2 if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
3 /*********************************************************************************
4 * SugarCRM is a customer relationship management program developed by
5 * SugarCRM, Inc. Copyright (C) 2004-2011 SugarCRM Inc.
7 * This program is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU Affero General Public License version 3 as published by the
9 * Free Software Foundation with the addition of the following permission added
10 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
11 * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
12 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
14 * This program is distributed in the hope that it will be useful, but WITHOUT
15 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
16 * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
19 * You should have received a copy of the GNU Affero General Public License along with
20 * this program; if not, see http://www.gnu.org/licenses or write to the Free
21 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
24 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
25 * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
27 * The interactive user interfaces in modified source and object code versions
28 * of this program must display Appropriate Legal Notices, as required under
29 * Section 5 of the GNU Affero General Public License version 3.
31 * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
32 * these Appropriate Legal Notices must retain the display of the "Powered by
33 * SugarCRM" logo. If the display of the logo is not reasonably feasible for
34 * technical reasons, the Appropriate Legal Notices must display the words
35 * "Powered by SugarCRM".
36 ********************************************************************************/
40 class AuthenticationController {
41 var $loggedIn = false; //if a user has attempted to login
42 var $authenticated = false;
43 var $loginSuccess = false;// if a user has successfully logged in
46 * Creates an instance of the authentication controller and loads it
48 * @param STRING $type - the authentication Controller - default to SugarAuthenticate
49 * @return AuthenticationController -
51 function AuthenticationController($type = 'SugarAuthenticate') {
52 if(!file_exists('modules/Users/authentication/'.$type.'/' . $type . '.php'))$type = 'SugarAuthenticate';
55 if($type == 'SugarAuthenticate' && !empty($GLOBALS['system_config']->settings['system_ldap_enabled']) && empty($_SESSION['sugar_user'])){
56 $type = 'LDAPAuthenticate';
61 require_once ('modules/Users/authentication/'.$type.'/' . $type . '.php');
62 $this->authController = new $type();
67 * Returns an instance of the authentication controller
69 * @param STRING $type this is the type of authetnication you want to use default is SugarAuthenticate
70 * @return an instance of the authetnciation controller
72 function &getInstance($type='SugarAuthenticate'){
73 static $authcontroller;
74 if(empty($authcontroller)){
75 $authcontroller = new AuthenticationController($type);
77 return $authcontroller;
81 * This function is called when a user initially tries to login.
82 * It will return true if the user successfully logs in or false otherwise.
84 * @param STRING $username
85 * @param STRING $password
86 * @param ARRAY $PARAMS
89 function login($username, $password, $PARAMS = array ()) {
91 $_SESSION['loginAttempts'] = (isset($_fSESSION['loginAttempts']))? $_SESSION['loginAttempts'] + 1: 1;
92 unset($GLOBALS['login_error']);
94 if($this->loggedIn)return $this->loginSuccess;
96 $this->loginSuccess = $this->authController->loginAuthenticate($username, $password, false, $PARAMS);
97 $this->loggedIn = true;
99 if($this->loginSuccess){
100 //Ensure the user is authorized
101 checkAuthUserStatus();
104 if(!empty($GLOBALS['login_error'])){
105 unset($_SESSION['authenticated_user_id']);
106 $GLOBALS['log']->fatal('FAILED LOGIN: potential hack attempt');
107 $this->loginSuccess = false;
111 //call business logic hook
112 if(isset($GLOBALS['current_user']))
113 $GLOBALS['current_user']->call_custom_logic('after_login');
115 // Check for running Admin Wizard
116 $config = new Administration();
117 $config->retrieveSettings();
118 if ( is_admin($GLOBALS['current_user']) && $_REQUEST['action'] != 'AdminWizard' && empty($config->settings['system_adminwizard']) ) {
119 $GLOBALS['module'] = 'Configurator';
120 $GLOBALS['action'] = 'AdminWizard';
122 header("Location: index.php?module=Configurator&action=AdminWizard");
126 $ut = $GLOBALS['current_user']->getPreference('ut');
127 $checkTimeZone = true;
128 if (is_array($PARAMS) && !empty($PARAMS) && isset($PARAMS['passwordEncrypted'])) {
129 $checkTimeZone = false;
131 if(empty($ut) && $_REQUEST['action'] != 'SetTimezone' && $_REQUEST['action'] != 'SaveTimezone' && $checkTimeZone) {
132 $GLOBALS['module'] = 'Users';
133 $GLOBALS['action'] = 'Wizard';
135 header("Location: index.php?module=Users&action=Wizard");
140 LogicHook::initialize();
141 $GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed');
142 $GLOBALS['log']->fatal('FAILED LOGIN:attempts[' .$_SESSION['loginAttempts'] .'] - '. $username);
144 // if password has expired, set a session variable
146 return $this->loginSuccess;
150 * This is called on every page hit.
151 * It returns true if the current session is authenticated or false otherwise
154 function sessionAuthenticate() {
156 if(!$this->authenticated){
157 $this->authenticated = $this->authController->sessionAuthenticate();
159 if($this->authenticated){
160 if(!isset($_SESSION['userStats']['pages'])){
161 $_SESSION['userStats']['loginTime'] = time();
162 $_SESSION['userStats']['pages'] = 0;
164 $_SESSION['userStats']['lastTime'] = time();
165 $_SESSION['userStats']['pages']++;
168 return $this->authenticated;
172 * Called when a user requests to logout. Should invalidate the session and redirect
177 $GLOBALS['current_user']->call_custom_logic('before_logout');
178 $this->authController->logout();
179 LogicHook::initialize();
180 $GLOBALS['logic_hook']->call_custom_logic('Users', 'after_logout');