private function auth($user, $pass) { $error = ''; $t = Variable::get('host_ban_time'); if ($t > 0) { $fails = DB::GetOne('SELECT count(*) FROM user_login_ban WHERE failed_on>%d AND from_addr=%s', array(time() - $t, $_SERVER['REMOTE_ADDR'])); if ($fails >= 3) { $error = 'Host banned.'; } } if ($error === '') { $ret = Base_User_LoginCommon::check_login($user, $pass); if (!$ret) { $error = 'Login failed.'; if ($t > 0) { DB::Execute('DELETE FROM user_login_ban WHERE failed_on<=%d', array(time() - $t)); DB::Execute('INSERT INTO user_login_ban(failed_on,from_addr) VALUES(%d,%s)', array(time(), $_SERVER['REMOTE_ADDR'])); $fails = DB::GetOne('SELECT count(*) FROM user_login_ban WHERE failed_on>%d AND from_addr=%s', array(time() - $t, $_SERVER['REMOTE_ADDR'])); if ($fails >= 3) { $error .= ' Host banned.'; } } } else { $uid = Base_UserCommon::get_user_id($user); Acl::set_user($uid, true); } } return $error; }
static function form() { try { $anonymous = Variable::get('anonymous_setup'); } catch (NoSuchVariableException $e) { $anonymous = true; } if (!Base_AclCommon::is_user() && Base_User_LoginCommon::is_banned()) { return self::t('You have exceeded the number of allowed login attempts.'); } require_once 'modules/Libs/QuickForm/requires.php'; if (!Base_AclCommon::is_user() && !$anonymous) { Base_User_LoginCommon::autologin(); } if (!Base_AclCommon::is_user() && !$anonymous) { $get = count($_GET) ? '?' . http_build_query($_GET) : ''; $form = new HTML_QuickForm('loginform', 'post', $_SERVER['PHP_SELF'] . $get); $form->setRequiredNote('<span style="font-size:80%; color:#ff0000;">*</span><span style="font-size:80%;">' . self::t('denotes required field') . '</span>'); $form->addElement('text', 'username', self::t('Username')); $form->addRule('username', 'Field required', 'required'); $form->addElement('password', 'password', self::t('Password')); $form->addRule('password', 'Field required', 'required'); // register and add a rule to check if user is banned $form->registerRule('check_user_banned', 'callback', 'rule_login_banned', 'Base_User_LoginCommon'); $form->addRule('username', self::t('You have exceeded the number of allowed login attempts.'), 'check_user_banned'); // register and add a rule to check if user and password exists $form->registerRule('check_login', 'callback', 'submit_login', 'Base_User_LoginCommon'); $form->addRule(array('username', 'password'), self::t('Login or password incorrect'), 'check_login', $form); $form->addElement('submit', null, self::t('Login')); if ($form->validate()) { $user = $form->exportValue('username'); Base_AclCommon::set_user(Base_UserCommon::get_user_id($user), true); // redirect below is used to better browser refresh behavior. header('Location: ' . $_SERVER['REQUEST_URI']); } else { return "<center>" . $form->toHtml() . "</center>"; } } }
private function logout_action() { if (isset($_GET['logout'])) { unset($_GET['logout']); Base_User_LoginCommon::logout(); $get = count($_GET) ? '?' . http_build_query($_GET) : ''; header('Location: ' . $_SERVER['PHP_SELF'] . $get); } else { $get = $_GET; $get['logout'] = 1; $this->layout->add_action_link('?' . http_build_query($get), 'Logout'); } }
protected function login_form() { if (Base_AclCommon::i_am_user() && !Base_AclCommon::i_am_sa()) { Base_User_LoginCommon::logout(); } $form = SimpleLogin::form(); return "<p>$form</p>"; }
public function body($tpl = null) { //check bans if (!Acl::is_user() && Base_User_LoginCommon::is_banned()) { print __('You have exceeded the number of allowed login attempts.') . '<br>'; print '<a href="' . get_epesi_url() . '">' . __('Host banned. Click here to refresh.') . '</a>'; return; } //if logged $this->theme->assign('is_logged_in', Acl::is_user()); $this->theme->assign('is_demo', DEMO_MODE); if (SUGGEST_DONATION) { $this->theme->assign('donation_note', __('If you find our software useful, please support us by making a %s.', array('<a href="http://epe.si/cost" target="_blank">' . __('donation') . '</a>')) . '<br>' . __('Your funding will help to ensure continued development of this project.')); } if (Acl::is_user()) { if ($this->get_unique_href_variable('logout')) { Base_User_LoginCommon::logout(); eval_js('document.location=\'index.php\';', false); } else { $this->theme->assign('logged_as', '<div class="logged_as">' . __('Logged as %s', array('</br><b class="green">' . Base_UserCommon::get_my_user_login() . '</b>')) . '</div>'); $this->theme->assign('logout', '<div class="logout_css3_box"><a class="logout_icon" ' . $this->create_unique_href(array('logout' => 1)) . '>' . __('Logout') . '<div class="logout_icon_img"></div></a></div>'); $this->theme->display(); } return; } if ($this->is_back()) { $this->unset_module_variable('mail_recover_pass'); } //if recover pass if ($this->get_module_variable_or_unique_href_variable('mail_recover_pass') == '1') { $this->recover_pass(); return; } if (isset($_REQUEST['password_recovered'])) { $this->theme->assign('message', __('An e-mail with a new password has been sent.') . '<br><a href="' . get_epesi_url() . '">' . __('Login') . '</a>'); $this->theme->display(); return; } if ($this->autologin()) { return; } //else just login form $form = $this->init_module('Libs/QuickForm', __('Logging in')); $form->addElement('header', 'login_header', __('Login')); if (DEMO_MODE) { global $demo_users; $form->addElement('select', 'username', __('Username'), $demo_users, array('id' => 'username', 'onChange' => 'this.form.elements["password"].value=this.options[this.selectedIndex].value;')); $form->addElement('hidden', 'password', key($demo_users)); } else { $form->addElement('text', 'username', __('Username'), array('id' => 'username')); $form->addElement('password', 'password', __('Password')); } // Display warning about storing a cookie if (Base_User_LoginCommon::is_autologin_forbidden() == false) { $warning = __('Keep this box unchecked if using a public computer'); $form->addElement('static', 'warning', null, $warning); $form->addElement('checkbox', 'autologin', '', __('Remember me')); } $form->addElement('static', 'recover_password', null, '<a ' . $this->create_unique_href(array('mail_recover_pass' => 1)) . '>' . __('Recover password') . '</a>'); $form->addElement('submit', 'submit_button', __('Login'), array('class' => 'submit')); // register and add a rule to check if user is banned $form->registerRule('check_user_banned', 'callback', 'rule_login_banned', 'Base_User_LoginCommon'); $form->addRule('username', __('You have exceeded the number of allowed login attempts for this username. Try again later.'), 'check_user_banned'); // register and add a rule to check if a username and password is ok $form->registerRule('check_login', 'callback', 'submit_login', 'Base_User_LoginCommon'); $form->addRule(array('username', 'password'), __('Login or password incorrect'), 'check_login'); $form->addRule('username', __('Field required'), 'required'); $form->addRule('password', __('Field required'), 'required'); if ($form->isSubmitted() && $form->validate()) { $user = $form->exportValue('username'); Base_User_LoginCommon::set_logged($user); if (Base_User_LoginCommon::is_autologin_forbidden() == false) { $autologin = $form->exportValue('autologin'); if ($autologin) { Base_User_LoginCommon::new_autologin_id(); } } location(array()); } else { $form->assign_theme('form', $this->theme); $this->theme->assign('mode', 'login'); $logo = $this->init_module('Base/MainModuleIndicator'); $logo->set_inline_display(); $this->theme->assign('logo', $this->get_html_of_module($logo, null, 'login_logo')); ob_start(); if (!$tpl) { $this->theme->set_inline_display(); $this->theme->display(); eval_js("focus_by_id('username')"); } else { Base_ThemeCommon::display_smarty($this->theme->get_smarty(), $tpl[0], $tpl[1]); } $ret = ob_get_clean(); if (stripos($ret, '<a href="http://www.telaxus.com">Telaxus LLC</a>') === false || stripos($ret, '<a href="http://epe.si/"><img src="images/epesi-powered.png" alt="EPESI powered" /></a>') === false) { trigger_error('Epesi terms of use have been violated', E_USER_ERROR); } print $ret; } }
public static function autologin() { if (self::is_autologin_forbidden()) { return false; } if (isset($_COOKIE['autologin_id'])) { $arr = explode(' ', $_COOKIE['autologin_id']); if (count($arr) == 2) { list($user, $autologin_id) = $arr; $ret = DB::GetOne('SELECT 1 FROM user_login u JOIN user_autologin p ON u.id=p.user_login_id WHERE u.login=%s AND u.active=1 AND p.autologin_id=%s', array($user, $autologin_id)); if ($ret) { Base_User_LoginCommon::set_logged($user); self::new_autologin_id($autologin_id); return true; } } } return false; }
public static function submit_contact($values, $mode) { switch ($mode) { case 'cloning': $values['login'] = ''; return $values; case 'display': // display copy company data button and do update if needed self::copy_company_data_subroutine($values); $is_employee = false; if (isset($values['related_companies']) && is_array($values['related_companies']) && in_array(CRM_ContactsCommon::get_main_company(), $values['related_companies'])) { $is_employee = true; } if (isset($values['company_name']) && $values['company_name'] == CRM_ContactsCommon::get_main_company()) { $is_employee = true; } $me = CRM_ContactsCommon::get_my_record(); $emp = array($me['id']); $cus = array(); if ($is_employee) { $emp[] = $values['id']; } else { $cus[] = 'P:' . $values['id']; } $ret = array(); $ret['new'] = array(); $ret['new']['crm_filter'] = '<a ' . Utils_TooltipCommon::open_tag_attrs(__('Set CRM Filter')) . ' ' . Module::create_href(array('set_crm_filter' => 1)) . '>F</a>'; if (isset($_REQUEST['set_crm_filter'])) { CRM_FiltersCommon::set_profile('c' . $values['id']); } if (ModuleManager::is_installed('CRM/Meeting') !== -1 && Utils_RecordBrowserCommon::get_access('crm_meeting', 'add')) { $ret['new']['event'] = '<a ' . Utils_TooltipCommon::open_tag_attrs(__('New Meeting')) . ' ' . Utils_RecordBrowserCommon::create_new_record_href('crm_meeting', array('employees' => $emp, 'customers' => $cus, 'status' => 0, 'priority' => 1, 'permission' => 0)) . '><img border="0" src="' . Base_ThemeCommon::get_template_file('CRM_Calendar', 'icon-small.png') . '"></a>'; } if (ModuleManager::is_installed('CRM/Tasks') !== -1 && Utils_RecordBrowserCommon::get_access('task', 'add')) { $ret['new']['task'] = '<a ' . Utils_TooltipCommon::open_tag_attrs(__('New Task')) . ' ' . Utils_RecordBrowserCommon::create_new_record_href('task', array('employees' => $emp, 'customers' => $cus, 'status' => 0, 'priority' => 1, 'permission' => 0)) . '><img border="0" src="' . Base_ThemeCommon::get_template_file('CRM_Tasks', 'icon-small.png') . '"></a>'; } if (ModuleManager::is_installed('CRM/PhoneCall') !== -1 && Utils_RecordBrowserCommon::get_access('phonecall', 'add')) { $ret['new']['phonecall'] = '<a ' . Utils_TooltipCommon::open_tag_attrs(__('New Phonecall')) . ' ' . Utils_RecordBrowserCommon::create_new_record_href('phonecall', array('date_and_time' => date('Y-m-d H:i:s'), 'customer' => 'P:' . $values['id'], 'employees' => $me['id'], 'status' => 0, 'permission' => 0, 'priority' => 1), 'none', false) . '><img border="0" src="' . Base_ThemeCommon::get_template_file('CRM_PhoneCall', 'icon-small.png') . '"></a>'; } $ret['new']['note'] = Utils_RecordBrowser::$rb_obj->add_note_button('contact/' . $values['id']); return $ret; case 'adding': $values['permission'] = Base_User_SettingsCommon::get('CRM_Common', 'default_record_permission'); break; case 'add': if (isset($values['email']) && $values['email'] == '' && $values['login'] != 0 && $mode == 'add') { $values['email'] = DB::GetOne('SELECT mail FROM user_password WHERE user_login_id=%d', array($values['login'])); } case 'edit': if (isset($values['create_company'])) { $comp_id = Utils_RecordBrowserCommon::new_record('company', array('company_name' => $values['create_company_name'], 'address_1' => $values['address_1'], 'address_2' => $values['address_2'], 'country' => $values['country'], 'city' => $values['city'], 'zone' => isset($values['zone']) ? $values['zone'] : '', 'postal_code' => $values['postal_code'], 'phone' => $values['work_phone'], 'fax' => $values['fax'], 'web_address' => $values['web_address'], 'permission' => $values['permission'])); if (!isset($values['company_name'])) { $values['company_name'] = null; } if (!isset($values['related_companies'])) { $values['related_companies'] = array(); } if (!is_array($values['related_companies'])) { $values['related_companies'] = array($values['related_companies']); } if (!$values['company_name']) { $values['company_name'] = $comp_id; } else { $values['related_companies'][] = $comp_id; } } if (Base_AclCommon::i_am_admin()) { if ($values['login'] == 'new') { if (!$values['set_password']) { $values['set_password'] = null; } Base_User_LoginCommon::add_user($values['username'], $values['email'], $values['set_password']); $values['login'] = Base_UserCommon::get_user_id($values['username']); } else { if ($values['login']) { Base_User_LoginCommon::change_user_preferences($values['login'], isset($values['email']) ? $values['email'] : '', isset($values['set_password']) ? $values['set_password'] : null); if (isset($values['username']) && $values['username']) { Base_UserCommon::rename_user($values['login'], $values['username']); } } } if (Base_AclCommon::i_am_sa() && $values['login'] && isset($values['admin']) && $values['admin'] !== '') { $old_admin = Base_AclCommon::get_admin_level($values['login']); if ($old_admin != $values['admin']) { $admin_arr = array(0 => 'No', 1 => 'Administrator', 2 => 'Super Administrator'); if (Base_UserCommon::change_admin($values['login'], $values['admin']) !== true) { Utils_RecordBrowserCommon::new_record_history('contact', $values['id'], 'Admin set from "' . $admin_arr[$old_admin] . '" to "' . $admin_arr[$values['admin']]); } } } } unset($values['admin']); unset($values['username']); unset($values['set_password']); unset($values['confirm_password']); } return $values; }
<?php if (!isset($_GET['hash'])) { die(''); } header("Content-Type: text/html; charset=UTF-8"); define('READ_ONLY_SESSION', true); define('CID', false); require_once '../../../../include.php'; ModuleManager::load_modules(); DB::Execute('DELETE FROM user_reset_pass WHERE created_on<%T', array(time() - 3600 * 2)); $user_id = DB::GetOne('SELECT user_login_id FROM user_reset_pass WHERE hash_id=%s', array($_GET['hash'])); if ($user_id == false) { die(__('Request failed. Authentication link is valid for 2 hours since sending request.')); } $pass = generate_password(); $pass_hash = function_exists('password_hash') ? password_hash($pass, PASSWORD_DEFAULT) : md5($pass); if (!DB::Execute('UPDATE user_password SET password=%s WHERE user_login_id=%d', array($pass_hash, $user_id))) { die(__('Unable to update password. Please contact system administrator.')); } if (!Base_User_LoginCommon::send_mail_with_password(Base_UserCommon::get_user_login($user_id), $pass, Base_User_LoginCommon::get_mail($user_id), true)) { die(__('Unable to send e-mail with password. Mail module configuration invalid. Please contact system administrator.')); } DB::Execute('DELETE FROM user_reset_pass WHERE hash_id =%s', array($_GET['hash'])); header('Location: ' . get_epesi_url() . '?' . http_build_query(array('password_recovered' => 1)));
public function submit_edit_user_form($data) { $mail = $data['mail']; $username = $data['username']; if (DEMO_MODE) { print 'You cannot change user password or e-mail address in demo'; return false; } $pass = $data['pass']; $edit_id = $this->get_unique_href_variable('edit_user'); if ($edit_id < 0) { if (!Base_User_LoginCommon::add_user($username, $mail, $pass)) { return false; } $edit_id = Base_UserCommon::get_user_id($username); } else { Base_UserCommon::rename_user($edit_id, $username); if (Base_User_LoginCommon::change_user_preferences($edit_id, $mail, $pass) === false) { print __('Unable to update account data (password and mail).'); return false; } if (!Base_UserCommon::change_active_state($edit_id, $data['active'])) { print __('Unable to update account data (active).'); return false; } } if (!Base_UserCommon::change_admin($edit_id, $data['admin'])) { print __('Unable to update account data (admin).'); return false; } return true; }
public static function autologin() { if (self::is_autologin_forbidden()) { return false; } if (isset($_COOKIE['autologin_id'])) { $arr = explode(' ', $_COOKIE['autologin_id']); if (count($arr) == 2) { list($user, $autologin_id) = $arr; $ret = DB::GetOne('SELECT 1 FROM user_login u JOIN user_autologin p ON u.id=p.user_login_id WHERE u.login=%s AND u.active=1 AND p.autologin_id=%s', array($user, $autologin_id)); if ($ret) { Base_User_LoginCommon::set_logged($user); setcookie('autologin_id', $user . ' ' . $autologin_id, time() + 60 * 60 * 24 * 30); DB::Execute('UPDATE user_autologin SET last_log=%T WHERE user_login_id=%d AND autologin_id=%s', array(time(), Acl::get_user(), $autologin_id)); return true; } } } return false; }