_do_login($user, $username);
         Signal::send('auth.login.succeeded', $user);
         $user->cancelResetTokens();
         return $user;
     }
     $info = array('username' => $username, 'password' => $passwd);
     Signal::send('auth.login.failed', null, $info);
     //If we get to this point we know the login failed.
     $_SESSION['_staff']['strikes'] += 1;
     if (!$errors && $_SESSION['_staff']['strikes'] > $cfg->getStaffMaxLogins()) {
         $errors['err'] = 'Forgot your login info? Contact Admin.';
         $_SESSION['_staff']['laststrike'] = time();
         $alert = 'Excessive login attempts by a staff member?' . "\n" . 'Username: '******'IP: ' . $_SERVER['REMOTE_ADDR'] . "\n" . 'TIME: ' . date('M j, Y, g:i a T') . "\n\n" . 'Attempts #' . $_SESSION['_staff']['strikes'] . "\n" . 'Timeout: ' . $cfg->getStaffLoginTimeout() / 60 . " minutes \n\n";
         $ost->logWarning('Excessive login attempts (' . $username . ')', $alert, $cfg->alertONLoginError());
     } elseif ($_SESSION['_staff']['strikes'] % 2 == 0) {
         //Log every other failed login attempt as a warning.
         $alert = 'Username: '******'IP: ' . $_SERVER['REMOTE_ADDR'] . "\n" . 'TIME: ' . date('M j, Y, g:i a T') . "\n\n" . 'Attempts #' . $_SESSION['_staff']['strikes'];
         $ost->logWarning('Failed staff login attempt (' . $username . ')', $alert, false);
     }
     return false;
 }
Пример #4
0
 function signOn($errors = array())
 {
     global $ost;
     if (!isset($_POST['userid']) || !isset($_POST['token'])) {
         return false;
     } elseif (!($_config = new Config('pwreset'))) {
         return false;
     } elseif (($staff = new StaffSession($_POST['userid'])) && !$staff->getId()) {
         $errors['msg'] = __('Invalid user-id given');
     } elseif (!($id = $_config->get($_POST['token'])) || $id != $staff->getId()) {
         $errors['msg'] = __('Invalid reset token');
     } elseif (!($ts = $_config->lastModified($_POST['token'])) && $ost->getConfig()->getPwResetWindow() < time() - strtotime($ts)) {
         $errors['msg'] = __('Invalid reset token');
     } elseif (!$staff->forcePasswdRest()) {
         $errors['msg'] = __('Unable to reset password');
     } else {
         return $staff;
     }
 }
Пример #5
0
$msg = $msg ? $msg : 'Se Requiere Autenticaci&oacute;n';
if ($_POST && (!empty($_POST['username']) && !empty($_POST['passwd']))) {
    //$_SESSION['_staff']=array(); #Uncomment to disable login strikes.
    $msg = 'Datos Incorrectos';
    if ($_SESSION['_staff']['laststrike']) {
        if (time() - $_SESSION['_staff']['laststrike'] < $cfg->getStaffLoginTimeout()) {
            $msg = 'Excesivos intentos fallidos de inicio de sesi&oacute;n';
            $errors['err'] = 'Has llegado al m&aacute;ximo de intentos de conexi&oacute;n fallidos.';
        } else {
            //Timeout is over.
            //Reset the counter for next round of attempts after the timeout.
            $_SESSION['_staff']['laststrike'] = null;
            $_SESSION['_staff']['strikes'] = 0;
        }
    }
    if (!$errors && ($user = new StaffSession($_POST['username'])) && $user->getId() && $user->check_passwd($_POST['passwd'])) {
        //update last login.
        db_query('UPDATE ' . STAFF_TABLE . ' SET lastlogin=NOW() WHERE staff_id=' . db_input($user->getId()));
        //Figure out where the user is headed - destination!
        $dest = $_SESSION['_staff']['auth']['dest'];
        //Now set session crap and lets roll baby!
        $_SESSION['_staff'] = array();
        //clear.
        $_SESSION['_staff']['userID'] = $_POST['username'];
        $user->refreshSession();
        //set the hash.
        $_SESSION['TZ_OFFSET'] = $user->getTZoffset();
        $_SESSION['daylight'] = $user->observeDaylight();
        Sys::log(LOG_DEBUG, 'Inicio de sesi&oacute;n de Staff', sprintf("%s Identificado como [%s]", $user->getUserName(), $_SERVER['REMOTE_ADDR']));
        //Debug.
        //Redirect to the original destination. (make sure it is not redirecting to login page.)
Пример #6
0
/* First order of the day is see if the user is logged in and with a valid session.
    * User must be valid staff beyond this point
    * ONLY super admins can access the helpdesk on offline state.
*/
if (!function_exists('staffLoginPage')) {
    //Ajax interface can pre-declare the function to  trap expired sessions.
    function staffLoginPage($msg)
    {
        global $ost, $cfg;
        $_SESSION['_staff']['auth']['dest'] = '/' . ltrim($_SERVER['REQUEST_URI'], '/');
        $_SESSION['_staff']['auth']['msg'] = $msg;
        require SCP_DIR . 'login.php';
        exit;
    }
}
$thisstaff = new StaffSession($_SESSION['_staff']['userID']);
//Set staff object.
//1) is the user Logged in for real && is staff.
if (!$thisstaff->getId() || !$thisstaff->isValid()) {
    if (isset($_SESSION['_staff']['auth']['msg'])) {
        $msg = $_SESSION['_staff']['auth']['msg'];
        unset($_SESSION['_staff']['auth']['msg']);
    } elseif (isset($_SESSION['_staff']['userID']) && !$thisstaff->isValid()) {
        $msg = 'Session timed out due to inactivity';
    } else {
        $msg = 'Authentication Required';
    }
    staffLoginPage($msg);
    exit;
}
//2) if not super admin..check system status and group status
Пример #7
0
    $Id: $
**********************************************************************/
require_once '../main.inc.php';
if (!defined('INCLUDE_DIR')) {
    die('Fatal Error. Kwaheri!');
}
require_once INCLUDE_DIR . 'class.staff.php';
$msg = $msg ? $msg : 'Authentication Required';
if ($_POST && (!empty($_POST['username']) && !empty($_POST['passwd']))) {
    //$_SESSION['_staff']=array(); #Uncomment to disable login strikes.
    $msg = 'Invalid login';
    if ($_SESSION['_staff']['laststrike'] && time() - $_SESSION['_staff']['laststrike'] < 3 * 60) {
        $msg = 'Max failed login Reached';
        $errors['err'] = 'You\'ve reached maximum failed login attempts allowed.';
    }
    if (!$errors && ($user = new StaffSession($_POST['username'])) && $user->getId() && $user->check_passwd($_POST['passwd'])) {
        db_query('UPDATE ' . STAFF_TABLE . ' SET lastlogin=NOW() WHERE staff_id=' . db_input($user->getId()));
        //We got a matching user and the password matched!! Nice.
        //Now set session crap and lets roll baby!
        $_SESSION['_staff'] = array();
        //clear.
        $_SESSION['_staff']['userID'] = $_POST['username'];
        $user->refreshSession();
        //set the hash.
        $_SESSION['TZ_OFFSET'] = $user->getTZoffset();
        $_SESSION['daylight'] = $cfg->observeDaylightSaving();
        //Redirect to the original destination. (make sure it is not redirecting to login page.)
        $dest = $_POST['dest'] && !strstr($_POST['dest'], 'login.php') ? $_POST['dest'] : 'index.php';
        @header("Location: {$dest}");
        require 'index.php';
        //Just incase header is messed up.
Пример #8
0
    // Check version
    $errors['err'] = ' Nothing to do! System already upgraded';
    $inc = 'upgradedone.inc.php';
} elseif ($_SESSION['abort']) {
    // Check if already aborted
    die('Upgrade already aborted! Restore previous version and start all over again (logout required) or get help.');
} elseif ((double) phpversion() < 5.1) {
    // Too old PHP installation
    $errors['err'] = 'PHP installation seriously out of date. PHP 5.2+ is required.';
    $wrninc = 'php.inc.php';
} elseif (!ini_get('short_open_tag') && (double) phpversion() < 5.4) {
    // Check PHP version
    $errors['err'] = 'Short open tag disabled! - with PHP version prior to 5.4 Katak Support requires it turned on.';
    $wrninc = 'shortopentag.inc.php';
} elseif ($_POST && !$errors) {
    if ($adminloggedin || ($thisuser = new StaffSession($_POST['username'])) && $thisuser->getId() && $thisuser->check_passwd($_POST['password'])) {
        switch ($cfg->getVersion()) {
            case '0.9':
                //upgrading from ver. 0.9.x.
                $schema = './inc/ktk-upgrade-0.9.sql';
                break;
            case '1.0':
                //upgrading from ver. 1.0.x.
                $schema = './inc/ktk-upgrade-1.0.sql';
                break;
            default:
                $schema = '';
                // This leads to an error in loading the schema
        }
        $vars = $errors = array();
        if (!load_sql_schema($schema, $errors) && !$errors['err']) {
Пример #9
0
$msg=$_SESSION['_staff']['auth']['msg'];
$msg=$msg?$msg:'Authentication Required';
if($_POST && (!empty($_POST['username']) && !empty($_POST['passwd']))){
    //$_SESSION['_staff']=array(); #Uncomment to disable login strikes.
    $msg='Invalid login';
    if($_SESSION['_staff']['laststrike']) {
        if((time()-$_SESSION['_staff']['laststrike'])<$cfg->getStaffLoginTimeout()) {
            $msg='Excessive failed login attempts';
            $errors['err']='You\'ve reached maximum failed login attempts allowed.';
        }else{ //Timeout is over.
            //Reset the counter for next round of attempts after the timeout.
            $_SESSION['_staff']['laststrike']=null;
            $_SESSION['_staff']['strikes']=0;
        }
    }
    if(!$errors && ($user=new StaffSession($_POST['username'])) && $user->getId() && $user->check_passwd($_POST['passwd'])){
        //update last login.
        db_query('UPDATE '.STAFF_TABLE.' SET lastlogin=NOW() WHERE staff_id='.db_input($user->getId()));
        //Figure out where the user is headed - destination!
        $dest=$_SESSION['_staff']['auth']['dest'];
        //Now set session crap and lets roll baby!
        $_SESSION['_staff']=array(); //clear.
        $_SESSION['_staff']['userID']=$_POST['username'];
        $user->refreshSession(); //set the hash.
        $_SESSION['TZ_OFFSET']=$user->getTZoffset();
        $_SESSION['daylight']=$user->observeDaylight();
        Sys::log(LOG_DEBUG,'Staff login',sprintf("%s logged in [%s]",$user->getUserName(),$_SERVER['REMOTE_ADDR'])); //Debug.
        //Redirect to the original destination. (make sure it is not redirecting to login page.)
        $dest=($dest && (!strstr($dest,'login.php') && !strstr($dest,'ajax.php')))?$dest:'index.php';
        session_write_close();
        session_regenerate_id();
Пример #10
0
 function signOn()
 {
     if (isset($_SESSION[':cas']['user'])) {
         if (($staff = StaffSession::lookup($this->cas->getEmail())) && $staff->getId()) {
             if (!$staff instanceof StaffSession) {
                 // osTicket <= v1.9.7 or so
                 $staff = new StaffSession($staff->getId());
             }
             return $staff;
         } else {
             $_SESSION['_staff']['auth']['msg'] = 'Have your administrator create a local account';
         }
     }
 }
Пример #11
0
 function login($username, $passwd, &$errors, $strike = true)
 {
     global $ost, $cfg;
     if ($_SESSION['_staff']['laststrike']) {
         if (time() - $_SESSION['_staff']['laststrike'] < $cfg->getStaffLoginTimeout()) {
             $errors['err'] = 'You\'ve reached maximum failed login attempts allowed.';
         } else {
             //Timeout is over.
             //Reset the counter for next round of attempts after the timeout.
             $_SESSION['_staff']['laststrike'] = null;
             $_SESSION['_staff']['strikes'] = 0;
         }
     }
     if (!$errors && ($user = new StaffSession($username)) && $user->getId() && $user->check_passwd($passwd)) {
         //update last login && password reset stuff.
         $sql = 'UPDATE ' . STAFF_TABLE . ' SET lastlogin=NOW() ';
         if ($user->isPasswdResetDue() && !$user->isAdmin()) {
             $sql .= ',change_passwd=1';
         }
         $sql .= ' WHERE staff_id=' . db_input($user->getId());
         db_query($sql);
         //Now set session crap and lets roll baby!
         $_SESSION['_staff'] = array();
         //clear.
         $_SESSION['_staff']['userID'] = $username;
         $user->refreshSession();
         //set the hash.
         $_SESSION['TZ_OFFSET'] = $user->getTZoffset();
         $_SESSION['TZ_DST'] = $user->observeDaylight();
         $ost->logDebug('Staff login', sprintf("%s logged in [%s]", $user->getUserName(), $_SERVER['REMOTE_ADDR']));
         //Debug.
         $sid = session_id();
         //Current ID
         session_regenerate_id(TRUE);
         //Destroy old session ID - needed for PHP version < 5.1.0 TODO: remove when we move to php 5.3 as min. requirement.
         if (($session = $ost->getSession()) && is_object($session) && $sid) {
             $session->destroy($sid);
         }
         session_write_close();
         return $user;
     }
     //If we get to this point we know the login failed.
     $_SESSION['_staff']['strikes'] += 1;
     if (!$errors && $_SESSION['_staff']['strikes'] > $cfg->getStaffMaxLogins()) {
         $errors['err'] = 'Forgot your login info? Contact Admin.';
         $_SESSION['_staff']['laststrike'] = time();
         $alert = 'Excessive login attempts by a staff member?' . "\n" . 'Username: '******'username'] . "\n" . 'IP: ' . $_SERVER['REMOTE_ADDR'] . "\n" . 'TIME: ' . date('M j, Y, g:i a T') . "\n\n" . 'Attempts #' . $_SESSION['_staff']['strikes'] . "\n" . 'Timeout: ' . $cfg->getStaffLoginTimeout() / 60 . " minutes \n\n";
         $ost->logWarning('Excessive login attempts (' . $_POST['username'] . ')', $alert, $cfg->alertONLoginError());
     } elseif ($_SESSION['_staff']['strikes'] % 2 == 0) {
         //Log every other failed login attempt as a warning.
         $alert = 'Username: '******'username'] . "\n" . 'IP: ' . $_SERVER['REMOTE_ADDR'] . "\n" . 'TIME: ' . date('M j, Y, g:i a T') . "\n\n" . 'Attempts #' . $_SESSION['_staff']['strikes'];
         $ost->logWarning('Failed staff login attempt (' . $_POST['username'] . ')', $alert, false);
     }
     return false;
 }
Пример #12
0
 }
 switch ($_POST['do']) {
     case 'sendmail':
         if ($staff = Staff::lookup($_POST['userid'])) {
             if (!$staff->sendResetEmail()) {
                 $tpl = 'pwreset.sent.php';
             }
         } else {
             $msg = 'Unable to verify username ' . Format::htmlchars($_POST['userid']);
         }
         break;
     case 'newpasswd':
         // TODO: Compare passwords
         $tpl = 'pwreset.login.php';
         $_config = new Config('pwreset');
         if (($staff = new StaffSession($_POST['userid'])) && !$staff->getId()) {
             $msg = 'Invalid user-id given';
         } elseif (!($id = $_config->get($_POST['token'])) || $id != $staff->getId()) {
             $msg = 'Invalid reset token';
         } elseif (!($ts = $_config->lastModified($_POST['token'])) && $ost->getConfig()->getPwResetWindow() < time() - strtotime($ts)) {
             $msg = 'Invalid reset token';
         } elseif (!$staff->forcePasswdRest()) {
             $msg = 'Unable to reset password';
         } else {
             $info = array('page' => 'index.php');
             Signal::send('auth.pwreset.login', $staff, $info);
             Staff::_do_login($staff, $_POST['userid']);
             $_SESSION['_staff']['reset-token'] = $_POST['token'];
             header('Location: ' . $info['page']);
             exit;
         }
Пример #13
0
$msg = isset($msg) ? $msg : _('Authentication Required');
if ($_POST && (!empty($_POST['username']) && !empty($_POST['passwd']))) {
    //$_SESSION['_staff']=array(); #Uncomment to disable login strikes.
    $msg = _('Invalid login');
    if ($_SESSION['_staff']['laststrike']) {
        if (time() - $_SESSION['_staff']['laststrike'] < $cfg->getStaffLoginTimeout()) {
            $msg = _('Excessive failed login attempts');
            $errors['err'] = _('You\'ve reached maximum failed login attempts allowed.');
        } else {
            //Timeout is over.
            //Reset the counter for next round of attempts after the timeout.
            $_SESSION['_staff']['laststrike'] = null;
            $_SESSION['_staff']['strikes'] = 0;
        }
    }
    if (!$errors && ($user = new StaffSession($_POST['username'])) && $user->getId() && $user->check_passwd($_POST['passwd'])) {
        //update last login.
        $user->update_lastlogin($user->getId());
        //Figure out where the user is headed - destination!
        $dest = $_SESSION['_staff']['auth']['dest'];
        //Now set session crap and lets roll baby!
        $_SESSION['_staff'] = array();
        //clear.
        $_SESSION['_staff']['userID'] = $_POST['username'];
        $user->refreshSession();
        //set the hash.
        $_SESSION['TZ_OFFSET'] = $user->getTZoffset();
        $_SESSION['daylight'] = $user->observeDaylight();
        Sys::log(LOG_DEBUG, 'Staff login', sprintf('%s ' . _('logged in'), $user->getUserName()), $user->getUserName());
        //Debug
        //Redirect to the original destination. (make sure it is not redirecting to login page.)
Пример #14
0
 function authOrCreate($username)
 {
     global $cfg;
     switch ($this->type) {
         case 'staff':
             if (($user = StaffSession::lookup($username)) && $user->getId()) {
                 if (!$user instanceof StaffSession) {
                     // osTicket <= v1.9.7 or so
                     $user = new StaffSession($user->getId());
                 }
                 return $user;
             } else {
                 $staff_groups = preg_split('/;|,/', $config->get('multiauth-staff-group'));
                 $chkgroup;
                 foreach ($staff_groups as $staff_group) {
                     if ($ldap->checkGroup($name, $staff_group)) {
                         $chkgroup = true;
                         break;
                     }
                 }
                 $config = $this->getConfig();
                 if ($config->get('multiauth-staff-register') && $chkgroup) {
                     if (!($info = $this->lookup($username, false))) {
                         return;
                     }
                     $errors = array();
                     $staff = array();
                     $staff['username'] = $info['username'];
                     $staff['firstname'] = $info['first'];
                     $staff['lastname'] = $info['last'];
                     $staff['email'] = $info['email'];
                     $staff['isadmin'] = 0;
                     $staff['isactive'] = 1;
                     $staff['group_id'] = 1;
                     $staff['dept_id'] = 1;
                     $staff['welcome_email'] = "on";
                     $staff['timezone_id'] = 8;
                     $staff['isvisible'] = 1;
                     Staff::create($staff, $errors);
                     if (($user = StaffSession::lookup($username)) && $user->getId()) {
                         if (!$user instanceof StaffSession) {
                             $user = new StaffSession($user->getId());
                         }
                         return $user;
                     }
                 }
             }
             break;
         case 'client':
             // Lookup all the information on the user. Try to get the email
             // addresss as well as the username when looking up the user
             // locally.
             if (!($info = $this->search($username)[0])) {
                 return;
             }
             $acct = ClientAccount::lookupByUsername($username);
             if ($acct && $acct->getId()) {
                 $client = new ClientSession(new EndUser($acct->getUser()));
             }
             if (!$client) {
                 $info['name'] = $info['first'] . " " . $info['last'];
                 $client = new ClientCreateRequest($this, $username, $info);
                 //if (!$cfg || !$cfg->isClientRegistrationEnabled() && self::$config->get('multiauth-force-register')) {
                 // return $client->attemptAutoRegister();
                 //}
             }
             return $client;
     }
     return null;
 }