首页 发现 帮助
登录
fusionpbx
/
fusionpbx-framework
镜像自地址 https://github.com/fusionpbx/fusionpbx-framework.git
2
0
派生 0
文件 工单管理 0 Wiki
目录树: 9cf350f333
分支列表 标签列表
fusionpbx-frame...
/
core
/
authentication
/
resources
/
classes
/
plugins
/
database.php

database.php 12 KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359 
  1. <?php
    2. 

  2. /*
    3. 

  3. 	FusionPBX
    4. 

  4. 	Version: MPL 1.1
    5. 

  5. 

  6. 	The contents of this file are subject to the Mozilla Public License Version
    7. 

  7. 	1.1 (the "License"); you may not use this file except in compliance with
    8. 

  8. 	the License. You may obtain a copy of the License at
    9. 

  9. 	http://www.mozilla.org/MPL/
    10. 

  10. 

  11. 	Software distributed under the License is distributed on an "AS IS" basis,
    12. 

  12. 	WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
    13. 

  13. 	for the specific language governing rights and limitations under the
    14. 

  14. 	License.
    15. 

  15. 

  16. 	The Original Code is FusionPBX
    17. 

  17. 

  18. 	The Initial Developer of the Original Code is
    19. 

  19. 	Mark J Crane <[email protected]>
    20. 

  20. 	Portions created by the Initial Developer are Copyright (C) 2008-2024
    21. 

  21. 	the Initial Developer. All Rights Reserved.
    22. 

  22. 

  23. 	Contributor(s):
    24. 

  24. 	Mark J Crane <[email protected]>
    25. 

  25. */
    26. 

  26. 

  27. /**
    28. 

  28.  * plugin_database
    29. 

  29.  *
    30. 

  30.  * @method plugin_database validates the authentication using information from the database
    31. 

  31.  */
    32. 

  32. class plugin_database {
    33. 

  33. 

  34. 	/**
    35. 

  35. 	 * Define variables and their scope
    36. 

  36. 	 */
    37. 

  37. 	public $domain_name;
    38. 

  38. 	public $domain_uuid;
    39. 

  39. 	public $user_uuid;
    40. 

  40. 	public $contact_uuid;
    41. 

  41. 	public $contact_organization;
    42. 

  42. 	public $contact_name_given;
    43. 

  43. 	public $contact_name_family;
    44. 

  44. 	public $contact_image;
    45. 

  45. 	public $username;
    46. 

  46. 	public $password;
    47. 

  47. 	public $key;
    48. 

  48. 	public $debug;
    49. 

  49. 	public $user_email;
    50. 

  50. 

  51. 	/**
    52. 

  52. 	 * database checks the local database to authenticate the user or key
    53. 

  53. 	 * @return array [authorized] => true or false
    54. 

  54. 	 */
    55. 

  55. 	function database(authentication $auth, settings $settings) {
    56. 

  56. 

  57. 		//pre-process some settings
    58. 

  58. 			$theme_favicon = $settings->get('theme', 'favicon', PROJECT_PATH.'/themes/default/favicon.ico');
    59. 

  59. 			$theme_logo = $settings->get('theme', 'logo', PROJECT_PATH.'/themes/default/images/logo_login.png');
    60. 

  60. 			$theme_login_logo_width = $settings->get('theme', 'login_logo_width', 'auto; max-width: 300px');
    61. 

  61. 			$theme_login_logo_height = $settings->get('theme', 'login_logo_height', 'auto; max-height: 300px');
    62. 

  62. 			$theme_message_delay = 1000 * (float)$settings->get('theme', 'message_delay', 3000);
    63. 

  63. 			$background_videos = $settings->get('theme', 'background_video', null);
    64. 

  64. 			$theme_background_video = (isset($background_videos) && is_array($background_videos)) ? $background_videos[0] : null;
    65. 

  65. 			$login_domain_name_visible = $settings->get('login', 'domain_name_visible');
    66. 

  66. 			$login_domain_name = $settings->get('login', 'domain_name');
    67. 

  67. 			$login_destination = $settings->get('login', 'destination');
    68. 

  68. 			$users_unique = $settings->get('users', 'unique', '');
    69. 

  69. 

  70. 		//check if already authorized
    71. 

  71. 			if (isset($_SESSION['authentication']['plugin']['database']) && $_SESSION['authentication']['plugin']['database']["authorized"]) {
    72. 

  72. 				return;
    73. 

  73. 			}
    74. 

  74. 

  75. 		//show the authentication code view
    76. 

  76. 			if (empty($_REQUEST["username"]) && empty($_REQUEST["key"])) {
    77. 

  77. 

  78. 				//get the domain
    79. 

  79. 					$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
    80. 

  80. 					$domain_name = $domain_array[0];
    81. 

  81. 

  82. 				//create token
    83. 

  83. 					//$object = new token;
    84. 

  84. 					//$token = $object->create('login');
    85. 

  85. 

  86. 				//add multi-lingual support
    87. 

  87. 					$language = new text;
    88. 

  88. 					$text = $language->get(null, '/core/authentication');
    89. 

  89. 

  90. 				//initialize a template object
    91. 

  91. 					$view = new template();
    92. 

  92. 					$view->engine = 'smarty';
    93. 

  93. 					$view->template_dir = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/core/authentication/resources/views/';
    94. 

  94. 					$view->cache_dir = sys_get_temp_dir();
    95. 

  95. 					$view->init();
    96. 

  96. 

  97. 				//add translations
    98. 

  98. 					$view->assign("login_title", $text['button-login']);
    99. 

  99. 					$view->assign("label_username", $text['label-username']);
    100. 

  100. 					$view->assign("label_password", $text['label-password']);
    101. 

  101. 					$view->assign("label_domain", $text['label-domain']);
    102. 

  102. 					$view->assign("button_login", $text['button-login']);
    103. 

  103. 

  104. 				//assign default values to the template
    105. 

  105. 					$view->assign("project_path", PROJECT_PATH);
    106. 

  106. 					$view->assign("login_destination_url", $login_destination);
    107. 

  107. 					$view->assign("login_domain_name_visible", $login_domain_name_visible);
    108. 

  108. 					$view->assign("login_domain_names", $login_domain_name);
    109. 

  109. 					$view->assign("favicon", $theme_favicon);
    110. 

  110. 					$view->assign("login_logo_width", $theme_login_logo_width);
    111. 

  111. 					$view->assign("login_logo_height", $theme_login_logo_height);
    112. 

  112. 					$view->assign("login_logo_source", $theme_logo);
    113. 

  113. 					$view->assign("message_delay", $theme_message_delay);
    114. 

  114. 					$view->assign("background_video", $theme_background_video);
    115. 

  115. 					if (!empty($_SESSION['username'])) {
    116. 

  116. 						$view->assign("login_password_description", $text['label-password_description']);
    117. 

  117. 						$view->assign("username", $_SESSION['username']);
    118. 

  118. 						$view->assign("button_cancel", $text['button-cancel']);
    119. 

  119. 					}
    120. 

  120. 

  121. 				//messages
    122. 

  122. 					$view->assign('messages', message::html(true, '		'));
    123. 

  123. 

  124. 				//add the token name and hash to the view
    125. 

  125. 					//$view->assign("token_name", $token['name']);
    126. 

  126. 					//$view->assign("token_hash", $token['hash']);
    127. 

  127. 

  128. 				//show the views
    129. 

  129. 					$content = $view->render('login.htm');
    130. 

  130. 					echo $content;
    131. 

  131. 					exit;
    132. 

  132. 			}
    133. 

  133. 

  134. 		//validate the token
    135. 

  135. 			//$token = new token;
    136. 

  136. 			//if (!$token->validate($_SERVER['PHP_SELF'])) {
    137. 

  137. 			//	message::add($text['message-invalid_token'],'negative');
    138. 

  138. 			//	header('Location: domains.php');
    139. 

  139. 			//	exit;
    140. 

  140. 			//}
    141. 

  141. 

  142. 		//add the authentication details
    143. 

  143. 			if (isset($_REQUEST["username"])) {
    144. 

  144. 				$this->username = $_REQUEST["username"];
    145. 

  145. 				$_SESSION['username'] = $this->username;
    146. 

  146. 			}
    147. 

  147. 			if (isset($_REQUEST["password"])) {
    148. 

  148. 				$this->password = $_REQUEST["password"];
    149. 

  149. 			}
    150. 

  150. 			if (isset($_REQUEST["key"])) {
    151. 

  151. 				$this->key = $_REQUEST["key"];
    152. 

  152. 			}
    153. 

  153. 			if (isset($_REQUEST["domain_name"])) {
    154. 

  154. 				$domain_name = $_REQUEST["domain_name"];
    155. 

  155. 				$this->domain_name = $_REQUEST["domain_name"];
    156. 

  156. 			}
    157. 

  157. 

  158. 		//get the domain name
    159. 

  159. 			$auth->get_domain();
    160. 

  160. 			$this->username = $_SESSION['username'] ?? null;
    161. 

  161. 			//$this->domain_uuid = $_SESSION['domain_uuid'] ?? null;
    162. 

  162. 			//$this->domain_name = $_SESSION['domain_name'] ?? null;
    163. 

  163. 

  164. 		//debug information
    165. 

  165. 			//echo "domain_uuid: ".$this->domain_uuid."<br />\n";
    166. 

  166. 			//view_array($this->domain_uuid, false);
    167. 

  167. 			//echo "domain_name: ".$this->domain_name."<br />\n";
    168. 

  168. 			//echo "username: ".$this->username."<br />\n";
    169. 

  169. 

  170. 		//set the default status
    171. 

  171. 			$user_authorized = false;
    172. 

  172. 

  173. 		//check if contacts app exists
    174. 

  174. 			$contacts_exists = file_exists($_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/app/contacts/') ? true : false;
    175. 

  175. 

  176. 		//check the username and password if they don't match then redirect to the login
    177. 

  177. 			$sql = "select ";
    178. 

  178. 			$sql .= "	d.domain_name, ";
    179. 

  179. 			$sql .= "	u.user_uuid, ";
    180. 

  180. 			$sql .= "	u.contact_uuid, ";
    181. 

  181. 			$sql .= "	u.username, ";
    182. 

  182. 			$sql .= "	u.password, ";
    183. 

  183. 			$sql .= "	u.user_email, ";
    184. 

  184. 			$sql .= "	u.salt, ";
    185. 

  185. 			$sql .= "	u.api_key, ";
    186. 

  186. 			$sql .= "	u.domain_uuid ";
    187. 

  187. 			if ($contacts_exists) {
    188. 

  188. 				$sql .= ",";
    189. 

  189. 				$sql .= "c.contact_organization, ";
    190. 

  190. 				$sql .= "c.contact_name_given, ";
    191. 

  191. 				$sql .= "c.contact_name_family, ";
    192. 

  192. 				$sql .= "a.contact_attachment_uuid ";
    193. 

  193. 			}
    194. 

  194. 			$sql .= "from ";
    195. 

  195. 			$sql .= "	v_domains as d, ";
    196. 

  196. 			$sql .= "	v_users as u ";
    197. 

  197. 			if ($contacts_exists) {
    198. 

  198. 				$sql .= "left join v_contacts as c on u.contact_uuid = c.contact_uuid and u.contact_uuid is not null ";
    199. 

  199. 				$sql .= "left join v_contact_attachments as a on u.contact_uuid = a.contact_uuid and u.contact_uuid is not null and a.attachment_primary = 1 and a.attachment_filename is not null and a.attachment_content is not null ";
    200. 

  200. 			}
    201. 

  201. 			$sql .= "where ";
    202. 

  202. 			$sql .= "	u.domain_uuid = d.domain_uuid ";
    203. 

  203. 			$sql .= "	and (";
    204. 

  204. 			$sql .= "		user_type = 'default' ";
    205. 

  205. 			$sql .= "		or user_type is null";
    206. 

  206. 			$sql .= "	) ";
    207. 

  207. 			if (isset($this->key) && strlen($this->key) > 30) {
    208. 

  208. 				$sql .= "and u.api_key = :api_key ";
    209. 

  209. 				$parameters['api_key'] = $this->key;
    210. 

  210. 			}
    211. 

  211. 			else {
    212. 

  212. 				$sql .= "and (\n";
    213. 

  213. 				$sql .= "	lower(u.username) = lower(:username)\n";
    214. 

  214. 				$sql .= "	or lower(u.user_email) = lower(:username)\n";
    215. 

  215. 				$sql .= ")\n";
    216. 

  216. 				$parameters['username'] = $this->username;
    217. 

  217. 			}
    218. 

  218. 			if ($users_unique === "global") {
    219. 

  219. 				//unique username - global (example: email address)
    220. 

  220. 			}
    221. 

  221. 			else {
    222. 

  222. 				//unique username - per domain
    223. 

  223. 				$sql .= "and u.domain_uuid = :domain_uuid ";
    224. 

  224. 				$parameters['domain_uuid'] = $this->domain_uuid;
    225. 

  225. 			}
    226. 

  226. 			$sql .= "and (user_enabled = 'true' or user_enabled is null) ";
    227. 

  227. 			$row = $settings->database()->select($sql, $parameters, 'row');
    228. 

  228. 			if (!empty($row) && is_array($row) && @sizeof($row) != 0) {
    229. 

  229. 

  230. 				//validate the password
    231. 

  231. 					$valid_password = false;
    232. 

  232. 					if (isset($this->key) && strlen($this->key) > 30 && $this->key === $row["api_key"]) {
    233. 

  233. 						$valid_password = true;
    234. 

  234. 					}
    235. 

  235. 					else if (substr($row["password"], 0, 1) === '$') {
    236. 

  236. 						if (isset($this->password) && !empty($this->password)) {
    237. 

  237. 							if (password_verify($this->password, $row["password"])) {
    238. 

  238. 								$valid_password = true;
    239. 

  239. 							}
    240. 

  240. 						}
    241. 

  241. 					}
    242. 

  242. 					else {
    243. 

  243. 						//deprecated - compare the password provided by the user with the one in the database
    244. 

  244. 						if (md5($row["salt"].$this->password) === $row["password"]) {
    245. 

  245. 							$row["password"] = crypt($this->password, '$1$'.$password_salt.'$');
    246. 

  246. 							$valid_password = true;
    247. 

  247. 						}
    248. 

  248. 					}
    249. 

  249. 

  250. 				//set the domain and user settings
    251. 

  251. 					if ($valid_password) {
    252. 

  252. 						//set the domain_uuid
    253. 

  253. 							$this->domain_uuid = $row["domain_uuid"];
    254. 

  254. 							$this->domain_name = $row["domain_name"];
    255. 

  255. 

  256. 						//set the domain session variables
    257. 

  257. 							$_SESSION["domain_uuid"] = $this->domain_uuid;
    258. 

  258. 							$_SESSION["domain_name"] = $this->domain_name;
    259. 

  259. 

  260. 						//set the domain setting
    261. 

  261. 							if ($users_unique === "global" && $row["domain_uuid"] !== $this->domain_uuid) {
    262. 

  262. 								$domain = new domains();
    263. 

  263. 								$domain->set();
    264. 

  264. 							}
    265. 

  265. 

  266. 						//set the variables
    267. 

  267. 							$this->user_uuid = $row['user_uuid'];
    268. 

  268. 							$this->username = $row['username'];
    269. 

  269. 							$this->user_email = $row['user_email'];
    270. 

  270. 							$this->contact_uuid = $row['contact_uuid'];
    271. 

  271. 							if ($contacts_exists) {
    272. 

  272. 								$this->contact_organization = $row['contact_organization'];
    273. 

  273. 								$this->contact_name_given = $row['contact_name_given'];
    274. 

  274. 								$this->contact_name_family = $row['contact_name_family'];
    275. 

  275. 								$this->contact_image = $row['contact_attachment_uuid'];
    276. 

  276. 							}
    277. 

  277. 

  278. 						//debug info
    279. 

  279. 							//echo "user_uuid ".$this->user_uuid."<br />\n";
    280. 

  280. 							//echo "username ".$this->username."<br />\n";
    281. 

  281. 							//echo "contact_uuid ".$this->contact_uuid."<br />\n";
    282. 

  282. 

  283. 						//set a few session variables
    284. 

  284. 							$_SESSION["user_uuid"] = $row['user_uuid'];
    285. 

  285. 							$_SESSION["username"] = $row['username'];
    286. 

  286. 							$_SESSION["user_email"] = $row['user_email'];
    287. 

  287. 							$_SESSION["contact_uuid"] = $row["contact_uuid"];
    288. 

  288. 					}
    289. 

  289. 

  290. 				//check to to see if the the password hash needs to be updated
    291. 

  291. 					if ($valid_password) {
    292. 

  292. 						//set the password hash cost
    293. 

  293. 						$options = array('cost' => 10);
    294. 

  294. 

  295. 						//check if a newer hashing algorithm is available or the cost has changed
    296. 

  296. 						if (password_needs_rehash($row["password"], PASSWORD_DEFAULT, $options)) {
    297. 

  297. 

  298. 							//build user insert array
    299. 

  299. 								$array = [];
    300. 

  300. 								$array['users'][0]['user_uuid'] = $this->user_uuid;
    301. 

  301. 								$array['users'][0]['domain_uuid'] = $this->domain_uuid;
    302. 

  302. 								$array['users'][0]['user_email'] = $this->user_email;
    303. 

  303. 								$array['users'][0]['password'] = password_hash($this->password, PASSWORD_DEFAULT, $options);
    304. 

  304. 								$array['users'][0]['salt'] = null;
    305. 

  305. 

  306. 							//build user group insert array
    307. 

  307. 								$array['user_groups'][0]['user_group_uuid'] = uuid();
    308. 

  308. 								$array['user_groups'][0]['domain_uuid'] = $this->domain_uuid;
    309. 

  309. 								$array['user_groups'][0]['group_name'] = 'user';
    310. 

  310. 								$array['user_groups'][0]['user_uuid'] = $this->user_uuid;
    311. 

  311. 

  312. 							//grant temporary permissions
    313. 

  313. 								$p = permissions::new();
    314. 

  314. 								$p->add('user_edit', 'temp');
    315. 

  315. 

  316. 							//execute insert
    317. 

  317. 								$settings->database()->app_name = 'authentication';
    318. 

  318. 								$settings->database()->app_uuid = 'a8a12918-69a4-4ece-a1ae-3932be0e41f1';
    319. 

  319. 								$settings->database()->save($array);
    320. 

  320. 								unset($array);
    321. 

  321. 

  322. 							//revoke temporary permissions
    323. 

  323. 								$p->delete('user_edit', 'temp');
    324. 

  324. 

  325. 						}
    326. 

  326. 

  327. 					}
    328. 

  328. 

  329. 					//result array
    330. 

  330. 					if ($valid_password) {
    331. 

  331. 						$result["plugin"] = "database";
    332. 

  332. 						$result["domain_name"] = $this->domain_name;
    333. 

  333. 						$result["username"] = $this->username;
    334. 

  334. 						$result["user_uuid"] = $this->user_uuid;
    335. 

  335. 						$result["domain_uuid"] = $_SESSION['domain_uuid'];
    336. 

  336. 						$result["contact_uuid"] = $this->contact_uuid;
    337. 

  337. 						if ($contacts_exists) {
    338. 

  338. 							$result["contact_organization"] = $this->contact_organization;
    339. 

  339. 							$result["contact_name_given"] = $this->contact_name_given;
    340. 

  340. 							$result["contact_name_family"] = $this->contact_name_family;
    341. 

  341. 							$result["contact_image"] = $this->contact_image;
    342. 

  342. 						}
    343. 

  343. 						$result["user_email"] = $this->user_email;
    344. 

  344. 						$result["sql"] = $sql;
    345. 

  345. 						$result["authorized"] = $valid_password;
    346. 

  346. 					}
    347. 

  347. 

  348. 					//return the results
    349. 

  349. 					return $result ?? false;
    350. 

  350. 

  351. 			}
    352. 

  352. 

  353. 

  354. 		return;
    355. 

  355. 

  356. 	}
    357. 

  357. }
    358. 

  358. 

  359. ?>
    360.