private function auth($user, $pass)
{
$error = '';
$t = Variable::get('host_ban_time');
if ($t > 0) {
$fails = DB::GetOne('SELECT count(*) FROM user_login_ban WHERE failed_on>%d AND from_addr=%s', array(time() - $t, $_SERVER['REMOTE_ADDR']));
if ($fails >= 3) {
$error = 'Host banned.';
}
}
if ($error === '') {
$ret = Base_User_LoginCommon::check_login($user, $pass);
if (!$ret) {
$error = 'Login failed.';
if ($t > 0) {
DB::Execute('DELETE FROM user_login_ban WHERE failed_on<=%d', array(time() - $t));
DB::Execute('INSERT INTO user_login_ban(failed_on,from_addr) VALUES(%d,%s)', array(time(), $_SERVER['REMOTE_ADDR']));
$fails = DB::GetOne('SELECT count(*) FROM user_login_ban WHERE failed_on>%d AND from_addr=%s', array(time() - $t, $_SERVER['REMOTE_ADDR']));
if ($fails >= 3) {
$error .= ' Host banned.';
}
}
} else {
$uid = Base_UserCommon::get_user_id($user);
Acl::set_user($uid, true);
}
}
return $error;
}
public static function send_email_notifications($event_id)
{
$event = DB::GetRow('SELECT * FROM utils_watchdog_event WHERE id=%d', array($event_id));
if (!$event) {
return;
}
$category_id = $event['category_id'];
$id = $event['internal_id'];
$message = $event['message'];
$subscribers = self::get_subscribers($category_id, $id);
$c_user = Acl::get_user();
self::email_mode(true);
foreach ($subscribers as $user_id) {
$wants_email = Base_User_SettingsCommon::get('Utils_Watchdog', 'email', $user_id);
if (!$wants_email) {
continue;
}
Acl::set_user($user_id);
Base_LangCommon::load();
$email_data = self::display_events($category_id, array($event_id => $message), $id, true);
if (!$email_data) {
continue;
}
$contact = Utils_RecordBrowserCommon::get_id('contact', 'login', $user_id);
if (!$contact) {
continue;
}
$email = Utils_RecordBrowserCommon::get_value('contact', $contact, 'email');
if (!$email) {
continue;
}
$title = __('%s notification - %s - %s', array(EPESI, $email_data['category'], strip_tags($email_data['title'])));
Base_MailCommon::send($email, $title, $email_data['events'], null, null, true);
}
Acl::set_user($c_user);
Base_LangCommon::load();
self::email_mode(false);
}
public static function logout()
{
if (isset($_COOKIE['autologin_id'])) {
$arr = explode(' ', $_COOKIE['autologin_id']);
if (count($arr) == 2) {
list($user, $autologin_id) = $arr;
if ($user == Base_UserCommon::get_my_user_login()) {
DB::Execute('DELETE FROM user_autologin WHERE autologin_id=%s AND user_login_id=%d', array($autologin_id, Acl::get_user()));
}
}
}
Acl::set_user(null, true);
return false;
}
public static function QFfield_login(&$form, $field, $label, $mode, $default, $desc, $rb = null)
{
$label = __('EPESI User');
if (!Base_AclCommon::i_am_admin()) {
return;
}
if ($mode == 'view') {
if (!$default) {
return;
}
if (Base_AclCommon::i_am_sa()) {
Base_ActionBarCommon::add('settings', __('Log as user'), Module::create_href(array('log_as_user' => $default)));
if (isset($_REQUEST['log_as_user']) && $_REQUEST['log_as_user'] == $default) {
Acl::set_user($default, true);
//tag who is logged
Epesi::redirect();
return;
}
}
$form->addElement('static', $field, $label);
$form->setDefaults(array($field => self::display_login(array('login' => $default), true, array('id' => 'login'))));
return;
}
$ret = DB::Execute('SELECT id, login FROM user_login ORDER BY login');
$users = array('' => '---', 'new' => '[' . __('Create new user') . ']');
while ($row = $ret->FetchRow()) {
$contact_id = Utils_RecordBrowserCommon::get_id('contact', 'login', $row['id']);
if ($contact_id === false || $contact_id === null || $row['id'] === $default && $mode != 'add') {
if (Base_AclCommon::i_am_admin() || $row['id'] == Acl::get_user()) {
$users[$row['id']] = $row['login'];
}
}
}
$form->addElement('select', $field, $label, $users, array('id' => 'crm_contacts_select_user'));
$form->setDefaults(array($field => $default));
if ($default !== '') {
$form->freeze($field);
} else {
eval_js('new_user_textfield = function(){' . '($("crm_contacts_select_user").value=="new"?"":"none");' . '$("username").up("tr").style.display = $("set_password").up("tr").style.display = $("confirm_password").up("tr").style.display = $("_access__data").up("tr").style.display = ($("crm_contacts_select_user").value==""?"none":"");' . 'if ($("contact_admin")) $("contact_admin").up("tr").style.display = ($("crm_contacts_select_user").value==""?"none":"");' . '}');
eval_js('new_user_textfield();');
eval_js('Event.observe("crm_contacts_select_user","change",function(){new_user_textfield();});');
}
if ($default) {
eval_js('$("_login__data").up("tr").style.display = "none";');
}
}
public static function add($group,$permission,$user,$note=null,$oryg=null,$file=null,$func=null,$args=null,$sticky=false,$note_title='',$crypted=false) {
if(($oryg && !$file) || ($file && !$oryg))
trigger_error('Invalid add attachment call: missing original filename or temporary filepath',E_USER_ERROR);
$old_user = Acl::get_user();
if($old_user!=$user) Acl::set_user($user);
$id = Utils_RecordBrowserCommon::new_record('utils_attachment',array('local'=>$group,'note'=>$note,'permission'=>$permission,'func'=>serialize($func),'args'=>serialize($args),'sticky'=>$sticky?1:0,'title'=>$note_title,'crypted'=>$crypted?1:0));
if($old_user!=$user) Acl::set_user($old_user);
if($file)
self::add_file($id, $user, $oryg, $file);
return $id;
}
public function user_actions($r, $gb_row)
{
static $admin_levels = false;
static $my_level = false;
if ($admin_levels === false) {
$admin_levels = DB::GetAssoc('SELECT id,admin FROM user_login');
}
if ($my_level === false) {
$my_level = isset($admin_levels[Base_AclCommon::get_user()]) ? $admin_levels[Base_AclCommon::get_user()] : 0;
}
$mod = 'Base_User_Administrator';
$log_as_user = Base_AdminCommon::get_access($mod, 'log_as_user');
$log_as_admin = Base_AdminCommon::get_access($mod, 'log_as_admin');
$user_level = isset($admin_levels[$r['login']]) ? $admin_levels[$r['login']] : 0;
// 2 is superadmin, 1 admin, 0 user
if ($my_level == 2 || $my_level == 1 && ($user_level == 0 && $log_as_user || $user_level == 1 && $log_as_admin)) {
// contact is admin and I can login as admin
if (Base_UserCommon::is_active($r['login'])) {
$gb_row->add_action($this->create_callback_href(array($this, 'change_user_active_state'), array($r['login'], false)), 'Deactivate user', null, Base_ThemeCommon::get_template_file('Utils_GenericBrowser', 'active-on.png'));
$gb_row->add_action(Module::create_href(array('log_as_user' => $r['login'])), 'Log as user', null, Base_ThemeCommon::get_template_file('Utils_GenericBrowser', 'restore.png'));
// action!
if (isset($_REQUEST['log_as_user']) && $_REQUEST['log_as_user'] == $r['login']) {
Acl::set_user($r['login'], true);
Epesi::redirect();
return;
}
} else {
$gb_row->add_action($this->create_callback_href(array($this, 'change_user_active_state'), array($r['login'], true)), 'Activate user', null, Base_ThemeCommon::get_template_file('Utils_GenericBrowser', 'active-off.png'));
}
}
}
public function done($d)
{
@set_time_limit(0);
if (count($this->ini) == 1) {
$pkgs = reset($this->ini);
$pkgs = $pkgs['package'];
} else {
$pkgs = isset($this->ini[$d[0]['setup_type']]['package']) ? $this->ini[$d[0]['setup_type']]['package'] : array();
}
$t = microtime(true);
error_log(date('Y-m-d H:i:s') . ': installing "Base" ...' . "\n", 3, DATA_DIR . '/firstrun.log');
if (!ModuleManager::install('Base', null, false)) {
print 'Unable to install Base module pack.';
return false;
}
error_log(date('Y-m-d H:i:s') . ': done (' . (microtime(true) - $t) . "s).\n", 3, DATA_DIR . '/firstrun.log');
$t = microtime(true);
error_log(date('Y-m-d H:i:s') . ': creating admin user ...' . "\n", 3, DATA_DIR . '/firstrun.log');
if (!Base_UserCommon::add_user($d['simple_user']['login'])) {
print 'Unable to create user';
return false;
}
$user_id = Base_UserCommon::get_user_id($d['simple_user']['login']);
if ($user_id === false) {
print 'Unable to get admin user id';
return false;
}
if (!DB::Execute('INSERT INTO user_password(user_login_id,password,mail) VALUES(%d,%s, %s)', array($user_id, md5($d['simple_user']['pass']), $d['simple_user']['mail']))) {
print 'Unable to set user password';
return false;
}
if (!Base_UserCommon::change_admin($user_id, 2)) {
print 'Unable to update admin account data (groups).';
return false;
}
Acl::set_user($user_id, true);
Variable::set('anonymous_setup', false);
error_log(date('Y-m-d H:i:s') . ': done (' . (microtime(true) - $t) . "s).\n", 3, DATA_DIR . '/firstrun.log');
$t = microtime(true);
error_log(date('Y-m-d H:i:s') . ': setting mail server ...' . "\n", 3, DATA_DIR . '/firstrun.log');
$method = $d['simple_mail']['mail_method'];
Variable::set('mail_method', $method);
Variable::set('mail_from_addr', $d['simple_user']['mail']);
Variable::set('mail_from_name', $d['simple_user']['login']);
if ($method == 'smtp') {
Variable::set('mail_host', $d['simple_mail_smtp']['mail_host']);
if ($d['simple_mail_smtp']['mail_user'] !== '' && $d['simple_mail_smtp']['mail_user'] !== '') {
$auth = true;
} else {
$auth = false;
}
Variable::set('mail_auth', $auth);
if ($auth) {
Variable::set('mail_user', $d['simple_mail_smtp']['mail_user']);
Variable::set('mail_password', $d['simple_mail_smtp']['mail_password']);
}
}
error_log(date('Y-m-d H:i:s') . ': done (' . (microtime(true) - $t) . "s).\n", 3, DATA_DIR . '/firstrun.log');
$t = microtime(true);
error_log(date('Y-m-d H:i:s') . ': Installing modules ...' . "\n", 3, DATA_DIR . '/firstrun.log');
foreach ($pkgs as $p) {
if (!is_dir('modules/' . $p)) {
continue;
}
$t2 = microtime(true);
error_log(' * ' . date('Y-m-d H:i:s') . ' - ' . $p . ' (', 3, DATA_DIR . '/firstrun.log');
if (!ModuleManager::install(str_replace('/', '_', $p), null, false)) {
print '<b>Unable to install ' . str_replace('_', '/', $p) . ' module.</b>';
}
error_log(microtime(true) - $t2 . "s)\n", 3, DATA_DIR . '/firstrun.log');
}
error_log(date('Y-m-d H:i:s') . ': done (' . (microtime(true) - $t) . "s).\n", 3, DATA_DIR . '/firstrun.log');
$t = microtime(true);
error_log(date('Y-m-d H:i:s') . ': Refreshing cache of modules ...' . "\n", 3, DATA_DIR . '/firstrun.log');
ModuleManager::create_load_priority_array();
Base_SetupCommon::refresh_available_modules();
error_log(date('Y-m-d H:i:s') . ': done (' . (microtime(true) - $t) . "s).\n", 3, DATA_DIR . '/firstrun.log');
$t = microtime(true);
error_log(date('Y-m-d H:i:s') . ': Creating cache of template files ...' . "\n", 3, DATA_DIR . '/firstrun.log');
Base_ThemeCommon::create_cache();
error_log(date('Y-m-d H:i:s') . ': done (' . (microtime(true) - $t) . "s).\n", 3, DATA_DIR . '/firstrun.log');
$t = microtime(true);
error_log(date('Y-m-d H:i:s') . ': Updating translation files ...' . "\n", 3, DATA_DIR . '/firstrun.log');
Base_LangCommon::update_translations();
error_log(date('Y-m-d H:i:s') . ': done (' . (microtime(true) - $t) . "s).\n", 3, DATA_DIR . '/firstrun.log');
$processed = ModuleManager::get_processed_modules();
$_SESSION['first-run_post-install'] = $processed['install'];
location();
}
public static function cron2() {
$interval = DB::is_postgresql() ? DB::qstr('4 minute') : '4 minute';
$arr = DB::GetAll('SELECT m.*,u.* FROM utils_messenger_message m INNER JOIN utils_messenger_users u ON u.message_id=m.id WHERE u.follow=0 AND m.alert_on+INTERVAL ' . $interval . ' <%T',array(time()));
foreach($arr as $row) {
Acl::set_user($row['user_login_id']);
$always_follow = Base_User_SettingsCommon::get('Utils_Messenger','always_follow_me');
if(!$always_follow && $row['done']) continue;
ob_start();
$fret = call_user_func_array(unserialize($row['callback_method']),unserialize($row['callback_args']));
ob_end_clean();
DB::Execute('UPDATE utils_messenger_users SET follow=1 WHERE message_id=%d AND user_login_id=%d',array($row['id'],$row['user_login_id']));
$mail = Base_User_SettingsCommon::get('Utils_Messenger','mail');
if($mail) {
$msg = __('Alert on: %s',array(Base_RegionalSettingsCommon::time2reg($row['alert_on'],2)))."\n".$fret."\n".($row['message']?__('Alarm comment: %s',array($row['message'])):'');
Base_MailCommon::send($mail,'Alert!',$msg);
}
Acl::set_user();
}
return '';
}
if (!$link) {
break;
}
Patch::set_message('Processing note: ' . $links . '/' . $links_qty);
$old_checkpoint->require_time(2);
$notes = DB::GetAll('SELECT * FROM utils_attachment_note WHERE attach_id=%d ORDER BY revision', $link['id']);
$note = array_shift($notes);
Acl::set_user($note['created_by']);
$rid = Utils_RecordBrowserCommon::new_record('utils_attachment', array('title' => $link['title'], 'note' => $note['text'], 'permission' => $link['permission'], 'sticky' => $link['sticky'], 'crypted' => array('crypted' => $link['crypted']), 'func' => $link['func'], 'args' => $link['args'], '__date' => $note['created_on'], 'local' => $link['local']));
// DB::Execute('INSERT INTO utils_attachment_local(local,attachment) VALUES(%s,%d)',array($link['local'],$rid));
$map[$link['id']] = $rid;
foreach ($notes as $note) {
Acl::set_user($note['created_by']);
Utils_RecordBrowserCommon::update_record('utils_attachment', $rid, array('note' => $note['text'], '__date' => $note['created_on']));
}
Acl::set_user($us);
$old_checkpoint->set('links', $links);
$old_checkpoint->set('map', $map);
}
}
$old_checkpoint->done();
Patch::set_message('Updating database');
$delete_old_fk_checkpoint = Patch::checkpoint('delete_old_fk');
if (!$delete_old_fk_checkpoint->is_done()) {
Patch::require_time(5);
if (DB::is_mysql()) {
$a = DB::GetRow('SHOW CREATE TABLE utils_attachment_file');
if (preg_match('/CONSTRAINT (.+) FOREIGN KEY .*attach_id/', $a[1], $m)) {
DB::Execute('alter table `utils_attachment_file` drop foreign key ' . $m[1]);
}
$a = @DB::GetRow('SHOW CREATE TABLE crm_import_attach');
public function log_as_user($id)
{
Acl::set_user($id, true);
//tag who is logged
Epesi::redirect();
}
public static function new_event($category_name, $id, $message) {
if(self::$disabled) return;
$category_id = self::get_category_id($category_name, false);
if (!$category_id) return;
DB::Execute('INSERT INTO utils_watchdog_event (category_id, internal_id, message, event_time) VALUES (%d,%d,%s,%T)',array($category_id,$id,$message,time()));
$event_id = DB::Insert_ID('utils_watchdog_event', 'id');
Utils_WatchdogCommon::notified($category_name,$id);
$count = DB::GetOne('SELECT COUNT(*) FROM utils_watchdog_event WHERE category_id=%d AND internal_id=%d', array($category_id,$id));
if ($count==1) {
$subscribers = self::get_subscribers($category_id);
foreach ($subscribers as $s)
self::user_subscribe($s, $category_name, $id);
}
$subscribers = self::get_subscribers($category_name, $id);
$c_user = Acl::get_user();
self::email_mode(true);
foreach ($subscribers as $user_id) {
if ($user_id==$c_user) continue;
$wants_email = Base_User_SettingsCommon::get('Utils_Watchdog', 'email', $user_id);
if (!$wants_email) continue;
Acl::set_user($user_id);
Base_LangCommon::load();
$email_data = self::display_events($category_id, array($event_id => $message), $id, true);
if (!$email_data) continue;
$contact = Utils_RecordBrowserCommon::get_id('contact', 'login', $user_id);
if (!$contact) continue;
$email = Utils_RecordBrowserCommon::get_value('contact', $contact, 'email');
if (!$email) continue;
$title = __('%s notification - %s - %s', array(EPESI, $email_data['category'], strip_tags($email_data['title'])));
Base_MailCommon::send($email, $title, $email_data['events'], null, null, true);
}
Acl::set_user($c_user);
Base_LangCommon::load();
self::email_mode(false);
}
<?php
header("Content-type: text/javascript");
define('JS_OUTPUT', 1);
require_once '../../../include.php';
ModuleManager::load_modules();
if (Acl::is_user()) {
Acl::set_user(null, true);
die('document.location=\'index.php\';');
}