fusionpbx/core/authentication/resources/classes/plugins/database.php

<?php

/**
 * plugin_database 
 *
 * @method validate uses authentication plugins to check if a user is authorized to login
 * @method get_domain used to get the domain name from the URL or username and then sets both domain_name and domain_uuid
 */
class plugin_database {

	/**
	 * Define variables and their scope
	 */
	public $debug;
	public $domain_name;
	public $domain_uuid;
	public $user_uuid;
	public $contact_uuid;
	public $username;
	public $password;
	public $key;

	/**
	 * database checks the local database to authenticate the user or key
	 * @return array [authorized] => true or false
	 */
	function database() {

		//set the default status
			$user_authorized = false;

		//check the username and password if they don't match then redirect to the login
			$sql = "select * from v_users ";
			if (strlen($this->key) > 30) {
				$sql .= "where api_key = :key ";
				$parameters['api_key'] = $this->key;
			}
			else {
				$sql .= "where lower(username) = lower(:username) ";
				$parameters['username'] = $this->username;
			}
			if ($_SESSION["users"]["unique"]["text"] == "global") {
				//unique username - global (example: email address)
			}
			else {
				//unique username - per domain
				$sql .= "and domain_uuid = :domain_uuid ";
				$parameters['domain_uuid'] = $this->domain_uuid;
			}
			$sql .= "and (user_enabled = 'true' or user_enabled is null) ";
			$database = new database;
			$row = $database->select($sql, $parameters, 'row');
			if (is_array($row) && @sizeof($row) != 0) {

				//get the domain uuid when users are unique globally
					if ($_SESSION["users"]["unique"]["text"] == "global" && $row["domain_uuid"] != $this->domain_uuid) {
						//set the domain_uuid
							$this->domain_uuid = $row["domain_uuid"];
							$this->domain_name = $_SESSION['domains'][$this->domain_uuid]['domain_name'];

						//set the domain session variables
							$_SESSION["domain_uuid"] = $this->domain_uuid;
							$_SESSION["domain_name"] = $this->domain_name;

						//set the setting arrays
							$domain = new domains();
							$domain->db = $db;
							$domain->set();
					}

				//set the user_uuid
					$this->user_uuid = $row['user_uuid'];
					$this->contact_uuid = $row['contact_uuid'];

				//if salt is not defined then use the default salt for backwards compatibility
					if (strlen($row["salt"]) == 0) {
						$row["salt"] = 'e3.7d.12';
					}

				//compare the password provided by the user with the one in the database
					if (md5($row["salt"].$this->password) == $row["password"]) {
						$user_authorized = true;
					}
					else if (strlen($this->key) > 30 && $this->key == $row["api_key"]) {
						$user_authorized = true;
					}
					else {
						$user_authorized = false;
					}

			}
			unset($result);

		//result array
			$result["plugin"] = "database";
			$result["domain_name"] = $this->domain_name;
			$result["username"] = $this->username;
			if ($this->debug) {
				$result["password"] = $this->password;
			}
			$result["user_uuid"] = $this->user_uuid;
			$result["domain_uuid"] = $this->domain_uuid;
			$result["contact_uuid"] = $this->contact_uuid;
			$result["sql"] = $sql;
			if ($user_authorized) {
				$result["authorized"] = "true";
			}
			else {
				$result["authorized"] = "false";
			}
			return $result;
	}
}

?>
Create database.php Add the default plugin. 2016-09-11 01:58:06 +02:00			`<?php`

			`/**`
			`* plugin_database`
			`*`
Update database.php Add contact_uuid to the database plugin. 2016-09-11 06:22:37 +02:00			`* @method validate uses authentication plugins to check if a user is authorized to login`
			`* @method get_domain used to get the domain name from the URL or username and then sets both domain_name and domain_uuid`
Create database.php Add the default plugin. 2016-09-11 01:58:06 +02:00			`*/`
			`class plugin_database {`

			`/**`
			`* Define variables and their scope`
			`*/`
			`public $debug;`
			`public $domain_name;`
			`public $domain_uuid;`
			`public $user_uuid;`
Update database.php Add contact_uuid to the database plugin. 2016-09-11 06:22:37 +02:00			`public $contact_uuid;`
Create database.php Add the default plugin. 2016-09-11 01:58:06 +02:00			`public $username;`
			`public $password;`
			`public $key;`

			`/**`
			`* database checks the local database to authenticate the user or key`
			`* @return array [authorized] => true or false`
			`*/`
			`function database() {`

Misc Classes: Database class integration. 2019-09-02 23:57:18 +02:00			`//set the default status`
			`$user_authorized = false;`
Create database.php Add the default plugin. 2016-09-11 01:58:06 +02:00
			`//check the username and password if they don't match then redirect to the login`
Update database.php 2019-09-19 04:09:11 +02:00			`$sql = "select * from v_users ";`
Create database.php Add the default plugin. 2016-09-11 01:58:06 +02:00			`if (strlen($this->key) > 30) {`
Update database.php 2019-09-19 04:09:11 +02:00			`$sql .= "where api_key = :key ";`
Misc Classes: Database class integration. 2019-09-02 23:57:18 +02:00			`$parameters['api_key'] = $this->key;`
Create database.php Add the default plugin. 2016-09-11 01:58:06 +02:00			`}`
			`else {`
Update database.php 2019-09-19 04:09:11 +02:00			`$sql .= "where lower(username) = lower(:username) ";`
Misc Classes: Database class integration. 2019-09-02 23:57:18 +02:00			`$parameters['username'] = $this->username;`
Create database.php Add the default plugin. 2016-09-11 01:58:06 +02:00			`}`
Update database.php 2019-09-19 04:09:11 +02:00			`if ($_SESSION["users"]["unique"]["text"] == "global") {`
			`//unique username - global (example: email address)`
			`}`
			`else {`
			`//unique username - per domain`
Update database.php 2019-05-14 19:08:01 +02:00			`$sql .= "and domain_uuid = :domain_uuid ";`
Misc Classes: Database class integration. 2019-09-02 23:57:18 +02:00			`$parameters['domain_uuid'] = $this->domain_uuid;`
Create database.php Add the default plugin. 2016-09-11 01:58:06 +02:00			`}`
			`$sql .= "and (user_enabled = 'true' or user_enabled is null) ";`
Misc Classes: Database class integration. 2019-09-02 23:57:18 +02:00			`$database = new database;`
			`$row = $database->select($sql, $parameters, 'row');`
			`if (is_array($row) && @sizeof($row) != 0) {`
Update database.php 2016-09-11 20:45:56 +02:00
Misc Classes: Database class integration. 2019-09-02 23:57:18 +02:00			`//get the domain uuid when users are unique globally`
			`if ($_SESSION["users"]["unique"]["text"] == "global" && $row["domain_uuid"] != $this->domain_uuid) {`
			`//set the domain_uuid`
			`$this->domain_uuid = $row["domain_uuid"];`
			`$this->domain_name = $_SESSION['domains'][$this->domain_uuid]['domain_name'];`
Create database.php Add the default plugin. 2016-09-11 01:58:06 +02:00
Misc Classes: Database class integration. 2019-09-02 23:57:18 +02:00			`//set the domain session variables`
			`$_SESSION["domain_uuid"] = $this->domain_uuid;`
			`$_SESSION["domain_name"] = $this->domain_name;`
Create database.php Add the default plugin. 2016-09-11 01:58:06 +02:00
Misc Classes: Database class integration. 2019-09-02 23:57:18 +02:00			`//set the setting arrays`
			`$domain = new domains();`
			`$domain->db = $db;`
			`$domain->set();`
			`}`
Create database.php Add the default plugin. 2016-09-11 01:58:06 +02:00
Misc Classes: Database class integration. 2019-09-02 23:57:18 +02:00			`//set the user_uuid`
			`$this->user_uuid = $row['user_uuid'];`
			`$this->contact_uuid = $row['contact_uuid'];`
Create database.php Add the default plugin. 2016-09-11 01:58:06 +02:00
Misc Classes: Database class integration. 2019-09-02 23:57:18 +02:00			`//if salt is not defined then use the default salt for backwards compatibility`
			`if (strlen($row["salt"]) == 0) {`
			`$row["salt"] = 'e3.7d.12';`
			`}`
Create database.php Add the default plugin. 2016-09-11 01:58:06 +02:00
Misc Classes: Database class integration. 2019-09-02 23:57:18 +02:00			`//compare the password provided by the user with the one in the database`
			`if (md5($row["salt"].$this->password) == $row["password"]) {`
			`$user_authorized = true;`
			`}`
			`else if (strlen($this->key) > 30 && $this->key == $row["api_key"]) {`
			`$user_authorized = true;`
			`}`
Update database.php 2019-09-19 04:09:11 +02:00			`else {`
			`$user_authorized = false;`
			`}`
Create database.php Add the default plugin. 2016-09-11 01:58:06 +02:00
			`}`
			`unset($result);`

			`//result array`
			`$result["plugin"] = "database";`
			`$result["domain_name"] = $this->domain_name;`
			`$result["username"] = $this->username;`
			`if ($this->debug) {`
			`$result["password"] = $this->password;`
			`}`
			`$result["user_uuid"] = $this->user_uuid;`
			`$result["domain_uuid"] = $this->domain_uuid;`
Update database.php Fixed so $_SESSION['user']['contact_uuid'] would be populated as intended. 2019-02-19 21:12:41 +01:00			`$result["contact_uuid"] = $this->contact_uuid;`
Create database.php Add the default plugin. 2016-09-11 01:58:06 +02:00			`$result["sql"] = $sql;`
Update database.php 2019-09-19 04:09:11 +02:00			`if ($user_authorized) {`
			`$result["authorized"] = "true";`
			`}`
			`else {`
			`$result["authorized"] = "false";`
			`}`
Create database.php Add the default plugin. 2016-09-11 01:58:06 +02:00			`return $result;`
			`}`
			`}`

Update database.php 2019-09-19 04:09:11 +02:00			`?>`