fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ab9c67fb472037cbd5f8bb06801494640aa13031
luos/workflow/engine/methods/login/login.php
David Callizaya ab9c67fb47 HOR-3670 
Fix class name PmLicenseManager.
2017-08-11 17:42:02 -04:00

378 lines
14 KiB
PHP
Raw Blame History

<?php
/**
* login.php
*
* ProcessMaker Open Source Edition
* Copyright (C) 2004 - 2008 Colosa Inc.23
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
*
*/
use ProcessMaker\Plugins\PluginRegistry;
/*----------------------------------********---------------------------------*/
//Browser Compatibility
$browserSupported = G::checkBrowserCompatibility();
if ($browserSupported==false){
if(!isset($_SESSION['G_MESSAGE']) || $_SESSION['G_MESSAGE'] == ""){
G::SendTemporalMessage ('ID_CURRENT_BROWSER_NOT_SUPPORTED', 'warning');
}
}
/*----------------------------------********---------------------------------*/
$aFields = array();
//Validated redirect url
$aFields['URL'] = '';
if (!empty($_GET['u'])) {
//clean url with protocols
$flagUrl = true;
//Most used protocols
$protocols = ['https://', 'http://', 'ftp://', 'sftp://','smb://', 'file:', 'mailto:'];
foreach ($protocols as $protocol) {
if (strpos($_GET['u'], $protocol) !== false) {
$_GET['u'] = '';
$flagUrl = false;
break;
}
}
if ($flagUrl) {
$aFields['URL'] = htmlspecialchars(addslashes(stripslashes(strip_tags(trim(urldecode($_GET['u']))))));
}
}
if (!isset($_SESSION['G_MESSAGE'])) {
$_SESSION['G_MESSAGE'] = '';
}
if (!isset($_SESSION['G_MESSAGE_TYPE'])) {
$_SESSION['G_MESSAGE_TYPE'] = '';
}
$msg = $_SESSION['G_MESSAGE'];
$msgType = $_SESSION['G_MESSAGE_TYPE'];
if (!isset($_SESSION['FAILED_LOGINS'])) {
$_SESSION['FAILED_LOGINS'] = 0;
$_SESSION["USERNAME_PREVIOUS1"] = "";
$_SESSION["USERNAME_PREVIOUS2"] = "";
}
$sFailedLogins = $_SESSION['FAILED_LOGINS'];
$usernamePrevious1 = $_SESSION["USERNAME_PREVIOUS1"];
$usernamePrevious2 = $_SESSION["USERNAME_PREVIOUS2"];
$pass = (isset($_SESSION['NW_PASSWORD'])) ? $_SESSION['NW_PASSWORD'] : '';
$pass1 = (isset($_SESSION['NW_PASSWORD2'])) ? $_SESSION['NW_PASSWORD2'] : '';
$aFields['LOGIN_VERIFY_MSG'] = G::loadTranslation('LOGIN_VERIFY_MSG');
//$aFields['LOGIN_VERIFY_MSG'] = Bootstrap::loadTranslation('LOGIN_VERIFY_MSG');
if (isset ($_SESSION['USER_LOGGED'])) {
require_once 'classes/model/LoginLog.php';
//close the session, if the current session_id was used in PM.
$oCriteria = new Criteria('workflow');
$oCriteria->add(LoginLogPeer::LOG_SID, session_id());
$oCriteria->add(LoginLogPeer::USR_UID, isset($_SESSION['USER_LOGGED']) ? $_SESSION['USER_LOGGED'] : '-');
$oCriteria->add(LoginLogPeer::LOG_STATUS, 'ACTIVE');
$oCriteria->add(LoginLogPeer::LOG_END_DATE, null, Criteria::ISNULL);
$oDataset = LoginLogPeer::doSelectRS($oCriteria);
$oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC);
$oDataset->next();
$aRow = $oDataset->getRow();
if ($aRow) {
if ($aRow['LOG_STATUS'] != 'CLOSED' && $aRow['LOG_END_DATE'] == null) {
$weblog = new LoginLog();
$endDate = date('Y-m-d H:i:s');
$aLog = array();
$aLog['LOG_ID'] = $aRow['LOG_ID'];
$aLog['LOG_UID'] = $aRow['LOG_UID'];
$aLog['LOG_STATUS'] = 'CLOSED';
$aLog['LOG_IP'] = $aRow['LOG_IP'];
$aLog['LOG_SID'] = session_id();
$aLog['LOG_INIT_DATE'] = $aRow['LOG_INIT_DATE'];
$aLog['LOG_END_DATE'] = $endDate;
$aLog['LOG_CLIENT_HOSTNAME'] = $aRow['LOG_CLIENT_HOSTNAME'];
$aLog['USR_UID'] = $aRow['USR_UID'];
$weblog->update($aLog);
$aLog = array();
$aLog['USR_UID'] = $aRow['USR_UID'];
$aLog['USR_LAST_LOGIN'] = $endDate;
$user = new Users();
$aUser = $user->update($aLog);
}
}
} else {
// Execute SSO trigger
$pluginRegistry = PluginRegistry::loadSingleton();
if (defined('PM_SINGLE_SIGN_ON')) {
/*----------------------------------********---------------------------------*/
$licensedFeatures = & PMLicensedFeatures::getSingleton();
if ($licensedFeatures->verifyfeature('x4TTzlISnp2K2tnSTJoMC8rTDRMTjlhMCtZeXV0QnNCLzU=')) {
//Check in SSO class
$oSso = new PmSsoClass();
$res = $oSso->ssocVerifyUser();
if($res){
// Start new session
@session_destroy();
session_start();
session_regenerate_id();
// Authenticate
require_once 'authentication.php';
die();
}
//Check in SSO class
}
/*----------------------------------********---------------------------------*/
if ($pluginRegistry->existsTrigger(PM_SINGLE_SIGN_ON)) {
if ($pluginRegistry->executeTriggers(PM_SINGLE_SIGN_ON, null)) {
// Start new session
@session_destroy();
session_start();
session_regenerate_id();
// Authenticate
require_once 'authentication.php';
die();
}
}
}
}
//end log
/*----------------------------------********---------------------------------*/
$timeZoneFailed = false;
if (isset($_SESSION['__TIME_ZONE_FAILED__']) && $_SESSION['__TIME_ZONE_FAILED__']) {
$timeZoneFailed = true;
$userUsername = $_SESSION['USR_USERNAME'];
$userPassword = $_SESSION['USR_PASSWORD'];
$userTimeZone = $_SESSION['USR_TIME_ZONE'];
$browserTimeZone = $_SESSION['BROWSER_TIME_ZONE'];
$url = $_SESSION['URL'];
if(isset($_SESSION['USER_LANG'])){
$lang = $_SESSION['USER_LANG'];
}else{
$lang = SYS_LANG;
}
}
/*----------------------------------********---------------------------------*/
//start new session
@session_destroy();
session_start();
session_regenerate_id();
if (PHP_VERSION < 5.2) {
setcookie("workspaceSkin", SYS_SKIN, time() + (24 * 60 * 60), "/sys" . SYS_SYS, "; HttpOnly");
} else {
setcookie("workspaceSkin", SYS_SKIN, time() + (24 * 60 * 60), "/sys" . SYS_SYS, null, false, true);
}
if (strlen($msg) > 0) {
$_SESSION['G_MESSAGE'] = $msg;
}
if (strlen($msgType) > 0) {
$_SESSION['G_MESSAGE_TYPE'] = $msgType;
}
$_SESSION['FAILED_LOGINS'] = $sFailedLogins;
$_SESSION["USERNAME_PREVIOUS1"] = $usernamePrevious1;
$_SESSION["USERNAME_PREVIOUS2"] = $usernamePrevious2;
$_SESSION['NW_PASSWORD'] = $pass;
$_SESSION['NW_PASSWORD2'] = $pass1;
/*----------------------------------********---------------------------------*/
$licenseManager =& PmLicenseManager::getSingleton();
if (in_array(G::encryptOld($licenseManager->result), array('38afd7ae34bd5e3e6fc170d8b09178a3', 'ba2b45bdc11e2a4a6e86aab2ac693cbb'))) {
$G_PUBLISH = new Publisher();
$version = explode('.', trim(file_get_contents(PATH_GULLIVER . 'VERSION')));
$version = isset($version[0]) ? intval($version[0]) : 0;
if ($version >= 3) {
$G_PUBLISH->AddContent('xmlform', 'xmlform', 'login/licenseExpiredpm3', '', array(), 'licenseUpdate');
}else{
$G_PUBLISH->AddContent('xmlform', 'xmlform', 'login/licenseExpired', '', array(), 'licenseUpdate');
}
G::RenderPage('publish');
die();
}
if ($timeZoneFailed) {
$dateTime = new \ProcessMaker\Util\DateTime();
$userTimeZoneOffset = $dateTime->getTimeZoneOffsetByTimeZoneId($userTimeZone);
$browserTimeZoneOffset = $dateTime->getTimeZoneOffsetByTimeZoneId($browserTimeZone);
$userUtcOffset = $dateTime->getUtcOffsetByTimeZoneOffset($userTimeZoneOffset);
$browserUtcOffset = $dateTime->getUtcOffsetByTimeZoneOffset($browserTimeZoneOffset);
$arrayTimeZoneId = $dateTime->getTimeZoneIdByTimeZoneOffset($browserTimeZoneOffset);
array_unshift($arrayTimeZoneId, 'false');
array_walk($arrayTimeZoneId, function (&$value, $key, $parameter) { $value = ['TZ_UID' => $value, 'TZ_NAME' => '(UTC ' . $parameter . ') ' . $value]; }, $browserUtcOffset);
$_SESSION['_DBArray'] = ['TIME_ZONE' => $arrayTimeZoneId];
$arrayData = [
'USR_USERNAME' => $userUsername,
'USR_PASSWORD' => $userPassword,
'USR_TIME_ZONE' => '(UTC ' . $userUtcOffset . ') ' . $userTimeZone,
'BROWSER_TIME_ZONE' => $browserTimeZone,
'USER_LANG' => $lang,
'URL' => $url
];
$G_PUBLISH = new Publisher();
$G_PUBLISH->AddContent('xmlform', 'xmlform', 'login' . PATH_SEP . 'TimeZoneAlert', '', $arrayData, SYS_URI . 'login/authentication.php');
G::RenderPage('publish');
exit(0);
}
/*----------------------------------********---------------------------------*/
//translation
//$Translations = G::getModel("Translation");
//require_once "classes/model/Translation.php";
$Translations = new Translation();
$translationsTable = $Translations->getTranslationEnvironments();
$availableLangArray = array ();
$availableLangArray [] = array ('LANG_ID' => 'char', 'LANG_NAME' => 'char' );
/*----------------------------------********---------------------------------*/
$licensedFeatures = & PMLicensedFeatures::getSingleton();
if ($licensedFeatures->verifyfeature('w2LL3o4NFNiaDRXcFFCYVpJS3Jsall5dmh0ZWtBTkdKR3ROS0VzWGdoLzNQYz0=')) {
$availableLangArray [] = array ('LANG_ID' => 'default', 'LANG_NAME' => G::LoadTranslation("ID_DEFAULT_LANGUAGE") );
}
/*----------------------------------********---------------------------------*/
foreach ($translationsTable as $locale) {
$row['LANG_ID'] = $locale['LOCALE'];
if ($locale['COUNTRY'] != '.') {
$row['LANG_NAME'] = $locale['LANGUAGE'] . ' (' . (ucwords(strtolower($locale['COUNTRY']))) . ')';
} else {
$row['LANG_NAME'] = $locale['LANGUAGE'];
}
$availableLangArray [] = $row;
}
global $_DBArray;
$_DBArray ['langOptions'] = $availableLangArray;
$oConf = new Configurations();
$oConf->loadConfig($obj, 'ENVIRONMENT_SETTINGS', '');
if (isset($oConf->aConfig["login_defaultLanguage"]) && $oConf->aConfig["login_defaultLanguage"] != "") {
$aFields["USER_LANG"] = $oConf->aConfig["login_defaultLanguage"];
/*----------------------------------********---------------------------------*/
$licensedFeatures = & PMLicensedFeatures::getSingleton();
if ($licensedFeatures->verifyfeature('w2LL3o4NFNiaDRXcFFCYVpJS3Jsall5dmh0ZWtBTkdKR3ROS0VzWGdoLzNQYz0=')) {
$aFields["USER_LANG"] = "default";
}
/*----------------------------------********---------------------------------*/
} else {
$myUrl = explode("/", $_SERVER["REQUEST_URI"]);
$aFields["USER_LANG"] = (isset($myUrl[2]) && trim($myUrl[2]) != "")? trim($myUrl[2]) : SYS_LANG;
}
$G_PUBLISH = new Publisher();
$version = explode('.', trim(file_get_contents(PATH_GULLIVER . 'VERSION')));
$version = isset($version[0]) ? intval($version[0]) : 0;
$aFields["FAILED_LOGINS"] = $sFailedLogins;
if ($version >= 3) {
$G_PUBLISH->AddContent('xmlform', 'xmlform', 'login/loginpm3', '', $aFields, SYS_URI . 'login/authentication.php');
}else{
$G_PUBLISH->AddContent('xmlform', 'xmlform', 'login/login', '', $aFields, SYS_URI . 'login/authentication.php');
}
//get the serverconf singleton, and check if we can send the heartbeat
$oServerConf = & serverConf::getSingleton();
$partnerFlag = (defined('PARTNER_FLAG')) ? PARTNER_FLAG : false;
if (!$partnerFlag) {
$sflag = $oServerConf->getHeartbeatProperty('HB_OPTION', 'HEART_BEAT_CONF');
$sflag = (trim($sflag) != '') ? $sflag : '1';
//get date of next beat
$nextBeatDate = $oServerConf->getHeartbeatProperty('HB_NEXT_BEAT_DATE', 'HEART_BEAT_CONF');
//if flag to send heartbeat is enabled, and it is time to send heartbeat, sent it using asynchronous beat.
if (($sflag == "1") && ((strtotime("now") > $nextBeatDate) || is_null($nextBeatDate))) {
$oHeadPublisher =& headPublisher::getSingleton();
//To do: we need to change to ExtJs
$oHeadPublisher->addScriptCode('var flagHeartBeat = 1;');
} else {
$oHeadPublisher->addScriptCode('var flagHeartBeat = 0;');
}
} else {
$oHeadPublisher->addScriptCode('var flagHeartBeat = 0;');
}
//check if we show the panel with the getting started info
require_once 'classes/model/Configuration.php';
$oConfiguration = new Configuration ( );
$oCriteria = new Criteria ( 'workflow' );
$oCriteria->add(ConfigurationPeer::CFG_UID, 'getStarted');
$oCriteria->add(ConfigurationPeer::OBJ_UID, '');
$oCriteria->add(ConfigurationPeer::CFG_VALUE, '1');
$oCriteria->add(ConfigurationPeer::PRO_UID, '');
$oCriteria->add(ConfigurationPeer::USR_UID, '');
$oCriteria->add(ConfigurationPeer::APP_UID, '');
$flagGettingStarted = ConfigurationPeer::doCount($oCriteria);
if ($flagGettingStarted == 0) {
$oHeadPublisher->addScriptCode('var flagGettingStarted = 1;');
} else {
$oHeadPublisher->addScriptCode('var flagGettingStarted = 0;');
}
$dummy = '';
$oConf->loadConfig($dummy, 'ENVIRONMENT_SETTINGS', '');
$flagForgotPassword = isset($oConf->aConfig['login_enableForgotPassword'])
? $oConf->aConfig['login_enableForgotPassword']
: 'off';
setcookie('PM-Warning', trim(G::LoadTranslation('ID_BLOCKER_MSG'), '*'), time() + (24 * 60 * 60), SYS_URI);
$configS = PmSystem::getSystemConfiguration('', '', SYS_SYS);
$activeSession = isset($configS['session_block']) ? !(int)$configS['session_block'] : true;
if ($activeSession) {
setcookie("PM-TabPrimary", 101010010, time() + (24 * 60 * 60), '/');
} else {
setcookie("PM-TabPrimary", uniqid(), time() + (24 * 60 * 60), '/');
}
$oHeadPublisher->addScriptCode("var flagForgotPassword = '$flagForgotPassword';");
$oHeadPublisher->addScriptFile('/jscore/src/PM.js');
$oHeadPublisher->addScriptFile('/jscore/src/Sessions.js');
$oHeadPublisher->addScriptFile('/jscore/src/Register.js');
G::RenderPage('publish');
Reference in New Issue View Git Blame Copy Permalink