var $masterTemplate = 'login.html';
var $ip_management = false;
+
+ var $event_prefix = '';
+
function getAuth() // everyone allowed in here..
{
{
$this->initErrorHandling();
- //DB_DataObject::DebugLevel(1);
+ // DB_DataObject::DebugLevel(5);
if (!empty($_REQUEST['logout'])) {
return $this->logout();
}
{
$ff = class_exists('HTML_FlexyFramework2') ? HTML_FlexyFramework2::get() : HTML_FlexyFramework::get();
- //DB_DAtaObject::debugLevel(1);
+ //DB_DAtaObject::debugLevel(1);
$u = $this->getAuthUser();
//print_r($u);
if ($u) {
- $this->addEvent('LOGOUT');
+ $this->addEvent($this->event_prefix . 'LOGOUT');
$e = DB_DataObject::factory('Events');
}
$u->login();
// we might need this later..
- $this->addEvent("SWITCH-USER", false, $au->name . ' TO ' . $u->name);
+ $this->addEvent($this->event_prefix . "SWITCH-USER", false, $au->name . ' TO ' . $u->name);
$this->jok("SWITCH");
}
if(!$u->loginPublic()){
$this->jerr('Switch fail');
}
-
+
$this->jok('OK');
}
if (!empty($_REQUEST['logout'])) {
return $this->logout();
}
+
+ if(!empty($_REQUEST['check_owner_company'])) {
+ $core_company = DB_DataObject::factory('core_company');
+ $core_company->comptype = 'OWNER';
+ $this->jok($core_company->count());
+ }
if (!empty($_REQUEST['passwordRequest'])) { //|| (strpos($_REQUEST['username'], '@') < 1)) {
return $this->passwordRequest($_REQUEST['passwordRequest']);
}
-
- if (!empty($_REQUEST['ResetPassword'])) {
- if (empty($_REQUEST['id']) ||
- empty($_REQUEST['ts']) ||
- empty($_REQUEST['key']) ||
- empty($_REQUEST['password1']) ||
- empty($_REQUEST['password2']) ||
- ($_REQUEST['password1'] != $_REQUEST['password2'])
- ) {
- $this->jerr("Invalid request to reset password");
- }
-
- $this->resetPassword($_REQUEST['id'], $_REQUEST['ts'], $_REQUEST['key'], $_REQUEST['password1'] );
- }
-
-
- if (!empty($_REQUEST['_verifyCheckSum'])) {
- if (empty($_REQUEST['id']) ||
- empty($_REQUEST['ts']) ||
- empty($_REQUEST['key'])
-
- ) {
- $this->jerr("Invalid request to reset password");
- }
-
- $this->verifyResetPassword($_REQUEST['id'], $_REQUEST['ts'], $_REQUEST['key']);
- $this->jok("Checksum is ok");
- }
+
+ if (!empty($_REQUEST['ResetPassword'])) {
+ if (empty($_REQUEST['id']) ||
+ empty($_REQUEST['ts']) ||
+ empty($_REQUEST['key']) ||
+ empty($_REQUEST['password1']) ||
+ empty($_REQUEST['password2']) ||
+ ($_REQUEST['password1'] != $_REQUEST['password2'])
+ ) {
+ $this->jerr("Invalid request to reset password");
+ }
+
+ $this->resetPassword($_REQUEST['id'], $_REQUEST['ts'], $_REQUEST['key'], $_REQUEST['password1'] );
+ }
+
+
+ if (!empty($_REQUEST['_verifyCheckSum'])) {
+ if (empty($_REQUEST['id']) ||
+ empty($_REQUEST['ts']) ||
+ empty($_REQUEST['key'])
+
+ ) {
+ $this->jerr("Invalid request to reset password");
+ }
+
+ $this->verifyResetPassword($_REQUEST['id'], $_REQUEST['ts'], $_REQUEST['key']);
+ $this->jok("Checksum is ok");
+ }
// this is 'classic' change password...
if (!empty($_REQUEST['changePassword'])) {
if (!empty($ip)) {
//DB_DataObject::DebugLevel(1);
$e = DB_DataObject::Factory('Events');
- $e->action = 'LOGIN-BAD';
+ $e->action = $this->event_prefix . 'LOGIN-BAD';
$e->ipaddr = $ip;
$e->whereAdd('event_when > NOW() - INTERVAL 10 MINUTE');
if ($e->count() > 5) {
- $this->jerror('LOGIN-RATE', "Login failures are rate limited - please try later");
+ $this->jerror($this->event_prefix . 'LOGIN-RATE', "Login failures are rate limited - please try later");
}
}
- //$u->active = 1;
+ // this was removed before - not quite sure why.
+ // when a duplicate login account is created, this stops the old one from interfering..
+ $u->active = 1;
// empty username = not really a hacking attempt.
if (empty($_REQUEST['username'])) { //|| (strpos($_REQUEST['username'], '@') < 1)) {
- $this->jerror('LOGIN-EMPTY', 'You typed the wrong Username or Password (0)');
+ $this->jerror($this->event_prefix . 'LOGIN-EMPTY', 'You typed the wrong Username or Password (0)');
exit;
}
$u->authUserName($_REQUEST['username']);
if ($u->count() > 1 || !$u->find(true)) {
- $this->jerror('LOGIN-BAD','You typed the wrong Username or Password (1)');
+ $this->jerror($this->event_prefix . 'LOGIN-BAD','You typed the wrong Username or Password (1)');
exit;
}
- if (!$u->active()) {
- $this->jerror('LOGIN-BAD','Account disabled');
+ if (!$u->active()) {
+ $this->jerror($this->event_prefix . 'LOGIN-BAD','Account disabled');
}
if(!empty($u->oath_key) && empty($_REQUEST['oath_password'])){
- $this->jerror('LOGIN-BAD','Your account requires Two-Factor Authentication');
+ $this->jerror($this->event_prefix . 'LOGIN-2FA','Your account requires Two-Factor Authentication');
}
// check if config allows non-owner passwords.
$ff= HTML_FlexyFramework::get();
if (!empty($ff->Pman['auth_comptype']) && $ff->Pman['auth_comptype'] != $u->company()->comptype) {
//print_r($u->company());
- $this->jerror('LOGIN-BADUSER', "Login not permited to outside companies"); // serious failure
+ $this->jerror($this->event_prefix . 'LOGIN-BADUSER', "Login not permited to outside companies"); // serious failure
}
// note we trim \x10 -- line break - as it was injected the front end
// may have an old bug on safari/chrome that added that character in certian wierd scenarios..
if (!$u->checkPassword(trim($_REQUEST['password'],"\x10"))) {
- $this->jerror('LOGIN-BAD', 'You typed the wrong Username or Password (2)'); // - " . htmlspecialchars(print_r($_POST,true))."'");
+ $this->jerror($this->event_prefix . 'LOGIN-BAD', 'You typed the wrong Username or Password (2)'); // - " . htmlspecialchars(print_r($_POST,true))."'");
exit;
}
!$u->checkTwoFactorAuthentication($_REQUEST['oath_password'])
)
) {
- $this->jerror('LOGIN-BAD', 'You typed the wrong Username or Password (3)');
+ $this->jerror($this->event_prefix . 'LOGIN-BAD', 'You typed the wrong Username or Password (3)');
exit;
}
$u->login();
// we might need this later..
- $this->addEvent("LOGIN", false, session_id());
+ $this->addEvent($this->event_prefix . "LOGIN", false, session_id());
+
+
+
if (!empty($_REQUEST['lang'])) {
- $u->lang($_REQUEST['lang']);
+
+ if (!empty($ff->languages['avail']) && !in_array($_REQUEST['lang'],$ff->languages['avail'])) {
+ // ignore.
+ } else {
+
+ $u->lang($_REQUEST['lang']);
+ }
}
// log it..
// sort out sender.
$cm = DB_DataObject::factory('core_email');
if (!$cm->get('name', 'ADMIN_PASSWORD_RESET')) {
- $this->jerr("no template ADMIN_PASSWORD_RESET exists - please run importer ");
-
+ $this->jerr("no template Admin password reset (ADMIN_PASSWORD_RESET) exists - please run importer ");
}
+ if (!$cm->active) {
+ $this->jerr("template for Admin password reset has been disabled");
+ }
/*
$g = DB_DAtaObject::factory('Groups');
$this->rcpts = $u->getEmailFrom();
- $mailer = $cm->toMailer($this, false);
- if (is_a($mailer,'PEAR_Error') ) {
- $this->addEvent('SYSERR',false, $mailer->getMessage());
- $this->jerr($mailer->getMessage());
- }
+ $mailer = $cm->toMailer($this, false);
+ if (is_a($mailer,'PEAR_Error') ) {
+ $this->addEvent('SYSERR',false, $mailer->getMessage());
+ $this->jerr($mailer->getMessage());
+ }
$sent = $mailer->send();
- if (is_a($sent,'PEAR_Error') ) {
- $this->addEvent('SYSERR',false, $sent->getMessage());
- $this->jerr($ret->getMessage());
+ if (is_a($sent,'PEAR_Error') ) {
+ $this->addEvent('SYSERR',false, $sent->getMessage());
+ $this->jerr($sent->getMessage());
}
- $this->addEvent('PASSREQ',$u, $u->email);
+ $this->addEvent($this->event_prefix . 'PASSREQ',$u, $u->email);
$uu = clone($u);
$uu->no_reset_sent++;
$uu->update($u);
function verifyResetPassword($id,$t, $key)
{
- $au = $this->getAuthUser();
- print_R($au);
+ $au = $this->getAuthUser();
+ //print_R($au);
if ($au) {
$this->jerr( "Already Logged in - no need to use Password Reset");
}
// validate key..
if ($key != $u->genPassKey($t)) {
- $this->jerr("Password reset link is not valid ($key)");
+ $this->jerr("Password reset link is not valid (key)");
}
- if ($t < strtotime("NOW - 1 DAY")) {
+ if ($t < strtotime("NOW - 1 DAY")) {
$this->jerr("Password reset link has expired");
}
return $u;
$uu = clone($u);
$u->no_reset_sent = 0;
- if ($newpass != false) {
- $u->setPassword($newpass);
- }
+ if ($newpass != false) {
+ $u->setPassword($newpass);
+ }
$u->update($uu);
- $this->addEvent("CHANGEPASS", $au);
+ $this->addEvent($this->event_prefix . "CHANGEPASS", $u);
$this->jok("Password has been Updated");
}
{
$au = $this->getAuthUser();
if (!$au) {
- $this->jerr("Password change attempted when not logged in");
- }
- $uu = clone($au);
- $au->setPassword($r['passwd1']);
- $au->update($uu);
- $this->addEvent("CHANGEPASS", $au);
- $this->jok($au);
-
+ $this->jerr("Password change attempted when not logged in");
+ }
+ $uu = clone($au);
+ $au->setPassword($r['passwd1']);
+ $au->update($uu);
+ $this->addEvent($this->event_prefix . "CHANGEPASS", $au);
+ $this->jok($au);
+
}
function ip_checking()
$core_ip_access->sendXMPP();
- $this->jerr('NEW-IP-ADDRESS', array('ip' => $ip));
+ $this->jerror('NEW-IP-ADDRESS', "New IP Address = needs approving", array('ip' => $ip));
return;
}
if(empty($core_ip_access->status)){
- $this->jerr('PENDING-IP-ADDRESS', array('ip' => $ip));
+ $this->jerror('PENDING-IP-ADDRESS', "IP is still pending approval", array('ip' => $ip));
}
if($core_ip_access->status == -1){
- $this->jerr('BLOCKED-IP-ADDRESS', array('ip' => $ip));
+ $this->jerror('BLOCKED-IP-ADDRESS', "Your IP is blocked", array('ip' => $ip));
return;
}
if($core_ip_access->status == -2 && strtotime($core_ip_access->expire_dt) < strtotime('NOW')){
- $this->jerr('BLOCKED-IP-ADDRESS', array('ip' => $ip));
+ $this->jerrpr('BLOCKED-IP-ADDRESS', "Your IP is blocked", array('ip' => $ip));
return;
}