dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

If authentication is set for unique global username then don't remove the @domain from the username.

This commit is contained in:
Mark Crane 2014-02-04 04:53:42 +00:00
parent 8d09e4da67
commit d089f7ded0
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
resources/check_auth.php
View File

@ -43,7 +43,7 @@ require_once "resources/require.php";
$_SESSION["template_content"] = ''; $_SESSION["template_content"] = '';
} }
//if the username from the form is not provided then send to login.php //if the username is not provided then send to login.php
if (strlen(check_str($_REQUEST["username"])) == 0 && strlen(check_str($_REQUEST["key"])) == 0) { if (strlen(check_str($_REQUEST["username"])) == 0 && strlen(check_str($_REQUEST["key"])) == 0) {
$php_self = $_SERVER["PHP_SELF"]; $php_self = $_SERVER["PHP_SELF"];
$msg = "username required"; $msg = "username required";
@ -56,10 +56,12 @@ require_once "resources/require.php";
//get the domain from the url //get the domain from the url
$domain_name = $_SERVER["HTTP_HOST"]; $domain_name = $_SERVER["HTTP_HOST"];
//get the domain name from the username //get the domain name from the username
$username_array = explode("@", check_str($_REQUEST["username"])); if ($_SESSION["user"]["unique"]["text"] != "global") {
if (count($username_array) > 1) { $username_array = explode("@", check_str($_REQUEST["username"]));
$domain_name = $username_array[count($username_array) -1]; if (count($username_array) > 1) {
$_REQUEST["username"] = substr(check_str($_REQUEST["username"]), 0, -(strlen($domain_name)+1)); $domain_name = $username_array[count($username_array) -1];
$_REQUEST["username"] = substr(check_str($_REQUEST["username"]), 0, -(strlen($domain_name)+1));
}
} }
//get the domain name from the http value //get the domain name from the http value
if (strlen(check_str($_REQUEST["domain_name"])) > 0) { if (strlen(check_str($_REQUEST["domain_name"])) > 0) {
@ -67,7 +69,6 @@ require_once "resources/require.php";
} }
//set the domain information //set the domain information
if (strlen($domain_name) > 0) { if (strlen($domain_name) > 0) {
require_once "resources/classes/domains.php";
foreach ($_SESSION['domains'] as &$row) { foreach ($_SESSION['domains'] as &$row) {
if ($row['domain_name'] == $domain_name) { if ($row['domain_name'] == $domain_name) {
//set the domain session variables //set the domain session variables
@ -185,14 +186,14 @@ require_once "resources/require.php";
//check the username and password if they don't match then redirect to the login //check the username and password if they don't match then redirect to the login
if ($_SESSION["user"]["unique"]["text"] == "global") { if ($_SESSION["user"]["unique"]["text"] == "global") {
//globally unique users //globally unique users
$sql = "select * from v_users as u "; $sql = "select * from v_users ";
if (strlen($key) > 0) { if (strlen($key) > 0) {
$sql .= "where api_key=:key "; $sql .= "where api_key=:key ";
//$sql .= "and api_key='".$key."' "; //$sql .= "where api_key='".$key."' ";
} }
else { else {
$sql .= "where username=:username "; $sql .= "where username=:username ";
//$sql .= "and username='".$username."' "; //$sql .= "where username='".$username."' ";
} }
$sql .= "and (user_enabled = 'true' or user_enabled is null) "; $sql .= "and (user_enabled = 'true' or user_enabled is null) ";
$prep_statement = $db->prepare(check_sql($sql)); $prep_statement = $db->prepare(check_sql($sql));
@ -237,7 +238,6 @@ require_once "resources/require.php";
$_SESSION["domain_uuid"] = $domain_uuid; $_SESSION["domain_uuid"] = $domain_uuid;
$_SESSION["domain_name"] = $_SESSION['domains'][$domain_uuid]['domain_name']; $_SESSION["domain_name"] = $_SESSION['domains'][$domain_uuid]['domain_name'];
//set the setting arrays //set the setting arrays
require_once "resources/classes/domains.php";
$domain = new domains(); $domain = new domains();
$domain->db = $db; $domain->db = $db;
$domain->set(); $domain->set();