mirror of
https://github.com/salesagility/SuiteCRM.git
synced 2025-02-11 00:42:27 +00:00
18eb0f0360
# Conflicts: # .gitignore # README.md # data/Relationships/One2MBeanRelationship.php # data/SugarBean.php # files.md5 # include/HTMLPurifier/HTMLPurifier.standalone.php # include/HTTP_WebDAV_Server/Server.php # include/HTTP_WebDAV_Server/Tools/_parse_lockinfo.php # include/HTTP_WebDAV_Server/Tools/_parse_propfind.php # include/HTTP_WebDAV_Server/Tools/_parse_proppatch.php # include/MassUpdate.php # include/Pear/XML_HTMLSax3/HTMLSax3/States.php # include/Smarty/Smarty.class.php # include/Smarty/Smarty_Compiler.class.php # include/Smarty/internals/core.get_php_resource.php # include/Smarty/internals/core.is_trusted.php # include/Smarty/internals/core.process_cached_inserts.php # include/Smarty/internals/core.process_compiled_include.php # include/Smarty/internals/core.read_cache_file.php # include/Smarty/internals/core.write_cache_file.php # include/Smarty/internals/core.write_compiled_include.php # include/Smarty/plugins/block.minify.php # include/Smarty/plugins/function.config_load.php # include/Smarty/plugins/function.html_select_date.php # include/Smarty/plugins/function.html_select_time.php # include/Smarty/plugins/modifier.spacify.php # include/Smarty/plugins/modifier.truncate.php # include/Smarty/plugins/outputfilter.trimwhitespace.php # include/Smarty/plugins/shared.make_timestamp.php # include/SugarXHprof/xhprof_lib/display/xhprof.php # include/SugarXHprof/xhprof_lib/utils/callgraph_utils.php # include/SugarXHprof/xhprof_lib/utils/xhprof_lib.php # include/javascript/checkbox.js # include/nusoap/class.soap_parser.php # include/nusoap/class.xmlschema.php # include/pclzip/pclzip.lib.php # include/php-sql-parser.php # include/phpmailer/class.phpmailer.php # include/phpmailer/extras/htmlfilter.php # include/reCaptcha/recaptchalib.php # include/social/facebook/facebook_sdk/src/base_facebook.php # include/social/facebook/facebook_sdk/src/facebook.php # include/social/facebook/facebook_sdk/tests/tests.php # include/tcpdf/tcpdf.php # include/utils/zip_utils.php # install.php # lib/Robo/Plugin/Commands/BuildCommands.php # lib/Robo/Plugin/Commands/CleanCacheCommands.php # lib/Robo/Plugin/Commands/TestEnvironmentCommands.php # lib/Robo/Traits/CliRunnerTrait.php # modules/AOD_Index/Lib/Zend/Search/Lucene.php # modules/AOD_Index/Lib/Zend/Search/Lucene/Analysis/Analyzer/Common/Utf8.php # modules/AOD_Index/Lib/Zend/Search/Lucene/Analysis/Analyzer/Common/Utf8Num.php # modules/AOD_Index/Lib/Zend/Search/Lucene/Document/Html.php # modules/AOD_Index/Lib/Zend/Search/Lucene/Index/SegmentInfo.php # modules/AOD_Index/Lib/Zend/Search/Lucene/Index/SegmentMerger.php # modules/AOD_Index/Lib/Zend/Search/Lucene/Index/SegmentWriter.php # modules/AOD_Index/Lib/Zend/Search/Lucene/Index/SegmentWriter/DocumentWriter.php # modules/AOD_Index/Lib/Zend/Search/Lucene/Index/SegmentWriter/StreamWriter.php # modules/AOD_Index/Lib/Zend/Search/Lucene/Index/Writer.php # modules/AOD_Index/Lib/Zend/Search/Lucene/Search/Query/Boolean.php # modules/AOD_Index/Lib/Zend/Search/Lucene/Search/Query/Fuzzy.php # modules/AOD_Index/Lib/Zend/Search/Lucene/Search/Query/MultiTerm.php # modules/AOD_Index/Lib/Zend/Search/Lucene/Search/Query/Phrase.php # modules/AOD_Index/Lib/Zend/Search/Lucene/Search/Query/Preprocessing/Fuzzy.php # modules/AOD_Index/Lib/Zend/Search/Lucene/Search/Query/Preprocessing/Phrase.php # modules/AOD_Index/Lib/Zend/Search/Lucene/Search/Query/Preprocessing/Term.php # modules/AOD_Index/Lib/Zend/Search/Lucene/Search/QueryEntry/Phrase.php # modules/AOD_Index/Lib/Zend/Search/Lucene/Search/QueryEntry/Term.php # modules/AOD_Index/Lib/Zend/Search/Lucene/Search/QueryLexer.php # modules/AOD_Index/Lib/Zend/Search/Lucene/Search/QueryParser.php # modules/AOD_Index/Lib/Zend/Search/Lucene/Search/Weight/Boolean.php # modules/AOD_Index/Lib/Zend/Search/Lucene/Search/Weight/MultiTerm.php # modules/AOD_Index/Lib/Zend/Search/Lucene/Search/Weight/Phrase.php # modules/AOD_Index/Lib/Zend/Search/Lucene/Search/Weight/Term.php # modules/AOR_Reports/AOR_Report.php # modules/AOR_Scheduled_Reports/metadata/subpaneldefs.php # modules/AOS_PDF_Templates/PDF_Lib/classes/barcode.php # modules/AOS_PDF_Templates/PDF_Lib/classes/bmp.php # modules/AOS_PDF_Templates/PDF_Lib/classes/cssmgr.php # modules/AOS_PDF_Templates/PDF_Lib/classes/directw.php # modules/AOS_PDF_Templates/PDF_Lib/classes/form.php # modules/AOS_PDF_Templates/PDF_Lib/classes/grad.php # modules/AOS_PDF_Templates/PDF_Lib/classes/indic.php # modules/AOS_PDF_Templates/PDF_Lib/classes/meter.php # modules/AOS_PDF_Templates/PDF_Lib/classes/svg.php # modules/AOS_PDF_Templates/PDF_Lib/classes/tocontents.php # modules/AOS_PDF_Templates/PDF_Lib/classes/ttfontsuni.php # modules/AOS_PDF_Templates/PDF_Lib/classes/ttfontsuni_analysis.php # modules/AOS_PDF_Templates/PDF_Lib/classes/wmf.php # modules/AOS_PDF_Templates/PDF_Lib/config_cp.php # modules/AOS_PDF_Templates/PDF_Lib/graph.php # modules/AOS_PDF_Templates/PDF_Lib/includes/functions.php # modules/AOS_PDF_Templates/PDF_Lib/includes/out.php # modules/AOS_PDF_Templates/PDF_Lib/mpdf.php # modules/AOS_PDF_Templates/PDF_Lib/mpdfi/filters/FilterASCII85.php # modules/AOS_PDF_Templates/PDF_Lib/mpdfi/filters/FilterLZW.php # modules/AOS_PDF_Templates/PDF_Lib/mpdfi/fpdi_pdf_parser.php # modules/AOS_PDF_Templates/PDF_Lib/mpdfi/pdf_context.php # modules/AOS_PDF_Templates/PDF_Lib/mpdfi/pdf_parser.php # modules/AOS_PDF_Templates/PDF_Lib/utils/font_coverage.php # modules/AOS_PDF_Templates/PDF_Lib/utils/font_dump.php # modules/AOS_PDF_Templates/PDF_Lib/utils/font_names.php # modules/AOW_WorkFlow/AOW_WorkFlow.php # modules/Contacts/Contact.php # modules/Emails/views/view.compose.php # modules/FP_events/controller.php # modules/UpgradeWizard/silentUpgrade.php # modules/UpgradeWizard/silentUpgrade_step1.php # modules/Users/authentication/SAML2Authenticate/lib/onelogin/php-saml/lib/Saml2/Response.php # service/core/SoapHelperWebService.php # service/v2/registry.php # service/v2_1/registry.php # service/v3/SugarWebServiceUtilv3.php # service/v3/registry.php # service/v3_1/registry.php # service/v4/registry.php # service/v4_1/SugarWebServiceImplv4_1.php # service/v4_1/registry.php # soap/SoapHelperFunctions.php # soap/SoapPortalUsers.php # soap/SoapSugarUsers.php # suitecrm_version.php # tests/_support/Step/Acceptance/Accounts.php # tests/acceptance/Core/BasicModuleCest.php # tests/acceptance/Core/CompanyModuleCest.php # tests/acceptance/Core/FileModuleCest.php # tests/acceptance/Core/IssueModuleCest.php # tests/acceptance/Core/ModuleBuilderFieldsCest.php # tests/acceptance/Core/PersonModuleCest.php # tests/acceptance/Core/SaleModuleCest.php # tests/acceptance/modules/AOW_Workflow/AOW_WorkflowCest.php # tests/acceptance/modules/Accounts/AccountsCest.php # tests/acceptance/modules/Activities/ActivitiesCest.php # tests/acceptance/modules/Calls/CallsCest.php # tests/acceptance/modules/Cases/CasesCest.php # tests/acceptance/modules/Contracts/ContractsCest.php # tests/acceptance/modules/History/HistoryCest.php # tests/acceptance/modules/Opportunities/OpportunitiesCest.php # tests/acceptance/modules/Users/UsersCest.php # tests/acceptance/modules/jjwg_Maps/jjwg_MapsCest.php # themes/SuiteP/css/Dawn/style.css # themes/SuiteP/css/Day/style.css # themes/SuiteP/css/Dusk/style.css # themes/SuiteP/css/Night/style.css
152 lines
6.3 KiB
PHP
Executable file
152 lines
6.3 KiB
PHP
Executable file
<?php
|
|
if (!defined('sugarEntry') || !sugarEntry) {
|
|
die('Not A Valid Entry Point');
|
|
}
|
|
/**
|
|
*
|
|
* SugarCRM Community Edition is a customer relationship management program developed by
|
|
* SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc.
|
|
*
|
|
* SuiteCRM is an extension to SugarCRM Community Edition developed by SalesAgility Ltd.
|
|
* Copyright (C) 2011 - 2018 SalesAgility Ltd.
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify it under
|
|
* the terms of the GNU Affero General Public License version 3 as published by the
|
|
* Free Software Foundation with the addition of the following permission added
|
|
* to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
|
|
* IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
|
|
* OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
|
* FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
|
* details.
|
|
*
|
|
* You should have received a copy of the GNU Affero General Public License along with
|
|
* this program; if not, see http://www.gnu.org/licenses or write to the Free
|
|
* Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
|
* 02110-1301 USA.
|
|
*
|
|
* You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
|
|
* SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
|
|
*
|
|
* The interactive user interfaces in modified source and object code versions
|
|
* of this program must display Appropriate Legal Notices, as required under
|
|
* Section 5 of the GNU Affero General Public License version 3.
|
|
*
|
|
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
|
|
* these Appropriate Legal Notices must retain the display of the "Powered by
|
|
* SugarCRM" logo and "Supercharged by SuiteCRM" logo. If the display of the logos is not
|
|
* reasonably feasible for technical reasons, the Appropriate Legal Notices must
|
|
* display the words "Powered by SugarCRM" and "Supercharged by SuiteCRM".
|
|
*/
|
|
|
|
|
|
|
|
|
|
/**
|
|
* This file is where the user authentication occurs. No redirection should happen in this file.
|
|
*
|
|
*/
|
|
require_once('modules/Users/authentication/SugarAuthenticate/SugarAuthenticateUser.php');
|
|
class EmailAuthenticateUser extends SugarAuthenticateUser
|
|
{
|
|
public $passwordLength = 4;
|
|
|
|
|
|
/**
|
|
* this is called when a user logs in
|
|
*
|
|
* @param STRING $name
|
|
* @param STRING $password
|
|
* @return boolean
|
|
*/
|
|
public function loadUserOnLogin($name, $password)
|
|
{
|
|
global $login_error;
|
|
|
|
$GLOBALS['log']->debug("Starting user load for ". $name);
|
|
if (empty($name) || empty($password)) {
|
|
return false;
|
|
}
|
|
|
|
if (empty($_SESSION['lastUserId'])) {
|
|
$input_hash = SugarAuthenticate::encodePassword($password);
|
|
$user_id = $this->authenticateUser($name, $input_hash);
|
|
if (empty($user_id)) {
|
|
$GLOBALS['log']->fatal('SECURITY: User authentication for '.$name.' failed');
|
|
return false;
|
|
}
|
|
}
|
|
|
|
if (empty($_SESSION['emailAuthToken'])) {
|
|
$_SESSION['lastUserId'] = $user_id;
|
|
$_SESSION['lastUserName'] = $name;
|
|
$_SESSION['emailAuthToken'] = '';
|
|
for ($i = 0; $i < $this->passwordLength; $i++) {
|
|
$_SESSION['emailAuthToken'] .= chr(mt_rand(48, 90));
|
|
}
|
|
$_SESSION['emailAuthToken'] = str_replace(array('<', '>'), array('#', '@'), $_SESSION['emailAuthToken']);
|
|
$_SESSION['login_error'] = 'Please Enter Your User Name and Emailed Session Token';
|
|
$this->sendEmailPassword($user_id, $_SESSION['emailAuthToken']);
|
|
return false;
|
|
} else {
|
|
if (strcmp($name, $_SESSION['lastUserName']) == 0 && strcmp($password, $_SESSION['emailAuthToken']) == 0) {
|
|
$this->loadUserOnSession($_SESSION['lastUserId']);
|
|
unset($_SESSION['lastUserId']);
|
|
unset($_SESSION['lastUserName']);
|
|
unset($_SESSION['emailAuthToken']);
|
|
return true;
|
|
}
|
|
}
|
|
if (strcmp($name, $_SESSION['lastUserName']) == 0 && strcmp($password, $_SESSION['emailAuthToken']) == 0) {
|
|
$this->loadUserOnSession($_SESSION['lastUserId']);
|
|
unset($_SESSION['lastUserId']);
|
|
unset($_SESSION['lastUserName']);
|
|
unset($_SESSION['emailAuthToken']);
|
|
return true;
|
|
}
|
|
|
|
|
|
$_SESSION['login_error'] = 'Please Enter Your User Name and Emailed Session Token';
|
|
return false;
|
|
}
|
|
|
|
|
|
/**
|
|
* Sends the users password to the email address or sends
|
|
*
|
|
* @param unknown_type $user_id
|
|
* @param unknown_type $password
|
|
*/
|
|
public function sendEmailPassword($user_id, $password)
|
|
{
|
|
$result = DBManagerFactory::getInstance()->query("SELECT email1, email2, first_name, last_name FROM users WHERE id='$user_id'");
|
|
$row = DBManagerFactory::getInstance()->fetchByAssoc($result);
|
|
|
|
global $sugar_config;
|
|
if (empty($row['email1']) && empty($row['email2'])) {
|
|
$_SESSION['login_error'] = 'Please contact an administrator to setup up your email address associated to this account';
|
|
return;
|
|
}
|
|
|
|
require_once("include/SugarPHPMailer.php");
|
|
global $locale;
|
|
$OBCharset = $locale->getPrecedentPreference('default_email_charset');
|
|
$notify_mail = new SugarPHPMailer();
|
|
$notify_mail->CharSet = $sugar_config['default_charset'];
|
|
$notify_mail->AddAddress(((!empty($row['email1']))?$row['email1']: $row['email2']), $locale->translateCharsetMIME(trim($row['first_name'] . ' ' . $row['last_name']), 'UTF-8', $OBCharset));
|
|
|
|
$notify_mail->Subject = 'Sugar Token';
|
|
$notify_mail->Body = 'Your sugar session authentication token is: ' . $password;
|
|
$notify_mail->setMailerForSystem();
|
|
$notify_mail->From = 'no-reply@sugarcrm.com';
|
|
$notify_mail->FromName = 'Sugar Authentication';
|
|
|
|
if (!$notify_mail->Send()) {
|
|
$GLOBALS['log']->warn("Notifications: error sending e-mail (method: {$notify_mail->Mailer}), (error: {$notify_mail->ErrorInfo})");
|
|
} else {
|
|
$GLOBALS['log']->info("Notifications: e-mail successfully sent");
|
|
}
|
|
}
|
|
}
|