Get rid of $auth_failed, if username session is set consider the the user authenticated.
This commit is contained in:
Mark Crane
parent
20c68aa7ba
commit
c07b8c73ac
|
|
@ -17,7 +17,7 @@
|
|||
|
||||
The Initial Developer of the Original Code is
|
||||
Mark J Crane <markjcrane@fusionpbx.com>
|
||||
Portions created by the Initial Developer are Copyright (C) 2008-2014
|
||||
Portions created by the Initial Developer are Copyright (C) 2008-2015
|
||||
the Initial Developer. All Rights Reserved.
|
||||
|
||||
Contributor(s):
|
||||
|
|
@ -34,7 +34,8 @@ require_once "resources/require.php";
|
|||
session_start();
|
||||
|
||||
//if the username session is not set the check username and password
|
||||
if (strlen($_SESSION["username"]) == 0) {
|
||||
if (strlen($_SESSION['username']) == 0) {
|
||||
|
||||
//clear the menu
|
||||
$_SESSION["menu"] = "";
|
||||
|
||||
|
|
@ -109,15 +110,11 @@ require_once "resources/require.php";
|
|||
$bd = ldap_bind($ad,$username."@".$domain_name,check_str($_REQUEST["password"]));
|
||||
if ($bd) {
|
||||
//echo "success\n";
|
||||
$auth_failed = false;
|
||||
}
|
||||
else {
|
||||
//echo "failed\n";
|
||||
$auth_failed = true;
|
||||
$_SESSION['username'] = $username;
|
||||
}
|
||||
|
||||
//check to see if the user exists
|
||||
if (!$auth_failed) {
|
||||
if (strlen($_SESSION['username']) > 0) {
|
||||
$sql = "select * from v_users ";
|
||||
$sql .= "where username=:username ";
|
||||
if (count($_SESSION["domains"]) > 1) {
|
||||
|
|
@ -188,13 +185,14 @@ require_once "resources/require.php";
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
//database authentication
|
||||
else {
|
||||
if (strlen($_SESSION['username']) == 0) {
|
||||
//check the username and password if they don't match then redirect to the login
|
||||
$sql = "select * from v_users ";
|
||||
if (strlen($_REQUEST["key"]) > 30) {
|
||||
$sql .= "where api_key=:key ";
|
||||
//$sql .= "and api_key='".$key."' ";
|
||||
if (strlen($key) > 30) {
|
||||
//$sql .= "where api_key=:key ";
|
||||
$sql .= "where api_key='".$key."' ";
|
||||
}
|
||||
else {
|
||||
$sql .= "where username=:username ";
|
||||
|
|
@ -213,7 +211,7 @@ require_once "resources/require.php";
|
|||
if ($_SESSION["user"]["unique"]["text"] != "global") {
|
||||
$prep_statement->bindParam(':domain_uuid', $domain_uuid);
|
||||
}
|
||||
if (strlen($_REQUEST["key"]) > 30) {
|
||||
if (strlen($key) > 30) {
|
||||
$prep_statement->bindParam(':key', $key);
|
||||
}
|
||||
else {
|
||||
|
|
@ -221,14 +219,7 @@ require_once "resources/require.php";
|
|||
}
|
||||
$prep_statement->execute();
|
||||
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
|
||||
if (count($result) == 0) {
|
||||
$auth_failed = true;
|
||||
}
|
||||
else {
|
||||
if (isset($_REQUEST["key"])) {
|
||||
$auth_failed = false;
|
||||
}
|
||||
else {
|
||||
if (count($result) > 0) {
|
||||
foreach ($result as &$row) {
|
||||
//get the domain uuid
|
||||
$domain_uuid = $row["domain_uuid"];
|
||||
|
|
@ -246,16 +237,19 @@ require_once "resources/require.php";
|
|||
$salt = 'e3.7d.12';
|
||||
}
|
||||
//compare the password provided by the user with the one in the database
|
||||
if (md5($salt.check_str($_REQUEST["password"])) != $row["password"]) {
|
||||
$auth_failed = true;
|
||||
if (md5($salt.check_str($_REQUEST["password"])) == $row["password"]) {
|
||||
$_SESSION['username'] = $row["username"];
|
||||
} elseif (strlen($_REQUEST["key"]) > 30 && $_REQUEST["key"] == $row["api_key"]) {
|
||||
$_SESSION['username'] = $row["username"];
|
||||
} else {
|
||||
unset($result);
|
||||
}
|
||||
//end the loop
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($auth_failed) {
|
||||
if (strlen($_SESSION['username']) == 0) {
|
||||
//log the failed auth attempt to the system, to be available for fail2ban.
|
||||
openlog('FusionPBX', LOG_NDELAY, LOG_AUTH);
|
||||
syslog(LOG_WARNING, '['.$_SERVER['REMOTE_ADDR']."] authentication failed for ".check_str($_REQUEST["username"]));
|
||||
|
|
@ -266,6 +260,7 @@ require_once "resources/require.php";
|
|||
header("Location: ".PROJECT_PATH."/login.php?path=".urlencode($target_path));
|
||||
exit;
|
||||
}
|
||||
else {
|
||||
foreach ($result as &$row) {
|
||||
//allow the user to choose a template only if the template has not been assigned by the superadmin
|
||||
if (strlen($_SESSION['domain']['template']['name']) == 0) {
|
||||
|
|
@ -279,12 +274,12 @@ require_once "resources/require.php";
|
|||
}
|
||||
// add session variables
|
||||
$_SESSION["user_uuid"] = $row["user_uuid"];
|
||||
$_SESSION["username"] = $row["username"];
|
||||
// user session array
|
||||
$_SESSION["user"]["username"] = $row["username"];
|
||||
$_SESSION["user"]["user_uuid"] = $row["user_uuid"];
|
||||
$_SESSION["user"]["contact_uuid"] = $row["contact_uuid"];
|
||||
}
|
||||
}
|
||||
|
||||
//get the groups assigned to the user and then set the groups in $_SESSION["groups"]
|
||||
$sql = "SELECT * FROM v_group_users ";
|
||||
|
|
|
|||
Loading…
Reference in New Issue