2 if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
3 /*********************************************************************************
4 * SugarCRM Community Edition is a customer relationship management program developed by
5 * SugarCRM, Inc. Copyright (C) 2004-2012 SugarCRM Inc.
7 * This program is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU Affero General Public License version 3 as published by the
9 * Free Software Foundation with the addition of the following permission added
10 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
11 * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
12 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
14 * This program is distributed in the hope that it will be useful, but WITHOUT
15 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
16 * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
19 * You should have received a copy of the GNU Affero General Public License along with
20 * this program; if not, see http://www.gnu.org/licenses or write to the Free
21 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
24 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
25 * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
27 * The interactive user interfaces in modified source and object code versions
28 * of this program must display Appropriate Legal Notices, as required under
29 * Section 5 of the GNU Affero General Public License version 3.
31 * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
32 * these Appropriate Legal Notices must retain the display of the "Powered by
33 * SugarCRM" logo. If the display of the logo is not reasonably feasible for
34 * technical reasons, the Appropriate Legal Notices must display the words
35 * "Powered by SugarCRM".
36 ********************************************************************************/
42 * This file is where the user authentication occurs. No redirection should happen in this file.
45 class SugarAuthenticateUser{
48 * Does the actual authentication of the user and returns an id that will be used
49 * to load the current user (loadUserOnSession)
52 * @param STRING $password
53 * @param STRING $fallback - is this authentication a fallback from a failed authentication
54 * @return STRING id - used for loading the user
56 function authenticateUser($name, $password, $fallback=false) {
57 $name = $GLOBALS['db']->quote($name);
58 $password = $GLOBALS['db']->quote($password);
59 $query = "SELECT * from users where user_name='$name' AND user_hash='$password' AND (portal_only IS NULL OR portal_only !='1') AND (is_group IS NULL OR is_group !='1') AND status !='Inactive'";
60 $result =$GLOBALS['db']->limitQuery($query,0,1,false);
61 $row = $GLOBALS['db']->fetchByAssoc($result);
63 // set the ID in the seed user. This can be used for retrieving the full user record later
64 //if it's falling back on Sugar Authentication after the login failed on an external authentication return empty if the user has external_auth_disabled for them
65 if (empty ($row) || ($fallback && !empty($row['external_auth_only']))) {
72 * Checks if a user is a sugarLogin user
73 * which implies they should use the sugar authentication to login
76 * @param STRIUNG $password
79 function isSugarLogin($name, $password){
80 $password = SugarAuthenticate::encodePassword($password);
81 $name = $GLOBALS['db']->quote($name);
82 $password = $GLOBALS['db']->quote($password);
83 $query = "SELECT * from users where user_name='$name' AND user_hash='$password' AND (portal_only IS NULL OR portal_only !='1') AND (is_group IS NULL OR is_group !='1') AND status !='Inactive' AND sugar_login=1";
84 $result =$GLOBALS['db']->limitQuery($query,0,1,false);
85 $row = $GLOBALS['db']->fetchByAssoc($result);
91 * this is called when a user logs in
94 * @param STRING $password
95 * @param STRING $fallback - is this authentication a fallback from a failed authentication
98 function loadUserOnLogin($name, $password, $fallback = false, $PARAMS = array()) {
101 $GLOBALS['log']->debug("Starting user load for ". $name);
102 if(empty($name) || empty($password)) return false;
103 $user_hash = $password;
104 $passwordEncrypted = false;
105 if (!empty($PARAMS) && isset($PARAMS['passwordEncrypted']) && $PARAMS['passwordEncrypted']) {
106 $passwordEncrypted = true;
108 if (!$passwordEncrypted) {
109 $user_hash = SugarAuthenticate::encodePassword($password);
111 $user_id = $this->authenticateUser($name, $user_hash, $fallback);
112 if(empty($user_id)) {
113 $GLOBALS['log']->fatal('SECURITY: User authentication for '.$name.' failed');
116 $this->loadUserOnSession($user_id);
120 * Loads the current user bassed on the given user_id
122 * @param STRING $user_id
125 function loadUserOnSession($user_id=''){
126 if(!empty($user_id)){
127 $_SESSION['authenticated_user_id'] = $user_id;
130 if(!empty($_SESSION['authenticated_user_id']) || !empty($user_id)){
131 $GLOBALS['current_user'] = new User();
132 if($GLOBALS['current_user']->retrieve($_SESSION['authenticated_user_id'])){