dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add mutli-factor authentication.

This commit is contained in:
markjcrane 2023-04-16 01:10:39 -06:00
parent 74f6630df4
commit 00801b5b04
14 changed files with 1436 additions and 293 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/authentication/app_config.php
View File

@ -5,7 +5,7 @@
$apps[$x]['uuid'] = "a8a12918-69a4-4ece-a1ae-3932be0e41f1";
$apps[$x]['category'] = "Core";
$apps[$x]['subcategory'] = "";
$apps[$x]['version'] = "1.0";
$apps[$x]['version'] = "1.1";
$apps[$x]['license'] = "Mozilla Public License 1.1";
$apps[$x]['url'] = "http://www.fusionpbx.com";
$apps[$x]['description']['en-us'] = "Provides an authentication framework with plugins to check if a user is authorized to login.";

100
core/authentication/app_defaults.php Normal file
View File

@ -0,0 +1,100 @@
<?php
//add fax email templates
if ($domains_processed == 1) {
//build the array
$x = 0;
$array['email_templates'][$x]['email_template_uuid'] = 'e68ff1d0-aac3-4089-a257-2124a71938bc';
$array['email_templates'][$x]['template_language'] = 'en-us';
$array['email_templates'][$x]['template_category'] = 'authentication';
$array['email_templates'][$x]['template_subcategory'] = 'email';
$array['email_templates'][$x]['template_subject'] = 'Authentication Code';
$array['email_templates'][$x]['template_body'] .= "<html>\n";
$array['email_templates'][$x]['template_body'] .= " <body>\n";
$array['email_templates'][$x]['template_body'] .= " <br />\n";
$array['email_templates'][$x]['template_body'] .= " <br><strong>Security Code</strong><br><br>\n";
$array['email_templates'][$x]['template_body'] .= " Use the following code to verify your identity.<br>\n";
$array['email_templates'][$x]['template_body'] .= " Authentication Code: \${auth_code}<br>\n";
$array['email_templates'][$x]['template_body'] .= " <br />\n";
$array['email_templates'][$x]['template_body'] .= " </body>\n";
$array['email_templates'][$x]['template_body'] .= "</html>\n";
$array['email_templates'][$x]['template_type'] = "html";
$array['email_templates'][$x]['template_enabled'] = "true";
$x++;
$array['email_templates'][$x]['email_template_uuid'] = '9a9e3b5f-c439-47da-a901-90dcd340d101';
$array['email_templates'][$x]['template_language'] = 'en-gb';
$array['email_templates'][$x]['template_category'] = 'authentication';
$array['email_templates'][$x]['template_subcategory'] = 'email';
$array['email_templates'][$x]['template_subject'] = 'Authentication Code';
$array['email_templates'][$x]['template_body'] .= "<html>\n";
$array['email_templates'][$x]['template_body'] .= " <body>\n";
$array['email_templates'][$x]['template_body'] .= " <br />\n";
$array['email_templates'][$x]['template_body'] .= " <br><strong>Security Code</strong><br><br>\n";
$array['email_templates'][$x]['template_body'] .= " Use the following code to verify your identity.<br>\n";
$array['email_templates'][$x]['template_body'] .= " Authentication Code: \${auth_code}<br>\n";
$array['email_templates'][$x]['template_body'] .= " <br />\n";
$array['email_templates'][$x]['template_body'] .= " </body>\n";
$array['email_templates'][$x]['template_body'] .= "</html>\n";
$array['email_templates'][$x]['template_type'] = "html";
$array['email_templates'][$x]['template_enabled'] = "true";
$x++;
//build array of email template uuids
foreach ($array['email_templates'] as $row) {
if (is_uuid($row['email_template_uuid'])) {
$uuids[] = $row['email_template_uuid'];
}
}
//add the email templates to the database
if (is_array($uuids) && @sizeof($uuids) != 0) {
$sql = "select * from v_email_templates where ";
foreach ($uuids as $index => $uuid) {
$sql_where[] = "email_template_uuid = :email_template_uuid_".$index;
$parameters['email_template_uuid_'.$index] = $uuid;
}
$sql .= implode(' or ', $sql_where);
$database = new database;
$email_templates = $database->select($sql, $parameters, 'all');
unset($sql, $sql_where, $parameters);
//remove templates that already exist from the array
foreach ($array['email_templates'] as $index => $row) {
if (is_array($email_templates) && @sizeof($email_templates) != 0) {
foreach($email_templates as $email_template) {
if ($row['email_template_uuid'] == $email_template['email_template_uuid']) {
unset($array['email_templates'][$index]);
}
}
}
}
unset($email_templates, $index);
}
//add the missing email templates
if (is_array($array['email_templates']) && @sizeof($array['email_templates']) != 0) {
//add the temporary permission
$p = new permissions;
$p->add("email_template_add", 'temp');
$p->add("email_template_edit", 'temp');
//save the data
$database = new database;
$database->app_name = 'email_templates';
$database->app_uuid = '8173e738-2523-46d5-8943-13883befd2fd';
$database->save($array);
//$message = $database->message;
//remove the temporary permission
$p->delete("email_template_add", 'temp');
$p->delete("email_template_edit", 'temp');
}
//remove the array
unset($array);
}
?>

72
core/authentication/app_languages.php Normal file
View File

@ -0,0 +1,72 @@
<?php
$text['label-authentication_code']['en-us'] = "Authentication Code";
$text['label-authentication_code']['en-gb'] = "Authentication Code";
$text['label-authentication_code']['ar-eg'] = "";
$text['label-authentication_code']['de-at'] = ""; //copied from de-de
$text['label-authentication_code']['de-ch'] = ""; //copied from de-de
$text['label-authentication_code']['de-de'] = "";
$text['label-authentication_code']['el-gr'] = "";
$text['label-authentication_code']['es-cl'] = "";
$text['label-authentication_code']['es-mx'] = ""; //copied from es-cl
$text['label-authentication_code']['fr-ca'] = ""; //copied from fr-fr
$text['label-authentication_code']['fr-fr'] = "";
$text['label-authentication_code']['he-il'] = "";
$text['label-authentication_code']['it-it'] = "";
$text['label-authentication_code']['nl-nl'] = "";
$text['label-authentication_code']['pl-pl'] = "";
$text['label-authentication_code']['pt-br'] = ""; //copied from pt-pt
$text['label-authentication_code']['pt-pt'] = "";
$text['label-authentication_code']['ro-ro'] = "";
$text['label-authentication_code']['ru-ru'] = "";
$text['label-authentication_code']['sv-se'] = "";
$text['label-authentication_code']['uk-ua'] = "";
$text['label-authentication_code']['tr-tr'] = "";
$text['label-verify']['en-us'] = "Verify";
$text['label-verify']['en-gb'] = "Verify";
$text['label-verify']['ar-eg'] = "";
$text['label-verify']['de-at'] = ""; //copied from de-de
$text['label-verify']['de-ch'] = ""; //copied from de-de
$text['label-verify']['de-de'] = "";
$text['label-verify']['el-gr'] = "";
$text['label-verify']['es-cl'] = "";
$text['label-verify']['es-mx'] = ""; //copied from es-cl
$text['label-verify']['fr-ca'] = ""; //copied from fr-fr
$text['label-verify']['fr-fr'] = "";
$text['label-verify']['he-il'] = "";
$text['label-verify']['it-it'] = "";
$text['label-verify']['nl-nl'] = "";
$text['label-verify']['pl-pl'] = "";
$text['label-verify']['pt-br'] = ""; //copied from pt-pt
$text['label-verify']['pt-pt'] = "";
$text['label-verify']['ro-ro'] = "";
$text['label-verify']['ru-ru'] = "";
$text['label-verify']['sv-se'] = "";
$text['label-verify']['uk-ua'] = "";
$text['label-verify']['tr-tr'] = "";
$text['label-email_description']['en-us'] = "Check your email for the verification code.";
$text['label-email_description']['en-gb'] = "Check your email for the verification code.";
$text['label-email_description']['ar-eg'] = "";
$text['label-email_description']['de-at'] = ""; //copied from de-de
$text['label-email_description']['de-ch'] = ""; //copied from de-de
$text['label-email_description']['de-de'] = "";
$text['label-email_description']['el-gr'] = "";
$text['label-email_description']['es-cl'] = "";
$text['label-email_description']['es-mx'] = ""; //copied from es-cl
$text['label-email_description']['fr-ca'] = ""; //copied from fr-fr
$text['label-email_description']['fr-fr'] = "";
$text['label-email_description']['he-il'] = "";
$text['label-email_description']['it-it'] = "";
$text['label-email_description']['nl-nl'] = "";
$text['label-email_description']['pl-pl'] = "";
$text['label-email_description']['pt-br'] = ""; //copied from pt-pt
$text['label-email_description']['pt-pt'] = "";
$text['label-email_description']['ro-ro'] = "";
$text['label-email_description']['ru-ru'] = "";
$text['label-email_description']['sv-se'] = "";
$text['label-email_description']['uk-ua'] = "";
$text['label-email_description']['tr-tr'] = "";
?>

327
core/authentication/resources/classes/authentication.php
View File

@ -11,14 +11,10 @@ class authentication {
/**
* Define variables and their scope
*/
public $debug;
public $db;
public $domain_uuid;
public $domain_name;
public $username;
public $password;
public $plugins;
public $key;
/**
* Called when the object is created
@ -43,16 +39,21 @@ class authentication {
*/
public function validate() {
//set the default authentication method to the database
if (!is_array($_SESSION['authentication']['methods'])) {
$_SESSION['authentication']['methods'][] = 'database';
}
//get the domain_name and domain_uuid
if (!isset($this->domain_name) || !isset($this->domain_uuid)) {
$this->get_domain();
}
//start the session if its not started
if (session_status() === PHP_SESSION_NONE) {
session_start();
}
//set the default authentication method to the database
if (!is_array($_SESSION['authentication']['methods'])) {
$_SESSION['authentication']['methods'][] = 'database';
}
//automatically block multiple authentication failures
if (!isset($_SESSION['users']['max_retry']['numeric'])) {
$_SESSION['users']['max_retry']['numeric'] = 5;
@ -88,52 +89,328 @@ class authentication {
//use the authentication plugins
foreach ($_SESSION['authentication']['methods'] as $name) {
//already processed the plugin move to the next plugin
if ($_SESSION['authentication']['plugin'][$name]['authorized']) {
continue;
}
//prepare variables
$class_name = "plugin_".$name;
$base = realpath(dirname(__FILE__)) . "/plugins";
$plugin = $base."/".$name.".php";
//process the plugin
if (file_exists($plugin)) {
include_once $plugin;
$object = new $class_name();
$object->debug = $this->debug;
$object->domain_name = $this->domain_name;
$object->domain_uuid = $this->domain_uuid;
if (strlen($this->key) > 0) {
if ($plugin == 'database' && isset($this->key)) {
$object->key = $this->key;
}
if (strlen($this->username) > 0) {
if ($plugin == 'database' && isset($this->username)) {
$object->username = $this->username;
$object->password = $this->password;
}
$array = $object->$name();
$id = $array["plugin"];
$result['plugin'] = $array["plugin"];
$result['domain_name'] = $array["domain_name"];
$result['username'] = $array["username"];
if ($this->debug) {
$result["password"] = $this->password;
}
$result['user_uuid'] = $array["user_uuid"];
$result['contact_uuid'] = $array["contact_uuid"];
$result['domain_uuid'] = $array["domain_uuid"];
$result['authorized'] = $array["authorized"];
if (count($_SESSION['authentication']['methods']) > 1) {
$result['results'][] = $array;
//save the result to the authentication plugin
$_SESSION['authentication']['plugin'][$name] = $result;
}
}
//make sure all plugins are in the array
foreach ($_SESSION['authentication']['methods'] as $name) {
if (!isset($_SESSION['authentication']['plugin'][$name]['authorized'])) {
$_SESSION['authentication']['plugin'][$name]['plugin'] = $name;
$_SESSION['authentication']['plugin'][$name]['domain_name'] = $_SESSION['domain_name'];
$_SESSION['authentication']['plugin'][$name]['domain_uuid'] = $_SESSION['domain_uuid'];
$_SESSION['authentication']['plugin'][$name]['username'] = $_SESSION['username'];
$_SESSION['authentication']['plugin'][$name]['user_uuid'] = $_SESSION['user_uuid'];
$_SESSION['authentication']['plugin'][$name]['authorized'] = 0;
}
}
//debug information
//view_array($_SESSION['authentication'], false);
//set authorized to false if any authentication method failed
$authorized = false;
if (is_array($_SESSION['authentication']['plugin'])) {
foreach($_SESSION['authentication']['plugin'] as $row) {
if ($row["authorized"]) {
$authorized = true;
}
if ($result["authorized"] == "true") {
//add the username to the session
$_SESSION['username'] = $result["username"];
//end the loop
else {
$authorized = false;
break;
}
}
}
//result array
$result["plugin"] = "database";
$result["domain_name"] = $_SESSION['domain_name'];
if (!isset($_SESSION['username'])) {
$result["username"] = $_SESSION['username'];
}
if (!isset($_SESSION['user_uuid'])) {
$result["user_uuid"] = $_SESSION['user_uuid'];
}
$result["domain_uuid"] = $_SESSION['domain_uuid'];
if (!isset($_SESSION['contact_uuid'])) {
$result["contact_uuid"] = $_SESSION['contact_uuid'];
}
$result["authorized"] = $authorized;
//add user logs
if (file_exists($_SERVER["PROJECT_ROOT"]."/core/user_logs/app_config.php")) {
if ($result["authorized"]) {
user_logs::add($result);
}
//debug information
//if ($row["authorized"]) {
// echo "authorized: true\n";
//}
//else {
// echo "authorized: false\n";
//}
//user is authorized - get user settings, check user cidr
if ($authorized) {
//set a session variable to indicate authorized is set to true
$_SESSION['authorized'] = true;
//add the username to the session //username seesion could be set soone when check_auth uses an authorized session variable instead
$_SESSION['username'] = $result["username"];
//get the user settings
$sql = "select * from v_user_settings ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and user_uuid = :user_uuid ";
$sql .= "and user_setting_enabled = 'true' ";
$parameters['domain_uuid'] = $result["domain_uuid"];
$parameters['user_uuid'] = $result["user_uuid"];
$database = new database;
$user_settings = $database->select($sql, $parameters, 'all');
unset($sql, $parameters);
//build the user cidr array
if (is_array($user_settings) && @sizeof($user_settings) != 0) {
foreach ($user_settings as $row) {
if ($row['user_setting_category'] == "domain" && $row['user_setting_subcategory'] == "cidr" && $row['user_setting_name'] == "array") {
$cidr_array[] = $row['user_setting_value'];
}
}
}
//check to see if user address is in the cidr array
if (isset($cidr_array) && !defined('STDIN')) {
$found = false;
foreach($cidr_array as $cidr) {
if (check_cidr($cidr, $_SERVER['REMOTE_ADDR'])) {
$found = true;
break;
}
}
if (!$found) {
//destroy session
session_unset();
session_destroy();
//send http 403
header('HTTP/1.0 403 Forbidden', true, 403);
//exit the code
exit();
}
}
//set the session variables
$_SESSION["domain_uuid"] = $result["domain_uuid"];
//$_SESSION["domain_name"] = $result["domain_name"];
$_SESSION["user_uuid"] = $result["user_uuid"];
$_SESSION["context"] = $result['domain_name'];
//user session array
$_SESSION["user"]["domain_uuid"] = $result["domain_uuid"];
$_SESSION["user"]["domain_name"] = $result["domain_name"];
$_SESSION["user"]["user_uuid"] = $result["user_uuid"];
$_SESSION["user"]["username"] = $result["username"];
$_SESSION["user"]["contact_uuid"] = $result["contact_uuid"];
//get the groups assigned to the user and then set the groups in $_SESSION["groups"]
$sql = "select ";
$sql .= "u.user_group_uuid, ";
$sql .= "u.domain_uuid, ";
$sql .= "u.user_uuid, ";
$sql .= "u.group_uuid, ";
$sql .= "g.group_name, ";
$sql .= "g.group_level ";
$sql .= "from ";
$sql .= "v_user_groups as u, ";
$sql .= "v_groups as g ";
$sql .= "where u.domain_uuid = :domain_uuid ";
$sql .= "and u.user_uuid = :user_uuid ";
$sql .= "and u.group_uuid = g.group_uuid ";
$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
$parameters['user_uuid'] = $_SESSION["user_uuid"];
$database = new database;
$result = $database->select($sql, $parameters, 'all');
$_SESSION["groups"] = $result;
$_SESSION["user"]["groups"] = $result;
unset($sql, $parameters);
//get the users group level
$_SESSION["user"]["group_level"] = 0;
foreach ($_SESSION['user']['groups'] as $row) {
if ($_SESSION["user"]["group_level"] < $row['group_level']) {
$_SESSION["user"]["group_level"] = $row['group_level'];
}
}
//get the permissions assigned to the groups that the user is a member of set the permissions in $_SESSION['permissions']
if (is_array($_SESSION["groups"]) && @sizeof($_SESSION["groups"]) != 0) {
$x = 0;
$sql = "select distinct(permission_name) from v_group_permissions ";
$sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";
foreach ($_SESSION["groups"] as $field) {
if (strlen($field['group_name']) > 0) {
$sql_where_or[] = "group_name = :group_name_".$x;
$parameters['group_name_'.$x] = $field['group_name'];
$x++;
}
}
if (is_array($sql_where_or) && @sizeof($sql_where_or) != 0) {
$sql .= "and (".implode(' or ', $sql_where_or).") ";
}
$sql .= "and permission_assigned = 'true' ";
$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
$database = new database;
$result = $database->select($sql, $parameters, 'all');
if (is_array($result) && @sizeof($result) != 0) {
foreach ($result as $row) {
$_SESSION['permissions'][$row["permission_name"]] = true;
$_SESSION["user"]["permissions"][$row["permission_name"]] = true;
}
}
unset($sql, $parameters, $result, $row);
}
//get the domains
if (file_exists($_SERVER["PROJECT_ROOT"]."/app/domains/app_config.php") && !is_cli()){
require_once "app/domains/resources/domains.php";
}
//get the user settings
if (is_array($user_settings) && @sizeof($user_settings) != 0) {
foreach ($user_settings as $row) {
$name = $row['user_setting_name'];
$category = $row['user_setting_category'];
$subcategory = $row['user_setting_subcategory'];
if (strlen($row['user_setting_value']) > 0) {
if (strlen($subcategory) == 0) {
//$$category[$name] = $row['domain_setting_value'];
if ($name == "array") {
$_SESSION[$category][] = $row['user_setting_value'];
}
else {
$_SESSION[$category][$name] = $row['user_setting_value'];
}
}
else {
//$$category[$subcategory][$name] = $row['domain_setting_value'];
if ($name == "array") {
$_SESSION[$category][$subcategory][] = $row['user_setting_value'];
}
else {
$_SESSION[$category][$subcategory][$name] = $row['user_setting_value'];
}
}
}
}
}
unset($user_settings);
//get the extensions that are assigned to this user
if (file_exists($_SERVER["PROJECT_ROOT"]."/app/extensions/app_config.php")) {
if (isset($_SESSION["user"]) && is_uuid($_SESSION["user_uuid"]) && is_uuid($_SESSION["domain_uuid"]) && !isset($_SESSION['user']['extension'])) {
//get the user extension list
$_SESSION['user']['extension'] = null;
$sql = "select ";
$sql .= "e.extension_uuid, ";
$sql .= "e.extension, ";
$sql .= "e.number_alias, ";
$sql .= "e.user_context, ";
$sql .= "e.outbound_caller_id_name, ";
$sql .= "e.outbound_caller_id_number, ";
$sql .= "e.description ";
$sql .= "from ";
$sql .= "v_extension_users as u, ";
$sql .= "v_extensions as e ";
$sql .= "where ";
$sql .= "e.domain_uuid = :domain_uuid ";
$sql .= "and e.extension_uuid = u.extension_uuid ";
$sql .= "and u.user_uuid = :user_uuid ";
$sql .= "and e.enabled = 'true' ";
$sql .= "order by ";
$sql .= "e.extension asc ";
$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
$parameters['user_uuid'] = $_SESSION['user_uuid'];
$database = new database;
$result = $database->select($sql, $parameters, 'all');
if (is_array($result) && @sizeof($result) != 0) {
foreach($result as $x => $row) {
//set the destination
$destination = $row['extension'];
if (strlen($row['number_alias']) > 0) {
$destination = $row['number_alias'];
}
//build the user array
$_SESSION['user']['extension'][$x]['user'] = $row['extension'];
$_SESSION['user']['extension'][$x]['number_alias'] = $row['number_alias'];
$_SESSION['user']['extension'][$x]['destination'] = $destination;
$_SESSION['user']['extension'][$x]['extension_uuid'] = $row['extension_uuid'];
$_SESSION['user']['extension'][$x]['outbound_caller_id_name'] = $row['outbound_caller_id_name'];
$_SESSION['user']['extension'][$x]['outbound_caller_id_number'] = $row['outbound_caller_id_number'];
$_SESSION['user']['extension'][$x]['user_context'] = $row['user_context'];
$_SESSION['user']['extension'][$x]['description'] = $row['description'];
//set the context
$_SESSION['user']['user_context'] = $row["user_context"];
$_SESSION['user_context'] = $row["user_context"];
}
}
unset($sql, $parameters, $result, $row);
}
}
//set the time zone
if (!isset($_SESSION["time_zone"]["user"])) { $_SESSION["time_zone"]["user"] = null; }
if (strlen($_SESSION["time_zone"]["user"]) == 0) {
//set the domain time zone as the default time zone
date_default_timezone_set($_SESSION['domain']['time_zone']['name']);
}
else {
//set the user defined time zone
date_default_timezone_set($_SESSION["time_zone"]["user"]);
}
} //authorized true
//return the result
return $result;
}
@ -152,6 +429,7 @@ class authentication {
if (count($username_array) > 1) {
//get the domain name
$domain_name = $username_array[count($username_array) -1];
//check if the domain from the username exists then set the domain_uuid
$domain_exists = false;
foreach ($_SESSION['domains'] as $row) {
@ -161,12 +439,14 @@ class authentication {
break;
}
}
//if the domain exists then set domain_name and update the username
if ($domain_exists) {
$this->domain_name = $domain_name;
$this->username = substr($_REQUEST["username"], 0, -(strlen($domain_name)+1));
$_SESSION['domain_uuid'] = $this->domain_uuid;
}
//unset the domain name variable
unset($domain_name);
}
@ -196,7 +476,6 @@ class authentication {
//set the setting arrays
$obj = new domains();
$obj->db = $db;
$obj->set();
//set the domain settings

153
core/authentication/resources/classes/plugins/database.php
View File

@ -1,7 +1,7 @@
<?php
/**
* plugin_database
* plugin_database
*
* @method validate uses authentication plugins to check if a user is authorized to login
* @method get_domain used to get the domain name from the URL or username and then sets both domain_name and domain_uuid
@ -11,7 +11,6 @@ class plugin_database {
/**
* Define variables and their scope
*/
public $debug;
public $domain_name;
public $domain_uuid;
public $user_uuid;
@ -26,11 +25,122 @@ class plugin_database {
*/
function database() {
//already authorized
if (isset($_SESSION['authentication']['plugin']['database']) && $_SESSION['authentication']['plugin']['database']["authorized"]) {
//echo __line__;
return;
}
else {
if (isset($_SESSION['authentication']['plugin']['database']) && !$_SESSION['authentication']['plugin']['database']["authorized"]) {
//authorized false
session_unset();
session_destroy();
}
}
//show the authentication code view
if ($_REQUEST["username"] == '' && $_REQUEST["key"] == '') {
//set a default template
$_SESSION['domain']['template']['name'] = 'default';
$_SESSION['theme']['menu_brand_image']['text'] = PROJECT_PATH.'/themes/default/images/logo.png';
$_SESSION['theme']['menu_brand_type']['text'] = 'image';
//login logo source
if (isset($_SESSION['theme']['logo_login']['text']) && $_SESSION['theme']['logo_login']['text'] != '') {
$login_logo_source = $_SESSION['theme']['logo_login']['text'];
}
else if (isset($_SESSION['theme']['logo']['text']) && $_SESSION['theme']['logo']['text'] != '') {
$login_logo_source = $_SESSION['theme']['logo']['text'];
}
else {
$login_logo_source = PROJECT_PATH.'/themes/default/images/logo_login.png';
}
//login logo dimensions
if (isset($_SESSION['theme']['login_logo_width']['text']) && $_SESSION['theme']['login_logo_width']['text'] != '') {
$login_logo_width = $_SESSION['theme']['login_logo_width']['text'];
}
else {
$login_logo_width = 'auto; max-width: 300px';
}
if (isset($_SESSION['theme']['login_logo_height']['text']) && $_SESSION['theme']['login_logo_height']['text'] != '') {
$login_logo_height = $_SESSION['theme']['login_logo_height']['text'];
}
else {
$login_logo_height = 'auto; max-height: 300px';
}
//login destination url
$login_destination_url = $_SESSION['login']['destination']['url'];
//get the domain
$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
$domain_name = $domain_array[0];
//temp directory
$_SESSION['server']['temp']['dir'] = '/tmp';
//create token
//$object = new token;
//$token = $object->create('login');
//add multi-lingual support
$language = new text;
$text = $language->get(null, '/core/authentication');
//initialize a template object
$view = new template();
$view->engine = 'smarty';
$view->template_dir = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/core/authentication/resources/views/';
$view->cache_dir = $_SESSION['server']['temp']['dir'];
$view->init();
//add translations
$view->assign("login_title", $text['button-login']);
$view->assign("label_username", $text['label-username']);
$view->assign("label_password", $text['label-password']);
$view->assign("button_login", $text['button-login']);
//assign default values to the template
$view->assign("login_destination_url", $login_destination_url);
$view->assign("login_logo_width", $login_logo_width);
$view->assign("login_logo_height", $login_logo_height);
$view->assign("login_logo_source", $login_logo_source);
//add the token name and hash to the view
//$view->assign("token_name", $token['name']);
//$view->assign("token_hash", $token['hash']);
//show the views
$content = $view->render('login.htm');
echo $content;
exit;
}
//validate the token
//$token = new token;
//if (!$token->validate($_SERVER['PHP_SELF'])) {
// message::add($text['message-invalid_token'],'negative');
// header('Location: domains.php');
// exit;
//}
//add the authentication details
if (isset($_REQUEST["username"]) && isset($_REQUEST["password"])) {
$this->username = $_REQUEST["username"];
$this->password = $_REQUEST["password"];
}
if (isset($_REQUEST["key"])) {
$this->key = $_REQUEST["key"];
}
//set the default status
$user_authorized = false;
//check the username and password if they don't match then redirect to the login
$sql = "select u.user_uuid, u.contact_uuid, u.username, u.password, u.salt, u.api_key, u.domain_uuid, d.domain_name ";
$sql = "select u.user_uuid, u.contact_uuid, u.username, u.password, ";
$sql .= "u.user_email, u.salt, u.api_key, u.domain_uuid, d.domain_name ";
$sql .= "from v_users as u, v_domains as d ";
$sql .= "where u.domain_uuid = d.domain_uuid ";
if (strlen($this->key) > 30) {
@ -52,7 +162,11 @@ class plugin_database {
$sql .= "and (user_enabled = 'true' or user_enabled is null) ";
$database = new database;
$row = $database->select($sql, $parameters, 'row');
if (is_array($row) && @sizeof($row) !== 0) {
if (is_array($row)) {
//set the domain details
$this->domain_uuid = $_SESSION['domain_uuid'];
$this->domain_name = $_SESSION['domain_name'];
//get the domain uuid when users are unique globally
if ($_SESSION["users"]["unique"]["text"] === "global" && $row["domain_uuid"] !== $this->domain_uuid) {
@ -70,10 +184,22 @@ class plugin_database {
$domain->set();
}
//set the user_uuid
//set the variables
$this->user_uuid = $row['user_uuid'];
$this->username = $row['username'];
$this->contact_uuid = $row['contact_uuid'];
//debug info
//echo "user_uuid ".$this->user_uuid."<br />\n";
//echo "username ".$this->username."<br />\n";
//echo "contact_uuid ".$this->contact_uuid."<br />\n";
//set a few session variables
$_SESSION["user_uuid"] = $row['user_uuid'];
$_SESSION["contact_uuid"] = $row["contact_uuid"];
$_SESSION["username"] = $row['username'];
$_SESSION["user_email"] = $row['user_email'];
//validate the password
$valid_password = false;
if (isset($this->key) && strlen($this->key) > 30 && $this->key === $row["api_key"]) {
@ -82,7 +208,7 @@ class plugin_database {
else if (substr($row["password"], 0, 1) === '$') {
if (isset($this->password) && strlen($this->password) > 0) {
if (password_verify($this->password, $row["password"])) {
$valid_password = true;
$valid_password = true;
}
}
}
@ -137,20 +263,15 @@ class plugin_database {
$result["plugin"] = "database";
$result["domain_name"] = $this->domain_name;
$result["username"] = $this->username;
if ($this->debug) {
$result["password"] = $this->password;
}
$result["user_uuid"] = $this->user_uuid;
$result["domain_uuid"] = $this->domain_uuid;
$result["domain_uuid"] = $_SESSION['domain_uuid'];
$result["contact_uuid"] = $this->contact_uuid;
$result["sql"] = $sql;
if ($valid_password) {
$result["authorized"] = "true";
}
else {
$result["authorized"] = "false";
}
$result["authorized"] = $valid_password;
//return the results
return $result;
}
}

395
core/authentication/resources/classes/plugins/email.php Normal file
View File

@ -0,0 +1,395 @@
<?php
/**
* plugin_email
*
* @method email time based one time password authenticate the user
*/
class plugin_email {
/**
* Define variables and their scope
*/
public $domain_name;
public $domain_uuid;
public $username;
public $password;
public $user_uuid;
public $user_email;
public $contact_uuid;
/**
* time based one time password with email
* @return array [authorized] => true or false
*/
function email() {
//set a default template
$_SESSION['domain']['template']['name'] = 'default';
$_SESSION['theme']['menu_brand_image']['text'] = PROJECT_PATH.'/themes/default/images/logo.png';
$_SESSION['theme']['menu_brand_type']['text'] = 'image';
//login logo source
if (isset($_SESSION['theme']['logo_login']['text']) && $_SESSION['theme']['logo_login']['text'] != '') {
$login_logo_source = $_SESSION['theme']['logo_login']['text'];
}
else if (isset($_SESSION['theme']['logo']['text']) && $_SESSION['theme']['logo']['text'] != '') {
$login_logo_source = $_SESSION['theme']['logo']['text'];
}
else {
$login_logo_source = PROJECT_PATH.'/themes/default/images/logo_login.png';
}
//login logo dimensions
if (isset($_SESSION['theme']['login_logo_width']['text']) && $_SESSION['theme']['login_logo_width']['text'] != '') {
$login_logo_width = $_SESSION['theme']['login_logo_width']['text'];
}
else {
$login_logo_width = 'auto; max-width: 300px';
}
if (isset($_SESSION['theme']['login_logo_height']['text']) && $_SESSION['theme']['login_logo_height']['text'] != '') {
$login_logo_height = $_SESSION['theme']['login_logo_height']['text'];
}
else {
$login_logo_height = 'auto; max-height: 300px';
}
//login destination url
$login_destination_url = $_SESSION['login']['destination']['url'];
//get the domain
$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
$domain_name = $domain_array[0];
//temp directory
$_SESSION['server']['temp']['dir'] = '/tmp';
//request the username
if (!isset($_POST['username']) && !isset($_POST['authentication_code'])) {
//add multi-lingual support
$language = new text;
$text = $language->get(null, '/core/authentication');
//initialize a template object
$view = new template();
$view->engine = 'smarty';
$view->template_dir = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/core/authentication/resources/views/';
$view->cache_dir = $_SESSION['server']['temp']['dir'];
$view->init();
//assign default values to the template
$view->assign("login_title", $text['label-username']);
$view->assign("login_username", $text['label-username']);
$view->assign("login_logo_width", $login_logo_width);
$view->assign("login_logo_height", $login_logo_height);
$view->assign("login_logo_source", $login_logo_source);
$view->assign("button_login", $text['button-login']);
//show the views
$content = $view->render('username.htm');
echo $content;
exit;
}
//show the authentication code view
if (!isset($_POST['authentication_code'])) {
//get the username
//if (!isset($this->username) && isset($_REQUEST['username'])) {
// $this->username = $_REQUEST['username'];
//}
//get the user details
$sql = "select user_uuid, username, user_email, contact_uuid \n";
$sql .= "from v_users\n";
$sql .= "where username = :username\n";
if ($_SESSION["users"]["unique"]["text"] != "global") {
//unique username per domain (not globally unique across system - example: email address)
$sql .= "and domain_uuid = :domain_uuid ";
$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
}
$parameters['username'] = $_REQUEST['username'];
$database = new database;
$row = $database->select($sql, $parameters, 'row');
unset($parameters);
//set class variables
//if (strlen($row["user_email"]) > 0) {
// $this->user_uuid = $row['user_uuid'];
// $this->user_email = $row['user_email'];
// $this->contact_uuid = $row['contact_uuid'];
//}
//set a few session variables
$_SESSION["user_uuid"] = $row['user_uuid'];
$_SESSION["username"] = $row['username'];
$_SESSION["user_email"] = $row['user_email'];
$_SESSION["contact_uuid"] = $row["contact_uuid"];
//user email not found
if (strlen($row["user_email"]) == 0) {
//build the result array
$result["plugin"] = "email";
$result["domain_name"] = $_SESSION["domain_name"];
$result["username"] = $_REQUEST['username'];
$result["user_uuid"] = $_SESSION["user_uuid"];
$result["domain_uuid"] = $_SESSION["domain_uuid"];
$result["contact_uuid"] = $_SESSION["contact_uuid"];
$result["authorized"] = false;
//add the failed login to user logs
user_logs::add($result);
//return the array
return $result;
}
//authentication code
$_SESSION["user"]["authentication"]["email"]["code"] = generate_password(6, 1);
$_SESSION["user"]["authentication"]["email"]["epoch"] = time();
////$_SESSION["authentication_address"] = $_SERVER['REMOTE_ADDR'];
////$_SESSION["authentication_date"] = 'now()';
//set the authentication code
//$sql = "update v_users \n";
//$sql .= "set auth_code = :auth_code \n";
//$sql .= "where user_uuid = :user_uuid;";
//$parameters['auth_code'] = $auth_code_hash;
//$parameters['user_uuid'] = $this->user_uuid;
//$database->execute($sql, $parameters);
//unset($sql);
//email settings
//$email_address = $this->user_email;
//$email_subject = 'Validation Code';
//$email_body = 'Validation Code: '.$authentication_code;
//send email with the authentication_code
//ob_start();
//$sent = !send_email($email_address, $email_subject, $email_body, $email_error, null, null, 3, 3) ? false : true;
//$response = ob_get_clean();
//get the language code
$language_code = $_SESSION['domain']['language']['code'];
//get the email template from the database
$sql = "select template_subject, template_body ";
$sql .= "from v_email_templates ";
$sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";
$sql .= "and template_language = :template_language ";
$sql .= "and template_category = :template_category ";
$sql .= "and template_subcategory = :template_subcategory ";
$sql .= "and template_type = :template_type ";
$sql .= "and template_enabled = 'true' ";
$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
$parameters['template_language'] = $language_code;
$parameters['template_category'] = 'authentication';
$parameters['template_subcategory'] = 'email';
$parameters['template_type'] = 'html';
$database = new database;
$row = $database->select($sql, $parameters, 'row');
$email_subject = $row['template_subject'];
$email_body = $row['template_body'];
unset($sql, $parameters, $row);
//replace variables in email subject
$email_subject = str_replace('${domain_name}', $_SESSION["domain_name"], $email_subject);
//replace variables in email body
$email_body = str_replace('${domain_name}', $_SESSION["domain_name"], $email_body);
$email_body = str_replace('${auth_code}', $_SESSION["user"]["authentication"]["email"]["code"], $email_body);
//get the email from name and address
$email_from_address = $_SESSION['email']['smtp_from']['text'];
$email_from_name = $_SESSION['email']['smtp_from_name']['text'];
//send email - direct
$email = new email;
$email->recipients = $_SESSION["user_email"];
$email->subject = $email_subject;
$email->body = $email_body;
$email->from_address = $email_from_address;
$email->from_name = $email_from_name;
//$email->attachments = $email_attachments;
$email->debug_level = 0;
$email->method = 'direct';
$sent = $email->send();
//debug informations
//$email_response = $email->response;
//$email_error = $email->email_error;
//echo $email_response."<br />\n";
//echo $email_error."<br />\n";
//set a default template
$_SESSION['domain']['template']['name'] = 'default';
$_SESSION['theme']['menu_brand_image']['text'] = PROJECT_PATH.'/themes/default/images/logo.png';
$_SESSION['theme']['menu_brand_type']['text'] = 'image';
//get the domain
$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
$domain_name = $domain_array[0];
//temp directory
$_SESSION['server']['temp']['dir'] = '/tmp';
//create token
//$object = new token;
//$token = $object->create('login');
//add multi-lingual support
$language = new text;
$text = $language->get(null, '/core/authentication');
//initialize a template object
$view = new template();
$view->engine = 'smarty';
$view->template_dir = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/core/authentication/resources/views/';
$view->cache_dir = $_SESSION['server']['temp']['dir'];
$view->init();
//assign default values to the template
$view->assign("login_title", $text['label-verify']);
$view->assign("login_email_description", $text['label-email_description']);
$view->assign("login_authentication_code", $text['label-authentication_code']);
$view->assign("login_logo_width", $login_logo_width);
$view->assign("login_logo_height", $login_logo_height);
$view->assign("login_logo_source", $login_logo_source);
$view->assign("button_verify", $text['label-verify']);
//debug information
//echo "<pre>\n";
//print_r($text);
//echo "</pre>\n";
//show the views
$content = $view->render('email.htm');
echo $content;
exit;
}
//if authorized then verify
if (isset($_POST['authentication_code'])) {
//check if the authentication code has expired. if expired return false
if ($_SESSION["user"]["authentication"]["email"]["epoch"] + 3 > time()) {
//authentication code expired
$result["plugin"] = "email";
$result["domain_name"] = $_SESSION["domain_name"];
$result["username"] = $_SESSION["username"];
$result["error_message"] = 'code expired';
$result["authorized"] = false;
print_r($result);
return $result;
exit;
}
//get the user details
$sql = "select user_uuid, user_email, contact_uuid, user_email_secret\n";
$sql .= "from v_users\n";
$sql .= "where username = :username\n";
if ($_SESSION["users"]["unique"]["text"] != "global") {
//unique username per domain (not globally unique across system - example: email address)
$sql .= "and domain_uuid = :domain_uuid ";
$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
}
$parameters['username'] = $_SESSION["username"];
$database = new database;
$row = $database->select($sql, $parameters, 'row');
$this->user_uuid = $row['user_uuid'];
$this->user_email = $row['user_email'];
$this->contact_uuid = $row['contact_uuid'];
$this->user_email_secret = $row['user_email_secret'];
unset($parameters);
//validate the code
if ($_SESSION["user"]["authentication"]["email"]["code"] === $_POST['authentication_code']) {
$auth_valid = true;
}
else {
$auth_valid = false;
}
//get the user details
if ($auth_valid) {
//get user data from the database
$sql = "select user_uuid, username, user_email, contact_uuid from v_users ";
$sql .= "where user_uuid = :user_uuid ";
if ($_SESSION["users"]["unique"]["text"] != "global") {
//unique username per domain (not globally unique across system - example: email address)
$sql .= "and domain_uuid = :domain_uuid ";
$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
}
$parameters['user_uuid'] = $_SESSION["user_uuid"];
$database = new database;
$row = $database->select($sql, $parameters, 'row');
//view_array($row);
unset($parameters);
//set a few session variables
//$_SESSION["username"] = $row['username']; //setting the username makes it skip the rest of the authentication
//$_SESSION["user_email"] = $row['user_email'];
//$_SESSION["contact_uuid"] = $row["contact_uuid"];
}
else {
//destroy session
session_unset();
session_destroy();
//$_SESSION['authentication']['plugin']
//send http 403
header('HTTP/1.0 403 Forbidden', true, 403);
//redirect to the root of the website
header("Location: ".PROJECT_PATH."/");
//exit the code
exit();
}
/*
//check if user successfully logged in during the interval
//$sql = "select user_log_uuid, timestamp, user_name, user_agent, remote_address ";
$sql = "select count(*) as count ";
$sql .= "from v_user_logs ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and user_uuid = :user_uuid ";
$sql .= "and user_agent = :user_agent ";
$sql .= "and type = 'login' ";
$sql .= "and result = 'success' ";
$sql .= "and floor(extract(epoch from now()) - extract(epoch from timestamp)) > 3 ";
$sql .= "and floor(extract(epoch from now()) - extract(epoch from timestamp)) < 300 ";
$parameters['domain_uuid'] = $this->domain_uuid;
$parameters['user_uuid'] = $this->user_uuid;
$parameters['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
$database = new database;
$user_log_count = $database->select($sql, $parameters, 'all');
//view_array($user_log_count);
unset($sql, $parameters);
*/
//result array
$result["plugin"] = "email";
$result["domain_name"] = $_SESSION["domain_name"];
$result["username"] = $_SESSION["username"];
$result["user_uuid"] = $_SESSION["user_uuid"];
$result["domain_uuid"] = $_SESSION["domain_uuid"];
$result["contact_uuid"] = $_SESSION["contact_uuid"];
$result["authorized"] = $auth_valid ? true : false;
return $result;
//$_SESSION['authentication']['plugin']['email']['plugin'] = "email";
//$_SESSION['authentication']['plugin']['email']['domain_name'] = $_SESSION["domain_name"];
//$_SESSION['authentication']['plugin']['email']['username'] = $row['username'];
//$_SESSION['authentication']['plugin']['email']['user_uuid'] = $_SESSION["user_uuid"];
//$_SESSION['authentication']['plugin']['email']['contact_uuid'] = $_SESSION["contact_uuid"];
//$_SESSION['authentication']['plugin']['email']['domain_uuid'] = $_SESSION["domain_uuid"];
//$_SESSION['authentication']['plugin']['email']['authorized'] = $auth_valid ? true : false;
}
}
}
?>

14
core/authentication/resources/classes/plugins/ldap.php
View File

@ -140,15 +140,15 @@ class plugin_ldap {
}
//result array
$result["plugin"] = "ldap";
$result["domain_name"] = $this->domain_name;
$result["username"] = $this->username;
$result["ldap"]["plugin"] = "ldap";
$result["ldap"]["domain_name"] = $this->domain_name;
$result["ldap"]["username"] = $this->username;
if ($this->debug) {
$result["password"] = $this->password;
$result["ldap"]["password"] = $this->password;
}
$result["user_uuid"] = $this->user_uuid;
$result["domain_uuid"] = $this->domain_uuid;
$result["authorized"] = $user_authorized ? 'true' : 'false';
$result["ldap"]["user_uuid"] = $this->user_uuid;
$result["ldap"]["domain_uuid"] = $this->domain_uuid;
$result["ldap"]["authorized"] = $user_authorized ? true : false;
return $result;
}
}

266
core/authentication/resources/classes/plugins/totp.php Normal file
View File

@ -0,0 +1,266 @@
<?php
/**
* plugin_totp
*
* @method totp time based one time password authenticate the user
*/
class plugin_totp {
/**
* Define variables and their scope
*/
public $debug;
public $domain_name;
public $username;
public $password;
public $user_uuid;
public $user_email;
public $contact_uuid;
private $user_totp_secret;
/**
* time based one time password aka totp
* @return array [authorized] => true or false
*/
function totp() {
//request the username
if (!isset($_POST['username']) && !isset($_POST['authentication_code'])) {
//set a default template
$_SESSION['domain']['template']['name'] = 'default';
$_SESSION['theme']['menu_brand_image']['text'] = PROJECT_PATH.'/themes/default/images/logo.png';
$_SESSION['theme']['menu_brand_type']['text'] = 'image';
//get the domain
$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
$domain_name = $domain_array[0];
//temp directory
$_SESSION['server']['temp']['dir'] = '/tmp';
//create token
//$object = new token;
//$token = $object->create('login');
//add multi-lingual support
$language = new text;
$text = $language->get(null, '/core/authentication');
//initialize a template object
$view = new template();
$view->engine = 'smarty';
$view->template_dir = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/core/authentication/resources/views/';
$view->cache_dir = $_SESSION['server']['temp']['dir'];
$view->init();
//assign default values to the template
$view->assign("login_title", $text['label-username']);
$view->assign("login_username", $text['label-username']);
$view->assign("login_logo_width", $login_logo_width);
$view->assign("login_logo_height", $login_logo_height);
$view->assign("login_logo_source", $login_logo_source);
$view->assign("button_login", $text['button-login']);
//show the views
$content = $view->render('username.htm');
echo $content;
exit;
}
//show the authentication code view
if (!isset($_POST['authentication_code'])) {
//get the username
if (!isset($this->username) && isset($_REQUEST['username'])) {
$this->username = $_REQUEST['username'];
}
//get the user details
$sql = "select user_uuid, username, user_email, contact_uuid, user_totp_secret\n";
$sql .= "from v_users\n";
$sql .= "where username = :username\n";
if ($_SESSION["users"]["unique"]["text"] != "global") {
//unique username per domain (not globally unique across system - example: email address)
$sql .= "and domain_uuid = :domain_uuid ";
$parameters['domain_uuid'] = $this->domain_uuid;
}
$parameters['username'] = $this->username;
$database = new database;
$row = $database->select($sql, $parameters, 'row');
unset($parameters);
//set class variables
$this->user_uuid = $row['user_uuid'];
$this->user_email = $row['user_email'];
$this->contact_uuid = $row['contact_uuid'];
$this->user_totp_secret = $row['user_totp_secret'];
//set a few session variables
$_SESSION["user_uuid"] = $row['user_uuid'];
$_SESSION["username"] = $row['username'];
$_SESSION["user_email"] = $row['user_email'];
$_SESSION["contact_uuid"] = $row["contact_uuid"];
//set a default template
$_SESSION['domain']['template']['name'] = 'default';
$_SESSION['theme']['menu_brand_image']['text'] = PROJECT_PATH.'/themes/default/images/logo.png';
$_SESSION['theme']['menu_brand_type']['text'] = 'image';
//get the domain
$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
$domain_name = $domain_array[0];
//temp directory
$_SESSION['server']['temp']['dir'] = '/tmp';
//create token
//$object = new token;
//$token = $object->create('login');
//add multi-lingual support
$language = new text;
$text = $language->get(null, '/core/authentication');
//initialize a template object
$view = new template();
$view->engine = 'smarty';
$view->template_dir = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/core/authentication/resources/views/';
$view->cache_dir = $_SESSION['server']['temp']['dir'];
$view->init();
//assign default values to the template
$view->assign("login_title", $text['label-verify']);
$view->assign("login_authentication_code", $text['label-authentication_code']);
$view->assign("login_logo_width", $login_logo_width);
$view->assign("login_logo_height", $login_logo_height);
$view->assign("login_logo_source", $login_logo_source);
$view->assign("button_verify", $text['label-verify']);
//show the views
$content = $view->render('totp.htm');
echo $content;
exit;
}
//if authorized then verify
if (isset($_POST['authentication_code'])) {
//get the user details
$sql = "select user_uuid, user_email, contact_uuid, user_totp_secret\n";
$sql .= "from v_users\n";
$sql .= "where username = :username\n";
if ($_SESSION["users"]["unique"]["text"] != "global") {
//unique username per domain (not globally unique across system - example: email address)
$sql .= "and domain_uuid = :domain_uuid ";
$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
}
$parameters['username'] = $_SESSION["username"];
$database = new database;
$row = $database->select($sql, $parameters, 'row');
$this->user_uuid = $row['user_uuid'];
$this->user_email = $row['user_email'];
$this->contact_uuid = $row['contact_uuid'];
$this->user_totp_secret = $row['user_totp_secret'];
unset($parameters);
//include the google authenticator
include_once "resources/google_authenticator/GoogleAuthenticatorInterface.php";
include_once "resources/google_authenticator/FixedBitNotation.php";
include_once "resources/google_authenticator/GoogleAuthenticator.php";
//create the authenticator object
$totp = new \Sonata\GoogleAuthenticator\GoogleAuthenticator();
//validate the code
if ($totp->checkCode($this->user_totp_secret, $_POST['authentication_code'])) {
$auth_valid = true;
}
else {
$auth_valid = false;
}
//get the user details
if ($auth_valid) {
//get user data from the database
$sql = "select user_uuid, username, user_email, contact_uuid from v_users ";
$sql .= "where user_uuid = :user_uuid ";
if ($_SESSION["users"]["unique"]["text"] != "global") {
//unique username per domain (not globally unique across system - example: email address)
$sql .= "and domain_uuid = :domain_uuid ";
$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
}
$parameters['user_uuid'] = $_SESSION["user_uuid"];
$database = new database;
$row = $database->select($sql, $parameters, 'row');
//view_array($row);
unset($parameters);
}
else {
//destroy session
session_unset();
session_destroy();
//$_SESSION['authentication']['plugin']
//send http 403
header('HTTP/1.0 403 Forbidden', true, 403);
//redirect to the root of the website
header("Location: ".PROJECT_PATH."/");
//exit the code
exit();
}
/*
//check if user successfully logged in during the interval
//$sql = "select user_log_uuid, timestamp, user_name, user_agent, remote_address ";
$sql = "select count(*) as count ";
$sql .= "from v_user_logs ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and user_uuid = :user_uuid ";
$sql .= "and user_agent = :user_agent ";
$sql .= "and type = 'login' ";
$sql .= "and result = 'success' ";
$sql .= "and floor(extract(epoch from now()) - extract(epoch from timestamp)) > 3 ";
$sql .= "and floor(extract(epoch from now()) - extract(epoch from timestamp)) < 300 ";
$parameters['domain_uuid'] = $this->domain_uuid;
$parameters['user_uuid'] = $this->user_uuid;
$parameters['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
$database = new database;
$user_log_count = $database->select($sql, $parameters, 'all');
//view_array($user_log_count);
unset($sql, $parameters);
*/
//build the result array
$result["plugin"] = "totp";
$result["domain_name"] = $_SESSION["domain_name"];
$result["username"] = $_SESSION["username"];
$result["user_uuid"] = $_SESSION["user_uuid"];
$result["domain_uuid"] = $_SESSION["domain_uuid"];
$result["contact_uuid"] = $_SESSION["contact_uuid"];
$result["authorized"] = $auth_valid ? true : false;
//add the failed login to user logs
if (!$auth_valid) {
user_logs::add($result);
}
//retun the array
return $result;
//$_SESSION['authentication']['plugin']['totp']['plugin'] = "totp";
//$_SESSION['authentication']['plugin']['totp']['domain_name'] = $_SESSION["domain_name"];
//$_SESSION['authentication']['plugin']['totp']['username'] = $row['username'];
//$_SESSION['authentication']['plugin']['totp']['user_uuid'] = $_SESSION["user_uuid"];
//$_SESSION['authentication']['plugin']['totp']['contact_uuid'] = $_SESSION["contact_uuid"];
//$_SESSION['authentication']['plugin']['totp']['domain_uuid'] = $_SESSION["domain_uuid"];
//$_SESSION['authentication']['plugin']['totp']['authorized'] = $auth_valid ? true : false;
}
}
}
?>

36
core/authentication/resources/views/email.htm Normal file
View File

@ -0,0 +1,36 @@
<!DOCTYPE html>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<meta charset='utf-8'>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<meta http-equiv='X-UA-Compatible' content='IE=edge'>
<meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no' />
<link rel='stylesheet' type='text/css' href='{$project_path}/themes/default/css.php'>
<title>{$login_title}</title>
<body>
<div id='page' align='center'>
<div id='default_login'>
<!--
<a href='{$project_path}/'><img id='login_logo' style='width: {$login_logo_width}; height: {$login_logo_height};' src='{$login_logo_source}'/></a><br />
-->
<form method='post' name='frm' action=''>
<div>
{$login_email_description}
<br /><br />
<input class='formfld' type='text' name='authentication_code' maxlength='255' placeholder="{$login_authentication_code}" value="{$authentication_code}">
<br /><br />
</div>
<div>
<input type='hidden' name='{$token_name}' value='{$token_hash}'>
<input type='submit' name='' class='btn' value='{$button_verify}'>
</div>
</form>
</div>
</div>
<!--
<div id='footer_login'>
<span class='footer'>{$settings.theme.footer}</span>
</div>
-->
</body>
</html>

32
core/authentication/resources/views/login.htm Normal file
View File

@ -0,0 +1,32 @@
<!DOCTYPE html>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<meta charset='utf-8'>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<meta http-equiv='X-UA-Compatible' content='IE=edge'>
<meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no' />
<link rel='stylesheet' type='text/css' href='{$project_path}/themes/default/css.php'>
<title>{$login_title}</title>
<body>
<div id='page' align='center'>
<div id='default_login'>
<a href='{$project_path}/'><img id='login_logo' style='width: {$login_logo_width}; height: {$login_logo_height};' src='{$login_logo_source}'></a><br />
<form method='post' name='frm' action='{$login_destination_url}'>
<div>
<input type='text' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 8px;' name='username' id='username' placeholder="{$label_username}"><br />
<input type='password' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 8px;' name='password' placeholder="{$label_password}"><br />
</div>
<div>
<!--<input type='hidden' name='{$token_name}' value='{$token_hash}'>-->
<input type='submit' id='btn_login' class='btn' style='width: 100px; margin-top: 15px;' value='{$button_login}'>
</div>
</form>
</div>
</div>
<!--
<div id='footer_login'>
<span class='footer'>{$settings.theme.footer}</span>
</div>
-->
</body>
</html>

44
core/authentication/resources/views/totp.htm Normal file
View File

@ -0,0 +1,44 @@
<!DOCTYPE html>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<meta charset='utf-8'>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<meta http-equiv='X-UA-Compatible' content='IE=edge'>
<meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no' />
<link rel='stylesheet' type='text/css' href='{$project_path}/themes/default/css.php'>
<title>{$login_title}</title>
<body>
<!--
<div class='action_bar' id='action_bar'>
<div class='heading'><b>{$title_authentication_code}</b></div>
<div class='actions'>\n";
</div>
<div style='clear: both;'></div>
</div>
-->
<div id='page' align='center'>
<div id='default_login'>
<a href='{$project_path}/'><img id='login_logo' style='width: {$login_logo_width}; height: {$login_logo_height};' src='{$login_logo_source}'/></a><br />
<form method='post' name='frm' action=''>
<div>
<input class='formfld' type='text' name='authentication_code' maxlength='255' placeholder="{$login_authentication_code}" value="{$authentication_code}">
<br /><br />
<!--
{$description_authentication_code}
<br /><br />
-->
</div>
<div>
<input type='hidden' name='{$token_name}' value='{$token_hash}'>
<input type='submit' name='' class='btn' value='{$button_verify}'>
</div>
</form>
</div>
</div>
<!--
<div id='footer_login'>
<span class='footer'>{$settings.theme.footer}</span>
</div>
-->
</body>
</html>

31
core/authentication/resources/views/username.htm Normal file
View File

@ -0,0 +1,31 @@
<!DOCTYPE html>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<meta charset='utf-8'>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<meta http-equiv='X-UA-Compatible' content='IE=edge'>
<meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no' />
<link rel='stylesheet' type='text/css' href='{$project_path}/themes/default/css.php'>
<title>{$login_title}</title>
<body>
<div id='page' align='center'>
<div id='default_login'>
<a href='{$project_path}/'><img id='login_logo' style='width: {$login_logo_width}; height: {$login_logo_height};' src='{$login_logo_source}'></a><br />
<form method='post' name='frm' action='{$login_destination_url}'>
<div>
<input type='text' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 8px;' name='username' id='username' placeholder="{$login_username}"><br />
</div>
<div>
<input type='hidden' name='{$token_name}' value='{$token_hash}'>
<input type='submit' id='btn_login' class='btn' style='width: 100px; margin-top: 15px;' value='{$button_login}'>
</div>
</form>
</div>
</div>
<!--
<div id='footer_login'>
<span class='footer'>{$settings.theme.footer}</span>
</div>
-->
</body>
</html>

2
logout.php
View File

@ -101,7 +101,7 @@
}
//redirect the user to the index page
header("Location: ".PROJECT_PATH."/login.php");
header("Location: ".PROJECT_PATH."/");
exit;
?>

255
resources/check_auth.php
View File

@ -42,15 +42,8 @@
//define variables
if (!isset($_SESSION['template_content'])) { $_SESSION["template_content"] = null; }
//if the username is not provided then send to login.php
if (strlen($_SESSION['username']) == 0 && strlen($_REQUEST["username"]) == 0 && strlen($_REQUEST["key"]) == 0) {
$target_path = ($_REQUEST["path"] != '') ? $_REQUEST["path"] : $_SERVER["REQUEST_URI"];
header("Location: ".PROJECT_PATH."/login.php?path=".urlencode($target_path));
exit;
}
//if the username session is not set the check username and password
if (strlen($_SESSION['username']) == 0) {
//if the session is not authorized then verify the identity
if (!isset($_SESSION['authorized']) && !$_SESSION['authorized']) {
//clear the menu
unset($_SESSION["menu"]);
@ -62,82 +55,13 @@
//validate the username and password
$auth = new authentication;
if (isset($_REQUEST["username"]) && isset($_REQUEST["password"])) {
$auth->username = $_REQUEST["username"];
$auth->password = $_REQUEST["password"];
}
if (isset($_REQUEST["key"])) {
$auth->key = $_REQUEST["key"];
}
$auth->debug = false;
$auth->debug = true;
$result = $auth->validate();
if ($result["authorized"] === "true") {
//get the user settings
$sql = "select * from v_user_settings ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and user_uuid = :user_uuid ";
$sql .= "and user_setting_enabled = 'true' ";
$parameters['domain_uuid'] = $result["domain_uuid"];
$parameters['user_uuid'] = $result["user_uuid"];
$database = new database;
$user_settings = $database->select($sql, $parameters, 'all');
unset($sql, $parameters);
//if not authorized
if (!$_SESSION['authorized']) {
//build the user cidr array
if (is_array($user_settings) && @sizeof($user_settings) != 0) {
foreach ($user_settings as $row) {
if ($row['user_setting_category'] == "domain" && $row['user_setting_subcategory'] == "cidr" && $row['user_setting_name'] == "array") {
$cidr_array[] = $row['user_setting_value'];
}
}
}
//check to see if user address is in the cidr array
if (isset($cidr_array) && !defined('STDIN')) {
$found = false;
foreach($cidr_array as $cidr) {
if (check_cidr($cidr, $_SERVER['REMOTE_ADDR'])) {
$found = true;
break;
}
}
if (!$found) {
//destroy session
session_unset();
session_destroy();
//send http 403
header('HTTP/1.0 403 Forbidden', true, 403);
//redirect to the root of the website
header("Location: ".PROJECT_PATH."/login.php");
//exit the code
exit();
}
}
//set the session variables
$_SESSION["domain_uuid"] = $result["domain_uuid"];
//$_SESSION["domain_name"] = $result["domain_name"];
$_SESSION["user_uuid"] = $result["user_uuid"];
$_SESSION["context"] = $result['domain_name'];
//user session array
$_SESSION["user"]["domain_uuid"] = $result["domain_uuid"];
$_SESSION["user"]["domain_name"] = $result["domain_name"];
$_SESSION["user"]["user_uuid"] = $result["user_uuid"];
$_SESSION["user"]["username"] = $result["username"];
$_SESSION["user"]["contact_uuid"] = $result["contact_uuid"];
}
else {
//debug
if ($debug) {
view_array($result);
}
//log the failed auth attempt to the system, to be available for fail2ban.
//log the failed auth attempt to the system to the syslog server
openlog('FusionPBX', LOG_NDELAY, LOG_AUTH);
syslog(LOG_WARNING, '['.$_SERVER['REMOTE_ADDR']."] authentication failed for ".$result["username"]);
closelog();
@ -145,157 +69,10 @@
//redirect the user to the login page
$target_path = ($_REQUEST["path"] != '') ? $_REQUEST["path"] : $_SERVER["PHP_SELF"];
message::add($text['message-invalid_credentials'], 'negative');
header("Location: ".PROJECT_PATH."/login.php?path=".urlencode($target_path));
header("Location: ".PROJECT_PATH."/?path=".urlencode($target_path));
exit;
}
//get the groups assigned to the user and then set the groups in $_SESSION["groups"]
$sql = "select ";
$sql .= "u.user_group_uuid, ";
$sql .= "u.domain_uuid, ";
$sql .= "u.user_uuid, ";
$sql .= "u.group_uuid, ";
$sql .= "g.group_name, ";
$sql .= "g.group_level ";
$sql .= "from ";
$sql .= "v_user_groups as u, ";
$sql .= "v_groups as g ";
$sql .= "where u.domain_uuid = :domain_uuid ";
$sql .= "and u.user_uuid = :user_uuid ";
$sql .= "and u.group_uuid = g.group_uuid ";
$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
$parameters['user_uuid'] = $_SESSION["user_uuid"];
$database = new database;
$result = $database->select($sql, $parameters, 'all');
$_SESSION["groups"] = $result;
$_SESSION["user"]["groups"] = $result;
unset($sql, $parameters);
//get the users group level
$_SESSION["user"]["group_level"] = 0;
foreach ($_SESSION['user']['groups'] as $row) {
if ($_SESSION["user"]["group_level"] < $row['group_level']) {
$_SESSION["user"]["group_level"] = $row['group_level'];
}
}
//get the permissions assigned to the groups that the user is a member of set the permissions in $_SESSION['permissions']
if (is_array($_SESSION["groups"]) && @sizeof($_SESSION["groups"]) != 0) {
$x = 0;
$sql = "select distinct(permission_name) from v_group_permissions ";
$sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";
foreach ($_SESSION["groups"] as $field) {
if (strlen($field['group_name']) > 0) {
$sql_where_or[] = "group_name = :group_name_".$x;
$parameters['group_name_'.$x] = $field['group_name'];
$x++;
}
}
if (is_array($sql_where_or) && @sizeof($sql_where_or) != 0) {
$sql .= "and (".implode(' or ', $sql_where_or).") ";
}
$sql .= "and permission_assigned = 'true' ";
$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
$database = new database;
$result = $database->select($sql, $parameters, 'all');
if (is_array($result) && @sizeof($result) != 0) {
foreach ($result as $row) {
$_SESSION['permissions'][$row["permission_name"]] = true;
$_SESSION["user"]["permissions"][$row["permission_name"]] = true;
}
}
unset($sql, $parameters, $result, $row);
}
//get the domains
if (file_exists($_SERVER["PROJECT_ROOT"]."/app/domains/app_config.php") && !is_cli()){
require_once "app/domains/resources/domains.php";
}
//get the user settings
if (is_array($user_settings) && @sizeof($user_settings) != 0) {
foreach ($user_settings as $row) {
$name = $row['user_setting_name'];
$category = $row['user_setting_category'];
$subcategory = $row['user_setting_subcategory'];
if (strlen($row['user_setting_value']) > 0) {
if (strlen($subcategory) == 0) {
//$$category[$name] = $row['domain_setting_value'];
if ($name == "array") {
$_SESSION[$category][] = $row['user_setting_value'];
}
else {
$_SESSION[$category][$name] = $row['user_setting_value'];
}
}
else {
//$$category[$subcategory][$name] = $row['domain_setting_value'];
if ($name == "array") {
$_SESSION[$category][$subcategory][] = $row['user_setting_value'];
}
else {
$_SESSION[$category][$subcategory][$name] = $row['user_setting_value'];
}
}
}
}
}
unset($user_settings);
//get the extensions that are assigned to this user
if (file_exists($_SERVER["PROJECT_ROOT"]."/app/extensions/app_config.php")) {
if (isset($_SESSION["user"]) && is_uuid($_SESSION["user_uuid"]) && is_uuid($_SESSION["domain_uuid"]) && !isset($_SESSION['user']['extension'])) {
//get the user extension list
$_SESSION['user']['extension'] = null;
$sql = "select ";
$sql .= "e.extension_uuid, ";
$sql .= "e.extension, ";
$sql .= "e.number_alias, ";
$sql .= "e.user_context, ";
$sql .= "e.outbound_caller_id_name, ";
$sql .= "e.outbound_caller_id_number, ";
$sql .= "e.description ";
$sql .= "from ";
$sql .= "v_extension_users as u, ";
$sql .= "v_extensions as e ";
$sql .= "where ";
$sql .= "e.domain_uuid = :domain_uuid ";
$sql .= "and e.extension_uuid = u.extension_uuid ";
$sql .= "and u.user_uuid = :user_uuid ";
$sql .= "and e.enabled = 'true' ";
$sql .= "order by ";
$sql .= "e.extension asc ";
$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
$parameters['user_uuid'] = $_SESSION['user_uuid'];
$database = new database;
$result = $database->select($sql, $parameters, 'all');
if (is_array($result) && @sizeof($result) != 0) {
foreach($result as $x => $row) {
//set the destination
$destination = $row['extension'];
if (strlen($row['number_alias']) > 0) {
$destination = $row['number_alias'];
}
//build the user array
$_SESSION['user']['extension'][$x]['user'] = $row['extension'];
$_SESSION['user']['extension'][$x]['number_alias'] = $row['number_alias'];
$_SESSION['user']['extension'][$x]['destination'] = $destination;
$_SESSION['user']['extension'][$x]['extension_uuid'] = $row['extension_uuid'];
$_SESSION['user']['extension'][$x]['outbound_caller_id_name'] = $row['outbound_caller_id_name'];
$_SESSION['user']['extension'][$x]['outbound_caller_id_number'] = $row['outbound_caller_id_number'];
$_SESSION['user']['extension'][$x]['user_context'] = $row['user_context'];
$_SESSION['user']['extension'][$x]['description'] = $row['description'];
//set the context
$_SESSION['user']['user_context'] = $row["user_context"];
$_SESSION['user_context'] = $row["user_context"];
}
}
unset($sql, $parameters, $result, $row);
}
}
//if logged in, redirect to login destination
if (!isset($_REQUEST["key"])) {
if (isset($_SESSION['redirect_path'])) {
@ -308,9 +85,10 @@
}
header("Location: ".$redirect_path);
}
elseif (isset($_SESSION['login']['destination']['text'])) {
header("Location: ".$_SESSION['login']['destination']['text']);
} elseif (file_exists($_SERVER["PROJECT_ROOT"]."/core/dashboard/app_config.php")) {
elseif (isset($_SESSION['login']['destination']['url'])) {
header("Location: ".$_SESSION['login']['destination']['url']);
}
elseif (file_exists($_SERVER["PROJECT_ROOT"]."/core/dashboard/app_config.php")) {
header("Location: ".PROJECT_PATH."/core/dashboard/");
}
else {
@ -321,15 +99,4 @@
}
//set the time zone
if (!isset($_SESSION["time_zone"]["user"])) { $_SESSION["time_zone"]["user"] = null; }
if (strlen($_SESSION["time_zone"]["user"]) == 0) {
//set the domain time zone as the default time zone
date_default_timezone_set($_SESSION['domain']['time_zone']['name']);
}
else {
//set the user defined time zone
date_default_timezone_set($_SESSION["time_zone"]["user"]);
}
?>