nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2025-12-30 00:53:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Documentation, format class, no modification. (#7628)

Browse Source
This commit is contained in:
frytimo
2025-11-18 21:49:39 -04:00
committed by GitHub
parent adfc4cc469
commit bbe7b9e9b7
37 changed files with 5051 additions and 4144 deletions
Download Patch File Download Diff File Expand all files Collapse all files

432
core/authentication/resources/classes/authentication.php
View File

@@ -27,8 +27,6 @@
/**
* authentication
*
* @method validate uses authentication plugins to check if a user is authorized to login
* @method get_domain used to get the domain name from the URL or username and then sets both domain_name and domain_uuid
*/
class authentication {
@@ -71,168 +69,172 @@ class authentication {
/**
* validate uses authentication plugins to check if a user is authorized to login
*
* @return array|false [plugin] => last plugin used to authenticate the user [authorized] => true or false
*/
public function validate() {
//set default return array as null
$result = null;
$result = null;
//use a login message when a login attempt fails
$failed_login_message = null;
$failed_login_message = null;
//get the domain_name and domain_uuid
if (!isset($this->domain_name) || !isset($this->domain_uuid)) {
$this->get_domain();
}
if (!isset($this->domain_name) || !isset($this->domain_uuid)) {
$this->get_domain();
}
//create a settings object to pass to plugins
$this->settings = new settings(['database' => $this->database, 'domain_uuid' => $this->domain_uuid]);
$this->settings = new settings(['database' => $this->database, 'domain_uuid' => $this->domain_uuid]);
//set the default authentication method to the database
if (empty($_SESSION['authentication']['methods']) || !is_array($_SESSION['authentication']['methods'])) {
$_SESSION['authentication']['methods'][] = 'database';
}
if (empty($_SESSION['authentication']['methods']) || !is_array($_SESSION['authentication']['methods'])) {
$_SESSION['authentication']['methods'][] = 'database';
}
//set the database as the default plugin
if (!isset($_SESSION['authentication']['methods'])) {
$_SESSION['authentication']['methods'][] = 'database';
}
if (!isset($_SESSION['authentication']['methods'])) {
$_SESSION['authentication']['methods'][] = 'database';
}
//check if contacts app exists
$contacts_exists = file_exists(dirname(__DIR__, 4) . '/core/contacts/');
$contacts_exists = file_exists(dirname(__DIR__, 4) . '/core/contacts/');
//use the authentication plugins
foreach ($_SESSION['authentication']['methods'] as $name) {
//already processed the plugin move to the next plugin
if (!empty($_SESSION['authentication']['plugin'][$name]['authorized']) && $_SESSION['authentication']['plugin'][$name]['authorized']) {
continue;
foreach ($_SESSION['authentication']['methods'] as $name) {
//already processed the plugin move to the next plugin
if (!empty($_SESSION['authentication']['plugin'][$name]['authorized']) && $_SESSION['authentication']['plugin'][$name]['authorized']) {
continue;
}
//prepare variables
$class_name = "plugin_" . $name;
$base = __DIR__ . "/plugins";
$plugin = $base . "/" . $name . ".php";
//process the plugin
if (file_exists($plugin)) {
//run the plugin
$object = new $class_name();
$object->domain_name = $this->domain_name;
$object->domain_uuid = $this->domain_uuid;
if ($name == 'database' && isset($this->key)) {
$object->key = $this->key;
}
if ($name == 'database' && isset($this->username)) {
$object->username = $this->username;
$object->password = $this->password;
}
//initialize the plugin send the authentication object and settings
$array = $object->$name($this, $this->settings);
//build a result array
if (!empty($array) && is_array($array)) {
$result['plugin'] = $array["plugin"];
$result['domain_name'] = $array["domain_name"];
$result['username'] = $array["username"];
$result['user_uuid'] = $array["user_uuid"];
$result['contact_uuid'] = $array["contact_uuid"];
if ($contacts_exists) {
$result["contact_organization"] = $array["contact_organization"] ?? '';
$result["contact_name_given"] = $array["contact_name_given"] ?? '';
$result["contact_name_family"] = $array["contact_name_family"] ?? '';
$result["contact_image"] = $array["contact_image"] ?? '';
}
$result['domain_uuid'] = $array["domain_uuid"];
$result['authorized'] = $array["authorized"];
//set the domain_uuid
$this->domain_uuid = $array["domain_uuid"];
//set the user_uuid
$this->user_uuid = $array["user_uuid"];
//save the result to the authentication plugin
$_SESSION['authentication']['plugin'][$name] = $result;
}
//prepare variables
$class_name = "plugin_".$name;
$base = __DIR__ . "/plugins";
$plugin = $base."/".$name.".php";
//process the plugin
if (file_exists($plugin)) {
//run the plugin
$object = new $class_name();
$object->domain_name = $this->domain_name;
$object->domain_uuid = $this->domain_uuid;
if ($name == 'database' && isset($this->key)) {
$object->key = $this->key;
}
if ($name == 'database' && isset($this->username)) {
$object->username = $this->username;
$object->password = $this->password;
}
//initialize the plugin send the authentication object and settings
$array = $object->$name($this, $this->settings);
//build a result array
if (!empty($array) && is_array($array)) {
$result['plugin'] = $array["plugin"];
$result['domain_name'] = $array["domain_name"];
$result['username'] = $array["username"];
$result['user_uuid'] = $array["user_uuid"];
$result['contact_uuid'] = $array["contact_uuid"];
if ($contacts_exists) {
$result["contact_organization"] = $array["contact_organization"] ?? '';
$result["contact_name_given"] = $array["contact_name_given"] ?? '';
$result["contact_name_family"] = $array["contact_name_family"] ?? '';
$result["contact_image"] = $array["contact_image"] ?? '';
}
$result['domain_uuid'] = $array["domain_uuid"];
$result['authorized'] = $array["authorized"];
//set the domain_uuid
$this->domain_uuid = $array["domain_uuid"];
//set the user_uuid
$this->user_uuid = $array["user_uuid"];
//save the result to the authentication plugin
$_SESSION['authentication']['plugin'][$name] = $result;
}
//plugin authorized false
if (!$result['authorized']) {
break;
}
//plugin authorized false
if (!$result['authorized']) {
break;
}
}
}
//make sure all plugins are in the array
if (!empty($_SESSION['authentication']['methods'])) {
foreach ($_SESSION['authentication']['methods'] as $name) {
if (!isset($_SESSION['authentication']['plugin'][$name]['authorized'])) {
$_SESSION['authentication']['plugin'][$name]['plugin'] = $name;
$_SESSION['authentication']['plugin'][$name]['domain_name'] = $_SESSION['domain_name'];
$_SESSION['authentication']['plugin'][$name]['domain_uuid'] = $_SESSION['domain_uuid'];
$_SESSION['authentication']['plugin'][$name]['username'] = $_SESSION['username'];
$_SESSION['authentication']['plugin'][$name]['user_uuid'] = $_SESSION['user_uuid'];
$_SESSION['authentication']['plugin'][$name]['user_email'] = $_SESSION['user_email'];
$_SESSION['authentication']['plugin'][$name]['authorized'] = false;
}
if (!empty($_SESSION['authentication']['methods'])) {
foreach ($_SESSION['authentication']['methods'] as $name) {
if (!isset($_SESSION['authentication']['plugin'][$name]['authorized'])) {
$_SESSION['authentication']['plugin'][$name]['plugin'] = $name;
$_SESSION['authentication']['plugin'][$name]['domain_name'] = $_SESSION['domain_name'];
$_SESSION['authentication']['plugin'][$name]['domain_uuid'] = $_SESSION['domain_uuid'];
$_SESSION['authentication']['plugin'][$name]['username'] = $_SESSION['username'];
$_SESSION['authentication']['plugin'][$name]['user_uuid'] = $_SESSION['user_uuid'];
$_SESSION['authentication']['plugin'][$name]['user_email'] = $_SESSION['user_email'];
$_SESSION['authentication']['plugin'][$name]['authorized'] = false;
}
}
}
//debug information
//view_array($_SESSION['authentication'], false);
//view_array($_SESSION['authentication'], false);
//set authorized to false if any authentication method failed
$authorized = false;
$plugin_name = '';
if (is_array($_SESSION['authentication']['plugin'])) {
foreach($_SESSION['authentication']['plugin'] as $row) {
$plugin_name = $row['plugin'];
if ($row["authorized"]) {
$authorized = true;
}
else {
$authorized = false;
$failed_login_message = "Authentication plugin '$plugin_name' blocked login attempt";
break;
}
$authorized = false;
$plugin_name = '';
if (is_array($_SESSION['authentication']['plugin'])) {
foreach ($_SESSION['authentication']['plugin'] as $row) {
$plugin_name = $row['plugin'];
if ($row["authorized"]) {
$authorized = true;
} else {
$authorized = false;
$failed_login_message = "Authentication plugin '$plugin_name' blocked login attempt";
break;
}
}
}
//user is authorized - get user settings, check user cidr
if ($authorized) {
//get the cidr restrictions from global, domain, and user default settings
$this->settings = new settings(['database' => $this->database, 'domain_uuid' => $this->domain_uuid, 'user_uuid' => $this->user_uuid]);
$cidr_list = $this->settings->get('domain', 'cidr', []);
if (check_cidr($cidr_list, $_SERVER['REMOTE_ADDR'])) {
//user passed the cidr check
self::create_user_session($result, $this->settings);
} else {
//user failed the cidr check - no longer authorized
$authorized = false;
$failed_login_message = "CIDR blocked login attempt";
$_SESSION['authentication']['plugin'][$name]['authorized'] = false;
}
if ($authorized) {
//get the cidr restrictions from global, domain, and user default settings
$this->settings = new settings(['database' => $this->database, 'domain_uuid' => $this->domain_uuid, 'user_uuid' => $this->user_uuid]);
$cidr_list = $this->settings->get('domain', 'cidr', []);
if (check_cidr($cidr_list, $_SERVER['REMOTE_ADDR'])) {
//user passed the cidr check
self::create_user_session($result, $this->settings);
} else {
//user failed the cidr check - no longer authorized
$authorized = false;
$failed_login_message = "CIDR blocked login attempt";
$_SESSION['authentication']['plugin'][$name]['authorized'] = false;
}
}
//set a session variable to indicate whether or not we are authorized
$_SESSION['authorized'] = $authorized;
$_SESSION['authorized'] = $authorized;
//log the attempt
user_logs::add($_SESSION['authentication']['plugin'][$name], $failed_login_message);
user_logs::add($_SESSION['authentication']['plugin'][$name], $failed_login_message);
//return the result
return $result ?? false;
return $result ?? false;
}
/**
* Creates a valid user session in the superglobal $_SESSION.
* <p>The $result must be a validated user with the appropriate variables set.<br>
* The associative array
* @global database $database
* @global string $conf
* @param array|bool $result Associative array containing: domain_uuid, domain_name, user_uuid, username. Contact keys can be empty, but should still be present. They include: contact_uuid, contact_name_given, contact_name_family, contact_image.
* @param settings $settings From the settings object
*
* @param array|bool $result Associative array containing: domain_uuid, domain_name, user_uuid, username. Contact
* keys can be empty, but should still be present. They include: contact_uuid,
* contact_name_given, contact_name_family, contact_image.
* @param settings $settings From the settings object
*
* @return void
* @global string $conf
* @global database $database
*/
public static function create_user_session($result = [], $settings = null): void {
@@ -248,8 +250,8 @@ class authentication {
$required_keys = [
'domain_uuid' => true,
'domain_name' => true,
'user_uuid' => true,
'username' => true,
'user_uuid' => true,
'username' => true,
];
// Any missing required_fields are left in the $diff array.
@@ -281,8 +283,8 @@ class authentication {
// Set the session variables
$_SESSION["domain_uuid"] = $result["domain_uuid"];
$_SESSION["domain_name"] = $result["domain_name"];
$_SESSION["user_uuid"] = $result["user_uuid"];
$_SESSION["context"] = $result['domain_name'];
$_SESSION["user_uuid"] = $result["user_uuid"];
$_SESSION["context"] = $result['domain_name'];
// Build the session server array to validate the session
global $conf;
@@ -297,19 +299,19 @@ class authentication {
$_SESSION["user_hash"] = hash('sha256', implode($server_array));
// User session array
$_SESSION["user"]["domain_uuid"] = $result["domain_uuid"];
$_SESSION["user"]["domain_name"] = $result["domain_name"];
$_SESSION["user"]["user_uuid"] = $result["user_uuid"];
$_SESSION["user"]["username"] = $result["username"];
$_SESSION["user"]["domain_uuid"] = $result["domain_uuid"];
$_SESSION["user"]["domain_name"] = $result["domain_name"];
$_SESSION["user"]["user_uuid"] = $result["user_uuid"];
$_SESSION["user"]["username"] = $result["username"];
$_SESSION["user"]["contact_uuid"] = $result["contact_uuid"] ?? null; //contact_uuid is optional
// Check for contacts
if (file_exists($project_root . '/core/contacts/')) {
$_SESSION["user"]["contact_organization"] = $result["contact_organization"] ?? null;
$_SESSION["user"]["contact_name"] = trim(($result["contact_name_given"] ?? '') . ' ' . ($result["contact_name_family"] ?? ''));
$_SESSION["user"]["contact_name_given"] = $result["contact_name_given"] ?? null;
$_SESSION["user"]["contact_name_family"] = $result["contact_name_family"] ?? null;
$_SESSION["user"]["contact_image"] = !empty($result["contact_image"]) && is_uuid($result["contact_image"]) ? $result["contact_image"] : null;
$_SESSION["user"]["contact_name"] = trim(($result["contact_name_given"] ?? '') . ' ' . ($result["contact_name_family"] ?? ''));
$_SESSION["user"]["contact_name_given"] = $result["contact_name_given"] ?? null;
$_SESSION["user"]["contact_name_family"] = $result["contact_name_family"] ?? null;
$_SESSION["user"]["contact_image"] = !empty($result["contact_image"]) && is_uuid($result["contact_image"]) ? $result["contact_image"] : null;
}
//empty the permissions
@@ -334,19 +336,19 @@ class authentication {
$parameters = [];
//get the user settings
$sql = "select * from v_user_settings ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and user_uuid = :user_uuid ";
$sql .= "and user_setting_enabled = true ";
$sql = "select * from v_user_settings ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and user_uuid = :user_uuid ";
$sql .= "and user_setting_enabled = true ";
$parameters['domain_uuid'] = $result["domain_uuid"];
$parameters['user_uuid'] = $result["user_uuid"];
$user_settings = $database->select($sql, $parameters, 'all');
$parameters['user_uuid'] = $result["user_uuid"];
$user_settings = $database->select($sql, $parameters, 'all');
//store user settings in the session when available
if (is_array($user_settings)) {
foreach ($user_settings as $row) {
$name = $row['user_setting_name'];
$category = $row['user_setting_category'];
$name = $row['user_setting_name'];
$category = $row['user_setting_category'];
$subcategory = $row['user_setting_subcategory'];
if (isset($row['user_setting_value'])) {
if (empty($subcategory)) {
@@ -378,27 +380,27 @@ class authentication {
$_SESSION['user']['extension'] = [];
//get the user extension list
$sql = "select ";
$sql .= "e.extension_uuid, ";
$sql .= "e.extension, ";
$sql .= "e.number_alias, ";
$sql .= "e.user_context, ";
$sql .= "e.outbound_caller_id_name, ";
$sql .= "e.outbound_caller_id_number, ";
$sql .= "e.description ";
$sql .= "from ";
$sql .= "v_extension_users as u, ";
$sql .= "v_extensions as e ";
$sql .= "where ";
$sql .= "e.domain_uuid = :domain_uuid ";
$sql .= "and e.extension_uuid = u.extension_uuid ";
$sql .= "and u.user_uuid = :user_uuid ";
$sql .= "and e.enabled = 'true' ";
$sql .= "order by ";
$sql .= "e.extension asc ";
$sql = "select ";
$sql .= "e.extension_uuid, ";
$sql .= "e.extension, ";
$sql .= "e.number_alias, ";
$sql .= "e.user_context, ";
$sql .= "e.outbound_caller_id_name, ";
$sql .= "e.outbound_caller_id_number, ";
$sql .= "e.description ";
$sql .= "from ";
$sql .= "v_extension_users as u, ";
$sql .= "v_extensions as e ";
$sql .= "where ";
$sql .= "e.domain_uuid = :domain_uuid ";
$sql .= "and e.extension_uuid = u.extension_uuid ";
$sql .= "and u.user_uuid = :user_uuid ";
$sql .= "and e.enabled = 'true' ";
$sql .= "order by ";
$sql .= "e.extension asc ";
$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
$parameters['user_uuid'] = $_SESSION['user_uuid'];
$extensions = $database->select($sql, $parameters, 'all');
$parameters['user_uuid'] = $_SESSION['user_uuid'];
$extensions = $database->select($sql, $parameters, 'all');
if (!empty($extensions)) {
foreach ($extensions as $x => $row) {
//set the destination
@@ -408,18 +410,18 @@ class authentication {
}
//build the user array
$_SESSION['user']['extension'][$x]['user'] = $row['extension'];
$_SESSION['user']['extension'][$x]['number_alias'] = $row['number_alias'];
$_SESSION['user']['extension'][$x]['destination'] = $destination;
$_SESSION['user']['extension'][$x]['extension_uuid'] = $row['extension_uuid'];
$_SESSION['user']['extension'][$x]['outbound_caller_id_name'] = $row['outbound_caller_id_name'];
$_SESSION['user']['extension'][$x]['user'] = $row['extension'];
$_SESSION['user']['extension'][$x]['number_alias'] = $row['number_alias'];
$_SESSION['user']['extension'][$x]['destination'] = $destination;
$_SESSION['user']['extension'][$x]['extension_uuid'] = $row['extension_uuid'];
$_SESSION['user']['extension'][$x]['outbound_caller_id_name'] = $row['outbound_caller_id_name'];
$_SESSION['user']['extension'][$x]['outbound_caller_id_number'] = $row['outbound_caller_id_number'];
$_SESSION['user']['extension'][$x]['user_context'] = $row['user_context'];
$_SESSION['user']['extension'][$x]['description'] = $row['description'];
$_SESSION['user']['extension'][$x]['user_context'] = $row['user_context'];
$_SESSION['user']['extension'][$x]['description'] = $row['description'];
//set the context
$_SESSION['user']['user_context'] = $row["user_context"];
$_SESSION['user_context'] = $row["user_context"];
$_SESSION['user_context'] = $row["user_context"];
}
}
}
@@ -451,81 +453,81 @@ class authentication {
public function get_domain() {
//get the domain from the url
$this->domain_name = $_SERVER["HTTP_HOST"];
$this->domain_name = $_SERVER["HTTP_HOST"];
//get the domain name from the http value
if (!empty($_REQUEST["domain_name"])) {
$this->domain_name = $_REQUEST["domain_name"];
}
if (!empty($_REQUEST["domain_name"])) {
$this->domain_name = $_REQUEST["domain_name"];
}
//remote port number from the domain name
$domain_array = explode(":", $this->domain_name);
if (count($domain_array) > 1) {
$domain_name = $domain_array[0];
}
$domain_array = explode(":", $this->domain_name);
if (count($domain_array) > 1) {
$domain_name = $domain_array[0];
}
//if the username
if (!empty($_REQUEST["username"])) {
$_SESSION['username'] = $_REQUEST["username"];
}
if (!empty($_REQUEST["username"])) {
$_SESSION['username'] = $_REQUEST["username"];
}
//set a default value for unqiue
$_SESSION["users"]["unique"]["text"] = $this->settings->get('users', 'unique', '');
$_SESSION["users"]["unique"]["text"] = $this->settings->get('users', 'unique', '');
//get the domain name from the username
if (!empty($_SESSION['username']) && $this->settings->get('users', 'unique', '') != "global") {
$username_array = explode("@", $_SESSION['username']);
if (count($username_array) > 1) {
//get the domain name
$domain_name = $username_array[count($username_array) -1];
if (!empty($_SESSION['username']) && $this->settings->get('users', 'unique', '') != "global") {
$username_array = explode("@", $_SESSION['username']);
if (count($username_array) > 1) {
//get the domain name
$domain_name = $username_array[count($username_array) - 1];
//check if the domain from the username exists
$domain_exists = false;
foreach ($_SESSION['domains'] as $row) {
if (lower_case($row['domain_name']) == lower_case($domain_name)) {
$this->domain_uuid = $row['domain_uuid'];
$domain_exists = true;
break;
}
}
//if the domain exists then set domain_name and update the username
if ($domain_exists) {
$this->domain_name = $domain_name;
$this->username = substr($_SESSION['username'], 0, -(strlen($domain_name)+1));
//$_SESSION['domain_name'] = $domain_name;
$_SESSION['username'] = $this->username;
$_SESSION['domain_uuid'] = $this->domain_uuid;
}
//unset the domain name variable
unset($domain_name);
}
}
//get the domain uuid and domain settings
if (isset($this->domain_name) && !isset($this->domain_uuid)) {
//check if the domain from the username exists
$domain_exists = false;
foreach ($_SESSION['domains'] as $row) {
if (lower_case($row['domain_name']) == lower_case($this->domain_name)) {
if (lower_case($row['domain_name']) == lower_case($domain_name)) {
$this->domain_uuid = $row['domain_uuid'];
$_SESSION['domain_uuid'] = $row['domain_uuid'];
$domain_exists = true;
break;
}
}
//if the domain exists then set domain_name and update the username
if ($domain_exists) {
$this->domain_name = $domain_name;
$this->username = substr($_SESSION['username'], 0, -(strlen($domain_name) + 1));
//$_SESSION['domain_name'] = $domain_name;
$_SESSION['username'] = $this->username;
$_SESSION['domain_uuid'] = $this->domain_uuid;
}
//unset the domain name variable
unset($domain_name);
}
}
//get the domain uuid and domain settings
if (isset($this->domain_name) && !isset($this->domain_uuid)) {
foreach ($_SESSION['domains'] as $row) {
if (lower_case($row['domain_name']) == lower_case($this->domain_name)) {
$this->domain_uuid = $row['domain_uuid'];
$_SESSION['domain_uuid'] = $row['domain_uuid'];
break;
}
}
}
//set the setting arrays
$obj = new domains(['database' => $this->database]);
$obj->set();
$obj = new domains(['database' => $this->database]);
$obj->set();
//set the domain settings
if (!empty($this->domain_name) && !empty($_SESSION["domain_uuid"])) {
$_SESSION['domain_name'] = $this->domain_name;
$_SESSION['domain_parent_uuid'] = $_SESSION["domain_uuid"];
}
if (!empty($this->domain_name) && !empty($_SESSION["domain_uuid"])) {
$_SESSION['domain_name'] = $this->domain_name;
$_SESSION['domain_parent_uuid'] = $_SESSION["domain_uuid"];
}
//set the domain name
return $this->domain_name;
return $this->domain_name;
}
}

572
core/authentication/resources/classes/plugins/database.php
View File

@@ -50,351 +50,347 @@ class plugin_database {
/**
* database checks the local database to authenticate the user or key
*
* @return array [authorized] => true or false
*/
function database(authentication $auth, settings $settings) {
//pre-process some settings
$theme_favicon = $settings->get('theme', 'favicon', PROJECT_PATH.'/themes/default/favicon.ico');
$theme_logo = $settings->get('theme', 'logo', PROJECT_PATH.'/themes/default/images/logo_login.png');
$theme_login_type = $settings->get('theme', 'login_brand_type', '');
$theme_login_image = $settings->get('theme', 'login_brand_image', '');
$theme_login_text = $settings->get('theme', 'login_brand_text', '');
$theme_login_logo_width = $settings->get('theme', 'login_logo_width', 'auto; max-width: 300px');
$theme_login_logo_height = $settings->get('theme', 'login_logo_height', 'auto; max-height: 300px');
$theme_message_delay = 1000 * (float)$settings->get('theme', 'message_delay', 3000);
$background_videos = $settings->get('theme', 'background_video', []);
$theme_background_video = (isset($background_videos[0])) ? $background_videos[0] : '';
$login_domain_name_visible = $settings->get('login', 'domain_name_visible', false);
$login_domain_name = $settings->get('login', 'domain_name');
$login_destination = $settings->get('login', 'destination');
$users_unique = $settings->get('users', 'unique', '');
$theme_favicon = $settings->get('theme', 'favicon', PROJECT_PATH . '/themes/default/favicon.ico');
$theme_logo = $settings->get('theme', 'logo', PROJECT_PATH . '/themes/default/images/logo_login.png');
$theme_login_type = $settings->get('theme', 'login_brand_type', '');
$theme_login_image = $settings->get('theme', 'login_brand_image', '');
$theme_login_text = $settings->get('theme', 'login_brand_text', '');
$theme_login_logo_width = $settings->get('theme', 'login_logo_width', 'auto; max-width: 300px');
$theme_login_logo_height = $settings->get('theme', 'login_logo_height', 'auto; max-height: 300px');
$theme_message_delay = 1000 * (float)$settings->get('theme', 'message_delay', 3000);
$background_videos = $settings->get('theme', 'background_video', []);
$theme_background_video = (isset($background_videos[0])) ? $background_videos[0] : '';
$login_domain_name_visible = $settings->get('login', 'domain_name_visible', false);
$login_domain_name = $settings->get('login', 'domain_name');
$login_destination = $settings->get('login', 'destination');
$users_unique = $settings->get('users', 'unique', '');
//set the default login type and image
if (empty($theme_login_type)) {
$theme_login_type = 'image';
$theme_login_image = $theme_logo;
}
if (empty($theme_login_type)) {
$theme_login_type = 'image';
$theme_login_image = $theme_logo;
}
//determine whether to show the forgot password for resetting the password
$login_password_reset_enabled = false;
if (!empty($settings->get('login', 'password_reset_key'))) {
$login_password_reset_enabled = true;
}
$login_password_reset_enabled = false;
if (!empty($settings->get('login', 'password_reset_key'))) {
$login_password_reset_enabled = true;
}
//check if already authorized
if (isset($_SESSION['authentication']['plugin']['database']) && $_SESSION['authentication']['plugin']['database']["authorized"]) {
return;
}
if (isset($_SESSION['authentication']['plugin']['database']) && $_SESSION['authentication']['plugin']['database']["authorized"]) {
return;
}
//show the authentication code view
if (empty($_REQUEST["username"]) && empty($_REQUEST["key"])) {
if (empty($_REQUEST["username"]) && empty($_REQUEST["key"])) {
//get the domain
$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
$domain_name = $domain_array[0];
//get the domain
$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
$domain_name = $domain_array[0];
//create token
//$object = new token;
//$token = $object->create('login');
//create token
//$object = new token;
//$token = $object->create('login');
//add multi-lingual support
$language = new text;
$text = $language->get(null, '/core/authentication');
//add multi-lingual support
$language = new text;
$text = $language->get(null, '/core/authentication');
//initialize a template object
$view = new template();
$view->engine = 'smarty';
$view->template_dir = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/core/authentication/resources/views/';
$view->cache_dir = sys_get_temp_dir();
$view->init();
//initialize a template object
$view = new template();
$view->engine = 'smarty';
$view->template_dir = $_SERVER["DOCUMENT_ROOT"] . PROJECT_PATH . '/core/authentication/resources/views/';
$view->cache_dir = sys_get_temp_dir();
$view->init();
//add translations
$view->assign("login_title", $text['button-login']);
$view->assign("label_username", $text['label-username']);
$view->assign("label_password", $text['label-password']);
$view->assign("label_domain", $text['label-domain']);
$view->assign("button_login", $text['button-login']);
//add translations
$view->assign("login_title", $text['button-login']);
$view->assign("label_username", $text['label-username']);
$view->assign("label_password", $text['label-password']);
$view->assign("label_domain", $text['label-domain']);
$view->assign("button_login", $text['button-login']);
//assign default values to the template
$view->assign("project_path", PROJECT_PATH);
$view->assign("login_destination_url", $login_destination);
$view->assign("login_domain_name_visible", $login_domain_name_visible);
$view->assign("login_domain_names", $login_domain_name);
$view->assign("login_password_reset_enabled", $login_password_reset_enabled);
$view->assign("favicon", $theme_favicon);
$view->assign("login_logo_width", $theme_login_logo_width);
$view->assign("login_logo_height", $theme_login_logo_height);
$view->assign("login_logo_source", $theme_logo);
$view->assign("message_delay", $theme_message_delay);
$view->assign("background_video", $theme_background_video);
$view->assign("login_password_description", $text['label-password_description']);
$view->assign("button_cancel", $text['button-cancel']);
$view->assign("button_forgot_password", $text['button-forgot_password']);
//assign default values to the template
$view->assign("project_path", PROJECT_PATH);
$view->assign("login_destination_url", $login_destination);
$view->assign("login_domain_name_visible", $login_domain_name_visible);
$view->assign("login_domain_names", $login_domain_name);
$view->assign("login_password_reset_enabled", $login_password_reset_enabled);
$view->assign("favicon", $theme_favicon);
$view->assign("login_logo_width", $theme_login_logo_width);
$view->assign("login_logo_height", $theme_login_logo_height);
$view->assign("login_logo_source", $theme_logo);
$view->assign("message_delay", $theme_message_delay);
$view->assign("background_video", $theme_background_video);
$view->assign("login_password_description", $text['label-password_description']);
$view->assign("button_cancel", $text['button-cancel']);
$view->assign("button_forgot_password", $text['button-forgot_password']);
//assign openid values to the template
if ($settings->get('open_id', 'enabled', false)) {
$classes = $settings->get('open_id', 'methods', []);
$banners = [];
foreach ($classes as $open_id_class) {
if (class_exists($open_id_class)) {
$banners[] = [
'name' => $open_id_class,
'image' => $open_id_class::get_banner_image($settings),
'class' => $open_id_class::get_banner_css_class($settings),
'url' => '/app/open_id/open_id.php?action=' . $open_id_class,
];
}
}
if (count($banners) > 0) {
$view->assign('banners', $banners);
}
//assign openid values to the template
if ($settings->get('open_id', 'enabled', false)) {
$classes = $settings->get('open_id', 'methods', []);
$banners = [];
foreach ($classes as $open_id_class) {
if (class_exists($open_id_class)) {
$banners[] = [
'name' => $open_id_class,
'image' => $open_id_class::get_banner_image($settings),
'class' => $open_id_class::get_banner_css_class($settings),
'url' => '/app/open_id/open_id.php?action=' . $open_id_class,
];
}
//assign user to the template
if (!empty($_SESSION['username'])) {
$view->assign("username", $_SESSION['username']);
}
//messages
$view->assign('messages', message::html(true, ' '));
//add the token name and hash to the view
//$view->assign("token_name", $token['name']);
//$view->assign("token_hash", $token['hash']);
//show the views
$content = $view->render('login.htm');
echo $content;
exit;
}
if (count($banners) > 0) {
$view->assign('banners', $banners);
}
}
//assign user to the template
if (!empty($_SESSION['username'])) {
$view->assign("username", $_SESSION['username']);
}
//messages
$view->assign('messages', message::html(true, ' '));
//add the token name and hash to the view
//$view->assign("token_name", $token['name']);
//$view->assign("token_hash", $token['hash']);
//show the views
$content = $view->render('login.htm');
echo $content;
exit;
}
//validate the token
//$token = new token;
//if (!$token->validate($_SERVER['PHP_SELF'])) {
// message::add($text['message-invalid_token'],'negative');
// header('Location: domains.php');
// exit;
//}
//$token = new token;
//if (!$token->validate($_SERVER['PHP_SELF'])) {
// message::add($text['message-invalid_token'],'negative');
// header('Location: domains.php');
// exit;
//}
//add the authentication details
if (isset($_REQUEST["username"])) {
$this->username = $_REQUEST["username"];
$_SESSION['username'] = $this->username;
}
if (isset($_REQUEST["password"])) {
$this->password = $_REQUEST["password"];
}
if (isset($_REQUEST["key"])) {
$this->key = $_REQUEST["key"];
}
if (isset($_REQUEST["domain_name"])) {
$domain_name = $_REQUEST["domain_name"];
$this->domain_name = $_REQUEST["domain_name"];
}
if (isset($_REQUEST["username"])) {
$this->username = $_REQUEST["username"];
$_SESSION['username'] = $this->username;
}
if (isset($_REQUEST["password"])) {
$this->password = $_REQUEST["password"];
}
if (isset($_REQUEST["key"])) {
$this->key = $_REQUEST["key"];
}
if (isset($_REQUEST["domain_name"])) {
$domain_name = $_REQUEST["domain_name"];
$this->domain_name = $_REQUEST["domain_name"];
}
//get the domain name
$auth->get_domain();
$this->username = $_SESSION['username'] ?? null;
//$this->domain_uuid = $_SESSION['domain_uuid'] ?? null;
//$this->domain_name = $_SESSION['domain_name'] ?? null;
$auth->get_domain();
$this->username = $_SESSION['username'] ?? null;
//$this->domain_uuid = $_SESSION['domain_uuid'] ?? null;
//$this->domain_name = $_SESSION['domain_name'] ?? null;
//debug information
//echo "domain_uuid: ".$this->domain_uuid."<br />\n";
//view_array($this->domain_uuid, false);
//echo "domain_name: ".$this->domain_name."<br />\n";
//echo "username: ".$this->username."<br />\n";
//echo "domain_uuid: ".$this->domain_uuid."<br />\n";
//view_array($this->domain_uuid, false);
//echo "domain_name: ".$this->domain_name."<br />\n";
//echo "username: ".$this->username."<br />\n";
//set the default status
$user_authorized = false;
$user_authorized = false;
//check if contacts app exists
$contacts_exists = file_exists($_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/core/contacts/') ? true : false;
$contacts_exists = file_exists($_SERVER["DOCUMENT_ROOT"] . PROJECT_PATH . '/core/contacts/') ? true : false;
//check the username and password if they don't match then redirect to the login
$sql = "select ";
$sql .= " d.domain_name, ";
$sql .= " u.user_uuid, ";
$sql .= " u.contact_uuid, ";
$sql .= " u.username, ";
$sql .= " u.password, ";
$sql .= " u.user_email, ";
$sql .= " u.salt, ";
$sql .= " u.api_key, ";
$sql .= " u.domain_uuid ";
$sql .= "from ";
$sql .= " v_domains as d, ";
$sql .= " v_users as u ";
$sql .= "where ";
$sql .= " u.domain_uuid = d.domain_uuid ";
$sql .= " and (";
$sql .= " user_type = 'default' ";
$sql .= " or user_type is null";
$sql .= " ) ";
if (isset($this->key) && strlen($this->key) > 30) {
$sql .= "and u.api_key = :api_key ";
$parameters['api_key'] = $this->key;
}
else {
$sql .= "and (\n";
$sql .= " lower(u.username) = lower(:username)\n";
$sql .= " or lower(u.user_email) = lower(:username)\n";
$sql .= ")\n";
$parameters['username'] = $this->username;
}
if ($users_unique === "global") {
//unique username - global (example: email address)
}
else {
//unique username - per domain
$sql .= "and u.domain_uuid = :domain_uuid ";
$parameters['domain_uuid'] = $this->domain_uuid;
}
$sql .= "and (user_enabled = true or user_enabled is null) ";
$row = $settings->database()->select($sql, $parameters, 'row');
if (!empty($row) && is_array($row) && @sizeof($row) != 0) {
$sql = "select ";
$sql .= " d.domain_name, ";
$sql .= " u.user_uuid, ";
$sql .= " u.contact_uuid, ";
$sql .= " u.username, ";
$sql .= " u.password, ";
$sql .= " u.user_email, ";
$sql .= " u.salt, ";
$sql .= " u.api_key, ";
$sql .= " u.domain_uuid ";
$sql .= "from ";
$sql .= " v_domains as d, ";
$sql .= " v_users as u ";
$sql .= "where ";
$sql .= " u.domain_uuid = d.domain_uuid ";
$sql .= " and (";
$sql .= " user_type = 'default' ";
$sql .= " or user_type is null";
$sql .= " ) ";
if (isset($this->key) && strlen($this->key) > 30) {
$sql .= "and u.api_key = :api_key ";
$parameters['api_key'] = $this->key;
} else {
$sql .= "and (\n";
$sql .= " lower(u.username) = lower(:username)\n";
$sql .= " or lower(u.user_email) = lower(:username)\n";
$sql .= ")\n";
$parameters['username'] = $this->username;
}
if ($users_unique === "global") {
//unique username - global (example: email address)
} else {
//unique username - per domain
$sql .= "and u.domain_uuid = :domain_uuid ";
$parameters['domain_uuid'] = $this->domain_uuid;
}
$sql .= "and (user_enabled = true or user_enabled is null) ";
$row = $settings->database()->select($sql, $parameters, 'row');
if (!empty($row) && is_array($row) && @sizeof($row) != 0) {
//validate the password
$valid_password = false;
if (isset($this->key) && strlen($this->key) > 30 && $this->key === $row["api_key"]) {
//validate the password
$valid_password = false;
if (isset($this->key) && strlen($this->key) > 30 && $this->key === $row["api_key"]) {
$valid_password = true;
} elseif (substr($row["password"], 0, 1) === '$') {
if (isset($this->password) && !empty($this->password)) {
if (password_verify($this->password, $row["password"])) {
$valid_password = true;
}
else if (substr($row["password"], 0, 1) === '$') {
if (isset($this->password) && !empty($this->password)) {
if (password_verify($this->password, $row["password"])) {
$valid_password = true;
}
}
}
else {
//deprecated - compare the password provided by the user with the one in the database
if (md5($row["salt"].$this->password) === $row["password"]) {
$row["password"] = crypt($this->password, '$1$'.$row['salt'].'$');
$valid_password = true;
}
}
}
} else {
//deprecated - compare the password provided by the user with the one in the database
if (md5($row["salt"] . $this->password) === $row["password"]) {
$row["password"] = crypt($this->password, '$1$' . $row['salt'] . '$');
$valid_password = true;
}
}
//set the domain and user settings
if ($valid_password) {
//set the domain_uuid
$this->domain_uuid = $row["domain_uuid"];
$this->domain_name = $row["domain_name"];
//set the domain and user settings
if ($valid_password) {
//set the domain_uuid
$this->domain_uuid = $row["domain_uuid"];
$this->domain_name = $row["domain_name"];
//set the domain session variables
$_SESSION["domain_uuid"] = $this->domain_uuid;
$_SESSION["domain_name"] = $this->domain_name;
//set the domain session variables
$_SESSION["domain_uuid"] = $this->domain_uuid;
$_SESSION["domain_name"] = $this->domain_name;
//set the domain setting
if ($users_unique === "global" && $row["domain_uuid"] !== $this->domain_uuid) {
$domain = new domains();
$domain->set();
}
//set the domain setting
if ($users_unique === "global" && $row["domain_uuid"] !== $this->domain_uuid) {
$domain = new domains();
$domain->set();
}
//set the variables
$this->user_uuid = $row['user_uuid'];
$this->username = $row['username'];
$this->user_email = $row['user_email'];
$this->contact_uuid = $row['contact_uuid'];
//set the variables
$this->user_uuid = $row['user_uuid'];
$this->username = $row['username'];
$this->user_email = $row['user_email'];
$this->contact_uuid = $row['contact_uuid'];
//get the user contact details
if ($contacts_exists) {
unset($parameters);
$sql = "select ";
$sql .= " c.contact_organization, ";
$sql .= " c.contact_name_given, ";
$sql .= " c.contact_name_family, ";
$sql .= " a.contact_attachment_uuid ";
$sql .= "from v_contacts as c ";
$sql .= "left join v_contact_attachments as a on c.contact_uuid = a.contact_uuid ";
$sql .= "where c.contact_uuid = :contact_uuid ";
$sql .= "and c.domain_uuid = :domain_uuid ";
$sql .= "and a.attachment_primary = true ";
$sql .= "and a.attachment_filename is not null ";
$sql .= "and a.attachment_content is not null ";
$parameters['domain_uuid'] = $this->domain_uuid;
$parameters['contact_uuid'] = $this->contact_uuid;
$contact = $settings->database()->select($sql, $parameters, 'row');
$this->contact_organization = $contact['contact_organization'] ?? '';
$this->contact_name_given = $contact['contact_name_given'] ?? '';
$this->contact_name_family = $contact['contact_name_family'] ?? '';
$this->contact_image = $contact['contact_attachment_uuid'] ?? '';
}
//get the user contact details
if ($contacts_exists) {
unset($parameters);
$sql = "select ";
$sql .= " c.contact_organization, ";
$sql .= " c.contact_name_given, ";
$sql .= " c.contact_name_family, ";
$sql .= " a.contact_attachment_uuid ";
$sql .= "from v_contacts as c ";
$sql .= "left join v_contact_attachments as a on c.contact_uuid = a.contact_uuid ";
$sql .= "where c.contact_uuid = :contact_uuid ";
$sql .= "and c.domain_uuid = :domain_uuid ";
$sql .= "and a.attachment_primary = true ";
$sql .= "and a.attachment_filename is not null ";
$sql .= "and a.attachment_content is not null ";
$parameters['domain_uuid'] = $this->domain_uuid;
$parameters['contact_uuid'] = $this->contact_uuid;
$contact = $settings->database()->select($sql, $parameters, 'row');
$this->contact_organization = $contact['contact_organization'] ?? '';
$this->contact_name_given = $contact['contact_name_given'] ?? '';
$this->contact_name_family = $contact['contact_name_family'] ?? '';
$this->contact_image = $contact['contact_attachment_uuid'] ?? '';
}
//debug info
//echo "user_uuid ".$this->user_uuid."<br />\n";
//echo "username ".$this->username."<br />\n";
//echo "contact_uuid ".$this->contact_uuid."<br />\n";
//debug info
//echo "user_uuid ".$this->user_uuid."<br />\n";
//echo "username ".$this->username."<br />\n";
//echo "contact_uuid ".$this->contact_uuid."<br />\n";
//set a few session variables
$_SESSION["user_uuid"] = $row['user_uuid'];
$_SESSION["username"] = $row['username'];
$_SESSION["user_email"] = $row['user_email'];
$_SESSION["contact_uuid"] = $row["contact_uuid"];
}
//set a few session variables
$_SESSION["user_uuid"] = $row['user_uuid'];
$_SESSION["username"] = $row['username'];
$_SESSION["user_email"] = $row['user_email'];
$_SESSION["contact_uuid"] = $row["contact_uuid"];
}
//check to to see if the the password hash needs to be updated
if ($valid_password) {
//set the password hash cost
$options = array('cost' => 10);
//check to to see if the the password hash needs to be updated
if ($valid_password) {
//set the password hash cost
$options = ['cost' => 10];
//check if a newer hashing algorithm is available or the cost has changed
if (password_needs_rehash($row["password"], PASSWORD_DEFAULT, $options)) {
//check if a newer hashing algorithm is available or the cost has changed
if (password_needs_rehash($row["password"], PASSWORD_DEFAULT, $options)) {
//build user insert array
$array = [];
$array['users'][0]['user_uuid'] = $this->user_uuid;
$array['users'][0]['domain_uuid'] = $this->domain_uuid;
$array['users'][0]['user_email'] = $this->user_email;
$array['users'][0]['password'] = password_hash($this->password, PASSWORD_DEFAULT, $options);
$array['users'][0]['salt'] = null;
//build user insert array
$array = [];
$array['users'][0]['user_uuid'] = $this->user_uuid;
$array['users'][0]['domain_uuid'] = $this->domain_uuid;
$array['users'][0]['user_email'] = $this->user_email;
$array['users'][0]['password'] = password_hash($this->password, PASSWORD_DEFAULT, $options);
$array['users'][0]['salt'] = null;
//build user group insert array
$array['user_groups'][0]['user_group_uuid'] = uuid();
$array['user_groups'][0]['domain_uuid'] = $this->domain_uuid;
$array['user_groups'][0]['group_name'] = 'user';
$array['user_groups'][0]['user_uuid'] = $this->user_uuid;
//build user group insert array
$array['user_groups'][0]['user_group_uuid'] = uuid();
$array['user_groups'][0]['domain_uuid'] = $this->domain_uuid;
$array['user_groups'][0]['group_name'] = 'user';
$array['user_groups'][0]['user_uuid'] = $this->user_uuid;
//grant temporary permissions
$p = permissions::new();
$p->add('user_edit', 'temp');
//grant temporary permissions
$p = permissions::new();
$p->add('user_edit', 'temp');
//execute insert
$settings->database()->app_name = 'authentication';
$settings->database()->app_uuid = 'a8a12918-69a4-4ece-a1ae-3932be0e41f1';
$settings->database()->save($array);
unset($array);
//execute insert
$settings->database()->app_name = 'authentication';
$settings->database()->app_uuid = 'a8a12918-69a4-4ece-a1ae-3932be0e41f1';
$settings->database()->save($array);
unset($array);
//revoke temporary permissions
$p->delete('user_edit', 'temp');
//revoke temporary permissions
$p->delete('user_edit', 'temp');
}
}
//result array
if ($valid_password) {
$result["plugin"] = "database";
$result["domain_name"] = $this->domain_name;
$result["username"] = $this->username;
$result["user_uuid"] = $this->user_uuid;
$result["domain_uuid"] = $_SESSION['domain_uuid'];
$result["contact_uuid"] = $this->contact_uuid;
if ($contacts_exists) {
$result["contact_organization"] = $this->contact_organization;
$result["contact_name_given"] = $this->contact_name_given;
$result["contact_name_family"] = $this->contact_name_family;
$result["contact_image"] = $this->contact_image;
}
$result["user_email"] = $this->user_email;
$result["sql"] = $sql;
$result["authorized"] = $valid_password;
}
//return the results
return $result ?? false;
}
}
//result array
if ($valid_password) {
$result["plugin"] = "database";
$result["domain_name"] = $this->domain_name;
$result["username"] = $this->username;
$result["user_uuid"] = $this->user_uuid;
$result["domain_uuid"] = $_SESSION['domain_uuid'];
$result["contact_uuid"] = $this->contact_uuid;
if ($contacts_exists) {
$result["contact_organization"] = $this->contact_organization;
$result["contact_name_given"] = $this->contact_name_given;
$result["contact_name_family"] = $this->contact_name_family;
$result["contact_image"] = $this->contact_image;
}
$result["user_email"] = $this->user_email;
$result["sql"] = $sql;
$result["authorized"] = $valid_password;
}
//return the results
return $result ?? false;
}
return;

808
core/authentication/resources/classes/plugins/email.php
View File

@@ -60,405 +60,401 @@ class plugin_email {
/**
* time based one time password with email
*
* @return array [authorized] => true or false
*/
function email(authentication $auth, settings $settings) {
//pre-process some settings
$theme_favicon = $settings->get('theme', 'favicon', PROJECT_PATH.'/themes/default/favicon.ico');
$theme_logo = $settings->get('theme', 'logo', PROJECT_PATH.'/themes/default/images/logo_login.png');
$theme_login_type = $settings->get('theme', 'login_brand_type', '');
$theme_login_image = $settings->get('theme', 'login_brand_image', '');
$theme_login_text = $settings->get('theme', 'login_brand_text', '');
$theme_login_logo_width = $settings->get('theme', 'login_logo_width', 'auto; max-width: 300px');
$theme_login_logo_height = $settings->get('theme', 'login_logo_height', 'auto; max-height: 300px');
$theme_message_delay = 1000 * (float)$settings->get('theme', 'message_delay', 3000);
$background_videos = $settings->get('theme', 'background_video', null);
$theme_background_video = (isset($background_videos) && is_array($background_videos)) ? $background_videos[0] : null;
//$login_domain_name_visible = $settings->get('login', 'domain_name_visible');
//$login_domain_name = $settings->get('login', 'domain_name');
$login_destination = $settings->get('login', 'destination');
$users_unique = $settings->get('users', 'unique', '');
$theme_favicon = $settings->get('theme', 'favicon', PROJECT_PATH . '/themes/default/favicon.ico');
$theme_logo = $settings->get('theme', 'logo', PROJECT_PATH . '/themes/default/images/logo_login.png');
$theme_login_type = $settings->get('theme', 'login_brand_type', '');
$theme_login_image = $settings->get('theme', 'login_brand_image', '');
$theme_login_text = $settings->get('theme', 'login_brand_text', '');
$theme_login_logo_width = $settings->get('theme', 'login_logo_width', 'auto; max-width: 300px');
$theme_login_logo_height = $settings->get('theme', 'login_logo_height', 'auto; max-height: 300px');
$theme_message_delay = 1000 * (float)$settings->get('theme', 'message_delay', 3000);
$background_videos = $settings->get('theme', 'background_video', null);
$theme_background_video = (isset($background_videos) && is_array($background_videos)) ? $background_videos[0] : null;
//$login_domain_name_visible = $settings->get('login', 'domain_name_visible');
//$login_domain_name = $settings->get('login', 'domain_name');
$login_destination = $settings->get('login', 'destination');
$users_unique = $settings->get('users', 'unique', '');
//get the domain
$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
$domain_name = $domain_array[0];
$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
$domain_name = $domain_array[0];
//use the session username
if (isset($_SESSION['username'])) {
$_POST['username'] = $_SESSION['username'];
$_REQUEST['username'] = $_SESSION['username'];
}
if (isset($_SESSION['username'])) {
$_POST['username'] = $_SESSION['username'];
$_REQUEST['username'] = $_SESSION['username'];
}
//request the username
if (!isset($_POST['username']) && !isset($_POST['authentication_code'])) {
if (!isset($_POST['username']) && !isset($_POST['authentication_code'])) {
//add multi-lingual support
$language = new text;
$text = $language->get(null, '/core/authentication');
//add multi-lingual support
$language = new text;
$text = $language->get(null, '/core/authentication');
//initialize a template object
$view = new template();
$view->engine = 'smarty';
$view->template_dir = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/core/authentication/resources/views/';
$view->cache_dir = sys_get_temp_dir();
$view->init();
//initialize a template object
$view = new template();
$view->engine = 'smarty';
$view->template_dir = $_SERVER["DOCUMENT_ROOT"] . PROJECT_PATH . '/core/authentication/resources/views/';
$view->cache_dir = sys_get_temp_dir();
$view->init();
//assign default values to the template
$view->assign("project_path", PROJECT_PATH);
$view->assign("login_destination_url", $login_destination);
$view->assign("favicon", $theme_favicon);
$view->assign("login_title", $text['label-username']);
$view->assign("login_username", $text['label-username']);
$view->assign("login_logo_width", $theme_login_logo_width);
$view->assign("login_logo_height", $theme_login_logo_height);
$view->assign("login_logo_source", $theme_logo);
$view->assign("button_login", $text['button-login']);
$view->assign("message_delay", $theme_message_delay);
$view->assign("background_video", $theme_background_video);
//assign default values to the template
$view->assign("project_path", PROJECT_PATH);
$view->assign("login_destination_url", $login_destination);
$view->assign("favicon", $theme_favicon);
$view->assign("login_title", $text['label-username']);
$view->assign("login_username", $text['label-username']);
$view->assign("login_logo_width", $theme_login_logo_width);
$view->assign("login_logo_height", $theme_login_logo_height);
$view->assign("login_logo_source", $theme_logo);
$view->assign("button_login", $text['button-login']);
$view->assign("message_delay", $theme_message_delay);
$view->assign("background_video", $theme_background_video);
//messages
$view->assign('messages', message::html(true, ' '));
//messages
$view->assign('messages', message::html(true, ' '));
//show the views
$content = $view->render('username.htm');
echo $content;
exit;
//show the views
$content = $view->render('username.htm');
echo $content;
exit;
}
}
//show the authentication code view
if (!isset($_POST['authentication_code'])) {
if (!isset($_POST['authentication_code'])) {
//get the username
//if (!isset($this->username) && isset($_REQUEST['username'])) {
// $this->username = $_REQUEST['username'];
//}
//get the username
//if (!isset($this->username) && isset($_REQUEST['username'])) {
// $this->username = $_REQUEST['username'];
//}
//get the user details
$sql = "select user_uuid, username, user_email, contact_uuid \n";
$sql .= "from v_users\n";
$sql .= "where (\n";
$sql .= " username = :username\n";
$sql .= " or user_email = :username\n";
$sql .= ")\n";
if ($users_unique != "global") {
//unique username per domain (not globally unique across system - example: email address)
$sql .= "and domain_uuid = :domain_uuid ";
$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
}
$sql .= "and (user_type = 'default' or user_type is null) ";
$parameters['username'] = $_REQUEST['username'];
$row = $this->database->select($sql, $parameters, 'row');
unset($parameters);
//set class variables
//if (!empty($row["user_email"])) {
// $this->user_uuid = $row['user_uuid'];
// $this->user_email = $row['user_email'];
// $this->contact_uuid = $row['contact_uuid'];
//}
//set a few session variables
$_SESSION["user_uuid"] = $row['user_uuid'];
$_SESSION["username"] = $row['username'];
$_SESSION["user_email"] = $row['user_email'];
$_SESSION["contact_uuid"] = $row["contact_uuid"];
//user not found
if (empty($row) || !is_array($row) || @sizeof($row) == 0) {
//clear submitted usernames
unset($this->username, $_SESSION['username'], $_REQUEST['username'], $_POST['username']);
//clear authentication session
unset($_SESSION['authentication']);
//build the result array
$result["plugin"] = "email";
$result["domain_uuid"] = $_SESSION["domain_uuid"];
$result["domain_name"] = $_SESSION["domain_name"];
$result["authorized"] = false;
//retun the array
return $result;
}
//user email not found
else if (empty($row["user_email"])) {
//clear submitted usernames
unset($this->username, $_SESSION['username'], $_REQUEST['username'], $_POST['username']);
//clear authentication session
unset($_SESSION['authentication']);
//build the result array
$result["plugin"] = "email";
$result["domain_name"] = $_SESSION["domain_name"];
$result["username"] = $_REQUEST['username'];
$result["user_uuid"] = $_SESSION["user_uuid"];
$result["domain_uuid"] = $_SESSION["domain_uuid"];
$result["contact_uuid"] = $_SESSION["contact_uuid"];
$result["authorized"] = false;
//add the failed login to user logs
user_logs::add($result);
//return the array
return $result;
}
//authentication code
$_SESSION["user"]["authentication"]["email"]["code"] = generate_password(6, 1);
$_SESSION["user"]["authentication"]["email"]["epoch"] = time();
//$_SESSION["authentication_address"] = $_SERVER['REMOTE_ADDR'];
//$_SESSION["authentication_date"] = 'now()';
//set the authentication code
//$sql = "update v_users \n";
//$sql .= "set auth_code = :auth_code \n";
//$sql .= "where user_uuid = :user_uuid;";
//$parameters['auth_code'] = $auth_code_hash;
//$parameters['user_uuid'] = $this->user_uuid;
//$this->database->execute($sql, $parameters);
//unset($sql);
//email settings
//$email_address = $this->user_email;
//$email_subject = 'Validation Code';
//$email_body = 'Validation Code: '.$authentication_code;
//send email with the authentication_code
//ob_start();
//$sent = !send_email($email_address, $email_subject, $email_body, $email_error, null, null, 3, 3) ? false : true;
//$response = ob_get_clean();
//get the language code
$language_code = $settings->get('domain', 'language', 'en-us');
//get the email template from the database
$sql = "select template_subject, template_body ";
$sql .= "from v_email_templates ";
$sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";
$sql .= "and template_language = :template_language ";
$sql .= "and template_category = :template_category ";
$sql .= "and template_subcategory = :template_subcategory ";
$sql .= "and template_type = :template_type ";
$sql .= "and template_enabled = true ";
//get the user details
$sql = "select user_uuid, username, user_email, contact_uuid \n";
$sql .= "from v_users\n";
$sql .= "where (\n";
$sql .= " username = :username\n";
$sql .= " or user_email = :username\n";
$sql .= ")\n";
if ($users_unique != "global") {
//unique username per domain (not globally unique across system - example: email address)
$sql .= "and domain_uuid = :domain_uuid ";
$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
$parameters['template_language'] = $language_code;
$parameters['template_category'] = 'authentication';
$parameters['template_subcategory'] = 'email';
$parameters['template_type'] = 'html';
$row = $this->database->select($sql, $parameters, 'row');
$email_subject = $row['template_subject'];
$email_body = $row['template_body'];
unset($sql, $parameters, $row);
}
$sql .= "and (user_type = 'default' or user_type is null) ";
$parameters['username'] = $_REQUEST['username'];
$row = $this->database->select($sql, $parameters, 'row');
unset($parameters);
//replace variables in email subject
$email_subject = str_replace('${domain_name}', $_SESSION["domain_name"], $email_subject);
//set class variables
//if (!empty($row["user_email"])) {
// $this->user_uuid = $row['user_uuid'];
// $this->user_email = $row['user_email'];
// $this->contact_uuid = $row['contact_uuid'];
//}
//replace variables in email body
$email_body = str_replace('${domain_name}', $_SESSION["domain_name"], $email_body);
$email_body = str_replace('${auth_code}', $_SESSION["user"]["authentication"]["email"]["code"], $email_body);
//set a few session variables
$_SESSION["user_uuid"] = $row['user_uuid'];
$_SESSION["username"] = $row['username'];
$_SESSION["user_email"] = $row['user_email'];
$_SESSION["contact_uuid"] = $row["contact_uuid"];
//get the email from name and address
$email_from_address = $_SESSION['email']['smtp_from']['text'];
$email_from_name = $_SESSION['email']['smtp_from_name']['text'];
//user not found
if (empty($row) || !is_array($row) || @sizeof($row) == 0) {
//clear submitted usernames
unset($this->username, $_SESSION['username'], $_REQUEST['username'], $_POST['username']);
//get the email send mode options: direct or email_queue
$email_send_mode = $_SESSION['authentication']['email_send_mode']['text'] ?? 'email_queue';
//clear authentication session
unset($_SESSION['authentication']);
//send the email
if ($email_send_mode == 'email_queue') {
//set the variables
$email_queue_uuid = uuid();
$email_uuid = uuid();
$hostname = gethostname();
//build the result array
$result["plugin"] = "email";
$result["domain_uuid"] = $_SESSION["domain_uuid"];
$result["domain_name"] = $_SESSION["domain_name"];
$result["authorized"] = false;
//add the temporary permissions
$p = permissions::new();
$p->add("email_queue_add", 'temp');
$p->add("email_queue_edit", 'temp');
//retun the array
return $result;
} //user email not found
elseif (empty($row["user_email"])) {
//clear submitted usernames
unset($this->username, $_SESSION['username'], $_REQUEST['username'], $_POST['username']);
$array['email_queue'][0]["email_queue_uuid"] = $email_queue_uuid;
$array['email_queue'][0]["domain_uuid"] = $_SESSION["domain_uuid"];
$array['email_queue'][0]["hostname"] = $hostname;
$array['email_queue'][0]["email_date"] = 'now()';
$array['email_queue'][0]["email_from"] = $email_from_address;
$array['email_queue'][0]["email_to"] = $_SESSION["user_email"];
$array['email_queue'][0]["email_subject"] = $email_subject;
$array['email_queue'][0]["email_body"] = $email_body;
$array['email_queue'][0]["email_status"] = 'waiting';
$array['email_queue'][0]["email_retry_count"] = 3;
$array['email_queue'][0]["email_uuid"] = $email_uuid;
$array['email_queue'][0]["email_action_before"] = null;
$array['email_queue'][0]["email_action_after"] = null;
$this->database->save($array);
$err = $this->database->message;
unset($array);
//clear authentication session
unset($_SESSION['authentication']);
//remove the temporary permission
$p->delete("email_queue_add", 'temp');
$p->delete("email_queue_edit", 'temp');
}
else {
//send email - direct
$email = new email;
$email->recipients = $_SESSION["user_email"];
$email->subject = $email_subject;
$email->body = $email_body;
$email->from_address = $email_from_address;
$email->from_name = $email_from_name;
//$email->attachments = $email_attachments;
$email->debug_level = 0;
$email->method = 'direct';
$sent = $email->send();
}
//build the result array
$result["plugin"] = "email";
$result["domain_name"] = $_SESSION["domain_name"];
$result["username"] = $_REQUEST['username'];
$result["user_uuid"] = $_SESSION["user_uuid"];
$result["domain_uuid"] = $_SESSION["domain_uuid"];
$result["contact_uuid"] = $_SESSION["contact_uuid"];
$result["authorized"] = false;
//debug informations
//$email_response = $email->response;
//$email_error = $email->email_error;
//echo $email_response."<br />\n";
//echo $email_error."<br />\n";
//add the failed login to user logs
user_logs::add($result);
//get the domain
$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
$domain_name = $domain_array[0];
//return the array
return $result;
}
//create token
//$object = new token;
//$token = $object->create('login');
//authentication code
$_SESSION["user"]["authentication"]["email"]["code"] = generate_password(6, 1);
$_SESSION["user"]["authentication"]["email"]["epoch"] = time();
//add multi-lingual support
$language = new text;
$text = $language->get(null, '/core/authentication');
//$_SESSION["authentication_address"] = $_SERVER['REMOTE_ADDR'];
//$_SESSION["authentication_date"] = 'now()';
//initialize a template object
$view = new template();
$view->engine = 'smarty';
$view->template_dir = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/core/authentication/resources/views/';
$view->cache_dir = sys_get_temp_dir();
$view->init();
//set the authentication code
//$sql = "update v_users \n";
//$sql .= "set auth_code = :auth_code \n";
//$sql .= "where user_uuid = :user_uuid;";
//$parameters['auth_code'] = $auth_code_hash;
//$parameters['user_uuid'] = $this->user_uuid;
//$this->database->execute($sql, $parameters);
//unset($sql);
//assign default values to the template
$view->assign("project_path", PROJECT_PATH);
$view->assign("login_destination_url", $login_destination);
$view->assign("favicon", $theme_favicon);
$view->assign("login_title", $text['label-verify']);
$view->assign("login_email_description", $text['label-email_description']);
$view->assign("login_authentication_code", $text['label-authentication_code']);
$view->assign("login_logo_width", $theme_login_logo_width);
$view->assign("login_logo_height", $theme_login_logo_height);
$view->assign("login_logo_source", $theme_logo);
$view->assign("button_verify", $text['label-verify']);
$view->assign("message_delay", $theme_message_delay);
if (!empty($_SESSION['username'])) {
$view->assign("username", $_SESSION['username']);
$view->assign("button_cancel", $text['button-cancel']);
}
//email settings
//$email_address = $this->user_email;
//$email_subject = 'Validation Code';
//$email_body = 'Validation Code: '.$authentication_code;
//messages
$view->assign('messages', message::html(true, ' '));
//send email with the authentication_code
//ob_start();
//$sent = !send_email($email_address, $email_subject, $email_body, $email_error, null, null, 3, 3) ? false : true;
//$response = ob_get_clean();
//show the views
$content = $view->render('email.htm');
echo $content;
//get the language code
$language_code = $settings->get('domain', 'language', 'en-us');
//get the email template from the database
$sql = "select template_subject, template_body ";
$sql .= "from v_email_templates ";
$sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";
$sql .= "and template_language = :template_language ";
$sql .= "and template_category = :template_category ";
$sql .= "and template_subcategory = :template_subcategory ";
$sql .= "and template_type = :template_type ";
$sql .= "and template_enabled = true ";
$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
$parameters['template_language'] = $language_code;
$parameters['template_category'] = 'authentication';
$parameters['template_subcategory'] = 'email';
$parameters['template_type'] = 'html';
$row = $this->database->select($sql, $parameters, 'row');
$email_subject = $row['template_subject'];
$email_body = $row['template_body'];
unset($sql, $parameters, $row);
//replace variables in email subject
$email_subject = str_replace('${domain_name}', $_SESSION["domain_name"], $email_subject);
//replace variables in email body
$email_body = str_replace('${domain_name}', $_SESSION["domain_name"], $email_body);
$email_body = str_replace('${auth_code}', $_SESSION["user"]["authentication"]["email"]["code"], $email_body);
//get the email from name and address
$email_from_address = $_SESSION['email']['smtp_from']['text'];
$email_from_name = $_SESSION['email']['smtp_from_name']['text'];
//get the email send mode options: direct or email_queue
$email_send_mode = $_SESSION['authentication']['email_send_mode']['text'] ?? 'email_queue';
//send the email
if ($email_send_mode == 'email_queue') {
//set the variables
$email_queue_uuid = uuid();
$email_uuid = uuid();
$hostname = gethostname();
//add the temporary permissions
$p = permissions::new();
$p->add("email_queue_add", 'temp');
$p->add("email_queue_edit", 'temp');
$array['email_queue'][0]["email_queue_uuid"] = $email_queue_uuid;
$array['email_queue'][0]["domain_uuid"] = $_SESSION["domain_uuid"];
$array['email_queue'][0]["hostname"] = $hostname;
$array['email_queue'][0]["email_date"] = 'now()';
$array['email_queue'][0]["email_from"] = $email_from_address;
$array['email_queue'][0]["email_to"] = $_SESSION["user_email"];
$array['email_queue'][0]["email_subject"] = $email_subject;
$array['email_queue'][0]["email_body"] = $email_body;
$array['email_queue'][0]["email_status"] = 'waiting';
$array['email_queue'][0]["email_retry_count"] = 3;
$array['email_queue'][0]["email_uuid"] = $email_uuid;
$array['email_queue'][0]["email_action_before"] = null;
$array['email_queue'][0]["email_action_after"] = null;
$this->database->save($array);
$err = $this->database->message;
unset($array);
//remove the temporary permission
$p->delete("email_queue_add", 'temp');
$p->delete("email_queue_edit", 'temp');
} else {
//send email - direct
$email = new email;
$email->recipients = $_SESSION["user_email"];
$email->subject = $email_subject;
$email->body = $email_body;
$email->from_address = $email_from_address;
$email->from_name = $email_from_name;
//$email->attachments = $email_attachments;
$email->debug_level = 0;
$email->method = 'direct';
$sent = $email->send();
}
//debug informations
//$email_response = $email->response;
//$email_error = $email->email_error;
//echo $email_response."<br />\n";
//echo $email_error."<br />\n";
//get the domain
$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
$domain_name = $domain_array[0];
//create token
//$object = new token;
//$token = $object->create('login');
//add multi-lingual support
$language = new text;
$text = $language->get(null, '/core/authentication');
//initialize a template object
$view = new template();
$view->engine = 'smarty';
$view->template_dir = $_SERVER["DOCUMENT_ROOT"] . PROJECT_PATH . '/core/authentication/resources/views/';
$view->cache_dir = sys_get_temp_dir();
$view->init();
//assign default values to the template
$view->assign("project_path", PROJECT_PATH);
$view->assign("login_destination_url", $login_destination);
$view->assign("favicon", $theme_favicon);
$view->assign("login_title", $text['label-verify']);
$view->assign("login_email_description", $text['label-email_description']);
$view->assign("login_authentication_code", $text['label-authentication_code']);
$view->assign("login_logo_width", $theme_login_logo_width);
$view->assign("login_logo_height", $theme_login_logo_height);
$view->assign("login_logo_source", $theme_logo);
$view->assign("button_verify", $text['label-verify']);
$view->assign("message_delay", $theme_message_delay);
if (!empty($_SESSION['username'])) {
$view->assign("username", $_SESSION['username']);
$view->assign("button_cancel", $text['button-cancel']);
}
//messages
$view->assign('messages', message::html(true, ' '));
//show the views
$content = $view->render('email.htm');
echo $content;
exit;
}
//if authorized then verify
if (isset($_POST['authentication_code'])) {
//check if the authentication code has expired. if expired return false
if (!empty($_SESSION["user"]) && $_SESSION["user"]["authentication"]["email"]["epoch"] + 3 > time()) {
//authentication code expired
$result["plugin"] = "email";
$result["domain_name"] = $_SESSION["domain_name"];
$result["username"] = $_SESSION["username"];
$result["error_message"] = 'code expired';
$result["authorized"] = false;
print_r($result);
return $result;
exit;
}
//if authorized then verify
if (isset($_POST['authentication_code'])) {
//get the user details
$sql = "select user_uuid, user_email, contact_uuid\n";
$sql .= "from v_users\n";
$sql .= "where (\n";
$sql .= " username = :username\n";
$sql .= " or user_email = :username\n";
$sql .= ")\n";
if ($users_unique != "global") {
//unique username per domain (not globally unique across system - example: email address)
$sql .= "and domain_uuid = :domain_uuid ";
$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
}
$parameters['username'] = $_SESSION["username"];
$row = $this->database->select($sql, $parameters, 'row');
$this->user_uuid = $row['user_uuid'];
$this->user_email = $row['user_email'];
$this->contact_uuid = $row['contact_uuid'];
unset($parameters);
/*
echo 'session code = '.$_SESSION["user"]["authentication"]["email"]["code"].'<br>';
echo 'post code = '.$_POST['authentication_code'].'<br>';
exit;
*/
//check if the authentication code has expired. if expired return false
if (!empty($_SESSION["user"]) && $_SESSION["user"]["authentication"]["email"]["epoch"] + 3 > time()) {
//authentication code expired
$result["plugin"] = "email";
$result["domain_name"] = $_SESSION["domain_name"];
$result["username"] = $_SESSION["username"];
$result["error_message"] = 'code expired';
$result["authorized"] = false;
print_r($result);
return $result;
exit;
//validate the code
if (!empty($_SESSION["user"]) && $_SESSION["user"]["authentication"]["email"]["code"] === $_POST['authentication_code']) {
$auth_valid = true;
} else {
$auth_valid = false;
}
//clear posted authentication code
unset($_POST['authentication_code']);
//check if contacts app exists
$contacts_exists = file_exists($_SERVER["DOCUMENT_ROOT"] . PROJECT_PATH . '/core/contacts/') ? true : false;
//get the user details
if ($auth_valid) {
//get user data from the database
$sql = "select ";
$sql .= " u.user_uuid, ";
$sql .= " u.username, ";
$sql .= " u.user_email, ";
$sql .= " u.contact_uuid ";
if ($contacts_exists) {
$sql .= ",";
$sql .= "c.contact_organization, ";
$sql .= "c.contact_name_given, ";
$sql .= "c.contact_name_family, ";
$sql .= "a.contact_attachment_uuid ";
}
//get the user details
$sql = "select user_uuid, user_email, contact_uuid\n";
$sql .= "from v_users\n";
$sql .= "where (\n";
$sql .= " username = :username\n";
$sql .= " or user_email = :username\n";
$sql .= ")\n";
$sql .= "from ";
$sql .= " v_users as u ";
if ($contacts_exists) {
$sql .= "left join v_contacts as c on u.contact_uuid = c.contact_uuid and u.contact_uuid is not null ";
$sql .= "left join v_contact_attachments as a on u.contact_uuid = a.contact_uuid and u.contact_uuid is not null and a.attachment_primary = true and a.attachment_filename is not null and a.attachment_content is not null ";
}
$sql .= "where ";
$sql .= " u.user_uuid = :user_uuid ";
if ($users_unique != "global") {
//unique username per domain (not globally unique across system - example: email address)
$sql .= "and domain_uuid = :domain_uuid ";
$sql .= "and u.domain_uuid = :domain_uuid ";
$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
}
$parameters['username'] = $_SESSION["username"];
$row = $this->database->select($sql, $parameters, 'row');
$this->user_uuid = $row['user_uuid'];
$this->user_email = $row['user_email'];
$this->contact_uuid = $row['contact_uuid'];
$parameters['user_uuid'] = $_SESSION["user_uuid"];
$row = $this->database->select($sql, $parameters, 'row');
unset($parameters);
/*
echo 'session code = '.$_SESSION["user"]["authentication"]["email"]["code"].'<br>';
echo 'post code = '.$_POST['authentication_code'].'<br>';
exit;
*/
//validate the code
if (!empty($_SESSION["user"]) && $_SESSION["user"]["authentication"]["email"]["code"] === $_POST['authentication_code']) {
$auth_valid = true;
}
else {
$auth_valid = false;
}
//clear posted authentication code
unset($_POST['authentication_code']);
//check if contacts app exists
$contacts_exists = file_exists($_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/core/contacts/') ? true : false;
//get the user details
if ($auth_valid) {
//get user data from the database
$sql = "select ";
$sql .= " u.user_uuid, ";
$sql .= " u.username, ";
$sql .= " u.user_email, ";
$sql .= " u.contact_uuid ";
if ($contacts_exists) {
$sql .= ",";
$sql .= "c.contact_organization, ";
$sql .= "c.contact_name_given, ";
$sql .= "c.contact_name_family, ";
$sql .= "a.contact_attachment_uuid ";
}
$sql .= "from ";
$sql .= " v_users as u ";
if ($contacts_exists) {
$sql .= "left join v_contacts as c on u.contact_uuid = c.contact_uuid and u.contact_uuid is not null ";
$sql .= "left join v_contact_attachments as a on u.contact_uuid = a.contact_uuid and u.contact_uuid is not null and a.attachment_primary = true and a.attachment_filename is not null and a.attachment_content is not null ";
}
$sql .= "where ";
$sql .= " u.user_uuid = :user_uuid ";
if ($users_unique != "global") {
//unique username per domain (not globally unique across system - example: email address)
$sql .= "and u.domain_uuid = :domain_uuid ";
$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
}
$parameters['user_uuid'] = $_SESSION["user_uuid"];
$row = $this->database->select($sql, $parameters, 'row');
unset($parameters);
//set a few session variables
//$_SESSION["username"] = $row['username']; //setting the username makes it skip the rest of the authentication
//$_SESSION["user_email"] = $row['user_email'];
//$_SESSION["contact_uuid"] = $row["contact_uuid"];
}
else {
//set a few session variables
//$_SESSION["username"] = $row['username']; //setting the username makes it skip the rest of the authentication
//$_SESSION["user_email"] = $row['user_email'];
//$_SESSION["contact_uuid"] = $row["contact_uuid"];
} else {
// //destroy session
// session_unset();
// session_destroy();
@@ -472,65 +468,65 @@ class plugin_email {
// //exit the code
// exit();
//clear submitted usernames
unset($this->username, $_SESSION['username'], $_REQUEST['username'], $_POST['username']);
//clear submitted usernames
unset($this->username, $_SESSION['username'], $_REQUEST['username'], $_POST['username']);
//clear authentication session
unset($_SESSION['authentication']);
//clear authentication session
unset($_SESSION['authentication']);
}
/*
//check if user successfully logged in during the interval
//$sql = "select user_log_uuid, timestamp, user_name, user_agent, remote_address ";
$sql = "select count(*) as count ";
$sql .= "from v_user_logs ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and user_uuid = :user_uuid ";
$sql .= "and user_agent = :user_agent ";
$sql .= "and type = 'login' ";
$sql .= "and result = 'success' ";
$sql .= "and floor(extract(epoch from now()) - extract(epoch from timestamp)) > 3 ";
$sql .= "and floor(extract(epoch from now()) - extract(epoch from timestamp)) < 300 ";
$parameters['domain_uuid'] = $this->domain_uuid;
$parameters['user_uuid'] = $this->user_uuid;
$parameters['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
$user_log_count = $this->database->select($sql, $parameters, 'all');
//view_array($user_log_count);
unset($sql, $parameters);
*/
//result array
$result["plugin"] = "email";
$result["domain_name"] = $_SESSION["domain_name"];
$result["username"] = $_SESSION["username"];
$result["user_uuid"] = $_SESSION["user_uuid"];
$result["domain_uuid"] = $_SESSION["domain_uuid"];
if ($contacts_exists) {
$result["contact_uuid"] = $_SESSION["contact_uuid"];
$result["contact_organization"] = $row["contact_organization"];
$result["contact_name_given"] = $row["contact_name_given"];
$result["contact_name_family"] = $row["contact_name_family"];
$result["contact_image"] = $row["contact_attachment_uuid"];
}
$result["authorized"] = $auth_valid ? true : false;
//add the failed login to user logs
if (!$auth_valid) {
user_logs::add($result);
}
//retun the array
return $result;
//$_SESSION['authentication']['plugin']['email']['plugin'] = "email";
//$_SESSION['authentication']['plugin']['email']['domain_name'] = $_SESSION["domain_name"];
//$_SESSION['authentication']['plugin']['email']['username'] = $row['username'];
//$_SESSION['authentication']['plugin']['email']['user_uuid'] = $_SESSION["user_uuid"];
//$_SESSION['authentication']['plugin']['email']['contact_uuid'] = $_SESSION["contact_uuid"];
//$_SESSION['authentication']['plugin']['email']['domain_uuid'] = $_SESSION["domain_uuid"];
//$_SESSION['authentication']['plugin']['email']['authorized'] = $auth_valid ? true : false;
}
/*
//check if user successfully logged in during the interval
//$sql = "select user_log_uuid, timestamp, user_name, user_agent, remote_address ";
$sql = "select count(*) as count ";
$sql .= "from v_user_logs ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and user_uuid = :user_uuid ";
$sql .= "and user_agent = :user_agent ";
$sql .= "and type = 'login' ";
$sql .= "and result = 'success' ";
$sql .= "and floor(extract(epoch from now()) - extract(epoch from timestamp)) > 3 ";
$sql .= "and floor(extract(epoch from now()) - extract(epoch from timestamp)) < 300 ";
$parameters['domain_uuid'] = $this->domain_uuid;
$parameters['user_uuid'] = $this->user_uuid;
$parameters['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
$user_log_count = $this->database->select($sql, $parameters, 'all');
//view_array($user_log_count);
unset($sql, $parameters);
*/
//result array
$result["plugin"] = "email";
$result["domain_name"] = $_SESSION["domain_name"];
$result["username"] = $_SESSION["username"];
$result["user_uuid"] = $_SESSION["user_uuid"];
$result["domain_uuid"] = $_SESSION["domain_uuid"];
if ($contacts_exists) {
$result["contact_uuid"] = $_SESSION["contact_uuid"];
$result["contact_organization"] = $row["contact_organization"];
$result["contact_name_given"] = $row["contact_name_given"];
$result["contact_name_family"] = $row["contact_name_family"];
$result["contact_image"] = $row["contact_attachment_uuid"];
}
$result["authorized"] = $auth_valid ? true : false;
//add the failed login to user logs
if (!$auth_valid) {
user_logs::add($result);
}
//retun the array
return $result;
//$_SESSION['authentication']['plugin']['email']['plugin'] = "email";
//$_SESSION['authentication']['plugin']['email']['domain_name'] = $_SESSION["domain_name"];
//$_SESSION['authentication']['plugin']['email']['username'] = $row['username'];
//$_SESSION['authentication']['plugin']['email']['user_uuid'] = $_SESSION["user_uuid"];
//$_SESSION['authentication']['plugin']['email']['contact_uuid'] = $_SESSION["contact_uuid"];
//$_SESSION['authentication']['plugin']['email']['domain_uuid'] = $_SESSION["domain_uuid"];
//$_SESSION['authentication']['plugin']['email']['authorized'] = $auth_valid ? true : false;
}
}
}

1
core/authentication/resources/classes/plugins/ldap.php
View File

@@ -27,6 +27,7 @@ class plugin_ldap {
*/
private $database;
/**
* Called when the object is created
*/

683
core/authentication/resources/classes/plugins/totp.php
View File

@@ -65,325 +65,322 @@ class plugin_totp {
/**
* time based one time password aka totp
*
* @return array [authorized] => true or false
*/
function totp(authentication $auth, settings $settings) {
//pre-process some settings
$theme_favicon = $settings->get('theme', 'favicon', PROJECT_PATH.'/themes/default/favicon.ico');
$theme_logo = $settings->get('theme', 'logo', PROJECT_PATH.'/themes/default/images/logo_login.png');
$theme_login_type = $settings->get('theme', 'login_brand_type', '');
$theme_login_image = $settings->get('theme', 'login_brand_image', '');
$theme_login_text = $settings->get('theme', 'login_brand_text', '');
$theme_login_logo_width = $settings->get('theme', 'login_logo_width', 'auto; max-width: 300px');
$theme_login_logo_height = $settings->get('theme', 'login_logo_height', 'auto; max-height: 300px');
$theme_message_delay = 1000 * (float)$settings->get('theme', 'message_delay', 3000);
$background_videos = $settings->get('theme', 'background_video', null);
$theme_background_video = (isset($background_videos) && is_array($background_videos)) ? $background_videos[0] : null;
//$login_domain_name_visible = $settings->get('login', 'domain_name_visible');
//$login_domain_name = $settings->get('login', 'domain_name');
$login_destination = $settings->get('login', 'destination');
$users_unique = $settings->get('users', 'unique', '');
$theme_favicon = $settings->get('theme', 'favicon', PROJECT_PATH . '/themes/default/favicon.ico');
$theme_logo = $settings->get('theme', 'logo', PROJECT_PATH . '/themes/default/images/logo_login.png');
$theme_login_type = $settings->get('theme', 'login_brand_type', '');
$theme_login_image = $settings->get('theme', 'login_brand_image', '');
$theme_login_text = $settings->get('theme', 'login_brand_text', '');
$theme_login_logo_width = $settings->get('theme', 'login_logo_width', 'auto; max-width: 300px');
$theme_login_logo_height = $settings->get('theme', 'login_logo_height', 'auto; max-height: 300px');
$theme_message_delay = 1000 * (float)$settings->get('theme', 'message_delay', 3000);
$background_videos = $settings->get('theme', 'background_video', null);
$theme_background_video = (isset($background_videos) && is_array($background_videos)) ? $background_videos[0] : null;
//$login_domain_name_visible = $settings->get('login', 'domain_name_visible');
//$login_domain_name = $settings->get('login', 'domain_name');
$login_destination = $settings->get('login', 'destination');
$users_unique = $settings->get('users', 'unique', '');
//get the username
if (isset($_SESSION["username"])) {
$this->username = $_SESSION["username"];
}
if (isset($_POST['username'])) {
$this->username = $_POST['username'];
$_SESSION["username"] = $this->username;
}
if (isset($_SESSION["username"])) {
$this->username = $_SESSION["username"];
}
if (isset($_POST['username'])) {
$this->username = $_POST['username'];
$_SESSION["username"] = $this->username;
}
//request the username
if (!$this->username && !isset($_POST['authentication_code'])) {
if (!$this->username && !isset($_POST['authentication_code'])) {
//get the domain
$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
$domain_name = $domain_array[0];
//get the domain
$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
$domain_name = $domain_array[0];
//create token
//$object = new token;
//$token = $object->create('login');
//create token
//$object = new token;
//$token = $object->create('login');
//add multi-lingual support
$language = new text;
$text = $language->get(null, '/core/authentication');
//add multi-lingual support
$language = new text;
$text = $language->get(null, '/core/authentication');
//initialize a template object
$view = new template();
$view->engine = 'smarty';
$view->template_dir = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/core/authentication/resources/views/';
$view->cache_dir = sys_get_temp_dir();
$view->init();
//initialize a template object
$view = new template();
$view->engine = 'smarty';
$view->template_dir = $_SERVER["DOCUMENT_ROOT"] . PROJECT_PATH . '/core/authentication/resources/views/';
$view->cache_dir = sys_get_temp_dir();
$view->init();
//assign default values to the template
$view->assign("project_path", PROJECT_PATH);
$view->assign("login_destination_url", $login_destination);
$view->assign("favicon", $theme_favicon);
$view->assign("login_title", $text['label-username']);
$view->assign("login_username", $text['label-username']);
$view->assign("login_logo_width", $theme_login_logo_width);
$view->assign("login_logo_height", $theme_login_logo_height);
$view->assign("login_logo_source", $theme_logo);
$view->assign("button_login", $text['button-login']);
//assign default values to the template
$view->assign("project_path", PROJECT_PATH);
$view->assign("login_destination_url", $login_destination);
$view->assign("favicon", $theme_favicon);
$view->assign("login_title", $text['label-username']);
$view->assign("login_username", $text['label-username']);
$view->assign("login_logo_width", $theme_login_logo_width);
$view->assign("login_logo_height", $theme_login_logo_height);
$view->assign("login_logo_source", $theme_logo);
$view->assign("button_login", $text['button-login']);
$view->assign("favicon", $theme_favicon);
$view->assign("message_delay", $theme_message_delay);
//messages
$view->assign('messages', message::html(true, ' '));
//show the views
$content = $view->render('username.htm');
echo $content;
exit;
}
//show the authentication code view
if (!isset($_POST['authentication_code'])) {
//get the username
if (!isset($this->username) && isset($_REQUEST['username'])) {
$this->username = $_REQUEST['username'];
$_SESSION['username'] = $this->username;
}
//get the domain name
if (!empty($_SESSION['username'])) {
$auth = new authentication;
$auth->get_domain();
$this->domain_uuid = $_SESSION['domain_uuid'];
$this->domain_name = $_SESSION['domain_name'];
$this->username = $_SESSION['username'];
}
//get the user details
$sql = "select user_uuid, username, user_email, contact_uuid, user_totp_secret\n";
$sql .= "from v_users\n";
$sql .= "where (\n";
$sql .= " username = :username\n";
$sql .= " or user_email = :username\n";
$sql .= ")\n";
if (empty($_SESSION["users"]["unique"]["text"]) || $_SESSION["users"]["unique"]["text"] != "global") {
//unique username per domain (not globally unique across system - example: email address)
$sql .= "and domain_uuid = :domain_uuid ";
$parameters['domain_uuid'] = $this->domain_uuid;
}
$sql .= "and (user_type = 'default' or user_type is null) ";
$parameters['username'] = $this->username;
$row = $this->database->select($sql, $parameters, 'row');
if (empty($row) || !is_array($row) || @sizeof($row) == 0) {
//clear submitted usernames
unset($this->username, $_SESSION['username'], $_REQUEST['username'], $_POST['username']);
//build the result array
$result["plugin"] = "totp";
$result["domain_uuid"] = $_SESSION["domain_uuid"];
$result["domain_name"] = $_SESSION["domain_name"];
$result["authorized"] = false;
//retun the array
return $result;
}
unset($parameters);
//set class variables
$this->user_uuid = $row['user_uuid'];
$this->user_email = $row['user_email'];
$this->contact_uuid = $row['contact_uuid'];
$this->user_totp_secret = $row['user_totp_secret'];
//set a few session variables
$_SESSION["user_uuid"] = $row['user_uuid'];
$_SESSION["username"] = $row['username'];
$_SESSION["user_email"] = $row['user_email'];
$_SESSION["contact_uuid"] = $row["contact_uuid"];
//get the domain
$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
$domain_name = $domain_array[0];
//create token
//$object = new token;
//$token = $object->create('login');
//add multi-lingual support
$language = new text;
$text = $language->get(null, '/core/authentication');
//initialize a template object
$view = new template();
$view->engine = 'smarty';
$view->template_dir = $_SERVER["DOCUMENT_ROOT"] . PROJECT_PATH . '/core/authentication/resources/views/';
$view->cache_dir = sys_get_temp_dir();
$view->init();
//assign values to the template
$view->assign("project_path", PROJECT_PATH);
$view->assign("login_destination_url", $login_destination);
$view->assign("favicon", $theme_favicon);
$view->assign("login_title", $text['label-verify']);
$view->assign("login_totp_description", $text['label-totp_description']);
$view->assign("login_authentication_code", $text['label-authentication_code']);
$view->assign("login_logo_width", $theme_login_logo_width);
$view->assign("login_logo_height", $theme_login_logo_height);
$view->assign("login_logo_source", $theme_logo);
$view->assign("favicon", $theme_favicon);
$view->assign("background_video", $theme_background_video);
if (!empty($_SESSION['username'])) {
$view->assign("username", $_SESSION['username']);
$view->assign("button_cancel", $text['button-cancel']);
}
//show the views
if (!empty($_SESSION['authentication']['plugin']['database']['authorized']) && empty($this->user_totp_secret)) {
//create the totp secret
$base32 = new base2n(5, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567', false, true, true);
$user_totp_secret = $base32->encode(generate_password(20, 3));
$this->user_totp_secret = $user_totp_secret;
//add user setting to array for update
$x = 0;
$array['users'][$x]['user_uuid'] = $this->user_uuid;
$array['users'][$x]['domain_uuid'] = $this->domain_uuid;
$array['users'][$x]['user_totp_secret'] = $this->user_totp_secret;
//add the user_edit permission
$p = permissions::new();
$p->add("user_edit", "temp");
//save the data
$this->database->save($array);
//remove the temporary permission
$p->delete("user_edit", "temp");
//qr code includes
require_once 'resources/qr_code/QRErrorCorrectLevel.php';
require_once 'resources/qr_code/QRCode.php';
require_once 'resources/qr_code/QRCodeImage.php';
//build the otp authentication url
$otpauth = "otpauth://totp/" . $this->username;
$otpauth .= "?secret=" . $this->user_totp_secret;
$otpauth .= "&issuer=" . $_SESSION['domain_name'];
//build the qr code image
try {
$code = new QRCode (-1, QRErrorCorrectLevel::H);
$code->addData($otpauth);
$code->make();
$img = new QRCodeImage ($code, $width = 210, $height = 210, $quality = 50);
$img->draw();
$image = $img->getImage();
$img->finish();
} catch (Exception $error) {
echo $error;
}
//assign values to the template
$view->assign("totp_secret", $this->user_totp_secret);
$view->assign("totp_image", base64_encode($image));
$view->assign("totp_description", $text['description-totp']);
$view->assign("button_next", $text['button-next']);
$view->assign("favicon", $theme_favicon);
$view->assign("message_delay", $theme_message_delay);
//messages
$view->assign('messages', message::html(true, ' '));
//show the views
$content = $view->render('username.htm');
echo $content;
exit;
}
//show the authentication code view
if (!isset($_POST['authentication_code'])) {
//get the username
if (!isset($this->username) && isset($_REQUEST['username'])) {
$this->username = $_REQUEST['username'];
$_SESSION['username'] = $this->username;
}
//get the domain name
if (!empty($_SESSION['username'])) {
$auth = new authentication;
$auth->get_domain();
$this->domain_uuid = $_SESSION['domain_uuid'];
$this->domain_name = $_SESSION['domain_name'];
$this->username = $_SESSION['username'];
}
//get the user details
$sql = "select user_uuid, username, user_email, contact_uuid, user_totp_secret\n";
$sql .= "from v_users\n";
$sql .= "where (\n";
$sql .= " username = :username\n";
$sql .= " or user_email = :username\n";
$sql .= ")\n";
if (empty($_SESSION["users"]["unique"]["text"]) || $_SESSION["users"]["unique"]["text"] != "global") {
//unique username per domain (not globally unique across system - example: email address)
$sql .= "and domain_uuid = :domain_uuid ";
$parameters['domain_uuid'] = $this->domain_uuid;
}
$sql .= "and (user_type = 'default' or user_type is null) ";
$parameters['username'] = $this->username;
$row = $this->database->select($sql, $parameters, 'row');
if (empty($row) || !is_array($row) || @sizeof($row) == 0) {
//clear submitted usernames
unset($this->username, $_SESSION['username'], $_REQUEST['username'], $_POST['username']);
//build the result array
$result["plugin"] = "totp";
$result["domain_uuid"] = $_SESSION["domain_uuid"];
$result["domain_name"] = $_SESSION["domain_name"];
$result["authorized"] = false;
//retun the array
return $result;
}
unset($parameters);
//set class variables
$this->user_uuid = $row['user_uuid'];
$this->user_email = $row['user_email'];
$this->contact_uuid = $row['contact_uuid'];
$this->user_totp_secret = $row['user_totp_secret'];
//set a few session variables
$_SESSION["user_uuid"] = $row['user_uuid'];
$_SESSION["username"] = $row['username'];
$_SESSION["user_email"] = $row['user_email'];
$_SESSION["contact_uuid"] = $row["contact_uuid"];
//get the domain
$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
$domain_name = $domain_array[0];
//create token
//$object = new token;
//$token = $object->create('login');
//add multi-lingual support
$language = new text;
$text = $language->get(null, '/core/authentication');
//initialize a template object
$view = new template();
$view->engine = 'smarty';
$view->template_dir = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/core/authentication/resources/views/';
$view->cache_dir = sys_get_temp_dir();
$view->init();
//render the template
$content = $view->render('totp_secret.htm');
} else {
//assign values to the template
$view->assign("project_path", PROJECT_PATH);
$view->assign("login_destination_url", $login_destination);
$view->assign("favicon", $theme_favicon);
$view->assign("login_title", $text['label-verify']);
$view->assign("login_totp_description", $text['label-totp_description']);
$view->assign("login_authentication_code", $text['label-authentication_code']);
$view->assign("login_logo_width", $theme_login_logo_width);
$view->assign("login_logo_height", $theme_login_logo_height);
$view->assign("login_logo_source", $theme_logo);
$view->assign("favicon", $theme_favicon);
$view->assign("background_video", $theme_background_video);
if (!empty($_SESSION['username'])) {
$view->assign("username", $_SESSION['username']);
$view->assign("button_cancel", $text['button-cancel']);
}
$view->assign("button_verify", $text['label-verify']);
$view->assign("message_delay", $theme_message_delay);
//show the views
if (!empty($_SESSION['authentication']['plugin']['database']['authorized']) && empty($this->user_totp_secret)) {
//messages
$view->assign('messages', message::html(true, ' '));
//create the totp secret
$base32 = new base2n(5, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567', FALSE, TRUE, TRUE);
$user_totp_secret = $base32->encode(generate_password(20,3));
$this->user_totp_secret = $user_totp_secret;
//add user setting to array for update
$x = 0;
$array['users'][$x]['user_uuid'] = $this->user_uuid;
$array['users'][$x]['domain_uuid'] = $this->domain_uuid;
$array['users'][$x]['user_totp_secret'] = $this->user_totp_secret;
//add the user_edit permission
$p = permissions::new();
$p->add("user_edit", "temp");
//save the data
$this->database->save($array);
//remove the temporary permission
$p->delete("user_edit", "temp");
//qr code includes
require_once 'resources/qr_code/QRErrorCorrectLevel.php';
require_once 'resources/qr_code/QRCode.php';
require_once 'resources/qr_code/QRCodeImage.php';
//build the otp authentication url
$otpauth = "otpauth://totp/".$this->username;
$otpauth .= "?secret=".$this->user_totp_secret;
$otpauth .= "&issuer=".$_SESSION['domain_name'];
//build the qr code image
try {
$code = new QRCode (- 1, QRErrorCorrectLevel::H);
$code->addData($otpauth);
$code->make();
$img = new QRCodeImage ($code, $width=210, $height=210, $quality=50);
$img->draw();
$image = $img->getImage();
$img->finish();
}
catch (Exception $error) {
echo $error;
}
//assign values to the template
$view->assign("totp_secret", $this->user_totp_secret);
$view->assign("totp_image", base64_encode($image));
$view->assign("totp_description", $text['description-totp']);
$view->assign("button_next", $text['button-next']);
$view->assign("favicon", $theme_favicon);
$view->assign("message_delay", $theme_message_delay);
//messages
$view->assign('messages', message::html(true, ' '));
//render the template
$content = $view->render('totp_secret.htm');
}
else {
//assign values to the template
$view->assign("button_verify", $text['label-verify']);
$view->assign("message_delay", $theme_message_delay);
//messages
$view->assign('messages', message::html(true, ' '));
//render the template
$content = $view->render('totp.htm');
}
echo $content;
exit;
//render the template
$content = $view->render('totp.htm');
}
echo $content;
exit;
}
//if authorized then verify
if (isset($_POST['authentication_code'])) {
if (isset($_POST['authentication_code'])) {
//get the user details
$sql = "select user_uuid, user_email, contact_uuid, user_totp_secret\n";
$sql .= "from v_users\n";
$sql .= "where (\n";
$sql .= " username = :username\n";
$sql .= " or user_email = :username\n";
$sql .= ")\n";
//get the user details
$sql = "select user_uuid, user_email, contact_uuid, user_totp_secret\n";
$sql .= "from v_users\n";
$sql .= "where (\n";
$sql .= " username = :username\n";
$sql .= " or user_email = :username\n";
$sql .= ")\n";
if ($users_unique != "global") {
//unique username per domain (not globally unique across system - example: email address)
$sql .= "and domain_uuid = :domain_uuid ";
$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
}
$parameters['username'] = $_SESSION["username"];
$row = $this->database->select($sql, $parameters, 'row');
$this->user_uuid = $row['user_uuid'];
$this->user_email = $row['user_email'];
$this->contact_uuid = $row['contact_uuid'];
$this->user_totp_secret = $row['user_totp_secret'];
unset($parameters);
//create the authenticator object
$totp = new google_authenticator;
//validate the code
if ($totp->checkCode($this->user_totp_secret, $_POST['authentication_code'])) {
$auth_valid = true;
} else {
$auth_valid = false;
}
//clear posted authentication code
unset($_POST['authentication_code']);
//check if contacts app exists
$contacts_exists = file_exists($_SERVER["DOCUMENT_ROOT"] . PROJECT_PATH . '/core/contacts/') ? true : false;
//get the user details
if ($auth_valid) {
//get user data from the database
$sql = "select ";
$sql .= " u.user_uuid, ";
$sql .= " u.username, ";
$sql .= " u.user_email, ";
$sql .= " u.contact_uuid ";
if ($contacts_exists) {
$sql .= ",";
$sql .= "c.contact_organization, ";
$sql .= "c.contact_name_given, ";
$sql .= "c.contact_name_family, ";
$sql .= "a.contact_attachment_uuid ";
}
$sql .= "from ";
$sql .= " v_users as u ";
if ($contacts_exists) {
$sql .= "left join v_contacts as c on u.contact_uuid = c.contact_uuid and u.contact_uuid is not null ";
$sql .= "left join v_contact_attachments as a on u.contact_uuid = a.contact_uuid and u.contact_uuid is not null and a.attachment_primary = true and a.attachment_filename is not null and a.attachment_content is not null ";
}
$sql .= "where ";
$sql .= " u.user_uuid = :user_uuid ";
if ($users_unique != "global") {
//unique username per domain (not globally unique across system - example: email address)
$sql .= "and domain_uuid = :domain_uuid ";
$sql .= "and u.domain_uuid = :domain_uuid ";
$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
}
$parameters['username'] = $_SESSION["username"];
$row = $this->database->select($sql, $parameters, 'row');
$this->user_uuid = $row['user_uuid'];
$this->user_email = $row['user_email'];
$this->contact_uuid = $row['contact_uuid'];
$this->user_totp_secret = $row['user_totp_secret'];
$parameters['user_uuid'] = $_SESSION["user_uuid"];
$row = $this->database->select($sql, $parameters, 'row');
unset($parameters);
//create the authenticator object
$totp = new google_authenticator;
//validate the code
if ($totp->checkCode($this->user_totp_secret, $_POST['authentication_code'])) {
$auth_valid = true;
}
else {
$auth_valid = false;
}
//clear posted authentication code
unset($_POST['authentication_code']);
//check if contacts app exists
$contacts_exists = file_exists($_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/core/contacts/') ? true : false;
//get the user details
if ($auth_valid) {
//get user data from the database
$sql = "select ";
$sql .= " u.user_uuid, ";
$sql .= " u.username, ";
$sql .= " u.user_email, ";
$sql .= " u.contact_uuid ";
if ($contacts_exists) {
$sql .= ",";
$sql .= "c.contact_organization, ";
$sql .= "c.contact_name_given, ";
$sql .= "c.contact_name_family, ";
$sql .= "a.contact_attachment_uuid ";
}
$sql .= "from ";
$sql .= " v_users as u ";
if ($contacts_exists) {
$sql .= "left join v_contacts as c on u.contact_uuid = c.contact_uuid and u.contact_uuid is not null ";
$sql .= "left join v_contact_attachments as a on u.contact_uuid = a.contact_uuid and u.contact_uuid is not null and a.attachment_primary = true and a.attachment_filename is not null and a.attachment_content is not null ";
}
$sql .= "where ";
$sql .= " u.user_uuid = :user_uuid ";
if ($users_unique != "global") {
//unique username per domain (not globally unique across system - example: email address)
$sql .= "and u.domain_uuid = :domain_uuid ";
$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
}
$parameters['user_uuid'] = $_SESSION["user_uuid"];
$row = $this->database->select($sql, $parameters, 'row');
unset($parameters);
}
else {
} else {
// //destroy session
// session_unset();
// session_destroy();
@@ -397,64 +394,64 @@ class plugin_totp {
// //exit the code
// exit();
//clear authentication session
unset($_SESSION['authentication']);
//clear authentication session
unset($_SESSION['authentication']);
// clear username
unset($_SESSION["username"]);
}
/*
//check if user successfully logged in during the interval
//$sql = "select user_log_uuid, timestamp, user_name, user_agent, remote_address ";
$sql = "select count(*) as count ";
$sql .= "from v_user_logs ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and user_uuid = :user_uuid ";
$sql .= "and user_agent = :user_agent ";
$sql .= "and type = 'login' ";
$sql .= "and result = 'success' ";
$sql .= "and floor(extract(epoch from now()) - extract(epoch from timestamp)) > 3 ";
$sql .= "and floor(extract(epoch from now()) - extract(epoch from timestamp)) < 300 ";
$parameters['domain_uuid'] = $this->domain_uuid;
$parameters['user_uuid'] = $this->user_uuid;
$parameters['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
$user_log_count = $this->database->select($sql, $parameters, 'all');
//view_array($user_log_count);
unset($sql, $parameters);
*/
//build the result array
$result["plugin"] = "totp";
$result["domain_name"] = $_SESSION["domain_name"];
$result["username"] = $_SESSION["username"] ?? null;
$result["user_uuid"] = $_SESSION["user_uuid"];
$result["domain_uuid"] = $_SESSION["domain_uuid"];
$result["contact_uuid"] = $_SESSION["contact_uuid"];
if ($contacts_exists) {
$result["contact_organization"] = $row["contact_organization"];
$result["contact_name_given"] = $row["contact_name_given"];
$result["contact_name_family"] = $row["contact_name_family"];
$result["contact_image"] = $row["contact_attachment_uuid"];
}
$result["authorized"] = $auth_valid ? true : false;
//add the failed login to user logs
if (!$auth_valid) {
user_logs::add($result);
}
//retun the array
return $result;
//$_SESSION['authentication']['plugin']['totp']['plugin'] = "totp";
//$_SESSION['authentication']['plugin']['totp']['domain_name'] = $_SESSION["domain_name"];
//$_SESSION['authentication']['plugin']['totp']['username'] = $row['username'];
//$_SESSION['authentication']['plugin']['totp']['user_uuid'] = $_SESSION["user_uuid"];
//$_SESSION['authentication']['plugin']['totp']['contact_uuid'] = $_SESSION["contact_uuid"];
//$_SESSION['authentication']['plugin']['totp']['domain_uuid'] = $_SESSION["domain_uuid"];
//$_SESSION['authentication']['plugin']['totp']['authorized'] = $auth_valid ? true : false;
// clear username
unset($_SESSION["username"]);
}
/*
//check if user successfully logged in during the interval
//$sql = "select user_log_uuid, timestamp, user_name, user_agent, remote_address ";
$sql = "select count(*) as count ";
$sql .= "from v_user_logs ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and user_uuid = :user_uuid ";
$sql .= "and user_agent = :user_agent ";
$sql .= "and type = 'login' ";
$sql .= "and result = 'success' ";
$sql .= "and floor(extract(epoch from now()) - extract(epoch from timestamp)) > 3 ";
$sql .= "and floor(extract(epoch from now()) - extract(epoch from timestamp)) < 300 ";
$parameters['domain_uuid'] = $this->domain_uuid;
$parameters['user_uuid'] = $this->user_uuid;
$parameters['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
$user_log_count = $this->database->select($sql, $parameters, 'all');
//view_array($user_log_count);
unset($sql, $parameters);
*/
//build the result array
$result["plugin"] = "totp";
$result["domain_name"] = $_SESSION["domain_name"];
$result["username"] = $_SESSION["username"] ?? null;
$result["user_uuid"] = $_SESSION["user_uuid"];
$result["domain_uuid"] = $_SESSION["domain_uuid"];
$result["contact_uuid"] = $_SESSION["contact_uuid"];
if ($contacts_exists) {
$result["contact_organization"] = $row["contact_organization"];
$result["contact_name_given"] = $row["contact_name_given"];
$result["contact_name_family"] = $row["contact_name_family"];
$result["contact_image"] = $row["contact_attachment_uuid"];
}
$result["authorized"] = $auth_valid ? true : false;
//add the failed login to user logs
if (!$auth_valid) {
user_logs::add($result);
}
//retun the array
return $result;
//$_SESSION['authentication']['plugin']['totp']['plugin'] = "totp";
//$_SESSION['authentication']['plugin']['totp']['domain_name'] = $_SESSION["domain_name"];
//$_SESSION['authentication']['plugin']['totp']['username'] = $row['username'];
//$_SESSION['authentication']['plugin']['totp']['user_uuid'] = $_SESSION["user_uuid"];
//$_SESSION['authentication']['plugin']['totp']['contact_uuid'] = $_SESSION["contact_uuid"];
//$_SESSION['authentication']['plugin']['totp']['domain_uuid'] = $_SESSION["domain_uuid"];
//$_SESSION['authentication']['plugin']['totp']['authorized'] = $auth_valid ? true : false;
}
}
}