fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Document authentication.php

Browse Source
This commit is contained in:
Fernando Ontiveros
2025-05-06 19:51:37 -04:00
parent d58944679e
commit d5e7eddab5
1 changed files with 72 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

108
workflow/engine/methods/login/authentication.php
View File

@@ -7,26 +7,36 @@ use ProcessMaker\Core\System;
use ProcessMaker\Plugins\PluginRegistry; use ProcessMaker\Plugins\PluginRegistry;
try { try {
// Initialize variables for username and password
$usr = ''; $usr = '';
$pwd = ''; $pwd = '';
// Determine the login URL based on the HTTP referer
if (isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], 'home/login') !== false) { if (isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], 'home/login') !== false) {
$urlLogin = '../home/login'; $urlLogin = '../home/login';
} else { } else {
$urlLogin = (substr(SYS_SKIN, 0, 2) !== 'ux')? 'login' : '../main/login'; $urlLogin = (substr(SYS_SKIN, 0, 2) !== 'ux')? 'login' : '../main/login';
} }
// Set cookie options for session management
$cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + (24 * 60 * 60)]); $cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + (24 * 60 * 60)]);
// Check if single sign-on is not enabled
if (!$RBAC->singleSignOn) { if (!$RBAC->singleSignOn) {
// Set a cookie to indicate single sign-on status
setcookie('singleSignOn', '0', $cookieOptions); setcookie('singleSignOn', '0', $cookieOptions);
// Check if the form data is set
if (!isset($_POST['form']) ) { if (!isset($_POST['form']) ) {
G::SendTemporalMessage ('ID_USER_HAVENT_RIGHTS_SYSTEM', 'error'); G::SendTemporalMessage ('ID_USER_HAVENT_RIGHTS_SYSTEM', 'error');
G::header('Location: login'); G::header('Location: login');
die(); die();
} }
// Retrieve the form data
$frm = $_POST['form']; $frm = $_POST['form'];
// Check if the user is changing their password
$changePassword = false; $changePassword = false;
if (isset($_POST['form']['__USR_PASSWORD_CHANGE__'])) { if (isset($_POST['form']['__USR_PASSWORD_CHANGE__'])) {
$value = Cache::pull($_POST['form']['__USR_PASSWORD_CHANGE__']); $value = Cache::pull($_POST['form']['__USR_PASSWORD_CHANGE__']);
@@ -39,32 +49,31 @@ try {
} }
} }
// Process the username and password from the form data
if (isset($frm['USR_USERNAME'])) { if (isset($frm['USR_USERNAME'])) {
$usr = mb_strtolower(trim($frm['USR_USERNAME']), 'UTF-8'); $usr = mb_strtolower(trim($frm['USR_USERNAME']), 'UTF-8'); // Convert to lowercase
//Spaces not supported at the end of passwords $pwd = rtrim($frm['USR_PASSWORD']); // Remove trailing spaces
$pwd = rtrim($frm['USR_PASSWORD']);
} }
Cache::put('ldapMessageError', '', 120); //laravel 8.x the time parameter is in seconds. // Clear any previous LDAP error messages
$uid = $RBAC->VerifyLogin($usr, $pwd); Cache::put('ldapMessageError', '', 120); // Set cache for 120 seconds.
$ldapMessageError = Cache::pull('ldapMessageError'); $uid = $RBAC->VerifyLogin($usr, $pwd); // Verify user credentials
$ldapMessageError = Cache::pull('ldapMessageError'); // Retrieve LDAP error message if any
$RBAC->cleanSessionFiles(72); //cleaning session files older than 72 hours $RBAC->cleanSessionFiles(72); //cleaning session files older than 72 hours
// Handle different cases based on the user ID returned
switch ($uid) { switch ($uid) {
//The user does doesn't exist case -1: // The user does doesn't exist
case -1:
$errLabel = 'WRONG_LOGIN_CREDENTIALS'; $errLabel = 'WRONG_LOGIN_CREDENTIALS';
break; break;
//The password is incorrect case -2: // Incorrect password
case -2:
$errLabel = 'WRONG_LOGIN_CREDENTIALS'; $errLabel = 'WRONG_LOGIN_CREDENTIALS';
if (isset($_SESSION['__AUTH_ERROR__'])) { if (isset($_SESSION['__AUTH_ERROR__'])) {
G::SendMessageText($_SESSION['__AUTH_ERROR__'], "warning"); G::SendMessageText($_SESSION['__AUTH_ERROR__'], "warning");
unset($_SESSION['__AUTH_ERROR__']); unset($_SESSION['__AUTH_ERROR__']);
} }
break; break;
//The user is inactive case -3: // User is inactive
case -3:
require_once 'classes/model/Users.php'; require_once 'classes/model/Users.php';
$user = new Users(); $user = new Users();
$aUser = $user->loadByUsernameInArray($usr); $aUser = $user->loadByUsernameInArray($usr);
@@ -82,30 +91,32 @@ try {
} }
break; break;
//The Due date is finished //The Due date is finished
case -4: case -4: // User's due date is expired
$errLabel = 'ID_USER_INACTIVE_BY_DATE'; $errLabel = 'ID_USER_INACTIVE_BY_DATE';
break; break;
case -5: case -5: // Invalid authentication source
$errLabel = 'ID_AUTHENTICATION_SOURCE_INVALID'; $errLabel = 'ID_AUTHENTICATION_SOURCE_INVALID';
break; break;
case -6: case -6: // Inactive role
$errLabel = 'ID_ROLE_INACTIVE'; $errLabel = 'ID_ROLE_INACTIVE';
break; break;
case -7: case -7: // Specific authentication error
$errLabel = 'ID_LECA'; $errLabel = 'ID_LECA';
break; break;
} }
//to avoid empty string in user field. This will avoid a weird message "this row doesn't exist" // Default to wrong credentials if no user ID is set
if ( !isset($uid) ) { if ( !isset($uid) ) {
$uid = -1; $uid = -1;
$errLabel = 'WRONG_LOGIN_CREDENTIALS'; $errLabel = 'WRONG_LOGIN_CREDENTIALS';
} }
// Store previous usernames for tracking failed logins
$_SESSION["USERNAME_PREVIOUS1"] = (isset($_SESSION["USERNAME_PREVIOUS2"]))? $_SESSION["USERNAME_PREVIOUS2"] : ""; $_SESSION["USERNAME_PREVIOUS1"] = (isset($_SESSION["USERNAME_PREVIOUS2"]))? $_SESSION["USERNAME_PREVIOUS2"] : "";
$_SESSION["USERNAME_PREVIOUS2"] = $usr; $_SESSION["USERNAME_PREVIOUS2"] = $usr;
$_SESSION["FAILED_LOGINS"] = is_numeric(Cache::get("FAILED_LOGINS{$usr}")) ? Cache::get("FAILED_LOGINS{$usr}") : 0; $_SESSION["FAILED_LOGINS"] = is_numeric(Cache::get("FAILED_LOGINS{$usr}")) ? Cache::get("FAILED_LOGINS{$usr}") : 0;
// Handled failed login attempts
if (!isset($uid) || $uid < 0) { if (!isset($uid) || $uid < 0) {
if ($_SESSION["USERNAME_PREVIOUS1"] != "" && $_SESSION["USERNAME_PREVIOUS2"] != "" && $_SESSION["USERNAME_PREVIOUS1"] != $_SESSION["USERNAME_PREVIOUS2"]) { if ($_SESSION["USERNAME_PREVIOUS1"] != "" && $_SESSION["USERNAME_PREVIOUS2"] != "" && $_SESSION["USERNAME_PREVIOUS1"] != $_SESSION["USERNAME_PREVIOUS2"]) {
$_SESSION["FAILED_LOGINS"] = 0; $_SESSION["FAILED_LOGINS"] = 0;
@@ -119,11 +130,13 @@ try {
} }
if (PPP_FAILED_LOGINS > 0) { if (PPP_FAILED_LOGINS > 0) {
if ($_SESSION['FAILED_LOGINS'] >= PPP_FAILED_LOGINS) { if ($_SESSION['FAILED_LOGINS'] >= PPP_FAILED_LOGINS) {
// Disable user account after too many failed login attempts
$oConnection = Propel::getConnection('rbac'); $oConnection = Propel::getConnection('rbac');
$oStatement = $oConnection->prepareStatement("SELECT USR_UID FROM RBAC_USERS WHERE USR_USERNAME = '" . $usr . "'"); $oStatement = $oConnection->prepareStatement("SELECT USR_UID FROM RBAC_USERS WHERE USR_USERNAME = '" . $usr . "'");
$oDataset = $oStatement->executeQuery(); $oDataset = $oStatement->executeQuery();
if ($oDataset->next()) { if ($oDataset->next()) {
$sUserUID = $oDataset->getString('USR_UID'); $sUserUID = $oDataset->getString('USR_UID');
// Update user status to inactive
$oConnection = Propel::getConnection('rbac'); $oConnection = Propel::getConnection('rbac');
$oStatement = $oConnection->prepareStatement("UPDATE RBAC_USERS SET USR_STATUS = 0 WHERE USR_UID = '" . $sUserUID . "'"); $oStatement = $oConnection->prepareStatement("UPDATE RBAC_USERS SET USR_STATUS = 0 WHERE USR_UID = '" . $sUserUID . "'");
$oStatement->executeQuery(); $oStatement->executeQuery();
@@ -134,7 +147,7 @@ try {
Cache::forget("FAILED_LOGINS{$usr}"); Cache::forget("FAILED_LOGINS{$usr}");
$errLabel = G::LoadTranslation('ID_ACCOUNT') . ' "' . $usr . '" ' . G::LoadTranslation('ID_ACCOUNT_DISABLED_CONTACT_ADMIN'); $errLabel = G::LoadTranslation('ID_ACCOUNT') . ' "' . $usr . '" ' . G::LoadTranslation('ID_ACCOUNT_DISABLED_CONTACT_ADMIN');
} }
//Log failed authentications // Log failed authentication attempts
$message = "| Many failed authentication attempts for USER: " . $usr . " | IP: " . G::getIpAddress() . " | WS: " . config("system.workspace"); $message = "| Many failed authentication attempts for USER: " . $usr . " | IP: " . G::getIpAddress() . " | WS: " . config("system.workspace");
$message .= " | BROWSER: " . $_SERVER['HTTP_USER_AGENT']; $message .= " | BROWSER: " . $_SERVER['HTTP_USER_AGENT'];
@@ -142,6 +155,7 @@ try {
} }
} }
// Redirect to login page with error message
if (strpos($_SERVER['HTTP_REFERER'], 'home/login') !== false) { if (strpos($_SERVER['HTTP_REFERER'], 'home/login') !== false) {
$d = serialize(['u' => $usr, 'p' => $pwd, 'm' => G::LoadTranslation($errLabel)]); $d = serialize(['u' => $usr, 'p' => $pwd, 'm' => G::LoadTranslation($errLabel)]);
$urlLogin = $urlLogin . '?d=' . Crypt::encryptString($d); $urlLogin = $urlLogin . '?d=' . Crypt::encryptString($d);
@@ -153,6 +167,7 @@ try {
} }
} }
// Append URL if provided
$u = (array_key_exists('form', $_POST) && array_key_exists('URL', $_POST['form']))? 'u=' . urlencode(htmlspecialchars_decode($_POST['form']['URL'])) : ''; $u = (array_key_exists('form', $_POST) && array_key_exists('URL', $_POST['form']))? 'u=' . urlencode(htmlspecialchars_decode($_POST['form']['URL'])) : '';
if ($u != '') { if ($u != '') {
@@ -163,6 +178,7 @@ try {
exit(0); exit(0);
} }
// Initialize user session if uid is valid
if (!isset( $_SESSION['WORKSPACE'] ) ) { if (!isset( $_SESSION['WORKSPACE'] ) ) {
$_SESSION['WORKSPACE'] = config("system.workspace"); $_SESSION['WORKSPACE'] = config("system.workspace");
} }
@@ -176,18 +192,19 @@ try {
} }
initUserSession($uid, $usr); initUserSession($uid, $usr);
} else { } else {
// Handle single sign-on case
setcookie('singleSignOn', '1', $cookieOptions); setcookie('singleSignOn', '1', $cookieOptions);
$uid = $RBAC->userObj->fields['USR_UID']; $uid = $RBAC->userObj->fields['USR_UID'];
$usr = $RBAC->userObj->fields['USR_USERNAME']; $usr = $RBAC->userObj->fields['USR_USERNAME'];
initUserSession($uid, $usr); initUserSession($uid, $usr);
} }
//Set default Languaje //Set default Language for the user
if (isset($frm['USER_LANG'])) { if (isset($frm['USER_LANG'])) {
if ($frm['USER_LANG'] != '') { if ($frm['USER_LANG'] != '') {
$lang = $frm['USER_LANG']; $lang = $frm['USER_LANG'];
if($frm['USER_LANG'] == "default"){ if($frm['USER_LANG'] == "default"){
//Check the USR_DEFAULT_LANG //Check the user's default language
require_once 'classes/model/Users.php'; require_once 'classes/model/Users.php';
$user = new Users(); $user = new Users();
$rsUser = $user->userLanguaje($_SESSION['USER_LOGGED']); $rsUser = $user->userLanguaje($_SESSION['USER_LOGGED']);
@@ -196,7 +213,7 @@ try {
if( isset($rowUser["USR_DEFAULT_LANG"]) && $rowUser["USR_DEFAULT_LANG"]!=''){ if( isset($rowUser["USR_DEFAULT_LANG"]) && $rowUser["USR_DEFAULT_LANG"]!=''){
$lang = $rowUser["USR_DEFAULT_LANG"]; $lang = $rowUser["USR_DEFAULT_LANG"];
} else { } else {
//Check the login_defaultLanguage //Check the system's default language
$oConf = new Configurations(); $oConf = new Configurations();
$oConf->loadConfig($obj, 'ENVIRONMENT_SETTINGS', ''); $oConf->loadConfig($obj, 'ENVIRONMENT_SETTINGS', '');
if (isset($oConf->aConfig["login_defaultLanguage"]) && $oConf->aConfig["login_defaultLanguage"] != "") { if (isset($oConf->aConfig["login_defaultLanguage"]) && $oConf->aConfig["login_defaultLanguage"] != "") {
@@ -205,7 +222,7 @@ try {
if(SYS_LANG != ''){ if(SYS_LANG != ''){
$lang = SYS_LANG; $lang = SYS_LANG;
}else{ }else{
$lang = 'en'; $lang = 'en'; // Default to English
} }
} }
} }
@@ -214,10 +231,11 @@ try {
} }
} }
} else { } else {
// Set language to system default if not specified
if (defined("SYS_LANG") && SYS_LANG != "") { if (defined("SYS_LANG") && SYS_LANG != "") {
$lang = SYS_LANG; $lang = SYS_LANG;
} else { } else {
$lang = 'en'; $lang = 'en'; // Default to English
} }
} }
@@ -235,6 +253,7 @@ try {
$_SESSION['USR_TIME_ZONE'] = $userTimeZone; $_SESSION['USR_TIME_ZONE'] = $userTimeZone;
} }
// Check and set browser time zone
if (isset($_SESSION['__SYSTEM_UTC_TIME_ZONE__']) && $_SESSION['__SYSTEM_UTC_TIME_ZONE__']) { if (isset($_SESSION['__SYSTEM_UTC_TIME_ZONE__']) && $_SESSION['__SYSTEM_UTC_TIME_ZONE__']) {
$dateTime = new \ProcessMaker\Util\DateTime(); $dateTime = new \ProcessMaker\Util\DateTime();
@@ -248,13 +267,12 @@ try {
} }
} }
//Set data // Load user data and permissions
$aUser = $RBAC->userObj->load($_SESSION['USER_LOGGED']); $aUser = $RBAC->userObj->load($_SESSION['USER_LOGGED']);
$RBAC->loadUserRolePermission($RBAC->sSystem, $_SESSION['USER_LOGGED']); $RBAC->loadUserRolePermission($RBAC->sSystem, $_SESSION['USER_LOGGED']);
//$rol = $RBAC->rolesObj->load($RBAC->aUserInfo['PROCESSMAKER']['ROLE']['ROL_UID']); $_SESSION['USR_FULLNAME'] = $aUser['USR_FIRSTNAME'] . ' ' . $aUser['USR_LASTNAME']; // Store user's full name in session
$_SESSION['USR_FULLNAME'] = $aUser['USR_FIRSTNAME'] . ' ' . $aUser['USR_LASTNAME'];
//$_SESSION['USR_ROLENAME'] = $rol['ROL_NAME'];
// Clear failed login attempts
unset($_SESSION['FAILED_LOGINS']); unset($_SESSION['FAILED_LOGINS']);
Cache::forget("FAILED_LOGINS{$usr}"); Cache::forget("FAILED_LOGINS{$usr}");
@@ -271,7 +289,7 @@ try {
die; die;
} }
/**log in table Login**/ // Log login attempt in table Login
require_once 'classes/model/LoginLog.php'; require_once 'classes/model/LoginLog.php';
$weblog=new LoginLog(); $weblog=new LoginLog();
$aLog['LOG_UID'] = G::generateUniqueID(); $aLog['LOG_UID'] = G::generateUniqueID();
@@ -279,15 +297,14 @@ try {
$aLog['LOG_IP'] = G::getIpAddress(); $aLog['LOG_IP'] = G::getIpAddress();
$aLog['LOG_SID'] = session_id(); $aLog['LOG_SID'] = session_id();
$aLog['LOG_INIT_DATE'] = date('Y-m-d H:i:s'); $aLog['LOG_INIT_DATE'] = date('Y-m-d H:i:s');
//$aLog['LOG_END_DATE'] = '0000-00-00 00:00:00';
$aLog['LOG_CLIENT_HOSTNAME']= System::getServerHost(); $aLog['LOG_CLIENT_HOSTNAME']= System::getServerHost();
$aLog['USR_UID'] = $_SESSION['USER_LOGGED']; $aLog['USR_UID'] = $_SESSION['USER_LOGGED'];
$weblog->create($aLog); $weblog->create($aLog);
/**end log**/ // end log
//**** defining and saving server info, this file has the values of the global array $_SERVER **** // Save server info for command line environment
// defining and saving server info, this file has the values of the global array $_SERVER
// this file is useful for command line environment (no Browser), I mean for triggers, crons and other executed over command line // this file is useful for command line environment (no Browser), I mean for triggers, crons and other executed over command line
$_CSERVER = $_SERVER; $_CSERVER = $_SERVER;
unset($_CSERVER['REQUEST_TIME']); unset($_CSERVER['REQUEST_TIME']);
unset($_CSERVER['REMOTE_PORT']); unset($_CSERVER['REMOTE_PORT']);
@@ -301,11 +318,11 @@ try {
} }
} }
/* Check password using policy - Start */ // Check password using policy - Start
require_once 'classes/model/UsersProperties.php'; require_once 'classes/model/UsersProperties.php';
$userProperty = new UsersProperties(); $userProperty = new UsersProperties();
// getting default user location // Determine the user's default location after login
if (isset($_REQUEST['form']['URL']) && $_REQUEST['form']['URL'] != '') { if (isset($_REQUEST['form']['URL']) && $_REQUEST['form']['URL'] != '') {
if (isset($_SERVER['HTTP_REFERER'])) { if (isset($_SERVER['HTTP_REFERER'])) {
if (strpos($_SERVER['HTTP_REFERER'], 'processes/processes_Map?PRO_UID=') !== false) { if (strpos($_SERVER['HTTP_REFERER'], 'processes/processes_Map?PRO_UID=') !== false) {
@@ -331,9 +348,10 @@ try {
die(); die();
} }
// Load or create user property info
$userPropertyInfo = $userProperty->loadOrCreateIfNotExists($_SESSION['USER_LOGGED'], array('USR_PASSWORD_HISTORY' => serialize(array(G::encryptOld($pwd))))); $userPropertyInfo = $userProperty->loadOrCreateIfNotExists($_SESSION['USER_LOGGED'], array('USR_PASSWORD_HISTORY' => serialize(array(G::encryptOld($pwd)))));
//change password // Handle password change
if ($changePassword === true) { if ($changePassword === true) {
$user = new User(); $user = new User();
$currentUser = $user->changePassword($_SESSION['USER_LOGGED'], $_POST['form']['USR_PASSWORD']); $currentUser = $user->changePassword($_SESSION['USER_LOGGED'], $_POST['form']['USR_PASSWORD']);
@@ -343,13 +361,14 @@ try {
return; return;
} }
//Get the errors in the password // Validate the password against security policies
$errorInPassword = $userProperty->validatePassword( $errorInPassword = $userProperty->validatePassword(
$_POST['form']['USR_PASSWORD'], $_POST['form']['USR_PASSWORD'],
$userPropertyInfo['USR_LAST_UPDATE_DATE'], $userPropertyInfo['USR_LAST_UPDATE_DATE'],
$userPropertyInfo['USR_LOGGED_NEXT_TIME'] $userPropertyInfo['USR_LOGGED_NEXT_TIME']
); );
//The other authentication methods should not be validated by password security policies.
// Exclude certain policies for non-MySQL authentication types.
if (!empty($aUser['USR_AUTH_TYPE'])) { if (!empty($aUser['USR_AUTH_TYPE'])) {
$authType = $aUser['USR_AUTH_TYPE']; $authType = $aUser['USR_AUTH_TYPE'];
if (strtolower($authType) != "mysql" && $authType != "") { if (strtolower($authType) != "mysql" && $authType != "") {
@@ -364,18 +383,22 @@ try {
$errorInPassword = array_values($errorInPassword); $errorInPassword = array_values($errorInPassword);
} }
} }
//Get the policies enabled
//Get the enabled password policies
$policiesInPassword = $userProperty->validatePassword('', date('Y-m-d'), $userPropertyInfo['USR_LOGGED_NEXT_TIME'], true); $policiesInPassword = $userProperty->validatePassword('', date('Y-m-d'), $userPropertyInfo['USR_LOGGED_NEXT_TIME'], true);
//Enable change password from GAP //Enable change password from GAP
if (!isset($enableChangePasswordAfterNextLogin)) { if (!isset($enableChangePasswordAfterNextLogin)) {
$enableChangePasswordAfterNextLogin = true; $enableChangePasswordAfterNextLogin = true;
} }
// Check if the password change is required after the next login
if ($enableChangePasswordAfterNextLogin && !empty($errorInPassword)) { if ($enableChangePasswordAfterNextLogin && !empty($errorInPassword)) {
if (!defined('NO_DISPLAY_USERNAME')) { if (!defined('NO_DISPLAY_USERNAME')) {
define('NO_DISPLAY_USERNAME', 1); define('NO_DISPLAY_USERNAME', 1);
} }
//We will to get the message for the login
// Prepare the message for the login page
$messPassword = $policySection = $userProperty->getMessageValidatePassword($policiesInPassword, false); $messPassword = $policySection = $userProperty->getMessageValidatePassword($policiesInPassword, false);
$changePassword = '<span style="font-weight:normal;">'; $changePassword = '<span style="font-weight:normal;">';
if (array_search('ID_PPP_CHANGE_PASSWORD_AFTER_NEXT_LOGIN', $errorInPassword)) { if (array_search('ID_PPP_CHANGE_PASSWORD_AFTER_NEXT_LOGIN', $errorInPassword)) {
@@ -395,7 +418,7 @@ try {
"browserTimeZoneOffset" => $_POST['form']['BROWSER_TIME_ZONE_OFFSET'] "browserTimeZoneOffset" => $_POST['form']['BROWSER_TIME_ZONE_OFFSET']
]; ];
$messPassword['__USR_PASSWORD_CHANGE__'] = G::generateUniqueID(); $messPassword['__USR_PASSWORD_CHANGE__'] = G::generateUniqueID();
Cache::put($messPassword['__USR_PASSWORD_CHANGE__'], $values, 120); //laravel 8.x the time parameter is in seconds. Cache::put($messPassword['__USR_PASSWORD_CHANGE__'], $values, 120); // Set cache for 120 seconds.
$G_PUBLISH->AddContent('xmlform', 'xmlform', 'login/changePasswordpm3', '', $messPassword, 'sysLoginVerify'); $G_PUBLISH->AddContent('xmlform', 'xmlform', 'login/changePasswordpm3', '', $messPassword, 'sysLoginVerify');
G::RenderPage('publish'); G::RenderPage('publish');
session_destroy(); session_destroy();
@@ -406,6 +429,7 @@ try {
die; die;
} }
// Check if session blocking is enabled
$configS = System::getSystemConfiguration('', '', config("system.workspace")); $configS = System::getSystemConfiguration('', '', config("system.workspace"));
$activeSession = isset($configS['session_block']) ? !(int)$configS['session_block']:true; $activeSession = isset($configS['session_block']) ? !(int)$configS['session_block']:true;
if ($activeSession){ if ($activeSession){
@@ -415,14 +439,18 @@ try {
// Update the User's last login date // Update the User's last login date
updateUserLastLogin($aLog); updateUserLastLogin($aLog);
// Execute post-login triggers
$oPluginRegistry = PluginRegistry::loadSingleton(); $oPluginRegistry = PluginRegistry::loadSingleton();
if ($oPluginRegistry->existsTrigger ( PM_AFTER_LOGIN )) { if ($oPluginRegistry->existsTrigger ( PM_AFTER_LOGIN )) {
$oPluginRegistry->executeTriggers ( PM_AFTER_LOGIN , $_SESSION['USER_LOGGED'] ); $oPluginRegistry->executeTriggers ( PM_AFTER_LOGIN , $_SESSION['USER_LOGGED'] );
} }
// Redirect to the user's location after successful login
G::header('Location: ' . $sLocation); G::header('Location: ' . $sLocation);
die; die;
} catch ( Exception $e ) { } catch ( Exception $e ) {
// Handle exceptions and display error messages
$aMessage['MESSAGE'] = $e->getMessage(); $aMessage['MESSAGE'] = $e->getMessage();
$G_PUBLISH = new Publisher; $G_PUBLISH = new Publisher;
$G_PUBLISH->AddContent('xmlform', 'xmlform', 'login/showMessage', '', $aMessage ); $G_PUBLISH->AddContent('xmlform', 'xmlform', 'login/showMessage', '', $aMessage );