{
$this->initErrorHandling();
- $this->ip_validate();
-
//DB_DataObject::DebugLevel(1);
if (!empty($_REQUEST['logout'])) {
return $this->logout();
//DB_Dataobject::debugLevel(5);
$this->sendAuthUserDetails();
exit;
-
+ }
+
+ if(!empty($_REQUEST['check_owner_company'])) {
+ $core_company = DB_DataObject::factory('core_company');
+ $core_company->comptype = 'OWNER';
+ $this->jok($core_company->count());
}
// might be an idea to disable this?!?
$this->switchPublicUser($_REQUEST['loginPublic']);
}
-
$this->jerr("INVALID REQUEST");
exit;
}
function logout()
{
$ff = class_exists('HTML_FlexyFramework2') ? HTML_FlexyFramework2::get() : HTML_FlexyFramework::get();
- //DB_DAtaObject::debugLevel(1);
+
+ //DB_DAtaObject::debugLevel(1);
$u = $this->getAuthUser();
//print_r($u);
if ($u) {
$tbl = empty($ff->Pman['authTable']) ? 'core_person' : $ff->Pman['authTable'];
$u = DB_DataObject::factory($tbl);
+ $s = DB_DataObject::Factory('core_setting');
+ $oath_require = $s->lookup('core', 'two_factor_authentication_requirement');
+
if (!$u->isAuth()) {
-
- $this->jok(array('id' => 0)); // not logged in..
- exit;
+ $this->jok(array(
+ 'id' => 0,
+ 'require_oath' => empty($oath_require) || $oath_require->val == 1 ? 1 : 0
+ ));
+ exit;
}
+
//die("got here?");
$au = $u->getAuthUser();
}
-
function switchUser($id)
{
$tbl = empty($ff->Pman['authTable']) ? 'core_person' : $ff->Pman['authTable'];
$au = $u->getAuthUser();
-
// first check they have perms to do this..
if (!$au|| ($au->company()->comptype != 'OWNER') || !$this->hasPerm('Core.Person', 'E')) {
$this->jerr("User switching not permitted");
}
-
-
+
$u = DB_DataObject::factory($tbl);
$u->get($id);
if (!$u->active()) {
}
$u->login();
// we might need this later..
- $this->addEvent("SWITCH USER", false, $au->name . ' TO ' . $u->name);
+ $this->addEvent("SWITCH-USER", false, $au->name . ' TO ' . $u->name);
$this->jok("SWITCH");
}
function post($v)
{
//DB_DataObject::debugLevel(1);
+
if (!empty($_REQUEST['getAuthUser'])) {
$this->sendAuthUserDetails();
exit;
$u = DB_DataObject::factory($tbl);
-
-
+ $ip = $this->ip_lookup();
// ratelimit
- if (!empty($_SERVER['REMOTE_ADDR'])) {
+ if (!empty($ip)) {
//DB_DataObject::DebugLevel(1);
$e = DB_DataObject::Factory('Events');
$e->action = 'LOGIN-BAD';
- $e->ipaddr = $_SERVER['REMOTE_ADDR'];
+ $e->ipaddr = $ip;
$e->whereAdd('event_when > NOW() - INTERVAL 10 MINUTE');
if ($e->count() > 5) {
$this->jerror('LOGIN-RATE', "Login failures are rate limited - please try later");
}
if(!empty($u->oath_key) && empty($_REQUEST['oath_password'])){
- $this->jerror('LOGIN-BAD','Your account require Two-Factor Authentication');
+ $this->jerror('LOGIN-BAD','Your account requires Two-Factor Authentication');
}
// check if config allows non-owner passwords.
exit;
}
- if(!empty($u->oath_key) && !$u->checkTwoFactorAuthentication(trim($_REQUEST['oath_password'],"\x10"))){
+ if(
+ !empty($u->oath_key) &&
+ !$u->checkTwoFactorAuthentication($_REQUEST['oath_password'])
+ ){
$this->jerror('LOGIN-BAD', 'You typed the wrong Username or Password (3)');
exit;
}
+ $this->ip_checking();
+
$u->login();
// we might need this later..
$this->addEvent("LOGIN", false, session_id());
$this->jok($u);
}
- function ip_validate()
+ function ip_checking()
{
if(empty($this->ip_management)){
return;
$core_ip_access->setFrom(array(
'ip' => $ip,
'created_dt' => $core_ip_access->sqlValue("NOW()"),
- 'status' => 1
+ 'authorized_key' => md5(openssl_random_pseudo_bytes(16)),
+ 'status' => 1,
+ 'email' => (empty($_REQUEST['username'])) ? '' : $_REQUEST['username'],
+ 'user_agent' => (empty($_SERVER['HTTP_USER_AGENT'])) ? '' : $_SERVER['HTTP_USER_AGENT']
));
$core_ip_access->insert();
+
+ return;
}
$core_ip_access = DB_DataObject::factory('core_ip_access');
$core_ip_access->setFrom(array(
'ip' => $ip,
'created_dt' => $core_ip_access->sqlValue("NOW()"),
- 'status' => 0
+ 'authorized_key' => md5(openssl_random_pseudo_bytes(16)),
+ 'status' => 0,
+ 'email' => (empty($_REQUEST['username'])) ? '' : $_REQUEST['username'],
+ 'user_agent' => (empty($_SERVER['HTTP_USER_AGENT'])) ? '' : $_SERVER['HTTP_USER_AGENT']
));
$core_ip_access->insert();
- $core_ip_access->xmppNotification();
+ $core_ip_access->sendXMPP();
$this->jerr('NEW-IP-ADDRESS', array('ip' => $ip));
+
+ return;
}
if(empty($core_ip_access->status)){
if($core_ip_access->status == -1){
$this->jerr('BLOCKED-IP-ADDRESS', array('ip' => $ip));
+ return;
+ }
+
+ if($core_ip_access->status == -2 && strtotime($core_ip_access->expire_dt) < strtotime('NOW')){
+ $this->jerr('BLOCKED-IP-ADDRESS', array('ip' => $ip));
+ return;
}
- return true;
+ return;
}
function ip_lookup()
return $_SERVER['REMOTE_ADDR'];
}
-
-
}
projects / Pman.Base / blobdiff