From 0dc59aa9191f50845887bc09e002e503f4b8eb0d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julio=20Cesar=20Laura=20Avenda=C3=B1o?=
 <contact@julio-laura.com>
Date: Mon, 4 Jun 2018 14:39:57 -0400
Subject: [PATCH] HOR-4609

---
 .../engine/methods/login/authentication.php   | 48 +---------------
 .../methods/login/authenticationSso.php       | 49 +----------------
 workflow/engine/methods/login/login.php       | 55 -------------------
 workflow/engine/methods/login/sysLogin.php    |  3 -
 .../engine/methods/login/sysLoginVerify.php   | 30 ----------
 .../engine/methods/login/updateTimezone.php   | 15 +++++
 .../engine/skinEngine/neoclassic/layout.html  |  4 +-
 workflow/engine/skinEngine/skinEngine.php     |  1 +
 .../engine/xmlform/login/TimeZoneAlert.html   |  7 ---
 .../engine/xmlform/login/TimeZoneAlert.xml    |  6 --
 workflow/public_html/sysGeneric.php           | 41 ++++++++++++--
 11 files changed, 57 insertions(+), 202 deletions(-)
 create mode 100644 workflow/engine/methods/login/updateTimezone.php

diff --git a/workflow/engine/methods/login/authentication.php b/workflow/engine/methods/login/authentication.php
index 2ca7b693b..c0a488d1e 100644
--- a/workflow/engine/methods/login/authentication.php
+++ b/workflow/engine/methods/login/authentication.php
@@ -1,27 +1,4 @@
 <?php
-/**
- * authentication.php
- *
- * ProcessMaker Open Source Edition
- * Copyright (C) 2004 - 2008 Colosa Inc.23
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- *
- * For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
- * Coral Gables, FL, 33134, USA, or email info@colosa.com.
- *
- */
 
 use ProcessMaker\Core\System;
 use ProcessMaker\Plugins\PluginRegistry;
@@ -229,16 +206,6 @@ try {
         }
     }
 
-    /*----------------------------------********---------------------------------*/
-    if (PMLicensedFeatures::getSingleton()->verifyfeature('oq3S29xemxEZXJpZEIzN01qenJUaStSekY4cTdJVm5vbWtVM0d4S2lJSS9qUT0=')) {
-        //Update User Time Zone
-        if (isset($_POST['form']['BROWSER_TIME_ZONE'])) {
-            $user = new Users();
-            $user->update(['USR_UID' => $_SESSION['USER_LOGGED'], 'USR_TIME_ZONE' => $_POST['form']['BROWSER_TIME_ZONE']]);
-        }
-    }
-    /*----------------------------------********---------------------------------*/
-
     //Set User Time Zone
     $user = UsersPeer::retrieveByPK($_SESSION['USER_LOGGED']);
 
@@ -263,20 +230,7 @@ try {
 
             if ($timeZoneOffset === false || $timeZoneOffset != (int)($_POST['form']['BROWSER_TIME_ZONE_OFFSET'])) {
                 $_SESSION['__TIME_ZONE_FAILED__'] = true;
-                $_SESSION['USR_USERNAME'] = $usr;
-                $_SESSION['USR_PASSWORD'] = $pwd;
-
-                $_SESSION['BROWSER_TIME_ZONE'] = $dateTime->getTimeZoneIdByTimeZoneOffset((int)($_POST['form']['BROWSER_TIME_ZONE_OFFSET']), false);
-                $_SESSION['URL'] = (isset($_POST['form']['URL']))? $_POST['form']['URL'] : ((isset($_REQUEST['u']))? $_REQUEST['u'] : '');
-                $_SESSION['USER_LANG'] = $lang;
-
-                if (strpos($_SERVER['HTTP_REFERER'], 'home/login') !== false) {
-                    $d = serialize(['u' => $usr, 'p' => $pwd, 'm' => '', 'timeZoneFailed' => 1, 'userTimeZone' => $_SESSION['USR_TIME_ZONE'], 'browserTimeZone' => $_SESSION['BROWSER_TIME_ZONE'],'USER_LANG' => $lang]);
-                    $urlLogin = $urlLogin . '?d=' . base64_encode($d);
-                }
-
-                G::header('Location: ' . $urlLogin);
-                exit(0);
+                $_SESSION['BROWSER_TIME_ZONE'] = $dateTime->getTimeZoneIdByTimeZoneOffset((int)$_POST['form']['BROWSER_TIME_ZONE_OFFSET'], false);
             }
         }
     }
diff --git a/workflow/engine/methods/login/authenticationSso.php b/workflow/engine/methods/login/authenticationSso.php
index 9ca668a9b..10a7b3c14 100644
--- a/workflow/engine/methods/login/authenticationSso.php
+++ b/workflow/engine/methods/login/authenticationSso.php
@@ -30,16 +30,6 @@ try {
 
     $userUid = (isset($_SESSION['USER_LOGGED']))? $_SESSION['USER_LOGGED'] : ((isset($_SESSION['__USER_LOGGED_SSO__']))? $_SESSION['__USER_LOGGED_SSO__'] : '');
 
-    /*----------------------------------********---------------------------------*/
-    if (PMLicensedFeatures::getSingleton()->verifyfeature('oq3S29xemxEZXJpZEIzN01qenJUaStSekY4cTdJVm5vbWtVM0d4S2lJSS9qUT0=')) {
-        //Update User Time Zone
-        if (isset($_POST['form']['BROWSER_TIME_ZONE'])) {
-            $user = new Users();
-            $user->update(['USR_UID' => $userUid, 'USR_TIME_ZONE' => $_POST['form']['BROWSER_TIME_ZONE']]);
-        }
-    }
-    /*----------------------------------********---------------------------------*/
-
     $arraySystemConfiguration = System::getSystemConfiguration('', '', config("system.workspace"));
 
     //Set User Time Zone
@@ -85,43 +75,8 @@ try {
             }
 
             if ($timeZoneOffset === false || $timeZoneOffset != $browserTimeZoneOffset) {
-                $userUtcOffset = $dateTime->getUtcOffsetByTimeZoneOffset($timeZoneOffset);
-                $browserUtcOffset = $dateTime->getUtcOffsetByTimeZoneOffset($browserTimeZoneOffset);
-
-                $arrayTimeZoneId = $dateTime->getTimeZoneIdByTimeZoneOffset($browserTimeZoneOffset);
-
-                array_unshift($arrayTimeZoneId, 'false');
-                array_walk(
-                    $arrayTimeZoneId,
-                    function (&$value, $key, $parameter)
-                    {
-                        $value = ['TZ_UID' => $value, 'TZ_NAME' => '(UTC ' . $parameter . ') ' . $value];
-                    },
-                    $browserUtcOffset
-                );
-
-                $_SESSION['_DBArray'] = ['TIME_ZONE' => $arrayTimeZoneId];
-
-                $arrayData = [
-                    'USR_USERNAME'  => '',
-                    'USR_PASSWORD'  => '',
-                    'USR_TIME_ZONE' => '(UTC ' . $userUtcOffset . ') ' . $_SESSION['USR_TIME_ZONE'],
-                    'BROWSER_TIME_ZONE' => $dateTime->getTimeZoneIdByTimeZoneOffset($browserTimeZoneOffset, false),
-                    'USER_LANG' => SYS_LANG,
-                    'URL'       => $location
-                ];
-
-                $G_PUBLISH = new Publisher();
-                $G_PUBLISH->AddContent(
-                    'xmlform',
-                    'xmlform',
-                    'login' . PATH_SEP . 'TimeZoneAlert',
-                    '',
-                    $arrayData, SYS_URI . 'login/authenticationSso.php'
-                );
-
-                G::RenderPage('publish');
-                exit(0);
+                $_SESSION['__TIME_ZONE_FAILED__'] = true;
+                $_SESSION['BROWSER_TIME_ZONE'] = $dateTime->getTimeZoneIdByTimeZoneOffset((int)$_POST['form']['BROWSER_TIME_ZONE_OFFSET'], false);
             }
         }
     }
diff --git a/workflow/engine/methods/login/login.php b/workflow/engine/methods/login/login.php
index 24f3cf217..726e70369 100644
--- a/workflow/engine/methods/login/login.php
+++ b/workflow/engine/methods/login/login.php
@@ -163,25 +163,6 @@ if (isset ($_SESSION['USER_LOGGED'])) {
 }
 //end log
 
-/*----------------------------------********---------------------------------*/
-$timeZoneFailed = false;
-
-if (isset($_SESSION['__TIME_ZONE_FAILED__']) && $_SESSION['__TIME_ZONE_FAILED__']) {
-    $timeZoneFailed  = true;
-    $userUsername    = $_SESSION['USR_USERNAME'];
-    $userPassword    = $_SESSION['USR_PASSWORD'];
-    $userTimeZone    = $_SESSION['USR_TIME_ZONE'];
-    $browserTimeZone = $_SESSION['BROWSER_TIME_ZONE'];
-    $url             = $_SESSION['URL'];
-
-    if(isset($_SESSION['USER_LANG'])){
-       $lang = $_SESSION['USER_LANG'];
-    }else{
-       $lang = SYS_LANG;
-    }
-}
-/*----------------------------------********---------------------------------*/
-
 //start new session
 @session_destroy();
 session_start();
@@ -223,42 +204,6 @@ if (in_array(G::encryptOld($licenseManager->result), array('38afd7ae34bd5e3e6fc1
     die();
 }
 
-if ($timeZoneFailed) {
-    $dateTime = new \ProcessMaker\Util\DateTime();
-
-    $userTimeZoneOffset = $dateTime->getTimeZoneOffsetByTimeZoneId($userTimeZone);
-    $browserTimeZoneOffset = $dateTime->getTimeZoneOffsetByTimeZoneId($browserTimeZone);
-
-    $userUtcOffset = $dateTime->getUtcOffsetByTimeZoneOffset($userTimeZoneOffset);
-    $browserUtcOffset = $dateTime->getUtcOffsetByTimeZoneOffset($browserTimeZoneOffset);
-
-    $arrayTimeZoneId = $dateTime->getTimeZoneIdByTimeZoneOffset($browserTimeZoneOffset);
-
-    array_unshift($arrayTimeZoneId, 'false');
-    array_walk($arrayTimeZoneId, function (&$value, $key, $parameter) { $value = ['TZ_UID' => $value, 'TZ_NAME' => '(UTC ' . $parameter . ') ' . $value]; }, $browserUtcOffset);
-
-    $_SESSION['_DBArray'] = ['TIME_ZONE' => $arrayTimeZoneId];
-
-    $arrayData = [
-        'USR_USERNAME'  => $userUsername,
-        'USR_PASSWORD'  => $userPassword,
-        'USR_TIME_ZONE' => '(UTC ' . $userUtcOffset . ') ' . $userTimeZone,
-        'BROWSER_TIME_ZONE' => $browserTimeZone,
-        'USER_LANG' => $lang,
-        'URL'       => $url
-    ];
-
-    $G_PUBLISH = new Publisher();
-    $G_PUBLISH->AddContent('xmlform', 'xmlform', 'login' . PATH_SEP . 'TimeZoneAlert', '', $arrayData, SYS_URI . 'login/authentication.php');
-
-    G::RenderPage('publish');
-
-    // Destroy a significant value in session
-    global $G_FORM;
-    unset($_SESSION[$G_FORM->id]['USR_PASSWORD']);
-
-    exit(0);
-}
 /*----------------------------------********---------------------------------*/
 
 //translation
diff --git a/workflow/engine/methods/login/sysLogin.php b/workflow/engine/methods/login/sysLogin.php
index 8fd4cd5c3..a26d082f3 100644
--- a/workflow/engine/methods/login/sysLogin.php
+++ b/workflow/engine/methods/login/sysLogin.php
@@ -32,9 +32,6 @@ if ($browserSupported==false){
 }
 /*----------------------------------********---------------------------------*/
 if (isset ($_POST['form']['USER_ENV'])) {
-    @session_destroy();
-    session_start();
-    $_SESSION['sysLogin'] = $_POST['form'];
     $data = base64_encode(serialize($_POST));
     $url = sprintf('/sys%s/%s/%s/login/sysLoginVerify?d=%s', $_POST['form']['USER_ENV'], SYS_LANG, SYS_SKIN, $data);
     G::header("location: $url");
diff --git a/workflow/engine/methods/login/sysLoginVerify.php b/workflow/engine/methods/login/sysLoginVerify.php
index e12cf1fcf..5627854cb 100644
--- a/workflow/engine/methods/login/sysLoginVerify.php
+++ b/workflow/engine/methods/login/sysLoginVerify.php
@@ -1,29 +1,5 @@
 <?php
 
-/**
- * sysLoginVerify.php
- *  
- * ProcessMaker Open Source Edition
- * Copyright (C) 2004 - 2008 Colosa Inc.23
- * 
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- * 
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- * 
- * For more information, contact Colosa Inc, 2566 Le Jeune Rd., 
- * Coral Gables, FL, 33134, USA, or email info@colosa.com.
- * 
- */
-
 if (array_key_exists("d", $_GET)) {
     $str = base64_decode($_GET["d"]);
     if (preg_match('/^a:[0-9]+:{/', $str) && !preg_match('/(^|;|{|})O:\+?[0-9]+:"/', $str)) {
@@ -34,11 +10,5 @@ if (array_key_exists("d", $_GET)) {
 if (!isset($_POST)) {
     G::header('location: /sys/' . $lang . '/' . SYS_SKIN . '/' . 'login/login');
 }
-if (isset($_SESSION['sysLogin'])) {
-    $_POST['form'] = $_SESSION['sysLogin'];
-    // Destroy variables already assigned to the global variable $_POST
-    unset($_SESSION['sysLogin']);
-}
 
 require_once 'authentication.php';
-
diff --git a/workflow/engine/methods/login/updateTimezone.php b/workflow/engine/methods/login/updateTimezone.php
new file mode 100644
index 000000000..e83c65bd3
--- /dev/null
+++ b/workflow/engine/methods/login/updateTimezone.php
@@ -0,0 +1,15 @@
+<?php
+
+// Update the selected timezone for the user
+if (PMLicensedFeatures::getSingleton()->verifyfeature('oq3S29xemxEZXJpZEIzN01qenJUaStSekY4cTdJVm5vbWtVM0d4S2lJSS9qUT0=')) {
+    // Update User Time Zone
+    if (isset($_POST['form']['BROWSER_TIME_ZONE'])) {
+        $user = new Users();
+        $user->update(['USR_UID' => $_SESSION['USER_LOGGED'], 'USR_TIME_ZONE' => $_POST['form']['BROWSER_TIME_ZONE']]);
+        $_SESSION['USR_TIME_ZONE'] = $_POST['form']['BROWSER_TIME_ZONE'];
+        unset($_SESSION['__TIME_ZONE_FAILED__'], $_SESSION['BROWSER_TIME_ZONE']);
+    }
+
+    // Redirect to origin page
+    G::header('Location: ' . $_SERVER['HTTP_REFERER']);
+}
diff --git a/workflow/engine/skinEngine/neoclassic/layout.html b/workflow/engine/skinEngine/neoclassic/layout.html
index 658930ed8..8dee3a8e9 100644
--- a/workflow/engine/skinEngine/neoclassic/layout.html
+++ b/workflow/engine/skinEngine/neoclassic/layout.html
@@ -7,8 +7,8 @@
     <link rel="shortcut icon" href="/images/favicon.ico" type="image/x-icon" />
     {$header}
   </head>
-  {if $user_logged neq '' or $tracker neq ''}
-    <body>   
+  {if ($user_logged neq '' or $tracker neq '') and $timezone_status neq 'failed'}
+    <body>
       <table width="100%" height="100%" cellpadding="0" cellspacing="0" border="0" id="pm_main_table">
         <tr>
           <td id="pm_header" valign="top" {if $user_logged neq '' or $tracker neq ''}style="border-bottom:1px solid #e7e7e7;"{/if}>
diff --git a/workflow/engine/skinEngine/skinEngine.php b/workflow/engine/skinEngine/skinEngine.php
index a299596fe..5fc27857f 100644
--- a/workflow/engine/skinEngine/skinEngine.php
+++ b/workflow/engine/skinEngine/skinEngine.php
@@ -763,6 +763,7 @@ class SkinEngine
                     $smarty->assign('tracker',
                         (SYS_COLLECTION == 'tracker') ? (($G_PUBLISH->Parts[0]['File'] != 'tracker/login') ? true : '') : '');
                 }
+                $smarty->assign('timezone_status', (isset($_SESSION['__TIME_ZONE_FAILED__']) && $_SESSION['__TIME_ZONE_FAILED__']) ? 'failed' : 'ok');
                 $smarty->assign('switch_interface', $switch_interface);
                 $smarty->assign('switch_interface_label', G::LoadTranslation('ID_SWITCH_INTERFACE'));
                 $smarty->assign('rolename', isset($_SESSION['USR_ROLENAME']) ? $_SESSION['USR_ROLENAME'] . '' : '');
diff --git a/workflow/engine/xmlform/login/TimeZoneAlert.html b/workflow/engine/xmlform/login/TimeZoneAlert.html
index f27a6d979..1893d3943 100644
--- a/workflow/engine/xmlform/login/TimeZoneAlert.html
+++ b/workflow/engine/xmlform/login/TimeZoneAlert.html
@@ -8,13 +8,7 @@
 
 <form id="{$form_id}" method="post" enctype="multipart/form-data" action="{$form_action}" class="form-signin" style="margin:0px;" accept-charset="UTF-8" role="form">
     {$form.BROWSER_TIME_ZONE_OFFSET}
-    {$form.URL}
-
-    {$form.USR_USERNAME}
-    {$form.USR_PASSWORD}
-    {$form.USER_LANG}
     {$form.USR_TIME_ZONE}
-
     <fieldset>
         <label class="panel-login">
             <div class="login_result" style="text-align: left;">
@@ -35,4 +29,3 @@
 </form>
 <script src="/lib/pmdynaform/libs/respondjs/respond.min.js"></script>
 <script src="/lib/pmdynaform/libs/html5shiv/html5shiv.js"></script>
-
diff --git a/workflow/engine/xmlform/login/TimeZoneAlert.xml b/workflow/engine/xmlform/login/TimeZoneAlert.xml
index 635fe37c7..22913434a 100644
--- a/workflow/engine/xmlform/login/TimeZoneAlert.xml
+++ b/workflow/engine/xmlform/login/TimeZoneAlert.xml
@@ -1,11 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <dynaForm type="xmlform" name="login/TimeZoneAlert" enabletemplate="1">
     <BROWSER_TIME_ZONE_OFFSET type="hidden" />
-    <URL type="hidden" />
-
-    <USR_USERNAME type="hidden" />
-    <USR_PASSWORD type="hidden" />
-    <USER_LANG type="hidden" />
 
     <USR_TIME_ZONE type="hidden" />
 
@@ -46,4 +41,3 @@
         ]]>
     </JS>
 </dynaForm>
-
diff --git a/workflow/public_html/sysGeneric.php b/workflow/public_html/sysGeneric.php
index 44582be96..d6042192a 100644
--- a/workflow/public_html/sysGeneric.php
+++ b/workflow/public_html/sysGeneric.php
@@ -1038,13 +1038,44 @@ if (! defined( 'EXECUTE_BY_CRON' )) {
     }
     $_SESSION['phpLastFileFound'] = $_SERVER['REQUEST_URI'];
 
+    /*----------------------------------********---------------------------------*/
+    // Check if the timezone for the user is valid
+    if (!empty($_SESSION['USER_LOGGED']) && isset($_SESSION['__TIME_ZONE_FAILED__']) && $_SESSION['__TIME_ZONE_FAILED__'] &&
+        (SYS_COLLECTION != 'login' && SYS_TARGET != 'login')) {
+        $userTimeZone = $_SESSION['USR_TIME_ZONE'];
+        $browserTimeZone = $_SESSION['BROWSER_TIME_ZONE'];
+
+        $dateTime = new \ProcessMaker\Util\DateTime();
+
+        $userTimeZoneOffset = $dateTime->getTimeZoneOffsetByTimeZoneId($userTimeZone);
+        $browserTimeZoneOffset = $dateTime->getTimeZoneOffsetByTimeZoneId($browserTimeZone);
+
+        $userUtcOffset = $dateTime->getUtcOffsetByTimeZoneOffset($userTimeZoneOffset);
+        $browserUtcOffset = $dateTime->getUtcOffsetByTimeZoneOffset($browserTimeZoneOffset);
+
+        $arrayTimeZoneId = $dateTime->getTimeZoneIdByTimeZoneOffset($browserTimeZoneOffset);
+
+        array_unshift($arrayTimeZoneId, 'false');
+        array_walk($arrayTimeZoneId, function (&$value, $key, $parameter) { $value = ['TZ_UID' => $value, 'TZ_NAME' => '(UTC ' . $parameter . ') ' . $value]; }, $browserUtcOffset);
+
+        $_SESSION['_DBArray'] = ['TIME_ZONE' => $arrayTimeZoneId];
+
+        $arrayData = [
+            'USR_TIME_ZONE' => '(UTC ' . $userUtcOffset . ') ' . $userTimeZone,
+            'BROWSER_TIME_ZONE' => $browserTimeZone
+        ];
+
+        global $G_PUBLISH;
+        $G_PUBLISH = new Publisher();
+        $G_PUBLISH->AddContent('xmlform', 'xmlform', 'login' . PATH_SEP . 'TimeZoneAlert', '', $arrayData, SYS_URI . 'login/updateTimezone');
+        G::RenderPage('publish');
+        exit(0);
+    }
+    /*----------------------------------********---------------------------------*/
+
     // Initialization functions plugins
     $oPluginRegistry->init();
-    /**
-     * New feature for Gulliver framework to support Controllers & HttpProxyController classes handling
-     *
-     * @author <erik@colosa.com
-     */
+
     if ($isControllerCall) { //Instance the Controller object and call the request method
         $controller = new $controllerClass();
         $controller->setHttpRequestData($_REQUEST);//NewRelic Snippet - By JHL