dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Authentication: Updates to improve order compatibility.

This commit is contained in:
fusionate 2023-06-27 02:32:11 +00:00
parent dec61c3833
commit d24acf66bf
No known key found for this signature in database
4 changed files with 70 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
core/authentication/resources/classes/authentication.php
View File

@ -65,7 +65,7 @@ class authentication {
//set the default authentication method to the database
if (empty($_SESSION['authentication']['methods']) || !is_array($_SESSION['authentication']['methods'])) {
$_SESSION['authentication']['methods'][] = 'database';
$_SESSION['authentication']['methods'][] = 'database';
}
//set the database as the default plugin
@ -75,7 +75,6 @@ class authentication {
//use the authentication plugins
foreach ($_SESSION['authentication']['methods'] as $name) {
//already processed the plugin move to the next plugin
if (!empty($_SESSION['authentication']['plugin']) && !empty($_SESSION['authentication']['plugin'][$name]) && $_SESSION['authentication']['plugin'][$name]['authorized']) {
continue;
@ -103,16 +102,18 @@ class authentication {
$array = $object->$name();
//build a result array
$result['plugin'] = $array["plugin"];
$result['domain_name'] = $array["domain_name"];
$result['username'] = $array["username"];
$result['user_uuid'] = $array["user_uuid"];
$result['contact_uuid'] = $array["contact_uuid"];
$result['domain_uuid'] = $array["domain_uuid"];
$result['authorized'] = $array["authorized"];
if (!empty($array) && is_array($array)) {
$result['plugin'] = $array["plugin"];
$result['domain_name'] = $array["domain_name"];
$result['username'] = $array["username"];
$result['user_uuid'] = $array["user_uuid"];
$result['contact_uuid'] = $array["contact_uuid"];
$result['domain_uuid'] = $array["domain_uuid"];
$result['authorized'] = $array["authorized"];
//save the result to the authentication plugin
$_SESSION['authentication']['plugin'][$name] = $result;
//save the result to the authentication plugin
$_SESSION['authentication']['plugin'][$name] = $result;
}
//plugin authorized false
if (!$result['authorized']) {
@ -122,15 +123,17 @@ class authentication {
}
//make sure all plugins are in the array
foreach ($_SESSION['authentication']['methods'] as $name) {
if (!isset($_SESSION['authentication']['plugin'][$name]['authorized'])) {
$_SESSION['authentication']['plugin'][$name]['plugin'] = $name;
$_SESSION['authentication']['plugin'][$name]['domain_name'] = $_SESSION['domain_name'];
$_SESSION['authentication']['plugin'][$name]['domain_uuid'] = $_SESSION['domain_uuid'];
$_SESSION['authentication']['plugin'][$name]['username'] = $_SESSION['username'];
$_SESSION['authentication']['plugin'][$name]['user_uuid'] = $_SESSION['user_uuid'];
$_SESSION['authentication']['plugin'][$name]['user_email'] = $_SESSION['user_email'];
$_SESSION['authentication']['plugin'][$name]['authorized'] = 0;
if (!empty($_SESSION['authentication']['methods'])) {
foreach ($_SESSION['authentication']['methods'] as $name) {
if (!isset($_SESSION['authentication']['plugin'][$name]['authorized'])) {
$_SESSION['authentication']['plugin'][$name]['plugin'] = $name;
$_SESSION['authentication']['plugin'][$name]['domain_name'] = $_SESSION['domain_name'];
$_SESSION['authentication']['plugin'][$name]['domain_uuid'] = $_SESSION['domain_uuid'];
$_SESSION['authentication']['plugin'][$name]['username'] = $_SESSION['username'];
$_SESSION['authentication']['plugin'][$name]['user_uuid'] = $_SESSION['user_uuid'];
$_SESSION['authentication']['plugin'][$name]['user_email'] = $_SESSION['user_email'];
$_SESSION['authentication']['plugin'][$name]['authorized'] = 0;
}
}
}
@ -152,19 +155,19 @@ class authentication {
}
//result array
$result["plugin"] = "database";
$result["domain_name"] = $_SESSION['domain_name'];
if (!isset($_SESSION['username'])) {
$result["username"] = $_SESSION['username'];
}
if (!isset($_SESSION['user_uuid'])) {
$result["user_uuid"] = $_SESSION['user_uuid'];
}
$result["domain_uuid"] = $_SESSION['domain_uuid'];
if (!isset($_SESSION['contact_uuid'])) {
$result["contact_uuid"] = $_SESSION['contact_uuid'];
}
$result["authorized"] = $authorized;
// $result["plugin"] = "database";
// $result["domain_name"] = $_SESSION['domain_name'];
// if (!isset($_SESSION['username'])) {
// $result["username"] = $_SESSION['username'];
// }
// if (!isset($_SESSION['user_uuid'])) {
// $result["user_uuid"] = $_SESSION['user_uuid'];
// }
// $result["domain_uuid"] = $_SESSION['domain_uuid'];
// if (!isset($_SESSION['contact_uuid'])) {
// $result["contact_uuid"] = $_SESSION['contact_uuid'];
// }
// $result["authorized"] = $authorized;
//add user logs
user_logs::add($result);

48
core/authentication/resources/classes/plugins/database.php
View File

@ -226,9 +226,9 @@ class plugin_database {
//set a few session variables
$_SESSION["user_uuid"] = $row['user_uuid'];
$_SESSION["contact_uuid"] = $row["contact_uuid"];
$_SESSION["username"] = $row['username'];
$_SESSION["user_email"] = $row['user_email'];
$_SESSION["contact_uuid"] = $row["contact_uuid"];
//validate the password
$valid_password = false;
@ -286,30 +286,46 @@ class plugin_database {
$p->delete('user_edit', 'temp');
}
}
else {
//clear authentication session
unset($_SESSION['authentication']);
if (empty($_SESSION['authentication']['methods']) || !is_array($_SESSION['authentication']['methods']) || sizeof($_SESSION['authentication']['methods']) == 0) {
unset($_SESSION['authentication']);
}
// clear username
unset($_SESSION['username'], $_REQUEST['username'], $_POST['username']);
if (!empty($_REQUEST["password"])) {
unset($_SESSION['username'], $_REQUEST['username'], $_POST['username']);
unset($_SESSION['authentication']);
}
}
//result array
if ($valid_password) {
$result["plugin"] = "database";
$result["domain_name"] = $this->domain_name;
$result["username"] = $this->username;
$result["user_uuid"] = $this->user_uuid;
$result["domain_uuid"] = $_SESSION['domain_uuid'];
$result["contact_uuid"] = $this->contact_uuid;
$result["user_email"] = $this->user_email;
$result["sql"] = $sql;
$result["authorized"] = $valid_password;
}
//return the results
return $result ?? false;
}
else {
unset($_SESSION['username'], $_REQUEST['username'], $_POST['username']);
unset($_SESSION['authentication']);
}
//result array
$result["plugin"] = "database";
$result["domain_name"] = $this->domain_name;
$result["username"] = $this->username;
$result["user_uuid"] = $this->user_uuid;
$result["domain_uuid"] = $_SESSION['domain_uuid'];
$result["contact_uuid"] = $this->contact_uuid;
$result["user_email"] = $this->user_email;
$result["sql"] = $sql;
$result["authorized"] = $valid_password;
//return the results
return $result;
return;
}
}

1
core/authentication/resources/classes/plugins/email.php
View File

@ -308,6 +308,7 @@ class plugin_email {
$view->assign("login_logo_height", $settings['theme']['login_logo_height']);
$view->assign("login_logo_source", $settings['theme']['logo']);
$view->assign("button_verify", $text['label-verify']);
$view->assign("message_delay", $settings['theme']['message_delay']);
if (!empty($_SESSION['username'])) {
$view->assign("username", $_SESSION['username']);
$view->assign("button_cancel", $text['button-cancel']);

2
core/authentication/resources/classes/plugins/totp.php
View File

@ -401,7 +401,7 @@ class plugin_totp {
//build the result array
$result["plugin"] = "totp";
$result["domain_name"] = $_SESSION["domain_name"];
$result["username"] = $_SESSION["username"];
$result["username"] = $_SESSION["username"] ?? null;
$result["user_uuid"] = $_SESSION["user_uuid"];
$result["domain_uuid"] = $_SESSION["domain_uuid"];
$result["contact_uuid"] = $_SESSION["contact_uuid"];