fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BUG 000 Add hook for the SSO plugin

Browse Source
This commit is contained in:
Julio Cesar Laura
2011-08-24 19:30:03 -04:00
parent 513e485c0e
commit 78a400d851
3 changed files with 226 additions and 205 deletions
Download Patch File Download Diff File Expand all files Collapse all files

108
gulliver/system/class.rbac.php
View File

@@ -1,7 +1,7 @@
<?php <?php
/** /**
* class.rbac.php * class.rbac.php
* @package gulliver.system * @package gulliver.system
* *
* ProcessMaker Open Source Edition * ProcessMaker Open Source Edition
* Copyright (C) 2004 - 2011 Colosa Inc. * Copyright (C) 2004 - 2011 Colosa Inc.
@@ -64,6 +64,8 @@ class RBAC
var $aRbacPlugins = array(); var $aRbacPlugins = array();
var $sSystem = ''; var $sSystem = '';
var $singleSignOn = false;
static private $instance = NULL; static private $instance = NULL;
private function __construct() { private function __construct() {
@@ -74,7 +76,7 @@ class RBAC
* *
* @access public * @access public
* @return object * @return object
*/ */
function &getSingleton() { function &getSingleton() {
if (self::$instance == NULL) { if (self::$instance == NULL) {
self::$instance = new RBAC(); self::$instance = new RBAC();
@@ -87,7 +89,7 @@ class RBAC
* *
* @access public * @access public
* @return object * @return object
*/ */
function initRBAC () { function initRBAC () {
if ( is_null($this->userObj ) ) { if ( is_null($this->userObj ) ) {
require_once ( "classes/model/RbacUsers.php" ); require_once ( "classes/model/RbacUsers.php" );
@@ -170,13 +172,13 @@ class RBAC
$this->aUserInfo[ $sSystem ]['SYS_UID'] = $fieldsSystem['SYS_UID']; $this->aUserInfo[ $sSystem ]['SYS_UID'] = $fieldsSystem['SYS_UID'];
$this->aUserInfo[ $sSystem ]['ROLE'] = $fieldsRoles; $this->aUserInfo[ $sSystem ]['ROLE'] = $fieldsRoles;
$this->aUserInfo[ $sSystem ]['PERMISSIONS'] = $fieldsPermissions; $this->aUserInfo[ $sSystem ]['PERMISSIONS'] = $fieldsPermissions;
if ( $pathData != null && $sid != null ) { if ( $pathData != null && $sid != null ) {
G::mk_dir ( $pathData ); G::mk_dir ( $pathData );
file_put_contents( $filePath, serialize ( $this->aUserInfo ) ); file_put_contents( $filePath, serialize ( $this->aUserInfo ) );
} }
} }
/** /**
* verification the register automatic * verification the register automatic
* *
@@ -187,8 +189,8 @@ class RBAC
* @return $res * @return $res
*/ */
function checkAutomaticRegister( $strUser, $strPass) { function checkAutomaticRegister( $strUser, $strPass) {
$result = -1; //default return value, $result = -1; //default return value,
foreach ( $this->aRbacPlugins as $sClassName) { foreach ( $this->aRbacPlugins as $sClassName) {
$plugin = new $sClassName(); $plugin = new $sClassName();
if ( method_exists($plugin, 'automaticRegister' ) ) { if ( method_exists($plugin, 'automaticRegister' ) ) {
@@ -223,7 +225,7 @@ class RBAC
* *
* *
* @access public * @access public
* @param string $sAuthType * @param string $sAuthType
* @param string $sAuthSource * @param string $sAuthSource
* @param string $aUserFields * @param string $aUserFields
* @param string $sAuthUserDn * @param string $sAuthUserDn
@@ -243,7 +245,7 @@ class RBAC
//check if the user's due date is valid //check if the user's due date is valid
if ( $aUserFields['USR_DUE_DATE'] < date('Y-m-d') ) if ( $aUserFields['USR_DUE_DATE'] < date('Y-m-d') )
return -4; //due date return -4; //due date
foreach ( $this->aRbacPlugins as $sClassName) { foreach ( $this->aRbacPlugins as $sClassName) {
if ( strtolower($sClassName) == strtolower($sAuthType) ) { if ( strtolower($sClassName) == strtolower($sAuthType) ) {
$plugin = new $sClassName(); $plugin = new $sClassName();
@@ -502,7 +504,7 @@ class RBAC
// } // }
/** /**
* create permission * create permission
* *
* *
* @access public * @access public
@@ -549,11 +551,11 @@ class RBAC
* @param string $systemCode * @param string $systemCode
* @return $this->rolesObj->getAllRoles * @return $this->rolesObj->getAllRoles
*/ */
function getAllRoles ( $systemCode = 'PROCESSMAKER') { function getAllRoles ( $systemCode = 'PROCESSMAKER') {
return $this->rolesObj->getAllRoles($systemCode); return $this->rolesObj->getAllRoles($systemCode);
} }
/** /**
* getting all roles by filter * getting all roles by filter
* *
@@ -561,7 +563,7 @@ class RBAC
* @access public * @access public
* @param string $filter * @param string $filter
* @return $this->rolesObj->getAllRolesFilter * @return $this->rolesObj->getAllRolesFilter
*/ */
function getAllRolesFilter ($start,$limit,$filter) { function getAllRolesFilter ($start,$limit,$filter) {
return $this->rolesObj->getAllRolesFilter($start,$limit,$filter); return $this->rolesObj->getAllRolesFilter($start,$limit,$filter);
} }
@@ -574,7 +576,7 @@ class RBAC
* @param string $systemCode * @param string $systemCode
* @return $this->rolesObj->listAllPermissions * @return $this->rolesObj->listAllPermissions
*/ */
function listAllPermissions ( $systemCode = 'PROCESSMAKER') { function listAllPermissions ( $systemCode = 'PROCESSMAKER') {
return $this->rolesObj->listAllPermissions($systemCode); return $this->rolesObj->listAllPermissions($systemCode);
} }
@@ -587,11 +589,11 @@ class RBAC
* @param array $aData * @param array $aData
* @return $this->rolesObj->createRole * @return $this->rolesObj->createRole
*/ */
function createRole($aData) { function createRole($aData) {
return $this->rolesObj->createRole($aData); return $this->rolesObj->createRole($aData);
} }
/** /**
* this function removes a role * this function removes a role
* *
@@ -600,11 +602,11 @@ class RBAC
* @param string $ROL_UID * @param string $ROL_UID
* @return $this->rolesObj->removeRole * @return $this->rolesObj->removeRole
*/ */
function removeRole($ROL_UID){ function removeRole($ROL_UID){
return $this->rolesObj->removeRole($ROL_UID); return $this->rolesObj->removeRole($ROL_UID);
} }
/** /**
* this function checks a new role * this function checks a new role
* *
@@ -617,7 +619,7 @@ class RBAC
function verifyNewRole($code){ function verifyNewRole($code){
return $this->rolesObj->verifyNewRole($code); return $this->rolesObj->verifyNewRole($code);
} }
/** /**
* this function updates a role * this function updates a role
* *
@@ -630,7 +632,7 @@ class RBAC
function updateRole($fields){ function updateRole($fields){
return $this->rolesObj->updateRole($fields); return $this->rolesObj->updateRole($fields);
} }
/** /**
* this function loads by ID * this function loads by ID
* *
@@ -643,7 +645,7 @@ class RBAC
function loadById($ROL_UID){ function loadById($ROL_UID){
return $this->rolesObj->loadById($ROL_UID); return $this->rolesObj->loadById($ROL_UID);
} }
/** /**
* this function gets the user's roles * this function gets the user's roles
* *
@@ -656,33 +658,33 @@ class RBAC
function getRoleUsers($ROL_UID,$filter=''){ function getRoleUsers($ROL_UID,$filter=''){
return $this->rolesObj->getRoleUsers($ROL_UID,$filter); return $this->rolesObj->getRoleUsers($ROL_UID,$filter);
} }
/** /**
* this function gets the number of users by roles * this function gets the number of users by roles
* *
* *
* @access public * @access public
* @author: Enrique Ponce de Leon <enrique@colosa.com> * @author: Enrique Ponce de Leon <enrique@colosa.com>
* *
* @return $this->rolesObj->getAllUsersByRole * @return $this->rolesObj->getAllUsersByRole
*/ */
function getAllUsersByRole(){ function getAllUsersByRole(){
return $this->rolesObj->getAllUsersByRole(); return $this->rolesObj->getAllUsersByRole();
} }
/** /**
* this function gets the number of users by department * this function gets the number of users by department
* *
* *
* @access public * @access public
* @author: Enrique Ponce de Leon <enrique@colosa.com> * @author: Enrique Ponce de Leon <enrique@colosa.com>
* *
* @return $this->rolesObj->getAllUsersByRole * @return $this->rolesObj->getAllUsersByRole
*/ */
function getAllUsersByDepartment(){ function getAllUsersByDepartment(){
return $this->rolesObj->getAllUsersByDepartment(); return $this->rolesObj->getAllUsersByDepartment();
} }
/** /**
* this function gets roles code * this function gets roles code
* *
@@ -695,7 +697,7 @@ class RBAC
function getRoleCode($ROL_UID){ function getRoleCode($ROL_UID){
return $this->rolesObj->getRoleCode($ROL_UID); return $this->rolesObj->getRoleCode($ROL_UID);
} }
/** /**
* this function removes role from an user * this function removes role from an user
* *
@@ -709,7 +711,7 @@ class RBAC
function deleteUserRole($ROL_UID, $USR_UID){ function deleteUserRole($ROL_UID, $USR_UID){
return $this->rolesObj->deleteUserRole($ROL_UID, $USR_UID); return $this->rolesObj->deleteUserRole($ROL_UID, $USR_UID);
} }
/** /**
* this function gets all user * this function gets all user
* *
@@ -722,7 +724,7 @@ class RBAC
function getAllUsers($ROL_UID, $filter=''){ function getAllUsers($ROL_UID, $filter=''){
return $this->rolesObj->getAllUsers($ROL_UID,$filter); return $this->rolesObj->getAllUsers($ROL_UID,$filter);
} }
/** /**
* this function assigns role an user * this function assigns role an user
* *
@@ -735,7 +737,7 @@ class RBAC
function assignUserToRole($aData){ function assignUserToRole($aData){
return $this->rolesObj->assignUserToRole($aData); return $this->rolesObj->assignUserToRole($aData);
} }
/** /**
* this function gets role permission * this function gets role permission
* *
@@ -748,7 +750,7 @@ class RBAC
function getRolePermissions($ROL_UID, $filter=''){ function getRolePermissions($ROL_UID, $filter=''){
return $this->rolesObj->getRolePermissions($ROL_UID,$filter); return $this->rolesObj->getRolePermissions($ROL_UID,$filter);
} }
/** /**
* this function gets all permissions * this function gets all permissions
* *
@@ -759,10 +761,10 @@ class RBAC
* @param string $PER_SYSTEM * @param string $PER_SYSTEM
* @return $this->rolesObj->getAllPermissions * @return $this->rolesObj->getAllPermissions
*/ */
function getAllPermissions($ROL_UID,$PER_SYSTEM="",$filter=''){ function getAllPermissions($ROL_UID,$PER_SYSTEM="",$filter=''){
return $this->rolesObj->getAllPermissions($ROL_UID,$PER_SYSTEM,$filter); return $this->rolesObj->getAllPermissions($ROL_UID,$PER_SYSTEM,$filter);
} }
/** /**
* this function assigns permissions and role * this function assigns permissions and role
* *
@@ -775,7 +777,7 @@ class RBAC
function assignPermissionRole($sData){ function assignPermissionRole($sData){
return $this->rolesObj->assignPermissionRole($sData); return $this->rolesObj->assignPermissionRole($sData);
} }
/** /**
* this function assigns permissions to a role * this function assigns permissions to a role
* *
@@ -804,7 +806,7 @@ class RBAC
function deletePermissionRole($ROL_UID, $PER_UID){ function deletePermissionRole($ROL_UID, $PER_UID){
return $this->rolesObj->deletePermissionRole($ROL_UID, $PER_UID); return $this->rolesObj->deletePermissionRole($ROL_UID, $PER_UID);
} }
/** /**
* this function counts number of user without role * this function counts number of user without role
* *
@@ -846,18 +848,18 @@ class RBAC
/** /**
* this function gets all authentication source * this function gets all authentication source
* Authentication Sources * Authentication Sources
* *
* @access public * @access public
* @param void * @param void
* @return $this->authSourcesObj->getAllAuthSources() * @return $this->authSourcesObj->getAllAuthSources()
*/ */
function getAllAuthSources() { function getAllAuthSources() {
return $this->authSourcesObj->getAllAuthSources(); return $this->authSourcesObj->getAllAuthSources();
} }
/** /**
* this function gets all authentication source * this function gets all authentication source
* Authentication Sources By User * Authentication Sources By User
@@ -867,14 +869,14 @@ class RBAC
* @param void * @param void
* @return $this->authSourcesObj->getAllAuthSources() * @return $this->authSourcesObj->getAllAuthSources()
*/ */
function getAllAuthSourcesByUser() { function getAllAuthSourcesByUser() {
return $this->authSourcesObj->getAllAuthSourcesByUser(); return $this->authSourcesObj->getAllAuthSourcesByUser();
} }
/** /**
* this function gets all authentication source * this function gets all authentication source
* Authentication Sources based at parameters * Authentication Sources based at parameters
* *
* @access public * @access public
* @author Enrique Ponce de Leon <enrique@colosa.com> * @author Enrique Ponce de Leon <enrique@colosa.com>
@@ -883,14 +885,14 @@ class RBAC
* @param string $filter value to search or filter select * @param string $filter value to search or filter select
* @return $this->authSourcesObj->getAuthenticationSources() * @return $this->authSourcesObj->getAuthenticationSources()
*/ */
function getAuthenticationSources($start,$limit,$filter='') { function getAuthenticationSources($start,$limit,$filter='') {
return $this->authSourcesObj->getAuthenticationSources($start,$limit,$filter); return $this->authSourcesObj->getAuthenticationSources($start,$limit,$filter);
} }
/** /**
* this function gets all authentication source * this function gets all authentication source
* Authentication Sources * Authentication Sources
* *
* @access public * @access public
@@ -903,7 +905,7 @@ class RBAC
/** /**
* this function creates an authentication source * this function creates an authentication source
* Authentication Sources * Authentication Sources
* *
* @access public * @access public
@@ -917,7 +919,7 @@ class RBAC
/** /**
* this function updates an authentication source * this function updates an authentication source
* Authentication Sources * Authentication Sources
* *
* @access public * @access public
@@ -930,7 +932,7 @@ class RBAC
/** /**
* this function removes an authentication source * this function removes an authentication source
* Authentication Sources * Authentication Sources
* *
* @access public * @access public
@@ -940,7 +942,7 @@ class RBAC
function removeAuthSource($sUID) { function removeAuthSource($sUID) {
$this->authSourcesObj->remove($sUID); $this->authSourcesObj->remove($sUID);
} }
/** /**
* this function gets all users by authentication source * this function gets all users by authentication source
* *
@@ -949,11 +951,11 @@ class RBAC
* @param void * @param void
* @return $this->userObj->getAllUsersByAuthSource() * @return $this->userObj->getAllUsersByAuthSource()
*/ */
function getAllUsersByAuthSource(){ function getAllUsersByAuthSource(){
return $this->userObj->getAllUsersByAuthSource(); return $this->userObj->getAllUsersByAuthSource();
} }
/** /**
* this function gets all users by authentication source * this function gets all users by authentication source
* *
@@ -962,14 +964,14 @@ class RBAC
* @param void * @param void
* @return $this->userObj->getAllUsersByAuthSource() * @return $this->userObj->getAllUsersByAuthSource()
*/ */
function getListUsersByAuthSource($aSource){ function getListUsersByAuthSource($aSource){
return $this->userObj->getListUsersByAuthSource($aSource); return $this->userObj->getListUsersByAuthSource($aSource);
} }
/** /**
* this function searchs users * this function searchs users
* *
* *
* @access public * @access public
@@ -995,7 +997,7 @@ class RBAC
function requirePermissions($permissions){ function requirePermissions($permissions){
$numPerms = func_num_args(); $numPerms = func_num_args();
$permissions = func_get_args(); $permissions = func_get_args();
$access = -1; $access = -1;
if ( $numPerms == 1 ){ if ( $numPerms == 1 ){
@@ -1012,7 +1014,7 @@ class RBAC
throw new Exception('function requirePermissions() ->ERROR: Parameters missing!'); throw new Exception('function requirePermissions() ->ERROR: Parameters missing!');
} }
if( $access == 1 ) if( $access == 1 )
return true; return true;
else { else {

275
workflow/engine/methods/login/authentication.php
View File

@@ -23,124 +23,125 @@
* *
*/ */
if (!isset($_POST['form']) ) {
G::SendTemporalMessage ('ID_USER_HAVENT_RIGHTS_SYSTEM', "error");
G::header ("location: login.html");die;
}
try { try {
$frm = $_POST['form']; if (!$RBAC->singleSignOn) {
$usr = ''; $frm = $_POST['form'];
$pwd = ''; $usr = '';
if (isset($frm['USR_USERNAME'])) { $pwd = '';
$usr = strtolower(trim($frm['USR_USERNAME'])); if (isset($frm['USR_USERNAME'])) {
$pwd = trim($frm['USR_PASSWORD']); $usr = strtolower(trim($frm['USR_USERNAME']));
} $pwd = trim($frm['USR_PASSWORD']);
$uid = $RBAC->VerifyLogin($usr , $pwd); }
//cleaning session files older than 72 hours $uid = $RBAC->VerifyLogin($usr , $pwd);
$RBAC->cleanSessionFiles(72); //cleaning session files older than 72 hours
$sPwd = 'currentPwd'; $RBAC->cleanSessionFiles(72);
switch ($uid) { $sPwd = 'currentPwd';
//The user does doesn't exist switch ($uid) {
case -1: //The user does doesn't exist
case -1:
G::SendTemporalMessage ('ID_USER_NOT_REGISTERED', "warning");
break;
//The password is incorrect
case -2:
G::SendTemporalMessage ('ID_WRONG_PASS', "warning");
if(isset($_SESSION['__AUTH_ERROR__'])){
G::SendMessageText($_SESSION['__AUTH_ERROR__'], "warning");
unset($_SESSION['__AUTH_ERROR__']);
}
break;
//The user is inactive
case -3:
require_once 'classes/model/Users.php';
$user = new Users;
$aUser = $user->loadByUsernameInArray($usr);
switch($aUser['USR_STATUS']){
case 'VACATION':
G::SendTemporalMessage ('ID_USER_ONVACATION', "warning");
break;
CASE 'INACTIVE':
G::SendTemporalMessage ('ID_USER_INACTIVE', "warning");
break;
}
break;
//The Due date is finished
case -4:
G::SendTemporalMessage ('ID_USER_INACTIVE_BY_DATE', "warning");
break;
case -5:
G::SendTemporalMessage ('ID_AUTHENTICATION_SOURCE_INVALID', "warning");
break;
}
$$sPwd= $pwd;
//to avoid empty string in user field. This will avoid a weird message "this row doesn't exist"
if ( !isset($uid) ) {
$uid = -1;
G::SendTemporalMessage ('ID_USER_NOT_REGISTERED', "warning"); G::SendTemporalMessage ('ID_USER_NOT_REGISTERED', "warning");
break;
//The password is incorrect
case -2:
G::SendTemporalMessage ('ID_WRONG_PASS', "warning");
if(isset($_SESSION['__AUTH_ERROR__'])){
G::SendMessageText($_SESSION['__AUTH_ERROR__'], "warning");
unset($_SESSION['__AUTH_ERROR__']);
}
break;
//The user is inactive
case -3:
require_once 'classes/model/Users.php';
$user = new Users;
$aUser = $user->loadByUsernameInArray($usr);
switch($aUser['USR_STATUS']){
case 'VACATION':
G::SendTemporalMessage ('ID_USER_ONVACATION', "warning");
break;
CASE 'INACTIVE':
G::SendTemporalMessage ('ID_USER_INACTIVE', "warning");
break;
}
break;
//The Due date is finished
case -4:
G::SendTemporalMessage ('ID_USER_INACTIVE_BY_DATE', "warning");
break;
case -5:
G::SendTemporalMessage ('ID_AUTHENTICATION_SOURCE_INVALID', "warning");
break;
}
$$sPwd= $pwd;
//to avoid empty string in user field. This will avoid a weird message "this row doesn't exist"
if ( !isset($uid) ) {
$uid = -1;
G::SendTemporalMessage ('ID_USER_NOT_REGISTERED', "warning");
}
if ( !isset($uid) || $uid < 0 ) {
if(isset($_SESSION['FAILED_LOGINS']))
$_SESSION['FAILED_LOGINS']++;
if (!defined('PPP_FAILED_LOGINS')) {
define('PPP_FAILED_LOGINS', 0);
} }
if (PPP_FAILED_LOGINS > 0) {
if ($_SESSION['FAILED_LOGINS'] >= PPP_FAILED_LOGINS) { if ( !isset($uid) || $uid < 0 ) {
$oConnection = Propel::getConnection('rbac'); if(isset($_SESSION['FAILED_LOGINS']))
$oStatement = $oConnection->prepareStatement("SELECT USR_UID FROM USERS WHERE USR_USERNAME = '" . $usr . "'"); $_SESSION['FAILED_LOGINS']++;
$oDataset = $oStatement->executeQuery(); if (!defined('PPP_FAILED_LOGINS')) {
if ($oDataset->next()) { define('PPP_FAILED_LOGINS', 0);
$sUserUID = $oDataset->getString('USR_UID'); }
if (PPP_FAILED_LOGINS > 0) {
if ($_SESSION['FAILED_LOGINS'] >= PPP_FAILED_LOGINS) {
$oConnection = Propel::getConnection('rbac'); $oConnection = Propel::getConnection('rbac');
$oStatement = $oConnection->prepareStatement("UPDATE USERS SET USR_STATUS = 0 WHERE USR_UID = '" . $sUserUID . "'"); $oStatement = $oConnection->prepareStatement("SELECT USR_UID FROM USERS WHERE USR_USERNAME = '" . $usr . "'");
$oStatement->executeQuery(); $oDataset = $oStatement->executeQuery();
$oConnection = Propel::getConnection('workflow'); if ($oDataset->next()) {
$oStatement = $oConnection->prepareStatement("UPDATE USERS SET USR_STATUS = 'INACTIVE' WHERE USR_UID = '" . $sUserUID . "'"); $sUserUID = $oDataset->getString('USR_UID');
$oStatement->executeQuery(); $oConnection = Propel::getConnection('rbac');
unset($_SESSION['FAILED_LOGINS']); $oStatement = $oConnection->prepareStatement("UPDATE USERS SET USR_STATUS = 0 WHERE USR_UID = '" . $sUserUID . "'");
G::SendMessageText(G::LoadTranslation('ID_ACCOUNT') . ' "' . $usr . '" ' . G::LoadTranslation('ID_ACCOUNT_DISABLED_CONTACT_ADMIN'), 'warning'); $oStatement->executeQuery();
} $oConnection = Propel::getConnection('workflow');
else { $oStatement = $oConnection->prepareStatement("UPDATE USERS SET USR_STATUS = 'INACTIVE' WHERE USR_UID = '" . $sUserUID . "'");
//Nothing $oStatement->executeQuery();
unset($_SESSION['FAILED_LOGINS']);
G::SendMessageText(G::LoadTranslation('ID_ACCOUNT') . ' "' . $usr . '" ' . G::LoadTranslation('ID_ACCOUNT_DISABLED_CONTACT_ADMIN'), 'warning');
}
else {
//Nothing
}
} }
} }
G::header ("location: login.html");
die;
} }
G::header ("location: login.html"); if(!isset( $_SESSION['WORKSPACE'] ) ) $_SESSION['WORKSPACE'] = SYS_SYS;
die;
}
if(!isset( $_SESSION['WORKSPACE'] ) ) $_SESSION['WORKSPACE'] = SYS_SYS;
//Execute the SSO Script from plugin //Execute the SSO Script from plugin
$oPluginRegistry =& PMPluginRegistry::getSingleton(); $oPluginRegistry =& PMPluginRegistry::getSingleton();
if ( $oPluginRegistry->existsTrigger ( PM_LOGIN ) ) { if ( $oPluginRegistry->existsTrigger ( PM_LOGIN ) ) {
$lSession=""; $lSession="";
$loginInfo = new loginInfo ($usr, $pwd, $lSession ); $loginInfo = new loginInfo ($usr, $pwd, $lSession );
$oPluginRegistry->executeTriggers ( PM_LOGIN , $loginInfo ); $oPluginRegistry->executeTriggers ( PM_LOGIN , $loginInfo );
} }
$_SESSION['USER_LOGGED'] = $uid;
$_SESSION['USR_USERNAME'] = $usr;
}
else {
$uid = $RBAC->userObj->fields['USR_UID'];
$usr = $RBAC->userObj->fields['USR_USERNAME'];
$_SESSION['USER_LOGGED'] = $uid;
$_SESSION['USR_USERNAME'] = $usr;
}
$_SESSION['USER_LOGGED'] = $uid;
$_SESSION['USR_USERNAME'] = $usr;
$aUser = $RBAC->userObj->load($_SESSION['USER_LOGGED']); $aUser = $RBAC->userObj->load($_SESSION['USER_LOGGED']);
$RBAC->loadUserRolePermission($RBAC->sSystem, $_SESSION['USER_LOGGED']); $RBAC->loadUserRolePermission($RBAC->sSystem, $_SESSION['USER_LOGGED']);
//$rol = $RBAC->rolesObj->load($RBAC->aUserInfo['PROCESSMAKER']['ROLE']['ROL_UID']); //$rol = $RBAC->rolesObj->load($RBAC->aUserInfo['PROCESSMAKER']['ROLE']['ROL_UID']);
$_SESSION['USR_FULLNAME'] = $aUser['USR_FIRSTNAME'] . ' ' . $aUser['USR_LASTNAME']; $_SESSION['USR_FULLNAME'] = $aUser['USR_FIRSTNAME'] . ' ' . $aUser['USR_LASTNAME'];
//$_SESSION['USR_ROLENAME'] = $rol['ROL_NAME']; //$_SESSION['USR_ROLENAME'] = $rol['ROL_NAME'];
unset($_SESSION['FAILED_LOGINS']); unset($_SESSION['FAILED_LOGINS']);
// increment logins in heartbeat // increment logins in heartbeat
G::LoadClass('serverConfiguration'); G::LoadClass('serverConfiguration');
$oServerConf =& serverConf::getSingleton(); $oServerConf =& serverConf::getSingleton();
$oServerConf->sucessfulLogin(); $oServerConf->sucessfulLogin();
// Assign the uid of user to userloggedobj // Assign the uid of user to userloggedobj
$RBAC->loadUserRolePermission($RBAC->sSystem, $uid); $RBAC->loadUserRolePermission($RBAC->sSystem, $uid);
$res = $RBAC->userCanAccess('PM_LOGIN'); $res = $RBAC->userCanAccess('PM_LOGIN');
@@ -180,10 +181,10 @@ try {
$aLog['USR_UID'] = $_SESSION['USER_LOGGED']; $aLog['USR_UID'] = $_SESSION['USER_LOGGED'];
$weblog->create($aLog); $weblog->create($aLog);
/**end log**/ /**end log**/
//************** background processes, here we are putting some back office routines ********** //************** background processes, here we are putting some back office routines **********
$oServerConf->setWsInfo(SYS_SYS,$oServerConf->getWorkspaceInfo(SYS_SYS) ); $oServerConf->setWsInfo(SYS_SYS,$oServerConf->getWorkspaceInfo(SYS_SYS) );
//**** defining and saving server info, this file has the values of the global array $_SERVER **** //**** defining and saving server info, this file has the values of the global array $_SERVER ****
//this file is useful for command line environment (no Browser), I mean for triggers, crons and other executed over command line //this file is useful for command line environment (no Browser), I mean for triggers, crons and other executed over command line
@@ -204,58 +205,64 @@ try {
/* Check password using policy - Start */ /* Check password using policy - Start */
require_once 'classes/model/UsersProperties.php'; require_once 'classes/model/UsersProperties.php';
$oUserProperty = new UsersProperties(); $oUserProperty = new UsersProperties();
$aUserProperty = $oUserProperty->loadOrCreateIfNotExists($_SESSION['USER_LOGGED'], array('USR_PASSWORD_HISTORY' => serialize(array(md5($currentPwd))))); if (!$RBAC->singleSignOn) {
$aErrors = $oUserProperty->validatePassword($_POST['form']['USR_PASSWORD'], $aUserProperty['USR_LAST_UPDATE_DATE'], $aUserProperty['USR_LOGGED_NEXT_TIME']); $aUserProperty = $oUserProperty->loadOrCreateIfNotExists($_SESSION['USER_LOGGED'], array('USR_PASSWORD_HISTORY' => serialize(array(md5($currentPwd)))));
$aErrors = $oUserProperty->validatePassword($_POST['form']['USR_PASSWORD'], $aUserProperty['USR_LAST_UPDATE_DATE'], $aUserProperty['USR_LOGGED_NEXT_TIME']);
if (!empty($aErrors)) { if (!empty($aErrors)) {
if (!defined('NO_DISPLAY_USERNAME')) { if (!defined('NO_DISPLAY_USERNAME')) {
define('NO_DISPLAY_USERNAME', 1); define('NO_DISPLAY_USERNAME', 1);
}
$aFields = array();
$aFields['DESCRIPTION'] = '<span style="font-weight:normal;">';
$aFields['DESCRIPTION'] .= G::LoadTranslation('ID_POLICY_ALERT').':<br /><br />';
foreach ($aErrors as $sError) {
switch ($sError) {
case 'ID_PPP_MINIMUN_LENGTH':
$aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError).': ' . PPP_MINIMUN_LENGTH . '<br />';
$aFields[substr($sError, 3)] = PPP_MINIMUN_LENGTH;
break;
case 'ID_PPP_MAXIMUN_LENGTH':
$aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError).': ' . PPP_MAXIMUN_LENGTH . '<br />';
$aFields[substr($sError, 3)] = PPP_MAXIMUN_LENGTH;
break;
case 'ID_PPP_EXPIRATION_IN':
$aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError).' ' . PPP_EXPIRATION_IN . ' ' . G::LoadTranslation('ID_DAYS') . '<br />';
$aFields[substr($sError, 3)] = PPP_EXPIRATION_IN;
break;
default:
$aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError).'<br />';
$aFields[substr($sError, 3)] = 1;
break;
} }
$aFields = array();
$aFields['DESCRIPTION'] = '<span style="font-weight:normal;">';
$aFields['DESCRIPTION'] .= G::LoadTranslation('ID_POLICY_ALERT').':<br /><br />';
foreach ($aErrors as $sError) {
switch ($sError) {
case 'ID_PPP_MINIMUN_LENGTH':
$aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError).': ' . PPP_MINIMUN_LENGTH . '<br />';
$aFields[substr($sError, 3)] = PPP_MINIMUN_LENGTH;
break;
case 'ID_PPP_MAXIMUN_LENGTH':
$aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError).': ' . PPP_MAXIMUN_LENGTH . '<br />';
$aFields[substr($sError, 3)] = PPP_MAXIMUN_LENGTH;
break;
case 'ID_PPP_EXPIRATION_IN':
$aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError).' ' . PPP_EXPIRATION_IN . ' ' . G::LoadTranslation('ID_DAYS') . '<br />';
$aFields[substr($sError, 3)] = PPP_EXPIRATION_IN;
break;
default:
$aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError).'<br />';
$aFields[substr($sError, 3)] = 1;
break;
}
}
$aFields['DESCRIPTION'] .= '<br />' . G::LoadTranslation('ID_PLEASE_CHANGE_PASSWORD_POLICY') . '<br /><br /></span>';
$G_PUBLISH = new Publisher;
$G_PUBLISH->AddContent('xmlform', 'xmlform', 'login/changePassword', '', $aFields, 'changePassword');
G::RenderPage('publish');
die;
}
/* Check password using policy - End */
if ( isset($_POST['form']['URL']) && $_POST['form']['URL'] != '') {
$sLocation = $_POST['form']['URL'];
}
else {
$sLocation = $oUserProperty->redirectTo($_SESSION['USER_LOGGED'], $lang);
} }
$aFields['DESCRIPTION'] .= '<br />' . G::LoadTranslation('ID_PLEASE_CHANGE_PASSWORD_POLICY') . '<br /><br /></span>';
$G_PUBLISH = new Publisher;
$G_PUBLISH->AddContent('xmlform', 'xmlform', 'login/changePassword', '', $aFields, 'changePassword');
G::RenderPage('publish');
die;
}
/* Check password using policy - End */
if ( isset($_POST['form']['URL']) && $_POST['form']['URL'] != '') {
$sLocation = $_POST['form']['URL'];
} }
else { else {
$sLocation = $oUserProperty->redirectTo($_SESSION['USER_LOGGED'], $lang); G::header('Location: ' . $oUserProperty->redirectTo($_SESSION['USER_LOGGED'], $lang));
die();
} }
$oHeadPublisher =& headPublisher::getSingleton(); $oHeadPublisher =& headPublisher::getSingleton();
$oHeadPublisher->extJsInit = true; $oHeadPublisher->extJsInit = true;
$oHeadPublisher->addExtJsScript('login/init', false); //adding a javascript file .js $oHeadPublisher->addExtJsScript('login/init', false); //adding a javascript file .js
$oHeadPublisher->assign('uriReq', $sLocation); $oHeadPublisher->assign('uriReq', $sLocation);
G::RenderPage('publish', 'extJs'); G::RenderPage('publish', 'extJs');
//G::header('Location: ' . $sLocation); //G::header('Location: ' . $sLocation);
die; die;
} }

48
workflow/engine/methods/login/login.php
View File

@@ -36,19 +36,19 @@
if (! isset ( $_SESSION ['G_MESSAGE_TYPE'] )) { if (! isset ( $_SESSION ['G_MESSAGE_TYPE'] )) {
$_SESSION ['G_MESSAGE_TYPE'] = ''; $_SESSION ['G_MESSAGE_TYPE'] = '';
} }
$msg = $_SESSION ['G_MESSAGE']; $msg = $_SESSION ['G_MESSAGE'];
$msgType = $_SESSION ['G_MESSAGE_TYPE']; $msgType = $_SESSION ['G_MESSAGE_TYPE'];
if (! isset ( $_SESSION ['FAILED_LOGINS'] )) { if (! isset ( $_SESSION ['FAILED_LOGINS'] )) {
$_SESSION ['FAILED_LOGINS'] = 0; $_SESSION ['FAILED_LOGINS'] = 0;
} }
$sFailedLogins = $_SESSION ['FAILED_LOGINS']; $sFailedLogins = $_SESSION ['FAILED_LOGINS'];
require_once 'classes/model/LoginLog.php'; require_once 'classes/model/LoginLog.php';
$aFields ['LOGIN_VERIFY_MSG'] = G::loadTranslation ( 'LOGIN_VERIFY_MSG' ); $aFields ['LOGIN_VERIFY_MSG'] = G::loadTranslation ( 'LOGIN_VERIFY_MSG' );
if ( isset ($_SESSION ['USER_LOGGED']) ) { if ( isset ($_SESSION ['USER_LOGGED']) ) {
//close the session, if the current session_id was used in PM. //close the session, if the current session_id was used in PM.
$oCriteria = new Criteria ( 'workflow' ); $oCriteria = new Criteria ( 'workflow' );
@@ -81,7 +81,19 @@
@session_destroy (); @session_destroy ();
session_start (); session_start ();
session_regenerate_id (); session_regenerate_id ();
// Execute SSO trigger - Start
$pluginRegistry =& PMPluginRegistry::getSingleton();
if (defined('PM_SINGLE_SIGN_ON')) {
if ($pluginRegistry->existsTrigger(PM_SINGLE_SIGN_ON)) {
if ($pluginRegistry->executeTriggers(PM_SINGLE_SIGN_ON, null)) {
require_once 'authentication.php';
die();
}
}
}
// Execute SSO trigger - End
if (strlen ( $msg ) > 0) { if (strlen ( $msg ) > 0) {
$_SESSION ['G_MESSAGE'] = $msg; $_SESSION ['G_MESSAGE'] = $msg;
} }
@@ -89,11 +101,11 @@
$_SESSION ['G_MESSAGE_TYPE'] = $msgType; $_SESSION ['G_MESSAGE_TYPE'] = $msgType;
} }
$_SESSION ['FAILED_LOGINS'] = $sFailedLogins; $_SESSION ['FAILED_LOGINS'] = $sFailedLogins;
//translation //translation
$Translations = G::getModel("Translation"); $Translations = G::getModel("Translation");
$translationsTable = $Translations->getTranslationEnvironments(); $translationsTable = $Translations->getTranslationEnvironments();
$availableLangArray = array (); $availableLangArray = array ();
$availableLangArray [] = array ('LANG_ID' => 'char', 'LANG_NAME' => 'char' ); $availableLangArray [] = array ('LANG_ID' => 'char', 'LANG_NAME' => 'char' );
foreach ( $translationsTable as $locale ) { foreach ( $translationsTable as $locale ) {
@@ -102,22 +114,22 @@
$row['LANG_NAME'] = $locale['LANGUAGE'] . ' (' . (ucwords(strtolower($locale['COUNTRY']))) . ')'; $row['LANG_NAME'] = $locale['LANGUAGE'] . ' (' . (ucwords(strtolower($locale['COUNTRY']))) . ')';
else else
$row['LANG_NAME'] = $locale['LANGUAGE']; $row['LANG_NAME'] = $locale['LANGUAGE'];
$availableLangArray [] = $row; $availableLangArray [] = $row;
} }
global $_DBArray; global $_DBArray;
$_DBArray ['langOptions'] = $availableLangArray; $_DBArray ['langOptions'] = $availableLangArray;
$G_PUBLISH = new Publisher ( ); $G_PUBLISH = new Publisher ( );
$G_PUBLISH->AddContent ( 'xmlform', 'xmlform', 'login/login', '', $aFields, SYS_URI . 'login/authentication.php' ); $G_PUBLISH->AddContent ( 'xmlform', 'xmlform', 'login/login', '', $aFields, SYS_URI . 'login/authentication.php' );
G::LoadClass ( 'serverConfiguration' ); G::LoadClass ( 'serverConfiguration' );
//get the serverconf singleton, and check if we can send the heartbeat //get the serverconf singleton, and check if we can send the heartbeat
$oServerConf = & serverConf::getSingleton (); $oServerConf = & serverConf::getSingleton ();
$sflag = $oServerConf->getHeartbeatProperty('HB_OPTION','HEART_BEAT_CONF'); $sflag = $oServerConf->getHeartbeatProperty('HB_OPTION','HEART_BEAT_CONF');
$sflag = (trim($sflag)!='')?$sflag:'1'; $sflag = (trim($sflag)!='')?$sflag:'1';
//get date of next beat //get date of next beat
$nextBeatDate = $oServerConf->getHeartbeatProperty('HB_NEXT_BEAT_DATE','HEART_BEAT_CONF'); $nextBeatDate = $oServerConf->getHeartbeatProperty('HB_NEXT_BEAT_DATE','HEART_BEAT_CONF');
$sflag = 1; $sflag = 1;
@@ -129,7 +141,7 @@
} }
else else
$oHeadPublisher->addScriptCode( 'var flagHeartBeat = 0; '); $oHeadPublisher->addScriptCode( 'var flagHeartBeat = 0; ');
//check if we show the panel with the getting started info //check if we show the panel with the getting started info
require_once 'classes/model/Configuration.php'; require_once 'classes/model/Configuration.php';
@@ -141,18 +153,18 @@
$oCriteria->add ( ConfigurationPeer::PRO_UID, '' ); $oCriteria->add ( ConfigurationPeer::PRO_UID, '' );
$oCriteria->add ( ConfigurationPeer::USR_UID, '' ); $oCriteria->add ( ConfigurationPeer::USR_UID, '' );
$oCriteria->add ( ConfigurationPeer::APP_UID, '' ); $oCriteria->add ( ConfigurationPeer::APP_UID, '' );
$flagGettingStarted = ConfigurationPeer::doCount ( $oCriteria ); $flagGettingStarted = ConfigurationPeer::doCount ( $oCriteria );
if( $flagGettingStarted == 0 ) { if( $flagGettingStarted == 0 ) {
$oHeadPublisher->addScriptCode( 'var flagGettingStarted = 1; '); $oHeadPublisher->addScriptCode( 'var flagGettingStarted = 1; ');
} }
else else
$oHeadPublisher->addScriptCode( 'var flagGettingStarted = 0; '); $oHeadPublisher->addScriptCode( 'var flagGettingStarted = 0; ');
G::loadClass('configuration'); G::loadClass('configuration');
$oConf = new Configurations; $oConf = new Configurations;
$oConf->loadConfig($obj, 'ENVIRONMENT_SETTINGS',''); $oConf->loadConfig($obj, 'ENVIRONMENT_SETTINGS','');
$flagForgotPassword = isset($oConf->aConfig['login_enableForgotPassword'])? $oConf->aConfig['login_enableForgotPassword']: 'off'; $flagForgotPassword = isset($oConf->aConfig['login_enableForgotPassword'])? $oConf->aConfig['login_enableForgotPassword']: 'off';
$oHeadPublisher->addScriptCode("var flagForgotPassword = '$flagForgotPassword';"); $oHeadPublisher->addScriptCode("var flagForgotPassword = '$flagForgotPassword';");
G::RenderPage ( "publish" ); G::RenderPage ( "publish" );