modules/Users/authentication/AuthenticationController.php

   1 <?php
   2 if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
   3 /*********************************************************************************
   4  * SugarCRM Community Edition is a customer relationship management program developed by
   5  * SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc.
   6  *
   7  * This program is free software; you can redistribute it and/or modify it under
   8  * the terms of the GNU Affero General Public License version 3 as published by the
   9  * Free Software Foundation with the addition of the following permission added
  10  * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
  11  * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
  12  * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
  13  *
  14  * This program is distributed in the hope that it will be useful, but WITHOUT
  15  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  16  * FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
  17  * details.
  18  *
  19  * You should have received a copy of the GNU Affero General Public License along with
  20  * this program; if not, see http://www.gnu.org/licenses or write to the Free
  21  * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  22  * 02110-1301 USA.
  23  *
  24  * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
  25  * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
  26  *
  27  * The interactive user interfaces in modified source and object code versions
  28  * of this program must display Appropriate Legal Notices, as required under
  29  * Section 5 of the GNU Affero General Public License version 3.
  30  *
  31  * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
  32  * these Appropriate Legal Notices must retain the display of the "Powered by
  33  * SugarCRM" logo. If the display of the logo is not reasonably feasible for
  34  * technical reasons, the Appropriate Legal Notices must display the words
  35  * "Powered by SugarCRM".
  36  ********************************************************************************/
  37
  38
  39
  40 class AuthenticationController
  41 {
  42         public $loggedIn = false; //if a user has attempted to login
  43         public $authenticated = false;
  44         public $loginSuccess = false;// if a user has successfully logged in
  45
  46         protected static $authcontrollerinstance = null;
  47
  48     /**
  49      * @var SugarAuthenticate
  50      */
  51     public $authController;
  52
  53         /**
  54          * Creates an instance of the authentication controller and loads it
  55          *
  56          * @param STRING $type - the authentication Controller - default to SugarAuthenticate
  57          * @return AuthenticationController -
  58          */
  59         public function __construct($type = 'SugarAuthenticate')
  60         {
  61             if ($type == 'SugarAuthenticate' && !empty($GLOBALS['system_config']->settings['system_ldap_enabled']) && empty($_SESSION['sugar_user'])){
  62                         $type = 'LDAPAuthenticate';
  63         }
  64
  65         // check in custom dir first, in case someone want's to override an auth controller
  66                 if (file_exists('custom/modules/Users/authentication/'.$type.'/' . $type . '.php')) {
  67             require_once('custom/modules/Users/authentication/'.$type.'/' . $type . '.php');
  68         } elseif (file_exists('modules/Users/authentication/'.$type.'/' . $type . '.php')) {
  69             require_once('modules/Users/authentication/'.$type.'/' . $type . '.php');
  70         } else {
  71             require_once('modules/Users/authentication/SugarAuthenticate/SugarAuthenticate.php');
  72             $type = 'SugarAuthenticate';
  73         }
  74
  75         $this->authController = new $type();
  76         }
  77
  78
  79         /**
  80          * Returns an instance of the authentication controller
  81          *
  82          * @param string $type this is the type of authetnication you want to use default is SugarAuthenticate
  83          * @return an instance of the authetnciation controller
  84          */
  85         public static function getInstance($type = 'SugarAuthenticate')
  86         {
  87                 if (empty(self::$authcontrollerinstance)) {
  88                         self::$authcontrollerinstance = new AuthenticationController($type);
  89                 }
  90
  91                 return self::$authcontrollerinstance;
  92         }
  93
  94         /**
  95          * This function is called when a user initially tries to login.
  96          *
  97          * @param string $username
  98          * @param string $password
  99          * @param array $PARAMS
 100          * @return boolean true if the user successfully logs in or false otherwise.
 101          */
 102         public function login($username, $password, $PARAMS = array())
 103         {
 104                 //kbrill bug #13225
 105                 $_SESSION['loginAttempts'] = (isset($_SESSION['loginAttempts']))? $_SESSION['loginAttempts'] + 1: 1;
 106                 unset($GLOBALS['login_error']);
 107
 108                 if($this->loggedIn)return $this->loginSuccess;
 109                 LogicHook::initialize()->call_custom_logic('Users', 'before_login');
 110
 111                 $this->loginSuccess = $this->authController->loginAuthenticate($username, $password, false, $PARAMS);
 112                 $this->loggedIn = true;
 113
 114                 if($this->loginSuccess){
 115                         //Ensure the user is authorized
 116                         checkAuthUserStatus();
 117
 118                         loginLicense();
 119                         if(!empty($GLOBALS['login_error'])){
 120                                 unset($_SESSION['authenticated_user_id']);
 121                                 $GLOBALS['log']->fatal('FAILED LOGIN: potential hack attempt:'.$GLOBALS['login_error']);
 122                                 $this->loginSuccess = false;
 123                                 return false;
 124                         }
 125
 126                         //call business logic hook
 127                         if(isset($GLOBALS['current_user']))
 128                                 $GLOBALS['current_user']->call_custom_logic('after_login');
 129
 130                         // Check for running Admin Wizard
 131                         $config = new Administration();
 132                         $config->retrieveSettings();
 133                     if ( is_admin($GLOBALS['current_user']) && empty($config->settings['system_adminwizard']) && $_REQUEST['action'] != 'AdminWizard' ) {
 134                                 $GLOBALS['module'] = 'Configurator';
 135                                 $GLOBALS['action'] = 'AdminWizard';
 136                                 ob_clean();
 137                                 header("Location: index.php?module=Configurator&action=AdminWizard");
 138                                 sugar_cleanup(true);
 139                         }
 140
 141                         $ut = $GLOBALS['current_user']->getPreference('ut');
 142                         $checkTimeZone = true;
 143                         if (is_array($PARAMS) && !empty($PARAMS) && isset($PARAMS['passwordEncrypted'])) {
 144                                 $checkTimeZone = false;
 145                         } // if
 146                         if(empty($ut) && $checkTimeZone && $_REQUEST['action'] != 'SetTimezone' && $_REQUEST['action'] != 'SaveTimezone' ) {
 147                                 $GLOBALS['module'] = 'Users';
 148                                 $GLOBALS['action'] = 'Wizard';
 149                                 ob_clean();
 150                                 header("Location: index.php?module=Users&action=Wizard");
 151                                 sugar_cleanup(true);
 152                         }
 153                 }else{
 154                         //kbrill bug #13225
 155                         LogicHook::initialize();
 156                         $GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed');
 157                         $GLOBALS['log']->fatal('FAILED LOGIN:attempts[' .$_SESSION['loginAttempts'] .'] - '. $username);
 158                 }
 159                 // if password has expired, set a session variable
 160
 161                 return $this->loginSuccess;
 162         }
 163
 164         /**
 165          * This is called on every page hit.
 166          * It returns true if the current session is authenticated or false otherwise
 167          *
 168          * @return booelan
 169          */
 170         public function sessionAuthenticate()
 171         {
 172                 if(!$this->authenticated){
 173                         $this->authenticated = $this->authController->sessionAuthenticate();
 174                 }
 175                 if($this->authenticated){
 176                         if(!isset($_SESSION['userStats']['pages'])){
 177                             $_SESSION['userStats']['loginTime'] = time();
 178                             $_SESSION['userStats']['pages'] = 0;
 179                         }
 180                         $_SESSION['userStats']['lastTime'] = time();
 181                         $_SESSION['userStats']['pages']++;
 182
 183                 }
 184                 return $this->authenticated;
 185         }
 186
 187         /**
 188          * Called when a user requests to logout. Should invalidate the session and redirect
 189          * to the login page.
 190          */
 191         public function logout()
 192         {
 193                 $GLOBALS['current_user']->call_custom_logic('before_logout');
 194                 $this->authController->logout();
 195                 LogicHook::initialize();
 196                 $GLOBALS['logic_hook']->call_custom_logic('Users', 'after_logout');
 197         }
 198 }