2012-06-04 16:58:40 +02:00
|
|
|
<?php
|
|
|
|
|
/*
|
|
|
|
|
FusionPBX
|
|
|
|
|
Version: MPL 1.1
|
|
|
|
|
|
|
|
|
|
The contents of this file are subject to the Mozilla Public License Version
|
|
|
|
|
1.1 (the "License"); you may not use this file except in compliance with
|
|
|
|
|
the License. You may obtain a copy of the License at
|
|
|
|
|
http://www.mozilla.org/MPL/
|
|
|
|
|
|
|
|
|
|
Software distributed under the License is distributed on an "AS IS" basis,
|
|
|
|
|
WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
|
|
|
|
for the specific language governing rights and limitations under the
|
|
|
|
|
License.
|
|
|
|
|
|
|
|
|
|
The Original Code is FusionPBX
|
|
|
|
|
|
|
|
|
|
The Initial Developer of the Original Code is
|
|
|
|
|
Mark J Crane <markjcrane@fusionpbx.com>
|
2015-03-17 15:44:09 +01:00
|
|
|
Portions created by the Initial Developer are Copyright (C) 2008-2015
|
2012-06-04 16:58:40 +02:00
|
|
|
the Initial Developer. All Rights Reserved.
|
|
|
|
|
|
|
|
|
|
Contributor(s):
|
|
|
|
|
Mark J Crane <markjcrane@fusionpbx.com>
|
|
|
|
|
*/
|
2013-07-06 09:40:48 +02:00
|
|
|
require_once "resources/require.php";
|
2013-09-01 08:40:28 +02:00
|
|
|
|
|
|
|
|
//for compatability require this library if less than version 5.5
|
|
|
|
|
if (version_compare(phpversion(), '5.5', '<')) {
|
|
|
|
|
require_once "resources/functions/password.php";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//start the session
|
2016-02-22 21:18:37 +01:00
|
|
|
ini_set("session.use_only_cookies", True);
|
2015-12-22 04:52:54 +01:00
|
|
|
ini_set("session.cookie_httponly", True);
|
2016-02-22 21:18:37 +01:00
|
|
|
if ($_SERVER["HTTPS"] == "on") { ini_set("session.cookie_secure", True); }
|
2013-09-01 08:40:28 +02:00
|
|
|
session_start();
|
2012-06-04 16:58:40 +02:00
|
|
|
|
|
|
|
|
//if the username session is not set the check username and password
|
2015-03-17 15:44:09 +01:00
|
|
|
if (strlen($_SESSION['username']) == 0) {
|
|
|
|
|
|
2012-06-04 16:58:40 +02:00
|
|
|
//clear the menu
|
|
|
|
|
$_SESSION["menu"] = "";
|
|
|
|
|
|
|
|
|
|
//clear the template only if the template has not been assigned by the superadmin
|
|
|
|
|
if (strlen($_SESSION['domain']['template']['name']) == 0) {
|
|
|
|
|
$_SESSION["template_content"] = '';
|
|
|
|
|
}
|
|
|
|
|
|
2014-02-04 05:53:42 +01:00
|
|
|
//if the username is not provided then send to login.php
|
2013-09-21 09:58:29 +02:00
|
|
|
if (strlen(check_str($_REQUEST["username"])) == 0 && strlen(check_str($_REQUEST["key"])) == 0) {
|
2015-02-24 09:09:01 +01:00
|
|
|
$target_path = ($_REQUEST["path"] != '') ? $_REQUEST["path"] : $_SERVER["REQUEST_URI"];
|
2015-04-14 03:36:01 +02:00
|
|
|
$_SESSION["message_mood"] = "negative";
|
2014-06-18 06:53:18 +02:00
|
|
|
$_SESSION["message"] = "Invalid Username and/or Password";
|
|
|
|
|
header("Location: ".PROJECT_PATH."/login.php?path=".urlencode($target_path));
|
2012-06-04 16:58:40 +02:00
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
|
2012-07-26 21:24:55 +02:00
|
|
|
//get the domain name
|
2012-12-12 03:38:34 +01:00
|
|
|
if (count($_SESSION["domains"]) > 1) {
|
2013-02-13 07:51:09 +01:00
|
|
|
//get the domain from the url
|
2013-02-13 08:17:24 +01:00
|
|
|
$domain_name = $_SERVER["HTTP_HOST"];
|
2013-02-13 07:51:09 +01:00
|
|
|
//get the domain name from the username
|
2014-02-04 05:53:42 +01:00
|
|
|
if ($_SESSION["user"]["unique"]["text"] != "global") {
|
|
|
|
|
$username_array = explode("@", check_str($_REQUEST["username"]));
|
|
|
|
|
if (count($username_array) > 1) {
|
|
|
|
|
$domain_name = $username_array[count($username_array) -1];
|
2014-08-21 01:40:13 +02:00
|
|
|
$_SESSION['domain_name'] = $domain_name;
|
|
|
|
|
foreach ($_SESSION['domains'] as $row) {
|
2015-06-01 06:54:21 +02:00
|
|
|
if (lower_case($row['domain_name']) == lower_case($domain_name)) {
|
2014-08-21 01:40:13 +02:00
|
|
|
$_SESSION['domain_uuid'] = $row['domain_uuid'];
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2014-02-04 05:53:42 +01:00
|
|
|
$_REQUEST["username"] = substr(check_str($_REQUEST["username"]), 0, -(strlen($domain_name)+1));
|
|
|
|
|
}
|
2013-02-13 07:51:09 +01:00
|
|
|
}
|
|
|
|
|
//get the domain name from the http value
|
|
|
|
|
if (strlen(check_str($_REQUEST["domain_name"])) > 0) {
|
|
|
|
|
$domain_name = check_str($_REQUEST["domain_name"]);
|
|
|
|
|
}
|
|
|
|
|
//set the domain information
|
|
|
|
|
if (strlen($domain_name) > 0) {
|
|
|
|
|
foreach ($_SESSION['domains'] as &$row) {
|
2015-06-01 06:54:21 +02:00
|
|
|
if (lower_case($row['domain_name']) == lower_case($domain_name)) {
|
2013-02-13 07:51:09 +01:00
|
|
|
//set the domain session variables
|
|
|
|
|
$domain_uuid = $row["domain_uuid"];
|
|
|
|
|
$_SESSION["domain_uuid"] = $row["domain_uuid"];
|
2013-12-27 19:24:57 +01:00
|
|
|
$_SESSION["domain_name"] = $_SESSION['domains'][$domain_uuid]['domain_name'];
|
2013-02-13 07:51:09 +01:00
|
|
|
//set the setting arrays
|
|
|
|
|
$domain = new domains();
|
|
|
|
|
$domain->db = $db;
|
|
|
|
|
$domain->set();
|
|
|
|
|
}
|
2012-12-12 03:38:34 +01:00
|
|
|
}
|
2012-07-26 21:24:55 +02:00
|
|
|
}
|
2015-07-28 18:42:07 +02:00
|
|
|
//set the domain parent uuid
|
|
|
|
|
$_SESSION['domain_parent_uuid'] = $_SESSION["domain_uuid"];
|
2012-07-26 21:24:55 +02:00
|
|
|
}
|
|
|
|
|
|
2013-09-21 04:55:02 +02:00
|
|
|
//get the username or key
|
2012-09-08 04:48:58 +02:00
|
|
|
$username = check_str($_REQUEST["username"]);
|
2013-09-21 04:55:02 +02:00
|
|
|
if (file_exists($_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/app/api/app_config.php')) {
|
|
|
|
|
$key = check_str($_REQUEST["key"]);
|
|
|
|
|
}
|
2012-09-08 04:48:58 +02:00
|
|
|
|
2012-12-12 03:38:34 +01:00
|
|
|
//ldap authentication
|
2015-03-18 03:39:35 +01:00
|
|
|
if ($_SESSION["ldap"]["enabled"]["boolean"] == "true") {
|
2012-12-12 03:38:34 +01:00
|
|
|
//use ldap to validate the user credentials
|
2012-12-19 22:02:22 +01:00
|
|
|
if (strlen(check_str($_REQUEST["domain_name"])) > 0) {
|
|
|
|
|
$domain_name = check_str($_REQUEST["domain_name"]);
|
|
|
|
|
}
|
2016-04-29 00:56:44 +02:00
|
|
|
if (isset($_SESSION["ldap"]["certpath"])) {
|
|
|
|
|
$s="LDAPTLS_CERT=" . $_SESSION["ldap"]["certpath"]["text"];
|
|
|
|
|
putenv($s);
|
|
|
|
|
}
|
|
|
|
|
if (isset($_SESSION["ldap"]["certkey"])) {
|
|
|
|
|
$s="LDAPTLS_KEY=" . $_SESSION["ldap"]["certkey"]["text"];
|
|
|
|
|
putenv($s);
|
|
|
|
|
}
|
|
|
|
|
$host=$_SESSION["ldap"]["server_host"]["text"];
|
|
|
|
|
$port=$_SESSION["ldap"]["server_port"]["numeric"];
|
2016-04-26 05:22:03 +02:00
|
|
|
$connect = ldap_connect($host)
|
2015-03-18 03:39:35 +01:00
|
|
|
or die("Could not connect to the LDAP server.");
|
2016-04-26 05:22:03 +02:00
|
|
|
//ldap_set_option($connect, LDAP_OPT_NETWORK_TIMEOUT, 10);
|
2015-03-24 21:49:44 +01:00
|
|
|
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
|
2016-04-29 00:56:44 +02:00
|
|
|
//ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
|
2015-03-24 20:54:59 +01:00
|
|
|
$bind_dn = $_SESSION["ldap"]["user_attribute"]["text"]."=".$username.",".$_SESSION["ldap"]["user_dn"]["text"];
|
2016-04-29 00:56:44 +02:00
|
|
|
$bind_pw = $_REQUEST["password"];
|
|
|
|
|
//Note: As of 4/16, the call below will fail randomly. PHP debug reports ldap_bind
|
|
|
|
|
//called below with all arguments '*uninitialized*'. However, the debugger
|
|
|
|
|
//single-stepping just before the failing call correctly displays all the values.
|
|
|
|
|
$bind = ldap_bind($connect, $bind_dn, $bind_pw);
|
2015-03-18 03:39:35 +01:00
|
|
|
if ($bind) {
|
2015-03-17 15:44:09 +01:00
|
|
|
$_SESSION['username'] = $username;
|
2012-12-12 03:38:34 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//check to see if the user exists
|
2015-03-17 15:44:09 +01:00
|
|
|
if (strlen($_SESSION['username']) > 0) {
|
2013-02-11 15:46:41 +01:00
|
|
|
$sql = "select * from v_users ";
|
|
|
|
|
$sql .= "where username=:username ";
|
2015-03-24 00:46:18 +01:00
|
|
|
if ($_SESSION["user"]["unique"]["text"] == "global") {
|
|
|
|
|
//unique username - global (example: email address)
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
//unique username - per domain
|
|
|
|
|
$sql .= "and domain_uuid=:domain_uuid ";
|
|
|
|
|
}
|
2013-02-11 15:46:41 +01:00
|
|
|
$prep_statement = $db->prepare(check_sql($sql));
|
2015-03-24 00:46:18 +01:00
|
|
|
if ($_SESSION["user"]["unique"]["text"] != "global") {
|
|
|
|
|
$prep_statement->bindParam(':domain_uuid', $domain_uuid);
|
|
|
|
|
}
|
2013-02-11 15:46:41 +01:00
|
|
|
$prep_statement->bindParam(':username', $username);
|
|
|
|
|
$prep_statement->execute();
|
|
|
|
|
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
|
2015-03-24 00:46:18 +01:00
|
|
|
if (count($result) > 0) {
|
|
|
|
|
foreach ($result as &$row) {
|
|
|
|
|
//get the domain uuid
|
|
|
|
|
$domain_uuid = $row["domain_uuid"];
|
|
|
|
|
$user_uuid = $row["user_uuid"];
|
|
|
|
|
//set the domain session variables
|
|
|
|
|
$_SESSION["domain_uuid"] = $domain_uuid;
|
|
|
|
|
$domain_name = $_SESSION['domains'][$domain_uuid]['domain_name'];
|
|
|
|
|
$_SESSION["domain_name"] = $domain_name;
|
|
|
|
|
//set the setting arrays
|
|
|
|
|
$domain = new domains();
|
|
|
|
|
$domain->db = $db;
|
|
|
|
|
$domain->set();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else {
|
2013-02-11 15:46:41 +01:00
|
|
|
//salt used with the password to create a one way hash
|
2015-03-18 03:39:35 +01:00
|
|
|
$salt = generate_password('32', '4');
|
|
|
|
|
$password = generate_password('32', '4');
|
2013-02-11 15:46:41 +01:00
|
|
|
|
|
|
|
|
//prepare the uuids
|
|
|
|
|
$user_uuid = uuid();
|
|
|
|
|
$contact_uuid = uuid();
|
2015-04-04 20:46:44 +02:00
|
|
|
|
2015-03-24 00:46:18 +01:00
|
|
|
//set the user_id
|
|
|
|
|
$_SESSION["user_uuid"] = $user_uuid;
|
2013-02-11 15:46:41 +01:00
|
|
|
|
|
|
|
|
//add the user
|
|
|
|
|
$sql = "insert into v_users ";
|
|
|
|
|
$sql .= "(";
|
|
|
|
|
$sql .= "domain_uuid, ";
|
|
|
|
|
$sql .= "user_uuid, ";
|
|
|
|
|
$sql .= "contact_uuid, ";
|
|
|
|
|
$sql .= "username, ";
|
|
|
|
|
$sql .= "password, ";
|
|
|
|
|
$sql .= "salt, ";
|
|
|
|
|
$sql .= "add_date, ";
|
|
|
|
|
$sql .= "add_user, ";
|
|
|
|
|
$sql .= "user_enabled ";
|
|
|
|
|
$sql .= ") ";
|
|
|
|
|
$sql .= "values ";
|
|
|
|
|
$sql .= "(";
|
2015-03-18 04:41:19 +01:00
|
|
|
$sql .= "'".$domain_uuid."', ";
|
|
|
|
|
$sql .= "'".$user_uuid."', ";
|
|
|
|
|
$sql .= "'".$contact_uuid."', ";
|
2013-02-11 15:46:41 +01:00
|
|
|
$sql .= "'".strtolower($username)."', ";
|
|
|
|
|
$sql .= "'".md5($salt.$password)."', ";
|
|
|
|
|
$sql .= "'".$salt."', ";
|
|
|
|
|
$sql .= "now(), ";
|
|
|
|
|
$sql .= "'".strtolower($username)."', ";
|
|
|
|
|
$sql .= "'true' ";
|
|
|
|
|
$sql .= ")";
|
2015-03-18 04:41:19 +01:00
|
|
|
$db->exec(check_sql($sql));
|
2013-02-11 15:46:41 +01:00
|
|
|
unset($sql);
|
|
|
|
|
|
|
|
|
|
//add the user to group user
|
|
|
|
|
$group_name = 'user';
|
|
|
|
|
$sql = "insert into v_group_users ";
|
|
|
|
|
$sql .= "(";
|
|
|
|
|
$sql .= "group_user_uuid, ";
|
|
|
|
|
$sql .= "domain_uuid, ";
|
|
|
|
|
$sql .= "group_name, ";
|
|
|
|
|
$sql .= "user_uuid ";
|
|
|
|
|
$sql .= ")";
|
|
|
|
|
$sql .= "values ";
|
|
|
|
|
$sql .= "(";
|
|
|
|
|
$sql .= "'".uuid()."', ";
|
2015-03-18 04:41:19 +01:00
|
|
|
$sql .= "'".$domain_uuid."', ";
|
|
|
|
|
$sql .= "'".$group_name."', ";
|
|
|
|
|
$sql .= "'".$user_uuid."' ";
|
2013-02-11 15:46:41 +01:00
|
|
|
$sql .= ")";
|
2015-03-18 04:41:19 +01:00
|
|
|
$db->exec(check_sql($sql));
|
2013-02-11 15:46:41 +01:00
|
|
|
unset($sql);
|
|
|
|
|
}
|
2012-12-12 03:38:34 +01:00
|
|
|
}
|
|
|
|
|
}
|
2015-03-17 15:44:09 +01:00
|
|
|
|
2012-12-12 03:38:34 +01:00
|
|
|
//database authentication
|
2015-03-17 15:44:09 +01:00
|
|
|
if (strlen($_SESSION['username']) == 0) {
|
2012-12-12 03:38:34 +01:00
|
|
|
//check the username and password if they don't match then redirect to the login
|
2014-07-29 05:03:22 +02:00
|
|
|
$sql = "select * from v_users ";
|
2015-03-17 15:44:09 +01:00
|
|
|
if (strlen($key) > 30) {
|
|
|
|
|
//$sql .= "where api_key=:key ";
|
|
|
|
|
$sql .= "where api_key='".$key."' ";
|
2014-07-29 05:03:22 +02:00
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$sql .= "where username=:username ";
|
2016-02-22 21:18:37 +01:00
|
|
|
//$sql .= "where username='".$username."' ";
|
2014-07-29 05:03:22 +02:00
|
|
|
}
|
|
|
|
|
//$sql .= "and domain_uuid='".$domain_uuid."' ";
|
2013-12-27 19:24:57 +01:00
|
|
|
if ($_SESSION["user"]["unique"]["text"] == "global") {
|
2014-07-29 05:03:22 +02:00
|
|
|
//unique username - global (example: email address)
|
2013-09-21 04:55:02 +02:00
|
|
|
}
|
|
|
|
|
else {
|
2014-07-29 05:03:22 +02:00
|
|
|
//unique username - per domain
|
2013-12-27 19:24:57 +01:00
|
|
|
$sql .= "and domain_uuid=:domain_uuid ";
|
2014-07-29 05:03:22 +02:00
|
|
|
}
|
|
|
|
|
$sql .= "and (user_enabled = 'true' or user_enabled is null) ";
|
|
|
|
|
$prep_statement = $db->prepare(check_sql($sql));
|
|
|
|
|
if ($_SESSION["user"]["unique"]["text"] != "global") {
|
2013-12-27 19:24:57 +01:00
|
|
|
$prep_statement->bindParam(':domain_uuid', $domain_uuid);
|
2013-09-21 04:55:02 +02:00
|
|
|
}
|
2015-03-17 15:44:09 +01:00
|
|
|
if (strlen($key) > 30) {
|
2013-09-21 04:55:02 +02:00
|
|
|
$prep_statement->bindParam(':key', $key);
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$prep_statement->bindParam(':username', $username);
|
|
|
|
|
}
|
2012-12-12 03:38:34 +01:00
|
|
|
$prep_statement->execute();
|
|
|
|
|
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
|
2015-03-17 15:44:09 +01:00
|
|
|
if (count($result) > 0) {
|
|
|
|
|
foreach ($result as &$row) {
|
|
|
|
|
//get the domain uuid
|
|
|
|
|
$domain_uuid = $row["domain_uuid"];
|
|
|
|
|
//set the domain session variables
|
|
|
|
|
$_SESSION["domain_uuid"] = $domain_uuid;
|
2015-03-24 00:46:18 +01:00
|
|
|
$domain_name = $_SESSION['domains'][$domain_uuid]['domain_name'];
|
|
|
|
|
$_SESSION["domain_name"] = $domain_name;
|
2015-03-17 15:44:09 +01:00
|
|
|
//set the setting arrays
|
|
|
|
|
$domain = new domains();
|
|
|
|
|
$domain->db = $db;
|
|
|
|
|
$domain->set();
|
|
|
|
|
//get the salt from the database
|
|
|
|
|
$salt = $row["salt"];
|
|
|
|
|
//if salt is not defined then use the default salt for backwards compatibility
|
|
|
|
|
if (strlen($salt) == 0) {
|
|
|
|
|
$salt = 'e3.7d.12';
|
|
|
|
|
}
|
|
|
|
|
//compare the password provided by the user with the one in the database
|
|
|
|
|
if (md5($salt.check_str($_REQUEST["password"])) == $row["password"]) {
|
|
|
|
|
$_SESSION['username'] = $row["username"];
|
|
|
|
|
} elseif (strlen($_REQUEST["key"]) > 30 && $_REQUEST["key"] == $row["api_key"]) {
|
|
|
|
|
$_SESSION['username'] = $row["username"];
|
|
|
|
|
} else {
|
|
|
|
|
unset($result);
|
|
|
|
|
}
|
|
|
|
|
//end the loop
|
|
|
|
|
break;
|
2012-12-12 03:38:34 +01:00
|
|
|
}
|
|
|
|
|
}
|
2012-06-04 16:58:40 +02:00
|
|
|
}
|
2015-03-17 15:44:09 +01:00
|
|
|
if (strlen($_SESSION['username']) == 0) {
|
2012-06-04 16:58:40 +02:00
|
|
|
//log the failed auth attempt to the system, to be available for fail2ban.
|
|
|
|
|
openlog('FusionPBX', LOG_NDELAY, LOG_AUTH);
|
2012-09-29 17:58:06 +02:00
|
|
|
syslog(LOG_WARNING, '['.$_SERVER['REMOTE_ADDR']."] authentication failed for ".check_str($_REQUEST["username"]));
|
2012-06-04 16:58:40 +02:00
|
|
|
closelog();
|
|
|
|
|
//redirect the user to the login page
|
2014-06-18 06:53:18 +02:00
|
|
|
$target_path = ($_REQUEST["path"] != '') ? $_REQUEST["path"] : $_SERVER["PHP_SELF"];
|
2015-04-14 03:36:01 +02:00
|
|
|
$_SESSION["message_mood"] = "negative";
|
2014-06-18 06:53:18 +02:00
|
|
|
$_SESSION["message"] = "Invalid Username and/or Password";
|
|
|
|
|
header("Location: ".PROJECT_PATH."/login.php?path=".urlencode($target_path));
|
2012-06-04 16:58:40 +02:00
|
|
|
exit;
|
|
|
|
|
}
|
2015-03-17 15:44:09 +01:00
|
|
|
else {
|
2015-07-28 18:42:07 +02:00
|
|
|
//set the user settings
|
|
|
|
|
foreach ($result as &$row) {
|
|
|
|
|
//allow the user to choose a template only if the template has not been assigned by the superadmin
|
|
|
|
|
if (strlen($_SESSION['domain']['template']['name']) == 0) {
|
|
|
|
|
$_SESSION['domain']['template']['name'] = $row["user_template_name"];
|
|
|
|
|
}
|
|
|
|
|
//user defined time zone
|
|
|
|
|
$_SESSION["time_zone"]["user"] = '';
|
|
|
|
|
if (strlen($row["user_time_zone"]) > 0) {
|
|
|
|
|
//user defined time zone
|
|
|
|
|
$_SESSION["time_zone"]["user"] = $row["user_time_zone"];
|
|
|
|
|
}
|
|
|
|
|
// add session variables
|
|
|
|
|
$_SESSION["user_uuid"] = $row["user_uuid"];
|
|
|
|
|
// user session array
|
|
|
|
|
$_SESSION["user"]["username"] = $row["username"];
|
|
|
|
|
$_SESSION["user"]["user_uuid"] = $row["user_uuid"];
|
|
|
|
|
$_SESSION["user"]["contact_uuid"] = $row["contact_uuid"];
|
|
|
|
|
}
|
2012-06-04 16:58:40 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//get the groups assigned to the user and then set the groups in $_SESSION["groups"]
|
|
|
|
|
$sql = "SELECT * FROM v_group_users ";
|
2012-11-13 14:33:10 +01:00
|
|
|
//$sql .= "where domain_uuid='".$domain_uuid."' ";
|
|
|
|
|
//$sql .= "and user_uuid='".$_SESSION["user_uuid"]."' ";
|
2012-06-04 16:58:40 +02:00
|
|
|
$sql .= "where domain_uuid=:domain_uuid ";
|
|
|
|
|
$sql .= "and user_uuid=:user_uuid ";
|
|
|
|
|
$prep_statement = $db->prepare(check_sql($sql));
|
|
|
|
|
$prep_statement->bindParam(':domain_uuid', $domain_uuid);
|
|
|
|
|
$prep_statement->bindParam(':user_uuid', $_SESSION["user_uuid"]);
|
|
|
|
|
$prep_statement->execute();
|
|
|
|
|
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
|
|
|
|
|
$_SESSION["groups"] = $result;
|
|
|
|
|
unset($sql, $row_count, $prep_statement);
|
|
|
|
|
|
|
|
|
|
//get the permissions assigned to the groups that the user is a member of set the permissions in $_SESSION['permissions']
|
2014-06-10 23:16:42 +02:00
|
|
|
if (count($_SESSION["groups"]) > 0) {
|
|
|
|
|
$x = 0;
|
|
|
|
|
$sql = "select distinct(permission_name) from v_group_permissions ";
|
|
|
|
|
foreach($_SESSION["groups"] as $field) {
|
|
|
|
|
if (strlen($field['group_name']) > 0) {
|
|
|
|
|
if ($x == 0) {
|
2014-12-26 08:08:05 +01:00
|
|
|
$sql .= "where (domain_uuid = '".$domain_uuid."' and domain_uuid = null) ";
|
2014-06-10 23:16:42 +02:00
|
|
|
}
|
|
|
|
|
else {
|
2014-12-26 08:08:05 +01:00
|
|
|
$sql .= "or (domain_uuid = '".$domain_uuid."' and domain_uuid = null) ";
|
2014-06-10 23:16:42 +02:00
|
|
|
}
|
2014-12-26 08:08:05 +01:00
|
|
|
$sql .= "or group_name = '".$field['group_name']."' ";
|
2014-06-10 23:16:42 +02:00
|
|
|
$x++;
|
2012-06-04 16:58:40 +02:00
|
|
|
}
|
|
|
|
|
}
|
2014-06-10 23:16:42 +02:00
|
|
|
$prep_statement_sub = $db->prepare($sql);
|
|
|
|
|
$prep_statement_sub->execute();
|
|
|
|
|
$_SESSION['permissions'] = $prep_statement_sub->fetchAll(PDO::FETCH_NAMED);
|
|
|
|
|
unset($sql, $prep_statement_sub);
|
2012-06-04 16:58:40 +02:00
|
|
|
}
|
|
|
|
|
|
2014-05-13 01:30:26 +02:00
|
|
|
//get the user settings
|
|
|
|
|
$sql = "select * from v_user_settings ";
|
|
|
|
|
$sql .= "where domain_uuid = '" . $_SESSION["domain_uuid"] . "' ";
|
|
|
|
|
$sql .= "and user_uuid = '" . $_SESSION["user_uuid"] . "' ";
|
|
|
|
|
$sql .= "and user_setting_enabled = 'true' ";
|
|
|
|
|
$prep_statement = $db->prepare($sql);
|
|
|
|
|
if ($prep_statement) {
|
|
|
|
|
$prep_statement->execute();
|
|
|
|
|
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
|
|
|
|
|
foreach ($result as $row) {
|
|
|
|
|
$name = $row['user_setting_name'];
|
|
|
|
|
$category = $row['user_setting_category'];
|
|
|
|
|
$subcategory = $row['user_setting_subcategory'];
|
2014-05-21 07:52:39 +02:00
|
|
|
if (strlen($row['user_setting_value']) > 0) {
|
|
|
|
|
if (strlen($subcategory) == 0) {
|
|
|
|
|
//$$category[$name] = $row['domain_setting_value'];
|
|
|
|
|
if ($name == "array") {
|
|
|
|
|
$_SESSION[$category][] = $row['user_setting_value'];
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$_SESSION[$category][$name] = $row['user_setting_value'];
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
//$$category[$subcategory][$name] = $row['domain_setting_value'];
|
|
|
|
|
if ($name == "array") {
|
|
|
|
|
$_SESSION[$category][$subcategory][] = $row['user_setting_value'];
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$_SESSION[$category][$subcategory][$name] = $row['user_setting_value'];
|
|
|
|
|
}
|
2014-05-13 01:30:26 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-07 01:47:03 +02:00
|
|
|
//get the extensions that are assigned to this user
|
|
|
|
|
if (file_exists($_SERVER["PROJECT_ROOT"]."/app/extensions/app_config.php")) {
|
|
|
|
|
if (isset($_SESSION["user"]) && isset($_SESSION["user_uuid"]) && $db && strlen($_SESSION["domain_uuid"]) > 0 && strlen($_SESSION["user_uuid"]) > 0 && count($_SESSION['user']['extension']) == 0) {
|
|
|
|
|
//get the user extension list
|
|
|
|
|
unset($_SESSION['user']['extension']);
|
|
|
|
|
$sql = "select ";
|
|
|
|
|
$sql .= " e.extension, ";
|
|
|
|
|
$sql .= " e.number_alias, ";
|
|
|
|
|
$sql .= " e.user_context, ";
|
|
|
|
|
$sql .= " e.extension_uuid, ";
|
|
|
|
|
$sql .= " e.outbound_caller_id_name, ";
|
2016-05-11 01:25:20 +02:00
|
|
|
$sql .= " e.outbound_caller_id_number ";
|
2016-05-07 01:47:03 +02:00
|
|
|
$sql .= "from ";
|
|
|
|
|
$sql .= " v_extension_users as u, ";
|
|
|
|
|
$sql .= " v_extensions as e ";
|
|
|
|
|
$sql .= "where ";
|
|
|
|
|
$sql .= " e.domain_uuid = '".$_SESSION['domain_uuid']."' ";
|
|
|
|
|
$sql .= " and e.extension_uuid = u.extension_uuid ";
|
|
|
|
|
$sql .= " and u.user_uuid = '".$_SESSION['user_uuid']."' ";
|
|
|
|
|
$sql .= " and e.enabled = 'true' ";
|
|
|
|
|
$sql .= "order by ";
|
|
|
|
|
$sql .= " e.extension asc ";
|
|
|
|
|
$query = $db->query($sql);
|
|
|
|
|
if($query !== false) {
|
|
|
|
|
$result = $db->query($sql)->fetchAll(PDO::FETCH_ASSOC);
|
|
|
|
|
$x = 0;
|
|
|
|
|
foreach($result as $row) {
|
|
|
|
|
$destination = $row['extension'];
|
|
|
|
|
if (strlen($row['number_alias']) > 0) {
|
|
|
|
|
$destination = $row['number_alias'];
|
|
|
|
|
}
|
|
|
|
|
$_SESSION['user']['extension'][$x]['user'] = $row['extension'];
|
|
|
|
|
$_SESSION['user']['extension'][$x]['number_alias'] = $row['number_alias'];
|
|
|
|
|
$_SESSION['user']['extension'][$x]['destination'] = $destination;
|
|
|
|
|
$_SESSION['user']['extension'][$x]['extension_uuid'] = $row['extension_uuid'];
|
|
|
|
|
$_SESSION['user']['extension'][$x]['outbound_caller_id_name'] = $row['outbound_caller_id_name'];
|
|
|
|
|
$_SESSION['user']['extension'][$x]['outbound_caller_id_number'] = $row['outbound_caller_id_number'];
|
|
|
|
|
$_SESSION['user_context'] = $row["user_context"];
|
|
|
|
|
$x++;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2012-06-04 16:58:40 +02:00
|
|
|
//redirect the user
|
|
|
|
|
if (check_str($_REQUEST["rdr"]) !== 'n'){
|
|
|
|
|
$path = check_str($_POST["path"]);
|
2015-04-04 20:46:44 +02:00
|
|
|
if (isset($path) && !empty($path) && $path!="index2.php" && $path!="/install.php") {
|
2012-06-04 16:58:40 +02:00
|
|
|
header("Location: ".$path);
|
|
|
|
|
exit();
|
|
|
|
|
}
|
2015-04-04 20:46:44 +02:00
|
|
|
else if ($_SESSION['login']['destination']['url'] != '') {
|
|
|
|
|
header("Location: ".$_SESSION['login']['destination']['url']);
|
|
|
|
|
exit();
|
|
|
|
|
}
|
2012-06-04 16:58:40 +02:00
|
|
|
}
|
2015-07-28 18:42:07 +02:00
|
|
|
|
|
|
|
|
//get the domains
|
2016-02-22 21:18:37 +01:00
|
|
|
if (file_exists($_SERVER["PROJECT_ROOT"]."/app/domains/app_config.php")){
|
2015-07-28 18:42:07 +02:00
|
|
|
require_once "app/domains/resources/domains.php";
|
|
|
|
|
}
|
|
|
|
|
|
2012-06-04 16:58:40 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//set the time zone
|
|
|
|
|
if (strlen($_SESSION["time_zone"]["user"]) == 0) {
|
|
|
|
|
//set the domain time zone as the default time zone
|
|
|
|
|
date_default_timezone_set($_SESSION['domain']['time_zone']['name']);
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
//set the user defined time zone
|
|
|
|
|
date_default_timezone_set($_SESSION["time_zone"]["user"]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//hide the path unless logged in as a superadmin.
|
|
|
|
|
if (!if_group("superadmin")) {
|
|
|
|
|
$v_path_show = false;
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-11 01:25:20 +02:00
|
|
|
?>
|
