From 0e00e7192d2f95fd72f81ce4ed4467be6069d48a Mon Sep 17 00:00:00 2001 From: FusionPBX Date: Sat, 10 Sep 2016 17:58:06 -0600 Subject: [PATCH] Create database.php Add the default plugin. --- .../resources/classes/plugins/database.php | 130 ++++++++++++++++++ 1 file changed, 130 insertions(+) create mode 100644 core/authentication/resources/classes/plugins/database.php diff --git a/core/authentication/resources/classes/plugins/database.php b/core/authentication/resources/classes/plugins/database.php new file mode 100644 index 0000000000..5b41158ab1 --- /dev/null +++ b/core/authentication/resources/classes/plugins/database.php @@ -0,0 +1,130 @@ + true or false + */ + function database() { + + //save the database connection to a local variable + include "root.php"; + require_once "resources/classes/database.php"; + $database = new database; + $database->connect(); + $db = $database->db; + + //check the username and password if they don't match then redirect to the login + $sql = "select * from v_users "; + if (strlen($this->key) > 30) { + $sql .= "where api_key=:key "; + //$sql .= "where api_key='".$this->key."' "; + } + else { + $sql .= "where username=:username "; + //$sql .= "where username='".$this->username."' "; + } + if ($_SESSION["user"]["unique"]["text"] == "global") { + //unique username - global (example: email address) + } + else { + //unique username - per domain + $sql .= "and domain_uuid=:domain_uuid "; + //$sql .= "and domain_uuid='".$this->domain_uuid."' "; + } + $sql .= "and (user_enabled = 'true' or user_enabled is null) "; + $prep_statement = $db->prepare(check_sql($sql)); + if ($_SESSION["user"]["unique"]["text"] != "global") { + $prep_statement->bindParam(':domain_uuid', $this->domain_uuid); + } + if (strlen($this->key) > 30) { + $prep_statement->bindParam(':key', $this->key); + } + if (strlen($this->username) > 0) { + $prep_statement->bindParam(':username', $this->username); + } + $prep_statement->execute(); + $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); + $user_authorized = false; + if (is_array($result)) { + foreach ($result as &$row) { + //get the domain uuid + if ($_SESSION["user"]["unique"]["text"] == "global" && $row["domain_uuid"] != $this->domain_uuid) { + //set the domain_uuid + $this->domain_uuid = $row["domain_uuid"]; + $this->domain_name = $_SESSION['domains'][$this->domain_uuid]['domain_name']; + + //set the domain session variables + $_SESSION["domain_uuid"] = $this->domain_uuid; + $_SESSION["domain_name"] = $this->domain_name; + + //set the setting arrays + $domain = new domains(); + $domain->db = $db; + $domain->set(); + } + + //set the user_uuid + $this->user_uuid = $row['user_uuid']; + + //if salt is not defined then use the default salt for backwards compatibility + if (strlen($row["salt"]) == 0) { + $row["salt"] = 'e3.7d.12'; + } + + //compare the password provided by the user with the one in the database + if (md5($row["salt"].$this->password) == $row["password"]) { + $user_authorized = true; + $_SESSION['username'] = $row["username"]; //return the username + } elseif (strlen($this->key) > 30 && $this->key == $row["api_key"]) { + $user_authorized = true; + $_SESSION['username'] = $row["username"]; //return the username + } else { + $user_authorized = false; + } + + //end the loop + break; + } + } + unset($result); + + //result array + $result["plugin"] = "database"; + $result["domain_name"] = $this->domain_name; + $result["username"] = $this->username; + if ($this->debug) { + $result["password"] = $this->password; + } + $result["user_uuid"] = $this->user_uuid; + $result["domain_uuid"] = $this->domain_uuid; + $result["sql"] = $sql; + if ($user_authorized) { + $result["authorized"] = "true"; + } + else { + $result["authorized"] = "false"; + } + return $result; + } +} + +?>