Domovská stránka Prehľadávať Pomoc
Prihlásiť sa
fusionpbx
/
fusionpbx-framework
zrkadlo https://github.com/fusionpbx/fusionpbx-framework.git
2
0
Fork 0
Súbory Issues 0 Wiki
Strom: aab1b7d772
Branche Tagy
fusionpbx-frame...
/
core
/
authentication
/
resources
/
classes
/
plugins
/
email.php

email.php 19 KB
História Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514 
  1. <?php
    2. 

  2. /*
    3. 

  3. 	FusionPBX
    4. 

  4. 	Version: MPL 1.1
    5. 

  5. 

  6. 	The contents of this file are subject to the Mozilla Public License Version
    7. 

  7. 	1.1 (the "License"); you may not use this file except in compliance with
    8. 

  8. 	the License. You may obtain a copy of the License at
    9. 

  9. 	http://www.mozilla.org/MPL/
    10. 

  10. 

  11. 	Software distributed under the License is distributed on an "AS IS" basis,
    12. 

  12. 	WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
    13. 

  13. 	for the specific language governing rights and limitations under the
    14. 

  14. 	License.
    15. 

  15. 

  16. 	The Original Code is FusionPBX
    17. 

  17. 

  18. 	The Initial Developer of the Original Code is
    19. 

  19. 	Mark J Crane <[email protected]>
    20. 

  20. 	Portions created by the Initial Developer are Copyright (C) 2008-2023
    21. 

  21. 	the Initial Developer. All Rights Reserved.
    22. 

  22. 

  23. 	Contributor(s):
    24. 

  24. 	Mark J Crane <[email protected]>
    25. 

  25. */
    26. 

  26. 

  27. /**
    28. 

  28.  * plugin_email
    29. 

  29.  *
    30. 

  30.  * @method email time based one time password authenticate the user
    31. 

  31.  */
    32. 

  32. class plugin_email {
    33. 

  33. 

  34. 	/**
    35. 

  35. 	 * Define variables and their scope
    36. 

  36. 	 */
    37. 

  37. 	public $domain_name;
    38. 

  38. 	public $domain_uuid;
    39. 

  39. 	public $username;
    40. 

  40. 	public $password;
    41. 

  41. 	public $user_uuid;
    42. 

  42. 	public $user_email;
    43. 

  43. 	public $contact_uuid;
    44. 

  44. 	public $debug;
    45. 

  45. 

  46. 	/**
    47. 

  47. 	 * time based one time password with email
    48. 

  48. 	 * @return array [authorized] => true or false
    49. 

  49. 	 */
    50. 

  50. 	function email() {
    51. 

  51. 

  52. 			//pre-process some settings
    53. 

  53. 			$settings['theme']['favicon'] = !empty($_SESSION['theme']['favicon']['text']) ? $_SESSION['theme']['favicon']['text'] : PROJECT_PATH.'/themes/default/favicon.ico';
    54. 

  54. 			$settings['login']['destination'] = !empty($_SESSION['login']['destination']['text']) ? $_SESSION['login']['destination']['text'] : '';
    55. 

  55. 			$settings['users']['unique'] = !empty($_SESSION['users']['unique']['text']) ? $_SESSION['users']['unique']['text'] : '';
    56. 

  56. 			$settings['theme']['logo'] = !empty($_SESSION['theme']['logo']['text']) ? $_SESSION['theme']['logo']['text'] : PROJECT_PATH.'/themes/default/images/logo_login.png';
    57. 

  57. 			$settings['theme']['login_logo_width'] = !empty($_SESSION['theme']['login_logo_width']['text']) ? $_SESSION['theme']['login_logo_width']['text'] : 'auto; max-width: 300px';
    58. 

  58. 			$settings['theme']['login_logo_height'] = !empty($_SESSION['theme']['login_logo_height']['text']) ? $_SESSION['theme']['login_logo_height']['text'] : 'auto; max-height: 300px';
    59. 

  59. 			$settings['theme']['message_delay'] = isset($_SESSION['theme']['message_delay']) ? 1000 * (float) $_SESSION['theme']['message_delay'] : 3000;
    60. 

  60. 			$settings['theme']['background_video'] = isset($_SESSION['theme']['background_video'][0]) ? $_SESSION['theme']['background_video'][0] : null;
    61. 

  61. 

  62. 			//set a default template
    63. 

  63. 			$_SESSION['domain']['template']['name'] = 'default';
    64. 

  64. 			$_SESSION['theme']['menu_brand_image']['text'] = PROJECT_PATH.'/themes/default/images/logo.png';
    65. 

  65. 			$_SESSION['theme']['menu_brand_type']['text'] = 'image';
    66. 

  66. 

  67. 			//get the domain
    68. 

  68. 			$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
    69. 

  69. 			$domain_name = $domain_array[0];
    70. 

  70. 

  71. 			//temp directory
    72. 

  72. 			$_SESSION['server']['temp']['dir'] = '/tmp';
    73. 

  73. 

  74. 			//use the session username
    75. 

  75. 			if (isset($_SESSION['username'])) {
    76. 

  76. 				$_POST['username'] = $_SESSION['username'];
    77. 

  77. 				$_REQUEST['username'] = $_SESSION['username'];
    78. 

  78. 			}
    79. 

  79. 

  80. 		//request the username
    81. 

  81. 			if (!isset($_POST['username']) && !isset($_POST['authentication_code'])) {
    82. 

  82. 

  83. 				//add multi-lingual support
    84. 

  84. 				$language = new text;
    85. 

  85. 				$text = $language->get(null, '/core/authentication');
    86. 

  86. 

  87. 				//initialize a template object
    88. 

  88. 				$view = new template();
    89. 

  89. 				$view->engine = 'smarty';
    90. 

  90. 				$view->template_dir = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/core/authentication/resources/views/';
    91. 

  91. 				$view->cache_dir = $_SESSION['server']['temp']['dir'];
    92. 

  92. 				$view->init();
    93. 

  93. 

  94. 				//assign default values to the template
    95. 

  95. 				$view->assign("project_path", PROJECT_PATH);
    96. 

  96. 				$view->assign("login_destination_url", $settings['login']['destination']);
    97. 

  97. 				$view->assign("favicon", $settings['theme']['favicon']);
    98. 

  98. 				$view->assign("login_title", $text['label-username']);
    99. 

  99. 				$view->assign("login_username", $text['label-username']);
    100. 

  100. 				$view->assign("login_logo_width", $settings['theme']['login_logo_width']);
    101. 

  101. 				$view->assign("login_logo_height", $settings['theme']['login_logo_height']);
    102. 

  102. 				$view->assign("login_logo_source", $settings['theme']['logo']);
    103. 

  103. 				$view->assign("button_login", $text['button-login']);
    104. 

  104. 				$view->assign("message_delay", $settings['theme']['message_delay']);
    105. 

  105. 				$view->assign("background_video", $settings['theme']['background_video']);
    106. 

  106. 

  107. 				//messages
    108. 

  108. 				$view->assign('messages', message::html(true, '		'));
    109. 

  109. 

  110. 				//show the views
    111. 

  111. 				$content = $view->render('username.htm');
    112. 

  112. 				echo $content;
    113. 

  113. 				exit;
    114. 

  114. 

  115. 			}
    116. 

  116. 

  117. 		//show the authentication code view
    118. 

  118. 			if (!isset($_POST['authentication_code'])) {
    119. 

  119. 

  120. 				//get the username
    121. 

  121. 				//if (!isset($this->username) && isset($_REQUEST['username'])) {
    122. 

  122. 				//	$this->username = $_REQUEST['username'];
    123. 

  123. 				//}
    124. 

  124. 

  125. 				//get the user details
    126. 

  126. 				$sql = "select user_uuid, username, user_email, contact_uuid \n";
    127. 

  127. 				$sql .= "from v_users\n";
    128. 

  128. 				$sql .= "where (\n";
    129. 

  129. 				$sql .= "	username = :username\n";
    130. 

  130. 				$sql .= "	or user_email = :username\n";
    131. 

  131. 				$sql .= ")\n";
    132. 

  132. 				if ($settings['users']['unique'] != "global") {
    133. 

  133. 					//unique username per domain (not globally unique across system - example: email address)
    134. 

  134. 					$sql .= "and domain_uuid = :domain_uuid ";
    135. 

  135. 					$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
    136. 

  136. 				}
    137. 

  137. 				$sql .= "and (user_type = 'default' or user_type is null) ";
    138. 

  138. 				$parameters['username'] = $_REQUEST['username'];
    139. 

  139. 				$database = new database;
    140. 

  140. 				$row = $database->select($sql, $parameters, 'row');
    141. 

  141. 				unset($parameters);
    142. 

  142. 

  143. 				//set class variables
    144. 

  144. 				//if (!empty($row["user_email"])) {
    145. 

  145. 				//	$this->user_uuid = $row['user_uuid'];
    146. 

  146. 				//	$this->user_email = $row['user_email'];
    147. 

  147. 				//	$this->contact_uuid = $row['contact_uuid'];
    148. 

  148. 				//}
    149. 

  149. 

  150. 				//set a few session variables
    151. 

  151. 				$_SESSION["user_uuid"] = $row['user_uuid'];
    152. 

  152. 				$_SESSION["username"] = $row['username'];
    153. 

  153. 				$_SESSION["user_email"] = $row['user_email'];
    154. 

  154. 				$_SESSION["contact_uuid"] = $row["contact_uuid"];
    155. 

  155. 

  156. 				//user not found
    157. 

  157. 				if (empty($row) || !is_array($row) || @sizeof($row) == 0) {
    158. 

  158. 					//clear submitted usernames
    159. 

  159. 					unset($this->username, $_SESSION['username'], $_REQUEST['username'], $_POST['username']);
    160. 

  160. 

  161. 					//clear authentication session
    162. 

  162. 					unset($_SESSION['authentication']);
    163. 

  163. 

  164. 					//build the result array
    165. 

  165. 					$result["plugin"] = "email";
    166. 

  166. 					$result["domain_uuid"] = $_SESSION["domain_uuid"];
    167. 

  167. 					$result["domain_name"] = $_SESSION["domain_name"];
    168. 

  168. 					$result["authorized"] = false;
    169. 

  169. 

  170. 					//retun the array
    171. 

  171. 					return $result;
    172. 

  172. 				}
    173. 

  173. 

  174. 				//user email not found
    175. 

  175. 				else if (empty($row["user_email"])) {
    176. 

  176. 					//clear submitted usernames
    177. 

  177. 					unset($this->username, $_SESSION['username'], $_REQUEST['username'], $_POST['username']);
    178. 

  178. 

  179. 					//clear authentication session
    180. 

  180. 					unset($_SESSION['authentication']);
    181. 

  181. 

  182. 					//build the result array
    183. 

  183. 					$result["plugin"] = "email";
    184. 

  184. 					$result["domain_name"] = $_SESSION["domain_name"];
    185. 

  185. 					$result["username"] = $_REQUEST['username'];
    186. 

  186. 					$result["user_uuid"] = $_SESSION["user_uuid"];
    187. 

  187. 					$result["domain_uuid"] = $_SESSION["domain_uuid"];
    188. 

  188. 					$result["contact_uuid"] = $_SESSION["contact_uuid"];
    189. 

  189. 					$result["authorized"] = false;
    190. 

  190. 

  191. 					//add the failed login to user logs
    192. 

  192. 					user_logs::add($result);
    193. 

  193. 

  194. 					//return the array
    195. 

  195. 					return $result;
    196. 

  196. 				}
    197. 

  197. 

  198. 				//authentication code
    199. 

  199. 				$_SESSION["user"]["authentication"]["email"]["code"] = generate_password(6, 1);
    200. 

  200. 				$_SESSION["user"]["authentication"]["email"]["epoch"] = time();
    201. 

  201. 

  202. 				//$_SESSION["authentication_address"] = $_SERVER['REMOTE_ADDR'];
    203. 

  203. 				//$_SESSION["authentication_date"] = 'now()';
    204. 

  204. 

  205. 				//set the authentication code
    206. 

  206. 				//$sql = "update v_users \n";
    207. 

  207. 				//$sql .= "set auth_code = :auth_code \n";
    208. 

  208. 				//$sql .= "where user_uuid = :user_uuid;";
    209. 

  209. 				//$parameters['auth_code'] = $auth_code_hash;
    210. 

  210. 				//$parameters['user_uuid'] = $this->user_uuid;
    211. 

  211. 				//$database->execute($sql, $parameters);
    212. 

  212. 				//unset($sql);
    213. 

  213. 

  214. 				//email settings
    215. 

  215. 				//$email_address = $this->user_email;
    216. 

  216. 				//$email_subject = 'Validation Code';
    217. 

  217. 				//$email_body = 'Validation Code: '.$authentication_code;
    218. 

  218. 

  219. 				//send email with the authentication_code
    220. 

  220. 				//ob_start();
    221. 

  221. 				//$sent = !send_email($email_address, $email_subject, $email_body, $email_error, null, null, 3, 3) ? false : true;
    222. 

  222. 				//$response = ob_get_clean();
    223. 

  223. 

  224. 				//get the language code
    225. 

  225. 				$language_code = $_SESSION['domain']['language']['code'];
    226. 

  226. 

  227. 				//get the email template from the database
    228. 

  228. 				$sql = "select template_subject, template_body ";
    229. 

  229. 				$sql .= "from v_email_templates ";
    230. 

  230. 				$sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";
    231. 

  231. 				$sql .= "and template_language = :template_language ";
    232. 

  232. 				$sql .= "and template_category = :template_category ";
    233. 

  233. 				$sql .= "and template_subcategory = :template_subcategory ";
    234. 

  234. 				$sql .= "and template_type = :template_type ";
    235. 

  235. 				$sql .= "and template_enabled = 'true' ";
    236. 

  236. 				$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
    237. 

  237. 				$parameters['template_language'] = $language_code;
    238. 

  238. 				$parameters['template_category'] = 'authentication';
    239. 

  239. 				$parameters['template_subcategory'] = 'email';
    240. 

  240. 				$parameters['template_type'] = 'html';
    241. 

  241. 				$database = new database;
    242. 

  242. 				$row = $database->select($sql, $parameters, 'row');
    243. 

  243. 				$email_subject = $row['template_subject'];
    244. 

  244. 				$email_body = $row['template_body'];
    245. 

  245. 				unset($sql, $parameters, $row);
    246. 

  246. 

  247. 				//replace variables in email subject
    248. 

  248. 				$email_subject = str_replace('${domain_name}', $_SESSION["domain_name"], $email_subject);
    249. 

  249. 

  250. 				//replace variables in email body
    251. 

  251. 				$email_body = str_replace('${domain_name}', $_SESSION["domain_name"], $email_body);
    252. 

  252. 				$email_body = str_replace('${auth_code}', $_SESSION["user"]["authentication"]["email"]["code"], $email_body);
    253. 

  253. 

  254. 				//get the email from name and address
    255. 

  255. 				$email_from_address = $_SESSION['email']['smtp_from']['text'];
    256. 

  256. 				$email_from_name = $_SESSION['email']['smtp_from_name']['text'];
    257. 

  257. 

  258. 				//get the email send mode options: direct or email_queue
    259. 

  259. 				$email_send_mode = $_SESSION['authentication']['email_send_mode']['text'] ?? 'email_queue';
    260. 

  260. 

  261. 				//send the email
    262. 

  262. 				if ($email_send_mode == 'email_queue') {
    263. 

  263. 					//set the variables
    264. 

  264. 					$email_queue_uuid = uuid();
    265. 

  265. 					$email_uuid = uuid();
    266. 

  266. 					$hostname = gethostname();
    267. 

  267. 

  268. 					//add the temporary permissions
    269. 

  269. 					$p = new permissions;
    270. 

  270. 					$p->add("email_queue_add", 'temp');
    271. 

  271. 					$p->add("email_queue_edit", 'temp');
    272. 

  272. 

  273. 					$array['email_queue'][0]["email_queue_uuid"] = $email_queue_uuid;
    274. 

  274. 					$array['email_queue'][0]["domain_uuid"] = $_SESSION["domain_uuid"];
    275. 

  275. 					$array['email_queue'][0]["hostname"] = $hostname;
    276. 

  276. 					$array['email_queue'][0]["email_date"] = 'now()';
    277. 

  277. 					$array['email_queue'][0]["email_from"] = $email_from_address;
    278. 

  278. 					$array['email_queue'][0]["email_to"] = $_SESSION["user_email"];
    279. 

  279. 					$array['email_queue'][0]["email_subject"] = $email_subject;
    280. 

  280. 					$array['email_queue'][0]["email_body"] = $email_body;
    281. 

  281. 					$array['email_queue'][0]["email_status"] = 'waiting';
    282. 

  282. 					$array['email_queue'][0]["email_retry_count"] = 3;
    283. 

  283. 					$array['email_queue'][0]["email_uuid"] = $email_uuid;
    284. 

  284. 					$array['email_queue'][0]["email_action_before"] = null;
    285. 

  285. 					$array['email_queue'][0]["email_action_after"] = null;
    286. 

  286. 					$database = new database;
    287. 

  287. 					$database->app_name = 'email queue';
    288. 

  288. 					$database->app_uuid = '5befdf60-a242-445f-91b3-2e9ee3e0ddf7';
    289. 

  289. 					$database->save($array);
    290. 

  290. 					$err = $database->message;
    291. 

  291. 					unset($array);
    292. 

  292. 

  293. 					//remove the temporary permission
    294. 

  294. 					$p->delete("email_queue_add", 'temp');
    295. 

  295. 					$p->delete("email_queue_edit", 'temp');
    296. 

  296. 				}
    297. 

  297. 				else {
    298. 

  298. 					//send email - direct
    299. 

  299. 					$email = new email;
    300. 

  300. 					$email->recipients = $_SESSION["user_email"];
    301. 

  301. 					$email->subject = $email_subject;
    302. 

  302. 					$email->body = $email_body;
    303. 

  303. 					$email->from_address = $email_from_address;
    304. 

  304. 					$email->from_name = $email_from_name;
    305. 

  305. 					//$email->attachments = $email_attachments;
    306. 

  306. 					$email->debug_level = 0;
    307. 

  307. 					$email->method = 'direct';
    308. 

  308. 					$sent = $email->send();
    309. 

  309. 				}
    310. 

  310. 

  311. 				//debug informations
    312. 

  312. 				//$email_response = $email->response;
    313. 

  313. 				//$email_error = $email->email_error;
    314. 

  314. 				//echo $email_response."<br />\n";
    315. 

  315. 				//echo $email_error."<br />\n";
    316. 

  316. 

  317. 				//set a default template
    318. 

  318. 				$_SESSION['domain']['template']['name'] = 'default';
    319. 

  319. 				$_SESSION['theme']['menu_brand_image']['text'] = PROJECT_PATH.'/themes/default/images/logo.png';
    320. 

  320. 				$_SESSION['theme']['menu_brand_type']['text'] = 'image';
    321. 

  321. 

  322. 				//get the domain
    323. 

  323. 				$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
    324. 

  324. 				$domain_name = $domain_array[0];
    325. 

  325. 

  326. 				//temp directory
    327. 

  327. 				$_SESSION['server']['temp']['dir'] = '/tmp';
    328. 

  328. 

  329. 				//create token
    330. 

  330. 				//$object = new token;
    331. 

  331. 				//$token = $object->create('login');
    332. 

  332. 

  333. 				//add multi-lingual support
    334. 

  334. 				$language = new text;
    335. 

  335. 				$text = $language->get(null, '/core/authentication');
    336. 

  336. 

  337. 				//initialize a template object
    338. 

  338. 				$view = new template();
    339. 

  339. 				$view->engine = 'smarty';
    340. 

  340. 				$view->template_dir = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/core/authentication/resources/views/';
    341. 

  341. 				$view->cache_dir = $_SESSION['server']['temp']['dir'];
    342. 

  342. 				$view->init();
    343. 

  343. 

  344. 				//assign default values to the template
    345. 

  345. 				$view->assign("project_path", PROJECT_PATH);
    346. 

  346. 				$view->assign("login_destination_url", $settings['login']['destination']);
    347. 

  347. 				$view->assign("favicon", $settings['theme']['favicon']);
    348. 

  348. 				$view->assign("login_title", $text['label-verify']);
    349. 

  349. 				$view->assign("login_email_description", $text['label-email_description']);
    350. 

  350. 				$view->assign("login_authentication_code", $text['label-authentication_code']);
    351. 

  351. 				$view->assign("login_logo_width", $settings['theme']['login_logo_width']);
    352. 

  352. 				$view->assign("login_logo_height", $settings['theme']['login_logo_height']);
    353. 

  353. 				$view->assign("login_logo_source", $settings['theme']['logo']);
    354. 

  354. 				$view->assign("button_verify", $text['label-verify']);
    355. 

  355. 				$view->assign("message_delay", $settings['theme']['message_delay']);
    356. 

  356. 				if (!empty($_SESSION['username'])) {
    357. 

  357. 					$view->assign("username", $_SESSION['username']);
    358. 

  358. 					$view->assign("button_cancel", $text['button-cancel']);
    359. 

  359. 				}
    360. 

  360. 

  361. 				//messages
    362. 

  362. 				$view->assign('messages', message::html(true, '		'));
    363. 

  363. 

  364. 				//show the views
    365. 

  365. 				$content = $view->render('email.htm');
    366. 

  366. 				echo $content;
    367. 

  367. 				exit;
    368. 

  368. 			}
    369. 

  369. 

  370. 		//if authorized then verify
    371. 

  371. 			if (isset($_POST['authentication_code'])) {
    372. 

  372. 

  373. 				//check if the authentication code has expired. if expired return false
    374. 

  374. 				if (!empty($_SESSION["user"]) && $_SESSION["user"]["authentication"]["email"]["epoch"] + 3 > time()) {
    375. 

  375. 					//authentication code expired
    376. 

  376. 					$result["plugin"] = "email";
    377. 

  377. 					$result["domain_name"] = $_SESSION["domain_name"];
    378. 

  378. 					$result["username"] = $_SESSION["username"];
    379. 

  379. 					$result["error_message"] = 'code expired';
    380. 

  380. 					$result["authorized"] = false;
    381. 

  381. 					print_r($result);
    382. 

  382. 					return $result;
    383. 

  383. 					exit;
    384. 

  384. 				}
    385. 

  385. 

  386. 				//get the user details
    387. 

  387. 				$sql = "select user_uuid, user_email, contact_uuid\n";
    388. 

  388. 				$sql .= "from v_users\n";
    389. 

  389. 				$sql .= "where (\n";
    390. 

  390. 				$sql .= "	username = :username\n";
    391. 

  391. 				$sql .= "	or user_email = :username\n";
    392. 

  392. 				$sql .= ")\n";
    393. 

  393. 				if ($settings['users']['unique'] != "global") {
    394. 

  394. 					//unique username per domain (not globally unique across system - example: email address)
    395. 

  395. 					$sql .= "and domain_uuid = :domain_uuid ";
    396. 

  396. 					$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
    397. 

  397. 				}
    398. 

  398. 				$parameters['username'] = $_SESSION["username"];
    399. 

  399. 				$database = new database;
    400. 

  400. 				$row = $database->select($sql, $parameters, 'row');
    401. 

  401. 				$this->user_uuid = $row['user_uuid'];
    402. 

  402. 				$this->user_email = $row['user_email'];
    403. 

  403. 				$this->contact_uuid = $row['contact_uuid'];
    404. 

  404. 				unset($parameters);
    405. 

  405. 				/*
    406. 

  406. 				echo 'session code = '.$_SESSION["user"]["authentication"]["email"]["code"].'<br>';
    407. 

  407. 				echo 'post code = '.$_POST['authentication_code'].'<br>';
    408. 

  408. 				exit;
    409. 

  409. 				*/
    410. 

  410. 

  411. 				//validate the code
    412. 

  412. 				if (!empty($_SESSION["user"]) && $_SESSION["user"]["authentication"]["email"]["code"] === $_POST['authentication_code']) {
    413. 

  413. 					$auth_valid = true;
    414. 

  414. 				}
    415. 

  415. 				else {
    416. 

  416. 					$auth_valid = false;
    417. 

  417. 				}
    418. 

  418. 

  419. 				//clear posted authentication code
    420. 

  420. 				unset($_POST['authentication_code']);
    421. 

  421. 

  422. 				//get the user details
    423. 

  423. 				if ($auth_valid) {
    424. 

  424. 					//get user data from the database
    425. 

  425. 					$sql = "select user_uuid, username, user_email, contact_uuid from v_users ";
    426. 

  426. 					$sql .= "where user_uuid = :user_uuid ";
    427. 

  427. 					if ($settings['users']['unique'] != "global") {
    428. 

  428. 						//unique username per domain (not globally unique across system - example: email address)
    429. 

  429. 						$sql .= "and domain_uuid = :domain_uuid ";
    430. 

  430. 						$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
    431. 

  431. 					}
    432. 

  432. 					$parameters['user_uuid'] = $_SESSION["user_uuid"];
    433. 

  433. 					$database = new database;
    434. 

  434. 					$row = $database->select($sql, $parameters, 'row');
    435. 

  435. 					unset($parameters);
    436. 

  436. 

  437. 					//set a few session variables
    438. 

  438. 					//$_SESSION["username"] = $row['username']; //setting the username makes it skip the rest of the authentication
    439. 

  439. 					//$_SESSION["user_email"] = $row['user_email'];
    440. 

  440. 					//$_SESSION["contact_uuid"] = $row["contact_uuid"];
    441. 

  441. 				}
    442. 

  442. 				else {
    443. 

  443. // 					//destroy session
    444. 

  444. // 					session_unset();
    445. 

  445. // 					session_destroy();
    446. 

  446. // 					//$_SESSION['authentication']['plugin']
    447. 

  447. // 					//send http 403
    448. 

  448. // 					header('HTTP/1.0 403 Forbidden', true, 403);
    449. 

  449. //
    450. 

  450. // 					//redirect to the root of the website
    451. 

  451. // 					header("Location: ".PROJECT_PATH."/");
    452. 

  452. //
    453. 

  453. // 					//exit the code
    454. 

  454. // 					exit();
    455. 

  455. 

  456. 					//clear submitted usernames
    457. 

  457. 					unset($this->username, $_SESSION['username'], $_REQUEST['username'], $_POST['username']);
    458. 

  458. 

  459. 					//clear authentication session
    460. 

  460. 					unset($_SESSION['authentication']);
    461. 

  461. 

  462. 				}
    463. 

  463. 

  464. 				/*
    465. 

  465. 				//check if user successfully logged in during the interval
    466. 

  466. 					//$sql = "select user_log_uuid, timestamp, user_name, user_agent, remote_address ";
    467. 

  467. 					$sql = "select count(*) as count ";
    468. 

  468. 					$sql .= "from v_user_logs ";
    469. 

  469. 					$sql .= "where domain_uuid = :domain_uuid ";
    470. 

  470. 					$sql .= "and user_uuid = :user_uuid ";
    471. 

  471. 					$sql .= "and user_agent = :user_agent ";
    472. 

  472. 					$sql .= "and type = 'login' ";
    473. 

  473. 					$sql .= "and result = 'success' ";
    474. 

  474. 					$sql .= "and floor(extract(epoch from now()) - extract(epoch from timestamp)) > 3 ";
    475. 

  475. 					$sql .= "and floor(extract(epoch from now()) - extract(epoch from timestamp)) < 300 ";
    476. 

  476. 					$parameters['domain_uuid'] = $this->domain_uuid;
    477. 

  477. 					$parameters['user_uuid'] = $this->user_uuid;
    478. 

  478. 					$parameters['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
    479. 

  479. 					$database = new database;
    480. 

  480. 					$user_log_count = $database->select($sql, $parameters, 'all');
    481. 

  481. 					//view_array($user_log_count);
    482. 

  482. 					unset($sql, $parameters);
    483. 

  483. 				*/
    484. 

  484. 

  485. 				//result array
    486. 

  486. 				$result["plugin"] = "email";
    487. 

  487. 				$result["domain_name"] = $_SESSION["domain_name"];
    488. 

  488. 				$result["username"] = $_SESSION["username"];
    489. 

  489. 				$result["user_uuid"] = $_SESSION["user_uuid"];
    490. 

  490. 				$result["domain_uuid"] = $_SESSION["domain_uuid"];
    491. 

  491. 				$result["contact_uuid"] = $_SESSION["contact_uuid"];
    492. 

  492. 				$result["authorized"] = $auth_valid ? true : false;
    493. 

  493. 

  494. 				//add the failed login to user logs
    495. 

  495. 				if (!$auth_valid) {
    496. 

  496. 					user_logs::add($result);
    497. 

  497. 				}
    498. 

  498. 

  499. 				//retun the array
    500. 

  500. 				return $result;
    501. 

  501. 

  502. 				//$_SESSION['authentication']['plugin']['email']['plugin'] = "email";
    503. 

  503. 				//$_SESSION['authentication']['plugin']['email']['domain_name'] = $_SESSION["domain_name"];
    504. 

  504. 				//$_SESSION['authentication']['plugin']['email']['username'] = $row['username'];
    505. 

  505. 				//$_SESSION['authentication']['plugin']['email']['user_uuid'] = $_SESSION["user_uuid"];
    506. 

  506. 				//$_SESSION['authentication']['plugin']['email']['contact_uuid'] = $_SESSION["contact_uuid"];
    507. 

  507. 				//$_SESSION['authentication']['plugin']['email']['domain_uuid'] =  $_SESSION["domain_uuid"];
    508. 

  508. 				//$_SESSION['authentication']['plugin']['email']['authorized'] = $auth_valid ? true : false;
    509. 

  509. 			}
    510. 

  510. 

  511. 	}
    512. 

  512. }
    513. 

  513. 

  514. ?>
    515.