Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
<?php
/*********************************************************************************
* The contents of this file are subject to the SugarCRM Public License Version 1.1.2
* ("License"); You may not use this file except in compliance with the
* License. You may obtain a copy of the License at http://www.sugarcrm.com/SPL
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for
* the specific language governing rights and limitations under the License.
* The Original Code is: SugarCRM Open Source
* The Initial Developer of the Original Code is SugarCRM, Inc.
* Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.;
* All Rights Reserved.
* Contributor(s): ______________________________________.
********************************************************************************/
/*********************************************************************************
* $Header: /advent/projects/wesat/vtiger_crm/sugarcrm/modules/Users/Authenticate.php,v 1.10 2005/02/28 05:25:22 jack Exp $
* Description: TODO: To be written.
* Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.
* All Rights Reserved.
* Contributor(s): ______________________________________..
********************************************************************************/
require_once('modules/Users/Users.php');
require_once('modules/Users/CreateUserPrivilegeFile.php');
require_once('include/logging.php');
require_once('user_privileges/audit_trail.php');
global $mod_strings, $default_charset;
$focus = new Users();
// Add in defensive code here.
$focus->column_fields["user_name"] = to_html($_REQUEST['user_name']);
$user_password = $_REQUEST['user_password'];
$focus->load_user($user_password);
$successURL = 'index.php';
if($focus->is_authenticated()) {
session_regenerate_id();
require_once('modules/Users/LoginHistory.php');
// Recording the login info
$usip=$_SERVER['REMOTE_ADDR'];
$intime=date("Y/m/d H:i:s");
$loghistory=new LoginHistory();
$Signin = $loghistory->user_login($focus->column_fields["user_name"],$usip,$intime);
//Security related entries start
require_once('include/utils/UserInfoUtil.php');
createUserPrivilegesfile($focus->id);
//Security related entries end
unset($_SESSION['login_password']);
unset($_SESSION['login_error']);
unset($_SESSION['login_user_name']);
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
$_SESSION['authenticated_user_id'] = $focus->id;
$_SESSION['AUTHUSERID'] = $focus->id;
$_SESSION['app_unique_key'] = $application_unique_key;
global $upload_badext;
//Enabled session variable for KCFINDER
$_SESSION['KCFINDER'] = array();
$_SESSION['KCFINDER']['disabled'] = false;
$_SESSION['KCFINDER']['uploadURL'] = "test/upload";
$_SESSION['KCFINDER']['uploadDir'] = "/test/upload";
$deniedExts = implode(" ", $upload_badext);
$_SESSION['KCFINDER']['deniedExts'] = $deniedExts;
// store the user's theme in the session
if(!empty($focus->column_fields["theme"])) {
$authenticated_user_theme = $focus->column_fields["theme"];
} else {
$authenticated_user_theme = $default_theme;
}
// store the user's language in the session
if(!empty($focus->column_fields["language"])) {
$authenticated_user_language = $focus->column_fields["language"];
} else {
$authenticated_user_language = $default_language;
}
// If this is the default user and the default user theme is set to reset, reset it to the default theme value on each login
if($reset_theme_on_default_user && $focus->user_name == $default_user_name) {
$authenticated_user_theme = $default_theme;
}
if(isset($reset_language_on_default_user) && $reset_language_on_default_user && $focus->user_name == $default_user_name) {
$authenticated_user_language = $default_language;
}
$_SESSION['vtiger_authenticated_user_theme'] = $authenticated_user_theme;
$_SESSION['authenticated_user_language'] = $authenticated_user_language;
$log->debug("authenticated_user_theme is $authenticated_user_theme");
$log->debug("authenticated_user_language is $authenticated_user_language");
$log->debug("authenticated_user_id is ". $focus->id);
$log->debug("app_unique_key is $application_unique_key");
// Clear all uploaded import files for this user if it exists
global $import_dir;
$tmp_file_name = $import_dir. "IMPORT_".$focus->id;
if (file_exists($tmp_file_name)) {
unlink($tmp_file_name);
}
$userSetupStatus = Users_CRMSetup::getUserSetupStatus($focus->id);
if ($userSetupStatus) {
$user = $focus->retrieve_entity_info($focus->id, 'Users');
$isFirstUser = Users_CRMSetup::isFirstUser($user);
if($isFirstUser) {
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
} else {
$arr = $_SESSION['lastpage'];
if(isset($_SESSION['lastpage'])) {
header("Location: $successURL".$arr);
} else {
header("Location: $successURL");
}
}
} else {
$arr = $_SESSION['lastpage'];
if(isset($_SESSION['lastpage'])) {
header("Location: $successURL".$arr);
} else {
header("Location: $successURL");
}
}
} else {
$sql = 'select user_name, id, crypt_type from vtiger_users where user_name=?';
$result = $adb->pquery($sql, array($focus->column_fields["user_name"]));
$rowList = $result->GetRows();
foreach ($rowList as $row) {
$cryptType = $row['crypt_type'];
/* PHP 5.3 WIN implementation of crypt API not compatible with earlier version */
if(strtolower($cryptType) == 'md5' && version_compare(PHP_VERSION, '5.3.0') >= 0 && strtoupper(substr(PHP_OS, 0, 3)) === 'WIN' ) {
header("Location: modules/Migration/PHP5.3_PasswordHelp.php");
die;
}
}
$_SESSION['login_user_name'] = $focus->column_fields["user_name"];
$_SESSION['login_password'] = $user_password;
$_SESSION['login_error'] = $mod_strings['ERR_INVALID_PASSWORD'];
// go back to the login screen.
// create an error message for the user.
header("Location: index.php");
}