********************************************************************************/ require_once 'modules/Leads/LeadFormBase.php'; global $app_strings, $app_list_strings; $mod_strings = return_module_language($sugar_config['default_language'], 'Leads'); $app_list_strings['record_type_module'] = array('Contact' => 'Contacts', 'Account' => 'Accounts', 'Opportunity' => 'Opportunities', 'Case' => 'Cases', 'Note' => 'Notes', 'Call' => 'Calls', 'Email' => 'Emails', 'Meeting' => 'Meetings', 'Task' => 'Tasks', 'Lead' => 'Leads', 'Bug' => 'Bugs'); /** * To make your changes upgrade safe create a file called leadCapture_override.php and place the changes there */ $users = array('PUT A RANDOM KEY FROM THE WEBSITE HERE' => array('name' => 'PUT THE USER_NAME HERE', 'pass' => 'PUT THE USER_HASH FOR THE RESPECTIVE USER HERE')); if (file_exists('leadCapture_override.php')) { include 'leadCapture_override.php'; } if (!empty($_POST['user']) && !empty($users[$_POST['user']])) { $current_user = new User(); $current_user->user_name = $users[$_POST['user']]['name']; if ($current_user->authenticate_user($users[$_POST['user']]['pass'])) { $userid = $current_user->retrieve_user_id($users[$_REQUEST['user']]['name']); $current_user->retrieve($userid); $leadForm = new LeadFormBase(); $prefix = ''; if (!empty($_POST['prefix'])) { $prefix = $_POST['prefix']; } if (!isset($_POST['assigned_user_id']) || !empty($_POST['assigned_user_id'])) { $_POST['prefix'] = $userid; } $_POST['record'] = ''; if (isset($_POST['_splitName'])) { $name = explode(' ', $_POST['name']); if (sizeof($name) == 1) { $_POST['first_name'] = '';
/** * Validate the user session based on user name and password hash. * * @param string $user_name -- The user name to create a session for * @param string $password -- The MD5 sum of the user's password * @return true -- If the session is created * @return false -- If the session is not created */ function validate_user($user_name, $password) { global $server, $current_user, $sugar_config, $system_config; $user = new User(); $user->user_name = $user_name; $system_config = new Administration(); $system_config->retrieveSettings('system'); $authController = new AuthenticationController(); // Check to see if the user name and password are consistent. if ($user->authenticate_user($password)) { // we also need to set the current_user. $user->retrieve($user->id); $current_user = $user; login_success(); return true; } else { if (function_exists('mcrypt_cbc')) { $password = decrypt_string($password); if ($authController->login($user_name, $password) && isset($_SESSION['authenticated_user_id'])) { $user->retrieve($_SESSION['authenticated_user_id']); $current_user = $user; login_success(); return true; } } else { $GLOBALS['log']->fatal("SECURITY: failed attempted login for {$user_name} using SOAP api"); $server->setError("Invalid username and/or password"); return false; } } }
<?php $success = false; $errors = array(); require 'includes/initialize.php'; if ($session->is_logged_in()) { //already logged in $session->logout(); } if (isset($_POST['email']) && isset($_POST['pwd'])) { if (User::authenticate_user($_POST['email'], $_POST['pwd'])) { $user = User::find_by_email($_POST['email']); if ($user->is_activated($_POST['email'])) { $session->login($user); $success = true; } else { array_push($errors, 'Please activate your email account.'); } } else { array_push($errors, 'Invalid username and password combination.'); } } display_success($success, $errors);
<?php if (!isset($_POST['username']) || !isset($_POST['password'])) { header("Refresh: 3 URL=\"login.php?action=loginFailed&reason=empty\""); echo "<h1>CANNOT LOGIN!</h1> <p>Reason: Password or name is empty. If your page doesn't refresh, <a href='login.php?action=loginFailed&reason=empty'>click here to back</a></p>"; } else { if (empty($_POST['username']) || empty($_POST['password'])) { header("Refresh: 3 URL=\"login.php?action=loginFailed&reason=empty\""); echo "<h1>CANNOT LOGIN!</h1> <p>Reason: Password or name is empty. If your page doesn't refresh, <a href='login.php?action=loginFailed&reason=empty'>click here to back</a></p>"; } else { include_once "config/opendb.php"; include_once 'classes/AAA.php'; $user = addslashes($_POST['username']); $pass = $_POST['password']; $userCheck = new User(); if ($userCheck->authenticate_user($user, $pass)) { $userID = $userCheck->get_user_id_by_user_name($user); $newUser = new User($userID); $access = $newUser->get_access_level(); $full = $newUser->get_full_name(); $newUser->update_last_login(getIP()); session_start(); $_SESSION['username'] = $user; $_SESSION['fullname'] = $full; $_SESSION['password'] = $pass; $_SESSION['access'] = $access; $_SESSION['userid'] = $userID; $_SESSION['action'] = ""; header("Location: index.php"); echo "Login complete."; } else {
public function authenticate_user($id) { $user = new User(); $user->retrieve($id); //test with invalid password $result = $user->authenticate_user(md5("pass")); $this->assertEquals(false, $result); //test with invalid password $result = $user->authenticate_user(md5("test")); $this->assertEquals(true, $result); }
<?php session_start(); if (empty($_POST['email']) || empty($_POST['password'])) { setcookie("flash_danger", "Invalid Email or Password", time() + 3600); header("Location: index.php"); } else { $email = $_POST["email"]; $password = $_POST["password"]; // var_dump($result); die(); require_once 'class.user.php'; $user = new User(); $users = $user->authenticate_user($email, $password); if ($users->num_rows > 0) { $_SESSION["login_user"] = $email; setcookie("flash_success", "Logged In Successfully", time() + 3600); header("Location: index.php"); } else { setcookie("flash_danger", "Invalid Email or Password", time() + 3600); header("Location: index.php"); } }
if ($group_invitation_id) { $location .= "&GInvID={$group_invitation_id}"; } } if ($token) { $location .= "&token={$token}"; } if ($return_url) { $location .= "&return={$return_url}"; } header("Location:{$location}"); exit; } // username and password supplied - attempt to authenticate try { $u = User::authenticate_user($username, $password); } catch (CNException $e) { $msg = "Error: {$e->message}"; $error = TRUE; $u = FALSE; } if ($u > 0) { // if authetication succeeded $pal = new PA_Login(); $remember_me = isset($_POST['remember']) && $_POST['remember'] == 1; $pal->log_in($u, $remember_me, "password"); // verify token if (!empty($token)) { // if token isn't empty try { $token_arr = authenticate_invitation_token($token);
function changePass() { global $propertyForm; $oldpass = $_POST[oldpass]; $newpass1 = $_POST[newpass1]; $newpass2 = $_POST[newpass2]; $status == false; $user_id = $_SESSION[userid]; $user_name = $_SESSION[username]; $user = new User($user_id); if (empty($oldpass)) { $error = "Old password is empty<br>"; } elseif (empty($newpass1)) { $error = "new password is empty<br>"; } elseif (empty($newpass2)) { $error = "new password (confirm) is empty<br>"; } elseif ($newpass2 != $newpass1) { $error = "new password are not the same<br>"; } elseif (!$user->is_local_user($user_name, 'local')) { $error = "Sorry you're not a local user so can not change your password<br>\n\t\t\tYou are probably an LDAP user. Please contact your admin<br>"; } elseif (!$user->authenticate_user($user_name, $oldpass)) { $error = "Old password incorrect<br>"; } elseif (!$user->set_password($newpass1)) { $error = $user->get_error(); } elseif (!$user->update()) { $error = $user->get_error(); return false; } else { $status = "success"; } if ($status == "success") { echo "<script language='javascript'>LoadPage(\"userSettings.php?action=widgetsManagement&mode=edit&update=" . $status . "\", 'settingsInfo');</script>"; } else { $propertyForm->warning("Warning: Failed to update password. Reason: " . $error); } }
/** * Validate the user session based on user name and password hash. * * @param string $user_name -- The user name to create a session for * @param string $password -- The MD5 sum of the user's password * @return true -- If the session is created * @return false -- If the session is not created */ function validate_user($user_name, $password) { global $server, $current_user; $user = new User(); $user->user_name = $user_name; // Check to see if the user name and password are consistent. if ($user->authenticate_user($password)) { // we also need to set the current_user. $user->retrieve($user->id); $current_user = $user; return true; } else { $GLOBALS['log']->fatal("SECURITY: failed attempted login for {$user_name} using SOAP api"); $server->setError("Invalid username and/or password"); return false; } }