[Summary view] [Print] [Text view]

   1  <?php
   2  /*********************************************************************************
   3   * The contents of this file are subject to the SugarCRM Public License Version 1.1.2
   4   * ("License"); You may not use this file except in compliance with the
   5   * License. You may obtain a copy of the License at http://www.sugarcrm.com/SPL
   6   * Software distributed under the License is distributed on an  "AS IS"  basis,
   7   * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for
   8   * the specific language governing rights and limitations under the License.
   9   * The Original Code is:  SugarCRM Open Source
  10   * The Initial Developer of the Original Code is SugarCRM, Inc.
  11   * Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.;
  12   * All Rights Reserved.
  13   * Contributor(s): ______________________________________.
  14   ********************************************************************************/
  15  /*********************************************************************************
  16   * $Header: /advent/projects/wesat/vtiger_crm/sugarcrm/modules/Users/Authenticate.php,v 1.10 2005/02/28 05:25:22 jack Exp $
  17   * Description:  TODO: To be written.
  18   * Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.
  19   * All Rights Reserved.
  20   * Contributor(s): ______________________________________..
  21   ********************************************************************************/
  22  
  23  require_once ('modules/Users/Users.php');
  24  require_once ('modules/Users/CreateUserPrivilegeFile.php');
  25  require_once ('include/logging.php');
  26  require_once ('user_privileges/audit_trail.php');
  27  
  28  global $mod_strings, $default_charset;
  29  
  30  $focus = new Users();
  31  
  32  // Add in defensive code here.
  33  $focus->column_fields["user_name"] = to_html($_REQUEST['user_name']);
  34  $user_password = $_REQUEST['user_password'];
  35  
  36  $focus->load_user($user_password);
  37  
  38  $successURL = 'index.php';
  39  
  40  if($focus->is_authenticated()) {
  41      session_regenerate_id();
  42      //Inserting entries for audit trail during login
  43      $audit_trail = 'false';
  44      if($audit_trail == 'true') {
  45          if($record == '')
  46              $auditrecord = '';
  47          else
  48              $auditrecord = $record;
  49  
  50          $date_var = $adb->formatDate(date('Y-m-d H:i:s'), true);
  51          $query = "insert into vtiger_audit_trial values(?,?,?,?,?,?)";
  52          $params = array($adb->getUniqueID('vtiger_audit_trial'), $focus->id, 'Users','Authenticate','',$date_var);
  53          $adb->pquery($query, $params);
  54      }
  55  
  56      require_once('modules/Users/LoginHistory.php');
  57      // Recording the login info
  58      $usip=$_SERVER['REMOTE_ADDR'];
  59      $intime=date("Y/m/d H:i:s");
  60      $loghistory=new LoginHistory();
  61      $Signin = $loghistory->user_login($focus->column_fields["user_name"],$usip,$intime);
  62  
  63      //Security related entries start
  64      require_once ('include/utils/UserInfoUtil.php');
  65  
  66      createUserPrivilegesfile($focus->id);
  67  
  68      //Security related entries end
  69      session_unregister('login_password');
  70      session_unregister('login_error');
  71      session_unregister('login_user_name');
  72  
  73      $_SESSION['authenticated_user_id'] = $focus->id;
  74      $_SESSION['AUTHUSERID'] = $focus->id;
  75      $_SESSION['app_unique_key'] = $application_unique_key;
  76  
  77      global $upload_badext;
  78      //Enabled session variable for KCFINDER
  79      $_SESSION['KCFINDER'] = array();
  80      $_SESSION['KCFINDER']['disabled'] = false;
  81      $_SESSION['KCFINDER']['uploadURL'] = "test/upload";
  82      $_SESSION['KCFINDER']['uploadDir'] = "/test/upload";
  83      $deniedExts = implode(" ", $upload_badext);
  84      $_SESSION['KCFINDER']['deniedExts'] = $deniedExts;
  85  
  86      // store the user's theme in the session
  87      if(!empty($focus->column_fields["theme"])) {
  88          $authenticated_user_theme = $focus->column_fields["theme"];
  89      } else {
  90          $authenticated_user_theme = $default_theme;
  91      }
  92  
  93      // store the user's language in the session
  94      if(!empty($focus->column_fields["language"])) {
  95          $authenticated_user_language = $focus->column_fields["language"];
  96      } else {
  97          $authenticated_user_language = $default_language;
  98      }
  99  
 100      // If this is the default user and the default user theme is set to reset, reset it to the default theme value on each login
 101      if($reset_theme_on_default_user && $focus->user_name == $default_user_name) {
 102          $authenticated_user_theme = $default_theme;
 103      }
 104      if(isset($reset_language_on_default_user) && $reset_language_on_default_user && $focus->user_name == $default_user_name) {
 105          $authenticated_user_language = $default_language;
 106      }
 107  
 108      $_SESSION['vtiger_authenticated_user_theme'] = $authenticated_user_theme;
 109      $_SESSION['authenticated_user_language'] = $authenticated_user_language;
 110  
 111      $log->debug("authenticated_user_theme is $authenticated_user_theme");
 112      $log->debug("authenticated_user_language is $authenticated_user_language");
 113      $log->debug("authenticated_user_id is ". $focus->id);
 114      $log->debug("app_unique_key is $application_unique_key");
 115  
 116      // Clear all uploaded import files for this user if it exists
 117      global $import_dir;
 118  
 119      $tmp_file_name = $import_dir. "IMPORT_".$focus->id;
 120  
 121      if (file_exists($tmp_file_name)) {
 122          unlink($tmp_file_name);
 123      }
 124  
 125      $userSetupStatus = Users_CRMSetup::getUserSetupStatus($focus->id);
 126      if ($userSetupStatus) {
 127          $user = $focus->retrieve_entity_info($focus->id, 'Users');
 128          $isFirstUser = Users_CRMSetup::isFirstUser($user);
 129          if($isFirstUser) {
 130              header('Location: index.php?module=Users&action=SystemSetup');
 131          } else {
 132              $arr = $_SESSION['lastpage'];
 133              if(isset($_SESSION['lastpage'])) {
 134                  header("Location: $successURL".$arr);
 135              } else {
 136                  header("Location: $successURL");
 137              }
 138          }
 139      } else {
 140          $arr = $_SESSION['lastpage'];
 141          if(isset($_SESSION['lastpage'])) {
 142              header("Location: $successURL".$arr);
 143          } else {
 144              header("Location: $successURL");
 145          }
 146      }
 147  } else {
 148      $sql = 'select user_name, id, crypt_type from vtiger_users where user_name=?';
 149      $result = $adb->pquery($sql, array($focus->column_fields["user_name"]));
 150      $rowList = $result->GetRows();
 151      foreach ($rowList as $row) {
 152          $cryptType = $row['crypt_type'];
 153          /* PHP 5.3 WIN implementation of crypt API not compatible with earlier version */
 154          if(strtolower($cryptType) == 'md5' && version_compare(PHP_VERSION, '5.3.0') >= 0 && strtoupper(substr(PHP_OS, 0, 3)) === 'WIN' ) {
 155              header("Location: modules/Migration/PHP5.3_PasswordHelp.php");
 156              die;
 157          }
 158      }
 159      $_SESSION['login_user_name'] = $focus->column_fields["user_name"];
 160      $_SESSION['login_password'] = $user_password;
 161      $_SESSION['login_error'] = $mod_strings['ERR_INVALID_PASSWORD'];
 162  
 163      // go back to the login screen.
 164      // create an error message for the user.
 165      header("Location: index.php");
 166  }
 167  
 168  ?>