var $masterTemplate = 'login.html';
var $ip_management = false;
+
+ var $event_suffix = '';
+
+ // for forgot password email
+ var $authFrom;
+ var $authKey;
+ var $person;
+ var $bcc;
+ var $rcpts;
+
function getAuth() // everyone allowed in here..
{
if (!empty($_REQUEST['loginPublic'])) {
$this->switchPublicUser($_REQUEST['loginPublic']);
}
-
- $this->jerr("INVALID REQUEST");
+ if (!empty($_SERVER['HTTP_USER_AGENT']) && preg_match('/^check_http/', $_SERVER['HTTP_USER_AGENT'])) {
+ die("server is alive = authFailure"); // should really use heartbeat now..
+ }
+ $this->jerror("NOTICE-INVALID", "INVALID REQUEST");
exit;
}
{
$ff = class_exists('HTML_FlexyFramework2') ? HTML_FlexyFramework2::get() : HTML_FlexyFramework::get();
- //DB_DAtaObject::debugLevel(1);
+ //DB_DAtaObject::debugLevel(1);
$u = $this->getAuthUser();
//print_r($u);
if ($u) {
- $this->addEvent('LOGOUT');
+ $this->addEvent('LOGOUT'. $this->event_suffix);
$e = DB_DataObject::factory('Events');
}
$u->login();
// we might need this later..
- $this->addEvent("SWITCH-USER", false, $au->name . ' TO ' . $u->name);
+ $this->addEvent("LOGIN-SWITCH-USER". $this->event_suffix, false, $au->name . ' TO ' . $u->name);
$this->jok("SWITCH");
}
if (!empty($ip)) {
//DB_DataObject::DebugLevel(1);
$e = DB_DataObject::Factory('Events');
- $e->action = 'LOGIN-BAD';
+ $e->action = 'LOGIN-BAD'. $this->event_suffix;
$e->ipaddr = $ip;
$e->whereAdd('event_when > NOW() - INTERVAL 10 MINUTE');
if ($e->count() > 5) {
- $this->jerror('LOGIN-RATE', "Login failures are rate limited - please try later");
+ $this->jerror('LOGIN-RATE'. $this->event_suffix, "Login failures are rate limited - please try later");
}
}
// empty username = not really a hacking attempt.
if (empty($_REQUEST['username'])) { //|| (strpos($_REQUEST['username'], '@') < 1)) {
- $this->jerror('LOGIN-EMPTY', 'You typed the wrong Username or Password (0)');
+ $this->jerror('LOGIN-EMPTY'. $this->event_suffix, 'You typed the wrong Username or Password (0)');
exit;
}
$u->authUserName($_REQUEST['username']);
if ($u->count() > 1 || !$u->find(true)) {
- $this->jerror('LOGIN-BAD','You typed the wrong Username or Password (1)');
+ $this->jerror('LOGIN-BAD'. $this->event_suffix,'You typed the wrong Username or Password (1)');
exit;
}
if (!$u->active()) {
- $this->jerror('LOGIN-BAD','Account disabled');
+ $this->jerror('LOGIN-BAD'. $this->event_suffix,'Account disabled');
}
if(!empty($u->oath_key) && empty($_REQUEST['oath_password'])){
- $this->jerror('LOGIN-2FA','Your account requires Two-Factor Authentication');
+ $this->jerror('LOGIN-2FA'. $this->event_suffix,'Your account requires Two-Factor Authentication');
}
// check if config allows non-owner passwords.
$ff= HTML_FlexyFramework::get();
if (!empty($ff->Pman['auth_comptype']) && $ff->Pman['auth_comptype'] != $u->company()->comptype) {
//print_r($u->company());
- $this->jerror('LOGIN-BADUSER', "Login not permited to outside companies"); // serious failure
+ $this->jerror('LOGIN-BADUSER'. $this->event_suffix, "Login not permited to outside companies"); // serious failure
}
// note we trim \x10 -- line break - as it was injected the front end
// may have an old bug on safari/chrome that added that character in certian wierd scenarios..
if (!$u->checkPassword(trim($_REQUEST['password'],"\x10"))) {
- $this->jerror('LOGIN-BAD', 'You typed the wrong Username or Password (2)'); // - " . htmlspecialchars(print_r($_POST,true))."'");
+ $this->jerror('LOGIN-BAD'. $this->event_suffix, 'You typed the wrong Username or Password (2)'); // - " . htmlspecialchars(print_r($_POST,true))."'");
exit;
}
!$u->checkTwoFactorAuthentication($_REQUEST['oath_password'])
)
) {
- $this->jerror('LOGIN-BAD', 'You typed the wrong Username or Password (3)');
+ $this->jerror('LOGIN-BAD'. $this->event_suffix, 'You typed the wrong Username or Password (3)');
exit;
}
$u->login();
// we might need this later..
- $this->addEvent("LOGIN", false, session_id());
+ $this->addEvent("LOGIN". $this->event_suffix, false, session_id());
+
+
+
if (!empty($_REQUEST['lang'])) {
- $u->lang($_REQUEST['lang']);
+
+ if (!empty($ff->languages['avail']) && !in_array($_REQUEST['lang'],$ff->languages['avail'])) {
+ // ignore.
+ } else {
+
+ $u->lang($_REQUEST['lang']);
+ }
}
// log it..
// bcc..
$g = DB_DAtaObject::factory('core_group');
- if (!$g->get('name', 'bcc-email')) {
- $this->jerr("no group 'bcc-email' exists in the system");
+ if (!$cm->bcc_group_id || !$g->get($cm->bcc_group_id)) {
+ $this->jerr("BCC for ADMIN_PASSWORD_RESET email has not been set");
}
$bcc = $g->members('email');
if (!count($bcc)) {
- $this->jerr( "'bcc-email' group does not have any members");
+ $this->jerr( "'BCC group for ADMIN_PASSWORD_RESET does not have any members");
}
$this->jerr($sent->getMessage());
}
- $this->addEvent('PASSREQ',$u, $u->email);
+ $this->addEvent('LOGIN-PASSREQ'. $this->event_suffix,$u, $u->email);
$uu = clone($u);
$uu->no_reset_sent++;
$uu->update($u);
$u->setPassword($newpass);
}
$u->update($uu);
- $this->addEvent("CHANGEPASS", $u);
+ $this->addEvent("LOGIN-CHANGEPASS". $this->event_suffix, $u);
$this->jok("Password has been Updated");
}
$uu = clone($au);
$au->setPassword($r['passwd1']);
$au->update($uu);
- $this->addEvent("CHANGEPASS", $au);
+ $this->addEvent("LOGIN-CHANGEPASS". $this->event_suffix, $au);
$this->jok($au);
}
}
if($core_ip_access->status == -2 && strtotime($core_ip_access->expire_dt) < strtotime('NOW')){
- $this->jerrpr('BLOCKED-IP-ADDRESS', "Your IP is blocked", array('ip' => $ip));
+ $this->jerror('BLOCKED-IP-ADDRESS', "Your IP is blocked", array('ip' => $ip));
return;
}
projects / Pman.Base / blobdiff