Home Explore Help
Sign In
fusionpbx
/
fusionpbx-framework
mirror of https://github.com/fusionpbx/fusionpbx-framework.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

[bug fix] get the domain from the username (#6691)

* [bug fix] get the domain from the username

When the URL domain doesn't match the user's domain

Authentication can use domain from the username.

username:
user@domain
FusionPBX 2 years ago
parent
89d57534b0
commit
abbca22e0a
2 changed files with 44 additions and 28 deletions
Split View Show Diff Stats
  1. 36 26
      core/authentication/resources/classes/authentication.php
  2. 8 2
      core/authentication/resources/classes/plugins/database.php

+ 36 - 26
core/authentication/resources/classes/authentication.php
View File 

@@ -1,7 +1,7 @@
 
 <?php
 
 
 /**
 
- * authentication 
+ * authentication
 
  *
 
  * @method validate uses authentication plugins to check if a user is authorized to login
 
  * @method get_domain used to get the domain name from the URL or username and then sets both domain_name and domain_uuid
 
@@ -409,14 +409,35 @@ class authentication {
 
 	/**
 
 	 *  get_domain used to get the domain name from the URL or username and then sets both domain_name and domain_uuid
 
 	 */
 
-	function get_domain() {
 
+	public static function get_domain() {
 
 
 		//get the domain from the url
 
-			$this->domain_name = $_SERVER["HTTP_HOST"];
 
+			$domain_name = $_SERVER["HTTP_HOST"];
 
+
 
+		//get the domain name from the http value
 
+			if (!empty($_REQUEST["domain_name"])) {
 
+				$domain_name = $_REQUEST["domain_name"];
 
+			}
 
+
 
+		//remote port number from the domain name
 
+			$domain_array = explode(":", $domain_name);
 
+			if (count($domain_array) > 1) {
 
+				$domain_name = $domain_array[0];
 
+			}
 
+
 
+		//if the username
 
+			if (!empty($_REQUEST["username"])) {
 
+				$_SESSION['username'] = $_REQUEST["username"];
 
+			}
 
+
 
+		//set a default value for unqiue
 
+			if (empty($_SESSION["users"]["unique"]["text"])) {
 
+				$_SESSION["users"]["unique"]["text"] = 'false';
 
+			}
 
 
 		//get the domain name from the username
 
-			if (isset($_SESSION["users"]["unique"]) && $_SESSION["users"]["unique"]["text"] != "global") {
 
-				$username_array = explode("@", $_REQUEST["username"] ?? '');
 
+			if (!empty($_SESSION['username']) && $_SESSION["users"]["unique"]["text"] != "global") {
 
+				$username_array = explode("@", $_SESSION['username']);
 
 				if (count($username_array) > 1) {
 
 					//get the domain name
 
 						$domain_name =  $username_array[count($username_array) -1];
 
@@ -425,7 +446,7 @@ class authentication {
 
 						$domain_exists = false;
 
 						foreach ($_SESSION['domains'] as $row) {
 
 							if (lower_case($row['domain_name']) == lower_case($domain_name)) {
 
-								$this->domain_uuid = $row['domain_uuid'];
 
+								$domain_uuid = $row['domain_uuid'];
 
 								$domain_exists = true;
 
 								break;
 
 							}
 
@@ -433,10 +454,10 @@ class authentication {
 
 
 					//if the domain exists then set domain_name and update the username
 
 						if ($domain_exists) {
 
-							$this->domain_name = $domain_name;
 
-							$this->username = substr($_REQUEST["username"], 0, -(strlen($domain_name)+1));
 
-							$_SESSION['username'] = $this->username;
 
-							$_SESSION['domain_uuid'] = $this->domain_uuid;
 
+							$username = substr($_SESSION['username'], 0, -(strlen($domain_name)+1));
 
+							$_SESSION['domain_name'] = $domain_name;
 
+							$_SESSION['username'] = $username;
 
+							$_SESSION['domain_uuid'] = $domain_uuid;
 
 						}
 
 
 					//unset the domain name variable
 
@@ -444,22 +465,11 @@ class authentication {
 
 				}
 
 			}
 
 
-		//get the domain name from the http value
 
-			if (!empty($_REQUEST["domain_name"] ?? '')) {
 
-				$this->domain_name = $_REQUEST["domain_name"];
 
-			}
 
-
 
-		//remote port number from the domain name
 
-			$domain_array = explode(":", $this->domain_name);
 
-			if (count($domain_array) > 1) {
 
-				$this->domain_name = $domain_array[0];
 
-			}
 
-
 
 		//get the domain uuid and domain settings
 
-			if (isset($this->domain_name) && !isset($this->domain_uuid)) {
 
+			if (isset($domain_name) && !isset($domain_uuid)) {
 
 				foreach ($_SESSION['domains'] as $row) {
 
-					if (lower_case($row['domain_name']) == lower_case($this->domain_name)) {
 
-						$this->domain_uuid = $row['domain_uuid'];
 
+					if (lower_case($row['domain_name']) == lower_case($domain_name)) {
 
+						$domain_uuid = $row['domain_uuid'];
 
 						$_SESSION['domain_uuid'] = $row['domain_uuid'];
 
 						break;
 
 					}
 
@@ -471,11 +481,11 @@ class authentication {
 
 			$obj->set();
 
 
 		//set the domain settings
 
-			$_SESSION['domain_name'] = $this->domain_name;
 
+			$_SESSION['domain_name'] = $domain_name;
 
 			$_SESSION['domain_parent_uuid'] = $_SESSION["domain_uuid"];
 
 
 		//set the domain name
 
-			return $this->domain_name;
 
+			return $domain_name;
 
 	}
 
 }

+ 8 - 2
core/authentication/resources/classes/plugins/database.php
View File 

@@ -3,8 +3,7 @@
 
 /**
 
  * plugin_database
 
  *
 
- * @method validate uses authentication plugins to check if a user is authorized to login
 
- * @method get_domain used to get the domain name from the URL or username and then sets both domain_name and domain_uuid
 
+ * @method plugin_database validates the authentication using information from the database
 
  */
 
 class plugin_database {
 
 
@@ -138,6 +137,13 @@ class plugin_database {
 
 				$this->key = $_REQUEST["key"];
 
 			}
 
 
+		//get the domain name
 
+			$auth = new authentication;
 
+			$auth->get_domain();
 
+			$this->domain_uuid = $_SESSION['domain_uuid'];
 
+			$this->domain_name = $_SESSION['domain_name'];
 
+			$this->username = $_SESSION['username'];
 
+
 
 		//set the default status
 
 			$user_authorized = false;