Home Verkennen Help
Inloggen
fusionpbx
/
fusionpbx-framework
spiegel van https://github.com/fusionpbx/fusionpbx-framework.git
2
0
Vork 0
Bestanden Issues 0 Wiki
Boom: 9cf350f333
Aftakkingen Labels
fusionpbx-frame...
/
core
/
authentication
/
resources
/
classes
/
plugins
/
email.php

email.php 20 KB
Geschiedenis Ruwe

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525 
  1. <?php
    2. 

  2. /*
    3. 

  3. 	FusionPBX
    4. 

  4. 	Version: MPL 1.1
    5. 

  5. 

  6. 	The contents of this file are subject to the Mozilla Public License Version
    7. 

  7. 	1.1 (the "License"); you may not use this file except in compliance with
    8. 

  8. 	the License. You may obtain a copy of the License at
    9. 

  9. 	http://www.mozilla.org/MPL/
    10. 

  10. 

  11. 	Software distributed under the License is distributed on an "AS IS" basis,
    12. 

  12. 	WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
    13. 

  13. 	for the specific language governing rights and limitations under the
    14. 

  14. 	License.
    15. 

  15. 

  16. 	The Original Code is FusionPBX
    17. 

  17. 

  18. 	The Initial Developer of the Original Code is
    19. 

  19. 	Mark J Crane <[email protected]>
    20. 

  20. 	Portions created by the Initial Developer are Copyright (C) 2008-2024
    21. 

  21. 	the Initial Developer. All Rights Reserved.
    22. 

  22. 

  23. 	Contributor(s):
    24. 

  24. 	Mark J Crane <[email protected]>
    25. 

  25. */
    26. 

  26. 

  27. /**
    28. 

  28.  * plugin_email
    29. 

  29.  *
    30. 

  30.  * @method email time based one time password authenticate the user
    31. 

  31.  */
    32. 

  32. class plugin_email {
    33. 

  33. 

  34. 	/**
    35. 

  35. 	 * Define variables and their scope
    36. 

  36. 	 */
    37. 

  37. 	public $domain_name;
    38. 

  38. 	public $domain_uuid;
    39. 

  39. 	public $username;
    40. 

  40. 	public $password;
    41. 

  41. 	public $user_uuid;
    42. 

  42. 	public $user_email;
    43. 

  43. 	public $contact_uuid;
    44. 

  44. 	public $debug;
    45. 

  45. 

  46. 	/**
    47. 

  47. 	 * time based one time password with email
    48. 

  48. 	 * @return array [authorized] => true or false
    49. 

  49. 	 */
    50. 

  50. 	function email() {
    51. 

  51. 

  52. 		//pre-process some settings
    53. 

  53. 			$settings['theme']['favicon'] = !empty($_SESSION['theme']['favicon']['text']) ? $_SESSION['theme']['favicon']['text'] : PROJECT_PATH.'/themes/default/favicon.ico';
    54. 

  54. 			$settings['login']['destination'] = !empty($_SESSION['login']['destination']['text']) ? $_SESSION['login']['destination']['text'] : '';
    55. 

  55. 			$settings['users']['unique'] = !empty($_SESSION['users']['unique']['text']) ? $_SESSION['users']['unique']['text'] : '';
    56. 

  56. 			$settings['theme']['logo'] = !empty($_SESSION['theme']['logo']['text']) ? $_SESSION['theme']['logo']['text'] : PROJECT_PATH.'/themes/default/images/logo_login.png';
    57. 

  57. 			$settings['theme']['login_logo_width'] = !empty($_SESSION['theme']['login_logo_width']['text']) ? $_SESSION['theme']['login_logo_width']['text'] : 'auto; max-width: 300px';
    58. 

  58. 			$settings['theme']['login_logo_height'] = !empty($_SESSION['theme']['login_logo_height']['text']) ? $_SESSION['theme']['login_logo_height']['text'] : 'auto; max-height: 300px';
    59. 

  59. 			$settings['theme']['message_delay'] = isset($_SESSION['theme']['message_delay']) ? 1000 * (float) $_SESSION['theme']['message_delay'] : 3000;
    60. 

  60. 			$settings['theme']['background_video'] = isset($_SESSION['theme']['background_video'][0]) ? $_SESSION['theme']['background_video'][0] : null;
    61. 

  61. 

  62. 		//get the domain
    63. 

  63. 			$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
    64. 

  64. 			$domain_name = $domain_array[0];
    65. 

  65. 

  66. 		//use the session username
    67. 

  67. 			if (isset($_SESSION['username'])) {
    68. 

  68. 				$_POST['username'] = $_SESSION['username'];
    69. 

  69. 				$_REQUEST['username'] = $_SESSION['username'];
    70. 

  70. 			}
    71. 

  71. 

  72. 		//request the username
    73. 

  73. 			if (!isset($_POST['username']) && !isset($_POST['authentication_code'])) {
    74. 

  74. 

  75. 				//add multi-lingual support
    76. 

  76. 				$language = new text;
    77. 

  77. 				$text = $language->get(null, '/core/authentication');
    78. 

  78. 

  79. 				//initialize a template object
    80. 

  80. 				$view = new template();
    81. 

  81. 				$view->engine = 'smarty';
    82. 

  82. 				$view->template_dir = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/core/authentication/resources/views/';
    83. 

  83. 				$view->cache_dir = sys_get_temp_dir();
    84. 

  84. 				$view->init();
    85. 

  85. 

  86. 				//assign default values to the template
    87. 

  87. 				$view->assign("project_path", PROJECT_PATH);
    88. 

  88. 				$view->assign("login_destination_url", $settings['login']['destination']);
    89. 

  89. 				$view->assign("favicon", $settings['theme']['favicon']);
    90. 

  90. 				$view->assign("login_title", $text['label-username']);
    91. 

  91. 				$view->assign("login_username", $text['label-username']);
    92. 

  92. 				$view->assign("login_logo_width", $settings['theme']['login_logo_width']);
    93. 

  93. 				$view->assign("login_logo_height", $settings['theme']['login_logo_height']);
    94. 

  94. 				$view->assign("login_logo_source", $settings['theme']['logo']);
    95. 

  95. 				$view->assign("button_login", $text['button-login']);
    96. 

  96. 				$view->assign("message_delay", $settings['theme']['message_delay']);
    97. 

  97. 				$view->assign("background_video", $settings['theme']['background_video']);
    98. 

  98. 

  99. 				//messages
    100. 

  100. 				$view->assign('messages', message::html(true, '		'));
    101. 

  101. 

  102. 				//show the views
    103. 

  103. 				$content = $view->render('username.htm');
    104. 

  104. 				echo $content;
    105. 

  105. 				exit;
    106. 

  106. 

  107. 			}
    108. 

  108. 

  109. 		//show the authentication code view
    110. 

  110. 			if (!isset($_POST['authentication_code'])) {
    111. 

  111. 

  112. 				//get the username
    113. 

  113. 				//if (!isset($this->username) && isset($_REQUEST['username'])) {
    114. 

  114. 				//	$this->username = $_REQUEST['username'];
    115. 

  115. 				//}
    116. 

  116. 

  117. 				//get the user details
    118. 

  118. 				$sql = "select user_uuid, username, user_email, contact_uuid \n";
    119. 

  119. 				$sql .= "from v_users\n";
    120. 

  120. 				$sql .= "where (\n";
    121. 

  121. 				$sql .= "	username = :username\n";
    122. 

  122. 				$sql .= "	or user_email = :username\n";
    123. 

  123. 				$sql .= ")\n";
    124. 

  124. 				if ($settings['users']['unique'] != "global") {
    125. 

  125. 					//unique username per domain (not globally unique across system - example: email address)
    126. 

  126. 					$sql .= "and domain_uuid = :domain_uuid ";
    127. 

  127. 					$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
    128. 

  128. 				}
    129. 

  129. 				$sql .= "and (user_type = 'default' or user_type is null) ";
    130. 

  130. 				$parameters['username'] = $_REQUEST['username'];
    131. 

  131. 				$database = new database;
    132. 

  132. 				$row = $database->select($sql, $parameters, 'row');
    133. 

  133. 				unset($parameters);
    134. 

  134. 

  135. 				//set class variables
    136. 

  136. 				//if (!empty($row["user_email"])) {
    137. 

  137. 				//	$this->user_uuid = $row['user_uuid'];
    138. 

  138. 				//	$this->user_email = $row['user_email'];
    139. 

  139. 				//	$this->contact_uuid = $row['contact_uuid'];
    140. 

  140. 				//}
    141. 

  141. 

  142. 				//set a few session variables
    143. 

  143. 				$_SESSION["user_uuid"] = $row['user_uuid'];
    144. 

  144. 				$_SESSION["username"] = $row['username'];
    145. 

  145. 				$_SESSION["user_email"] = $row['user_email'];
    146. 

  146. 				$_SESSION["contact_uuid"] = $row["contact_uuid"];
    147. 

  147. 

  148. 				//user not found
    149. 

  149. 				if (empty($row) || !is_array($row) || @sizeof($row) == 0) {
    150. 

  150. 					//clear submitted usernames
    151. 

  151. 					unset($this->username, $_SESSION['username'], $_REQUEST['username'], $_POST['username']);
    152. 

  152. 

  153. 					//clear authentication session
    154. 

  154. 					unset($_SESSION['authentication']);
    155. 

  155. 

  156. 					//build the result array
    157. 

  157. 					$result["plugin"] = "email";
    158. 

  158. 					$result["domain_uuid"] = $_SESSION["domain_uuid"];
    159. 

  159. 					$result["domain_name"] = $_SESSION["domain_name"];
    160. 

  160. 					$result["authorized"] = false;
    161. 

  161. 

  162. 					//retun the array
    163. 

  163. 					return $result;
    164. 

  164. 				}
    165. 

  165. 

  166. 				//user email not found
    167. 

  167. 				else if (empty($row["user_email"])) {
    168. 

  168. 					//clear submitted usernames
    169. 

  169. 					unset($this->username, $_SESSION['username'], $_REQUEST['username'], $_POST['username']);
    170. 

  170. 

  171. 					//clear authentication session
    172. 

  172. 					unset($_SESSION['authentication']);
    173. 

  173. 

  174. 					//build the result array
    175. 

  175. 					$result["plugin"] = "email";
    176. 

  176. 					$result["domain_name"] = $_SESSION["domain_name"];
    177. 

  177. 					$result["username"] = $_REQUEST['username'];
    178. 

  178. 					$result["user_uuid"] = $_SESSION["user_uuid"];
    179. 

  179. 					$result["domain_uuid"] = $_SESSION["domain_uuid"];
    180. 

  180. 					$result["contact_uuid"] = $_SESSION["contact_uuid"];
    181. 

  181. 					$result["authorized"] = false;
    182. 

  182. 

  183. 					//add the failed login to user logs
    184. 

  184. 					user_logs::add($result);
    185. 

  185. 

  186. 					//return the array
    187. 

  187. 					return $result;
    188. 

  188. 				}
    189. 

  189. 

  190. 				//authentication code
    191. 

  191. 				$_SESSION["user"]["authentication"]["email"]["code"] = generate_password(6, 1);
    192. 

  192. 				$_SESSION["user"]["authentication"]["email"]["epoch"] = time();
    193. 

  193. 

  194. 				//$_SESSION["authentication_address"] = $_SERVER['REMOTE_ADDR'];
    195. 

  195. 				//$_SESSION["authentication_date"] = 'now()';
    196. 

  196. 

  197. 				//set the authentication code
    198. 

  198. 				//$sql = "update v_users \n";
    199. 

  199. 				//$sql .= "set auth_code = :auth_code \n";
    200. 

  200. 				//$sql .= "where user_uuid = :user_uuid;";
    201. 

  201. 				//$parameters['auth_code'] = $auth_code_hash;
    202. 

  202. 				//$parameters['user_uuid'] = $this->user_uuid;
    203. 

  203. 				//$database->execute($sql, $parameters);
    204. 

  204. 				//unset($sql);
    205. 

  205. 

  206. 				//email settings
    207. 

  207. 				//$email_address = $this->user_email;
    208. 

  208. 				//$email_subject = 'Validation Code';
    209. 

  209. 				//$email_body = 'Validation Code: '.$authentication_code;
    210. 

  210. 

  211. 				//send email with the authentication_code
    212. 

  212. 				//ob_start();
    213. 

  213. 				//$sent = !send_email($email_address, $email_subject, $email_body, $email_error, null, null, 3, 3) ? false : true;
    214. 

  214. 				//$response = ob_get_clean();
    215. 

  215. 

  216. 				//get the language code
    217. 

  217. 				$language_code = $_SESSION['domain']['language']['code'];
    218. 

  218. 

  219. 				//get the email template from the database
    220. 

  220. 				$sql = "select template_subject, template_body ";
    221. 

  221. 				$sql .= "from v_email_templates ";
    222. 

  222. 				$sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";
    223. 

  223. 				$sql .= "and template_language = :template_language ";
    224. 

  224. 				$sql .= "and template_category = :template_category ";
    225. 

  225. 				$sql .= "and template_subcategory = :template_subcategory ";
    226. 

  226. 				$sql .= "and template_type = :template_type ";
    227. 

  227. 				$sql .= "and template_enabled = 'true' ";
    228. 

  228. 				$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
    229. 

  229. 				$parameters['template_language'] = $language_code;
    230. 

  230. 				$parameters['template_category'] = 'authentication';
    231. 

  231. 				$parameters['template_subcategory'] = 'email';
    232. 

  232. 				$parameters['template_type'] = 'html';
    233. 

  233. 				$database = new database;
    234. 

  234. 				$row = $database->select($sql, $parameters, 'row');
    235. 

  235. 				$email_subject = $row['template_subject'];
    236. 

  236. 				$email_body = $row['template_body'];
    237. 

  237. 				unset($sql, $parameters, $row);
    238. 

  238. 

  239. 				//replace variables in email subject
    240. 

  240. 				$email_subject = str_replace('${domain_name}', $_SESSION["domain_name"], $email_subject);
    241. 

  241. 

  242. 				//replace variables in email body
    243. 

  243. 				$email_body = str_replace('${domain_name}', $_SESSION["domain_name"], $email_body);
    244. 

  244. 				$email_body = str_replace('${auth_code}', $_SESSION["user"]["authentication"]["email"]["code"], $email_body);
    245. 

  245. 

  246. 				//get the email from name and address
    247. 

  247. 				$email_from_address = $_SESSION['email']['smtp_from']['text'];
    248. 

  248. 				$email_from_name = $_SESSION['email']['smtp_from_name']['text'];
    249. 

  249. 

  250. 				//get the email send mode options: direct or email_queue
    251. 

  251. 				$email_send_mode = $_SESSION['authentication']['email_send_mode']['text'] ?? 'email_queue';
    252. 

  252. 

  253. 				//send the email
    254. 

  254. 				if ($email_send_mode == 'email_queue') {
    255. 

  255. 					//set the variables
    256. 

  256. 					$email_queue_uuid = uuid();
    257. 

  257. 					$email_uuid = uuid();
    258. 

  258. 					$hostname = gethostname();
    259. 

  259. 

  260. 					//add the temporary permissions
    261. 

  261. 					$p = permissions::new();
    262. 

  262. 					$p->add("email_queue_add", 'temp');
    263. 

  263. 					$p->add("email_queue_edit", 'temp');
    264. 

  264. 

  265. 					$array['email_queue'][0]["email_queue_uuid"] = $email_queue_uuid;
    266. 

  266. 					$array['email_queue'][0]["domain_uuid"] = $_SESSION["domain_uuid"];
    267. 

  267. 					$array['email_queue'][0]["hostname"] = $hostname;
    268. 

  268. 					$array['email_queue'][0]["email_date"] = 'now()';
    269. 

  269. 					$array['email_queue'][0]["email_from"] = $email_from_address;
    270. 

  270. 					$array['email_queue'][0]["email_to"] = $_SESSION["user_email"];
    271. 

  271. 					$array['email_queue'][0]["email_subject"] = $email_subject;
    272. 

  272. 					$array['email_queue'][0]["email_body"] = $email_body;
    273. 

  273. 					$array['email_queue'][0]["email_status"] = 'waiting';
    274. 

  274. 					$array['email_queue'][0]["email_retry_count"] = 3;
    275. 

  275. 					$array['email_queue'][0]["email_uuid"] = $email_uuid;
    276. 

  276. 					$array['email_queue'][0]["email_action_before"] = null;
    277. 

  277. 					$array['email_queue'][0]["email_action_after"] = null;
    278. 

  278. 					$database = new database;
    279. 

  279. 					$database->app_name = 'email queue';
    280. 

  280. 					$database->app_uuid = '5befdf60-a242-445f-91b3-2e9ee3e0ddf7';
    281. 

  281. 					$database->save($array);
    282. 

  282. 					$err = $database->message;
    283. 

  283. 					unset($array);
    284. 

  284. 

  285. 					//remove the temporary permission
    286. 

  286. 					$p->delete("email_queue_add", 'temp');
    287. 

  287. 					$p->delete("email_queue_edit", 'temp');
    288. 

  288. 				}
    289. 

  289. 				else {
    290. 

  290. 					//send email - direct
    291. 

  291. 					$email = new email;
    292. 

  292. 					$email->recipients = $_SESSION["user_email"];
    293. 

  293. 					$email->subject = $email_subject;
    294. 

  294. 					$email->body = $email_body;
    295. 

  295. 					$email->from_address = $email_from_address;
    296. 

  296. 					$email->from_name = $email_from_name;
    297. 

  297. 					//$email->attachments = $email_attachments;
    298. 

  298. 					$email->debug_level = 0;
    299. 

  299. 					$email->method = 'direct';
    300. 

  300. 					$sent = $email->send();
    301. 

  301. 				}
    302. 

  302. 

  303. 				//debug informations
    304. 

  304. 				//$email_response = $email->response;
    305. 

  305. 				//$email_error = $email->email_error;
    306. 

  306. 				//echo $email_response."<br />\n";
    307. 

  307. 				//echo $email_error."<br />\n";
    308. 

  308. 

  309. 				//get the domain
    310. 

  310. 				$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
    311. 

  311. 				$domain_name = $domain_array[0];
    312. 

  312. 

  313. 				//create token
    314. 

  314. 				//$object = new token;
    315. 

  315. 				//$token = $object->create('login');
    316. 

  316. 

  317. 				//add multi-lingual support
    318. 

  318. 				$language = new text;
    319. 

  319. 				$text = $language->get(null, '/core/authentication');
    320. 

  320. 

  321. 				//initialize a template object
    322. 

  322. 				$view = new template();
    323. 

  323. 				$view->engine = 'smarty';
    324. 

  324. 				$view->template_dir = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/core/authentication/resources/views/';
    325. 

  325. 				$view->cache_dir = sys_get_temp_dir();
    326. 

  326. 				$view->init();
    327. 

  327. 

  328. 				//assign default values to the template
    329. 

  329. 				$view->assign("project_path", PROJECT_PATH);
    330. 

  330. 				$view->assign("login_destination_url", $settings['login']['destination']);
    331. 

  331. 				$view->assign("favicon", $settings['theme']['favicon']);
    332. 

  332. 				$view->assign("login_title", $text['label-verify']);
    333. 

  333. 				$view->assign("login_email_description", $text['label-email_description']);
    334. 

  334. 				$view->assign("login_authentication_code", $text['label-authentication_code']);
    335. 

  335. 				$view->assign("login_logo_width", $settings['theme']['login_logo_width']);
    336. 

  336. 				$view->assign("login_logo_height", $settings['theme']['login_logo_height']);
    337. 

  337. 				$view->assign("login_logo_source", $settings['theme']['logo']);
    338. 

  338. 				$view->assign("button_verify", $text['label-verify']);
    339. 

  339. 				$view->assign("message_delay", $settings['theme']['message_delay']);
    340. 

  340. 				if (!empty($_SESSION['username'])) {
    341. 

  341. 					$view->assign("username", $_SESSION['username']);
    342. 

  342. 					$view->assign("button_cancel", $text['button-cancel']);
    343. 

  343. 				}
    344. 

  344. 

  345. 				//messages
    346. 

  346. 				$view->assign('messages', message::html(true, '		'));
    347. 

  347. 

  348. 				//show the views
    349. 

  349. 				$content = $view->render('email.htm');
    350. 

  350. 				echo $content;
    351. 

  351. 				exit;
    352. 

  352. 			}
    353. 

  353. 

  354. 		//if authorized then verify
    355. 

  355. 			if (isset($_POST['authentication_code'])) {
    356. 

  356. 

  357. 				//check if the authentication code has expired. if expired return false
    358. 

  358. 				if (!empty($_SESSION["user"]) && $_SESSION["user"]["authentication"]["email"]["epoch"] + 3 > time()) {
    359. 

  359. 					//authentication code expired
    360. 

  360. 					$result["plugin"] = "email";
    361. 

  361. 					$result["domain_name"] = $_SESSION["domain_name"];
    362. 

  362. 					$result["username"] = $_SESSION["username"];
    363. 

  363. 					$result["error_message"] = 'code expired';
    364. 

  364. 					$result["authorized"] = false;
    365. 

  365. 					print_r($result);
    366. 

  366. 					return $result;
    367. 

  367. 					exit;
    368. 

  368. 				}
    369. 

  369. 

  370. 				//get the user details
    371. 

  371. 				$sql = "select user_uuid, user_email, contact_uuid\n";
    372. 

  372. 				$sql .= "from v_users\n";
    373. 

  373. 				$sql .= "where (\n";
    374. 

  374. 				$sql .= "	username = :username\n";
    375. 

  375. 				$sql .= "	or user_email = :username\n";
    376. 

  376. 				$sql .= ")\n";
    377. 

  377. 				if ($settings['users']['unique'] != "global") {
    378. 

  378. 					//unique username per domain (not globally unique across system - example: email address)
    379. 

  379. 					$sql .= "and domain_uuid = :domain_uuid ";
    380. 

  380. 					$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
    381. 

  381. 				}
    382. 

  382. 				$parameters['username'] = $_SESSION["username"];
    383. 

  383. 				$database = new database;
    384. 

  384. 				$row = $database->select($sql, $parameters, 'row');
    385. 

  385. 				$this->user_uuid = $row['user_uuid'];
    386. 

  386. 				$this->user_email = $row['user_email'];
    387. 

  387. 				$this->contact_uuid = $row['contact_uuid'];
    388. 

  388. 				unset($parameters);
    389. 

  389. 				/*
    390. 

  390. 				echo 'session code = '.$_SESSION["user"]["authentication"]["email"]["code"].'<br>';
    391. 

  391. 				echo 'post code = '.$_POST['authentication_code'].'<br>';
    392. 

  392. 				exit;
    393. 

  393. 				*/
    394. 

  394. 

  395. 				//validate the code
    396. 

  396. 				if (!empty($_SESSION["user"]) && $_SESSION["user"]["authentication"]["email"]["code"] === $_POST['authentication_code']) {
    397. 

  397. 					$auth_valid = true;
    398. 

  398. 				}
    399. 

  399. 				else {
    400. 

  400. 					$auth_valid = false;
    401. 

  401. 				}
    402. 

  402. 

  403. 				//clear posted authentication code
    404. 

  404. 				unset($_POST['authentication_code']);
    405. 

  405. 

  406. 				//check if contacts app exists
    407. 

  407. 				$contacts_exists = file_exists($_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/app/contacts/') ? true : false;
    408. 

  408. 

  409. 				//get the user details
    410. 

  410. 				if ($auth_valid) {
    411. 

  411. 					//get user data from the database
    412. 

  412. 					$sql = "select ";
    413. 

  413. 					$sql .= "	u.user_uuid, ";
    414. 

  414. 					$sql .= "	u.username, ";
    415. 

  415. 					$sql .= "	u.user_email, ";
    416. 

  416. 					$sql .= "	u.contact_uuid ";
    417. 

  417. 					if ($contacts_exists) {
    418. 

  418. 						$sql .= ",";
    419. 

  419. 						$sql .= "c.contact_organization, ";
    420. 

  420. 						$sql .= "c.contact_name_given, ";
    421. 

  421. 						$sql .= "c.contact_name_family, ";
    422. 

  422. 						$sql .= "a.contact_attachment_uuid ";
    423. 

  423. 					}
    424. 

  424. 					$sql .= "from ";
    425. 

  425. 					$sql .= "	v_users as u ";
    426. 

  426. 					if ($contacts_exists) {
    427. 

  427. 						$sql .= "left join v_contacts as c on u.contact_uuid = c.contact_uuid and u.contact_uuid is not null ";
    428. 

  428. 						$sql .= "left join v_contact_attachments as a on u.contact_uuid = a.contact_uuid and u.contact_uuid is not null and a.attachment_primary = 1 and a.attachment_filename is not null and a.attachment_content is not null ";
    429. 

  429. 					}
    430. 

  430. 					$sql .= "where ";
    431. 

  431. 					$sql .= "	u.user_uuid = :user_uuid ";
    432. 

  432. 					if ($settings['users']['unique'] != "global") {
    433. 

  433. 						//unique username per domain (not globally unique across system - example: email address)
    434. 

  434. 						$sql .= "and u.domain_uuid = :domain_uuid ";
    435. 

  435. 						$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
    436. 

  436. 					}
    437. 

  437. 					$parameters['user_uuid'] = $_SESSION["user_uuid"];
    438. 

  438. 					$database = new database;
    439. 

  439. 					$row = $database->select($sql, $parameters, 'row');
    440. 

  440. 					unset($parameters);
    441. 

  441. 

  442. 					//set a few session variables
    443. 

  443. 					//$_SESSION["username"] = $row['username']; //setting the username makes it skip the rest of the authentication
    444. 

  444. 					//$_SESSION["user_email"] = $row['user_email'];
    445. 

  445. 					//$_SESSION["contact_uuid"] = $row["contact_uuid"];
    446. 

  446. 				}
    447. 

  447. 				else {
    448. 

  448. // 					//destroy session
    449. 

  449. // 					session_unset();
    450. 

  450. // 					session_destroy();
    451. 

  451. // 					//$_SESSION['authentication']['plugin']
    452. 

  452. // 					//send http 403
    453. 

  453. // 					header('HTTP/1.0 403 Forbidden', true, 403);
    454. 

  454. //
    455. 

  455. // 					//redirect to the root of the website
    456. 

  456. // 					header("Location: ".PROJECT_PATH."/");
    457. 

  457. //
    458. 

  458. // 					//exit the code
    459. 

  459. // 					exit();
    460. 

  460. 

  461. 					//clear submitted usernames
    462. 

  462. 					unset($this->username, $_SESSION['username'], $_REQUEST['username'], $_POST['username']);
    463. 

  463. 

  464. 					//clear authentication session
    465. 

  465. 					unset($_SESSION['authentication']);
    466. 

  466. 

  467. 				}
    468. 

  468. 

  469. 				/*
    470. 

  470. 				//check if user successfully logged in during the interval
    471. 

  471. 					//$sql = "select user_log_uuid, timestamp, user_name, user_agent, remote_address ";
    472. 

  472. 					$sql = "select count(*) as count ";
    473. 

  473. 					$sql .= "from v_user_logs ";
    474. 

  474. 					$sql .= "where domain_uuid = :domain_uuid ";
    475. 

  475. 					$sql .= "and user_uuid = :user_uuid ";
    476. 

  476. 					$sql .= "and user_agent = :user_agent ";
    477. 

  477. 					$sql .= "and type = 'login' ";
    478. 

  478. 					$sql .= "and result = 'success' ";
    479. 

  479. 					$sql .= "and floor(extract(epoch from now()) - extract(epoch from timestamp)) > 3 ";
    480. 

  480. 					$sql .= "and floor(extract(epoch from now()) - extract(epoch from timestamp)) < 300 ";
    481. 

  481. 					$parameters['domain_uuid'] = $this->domain_uuid;
    482. 

  482. 					$parameters['user_uuid'] = $this->user_uuid;
    483. 

  483. 					$parameters['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
    484. 

  484. 					$database = new database;
    485. 

  485. 					$user_log_count = $database->select($sql, $parameters, 'all');
    486. 

  486. 					//view_array($user_log_count);
    487. 

  487. 					unset($sql, $parameters);
    488. 

  488. 				*/
    489. 

  489. 

  490. 				//result array
    491. 

  491. 				$result["plugin"] = "email";
    492. 

  492. 				$result["domain_name"] = $_SESSION["domain_name"];
    493. 

  493. 				$result["username"] = $_SESSION["username"];
    494. 

  494. 				$result["user_uuid"] = $_SESSION["user_uuid"];
    495. 

  495. 				$result["domain_uuid"] = $_SESSION["domain_uuid"];
    496. 

  496. 				if ($contacts_exists) {
    497. 

  497. 					$result["contact_uuid"] = $_SESSION["contact_uuid"];
    498. 

  498. 					$result["contact_organization"] = $row["contact_organization"];
    499. 

  499. 					$result["contact_name_given"] = $row["contact_name_given"];
    500. 

  500. 					$result["contact_name_family"] = $row["contact_name_family"];
    501. 

  501. 					$result["contact_image"] = $row["contact_attachment_uuid"];
    502. 

  502. 				}
    503. 

  503. 				$result["authorized"] = $auth_valid ? true : false;
    504. 

  504. 

  505. 				//add the failed login to user logs
    506. 

  506. 				if (!$auth_valid) {
    507. 

  507. 					user_logs::add($result);
    508. 

  508. 				}
    509. 

  509. 

  510. 				//retun the array
    511. 

  511. 				return $result;
    512. 

  512. 

  513. 				//$_SESSION['authentication']['plugin']['email']['plugin'] = "email";
    514. 

  514. 				//$_SESSION['authentication']['plugin']['email']['domain_name'] = $_SESSION["domain_name"];
    515. 

  515. 				//$_SESSION['authentication']['plugin']['email']['username'] = $row['username'];
    516. 

  516. 				//$_SESSION['authentication']['plugin']['email']['user_uuid'] = $_SESSION["user_uuid"];
    517. 

  517. 				//$_SESSION['authentication']['plugin']['email']['contact_uuid'] = $_SESSION["contact_uuid"];
    518. 

  518. 				//$_SESSION['authentication']['plugin']['email']['domain_uuid'] =  $_SESSION["domain_uuid"];
    519. 

  519. 				//$_SESSION['authentication']['plugin']['email']['authorized'] = $auth_valid ? true : false;
    520. 

  520. 			}
    521. 

  521. 

  522. 	}
    523. 

  523. }
    524. 

  524. 

  525. ?>
    526.