dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Create database.php 

Add the default plugin.
This commit is contained in:
FusionPBX 2016-09-10 17:58:06 -06:00 committed by GitHub
parent ef79a6af03
commit 0e00e7192d
1 changed files with 130 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
core/authentication/resources/classes/plugins/database.php Normal file
View File

@ -0,0 +1,130 @@
<?php
/**
* plugin_database
*
* @method validate uses authentication plugins to check if a user is authorized to login
* @method get_domain used to get the domain name from the URL or username and then sets both domain_name and domain_uuid
*/
class plugin_database {
/**
* Define variables and their scope
*/
public $debug;
public $domain_name;
public $domain_uuid;
public $user_uuid;
public $username;
public $password;
public $key;
/**
* database checks the local database to authenticate the user or key
* @return array [authorized] => true or false
*/
function database() {
//save the database connection to a local variable
include "root.php";
require_once "resources/classes/database.php";
$database = new database;
$database->connect();
$db = $database->db;
//check the username and password if they don't match then redirect to the login
$sql = "select * from v_users ";
if (strlen($this->key) > 30) {
$sql .= "where api_key=:key ";
//$sql .= "where api_key='".$this->key."' ";
}
else {
$sql .= "where username=:username ";
//$sql .= "where username='".$this->username."' ";
}
if ($_SESSION["user"]["unique"]["text"] == "global") {
//unique username - global (example: email address)
}
else {
//unique username - per domain
$sql .= "and domain_uuid=:domain_uuid ";
//$sql .= "and domain_uuid='".$this->domain_uuid."' ";
}
$sql .= "and (user_enabled = 'true' or user_enabled is null) ";
$prep_statement = $db->prepare(check_sql($sql));
if ($_SESSION["user"]["unique"]["text"] != "global") {
$prep_statement->bindParam(':domain_uuid', $this->domain_uuid);
}
if (strlen($this->key) > 30) {
$prep_statement->bindParam(':key', $this->key);
}
if (strlen($this->username) > 0) {
$prep_statement->bindParam(':username', $this->username);
}
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
$user_authorized = false;
if (is_array($result)) {
foreach ($result as &$row) {
//get the domain uuid
if ($_SESSION["user"]["unique"]["text"] == "global" && $row["domain_uuid"] != $this->domain_uuid) {
//set the domain_uuid
$this->domain_uuid = $row["domain_uuid"];
$this->domain_name = $_SESSION['domains'][$this->domain_uuid]['domain_name'];
//set the domain session variables
$_SESSION["domain_uuid"] = $this->domain_uuid;
$_SESSION["domain_name"] = $this->domain_name;
//set the setting arrays
$domain = new domains();
$domain->db = $db;
$domain->set();
}
//set the user_uuid
$this->user_uuid = $row['user_uuid'];
//if salt is not defined then use the default salt for backwards compatibility
if (strlen($row["salt"]) == 0) {
$row["salt"] = 'e3.7d.12';
}
//compare the password provided by the user with the one in the database
if (md5($row["salt"].$this->password) == $row["password"]) {
$user_authorized = true;
$_SESSION['username'] = $row["username"]; //return the username
} elseif (strlen($this->key) > 30 && $this->key == $row["api_key"]) {
$user_authorized = true;
$_SESSION['username'] = $row["username"]; //return the username
} else {
$user_authorized = false;
}
//end the loop
break;
}
}
unset($result);
//result array
$result["plugin"] = "database";
$result["domain_name"] = $this->domain_name;
$result["username"] = $this->username;
if ($this->debug) {
$result["password"] = $this->password;
}
$result["user_uuid"] = $this->user_uuid;
$result["domain_uuid"] = $this->domain_uuid;
$result["sql"] = $sql;
if ($user_authorized) {
$result["authorized"] = "true";
}
else {
$result["authorized"] = "false";
}
return $result;
}
}
?>