首页 发现 帮助
登录
fusionpbx
/
fusionpbx-framework
镜像自地址 https://github.com/fusionpbx/fusionpbx-framework.git
2
0
派生 0
文件 工单管理 0 Wiki
分支: patch-1
分支列表 标签列表
fusionpbx-frame...
/
core
/
authentication
/
resources
/
classes
/
plugins
/
database.php

database.php 3.2 KB
永久链接 文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115 
  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * plugin_database 
    5. 

  5.  *
    6. 

  6.  * @method validate uses authentication plugins to check if a user is authorized to login
    7. 

  7.  * @method get_domain used to get the domain name from the URL or username and then sets both domain_name and domain_uuid
    8. 

  8.  */
    9. 

  9. class plugin_database {
    10. 

  10. 

  11. 	/**
    12. 

  12. 	 * Define variables and their scope
    13. 

  13. 	 */
    14. 

  14. 	public $debug;
    15. 

  15. 	public $domain_name;
    16. 

  16. 	public $domain_uuid;
    17. 

  17. 	public $user_uuid;
    18. 

  18. 	public $contact_uuid;
    19. 

  19. 	public $username;
    20. 

  20. 	public $password;
    21. 

  21. 	public $key;
    22. 

  22. 

  23. 	/**
    24. 

  24. 	 * database checks the local database to authenticate the user or key
    25. 

  25. 	 * @return array [authorized] => true or false
    26. 

  26. 	 */
    27. 

  27. 	function database() {
    28. 

  28. 

  29. 		//set the default status
    30. 

  30. 			$user_authorized = false;
    31. 

  31. 

  32. 		//check the username and password if they don't match then redirect to the login
    33. 

  33. 			$sql = "select * from v_users ";
    34. 

  34. 			if (strlen($this->key) > 30) {
    35. 

  35. 				$sql .= "where api_key = :api_key ";
    36. 

  36. 				$parameters['api_key'] = $this->key;
    37. 

  37. 			}
    38. 

  38. 			else {
    39. 

  39. 				$sql .= "where lower(username) = lower(:username) ";
    40. 

  40. 				$parameters['username'] = $this->username;
    41. 

  41. 			}
    42. 

  42. 			if ($_SESSION["users"]["unique"]["text"] == "global") {
    43. 

  43. 				//unique username - global (example: email address)
    44. 

  44. 			}
    45. 

  45. 			else {
    46. 

  46. 				//unique username - per domain
    47. 

  47. 				$sql .= "and domain_uuid = :domain_uuid ";
    48. 

  48. 				$parameters['domain_uuid'] = $this->domain_uuid;
    49. 

  49. 			}
    50. 

  50. 			$sql .= "and (user_enabled = 'true' or user_enabled is null) ";
    51. 

  51. 			$database = new database;
    52. 

  52. 			$row = $database->select($sql, $parameters, 'row');
    53. 

  53. 			if (is_array($row) && @sizeof($row) != 0) {
    54. 

  54. 

  55. 				//get the domain uuid when users are unique globally
    56. 

  56. 					if ($_SESSION["users"]["unique"]["text"] == "global" && $row["domain_uuid"] != $this->domain_uuid) {
    57. 

  57. 						//set the domain_uuid
    58. 

  58. 							$this->domain_uuid = $row["domain_uuid"];
    59. 

  59. 							$this->domain_name = $_SESSION['domains'][$this->domain_uuid]['domain_name'];
    60. 

  60. 

  61. 						//set the domain session variables
    62. 

  62. 							$_SESSION["domain_uuid"] = $this->domain_uuid;
    63. 

  63. 							$_SESSION["domain_name"] = $this->domain_name;
    64. 

  64. 

  65. 						//set the setting arrays
    66. 

  66. 							$domain = new domains();
    67. 

  67. 							$domain->db = $db;
    68. 

  68. 							$domain->set();
    69. 

  69. 					}
    70. 

  70. 

  71. 				//set the user_uuid
    72. 

  72. 					$this->user_uuid = $row['user_uuid'];
    73. 

  73. 					$this->contact_uuid = $row['contact_uuid'];
    74. 

  74. 

  75. 				//if salt is not defined then use the default salt for backwards compatibility
    76. 

  76. 					if (strlen($row["salt"]) == 0) {
    77. 

  77. 						$row["salt"] = 'e3.7d.12';
    78. 

  78. 					}
    79. 

  79. 

  80. 				//compare the password provided by the user with the one in the database
    81. 

  81. 					if (md5($row["salt"].$this->password) == $row["password"]) {
    82. 

  82. 						$user_authorized = true;
    83. 

  83. 					}
    84. 

  84. 					else if (strlen($this->key) > 30 && $this->key == $row["api_key"]) {
    85. 

  85. 						$user_authorized = true;
    86. 

  86. 					}
    87. 

  87. 					else {
    88. 

  88. 						$user_authorized = false;
    89. 

  89. 					}
    90. 

  90. 

  91. 			}
    92. 

  92. 			unset($result);
    93. 

  93. 

  94. 		//result array
    95. 

  95. 			$result["plugin"] = "database";
    96. 

  96. 			$result["domain_name"] = $this->domain_name;
    97. 

  97. 			$result["username"] = $this->username;
    98. 

  98. 			if ($this->debug) {
    99. 

  99. 				$result["password"] = $this->password;
    100. 

  100. 			}
    101. 

  101. 			$result["user_uuid"] = $this->user_uuid;
    102. 

  102. 			$result["domain_uuid"] = $this->domain_uuid;
    103. 

  103. 			$result["contact_uuid"] = $this->contact_uuid;
    104. 

  104. 			$result["sql"] = $sql;
    105. 

  105. 			if ($user_authorized) {
    106. 

  106. 				$result["authorized"] = "true";
    107. 

  107. 			}
    108. 

  108. 			else {
    109. 

  109. 				$result["authorized"] = "false";
    110. 

  110. 			}
    111. 

  111. 			return $result;
    112. 

  112. 	}
    113. 

  113. }
    114. 

  114. 

  115. ?>
    116.