2012-06-04 16:58:40 +02:00
|
|
|
<?php
|
|
|
|
|
/*
|
|
|
|
|
FusionPBX
|
|
|
|
|
Version: MPL 1.1
|
|
|
|
|
|
|
|
|
|
The contents of this file are subject to the Mozilla Public License Version
|
|
|
|
|
1.1 (the "License"); you may not use this file except in compliance with
|
|
|
|
|
the License. You may obtain a copy of the License at
|
|
|
|
|
http://www.mozilla.org/MPL/
|
|
|
|
|
|
|
|
|
|
Software distributed under the License is distributed on an "AS IS" basis,
|
|
|
|
|
WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
|
|
|
|
for the specific language governing rights and limitations under the
|
|
|
|
|
License.
|
|
|
|
|
|
|
|
|
|
The Original Code is FusionPBX
|
|
|
|
|
|
|
|
|
|
The Initial Developer of the Original Code is
|
|
|
|
|
Mark J Crane <markjcrane@fusionpbx.com>
|
2019-07-26 03:54:16 +02:00
|
|
|
Portions created by the Initial Developer are Copyright (C) 2008-2019
|
2012-06-04 16:58:40 +02:00
|
|
|
the Initial Developer. All Rights Reserved.
|
|
|
|
|
|
|
|
|
|
Contributor(s):
|
|
|
|
|
Mark J Crane <markjcrane@fusionpbx.com>
|
|
|
|
|
*/
|
2016-09-11 07:13:08 +02:00
|
|
|
//includes
|
|
|
|
|
require_once "resources/require.php";
|
2013-09-01 08:40:28 +02:00
|
|
|
|
2017-06-10 06:13:51 +02:00
|
|
|
//add multi-lingual support
|
|
|
|
|
$language = new text;
|
2017-06-10 17:22:24 +02:00
|
|
|
$text = $language->get(null, 'resources');
|
2017-06-10 06:13:51 +02:00
|
|
|
|
|
|
|
|
//for compatibility require this library if less than version 5.5
|
2013-09-01 08:40:28 +02:00
|
|
|
if (version_compare(phpversion(), '5.5', '<')) {
|
|
|
|
|
require_once "resources/functions/password.php";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//start the session
|
2016-02-22 21:18:37 +01:00
|
|
|
ini_set("session.use_only_cookies", True);
|
2015-12-22 04:52:54 +01:00
|
|
|
ini_set("session.cookie_httponly", True);
|
2016-02-22 21:18:37 +01:00
|
|
|
if ($_SERVER["HTTPS"] == "on") { ini_set("session.cookie_secure", True); }
|
2016-12-12 06:47:51 +01:00
|
|
|
if (!isset($_SESSION)) { session_start(); }
|
2012-06-04 16:58:40 +02:00
|
|
|
|
2016-12-12 07:37:59 +01:00
|
|
|
//define variables
|
|
|
|
|
if (!isset($_SESSION['login']['destination']['url'])) { $_SESSION['login']['destination']['url'] = null; }
|
|
|
|
|
if (!isset($_SESSION['template_content'])) { $_SESSION["template_content"] = null; }
|
|
|
|
|
|
2017-07-01 17:44:34 +02:00
|
|
|
//if the username is not provided then send to login.php
|
2017-07-01 18:09:17 +02:00
|
|
|
if (strlen($_SESSION['username']) == 0 && strlen($_REQUEST["username"]) == 0 && strlen($_REQUEST["key"]) == 0) {
|
2017-07-01 17:44:34 +02:00
|
|
|
$target_path = ($_REQUEST["path"] != '') ? $_REQUEST["path"] : $_SERVER["REQUEST_URI"];
|
|
|
|
|
header("Location: ".PROJECT_PATH."/login.php?path=".urlencode($target_path));
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
|
2012-06-04 16:58:40 +02:00
|
|
|
//if the username session is not set the check username and password
|
2018-06-06 07:36:24 +02:00
|
|
|
if (strlen($_SESSION['username']) == 0) {
|
2015-03-17 15:44:09 +01:00
|
|
|
|
2012-06-04 16:58:40 +02:00
|
|
|
//clear the menu
|
2018-06-06 07:36:24 +02:00
|
|
|
unset($_SESSION["menu"]);
|
2012-06-04 16:58:40 +02:00
|
|
|
|
|
|
|
|
//clear the template only if the template has not been assigned by the superadmin
|
|
|
|
|
if (strlen($_SESSION['domain']['template']['name']) == 0) {
|
|
|
|
|
$_SESSION["template_content"] = '';
|
|
|
|
|
}
|
|
|
|
|
|
2016-09-11 07:13:08 +02:00
|
|
|
//validate the username and password
|
|
|
|
|
$auth = new authentication;
|
2018-06-06 07:36:24 +02:00
|
|
|
if (isset($_REQUEST["username"]) && isset($_REQUEST["password"])) {
|
2016-09-17 02:06:51 +02:00
|
|
|
$auth->username = $_REQUEST["username"];
|
|
|
|
|
$auth->password = $_REQUEST["password"];
|
|
|
|
|
}
|
2018-06-06 07:36:24 +02:00
|
|
|
if (isset($_REQUEST["key"])) {
|
2016-09-17 02:06:51 +02:00
|
|
|
$auth->key = $_REQUEST["key"];
|
|
|
|
|
}
|
2016-09-11 07:13:08 +02:00
|
|
|
$auth->debug = false;
|
|
|
|
|
$result = $auth->validate();
|
|
|
|
|
if ($result["authorized"] == "true") {
|
2019-07-26 03:54:16 +02:00
|
|
|
//set the session variables
|
2016-09-11 20:27:41 +02:00
|
|
|
$_SESSION["domain_uuid"] = $result["domain_uuid"];
|
2016-09-11 07:13:08 +02:00
|
|
|
$_SESSION["user_uuid"] = $result["user_uuid"];
|
2016-09-11 20:27:41 +02:00
|
|
|
|
2019-07-26 03:54:16 +02:00
|
|
|
//user session array
|
|
|
|
|
$_SESSION["user"]["domain_uuid"] = $result["domain_uuid"];
|
2016-09-11 07:13:08 +02:00
|
|
|
$_SESSION["user"]["user_uuid"] = $result["user_uuid"];
|
2019-07-26 03:54:16 +02:00
|
|
|
$_SESSION["user"]["username"] = $result["username"];
|
2016-09-11 07:13:08 +02:00
|
|
|
$_SESSION["user"]["contact_uuid"] = $result["contact_uuid"];
|
2012-07-26 21:24:55 +02:00
|
|
|
}
|
2016-09-11 07:13:08 +02:00
|
|
|
else {
|
2016-09-11 20:27:41 +02:00
|
|
|
//debug
|
|
|
|
|
if ($debug) {
|
2019-08-29 05:02:08 +02:00
|
|
|
view_array($result);
|
2016-09-11 20:27:41 +02:00
|
|
|
}
|
|
|
|
|
|
2012-06-04 16:58:40 +02:00
|
|
|
//log the failed auth attempt to the system, to be available for fail2ban.
|
|
|
|
|
openlog('FusionPBX', LOG_NDELAY, LOG_AUTH);
|
2016-09-11 07:13:08 +02:00
|
|
|
syslog(LOG_WARNING, '['.$_SERVER['REMOTE_ADDR']."] authentication failed for ".$result["username"]);
|
2012-06-04 16:58:40 +02:00
|
|
|
closelog();
|
2018-06-06 07:36:24 +02:00
|
|
|
|
2012-06-04 16:58:40 +02:00
|
|
|
//redirect the user to the login page
|
2014-06-18 06:53:18 +02:00
|
|
|
$target_path = ($_REQUEST["path"] != '') ? $_REQUEST["path"] : $_SERVER["PHP_SELF"];
|
2018-08-31 05:09:01 +02:00
|
|
|
message::add($text['message-invalid_credentials'], 'negative');
|
2014-06-18 06:53:18 +02:00
|
|
|
header("Location: ".PROJECT_PATH."/login.php?path=".urlencode($target_path));
|
2012-06-04 16:58:40 +02:00
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//get the groups assigned to the user and then set the groups in $_SESSION["groups"]
|
2019-08-29 05:02:08 +02:00
|
|
|
$sql = "select ";
|
|
|
|
|
$sql .= "u.user_group_uuid, ";
|
|
|
|
|
$sql .= "u.domain_uuid, ";
|
|
|
|
|
$sql .= "u.user_uuid, ";
|
|
|
|
|
$sql .= "u.group_uuid, ";
|
|
|
|
|
$sql .= "g.group_name, ";
|
|
|
|
|
$sql .= "g.group_level ";
|
|
|
|
|
$sql .= "from ";
|
|
|
|
|
$sql .= "v_user_groups as u, ";
|
|
|
|
|
$sql .= "v_groups as g ";
|
2019-07-26 03:54:16 +02:00
|
|
|
$sql .= "where u.domain_uuid = :domain_uuid ";
|
|
|
|
|
$sql .= "and u.user_uuid = :user_uuid ";
|
|
|
|
|
$sql .= "and u.group_uuid = g.group_uuid ";
|
2019-08-29 05:02:08 +02:00
|
|
|
$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
|
|
|
|
|
$parameters['user_uuid'] = $_SESSION["user_uuid"];
|
|
|
|
|
$database = new database;
|
|
|
|
|
$result = $database->select($sql, $parameters, 'all');
|
2012-06-04 16:58:40 +02:00
|
|
|
$_SESSION["groups"] = $result;
|
2019-07-26 03:54:16 +02:00
|
|
|
$_SESSION["user"]["groups"] = $result;
|
2019-08-29 05:02:08 +02:00
|
|
|
unset($sql, $parameters);
|
2012-06-04 16:58:40 +02:00
|
|
|
|
2019-07-26 04:14:06 +02:00
|
|
|
//get the users group level
|
|
|
|
|
$_SESSION["user"]["group_level"] = 0;
|
2019-07-26 04:15:43 +02:00
|
|
|
foreach ($_SESSION['user']['groups'] as $row) {
|
2019-07-26 04:14:06 +02:00
|
|
|
if ($_SESSION["user"]["group_level"] < $row['group_level']) {
|
|
|
|
|
$_SESSION["user"]["group_level"] = $row['group_level'];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2012-06-04 16:58:40 +02:00
|
|
|
//get the permissions assigned to the groups that the user is a member of set the permissions in $_SESSION['permissions']
|
2019-08-29 05:02:08 +02:00
|
|
|
if (is_array($_SESSION["groups"]) && @sizeof($_SESSION["groups"]) != 0) {
|
2014-06-10 23:16:42 +02:00
|
|
|
$x = 0;
|
|
|
|
|
$sql = "select distinct(permission_name) from v_group_permissions ";
|
2019-08-29 05:02:08 +02:00
|
|
|
$sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";
|
|
|
|
|
foreach ($_SESSION["groups"] as $field) {
|
2014-06-10 23:16:42 +02:00
|
|
|
if (strlen($field['group_name']) > 0) {
|
2019-08-29 05:02:08 +02:00
|
|
|
$sql_where_or[] = "group_name = :group_name_".$x;
|
|
|
|
|
$parameters['group_name_'.$x] = $field['group_name'];
|
2014-06-10 23:16:42 +02:00
|
|
|
$x++;
|
2012-06-04 16:58:40 +02:00
|
|
|
}
|
|
|
|
|
}
|
2019-08-29 05:02:08 +02:00
|
|
|
if (is_array($sql_where_or) && @sizeof($sql_where_or) != 0) {
|
|
|
|
|
$sql .= "and (".implode(' or ', $sql_where_or).") ";
|
|
|
|
|
}
|
|
|
|
|
$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
|
|
|
|
|
$database = new database;
|
|
|
|
|
$result = $database->select($sql, $parameters, 'all');
|
|
|
|
|
if (is_array($result) && @sizeof($result) != 0) {
|
2016-09-11 07:52:11 +02:00
|
|
|
foreach ($result as $row) {
|
|
|
|
|
$_SESSION['permissions'][$row["permission_name"]] = true;
|
2019-07-26 03:57:50 +02:00
|
|
|
$_SESSION["user"]["permissions"][$row["permission_name"]] = true;
|
2016-09-11 07:52:11 +02:00
|
|
|
}
|
|
|
|
|
}
|
2019-08-29 05:02:08 +02:00
|
|
|
unset($sql, $parameters, $result, $row);
|
2012-06-04 16:58:40 +02:00
|
|
|
}
|
|
|
|
|
|
2014-05-13 01:30:26 +02:00
|
|
|
//get the user settings
|
|
|
|
|
$sql = "select * from v_user_settings ";
|
2019-08-29 05:02:08 +02:00
|
|
|
$sql .= "where domain_uuid = :domain_uuid ";
|
|
|
|
|
$sql .= "and user_uuid = :user_uuid ";
|
2014-05-13 01:30:26 +02:00
|
|
|
$sql .= "and user_setting_enabled = 'true' ";
|
2019-08-29 05:02:08 +02:00
|
|
|
$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
|
|
|
|
|
$parameters['user_uuid'] = $_SESSION["user_uuid"];
|
|
|
|
|
$database = new database;
|
|
|
|
|
$result = $database->select($sql, $parameters, 'all');
|
|
|
|
|
if (is_array($result) && @sizeof($result) != 0) {
|
2014-05-13 01:30:26 +02:00
|
|
|
foreach ($result as $row) {
|
|
|
|
|
$name = $row['user_setting_name'];
|
|
|
|
|
$category = $row['user_setting_category'];
|
|
|
|
|
$subcategory = $row['user_setting_subcategory'];
|
2014-05-21 07:52:39 +02:00
|
|
|
if (strlen($row['user_setting_value']) > 0) {
|
|
|
|
|
if (strlen($subcategory) == 0) {
|
|
|
|
|
//$$category[$name] = $row['domain_setting_value'];
|
|
|
|
|
if ($name == "array") {
|
|
|
|
|
$_SESSION[$category][] = $row['user_setting_value'];
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$_SESSION[$category][$name] = $row['user_setting_value'];
|
|
|
|
|
}
|
2019-08-29 05:02:08 +02:00
|
|
|
}
|
|
|
|
|
else {
|
2014-05-21 07:52:39 +02:00
|
|
|
//$$category[$subcategory][$name] = $row['domain_setting_value'];
|
|
|
|
|
if ($name == "array") {
|
|
|
|
|
$_SESSION[$category][$subcategory][] = $row['user_setting_value'];
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$_SESSION[$category][$subcategory][$name] = $row['user_setting_value'];
|
|
|
|
|
}
|
2014-05-13 01:30:26 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2019-08-29 05:02:08 +02:00
|
|
|
unset($sql, $parameters, $result, $row);
|
2014-05-13 01:30:26 +02:00
|
|
|
|
2016-05-07 01:47:03 +02:00
|
|
|
//get the extensions that are assigned to this user
|
|
|
|
|
if (file_exists($_SERVER["PROJECT_ROOT"]."/app/extensions/app_config.php")) {
|
2019-08-29 05:02:08 +02:00
|
|
|
if (
|
|
|
|
|
isset($_SESSION["user"]) &&
|
|
|
|
|
is_uuid($_SESSION["user_uuid"]) &&
|
|
|
|
|
is_uuid($_SESSION["domain_uuid"]) &&
|
|
|
|
|
count($_SESSION['user']['extension']) == 0
|
|
|
|
|
) {
|
2016-05-07 01:47:03 +02:00
|
|
|
//get the user extension list
|
2016-12-12 07:37:59 +01:00
|
|
|
$_SESSION['user']['extension'] = null;
|
2016-05-07 01:47:03 +02:00
|
|
|
$sql = "select ";
|
2019-08-29 05:02:08 +02:00
|
|
|
$sql .= "e.extension_uuid, ";
|
|
|
|
|
$sql .= "e.extension, ";
|
|
|
|
|
$sql .= "e.number_alias, ";
|
|
|
|
|
$sql .= "e.user_context, ";
|
|
|
|
|
$sql .= "e.outbound_caller_id_name, ";
|
|
|
|
|
$sql .= "e.outbound_caller_id_number, ";
|
|
|
|
|
$sql .= "e.description ";
|
2016-05-07 01:47:03 +02:00
|
|
|
$sql .= "from ";
|
2019-08-29 05:02:08 +02:00
|
|
|
$sql .= "v_extension_users as u, ";
|
|
|
|
|
$sql .= "v_extensions as e ";
|
2016-05-07 01:47:03 +02:00
|
|
|
$sql .= "where ";
|
2019-08-29 05:02:08 +02:00
|
|
|
$sql .= "e.domain_uuid = :domain_uuid ";
|
|
|
|
|
$sql .= "and e.extension_uuid = u.extension_uuid ";
|
|
|
|
|
$sql .= "and u.user_uuid = :user_uuid ";
|
|
|
|
|
$sql .= "and e.enabled = 'true' ";
|
2016-05-07 01:47:03 +02:00
|
|
|
$sql .= "order by ";
|
2019-08-29 05:02:08 +02:00
|
|
|
$sql .= "e.extension asc ";
|
|
|
|
|
$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
|
|
|
|
|
$parameters['user_uuid'] = $_SESSION['user_uuid'];
|
|
|
|
|
$database = new database;
|
|
|
|
|
$result = $database->select($sql, $parameters, 'all');
|
|
|
|
|
if (is_array($result) && @sizeof($result) != 0) {
|
|
|
|
|
foreach($result as $x => $row) {
|
2017-04-28 01:58:20 +02:00
|
|
|
//set the destination
|
2019-08-29 05:02:08 +02:00
|
|
|
$destination = $row['extension'];
|
|
|
|
|
if (strlen($row['number_alias']) > 0) {
|
|
|
|
|
$destination = $row['number_alias'];
|
|
|
|
|
}
|
|
|
|
|
//build the user array
|
|
|
|
|
$_SESSION['user']['extension'][$x]['user'] = $row['extension'];
|
|
|
|
|
$_SESSION['user']['extension'][$x]['number_alias'] = $row['number_alias'];
|
|
|
|
|
$_SESSION['user']['extension'][$x]['destination'] = $destination;
|
|
|
|
|
$_SESSION['user']['extension'][$x]['extension_uuid'] = $row['extension_uuid'];
|
|
|
|
|
$_SESSION['user']['extension'][$x]['outbound_caller_id_name'] = $row['outbound_caller_id_name'];
|
|
|
|
|
$_SESSION['user']['extension'][$x]['outbound_caller_id_number'] = $row['outbound_caller_id_number'];
|
|
|
|
|
$_SESSION['user']['extension'][$x]['user_context'] = $row['user_context'];
|
|
|
|
|
$_SESSION['user']['extension'][$x]['description'] = $row['description'];
|
2017-04-28 01:58:20 +02:00
|
|
|
//set the user context
|
2019-08-29 05:02:08 +02:00
|
|
|
$_SESSION['user']['user_context'] = $row["user_context"];
|
|
|
|
|
$_SESSION['user_context'] = $row["user_context"];
|
2016-05-07 01:47:03 +02:00
|
|
|
}
|
|
|
|
|
}
|
2019-08-29 05:02:08 +02:00
|
|
|
unset($sql, $parameters, $result, $row);
|
2016-05-07 01:47:03 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2012-06-04 16:58:40 +02:00
|
|
|
//redirect the user
|
|
|
|
|
if (check_str($_REQUEST["rdr"]) !== 'n'){
|
|
|
|
|
$path = check_str($_POST["path"]);
|
2015-04-04 20:46:44 +02:00
|
|
|
if (isset($path) && !empty($path) && $path!="index2.php" && $path!="/install.php") {
|
2012-06-04 16:58:40 +02:00
|
|
|
header("Location: ".$path);
|
|
|
|
|
exit();
|
|
|
|
|
}
|
2015-04-04 20:46:44 +02:00
|
|
|
else if ($_SESSION['login']['destination']['url'] != '') {
|
|
|
|
|
header("Location: ".$_SESSION['login']['destination']['url']);
|
|
|
|
|
exit();
|
|
|
|
|
}
|
2012-06-04 16:58:40 +02:00
|
|
|
}
|
2015-07-28 18:42:07 +02:00
|
|
|
|
|
|
|
|
//get the domains
|
2019-08-22 19:15:13 +02:00
|
|
|
if (file_exists($_SERVER["PROJECT_ROOT"]."/app/domains/app_config.php") && !is_cli()){
|
2015-07-28 18:42:07 +02:00
|
|
|
require_once "app/domains/resources/domains.php";
|
|
|
|
|
}
|
|
|
|
|
|
2012-06-04 16:58:40 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//set the time zone
|
2016-12-12 06:19:02 +01:00
|
|
|
if (!isset($_SESSION["time_zone"]["user"])) { $_SESSION["time_zone"]["user"] = null; }
|
2012-06-04 16:58:40 +02:00
|
|
|
if (strlen($_SESSION["time_zone"]["user"]) == 0) {
|
|
|
|
|
//set the domain time zone as the default time zone
|
|
|
|
|
date_default_timezone_set($_SESSION['domain']['time_zone']['name']);
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
//set the user defined time zone
|
|
|
|
|
date_default_timezone_set($_SESSION["time_zone"]["user"]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//hide the path unless logged in as a superadmin.
|
|
|
|
|
if (!if_group("superadmin")) {
|
|
|
|
|
$v_path_show = false;
|
|
|
|
|
}
|
|
|
|
|
|
2019-08-29 05:02:08 +02:00
|
|
|
?>
|
