2012-06-04 16:58:40 +02:00
|
|
|
<?php
|
|
|
|
|
/*
|
|
|
|
|
FusionPBX
|
|
|
|
|
Version: MPL 1.1
|
|
|
|
|
|
|
|
|
|
The contents of this file are subject to the Mozilla Public License Version
|
|
|
|
|
1.1 (the "License"); you may not use this file except in compliance with
|
|
|
|
|
the License. You may obtain a copy of the License at
|
|
|
|
|
http://www.mozilla.org/MPL/
|
|
|
|
|
|
|
|
|
|
Software distributed under the License is distributed on an "AS IS" basis,
|
|
|
|
|
WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
|
|
|
|
for the specific language governing rights and limitations under the
|
|
|
|
|
License.
|
|
|
|
|
|
|
|
|
|
The Original Code is FusionPBX
|
|
|
|
|
|
|
|
|
|
The Initial Developer of the Original Code is
|
|
|
|
|
Mark J Crane <markjcrane@fusionpbx.com>
|
2023-01-28 01:19:00 +01:00
|
|
|
Portions created by the Initial Developer are Copyright (C) 2008-2023
|
2012-06-04 16:58:40 +02:00
|
|
|
the Initial Developer. All Rights Reserved.
|
|
|
|
|
|
|
|
|
|
Contributor(s):
|
|
|
|
|
Mark J Crane <markjcrane@fusionpbx.com>
|
|
|
|
|
*/
|
2020-07-28 23:47:36 +02:00
|
|
|
|
2023-06-15 19:28:23 +02:00
|
|
|
//includes files
|
|
|
|
|
require_once __DIR__ . "/require.php";
|
2013-09-01 08:40:28 +02:00
|
|
|
|
2017-06-10 06:13:51 +02:00
|
|
|
//add multi-lingual support
|
|
|
|
|
$language = new text;
|
2017-06-10 17:22:24 +02:00
|
|
|
$text = $language->get(null, 'resources');
|
2017-06-10 06:13:51 +02:00
|
|
|
|
|
|
|
|
//for compatibility require this library if less than version 5.5
|
2013-09-01 08:40:28 +02:00
|
|
|
if (version_compare(phpversion(), '5.5', '<')) {
|
|
|
|
|
require_once "resources/functions/password.php";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//start the session
|
2016-12-12 06:47:51 +01:00
|
|
|
if (!isset($_SESSION)) { session_start(); }
|
2012-06-04 16:58:40 +02:00
|
|
|
|
2016-12-12 07:37:59 +01:00
|
|
|
//define variables
|
|
|
|
|
if (!isset($_SESSION['template_content'])) { $_SESSION["template_content"] = null; }
|
|
|
|
|
|
2023-04-16 09:10:39 +02:00
|
|
|
//if the session is not authorized then verify the identity
|
2023-05-11 06:11:01 +02:00
|
|
|
if (!isset($_SESSION['authorized']) || (isset($_SESSION['authorized']) && !$_SESSION['authorized'])) {
|
2015-03-17 15:44:09 +01:00
|
|
|
|
2012-06-04 16:58:40 +02:00
|
|
|
//clear the menu
|
2018-06-06 07:36:24 +02:00
|
|
|
unset($_SESSION["menu"]);
|
2012-06-04 16:58:40 +02:00
|
|
|
|
|
|
|
|
//clear the template only if the template has not been assigned by the superadmin
|
2023-05-05 18:46:37 +02:00
|
|
|
if (empty($_SESSION['domain']['template']['name'])) {
|
2012-06-04 16:58:40 +02:00
|
|
|
$_SESSION["template_content"] = '';
|
|
|
|
|
}
|
|
|
|
|
|
2016-09-11 07:13:08 +02:00
|
|
|
//validate the username and password
|
|
|
|
|
$auth = new authentication;
|
|
|
|
|
$result = $auth->validate();
|
2021-04-01 04:54:23 +02:00
|
|
|
|
2023-04-16 09:10:39 +02:00
|
|
|
//if not authorized
|
|
|
|
|
if (!$_SESSION['authorized']) {
|
2021-04-01 04:54:23 +02:00
|
|
|
|
2023-04-16 09:10:39 +02:00
|
|
|
//log the failed auth attempt to the system to the syslog server
|
2012-06-04 16:58:40 +02:00
|
|
|
openlog('FusionPBX', LOG_NDELAY, LOG_AUTH);
|
2016-09-11 07:13:08 +02:00
|
|
|
syslog(LOG_WARNING, '['.$_SERVER['REMOTE_ADDR']."] authentication failed for ".$result["username"]);
|
2012-06-04 16:58:40 +02:00
|
|
|
closelog();
|
2018-06-06 07:36:24 +02:00
|
|
|
|
2012-06-04 16:58:40 +02:00
|
|
|
//redirect the user to the login page
|
2014-06-18 06:53:18 +02:00
|
|
|
$target_path = ($_REQUEST["path"] != '') ? $_REQUEST["path"] : $_SERVER["PHP_SELF"];
|
2023-06-18 01:16:39 +02:00
|
|
|
message::add($text['message-authentication_failed'], 'negative');
|
2023-04-16 09:10:39 +02:00
|
|
|
header("Location: ".PROJECT_PATH."/?path=".urlencode($target_path));
|
2012-06-04 16:58:40 +02:00
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
|
2021-08-01 06:55:48 +02:00
|
|
|
//if logged in, redirect to login destination
|
2021-08-05 06:38:48 +02:00
|
|
|
if (!isset($_REQUEST["key"])) {
|
2022-03-11 04:10:16 +01:00
|
|
|
if (isset($_SESSION['redirect_path'])) {
|
|
|
|
|
$redirect_path = $_SESSION['redirect_path'];
|
|
|
|
|
unset($_SESSION['redirect_path']);
|
|
|
|
|
// prevent open redirect attacks. redirect url shouldn't contain a hostname
|
|
|
|
|
$parsed_url = parse_url($redirect_path);
|
|
|
|
|
if ($parsed_url['host']) {
|
|
|
|
|
die("Was someone trying to hack you?");
|
|
|
|
|
}
|
|
|
|
|
header("Location: ".$redirect_path);
|
|
|
|
|
}
|
2023-04-16 09:10:39 +02:00
|
|
|
elseif (isset($_SESSION['login']['destination']['url'])) {
|
|
|
|
|
header("Location: ".$_SESSION['login']['destination']['url']);
|
|
|
|
|
}
|
|
|
|
|
elseif (file_exists($_SERVER["PROJECT_ROOT"]."/core/dashboard/app_config.php")) {
|
2021-11-10 16:27:53 +01:00
|
|
|
header("Location: ".PROJECT_PATH."/core/dashboard/");
|
2021-08-05 06:38:48 +02:00
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
require_once "resources/header.php";
|
|
|
|
|
require_once "resources/footer.php";
|
|
|
|
|
}
|
2021-08-01 06:55:48 +02:00
|
|
|
}
|
2021-08-05 06:38:48 +02:00
|
|
|
|
2012-06-04 16:58:40 +02:00
|
|
|
}
|
|
|
|
|
|
2019-09-24 21:51:38 +02:00
|
|
|
?>
|
