Add mutli-factor authentication.

core/authentication/app_config.php

@@ -5,7 +5,7 @@
 		$apps[$x]['uuid'] = "a8a12918-69a4-4ece-a1ae-3932be0e41f1";
 		$apps[$x]['category'] = "Core";
 		$apps[$x]['subcategory'] = "";
-		$apps[$x]['version'] = "1.0";
+		$apps[$x]['version'] = "1.1";
 		$apps[$x]['license'] = "Mozilla Public License 1.1";
 		$apps[$x]['url'] = "http://www.fusionpbx.com";
 		$apps[$x]['description']['en-us'] = "Provides an authentication framework with plugins to check if a user is authorized to login.";

core/authentication/app_defaults.php

@@ -0,0 +1,100 @@
+ <?php
+
+
+//add fax email templates
+	if ($domains_processed == 1) {
+
+		//build the array
+		$x = 0;
+		$array['email_templates'][$x]['email_template_uuid'] = 'e68ff1d0-aac3-4089-a257-2124a71938bc';
+		$array['email_templates'][$x]['template_language'] = 'en-us';
+		$array['email_templates'][$x]['template_category'] = 'authentication';
+		$array['email_templates'][$x]['template_subcategory'] = 'email';
+		$array['email_templates'][$x]['template_subject'] = 'Authentication Code';
+		$array['email_templates'][$x]['template_body'] .= "<html>\n";
+		$array['email_templates'][$x]['template_body'] .= "	<body>\n";
+		$array['email_templates'][$x]['template_body'] .= "		<br />\n";
+		$array['email_templates'][$x]['template_body'] .= "		<br><strong>Security Code</strong><br><br>\n";
+		$array['email_templates'][$x]['template_body'] .= "		Use the following code to verify your identity.<br>\n";
+		$array['email_templates'][$x]['template_body'] .= "		Authentication Code: \${auth_code}<br>\n";
+		$array['email_templates'][$x]['template_body'] .= "		<br />\n";
+		$array['email_templates'][$x]['template_body'] .= "	</body>\n";
+		$array['email_templates'][$x]['template_body'] .= "</html>\n";
+		$array['email_templates'][$x]['template_type'] = "html";
+		$array['email_templates'][$x]['template_enabled'] = "true";
+		$x++;
+		$array['email_templates'][$x]['email_template_uuid'] = '9a9e3b5f-c439-47da-a901-90dcd340d101';
+		$array['email_templates'][$x]['template_language'] = 'en-gb';
+		$array['email_templates'][$x]['template_category'] = 'authentication';
+		$array['email_templates'][$x]['template_subcategory'] = 'email';
+		$array['email_templates'][$x]['template_subject'] = 'Authentication Code';
+		$array['email_templates'][$x]['template_body'] .= "<html>\n";
+		$array['email_templates'][$x]['template_body'] .= "	<body>\n";
+		$array['email_templates'][$x]['template_body'] .= "		<br />\n";
+		$array['email_templates'][$x]['template_body'] .= "		<br><strong>Security Code</strong><br><br>\n";
+		$array['email_templates'][$x]['template_body'] .= "		Use the following code to verify your identity.<br>\n";
+		$array['email_templates'][$x]['template_body'] .= "		Authentication Code: \${auth_code}<br>\n";
+		$array['email_templates'][$x]['template_body'] .= "		<br />\n";
+		$array['email_templates'][$x]['template_body'] .= "	</body>\n";
+		$array['email_templates'][$x]['template_body'] .= "</html>\n";
+		$array['email_templates'][$x]['template_type'] = "html";
+		$array['email_templates'][$x]['template_enabled'] = "true";
+		$x++;
+
+		//build array of email template uuids
+		foreach ($array['email_templates'] as $row) {
+			if (is_uuid($row['email_template_uuid'])) {
+				$uuids[] = $row['email_template_uuid'];
+			}
+		}
+
+		//add the email templates to the database
+		if (is_array($uuids) && @sizeof($uuids) != 0) {
+			$sql = "select * from v_email_templates where ";
+			foreach ($uuids as $index => $uuid) {
+				$sql_where[] = "email_template_uuid = :email_template_uuid_".$index;
+				$parameters['email_template_uuid_'.$index] = $uuid;
+			}
+			$sql .= implode(' or ', $sql_where);
+			$database = new database;
+			$email_templates = $database->select($sql, $parameters, 'all');
+			unset($sql, $sql_where, $parameters);
+
+			//remove templates that already exist from the array
+			foreach ($array['email_templates'] as $index => $row) {
+				if (is_array($email_templates) && @sizeof($email_templates) != 0) {
+					foreach($email_templates as $email_template) {
+						if ($row['email_template_uuid'] == $email_template['email_template_uuid']) {
+							unset($array['email_templates'][$index]);
+						}
+					}
+				}
+			}
+			unset($email_templates, $index);
+		}
+
+		//add the missing email templates
+		if (is_array($array['email_templates']) && @sizeof($array['email_templates']) != 0) {
+			//add the temporary permission
+			$p = new permissions;
+			$p->add("email_template_add", 'temp');
+			$p->add("email_template_edit", 'temp');
+
+			//save the data
+			$database = new database;
+			$database->app_name = 'email_templates';
+			$database->app_uuid = '8173e738-2523-46d5-8943-13883befd2fd';
+			$database->save($array);
+			//$message = $database->message;
+
+			//remove the temporary permission
+			$p->delete("email_template_add", 'temp');
+			$p->delete("email_template_edit", 'temp');
+		}
+
+		//remove the array
+		unset($array);
+
+	}
+
+?>

core/authentication/app_languages.php

@@ -0,0 +1,72 @@
+<?php
+
+$text['label-authentication_code']['en-us'] = "Authentication Code";
+$text['label-authentication_code']['en-gb'] = "Authentication Code";
+$text['label-authentication_code']['ar-eg'] = "";
+$text['label-authentication_code']['de-at'] = ""; //copied from de-de
+$text['label-authentication_code']['de-ch'] = ""; //copied from de-de
+$text['label-authentication_code']['de-de'] = "";
+$text['label-authentication_code']['el-gr'] = "";
+$text['label-authentication_code']['es-cl'] = "";
+$text['label-authentication_code']['es-mx'] = ""; //copied from es-cl
+$text['label-authentication_code']['fr-ca'] = ""; //copied from fr-fr
+$text['label-authentication_code']['fr-fr'] = "";
+$text['label-authentication_code']['he-il'] = "";
+$text['label-authentication_code']['it-it'] = "";
+$text['label-authentication_code']['nl-nl'] = "";
+$text['label-authentication_code']['pl-pl'] = "";
+$text['label-authentication_code']['pt-br'] = ""; //copied from pt-pt
+$text['label-authentication_code']['pt-pt'] = "";
+$text['label-authentication_code']['ro-ro'] = "";
+$text['label-authentication_code']['ru-ru'] = "";
+$text['label-authentication_code']['sv-se'] = "";
+$text['label-authentication_code']['uk-ua'] = "";
+$text['label-authentication_code']['tr-tr'] = "";
+
+$text['label-verify']['en-us'] = "Verify";
+$text['label-verify']['en-gb'] = "Verify";
+$text['label-verify']['ar-eg'] = "";
+$text['label-verify']['de-at'] = ""; //copied from de-de
+$text['label-verify']['de-ch'] = ""; //copied from de-de
+$text['label-verify']['de-de'] = "";
+$text['label-verify']['el-gr'] = "";
+$text['label-verify']['es-cl'] = "";
+$text['label-verify']['es-mx'] = ""; //copied from es-cl
+$text['label-verify']['fr-ca'] = ""; //copied from fr-fr
+$text['label-verify']['fr-fr'] = "";
+$text['label-verify']['he-il'] = "";
+$text['label-verify']['it-it'] = "";
+$text['label-verify']['nl-nl'] = "";
+$text['label-verify']['pl-pl'] = "";
+$text['label-verify']['pt-br'] = ""; //copied from pt-pt
+$text['label-verify']['pt-pt'] = "";
+$text['label-verify']['ro-ro'] = "";
+$text['label-verify']['ru-ru'] = "";
+$text['label-verify']['sv-se'] = "";
+$text['label-verify']['uk-ua'] = "";
+$text['label-verify']['tr-tr'] = "";
+
+$text['label-email_description']['en-us'] = "Check your email for the verification code.";
+$text['label-email_description']['en-gb'] = "Check your email for the verification code.";
+$text['label-email_description']['ar-eg'] = "";
+$text['label-email_description']['de-at'] = ""; //copied from de-de
+$text['label-email_description']['de-ch'] = ""; //copied from de-de
+$text['label-email_description']['de-de'] = "";
+$text['label-email_description']['el-gr'] = "";
+$text['label-email_description']['es-cl'] = "";
+$text['label-email_description']['es-mx'] = ""; //copied from es-cl
+$text['label-email_description']['fr-ca'] = ""; //copied from fr-fr
+$text['label-email_description']['fr-fr'] = "";
+$text['label-email_description']['he-il'] = "";
+$text['label-email_description']['it-it'] = "";
+$text['label-email_description']['nl-nl'] = "";
+$text['label-email_description']['pl-pl'] = "";
+$text['label-email_description']['pt-br'] = ""; //copied from pt-pt
+$text['label-email_description']['pt-pt'] = "";
+$text['label-email_description']['ro-ro'] = "";
+$text['label-email_description']['ru-ru'] = "";
+$text['label-email_description']['sv-se'] = "";
+$text['label-email_description']['uk-ua'] = "";
+$text['label-email_description']['tr-tr'] = "";
+
+?>

core/authentication/resources/classes/authentication.php

@@ -11,14 +11,10 @@ class authentication {
 	/**
 	 * Define variables and their scope
 	 */
-	public $debug;
-	public $db;
 	public $domain_uuid;
 	public $domain_name;
 	public $username;
 	public $password;
-	public $plugins;
-	public $key;
 
 	/**
 	 * Called when the object is created
@@ -43,16 +39,21 @@ class authentication {
 	 */
 	public function validate() {
 
-		//set the default authentication method to the database
-			if (!is_array($_SESSION['authentication']['methods'])) {
-				$_SESSION['authentication']['methods'][]  = 'database';	
-			}
-
 		//get the domain_name and domain_uuid
 			if (!isset($this->domain_name) || !isset($this->domain_uuid)) {
 				$this->get_domain();
 			}
 
+		//start the session if its not started
+			if (session_status() === PHP_SESSION_NONE) {
+				session_start();
+			}
+
+		//set the default authentication method to the database
+			if (!is_array($_SESSION['authentication']['methods'])) {
+				$_SESSION['authentication']['methods'][]  = 'database';	
+			}
+
 		//automatically block multiple authentication failures
 			if (!isset($_SESSION['users']['max_retry']['numeric'])) {
 				$_SESSION['users']['max_retry']['numeric'] = 5;
@@ -88,52 +89,328 @@ class authentication {
 
 		//use the authentication plugins
 			foreach ($_SESSION['authentication']['methods'] as $name) {
+
+				//already processed the plugin move to the next plugin
+				if ($_SESSION['authentication']['plugin'][$name]['authorized']) {
+					continue;
+				}
+
+				//prepare variables
 				$class_name = "plugin_".$name;
 				$base = realpath(dirname(__FILE__)) . "/plugins";
 				$plugin = $base."/".$name.".php";
+
+				//process the plugin
 				if (file_exists($plugin)) {
 					include_once $plugin;
 					$object = new $class_name();
 					$object->debug = $this->debug;
 					$object->domain_name = $this->domain_name;
 					$object->domain_uuid = $this->domain_uuid;
-					if (strlen($this->key) > 0) {
+					if ($plugin == 'database' && isset($this->key)) {
 						$object->key = $this->key;
 					}
-					if (strlen($this->username) > 0) {
+					if ($plugin == 'database' && isset($this->username)) {
 						$object->username = $this->username;
 						$object->password = $this->password;
 					}
 					$array = $object->$name();
+
+					$id = $array["plugin"];
 					$result['plugin'] = $array["plugin"];
 					$result['domain_name'] = $array["domain_name"];
 					$result['username'] = $array["username"];
-					if ($this->debug) {
-						$result["password"] = $this->password;
-					}
 					$result['user_uuid'] = $array["user_uuid"];
 					$result['contact_uuid'] = $array["contact_uuid"];
 					$result['domain_uuid'] = $array["domain_uuid"];
 					$result['authorized'] = $array["authorized"];
-					if (count($_SESSION['authentication']['methods']) > 1) {
-						$result['results'][] = $array;
-					}
 
-					if ($result["authorized"] == "true") {
-						//add the username to the session
-						$_SESSION['username'] = $result["username"];
+					//save the result to the authentication plugin
+					$_SESSION['authentication']['plugin'][$name] = $result;
+				}
+			}
+
+		//make sure all plugins are in the array
+			foreach ($_SESSION['authentication']['methods'] as $name) {
+				if (!isset($_SESSION['authentication']['plugin'][$name]['authorized'])) {
+					$_SESSION['authentication']['plugin'][$name]['plugin'] = $name;
+					$_SESSION['authentication']['plugin'][$name]['domain_name'] = $_SESSION['domain_name'];
+					$_SESSION['authentication']['plugin'][$name]['domain_uuid'] = $_SESSION['domain_uuid'];
+					$_SESSION['authentication']['plugin'][$name]['username'] = $_SESSION['username'];
+					$_SESSION['authentication']['plugin'][$name]['user_uuid'] = $_SESSION['user_uuid'];
+					$_SESSION['authentication']['plugin'][$name]['authorized'] = 0;
+				}
+			}
+
+		//debug information
+			//view_array($_SESSION['authentication'], false);
 
-						//end the loop
+		//set authorized to false if any authentication method failed
+			$authorized = false;
+			if (is_array($_SESSION['authentication']['plugin'])) {
+				foreach($_SESSION['authentication']['plugin'] as $row) {
+					if ($row["authorized"]) {
+						$authorized = true;
+					}
+					else {
+						$authorized = false;
 						break;
 					}
 				}
 			}
 
+		//result array
+			$result["plugin"] = "database";
+			$result["domain_name"] = $_SESSION['domain_name'];
+			if (!isset($_SESSION['username'])) {
+				$result["username"] = $_SESSION['username'];
+			}
+			if (!isset($_SESSION['user_uuid'])) {
+				$result["user_uuid"] = $_SESSION['user_uuid'];
+			}
+			$result["domain_uuid"] = $_SESSION['domain_uuid'];
+			if (!isset($_SESSION['contact_uuid'])) {
+				$result["contact_uuid"] = $_SESSION['contact_uuid'];
+			}
+			$result["authorized"] = $authorized;
+
 		//add user logs
-			if (file_exists($_SERVER["PROJECT_ROOT"]."/core/user_logs/app_config.php")) {
+			if ($result["authorized"]) {
 				user_logs::add($result);
 			}
 
+		//debug information
+			//if ($row["authorized"]) {
+			//	echo "authorized: true\n";
+			//}
+			//else {
+			//	echo "authorized: false\n";
+			//}
+
+		//user is authorized - get user settings, check user cidr
+			if ($authorized) {
+
+				//set a session variable to indicate authorized is set to true
+					$_SESSION['authorized'] = true;
+
+				//add the username to the session //username seesion could be set soone when check_auth uses an authorized session variable instead
+					$_SESSION['username'] = $result["username"];
+
+				//get the user settings
+					$sql = "select * from v_user_settings ";
+					$sql .= "where domain_uuid = :domain_uuid ";
+					$sql .= "and user_uuid = :user_uuid ";
+					$sql .= "and user_setting_enabled = 'true' ";
+					$parameters['domain_uuid'] = $result["domain_uuid"];
+					$parameters['user_uuid'] = $result["user_uuid"];
+					$database = new database;
+					$user_settings = $database->select($sql, $parameters, 'all');
+					unset($sql, $parameters);
+
+				//build the user cidr array
+					if (is_array($user_settings) && @sizeof($user_settings) != 0) {
+						foreach ($user_settings as $row) {
+							if ($row['user_setting_category'] == "domain" && $row['user_setting_subcategory'] == "cidr" && $row['user_setting_name'] == "array") {
+								$cidr_array[] = $row['user_setting_value'];
+							}
+						}
+					}
+
+				//check to see if user address is in the cidr array
+					if (isset($cidr_array) && !defined('STDIN')) {
+						$found = false;
+						foreach($cidr_array as $cidr) {
+							if (check_cidr($cidr, $_SERVER['REMOTE_ADDR'])) {
+								$found = true;
+								break;
+							}
+						}
+						if (!$found) {
+							//destroy session
+							session_unset();
+							session_destroy();
+
+							//send http 403
+							header('HTTP/1.0 403 Forbidden', true, 403);
+
+							//exit the code
+							exit();
+						}
+					}
+
+				//set the session variables
+					$_SESSION["domain_uuid"] = $result["domain_uuid"];
+					//$_SESSION["domain_name"] = $result["domain_name"];
+					$_SESSION["user_uuid"] = $result["user_uuid"];
+					$_SESSION["context"] = $result['domain_name'];
+
+				//user session array
+					$_SESSION["user"]["domain_uuid"] = $result["domain_uuid"];
+					$_SESSION["user"]["domain_name"] = $result["domain_name"];
+					$_SESSION["user"]["user_uuid"] = $result["user_uuid"];
+					$_SESSION["user"]["username"] = $result["username"];
+					$_SESSION["user"]["contact_uuid"] = $result["contact_uuid"];
+
+				//get the groups assigned to the user and then set the groups in $_SESSION["groups"]
+					$sql = "select ";
+					$sql .= "u.user_group_uuid, ";
+					$sql .= "u.domain_uuid, ";
+					$sql .= "u.user_uuid, ";
+					$sql .= "u.group_uuid, ";
+					$sql .= "g.group_name, ";
+					$sql .= "g.group_level ";
+					$sql .= "from ";
+					$sql .= "v_user_groups as u, ";
+					$sql .= "v_groups as g ";
+					$sql .= "where u.domain_uuid = :domain_uuid ";
+					$sql .= "and u.user_uuid = :user_uuid ";
+					$sql .= "and u.group_uuid = g.group_uuid ";
+					$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
+					$parameters['user_uuid'] = $_SESSION["user_uuid"];
+					$database = new database;
+					$result = $database->select($sql, $parameters, 'all');
+					$_SESSION["groups"] = $result;
+					$_SESSION["user"]["groups"] = $result;
+					unset($sql, $parameters);
+
+				//get the users group level
+					$_SESSION["user"]["group_level"] = 0;
+					foreach ($_SESSION['user']['groups'] as $row) {
+						if ($_SESSION["user"]["group_level"] < $row['group_level']) {
+							$_SESSION["user"]["group_level"] = $row['group_level'];
+						}
+					}
+
+				//get the permissions assigned to the groups that the user is a member of set the permissions in $_SESSION['permissions']
+					if (is_array($_SESSION["groups"]) && @sizeof($_SESSION["groups"]) != 0) {
+						$x = 0;
+						$sql = "select distinct(permission_name) from v_group_permissions ";
+						$sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";
+						foreach ($_SESSION["groups"] as $field) {
+							if (strlen($field['group_name']) > 0) {
+								$sql_where_or[] = "group_name = :group_name_".$x;
+								$parameters['group_name_'.$x] = $field['group_name'];
+								$x++;
+							}
+						}
+						if (is_array($sql_where_or) && @sizeof($sql_where_or) != 0) {
+							$sql .= "and (".implode(' or ', $sql_where_or).") ";
+						}
+						$sql .= "and permission_assigned = 'true' ";
+						$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
+						$database = new database;
+						$result = $database->select($sql, $parameters, 'all');
+						if (is_array($result) && @sizeof($result) != 0) {
+							foreach ($result as $row) {
+								$_SESSION['permissions'][$row["permission_name"]] = true;
+								$_SESSION["user"]["permissions"][$row["permission_name"]] = true;
+							}
+						}
+						unset($sql, $parameters, $result, $row);
+					}
+
+				//get the domains
+					if (file_exists($_SERVER["PROJECT_ROOT"]."/app/domains/app_config.php") && !is_cli()){
+						require_once "app/domains/resources/domains.php";
+					}
+
+				//get the user settings
+					if (is_array($user_settings) && @sizeof($user_settings) != 0) {
+						foreach ($user_settings as $row) {
+							$name = $row['user_setting_name'];
+							$category = $row['user_setting_category'];
+							$subcategory = $row['user_setting_subcategory'];
+							if (strlen($row['user_setting_value']) > 0) {
+								if (strlen($subcategory) == 0) {
+									//$$category[$name] = $row['domain_setting_value'];
+									if ($name == "array") {
+										$_SESSION[$category][] = $row['user_setting_value'];
+									}
+									else {
+										$_SESSION[$category][$name] = $row['user_setting_value'];
+									}
+								}
+								else {
+									//$$category[$subcategory][$name] = $row['domain_setting_value'];
+									if ($name == "array") {
+										$_SESSION[$category][$subcategory][] = $row['user_setting_value'];
+									}
+									else {
+										$_SESSION[$category][$subcategory][$name] = $row['user_setting_value'];
+									}
+								}
+							}
+						}
+					}
+					unset($user_settings);
+
+				//get the extensions that are assigned to this user
+					if (file_exists($_SERVER["PROJECT_ROOT"]."/app/extensions/app_config.php")) {
+						if (isset($_SESSION["user"]) && is_uuid($_SESSION["user_uuid"]) && is_uuid($_SESSION["domain_uuid"]) && !isset($_SESSION['user']['extension'])) {
+								//get the user extension list
+								$_SESSION['user']['extension'] = null;
+								$sql = "select ";
+								$sql .= "e.extension_uuid, ";
+								$sql .= "e.extension, ";
+								$sql .= "e.number_alias, ";
+								$sql .= "e.user_context, ";
+								$sql .= "e.outbound_caller_id_name, ";
+								$sql .= "e.outbound_caller_id_number, ";
+								$sql .= "e.description ";
+								$sql .= "from ";
+								$sql .= "v_extension_users as u, ";
+								$sql .= "v_extensions as e ";
+								$sql .= "where ";
+								$sql .= "e.domain_uuid = :domain_uuid ";
+								$sql .= "and e.extension_uuid = u.extension_uuid ";
+								$sql .= "and u.user_uuid = :user_uuid ";
+								$sql .= "and e.enabled = 'true' ";
+								$sql .= "order by ";
+								$sql .= "e.extension asc ";
+								$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+								$parameters['user_uuid'] = $_SESSION['user_uuid'];
+								$database = new database;
+								$result = $database->select($sql, $parameters, 'all');
+								if (is_array($result) && @sizeof($result) != 0) {
+									foreach($result as $x => $row) {
+										//set the destination
+										$destination = $row['extension'];
+										if (strlen($row['number_alias']) > 0) {
+											$destination = $row['number_alias'];
+										}
+
+										//build the user array
+										$_SESSION['user']['extension'][$x]['user'] = $row['extension'];
+										$_SESSION['user']['extension'][$x]['number_alias'] = $row['number_alias'];
+										$_SESSION['user']['extension'][$x]['destination'] = $destination;
+										$_SESSION['user']['extension'][$x]['extension_uuid'] = $row['extension_uuid'];
+										$_SESSION['user']['extension'][$x]['outbound_caller_id_name'] = $row['outbound_caller_id_name'];
+										$_SESSION['user']['extension'][$x]['outbound_caller_id_number'] = $row['outbound_caller_id_number'];
+										$_SESSION['user']['extension'][$x]['user_context'] = $row['user_context'];
+										$_SESSION['user']['extension'][$x]['description'] = $row['description'];
+
+										//set the context
+										$_SESSION['user']['user_context'] = $row["user_context"];
+										$_SESSION['user_context'] = $row["user_context"];
+									}
+								}
+								unset($sql, $parameters, $result, $row);
+						}
+					}
+
+				//set the time zone
+					if (!isset($_SESSION["time_zone"]["user"])) { $_SESSION["time_zone"]["user"] = null; }
+					if (strlen($_SESSION["time_zone"]["user"]) == 0) {
+						//set the domain time zone as the default time zone
+						date_default_timezone_set($_SESSION['domain']['time_zone']['name']);
+					}
+					else {
+						//set the user defined time zone
+						date_default_timezone_set($_SESSION["time_zone"]["user"]);
+					}
+
+			} //authorized true
+
 		//return the result
 			return $result;
 	}
@@ -152,6 +429,7 @@ class authentication {
 				if (count($username_array) > 1) {
 					//get the domain name
 						$domain_name =  $username_array[count($username_array) -1];
+
 					//check if the domain from the username exists then set the domain_uuid
 						$domain_exists = false;
 						foreach ($_SESSION['domains'] as $row) {
@@ -161,12 +439,14 @@ class authentication {
 								break;
 							}
 						}
+
 					//if the domain exists then set domain_name and update the username
 						if ($domain_exists) {
 							$this->domain_name = $domain_name;
 							$this->username = substr($_REQUEST["username"], 0, -(strlen($domain_name)+1));
 							$_SESSION['domain_uuid'] = $this->domain_uuid;
 						}
+
 					//unset the domain name variable
 						unset($domain_name);
 				}
@@ -196,7 +476,6 @@ class authentication {
 
 		//set the setting arrays
 			$obj = new domains();
-			$obj->db = $db;
 			$obj->set();
 
 		//set the domain settings

core/authentication/resources/classes/plugins/database.php

@@ -1,7 +1,7 @@
 <?php
 
 /**
- * plugin_database 
+ * plugin_database
  *
  * @method validate uses authentication plugins to check if a user is authorized to login
  * @method get_domain used to get the domain name from the URL or username and then sets both domain_name and domain_uuid
@@ -11,7 +11,6 @@ class plugin_database {
 	/**
 	 * Define variables and their scope
 	 */
-	public $debug;
 	public $domain_name;
 	public $domain_uuid;
 	public $user_uuid;
@@ -26,11 +25,122 @@ class plugin_database {
 	 */
 	function database() {
 
+		//already authorized
+			if (isset($_SESSION['authentication']['plugin']['database']) && $_SESSION['authentication']['plugin']['database']["authorized"]) {
+				//echo __line__;
+				return;
+			}
+			else {
+				if (isset($_SESSION['authentication']['plugin']['database']) && !$_SESSION['authentication']['plugin']['database']["authorized"]) {
+					//authorized false
+					session_unset();
+					session_destroy();
+				}
+			}
+
+		//show the authentication code view
+			if ($_REQUEST["username"] == '' && $_REQUEST["key"] == '') {
+
+				//set a default template
+					$_SESSION['domain']['template']['name'] = 'default';
+					$_SESSION['theme']['menu_brand_image']['text'] = PROJECT_PATH.'/themes/default/images/logo.png';
+					$_SESSION['theme']['menu_brand_type']['text'] = 'image';
+
+				//login logo source
+					if (isset($_SESSION['theme']['logo_login']['text']) && $_SESSION['theme']['logo_login']['text'] != '') {
+						$login_logo_source = $_SESSION['theme']['logo_login']['text'];
+					}
+					else if (isset($_SESSION['theme']['logo']['text']) && $_SESSION['theme']['logo']['text'] != '') {
+						$login_logo_source = $_SESSION['theme']['logo']['text'];
+					}
+					else {
+						$login_logo_source = PROJECT_PATH.'/themes/default/images/logo_login.png';
+					}
+
+				//login logo dimensions
+					if (isset($_SESSION['theme']['login_logo_width']['text']) && $_SESSION['theme']['login_logo_width']['text'] != '') {
+						$login_logo_width = $_SESSION['theme']['login_logo_width']['text'];
+					}
+					else {
+						$login_logo_width = 'auto; max-width: 300px';
+					}
+					if (isset($_SESSION['theme']['login_logo_height']['text']) && $_SESSION['theme']['login_logo_height']['text'] != '') {
+						$login_logo_height = $_SESSION['theme']['login_logo_height']['text'];
+					}
+					else {
+						$login_logo_height = 'auto; max-height: 300px';
+					}
+
+				//login destination url
+					$login_destination_url = $_SESSION['login']['destination']['url'];
+
+				//get the domain
+					$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
+					$domain_name = $domain_array[0];
+
+				//temp directory
+					$_SESSION['server']['temp']['dir'] = '/tmp';
+
+				//create token
+					//$object = new token;
+					//$token = $object->create('login');
+
+				//add multi-lingual support
+					$language = new text;
+					$text = $language->get(null, '/core/authentication');
+
+				//initialize a template object
+					$view = new template();
+					$view->engine = 'smarty';
+					$view->template_dir = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/core/authentication/resources/views/';
+					$view->cache_dir = $_SESSION['server']['temp']['dir'];
+					$view->init();
+
+				//add translations
+					$view->assign("login_title", $text['button-login']);
+					$view->assign("label_username", $text['label-username']);
+					$view->assign("label_password", $text['label-password']);
+					$view->assign("button_login", $text['button-login']);
+
+				//assign default values to the template
+					$view->assign("login_destination_url", $login_destination_url);
+					$view->assign("login_logo_width", $login_logo_width);
+					$view->assign("login_logo_height", $login_logo_height);
+					$view->assign("login_logo_source", $login_logo_source);
+
+				//add the token name and hash to the view
+					//$view->assign("token_name", $token['name']);
+					//$view->assign("token_hash", $token['hash']);
+
+				//show the views
+					$content = $view->render('login.htm');
+					echo $content;
+					exit;
+			}
+
+		//validate the token
+			//$token = new token;
+			//if (!$token->validate($_SERVER['PHP_SELF'])) {
+			//	message::add($text['message-invalid_token'],'negative');
+			//	header('Location: domains.php');
+			//	exit;
+			//}
+
+		//add the authentication details
+			if (isset($_REQUEST["username"]) && isset($_REQUEST["password"])) {
+				$this->username = $_REQUEST["username"];
+				$this->password = $_REQUEST["password"];
+			}
+			if (isset($_REQUEST["key"])) {
+				$this->key = $_REQUEST["key"];
+			}
+
 		//set the default status
 			$user_authorized = false;
 
 		//check the username and password if they don't match then redirect to the login
-			$sql = "select u.user_uuid, u.contact_uuid, u.username, u.password, u.salt, u.api_key, u.domain_uuid, d.domain_name ";
+			$sql = "select u.user_uuid, u.contact_uuid, u.username, u.password, ";
+			$sql .= "u.user_email, u.salt, u.api_key, u.domain_uuid, d.domain_name ";
 			$sql .= "from v_users as u, v_domains as d ";
 			$sql .= "where u.domain_uuid = d.domain_uuid ";
 			if (strlen($this->key) > 30) {
@@ -52,7 +162,11 @@ class plugin_database {
 			$sql .= "and (user_enabled = 'true' or user_enabled is null) ";
 			$database = new database;
 			$row = $database->select($sql, $parameters, 'row');
-			if (is_array($row) && @sizeof($row) !== 0) {
+			if (is_array($row)) {
+
+				//set the domain details
+					$this->domain_uuid = $_SESSION['domain_uuid'];
+					$this->domain_name = $_SESSION['domain_name'];
 
 				//get the domain uuid when users are unique globally
 					if ($_SESSION["users"]["unique"]["text"] === "global" && $row["domain_uuid"] !== $this->domain_uuid) {
@@ -70,10 +184,22 @@ class plugin_database {
 							$domain->set();
 					}
 
-				//set the user_uuid
+				//set the variables
 					$this->user_uuid = $row['user_uuid'];
+					$this->username = $row['username'];
 					$this->contact_uuid = $row['contact_uuid'];
 
+				//debug info
+					//echo "user_uuid ".$this->user_uuid."<br />\n";
+					//echo "username ".$this->username."<br />\n";
+					//echo "contact_uuid ".$this->contact_uuid."<br />\n";
+
+				//set a few session variables
+					$_SESSION["user_uuid"] = $row['user_uuid'];
+					$_SESSION["contact_uuid"] = $row["contact_uuid"];
+					$_SESSION["username"] = $row['username'];
+					$_SESSION["user_email"] = $row['user_email'];
+
 				//validate the password
 					$valid_password = false;
 					if (isset($this->key) && strlen($this->key) > 30 && $this->key === $row["api_key"]) {
@@ -82,7 +208,7 @@ class plugin_database {
 					else if (substr($row["password"], 0, 1) === '$') {
 						if (isset($this->password) && strlen($this->password) > 0) {
 							if (password_verify($this->password, $row["password"])) {
-								$valid_password = true; 
+								$valid_password = true;
 							}
 						}
 					}
@@ -137,20 +263,15 @@ class plugin_database {
 			$result["plugin"] = "database";
 			$result["domain_name"] = $this->domain_name;
 			$result["username"] = $this->username;
-			if ($this->debug) {
-				$result["password"] = $this->password;
-			}
 			$result["user_uuid"] = $this->user_uuid;
-			$result["domain_uuid"] = $this->domain_uuid;
+			$result["domain_uuid"] = $_SESSION['domain_uuid'];
 			$result["contact_uuid"] = $this->contact_uuid;
 			$result["sql"] = $sql;
-			if ($valid_password) {
-				$result["authorized"] = "true";
-			}
-			else {
-				$result["authorized"] = "false";
-			}
+			$result["authorized"] = $valid_password;
+
+		//return the results
 			return $result;
+
 	}
 }
 

core/authentication/resources/classes/plugins/email.php

@@ -0,0 +1,395 @@
+<?php
+
+/**
+ * plugin_email
+ *
+ * @method email time based one time password authenticate the user
+ */
+class plugin_email {
+
+	/**
+	 * Define variables and their scope
+	 */
+	public $domain_name;
+	public $domain_uuid;
+	public $username;
+	public $password;
+	public $user_uuid;
+	public $user_email;
+	public $contact_uuid;
+
+	/**
+	 * time based one time password with email
+	 * @return array [authorized] => true or false
+	 */
+	function email() {
+
+			//set a default template
+			$_SESSION['domain']['template']['name'] = 'default';
+			$_SESSION['theme']['menu_brand_image']['text'] = PROJECT_PATH.'/themes/default/images/logo.png';
+			$_SESSION['theme']['menu_brand_type']['text'] = 'image';
+
+			//login logo source
+			if (isset($_SESSION['theme']['logo_login']['text']) && $_SESSION['theme']['logo_login']['text'] != '') {
+				$login_logo_source = $_SESSION['theme']['logo_login']['text'];
+			}
+			else if (isset($_SESSION['theme']['logo']['text']) && $_SESSION['theme']['logo']['text'] != '') {
+				$login_logo_source = $_SESSION['theme']['logo']['text'];
+			}
+			else {
+				$login_logo_source = PROJECT_PATH.'/themes/default/images/logo_login.png';
+			}
+
+			//login logo dimensions
+			if (isset($_SESSION['theme']['login_logo_width']['text']) && $_SESSION['theme']['login_logo_width']['text'] != '') {
+				$login_logo_width = $_SESSION['theme']['login_logo_width']['text'];
+			}
+			else {
+				$login_logo_width = 'auto; max-width: 300px';
+			}
+			if (isset($_SESSION['theme']['login_logo_height']['text']) && $_SESSION['theme']['login_logo_height']['text'] != '') {
+				$login_logo_height = $_SESSION['theme']['login_logo_height']['text'];
+			}
+			else {
+				$login_logo_height = 'auto; max-height: 300px';
+			}
+
+			//login destination url
+			$login_destination_url = $_SESSION['login']['destination']['url'];
+
+			//get the domain
+			$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
+			$domain_name = $domain_array[0];
+
+			//temp directory
+			$_SESSION['server']['temp']['dir'] = '/tmp';
+
+		//request the username
+			if (!isset($_POST['username']) && !isset($_POST['authentication_code'])) {
+
+				//add multi-lingual support
+				$language = new text;
+				$text = $language->get(null, '/core/authentication');
+
+				//initialize a template object
+				$view = new template();
+				$view->engine = 'smarty';
+				$view->template_dir = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/core/authentication/resources/views/';
+				$view->cache_dir = $_SESSION['server']['temp']['dir'];
+				$view->init();
+
+				//assign default values to the template
+				$view->assign("login_title", $text['label-username']);
+				$view->assign("login_username", $text['label-username']);
+				$view->assign("login_logo_width", $login_logo_width);
+				$view->assign("login_logo_height", $login_logo_height);
+				$view->assign("login_logo_source", $login_logo_source);
+				$view->assign("button_login", $text['button-login']);
+					
+				//show the views
+				$content = $view->render('username.htm');
+				echo $content;
+				exit;
+
+			}
+
+		//show the authentication code view
+			if (!isset($_POST['authentication_code'])) {
+
+				//get the username
+				//if (!isset($this->username) && isset($_REQUEST['username'])) {
+				//	$this->username = $_REQUEST['username'];
+				//}
+
+				//get the user details
+				$sql = "select user_uuid, username, user_email, contact_uuid \n";
+				$sql .= "from v_users\n";
+				$sql .= "where username = :username\n";
+				if ($_SESSION["users"]["unique"]["text"] != "global") {
+					//unique username per domain (not globally unique across system - example: email address)
+					$sql .= "and domain_uuid = :domain_uuid ";
+					$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
+				}
+				$parameters['username'] = $_REQUEST['username'];
+				$database = new database;
+				$row = $database->select($sql, $parameters, 'row');
+				unset($parameters);
+
+				//set class variables
+				//if (strlen($row["user_email"]) > 0) {
+				//	$this->user_uuid = $row['user_uuid'];
+				//	$this->user_email = $row['user_email'];
+				//	$this->contact_uuid = $row['contact_uuid'];
+				//}
+
+				//set a few session variables
+				$_SESSION["user_uuid"] = $row['user_uuid'];
+				$_SESSION["username"] = $row['username'];
+				$_SESSION["user_email"] = $row['user_email'];
+				$_SESSION["contact_uuid"] = $row["contact_uuid"];
+
+				//user email not found
+				if (strlen($row["user_email"]) == 0) {
+					//build the result array
+					$result["plugin"] = "email";
+					$result["domain_name"] = $_SESSION["domain_name"];
+					$result["username"] = $_REQUEST['username'];
+					$result["user_uuid"] = $_SESSION["user_uuid"];
+					$result["domain_uuid"] = $_SESSION["domain_uuid"];
+					$result["contact_uuid"] = $_SESSION["contact_uuid"];
+					$result["authorized"] = false;
+
+					//add the failed login to user logs
+					user_logs::add($result);
+
+					//return the array
+					return $result;
+				}
+
+				//authentication code
+				$_SESSION["user"]["authentication"]["email"]["code"] = generate_password(6, 1);
+				$_SESSION["user"]["authentication"]["email"]["epoch"] = time();
+
+				////$_SESSION["authentication_address"] = $_SERVER['REMOTE_ADDR'];
+				////$_SESSION["authentication_date"] = 'now()';
+
+				//set the authentication code
+				//$sql = "update v_users \n";
+				//$sql .= "set auth_code = :auth_code \n";
+				//$sql .= "where user_uuid = :user_uuid;";
+				//$parameters['auth_code'] = $auth_code_hash;
+				//$parameters['user_uuid'] = $this->user_uuid;
+				//$database->execute($sql, $parameters);
+				//unset($sql);
+
+				//email settings
+				//$email_address = $this->user_email;
+				//$email_subject = 'Validation Code';
+				//$email_body = 'Validation Code: '.$authentication_code;
+
+				//send email with the authentication_code
+				//ob_start();
+				//$sent = !send_email($email_address, $email_subject, $email_body, $email_error, null, null, 3, 3) ? false : true;
+				//$response = ob_get_clean();
+
+				//get the language code
+				$language_code = $_SESSION['domain']['language']['code'];
+			
+				//get the email template from the database
+				$sql = "select template_subject, template_body ";
+				$sql .= "from v_email_templates ";
+				$sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";
+				$sql .= "and template_language = :template_language ";
+				$sql .= "and template_category = :template_category ";
+				$sql .= "and template_subcategory = :template_subcategory ";
+				$sql .= "and template_type = :template_type ";
+				$sql .= "and template_enabled = 'true' ";
+				$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
+				$parameters['template_language'] = $language_code;
+				$parameters['template_category'] = 'authentication';
+				$parameters['template_subcategory'] = 'email';
+				$parameters['template_type'] = 'html';
+				$database = new database;
+				$row = $database->select($sql, $parameters, 'row');
+				$email_subject = $row['template_subject'];
+				$email_body = $row['template_body'];
+				unset($sql, $parameters, $row);
+
+				//replace variables in email subject
+				$email_subject = str_replace('${domain_name}', $_SESSION["domain_name"], $email_subject);
+
+				//replace variables in email body
+				$email_body = str_replace('${domain_name}', $_SESSION["domain_name"], $email_body);
+				$email_body = str_replace('${auth_code}', $_SESSION["user"]["authentication"]["email"]["code"], $email_body);
+
+				//get the email from name and address
+				$email_from_address = $_SESSION['email']['smtp_from']['text'];
+				$email_from_name = $_SESSION['email']['smtp_from_name']['text'];
+
+				//send email - direct
+				$email = new email;
+				$email->recipients = $_SESSION["user_email"];
+				$email->subject = $email_subject;
+				$email->body = $email_body;
+				$email->from_address = $email_from_address;
+				$email->from_name = $email_from_name;
+				//$email->attachments = $email_attachments;
+				$email->debug_level = 0;
+				$email->method = 'direct';
+				$sent = $email->send();
+
+				//debug informations
+				//$email_response = $email->response;
+				//$email_error = $email->email_error;
+				//echo $email_response."<br />\n";
+				//echo $email_error."<br />\n";
+
+				//set a default template
+				$_SESSION['domain']['template']['name'] = 'default';
+				$_SESSION['theme']['menu_brand_image']['text'] = PROJECT_PATH.'/themes/default/images/logo.png';
+				$_SESSION['theme']['menu_brand_type']['text'] = 'image';
+
+				//get the domain
+				$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
+				$domain_name = $domain_array[0];
+
+				//temp directory
+				$_SESSION['server']['temp']['dir'] = '/tmp';
+
+				//create token
+				//$object = new token;
+				//$token = $object->create('login');
+
+				//add multi-lingual support
+				$language = new text;
+				$text = $language->get(null, '/core/authentication');
+
+				//initialize a template object
+				$view = new template();
+				$view->engine = 'smarty';
+				$view->template_dir = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/core/authentication/resources/views/';
+				$view->cache_dir = $_SESSION['server']['temp']['dir'];
+				$view->init();
+
+				//assign default values to the template
+				$view->assign("login_title", $text['label-verify']);
+				$view->assign("login_email_description", $text['label-email_description']);
+				$view->assign("login_authentication_code", $text['label-authentication_code']);
+				$view->assign("login_logo_width", $login_logo_width);
+				$view->assign("login_logo_height", $login_logo_height);
+				$view->assign("login_logo_source", $login_logo_source);
+				$view->assign("button_verify", $text['label-verify']);
+
+				//debug information
+				//echo "<pre>\n";
+				//print_r($text);
+				//echo "</pre>\n";
+
+				//show the views
+				$content = $view->render('email.htm');
+				echo $content;
+				exit;
+			}
+
+		//if authorized then verify
+			if (isset($_POST['authentication_code'])) {
+
+				//check if the authentication code has expired. if expired return false
+				if ($_SESSION["user"]["authentication"]["email"]["epoch"] + 3 > time()) {
+					//authentication code expired
+					$result["plugin"] = "email";
+					$result["domain_name"] = $_SESSION["domain_name"];
+					$result["username"] = $_SESSION["username"];
+					$result["error_message"] = 'code expired';
+					$result["authorized"] = false;
+					print_r($result);
+					return $result;
+					exit;
+				}
+
+				//get the user details
+				$sql = "select user_uuid, user_email, contact_uuid, user_email_secret\n";
+				$sql .= "from v_users\n";
+				$sql .= "where username = :username\n";
+				if ($_SESSION["users"]["unique"]["text"] != "global") {
+					//unique username per domain (not globally unique across system - example: email address)
+					$sql .= "and domain_uuid = :domain_uuid ";
+					$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
+				}
+				$parameters['username'] = $_SESSION["username"];
+				$database = new database;
+				$row = $database->select($sql, $parameters, 'row');
+				$this->user_uuid = $row['user_uuid'];
+				$this->user_email = $row['user_email'];
+				$this->contact_uuid = $row['contact_uuid'];
+				$this->user_email_secret = $row['user_email_secret'];
+				unset($parameters);
+
+				//validate the code
+				if ($_SESSION["user"]["authentication"]["email"]["code"] === $_POST['authentication_code']) {
+					$auth_valid = true;
+				}
+				else {
+					$auth_valid = false;
+				}
+
+				//get the user details
+				if ($auth_valid) {
+					//get user data from the database
+					$sql = "select user_uuid, username, user_email, contact_uuid from v_users ";
+					$sql .= "where user_uuid = :user_uuid ";
+					if ($_SESSION["users"]["unique"]["text"] != "global") {
+						//unique username per domain (not globally unique across system - example: email address)
+						$sql .= "and domain_uuid = :domain_uuid ";
+						$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
+					}
+					$parameters['user_uuid'] = $_SESSION["user_uuid"];
+					$database = new database;
+					$row = $database->select($sql, $parameters, 'row');
+					//view_array($row);
+					unset($parameters);
+
+					//set a few session variables
+					//$_SESSION["username"] = $row['username']; //setting the username makes it skip the rest of the authentication
+					//$_SESSION["user_email"] = $row['user_email'];
+					//$_SESSION["contact_uuid"] = $row["contact_uuid"];
+				}
+				else {
+					//destroy session
+					session_unset();
+					session_destroy();
+					//$_SESSION['authentication']['plugin']
+					//send http 403
+					header('HTTP/1.0 403 Forbidden', true, 403);
+
+					//redirect to the root of the website
+					header("Location: ".PROJECT_PATH."/");
+
+					//exit the code
+					exit();
+				}
+
+				/*
+				//check if user successfully logged in during the interval
+					//$sql = "select user_log_uuid, timestamp, user_name, user_agent, remote_address ";
+					$sql = "select count(*) as count ";
+					$sql .= "from v_user_logs ";
+					$sql .= "where domain_uuid = :domain_uuid ";
+					$sql .= "and user_uuid = :user_uuid ";
+					$sql .= "and user_agent = :user_agent ";
+					$sql .= "and type = 'login' ";
+					$sql .= "and result = 'success' ";
+					$sql .= "and floor(extract(epoch from now()) - extract(epoch from timestamp)) > 3 ";
+					$sql .= "and floor(extract(epoch from now()) - extract(epoch from timestamp)) < 300 ";
+					$parameters['domain_uuid'] = $this->domain_uuid;
+					$parameters['user_uuid'] = $this->user_uuid;
+					$parameters['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
+					$database = new database;
+					$user_log_count = $database->select($sql, $parameters, 'all');
+					//view_array($user_log_count);
+					unset($sql, $parameters);
+				*/
+
+				//result array
+				$result["plugin"] = "email";
+				$result["domain_name"] = $_SESSION["domain_name"];
+				$result["username"] = $_SESSION["username"];
+				$result["user_uuid"] = $_SESSION["user_uuid"];
+				$result["domain_uuid"] = $_SESSION["domain_uuid"];
+				$result["contact_uuid"] = $_SESSION["contact_uuid"];
+				$result["authorized"] = $auth_valid ? true : false;
+				return $result;
+
+				//$_SESSION['authentication']['plugin']['email']['plugin'] = "email";
+				//$_SESSION['authentication']['plugin']['email']['domain_name'] = $_SESSION["domain_name"];
+				//$_SESSION['authentication']['plugin']['email']['username'] = $row['username'];
+				//$_SESSION['authentication']['plugin']['email']['user_uuid'] = $_SESSION["user_uuid"];
+				//$_SESSION['authentication']['plugin']['email']['contact_uuid'] = $_SESSION["contact_uuid"];
+				//$_SESSION['authentication']['plugin']['email']['domain_uuid'] =  $_SESSION["domain_uuid"];
+				//$_SESSION['authentication']['plugin']['email']['authorized'] = $auth_valid ? true : false;
+			}
+
+	}
+}
+
+?>

core/authentication/resources/classes/plugins/ldap.php

@@ -140,15 +140,15 @@ class plugin_ldap {
 			}
 
 		//result array
-			$result["plugin"] = "ldap";
-			$result["domain_name"] = $this->domain_name;
-			$result["username"] = $this->username;
+			$result["ldap"]["plugin"] = "ldap";
+			$result["ldap"]["domain_name"] = $this->domain_name;
+			$result["ldap"]["username"] = $this->username;
 			if ($this->debug) {
-				$result["password"] = $this->password;
+				$result["ldap"]["password"] = $this->password;
 			}
-			$result["user_uuid"] = $this->user_uuid;
-			$result["domain_uuid"] = $this->domain_uuid;
-			$result["authorized"] = $user_authorized ? 'true' : 'false';
+			$result["ldap"]["user_uuid"] = $this->user_uuid;
+			$result["ldap"]["domain_uuid"] = $this->domain_uuid;
+			$result["ldap"]["authorized"] = $user_authorized ? true : false;
 			return $result;
 	}
 }

core/authentication/resources/classes/plugins/totp.php

@@ -0,0 +1,266 @@
+<?php
+
+/**
+ * plugin_totp
+ *
+ * @method totp time based one time password authenticate the user
+ */
+class plugin_totp {
+
+	/**
+	 * Define variables and their scope
+	 */
+	public $debug;
+	public $domain_name;
+	public $username;
+	public $password;
+	public $user_uuid;
+	public $user_email;
+	public $contact_uuid;
+	private $user_totp_secret;
+
+	/**
+	 * time based one time password aka totp
+	 * @return array [authorized] => true or false
+	 */
+	function totp() {
+
+		//request the username
+			if (!isset($_POST['username']) && !isset($_POST['authentication_code'])) {
+
+				//set a default template
+				$_SESSION['domain']['template']['name'] = 'default';
+				$_SESSION['theme']['menu_brand_image']['text'] = PROJECT_PATH.'/themes/default/images/logo.png';
+				$_SESSION['theme']['menu_brand_type']['text'] = 'image';
+
+				//get the domain
+				$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
+				$domain_name = $domain_array[0];
+
+				//temp directory
+				$_SESSION['server']['temp']['dir'] = '/tmp';
+
+				//create token
+				//$object = new token;
+				//$token = $object->create('login');
+
+				//add multi-lingual support
+				$language = new text;
+				$text = $language->get(null, '/core/authentication');
+
+				//initialize a template object
+				$view = new template();
+				$view->engine = 'smarty';
+				$view->template_dir = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/core/authentication/resources/views/';
+				$view->cache_dir = $_SESSION['server']['temp']['dir'];
+				$view->init();
+
+				//assign default values to the template
+				$view->assign("login_title", $text['label-username']);
+				$view->assign("login_username", $text['label-username']);
+				$view->assign("login_logo_width", $login_logo_width);
+				$view->assign("login_logo_height", $login_logo_height);
+				$view->assign("login_logo_source", $login_logo_source);
+				$view->assign("button_login", $text['button-login']);
+					
+				//show the views
+				$content = $view->render('username.htm');
+				echo $content;
+				exit;
+			}
+
+		//show the authentication code view
+			if (!isset($_POST['authentication_code'])) {
+
+				//get the username
+				if (!isset($this->username) && isset($_REQUEST['username'])) {
+					$this->username = $_REQUEST['username'];
+				}
+
+				//get the user details
+				$sql = "select user_uuid, username, user_email, contact_uuid, user_totp_secret\n";
+				$sql .= "from v_users\n";
+				$sql .= "where username = :username\n";
+				if ($_SESSION["users"]["unique"]["text"] != "global") {
+					//unique username per domain (not globally unique across system - example: email address)
+					$sql .= "and domain_uuid = :domain_uuid ";
+					$parameters['domain_uuid'] = $this->domain_uuid;
+				}
+				$parameters['username'] = $this->username;
+				$database = new database;
+				$row = $database->select($sql, $parameters, 'row');
+				unset($parameters);
+
+				//set class variables
+				$this->user_uuid = $row['user_uuid'];
+				$this->user_email = $row['user_email'];
+				$this->contact_uuid = $row['contact_uuid'];
+				$this->user_totp_secret = $row['user_totp_secret'];
+
+				//set a few session variables
+				$_SESSION["user_uuid"] = $row['user_uuid'];
+				$_SESSION["username"] = $row['username'];
+				$_SESSION["user_email"] = $row['user_email'];
+				$_SESSION["contact_uuid"] = $row["contact_uuid"];
+
+				//set a default template
+				$_SESSION['domain']['template']['name'] = 'default';
+				$_SESSION['theme']['menu_brand_image']['text'] = PROJECT_PATH.'/themes/default/images/logo.png';
+				$_SESSION['theme']['menu_brand_type']['text'] = 'image';
+
+				//get the domain
+				$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
+				$domain_name = $domain_array[0];
+
+				//temp directory
+				$_SESSION['server']['temp']['dir'] = '/tmp';
+
+				//create token
+				//$object = new token;
+				//$token = $object->create('login');
+
+				//add multi-lingual support
+				$language = new text;
+				$text = $language->get(null, '/core/authentication');
+
+				//initialize a template object
+				$view = new template();
+				$view->engine = 'smarty';
+				$view->template_dir = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/core/authentication/resources/views/';
+				$view->cache_dir = $_SESSION['server']['temp']['dir'];
+				$view->init();
+
+				//assign default values to the template
+				$view->assign("login_title", $text['label-verify']);
+				$view->assign("login_authentication_code", $text['label-authentication_code']);
+				$view->assign("login_logo_width", $login_logo_width);
+				$view->assign("login_logo_height", $login_logo_height);
+				$view->assign("login_logo_source", $login_logo_source);
+				$view->assign("button_verify", $text['label-verify']);
+
+				//show the views
+				$content = $view->render('totp.htm');
+				echo $content;
+				exit;
+			}
+
+		//if authorized then verify
+			if (isset($_POST['authentication_code'])) {
+
+				//get the user details
+				$sql = "select user_uuid, user_email, contact_uuid, user_totp_secret\n";
+				$sql .= "from v_users\n";
+				$sql .= "where username = :username\n";
+				if ($_SESSION["users"]["unique"]["text"] != "global") {
+					//unique username per domain (not globally unique across system - example: email address)
+					$sql .= "and domain_uuid = :domain_uuid ";
+					$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
+				}
+				$parameters['username'] = $_SESSION["username"];
+				$database = new database;
+				$row = $database->select($sql, $parameters, 'row');
+				$this->user_uuid = $row['user_uuid'];
+				$this->user_email = $row['user_email'];
+				$this->contact_uuid = $row['contact_uuid'];
+				$this->user_totp_secret = $row['user_totp_secret'];
+				unset($parameters);
+
+				//include the google authenticator
+				include_once "resources/google_authenticator/GoogleAuthenticatorInterface.php";
+				include_once "resources/google_authenticator/FixedBitNotation.php";
+				include_once "resources/google_authenticator/GoogleAuthenticator.php";
+
+				//create the authenticator object
+				$totp = new \Sonata\GoogleAuthenticator\GoogleAuthenticator();
+
+				//validate the code
+				if ($totp->checkCode($this->user_totp_secret, $_POST['authentication_code'])) {
+					$auth_valid = true;
+				}
+				else {
+					$auth_valid = false;
+				}
+
+				//get the user details
+				if ($auth_valid) {
+					//get user data from the database
+					$sql = "select user_uuid, username, user_email, contact_uuid from v_users ";
+					$sql .= "where user_uuid = :user_uuid ";
+					if ($_SESSION["users"]["unique"]["text"] != "global") {
+						//unique username per domain (not globally unique across system - example: email address)
+						$sql .= "and domain_uuid = :domain_uuid ";
+						$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
+					}
+					$parameters['user_uuid'] = $_SESSION["user_uuid"];
+					$database = new database;
+					$row = $database->select($sql, $parameters, 'row');
+					//view_array($row);
+					unset($parameters);
+				}
+				else {
+					//destroy session
+					session_unset();
+					session_destroy();
+					//$_SESSION['authentication']['plugin']
+					//send http 403
+					header('HTTP/1.0 403 Forbidden', true, 403);
+
+					//redirect to the root of the website
+					header("Location: ".PROJECT_PATH."/");
+
+					//exit the code
+					exit();
+				}
+
+				/*
+				//check if user successfully logged in during the interval
+					//$sql = "select user_log_uuid, timestamp, user_name, user_agent, remote_address ";
+					$sql = "select count(*) as count ";
+					$sql .= "from v_user_logs ";
+					$sql .= "where domain_uuid = :domain_uuid ";
+					$sql .= "and user_uuid = :user_uuid ";
+					$sql .= "and user_agent = :user_agent ";
+					$sql .= "and type = 'login' ";
+					$sql .= "and result = 'success' ";
+					$sql .= "and floor(extract(epoch from now()) - extract(epoch from timestamp)) > 3 ";
+					$sql .= "and floor(extract(epoch from now()) - extract(epoch from timestamp)) < 300 ";
+					$parameters['domain_uuid'] = $this->domain_uuid;
+					$parameters['user_uuid'] = $this->user_uuid;
+					$parameters['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
+					$database = new database;
+					$user_log_count = $database->select($sql, $parameters, 'all');
+					//view_array($user_log_count);
+					unset($sql, $parameters);
+				*/
+
+				//build the result array
+				$result["plugin"] = "totp";
+				$result["domain_name"] = $_SESSION["domain_name"];
+				$result["username"] = $_SESSION["username"];
+				$result["user_uuid"] = $_SESSION["user_uuid"];
+				$result["domain_uuid"] = $_SESSION["domain_uuid"];
+				$result["contact_uuid"] = $_SESSION["contact_uuid"];
+				$result["authorized"] = $auth_valid ? true : false;
+
+				//add the failed login to user logs
+				if (!$auth_valid) {
+					user_logs::add($result);
+				}
+
+				//retun the array
+				return $result;
+
+
+				//$_SESSION['authentication']['plugin']['totp']['plugin'] = "totp";
+				//$_SESSION['authentication']['plugin']['totp']['domain_name'] = $_SESSION["domain_name"];
+				//$_SESSION['authentication']['plugin']['totp']['username'] = $row['username'];
+				//$_SESSION['authentication']['plugin']['totp']['user_uuid'] = $_SESSION["user_uuid"];
+				//$_SESSION['authentication']['plugin']['totp']['contact_uuid'] = $_SESSION["contact_uuid"];
+				//$_SESSION['authentication']['plugin']['totp']['domain_uuid'] =  $_SESSION["domain_uuid"];
+				//$_SESSION['authentication']['plugin']['totp']['authorized'] = $auth_valid ? true : false;
+			}
+
+	}
+}
+
+?>

core/authentication/resources/views/email.htm

@@ -0,0 +1,36 @@
+<!DOCTYPE html>
+<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
+<head>
+<meta charset='utf-8'>
+<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
+<meta http-equiv='X-UA-Compatible' content='IE=edge'>
+<meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no' />
+<link rel='stylesheet' type='text/css' href='{$project_path}/themes/default/css.php'>
+<title>{$login_title}</title>
+<body>
+	<div id='page' align='center'>
+		<div id='default_login'>
+			<!--
+			<a href='{$project_path}/'><img id='login_logo' style='width: {$login_logo_width}; height: {$login_logo_height};' src='{$login_logo_source}'/></a><br />
+			-->
+			<form method='post' name='frm' action=''>
+				<div>
+					{$login_email_description}
+					<br /><br />
+					<input class='formfld' type='text' name='authentication_code' maxlength='255' placeholder="{$login_authentication_code}" value="{$authentication_code}">
+					<br /><br />
+				</div>
+				<div>
+					<input type='hidden' name='{$token_name}' value='{$token_hash}'>
+					<input type='submit' name='' class='btn' value='{$button_verify}'>
+				</div>
+			</form>
+		</div>
+	</div>
+	<!--
+	<div id='footer_login'>
+		<span class='footer'>{$settings.theme.footer}</span>
+	</div>
+	-->
+</body>
+</html>

core/authentication/resources/views/login.htm

@@ -0,0 +1,32 @@
+<!DOCTYPE html>
+<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
+<head>
+<meta charset='utf-8'>
+<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
+<meta http-equiv='X-UA-Compatible' content='IE=edge'>
+<meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no' />
+<link rel='stylesheet' type='text/css' href='{$project_path}/themes/default/css.php'>
+<title>{$login_title}</title>
+<body>
+	<div id='page' align='center'>
+		<div id='default_login'>
+			<a href='{$project_path}/'><img id='login_logo' style='width: {$login_logo_width}; height: {$login_logo_height};' src='{$login_logo_source}'></a><br />
+			<form method='post' name='frm' action='{$login_destination_url}'>
+				<div>
+					<input type='text' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 8px;' name='username' id='username' placeholder="{$label_username}"><br />
+					<input type='password' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 8px;' name='password' placeholder="{$label_password}"><br />
+				</div>
+				<div>
+					<!--<input type='hidden' name='{$token_name}' value='{$token_hash}'>-->
+					<input type='submit' id='btn_login' class='btn' style='width: 100px; margin-top: 15px;' value='{$button_login}'>
+				</div>
+			</form>
+		</div>
+	</div>
+	<!--
+	<div id='footer_login'>
+		<span class='footer'>{$settings.theme.footer}</span>
+	</div>
+	-->
+</body>
+</html>

core/authentication/resources/views/totp.htm

@@ -0,0 +1,44 @@
+<!DOCTYPE html>
+<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
+<head>
+<meta charset='utf-8'>
+<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
+<meta http-equiv='X-UA-Compatible' content='IE=edge'>
+<meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no' />
+<link rel='stylesheet' type='text/css' href='{$project_path}/themes/default/css.php'>
+<title>{$login_title}</title>
+<body>
+	<!--
+	<div class='action_bar' id='action_bar'>
+		<div class='heading'><b>{$title_authentication_code}</b></div>
+		<div class='actions'>\n";
+		</div>
+		<div style='clear: both;'></div>
+	</div>
+	-->
+	<div id='page' align='center'>
+		<div id='default_login'>
+			<a href='{$project_path}/'><img id='login_logo' style='width: {$login_logo_width}; height: {$login_logo_height};' src='{$login_logo_source}'/></a><br />
+			<form method='post' name='frm' action=''>
+				<div>
+					<input class='formfld' type='text' name='authentication_code' maxlength='255' placeholder="{$login_authentication_code}" value="{$authentication_code}">
+					<br /><br />
+					<!--
+					{$description_authentication_code}
+					<br /><br />
+					-->
+				</div>
+				<div>
+					<input type='hidden' name='{$token_name}' value='{$token_hash}'>
+					<input type='submit' name='' class='btn' value='{$button_verify}'>
+				</div>
+			</form>
+		</div>
+	</div>
+	<!--
+	<div id='footer_login'>
+		<span class='footer'>{$settings.theme.footer}</span>
+	</div>
+	-->
+</body>
+</html>

core/authentication/resources/views/username.htm

@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
+<head>
+<meta charset='utf-8'>
+<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
+<meta http-equiv='X-UA-Compatible' content='IE=edge'>
+<meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no' />
+<link rel='stylesheet' type='text/css' href='{$project_path}/themes/default/css.php'>
+<title>{$login_title}</title>
+<body>
+	<div id='page' align='center'>
+		<div id='default_login'>
+			<a href='{$project_path}/'><img id='login_logo' style='width: {$login_logo_width}; height: {$login_logo_height};' src='{$login_logo_source}'></a><br />
+			<form method='post' name='frm' action='{$login_destination_url}'>
+				<div>
+					<input type='text' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 8px;' name='username' id='username' placeholder="{$login_username}"><br />
+				</div>
+				<div>
+					<input type='hidden' name='{$token_name}' value='{$token_hash}'>
+					<input type='submit' id='btn_login' class='btn' style='width: 100px; margin-top: 15px;' value='{$button_login}'>
+				</div>
+			</form>
+		</div>
+	</div>
+	<!--
+	<div id='footer_login'>
+		<span class='footer'>{$settings.theme.footer}</span>
+	</div>
+	-->
+</body>
+</html>

logout.php

@@ -101,7 +101,7 @@
 	}
 
 //redirect the user to the index page
-	header("Location: ".PROJECT_PATH."/login.php");
+	header("Location: ".PROJECT_PATH."/");
 	exit;
 
 ?>

resources/check_auth.php

@@ -42,15 +42,8 @@
 //define variables
 	if (!isset($_SESSION['template_content'])) { $_SESSION["template_content"] = null; }
 
-//if the username is not provided then send to login.php
-	if (strlen($_SESSION['username']) == 0 && strlen($_REQUEST["username"]) == 0 && strlen($_REQUEST["key"]) == 0) {
-		$target_path = ($_REQUEST["path"] != '') ? $_REQUEST["path"] : $_SERVER["REQUEST_URI"];
-		header("Location: ".PROJECT_PATH."/login.php?path=".urlencode($target_path));
-		exit;
-	}
-
-//if the username session is not set the check username and password
-	if (strlen($_SESSION['username']) == 0) {
+//if the session is not authorized then verify the identity
+	if (!isset($_SESSION['authorized']) && !$_SESSION['authorized']) {
 
 		//clear the menu
 			unset($_SESSION["menu"]);
@@ -62,82 +55,13 @@
 
 		//validate the username and password
 			$auth = new authentication;
-			if (isset($_REQUEST["username"]) && isset($_REQUEST["password"])) {
-				$auth->username = $_REQUEST["username"];
-				$auth->password = $_REQUEST["password"];
-			}
-			if (isset($_REQUEST["key"])) {
-				$auth->key = $_REQUEST["key"];
-			}
-			$auth->debug = false;
+			$auth->debug = true;
 			$result = $auth->validate();
-			if ($result["authorized"] === "true") {
-
-				//get the user settings
-					$sql = "select * from v_user_settings ";
-					$sql .= "where domain_uuid = :domain_uuid ";
-					$sql .= "and user_uuid = :user_uuid ";
-					$sql .= "and user_setting_enabled = 'true' ";
-					$parameters['domain_uuid'] = $result["domain_uuid"];
-					$parameters['user_uuid'] = $result["user_uuid"];
-					$database = new database;
-					$user_settings = $database->select($sql, $parameters, 'all');
-					unset($sql, $parameters);
 
-				//build the user cidr array
-					if (is_array($user_settings) && @sizeof($user_settings) != 0) {
-						foreach ($user_settings as $row) {
-							if ($row['user_setting_category'] == "domain" && $row['user_setting_subcategory'] == "cidr" && $row['user_setting_name'] == "array") {
-								$cidr_array[] = $row['user_setting_value'];
-							}
-						}
-					}
-
-				//check to see if user address is in the cidr array
-					if (isset($cidr_array) && !defined('STDIN')) {
-						$found = false;
-						foreach($cidr_array as $cidr) {
-							if (check_cidr($cidr, $_SERVER['REMOTE_ADDR'])) {
-								$found = true;
-								break;
-							}
-						}
-						if (!$found) {
-							//destroy session
-							session_unset();
-							session_destroy();
-
-							//send http 403
-							header('HTTP/1.0 403 Forbidden', true, 403);
-
-							//redirect to the root of the website
-							header("Location: ".PROJECT_PATH."/login.php");
-
-							//exit the code
-							exit();
-						}
-					}
+		//if not authorized
+			if (!$_SESSION['authorized']) {
 
-				//set the session variables
-					$_SESSION["domain_uuid"] = $result["domain_uuid"];
-					//$_SESSION["domain_name"] = $result["domain_name"];
-					$_SESSION["user_uuid"] = $result["user_uuid"];
-					$_SESSION["context"] = $result['domain_name'];
-
-				//user session array
-					$_SESSION["user"]["domain_uuid"] = $result["domain_uuid"];
-					$_SESSION["user"]["domain_name"] = $result["domain_name"];
-					$_SESSION["user"]["user_uuid"] = $result["user_uuid"];
-					$_SESSION["user"]["username"] = $result["username"];
-					$_SESSION["user"]["contact_uuid"] = $result["contact_uuid"];
-			}
-			else {
-				//debug
-					if ($debug) {
-						view_array($result);
-					}
-
-				//log the failed auth attempt to the system, to be available for fail2ban.
+				//log the failed auth attempt to the system to the syslog server
 					openlog('FusionPBX', LOG_NDELAY, LOG_AUTH);
 					syslog(LOG_WARNING, '['.$_SERVER['REMOTE_ADDR']."] authentication failed for ".$result["username"]);
 					closelog();
@@ -145,157 +69,10 @@
 				//redirect the user to the login page
 					$target_path = ($_REQUEST["path"] != '') ? $_REQUEST["path"] : $_SERVER["PHP_SELF"];
 					message::add($text['message-invalid_credentials'], 'negative');
-					header("Location: ".PROJECT_PATH."/login.php?path=".urlencode($target_path));
+					header("Location: ".PROJECT_PATH."/?path=".urlencode($target_path));
 					exit;
 			}
 
-		//get the groups assigned to the user and then set the groups in $_SESSION["groups"]
-			$sql = "select ";
-			$sql .= "u.user_group_uuid, ";
-			$sql .= "u.domain_uuid, ";
-			$sql .= "u.user_uuid, ";
-			$sql .= "u.group_uuid, ";
-			$sql .= "g.group_name, ";
-			$sql .= "g.group_level ";
-			$sql .= "from ";
-			$sql .= "v_user_groups as u, ";
-			$sql .= "v_groups as g ";
-			$sql .= "where u.domain_uuid = :domain_uuid ";
-			$sql .= "and u.user_uuid = :user_uuid ";
-			$sql .= "and u.group_uuid = g.group_uuid ";
-			$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
-			$parameters['user_uuid'] = $_SESSION["user_uuid"];
-			$database = new database;
-			$result = $database->select($sql, $parameters, 'all');
-			$_SESSION["groups"] = $result;
-			$_SESSION["user"]["groups"] = $result;
-			unset($sql, $parameters);
-
-		//get the users group level
-			$_SESSION["user"]["group_level"] = 0;
-			foreach ($_SESSION['user']['groups'] as $row) {
-				if ($_SESSION["user"]["group_level"] < $row['group_level']) {
-					$_SESSION["user"]["group_level"] = $row['group_level'];
-				}
-			}
-
-		//get the permissions assigned to the groups that the user is a member of set the permissions in $_SESSION['permissions']
-			if (is_array($_SESSION["groups"]) && @sizeof($_SESSION["groups"]) != 0) {
-				$x = 0;
-				$sql = "select distinct(permission_name) from v_group_permissions ";
-				$sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";
-				foreach ($_SESSION["groups"] as $field) {
-					if (strlen($field['group_name']) > 0) {
-						$sql_where_or[] = "group_name = :group_name_".$x;
-						$parameters['group_name_'.$x] = $field['group_name'];
-						$x++;
-					}
-				}
-				if (is_array($sql_where_or) && @sizeof($sql_where_or) != 0) {
-					$sql .= "and (".implode(' or ', $sql_where_or).") ";
-				}
-				$sql .= "and permission_assigned = 'true' ";
-				$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
-				$database = new database;
-				$result = $database->select($sql, $parameters, 'all');
-				if (is_array($result) && @sizeof($result) != 0) {
-					foreach ($result as $row) {
-						$_SESSION['permissions'][$row["permission_name"]] = true;
-						$_SESSION["user"]["permissions"][$row["permission_name"]] = true;
-					}
-				}
-				unset($sql, $parameters, $result, $row);
-			}
-
-		//get the domains
-			if (file_exists($_SERVER["PROJECT_ROOT"]."/app/domains/app_config.php") && !is_cli()){
-				require_once "app/domains/resources/domains.php";
-			}
-
-		//get the user settings
-			if (is_array($user_settings) && @sizeof($user_settings) != 0) {
-				foreach ($user_settings as $row) {
-					$name = $row['user_setting_name'];
-					$category = $row['user_setting_category'];
-					$subcategory = $row['user_setting_subcategory'];
-					if (strlen($row['user_setting_value']) > 0) {
-						if (strlen($subcategory) == 0) {
-							//$$category[$name] = $row['domain_setting_value'];
-							if ($name == "array") {
-								$_SESSION[$category][] = $row['user_setting_value'];
-							}
-							else {
-								$_SESSION[$category][$name] = $row['user_setting_value'];
-							}
-						}
-						else {
-							//$$category[$subcategory][$name] = $row['domain_setting_value'];
-							if ($name == "array") {
-								$_SESSION[$category][$subcategory][] = $row['user_setting_value'];
-							}
-							else {
-								$_SESSION[$category][$subcategory][$name] = $row['user_setting_value'];
-							}
-						}
-					}
-				}
-			}
-			unset($user_settings);
-
-		//get the extensions that are assigned to this user
-			if (file_exists($_SERVER["PROJECT_ROOT"]."/app/extensions/app_config.php")) {
-				if (isset($_SESSION["user"]) && is_uuid($_SESSION["user_uuid"]) && is_uuid($_SESSION["domain_uuid"]) && !isset($_SESSION['user']['extension'])) {
-						//get the user extension list
-						$_SESSION['user']['extension'] = null;
-						$sql = "select ";
-						$sql .= "e.extension_uuid, ";
-						$sql .= "e.extension, ";
-						$sql .= "e.number_alias, ";
-						$sql .= "e.user_context, ";
-						$sql .= "e.outbound_caller_id_name, ";
-						$sql .= "e.outbound_caller_id_number, ";
-						$sql .= "e.description ";
-						$sql .= "from ";
-						$sql .= "v_extension_users as u, ";
-						$sql .= "v_extensions as e ";
-						$sql .= "where ";
-						$sql .= "e.domain_uuid = :domain_uuid ";
-						$sql .= "and e.extension_uuid = u.extension_uuid ";
-						$sql .= "and u.user_uuid = :user_uuid ";
-						$sql .= "and e.enabled = 'true' ";
-						$sql .= "order by ";
-						$sql .= "e.extension asc ";
-						$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
-						$parameters['user_uuid'] = $_SESSION['user_uuid'];
-						$database = new database;
-						$result = $database->select($sql, $parameters, 'all');
-						if (is_array($result) && @sizeof($result) != 0) {
-							foreach($result as $x => $row) {
-								//set the destination
-								$destination = $row['extension'];
-								if (strlen($row['number_alias']) > 0) {
-									$destination = $row['number_alias'];
-								}
-
-								//build the user array
-								$_SESSION['user']['extension'][$x]['user'] = $row['extension'];
-								$_SESSION['user']['extension'][$x]['number_alias'] = $row['number_alias'];
-								$_SESSION['user']['extension'][$x]['destination'] = $destination;
-								$_SESSION['user']['extension'][$x]['extension_uuid'] = $row['extension_uuid'];
-								$_SESSION['user']['extension'][$x]['outbound_caller_id_name'] = $row['outbound_caller_id_name'];
-								$_SESSION['user']['extension'][$x]['outbound_caller_id_number'] = $row['outbound_caller_id_number'];
-								$_SESSION['user']['extension'][$x]['user_context'] = $row['user_context'];
-								$_SESSION['user']['extension'][$x]['description'] = $row['description'];
-
-								//set the context
-								$_SESSION['user']['user_context'] = $row["user_context"];
-								$_SESSION['user_context'] = $row["user_context"];
-							}
-						}
-						unset($sql, $parameters, $result, $row);
-				}
-			}
-
 		//if logged in, redirect to login destination
 			if (!isset($_REQUEST["key"])) {
 				if (isset($_SESSION['redirect_path'])) {
@@ -308,9 +85,10 @@
 					}
 					header("Location: ".$redirect_path);
 				}
-				elseif (isset($_SESSION['login']['destination']['text'])) {
-					header("Location: ".$_SESSION['login']['destination']['text']);
-				} elseif (file_exists($_SERVER["PROJECT_ROOT"]."/core/dashboard/app_config.php")) {
+				elseif (isset($_SESSION['login']['destination']['url'])) {
+					header("Location: ".$_SESSION['login']['destination']['url']);
+				}
+				elseif (file_exists($_SERVER["PROJECT_ROOT"]."/core/dashboard/app_config.php")) {
 					header("Location: ".PROJECT_PATH."/core/dashboard/");
 				}
 				else {
@@ -321,15 +99,4 @@
 
 	}
 
-//set the time zone
-	if (!isset($_SESSION["time_zone"]["user"])) { $_SESSION["time_zone"]["user"] = null; }
-	if (strlen($_SESSION["time_zone"]["user"]) == 0) {
-		//set the domain time zone as the default time zone
-		date_default_timezone_set($_SESSION['domain']['time_zone']['name']);
-	}
-	else {
-		//set the user defined time zone
-		date_default_timezone_set($_SESSION["time_zone"]["user"]);
-	}
-
 ?>