2010-12-02 23:34:41 +00:00
|
|
|
<?php
|
|
|
|
|
/**
|
|
|
|
|
* authentication.php
|
|
|
|
|
*
|
|
|
|
|
* ProcessMaker Open Source Edition
|
|
|
|
|
* Copyright (C) 2004 - 2008 Colosa Inc.23
|
|
|
|
|
*
|
|
|
|
|
* This program is free software: you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU Affero General Public License as
|
|
|
|
|
* published by the Free Software Foundation, either version 3 of the
|
|
|
|
|
* License, or (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU Affero General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
*
|
|
|
|
|
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
|
|
|
|
|
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
try {
|
2012-07-04 19:01:31 -04:00
|
|
|
if (!$RBAC->singleSignOn) {
|
|
|
|
|
if (!isset($_POST['form']) ) {
|
|
|
|
|
G::SendTemporalMessage ('ID_USER_HAVENT_RIGHTS_SYSTEM', 'error');
|
|
|
|
|
G::header('Location: login');
|
|
|
|
|
die();
|
|
|
|
|
}
|
2011-08-24 19:30:03 -04:00
|
|
|
|
2012-07-04 19:01:31 -04:00
|
|
|
$frm = $_POST['form'];
|
|
|
|
|
$usr = '';
|
|
|
|
|
$pwd = '';
|
2011-08-24 19:34:44 -04:00
|
|
|
|
2012-07-04 19:01:31 -04:00
|
|
|
if (isset($frm['USR_USERNAME'])) {
|
2013-01-02 11:53:19 -04:00
|
|
|
$usr = mb_strtolower(trim($frm['USR_USERNAME']), 'UTF-8');
|
2012-07-04 19:01:31 -04:00
|
|
|
$pwd = trim($frm['USR_PASSWORD']);
|
|
|
|
|
}
|
2012-02-24 19:32:24 -04:00
|
|
|
|
2012-07-04 19:01:31 -04:00
|
|
|
$uid = $RBAC->VerifyLogin($usr , $pwd);
|
|
|
|
|
$RBAC->cleanSessionFiles(72); //cleaning session files older than 72 hours
|
|
|
|
|
|
|
|
|
|
switch ($uid) {
|
|
|
|
|
//The user does doesn't exist
|
|
|
|
|
case -1:
|
2013-03-04 11:32:49 -04:00
|
|
|
$errLabel = 'WRONG_LOGIN_CREDENTIALS';
|
2012-07-04 19:01:31 -04:00
|
|
|
break;
|
|
|
|
|
//The password is incorrect
|
|
|
|
|
case -2:
|
2013-03-04 11:32:49 -04:00
|
|
|
$errLabel = 'WRONG_LOGIN_CREDENTIALS';
|
2012-07-04 19:01:31 -04:00
|
|
|
if (isset($_SESSION['__AUTH_ERROR__'])) {
|
|
|
|
|
G::SendMessageText($_SESSION['__AUTH_ERROR__'], "warning");
|
|
|
|
|
unset($_SESSION['__AUTH_ERROR__']);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
//The user is inactive
|
|
|
|
|
case -3:
|
|
|
|
|
require_once 'classes/model/Users.php';
|
2012-09-13 14:54:38 -04:00
|
|
|
$user = new Users();
|
2012-07-04 19:01:31 -04:00
|
|
|
$aUser = $user->loadByUsernameInArray($usr);
|
2012-02-24 19:32:24 -04:00
|
|
|
|
2012-07-04 19:01:31 -04:00
|
|
|
switch ($aUser['USR_STATUS']) {
|
|
|
|
|
case 'VACATION':
|
2012-09-13 14:54:38 -04:00
|
|
|
$uid = $aUser['USR_UID'];
|
|
|
|
|
$RBAC->changeUserStatus($uid, 1);
|
|
|
|
|
$aUser['USR_STATUS'] = 'ACTIVE';
|
|
|
|
|
$user->update($aUser);
|
2012-07-04 19:01:31 -04:00
|
|
|
break;
|
|
|
|
|
case 'INACTIVE':
|
|
|
|
|
$errLabel = 'ID_USER_INACTIVE';
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
//The Due date is finished
|
|
|
|
|
case -4:
|
|
|
|
|
$errLabel = 'ID_USER_INACTIVE_BY_DATE';
|
|
|
|
|
break;
|
|
|
|
|
case -5:
|
|
|
|
|
$errLabel = 'ID_AUTHENTICATION_SOURCE_INVALID';
|
|
|
|
|
break;
|
2013-12-09 14:58:41 -04:00
|
|
|
case -6:
|
|
|
|
|
$errLabel = 'ID_ROLE_INACTIVE';
|
|
|
|
|
break;
|
2011-08-24 19:30:03 -04:00
|
|
|
}
|
2012-02-24 19:32:24 -04:00
|
|
|
|
2012-07-04 19:01:31 -04:00
|
|
|
//to avoid empty string in user field. This will avoid a weird message "this row doesn't exist"
|
|
|
|
|
if ( !isset($uid) ) {
|
|
|
|
|
$uid = -1;
|
2013-03-04 11:32:49 -04:00
|
|
|
$errLabel = 'WRONG_LOGIN_CREDENTIALS';
|
2011-08-24 19:30:03 -04:00
|
|
|
}
|
2012-02-24 19:32:24 -04:00
|
|
|
|
2012-07-04 19:01:31 -04:00
|
|
|
if (!isset($uid) || $uid < 0) {
|
|
|
|
|
if (isset($_SESSION['FAILED_LOGINS'])) {
|
|
|
|
|
$_SESSION['FAILED_LOGINS']++;
|
|
|
|
|
}
|
|
|
|
|
if (!defined('PPP_FAILED_LOGINS')) {
|
|
|
|
|
define('PPP_FAILED_LOGINS', 0);
|
|
|
|
|
}
|
|
|
|
|
if (PPP_FAILED_LOGINS > 0) {
|
|
|
|
|
if ($_SESSION['FAILED_LOGINS'] >= PPP_FAILED_LOGINS) {
|
|
|
|
|
$oConnection = Propel::getConnection('rbac');
|
|
|
|
|
$oStatement = $oConnection->prepareStatement("SELECT USR_UID FROM USERS WHERE USR_USERNAME = '" . $usr . "'");
|
|
|
|
|
$oDataset = $oStatement->executeQuery();
|
|
|
|
|
if ($oDataset->next()) {
|
|
|
|
|
$sUserUID = $oDataset->getString('USR_UID');
|
|
|
|
|
$oConnection = Propel::getConnection('rbac');
|
|
|
|
|
$oStatement = $oConnection->prepareStatement("UPDATE USERS SET USR_STATUS = 0 WHERE USR_UID = '" . $sUserUID . "'");
|
|
|
|
|
$oStatement->executeQuery();
|
|
|
|
|
$oConnection = Propel::getConnection('workflow');
|
|
|
|
|
$oStatement = $oConnection->prepareStatement("UPDATE USERS SET USR_STATUS = 'INACTIVE' WHERE USR_UID = '" . $sUserUID . "'");
|
|
|
|
|
$oStatement->executeQuery();
|
|
|
|
|
unset($_SESSION['FAILED_LOGINS']);
|
|
|
|
|
G::SendMessageText(G::LoadTranslation('ID_ACCOUNT') . ' "' . $usr . '" ' . G::LoadTranslation('ID_ACCOUNT_DISABLED_CONTACT_ADMIN'), 'warning');
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2011-08-24 19:30:03 -04:00
|
|
|
|
2012-07-04 19:01:31 -04:00
|
|
|
if (strpos($_SERVER['HTTP_REFERER'], 'home/login') !== false) {
|
|
|
|
|
$d = serialize(array('u'=>$usr, 'p'=>$pwd, 'm'=>G::LoadTranslation($errLabel)));
|
|
|
|
|
$loginUrl = '../home/login?d='.base64_encode($d);
|
|
|
|
|
} else {
|
|
|
|
|
G::SendTemporalMessage($errLabel, "warning");
|
2012-02-24 19:32:24 -04:00
|
|
|
|
2012-07-04 19:01:31 -04:00
|
|
|
if (substr(SYS_SKIN, 0, 2) !== 'ux') {
|
|
|
|
|
$loginUrl = 'login';
|
|
|
|
|
} else {
|
|
|
|
|
$loginUrl = '../main/login';
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
G::header("location: $loginUrl");
|
|
|
|
|
die;
|
2012-03-29 16:42:09 -04:00
|
|
|
}
|
2012-02-24 19:32:24 -04:00
|
|
|
|
2012-07-04 19:01:31 -04:00
|
|
|
if (!isset( $_SESSION['WORKSPACE'] ) ) {
|
|
|
|
|
$_SESSION['WORKSPACE'] = SYS_SYS;
|
|
|
|
|
}
|
2010-12-02 23:34:41 +00:00
|
|
|
|
2012-07-04 19:01:31 -04:00
|
|
|
//Execute the SSO Script from plugin
|
|
|
|
|
$oPluginRegistry =& PMPluginRegistry::getSingleton();
|
|
|
|
|
if ($oPluginRegistry->existsTrigger ( PM_LOGIN )) {
|
|
|
|
|
$lSession="";
|
|
|
|
|
$loginInfo = new loginInfo ($usr, $pwd, $lSession );
|
|
|
|
|
$oPluginRegistry->executeTriggers ( PM_LOGIN , $loginInfo );
|
|
|
|
|
}
|
|
|
|
|
$_SESSION['USER_LOGGED'] = $uid;
|
|
|
|
|
$_SESSION['USR_USERNAME'] = $usr;
|
|
|
|
|
} else {
|
|
|
|
|
$uid = $RBAC->userObj->fields['USR_UID'];
|
|
|
|
|
$usr = $RBAC->userObj->fields['USR_USERNAME'];
|
|
|
|
|
$_SESSION['USER_LOGGED'] = $uid;
|
|
|
|
|
$_SESSION['USR_USERNAME'] = $usr;
|
2010-12-02 23:34:41 +00:00
|
|
|
}
|
|
|
|
|
|
2012-07-04 19:01:31 -04:00
|
|
|
$aUser = $RBAC->userObj->load($_SESSION['USER_LOGGED']);
|
|
|
|
|
$RBAC->loadUserRolePermission($RBAC->sSystem, $_SESSION['USER_LOGGED']);
|
|
|
|
|
//$rol = $RBAC->rolesObj->load($RBAC->aUserInfo['PROCESSMAKER']['ROLE']['ROL_UID']);
|
|
|
|
|
$_SESSION['USR_FULLNAME'] = $aUser['USR_FIRSTNAME'] . ' ' . $aUser['USR_LASTNAME'];
|
|
|
|
|
//$_SESSION['USR_ROLENAME'] = $rol['ROL_NAME'];
|
2011-08-24 19:30:03 -04:00
|
|
|
|
2012-07-04 19:01:31 -04:00
|
|
|
unset($_SESSION['FAILED_LOGINS']);
|
2010-12-02 23:34:41 +00:00
|
|
|
|
2012-07-04 19:01:31 -04:00
|
|
|
// increment logins in heartbeat
|
|
|
|
|
G::LoadClass('serverConfiguration');
|
|
|
|
|
$oServerConf =& serverConf::getSingleton();
|
|
|
|
|
$oServerConf->sucessfulLogin();
|
2011-08-24 19:30:03 -04:00
|
|
|
|
2012-07-04 19:01:31 -04:00
|
|
|
// Assign the uid of user to userloggedobj
|
|
|
|
|
$RBAC->loadUserRolePermission($RBAC->sSystem, $uid);
|
|
|
|
|
$res = $RBAC->userCanAccess('PM_LOGIN');
|
|
|
|
|
if ($res != 1 ) {
|
|
|
|
|
if ($res == -2) {
|
|
|
|
|
G::SendTemporalMessage ('ID_USER_HAVENT_RIGHTS_SYSTEM', "error");
|
|
|
|
|
} else {
|
|
|
|
|
G::SendTemporalMessage ('ID_USER_HAVENT_RIGHTS_PAGE', "error");
|
|
|
|
|
}
|
|
|
|
|
G::header ("location: login.html");
|
|
|
|
|
die;
|
2010-12-02 23:34:41 +00:00
|
|
|
}
|
2012-07-04 19:01:31 -04:00
|
|
|
|
|
|
|
|
if (isset($frm['USER_LANG'])) {
|
|
|
|
|
if ($frm['USER_LANG'] != '') {
|
|
|
|
|
$lang = $frm['USER_LANG'];
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
if (defined('SYS_LANG')) {
|
|
|
|
|
$lang = SYS_LANG;
|
|
|
|
|
} else {
|
|
|
|
|
$lang = 'en';
|
|
|
|
|
}
|
2010-12-02 23:34:41 +00:00
|
|
|
}
|
|
|
|
|
|
2012-07-04 19:01:31 -04:00
|
|
|
/**log in table Login**/
|
|
|
|
|
require_once 'classes/model/LoginLog.php';
|
2014-03-26 17:11:58 -04:00
|
|
|
$g = new G();
|
|
|
|
|
|
2012-07-04 19:01:31 -04:00
|
|
|
$weblog=new LoginLog();
|
|
|
|
|
$aLog['LOG_UID'] = G::generateUniqueID();
|
|
|
|
|
$aLog['LOG_STATUS'] = 'ACTIVE';
|
2014-03-26 17:11:58 -04:00
|
|
|
$aLog['LOG_IP'] = $g->getIpAddress();
|
2012-07-04 19:01:31 -04:00
|
|
|
$aLog['LOG_SID'] = session_id();
|
|
|
|
|
$aLog['LOG_INIT_DATE'] = date('Y-m-d H:i:s');
|
|
|
|
|
//$aLog['LOG_END_DATE'] = '0000-00-00 00:00:00';
|
|
|
|
|
$aLog['LOG_CLIENT_HOSTNAME']= $_SERVER['HTTP_HOST'];
|
|
|
|
|
$aLog['USR_UID'] = $_SESSION['USER_LOGGED'];
|
|
|
|
|
$weblog->create($aLog);
|
|
|
|
|
/**end log**/
|
2011-08-24 19:30:03 -04:00
|
|
|
|
2012-07-04 19:01:31 -04:00
|
|
|
//************** background processes, here we are putting some back office routines **********
|
2012-09-24 14:44:08 -04:00
|
|
|
$heartBeatNWIDate = $oServerConf->getHeartbeatProperty('HB_NEXT_GWI_DATE','HEART_BEAT_CONF');
|
|
|
|
|
if (is_null($heartBeatNWIDate)) {
|
2012-10-16 18:08:45 +00:00
|
|
|
$heartBeatNWIDate = time();
|
2012-09-24 14:44:08 -04:00
|
|
|
}
|
|
|
|
|
if (time() >= $heartBeatNWIDate) {
|
2012-10-16 18:08:45 +00:00
|
|
|
$oServerConf->setWsInfo(SYS_SYS, $oServerConf->getWorkspaceInfo(SYS_SYS));
|
|
|
|
|
$oServerConf->setHeartbeatProperty('HB_NEXT_GWI_DATE', strtotime('+1 day'), 'HEART_BEAT_CONF');
|
2012-09-24 14:44:08 -04:00
|
|
|
}
|
2011-08-24 19:30:03 -04:00
|
|
|
|
2012-07-04 19:01:31 -04:00
|
|
|
//**** defining and saving server info, this file has the values of the global array $_SERVER ****
|
|
|
|
|
//this file is useful for command line environment (no Browser), I mean for triggers, crons and other executed over command line
|
2010-12-02 23:34:41 +00:00
|
|
|
|
2012-07-04 19:01:31 -04:00
|
|
|
$_CSERVER = $_SERVER;
|
|
|
|
|
unset($_CSERVER['REQUEST_TIME']);
|
|
|
|
|
unset($_CSERVER['REMOTE_PORT']);
|
|
|
|
|
$cput = serialize($_CSERVER);
|
|
|
|
|
if (!is_file(PATH_DATA_SITE . PATH_SEP . '.server_info')) {
|
|
|
|
|
file_put_contents(PATH_DATA_SITE . PATH_SEP . '.server_info', $cput);
|
|
|
|
|
} else {
|
|
|
|
|
$c = file_get_contents(PATH_DATA_SITE . PATH_SEP . '.server_info');
|
|
|
|
|
if (md5($c) != md5($cput)) {
|
|
|
|
|
file_put_contents(PATH_DATA_SITE . PATH_SEP . '.server_info', $cput);
|
|
|
|
|
}
|
2012-04-05 12:52:33 -04:00
|
|
|
}
|
2010-12-02 23:34:41 +00:00
|
|
|
|
2012-07-04 19:01:31 -04:00
|
|
|
/* Check password using policy - Start */
|
|
|
|
|
require_once 'classes/model/UsersProperties.php';
|
|
|
|
|
$oUserProperty = new UsersProperties();
|
2011-10-11 18:33:06 -04:00
|
|
|
|
2012-07-04 19:01:31 -04:00
|
|
|
// getting default user location
|
|
|
|
|
if (isset($_REQUEST['form']['URL']) && $_REQUEST['form']['URL'] != '') {
|
2013-01-08 13:21:40 -04:00
|
|
|
if (isset($_SERVER['HTTP_REFERER'])) {
|
|
|
|
|
if (strpos($_SERVER['HTTP_REFERER'], 'processes/processes_Map?PRO_UID=') !== false) {
|
|
|
|
|
$sLocation = $_SERVER['HTTP_REFERER'];
|
|
|
|
|
} else {
|
2013-11-15 15:29:07 -04:00
|
|
|
$sLocation = G::sanitizeInput($_REQUEST['form']['URL']);
|
2013-01-08 13:21:40 -04:00
|
|
|
}
|
|
|
|
|
} else {
|
2013-11-15 15:29:07 -04:00
|
|
|
$sLocation = G::sanitizeInput($_REQUEST['form']['URL']);
|
2013-01-08 13:21:40 -04:00
|
|
|
}
|
2012-07-04 19:01:31 -04:00
|
|
|
} else {
|
|
|
|
|
if (isset($_REQUEST['u']) && $_REQUEST['u'] != '') {
|
2013-11-15 15:29:07 -04:00
|
|
|
$sLocation = G::sanitizeInput($_REQUEST['u']);
|
2012-07-04 19:01:31 -04:00
|
|
|
} else {
|
|
|
|
|
$sLocation = $oUserProperty->redirectTo($_SESSION['USER_LOGGED'], $lang);
|
|
|
|
|
}
|
2011-10-10 12:14:38 -04:00
|
|
|
}
|
2012-07-04 19:01:31 -04:00
|
|
|
|
|
|
|
|
if ($RBAC->singleSignOn) {
|
|
|
|
|
G::header('Location: ' . $sLocation);
|
|
|
|
|
die();
|
2011-10-10 12:14:38 -04:00
|
|
|
}
|
2012-04-05 12:52:33 -04:00
|
|
|
|
2012-07-04 19:01:31 -04:00
|
|
|
$aUserProperty = $oUserProperty->loadOrCreateIfNotExists($_SESSION['USER_LOGGED'], array('USR_PASSWORD_HISTORY' => serialize(array(md5($pwd)))));
|
|
|
|
|
$aErrors = $oUserProperty->validatePassword($_POST['form']['USR_PASSWORD'], $aUserProperty['USR_LAST_UPDATE_DATE'], $aUserProperty['USR_LOGGED_NEXT_TIME']);
|
2011-08-24 19:30:03 -04:00
|
|
|
|
2012-07-04 19:01:31 -04:00
|
|
|
if (!empty($aErrors)) {
|
|
|
|
|
if (!defined('NO_DISPLAY_USERNAME')) {
|
|
|
|
|
define('NO_DISPLAY_USERNAME', 1);
|
|
|
|
|
}
|
|
|
|
|
$aFields = array();
|
|
|
|
|
$aFields['DESCRIPTION'] = '<span style="font-weight:normal;">';
|
|
|
|
|
$aFields['DESCRIPTION'] .= G::LoadTranslation('ID_POLICY_ALERT').':<br /><br />';
|
|
|
|
|
foreach ($aErrors as $sError) {
|
|
|
|
|
switch ($sError) {
|
|
|
|
|
case 'ID_PPP_MINIMUM_LENGTH':
|
|
|
|
|
$aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError).': ' . PPP_MINIMUM_LENGTH . '<br />';
|
|
|
|
|
$aFields[substr($sError, 3)] = PPP_MINIMUM_LENGTH;
|
|
|
|
|
break;
|
|
|
|
|
case 'ID_PPP_MAXIMUM_LENGTH':
|
|
|
|
|
$aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError).': ' . PPP_MAXIMUM_LENGTH . '<br />';
|
|
|
|
|
$aFields[substr($sError, 3)] = PPP_MAXIMUM_LENGTH;
|
|
|
|
|
break;
|
|
|
|
|
case 'ID_PPP_EXPIRATION_IN':
|
|
|
|
|
$aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError).' ' . PPP_EXPIRATION_IN . ' ' . G::LoadTranslation('ID_DAYS') . '<br />';
|
|
|
|
|
$aFields[substr($sError, 3)] = PPP_EXPIRATION_IN;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
$aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError).'<br />';
|
|
|
|
|
$aFields[substr($sError, 3)] = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
$aFields['DESCRIPTION'] .= '<br />' . G::LoadTranslation('ID_PLEASE_CHANGE_PASSWORD_POLICY') . '<br /><br /></span>';
|
|
|
|
|
$G_PUBLISH = new Publisher;
|
|
|
|
|
$G_PUBLISH->AddContent('xmlform', 'xmlform', 'login/changePassword', '', $aFields, 'changePassword');
|
|
|
|
|
G::RenderPage('publish');
|
|
|
|
|
die;
|
2012-04-05 12:52:33 -04:00
|
|
|
}
|
|
|
|
|
|
2012-07-04 19:01:31 -04:00
|
|
|
$oHeadPublisher = &headPublisher::getSingleton();
|
|
|
|
|
$oHeadPublisher->extJsInit = true;
|
2011-08-24 19:30:03 -04:00
|
|
|
|
2012-07-04 19:01:31 -04:00
|
|
|
$oHeadPublisher->addExtJsScript('login/init', false); //adding a javascript file .js
|
|
|
|
|
$oHeadPublisher->assign('uriReq', $sLocation);
|
|
|
|
|
G::RenderPage('publish', 'extJs');
|
|
|
|
|
//G::header('Location: ' . $sLocation);
|
|
|
|
|
die;
|
|
|
|
|
} catch ( Exception $e ) {
|
|
|
|
|
$aMessage['MESSAGE'] = $e->getMessage();
|
|
|
|
|
$G_PUBLISH = new Publisher;
|
|
|
|
|
$G_PUBLISH->AddContent('xmlform', 'xmlform', 'login/showMessage', '', $aMessage );
|
|
|
|
|
G::RenderPage( 'publish' );
|
|
|
|
|
die;
|
2010-12-02 23:34:41 +00:00
|
|
|
}
|
2012-07-04 19:01:31 -04:00
|
|
|
|
