private function auth($user, $pass)
{
$error = '';
$t = Variable::get('host_ban_time');
if ($t > 0) {
$fails = DB::GetOne('SELECT count(*) FROM user_login_ban WHERE failed_on>%d AND from_addr=%s', array(time() - $t, $_SERVER['REMOTE_ADDR']));
if ($fails >= 3) {
$error = 'Host banned.';
}
}
if ($error === '') {
$ret = Base_User_LoginCommon::check_login($user, $pass);
if (!$ret) {
$error = 'Login failed.';
if ($t > 0) {
DB::Execute('DELETE FROM user_login_ban WHERE failed_on<=%d', array(time() - $t));
DB::Execute('INSERT INTO user_login_ban(failed_on,from_addr) VALUES(%d,%s)', array(time(), $_SERVER['REMOTE_ADDR']));
$fails = DB::GetOne('SELECT count(*) FROM user_login_ban WHERE failed_on>%d AND from_addr=%s', array(time() - $t, $_SERVER['REMOTE_ADDR']));
if ($fails >= 3) {
$error .= ' Host banned.';
}
}
} else {
$uid = Base_UserCommon::get_user_id($user);
Acl::set_user($uid, true);
}
}
return $error;
}
static function form()
{
try {
$anonymous = Variable::get('anonymous_setup');
} catch (NoSuchVariableException $e) {
$anonymous = true;
}
if (!Base_AclCommon::is_user() && Base_User_LoginCommon::is_banned()) {
return self::t('You have exceeded the number of allowed login attempts.');
}
require_once 'modules/Libs/QuickForm/requires.php';
if (!Base_AclCommon::is_user() && !$anonymous) {
Base_User_LoginCommon::autologin();
}
if (!Base_AclCommon::is_user() && !$anonymous) {
$get = count($_GET) ? '?' . http_build_query($_GET) : '';
$form = new HTML_QuickForm('loginform', 'post', $_SERVER['PHP_SELF'] . $get);
$form->setRequiredNote('<span style="font-size:80%; color:#ff0000;">*</span><span style="font-size:80%;">' . self::t('denotes required field') . '</span>');
$form->addElement('text', 'username', self::t('Username'));
$form->addRule('username', 'Field required', 'required');
$form->addElement('password', 'password', self::t('Password'));
$form->addRule('password', 'Field required', 'required');
// register and add a rule to check if user is banned
$form->registerRule('check_user_banned', 'callback', 'rule_login_banned', 'Base_User_LoginCommon');
$form->addRule('username', self::t('You have exceeded the number of allowed login attempts.'), 'check_user_banned');
// register and add a rule to check if user and password exists
$form->registerRule('check_login', 'callback', 'submit_login', 'Base_User_LoginCommon');
$form->addRule(array('username', 'password'), self::t('Login or password incorrect'), 'check_login', $form);
$form->addElement('submit', null, self::t('Login'));
if ($form->validate()) {
$user = $form->exportValue('username');
Base_AclCommon::set_user(Base_UserCommon::get_user_id($user), true);
// redirect below is used to better browser refresh behavior.
header('Location: ' . $_SERVER['REQUEST_URI']);
} else {
return "<center>" . $form->toHtml() . "</center>";
}
}
}
private function logout_action()
{
if (isset($_GET['logout'])) {
unset($_GET['logout']);
Base_User_LoginCommon::logout();
$get = count($_GET) ? '?' . http_build_query($_GET) : '';
header('Location: ' . $_SERVER['PHP_SELF'] . $get);
} else {
$get = $_GET;
$get['logout'] = 1;
$this->layout->add_action_link('?' . http_build_query($get), 'Logout');
}
}
protected function login_form()
{
if (Base_AclCommon::i_am_user() && !Base_AclCommon::i_am_sa()) {
Base_User_LoginCommon::logout();
}
$form = SimpleLogin::form();
return "<p>$form</p>";
}
public function body($tpl = null)
{
//check bans
if (!Acl::is_user() && Base_User_LoginCommon::is_banned()) {
print __('You have exceeded the number of allowed login attempts.') . '<br>';
print '<a href="' . get_epesi_url() . '">' . __('Host banned. Click here to refresh.') . '</a>';
return;
}
//if logged
$this->theme->assign('is_logged_in', Acl::is_user());
$this->theme->assign('is_demo', DEMO_MODE);
if (SUGGEST_DONATION) {
$this->theme->assign('donation_note', __('If you find our software useful, please support us by making a %s.', array('<a href="http://epe.si/cost" target="_blank">' . __('donation') . '</a>')) . '<br>' . __('Your funding will help to ensure continued development of this project.'));
}
if (Acl::is_user()) {
if ($this->get_unique_href_variable('logout')) {
Base_User_LoginCommon::logout();
eval_js('document.location=\'index.php\';', false);
} else {
$this->theme->assign('logged_as', '<div class="logged_as">' . __('Logged as %s', array('</br><b class="green">' . Base_UserCommon::get_my_user_login() . '</b>')) . '</div>');
$this->theme->assign('logout', '<div class="logout_css3_box"><a class="logout_icon" ' . $this->create_unique_href(array('logout' => 1)) . '>' . __('Logout') . '<div class="logout_icon_img"></div></a></div>');
$this->theme->display();
}
return;
}
if ($this->is_back()) {
$this->unset_module_variable('mail_recover_pass');
}
//if recover pass
if ($this->get_module_variable_or_unique_href_variable('mail_recover_pass') == '1') {
$this->recover_pass();
return;
}
if (isset($_REQUEST['password_recovered'])) {
$this->theme->assign('message', __('An e-mail with a new password has been sent.') . '<br><a href="' . get_epesi_url() . '">' . __('Login') . '</a>');
$this->theme->display();
return;
}
if ($this->autologin()) {
return;
}
//else just login form
$form = $this->init_module('Libs/QuickForm', __('Logging in'));
$form->addElement('header', 'login_header', __('Login'));
if (DEMO_MODE) {
global $demo_users;
$form->addElement('select', 'username', __('Username'), $demo_users, array('id' => 'username', 'onChange' => 'this.form.elements["password"].value=this.options[this.selectedIndex].value;'));
$form->addElement('hidden', 'password', key($demo_users));
} else {
$form->addElement('text', 'username', __('Username'), array('id' => 'username'));
$form->addElement('password', 'password', __('Password'));
}
// Display warning about storing a cookie
if (Base_User_LoginCommon::is_autologin_forbidden() == false) {
$warning = __('Keep this box unchecked if using a public computer');
$form->addElement('static', 'warning', null, $warning);
$form->addElement('checkbox', 'autologin', '', __('Remember me'));
}
$form->addElement('static', 'recover_password', null, '<a ' . $this->create_unique_href(array('mail_recover_pass' => 1)) . '>' . __('Recover password') . '</a>');
$form->addElement('submit', 'submit_button', __('Login'), array('class' => 'submit'));
// register and add a rule to check if user is banned
$form->registerRule('check_user_banned', 'callback', 'rule_login_banned', 'Base_User_LoginCommon');
$form->addRule('username', __('You have exceeded the number of allowed login attempts for this username. Try again later.'), 'check_user_banned');
// register and add a rule to check if a username and password is ok
$form->registerRule('check_login', 'callback', 'submit_login', 'Base_User_LoginCommon');
$form->addRule(array('username', 'password'), __('Login or password incorrect'), 'check_login');
$form->addRule('username', __('Field required'), 'required');
$form->addRule('password', __('Field required'), 'required');
if ($form->isSubmitted() && $form->validate()) {
$user = $form->exportValue('username');
Base_User_LoginCommon::set_logged($user);
if (Base_User_LoginCommon::is_autologin_forbidden() == false) {
$autologin = $form->exportValue('autologin');
if ($autologin) {
Base_User_LoginCommon::new_autologin_id();
}
}
location(array());
} else {
$form->assign_theme('form', $this->theme);
$this->theme->assign('mode', 'login');
$logo = $this->init_module('Base/MainModuleIndicator');
$logo->set_inline_display();
$this->theme->assign('logo', $this->get_html_of_module($logo, null, 'login_logo'));
ob_start();
if (!$tpl) {
$this->theme->set_inline_display();
$this->theme->display();
eval_js("focus_by_id('username')");
} else {
Base_ThemeCommon::display_smarty($this->theme->get_smarty(), $tpl[0], $tpl[1]);
}
$ret = ob_get_clean();
if (stripos($ret, '<a href="http://www.telaxus.com">Telaxus LLC</a>') === false || stripos($ret, '<a href="http://epe.si/"><img src="images/epesi-powered.png" alt="EPESI powered" /></a>') === false) {
trigger_error('Epesi terms of use have been violated', E_USER_ERROR);
}
print $ret;
}
}
public static function autologin()
{
if (self::is_autologin_forbidden()) {
return false;
}
if (isset($_COOKIE['autologin_id'])) {
$arr = explode(' ', $_COOKIE['autologin_id']);
if (count($arr) == 2) {
list($user, $autologin_id) = $arr;
$ret = DB::GetOne('SELECT 1 FROM user_login u JOIN user_autologin p ON u.id=p.user_login_id WHERE u.login=%s AND u.active=1 AND p.autologin_id=%s', array($user, $autologin_id));
if ($ret) {
Base_User_LoginCommon::set_logged($user);
self::new_autologin_id($autologin_id);
return true;
}
}
}
return false;
}
public static function submit_contact($values, $mode)
{
switch ($mode) {
case 'cloning':
$values['login'] = '';
return $values;
case 'display':
// display copy company data button and do update if needed
self::copy_company_data_subroutine($values);
$is_employee = false;
if (isset($values['related_companies']) && is_array($values['related_companies']) && in_array(CRM_ContactsCommon::get_main_company(), $values['related_companies'])) {
$is_employee = true;
}
if (isset($values['company_name']) && $values['company_name'] == CRM_ContactsCommon::get_main_company()) {
$is_employee = true;
}
$me = CRM_ContactsCommon::get_my_record();
$emp = array($me['id']);
$cus = array();
if ($is_employee) {
$emp[] = $values['id'];
} else {
$cus[] = 'P:' . $values['id'];
}
$ret = array();
$ret['new'] = array();
$ret['new']['crm_filter'] = '<a ' . Utils_TooltipCommon::open_tag_attrs(__('Set CRM Filter')) . ' ' . Module::create_href(array('set_crm_filter' => 1)) . '>F</a>';
if (isset($_REQUEST['set_crm_filter'])) {
CRM_FiltersCommon::set_profile('c' . $values['id']);
}
if (ModuleManager::is_installed('CRM/Meeting') !== -1 && Utils_RecordBrowserCommon::get_access('crm_meeting', 'add')) {
$ret['new']['event'] = '<a ' . Utils_TooltipCommon::open_tag_attrs(__('New Meeting')) . ' ' . Utils_RecordBrowserCommon::create_new_record_href('crm_meeting', array('employees' => $emp, 'customers' => $cus, 'status' => 0, 'priority' => 1, 'permission' => 0)) . '><img border="0" src="' . Base_ThemeCommon::get_template_file('CRM_Calendar', 'icon-small.png') . '"></a>';
}
if (ModuleManager::is_installed('CRM/Tasks') !== -1 && Utils_RecordBrowserCommon::get_access('task', 'add')) {
$ret['new']['task'] = '<a ' . Utils_TooltipCommon::open_tag_attrs(__('New Task')) . ' ' . Utils_RecordBrowserCommon::create_new_record_href('task', array('employees' => $emp, 'customers' => $cus, 'status' => 0, 'priority' => 1, 'permission' => 0)) . '><img border="0" src="' . Base_ThemeCommon::get_template_file('CRM_Tasks', 'icon-small.png') . '"></a>';
}
if (ModuleManager::is_installed('CRM/PhoneCall') !== -1 && Utils_RecordBrowserCommon::get_access('phonecall', 'add')) {
$ret['new']['phonecall'] = '<a ' . Utils_TooltipCommon::open_tag_attrs(__('New Phonecall')) . ' ' . Utils_RecordBrowserCommon::create_new_record_href('phonecall', array('date_and_time' => date('Y-m-d H:i:s'), 'customer' => 'P:' . $values['id'], 'employees' => $me['id'], 'status' => 0, 'permission' => 0, 'priority' => 1), 'none', false) . '><img border="0" src="' . Base_ThemeCommon::get_template_file('CRM_PhoneCall', 'icon-small.png') . '"></a>';
}
$ret['new']['note'] = Utils_RecordBrowser::$rb_obj->add_note_button('contact/' . $values['id']);
return $ret;
case 'adding':
$values['permission'] = Base_User_SettingsCommon::get('CRM_Common', 'default_record_permission');
break;
case 'add':
if (isset($values['email']) && $values['email'] == '' && $values['login'] != 0 && $mode == 'add') {
$values['email'] = DB::GetOne('SELECT mail FROM user_password WHERE user_login_id=%d', array($values['login']));
}
case 'edit':
if (isset($values['create_company'])) {
$comp_id = Utils_RecordBrowserCommon::new_record('company', array('company_name' => $values['create_company_name'], 'address_1' => $values['address_1'], 'address_2' => $values['address_2'], 'country' => $values['country'], 'city' => $values['city'], 'zone' => isset($values['zone']) ? $values['zone'] : '', 'postal_code' => $values['postal_code'], 'phone' => $values['work_phone'], 'fax' => $values['fax'], 'web_address' => $values['web_address'], 'permission' => $values['permission']));
if (!isset($values['company_name'])) {
$values['company_name'] = null;
}
if (!isset($values['related_companies'])) {
$values['related_companies'] = array();
}
if (!is_array($values['related_companies'])) {
$values['related_companies'] = array($values['related_companies']);
}
if (!$values['company_name']) {
$values['company_name'] = $comp_id;
} else {
$values['related_companies'][] = $comp_id;
}
}
if (Base_AclCommon::i_am_admin()) {
if ($values['login'] == 'new') {
if (!$values['set_password']) {
$values['set_password'] = null;
}
Base_User_LoginCommon::add_user($values['username'], $values['email'], $values['set_password']);
$values['login'] = Base_UserCommon::get_user_id($values['username']);
} else {
if ($values['login']) {
Base_User_LoginCommon::change_user_preferences($values['login'], isset($values['email']) ? $values['email'] : '', isset($values['set_password']) ? $values['set_password'] : null);
if (isset($values['username']) && $values['username']) {
Base_UserCommon::rename_user($values['login'], $values['username']);
}
}
}
if (Base_AclCommon::i_am_sa() && $values['login'] && isset($values['admin']) && $values['admin'] !== '') {
$old_admin = Base_AclCommon::get_admin_level($values['login']);
if ($old_admin != $values['admin']) {
$admin_arr = array(0 => 'No', 1 => 'Administrator', 2 => 'Super Administrator');
if (Base_UserCommon::change_admin($values['login'], $values['admin']) !== true) {
Utils_RecordBrowserCommon::new_record_history('contact', $values['id'], 'Admin set from "' . $admin_arr[$old_admin] . '" to "' . $admin_arr[$values['admin']]);
}
}
}
}
unset($values['admin']);
unset($values['username']);
unset($values['set_password']);
unset($values['confirm_password']);
}
return $values;
}
<?php
if (!isset($_GET['hash'])) {
die('');
}
header("Content-Type: text/html; charset=UTF-8");
define('READ_ONLY_SESSION', true);
define('CID', false);
require_once '../../../../include.php';
ModuleManager::load_modules();
DB::Execute('DELETE FROM user_reset_pass WHERE created_on<%T', array(time() - 3600 * 2));
$user_id = DB::GetOne('SELECT user_login_id FROM user_reset_pass WHERE hash_id=%s', array($_GET['hash']));
if ($user_id == false) {
die(__('Request failed. Authentication link is valid for 2 hours since sending request.'));
}
$pass = generate_password();
$pass_hash = function_exists('password_hash') ? password_hash($pass, PASSWORD_DEFAULT) : md5($pass);
if (!DB::Execute('UPDATE user_password SET password=%s WHERE user_login_id=%d', array($pass_hash, $user_id))) {
die(__('Unable to update password. Please contact system administrator.'));
}
if (!Base_User_LoginCommon::send_mail_with_password(Base_UserCommon::get_user_login($user_id), $pass, Base_User_LoginCommon::get_mail($user_id), true)) {
die(__('Unable to send e-mail with password. Mail module configuration invalid. Please contact system administrator.'));
}
DB::Execute('DELETE FROM user_reset_pass WHERE hash_id =%s', array($_GET['hash']));
header('Location: ' . get_epesi_url() . '?' . http_build_query(array('password_recovered' => 1)));
public function submit_edit_user_form($data)
{
$mail = $data['mail'];
$username = $data['username'];
if (DEMO_MODE) {
print 'You cannot change user password or e-mail address in demo';
return false;
}
$pass = $data['pass'];
$edit_id = $this->get_unique_href_variable('edit_user');
if ($edit_id < 0) {
if (!Base_User_LoginCommon::add_user($username, $mail, $pass)) {
return false;
}
$edit_id = Base_UserCommon::get_user_id($username);
} else {
Base_UserCommon::rename_user($edit_id, $username);
if (Base_User_LoginCommon::change_user_preferences($edit_id, $mail, $pass) === false) {
print __('Unable to update account data (password and mail).');
return false;
}
if (!Base_UserCommon::change_active_state($edit_id, $data['active'])) {
print __('Unable to update account data (active).');
return false;
}
}
if (!Base_UserCommon::change_admin($edit_id, $data['admin'])) {
print __('Unable to update account data (admin).');
return false;
}
return true;
}
public static function autologin()
{
if (self::is_autologin_forbidden()) {
return false;
}
if (isset($_COOKIE['autologin_id'])) {
$arr = explode(' ', $_COOKIE['autologin_id']);
if (count($arr) == 2) {
list($user, $autologin_id) = $arr;
$ret = DB::GetOne('SELECT 1 FROM user_login u JOIN user_autologin p ON u.id=p.user_login_id WHERE u.login=%s AND u.active=1 AND p.autologin_id=%s', array($user, $autologin_id));
if ($ret) {
Base_User_LoginCommon::set_logged($user);
setcookie('autologin_id', $user . ' ' . $autologin_id, time() + 60 * 60 * 24 * 30);
DB::Execute('UPDATE user_autologin SET last_log=%T WHERE user_login_id=%d AND autologin_id=%s', array(time(), Acl::get_user(), $autologin_id));
return true;
}
}
}
return false;
}
