debug("Starting user load for " . $name); if (empty($name) || empty($password)) { return false; } $input_hash = $password; $passwordEncrypted = false; if (!empty($PARAMS) && isset($PARAMS['passwordEncrypted']) && $PARAMS['passwordEncrypted']) { $passwordEncrypted = true; }// if if (!$passwordEncrypted) { $input_hash = SugarAuthenticate::encodePassword($password); } // if $user_id = $this->authenticateUser($name, $input_hash, $fallback); if (empty($user_id)) { $GLOBALS['log']->fatal('SECURITY: User authentication for ' . $name . ' failed'); return false; } $this->loadUserOnSession($user_id); return true; } /** * Loads the current user bassed on the given user_id * * @param STRING $user_id * @return boolean */ public function loadUserOnSession($user_id = '') { if (!empty($user_id)) { $_SESSION['authenticated_user_id'] = $user_id; } if (!empty($_SESSION['authenticated_user_id']) || !empty($user_id)) { $GLOBALS['current_user'] = BeanFactory::newBean('Users'); if ($GLOBALS['current_user']->retrieve($_SESSION['authenticated_user_id'])) { return true; } } return false; } /** * @return bool */ public function isUserNeedFactorAuthentication() { global $current_user; $ret = false; if ($current_user->factor_auth) { $ret = true; } return $ret; } /** * @return bool */ public function isUserFactorAuthenticated() { $ret = true; if (!isset($_SESSION['user_factor_authenticated']) || !$_SESSION['user_factor_authenticated']) { $ret = false; } return $ret; } /** * @return bool */ public function isUserFactorTokenReceived() { $ret = false; if (isset($_REQUEST['factor_token'])) { $ret = true; } return $ret; } public function factorAuthenticateCheck() { if ($_SESSION['user_factor_authenticated'] || $_REQUEST['factor_token'] == $_SESSION['factor_token']) { $_SESSION['user_factor_authenticated'] = true; } else { $_SESSION['user_factor_authenticated'] = false; } return $_SESSION['user_factor_authenticated']; } /** * @global User $current_user */ public function showFactorTokenInput() { global $current_user; $GLOBALS['log']->debug('Redirect to factor token input.....'); $factory = new FactorAuthFactory(); $factorAuth = $factory->getFactorAuth(); if (!$factorAuth->validateTokenMessage()) { $msg = 'Factor Authentication message is invalid.'; $GLOBALS['log']->warn($msg); global $app_strings; SugarApplication::appendErrorMessage($app_strings['ERR_FACTOR_TPL_INVALID']); SugarAuthenticate::addFactorMessage($app_strings['ERR_FACTOR_TPL_INVALID']); $factorAuth->showTokenInput(); } else { $factorAuth->showTokenInput(); } die(); } /** * @return bool */ public function isFactorTokenSent() { $ret = false; if (isset($_SESSION['factor_token']) && $_SESSION['factor_token']) { $ret = true; } return $ret; } /** * @return bool */ public function sendFactorTokenToUser() { global $current_user, $sugar_config; $ret = true; $min = 10000; $max = 99999; if (function_exists('random_int')) { $token = random_int($min, $max); } else { $token = mt_rand($min, $max); } $emailTemplate = BeanFactory::newBean('EmailTemplates'); $emailTemplateId = $sugar_config['passwordsetting']['factoremailtmpl']; $emailTemplate->retrieve($emailTemplateId); include_once __DIR__ . '/../../../../include/SugarPHPMailer.php'; $mailer = new SugarPHPMailer(); $mailer->setMailerForSystem(); $emailObj = BeanFactory::newBean('Emails'); $defaults = $emailObj->getSystemDefaultEmail(); $mailer->From = $defaults['email']; isValidEmailAddress($mailer->From); $mailer->FromName = $defaults['name']; $mailer->Subject = from_html($emailTemplate->subject); $mailer->Body = from_html($emailTemplate->body_html); $mailer->Body_html = from_html($emailTemplate->body_html); $mailer->AltBody = from_html($emailTemplate->body); $mailer->addAddress($current_user->email1, $current_user->full_name); $mailer->replace('code', $token); if (!$mailer->send()) { $ret = false; $GLOBALS['log']->fatal( 'Email sending for two factor email authentication via Email Code failed. Mailer Error Info: ' . $mailer->ErrorInfo ); } else { $ret = true; $GLOBALS['log']->debug( 'Token sent to user: ' . $current_user->id . ', token: ' . $token . ' so we store it in the session' ); $_SESSION['user_factor_authenticated'] = false; $_SESSION['factor_token'] = $token; } return $ret; } /** * */ public function redirectToLogout() { $GLOBALS['log']->debug('Session destroy and redirect to logout.....'); session_destroy(); header('Location: index.php?action=Logout&module=Users'); sugar_cleanup(true); die(); } /** * @return bool */ public function isUserLogoutRequest() { $logout = false; if ( isset($_REQUEST['module']) && $_REQUEST['module'] == 'Users' && isset($_REQUEST['action']) && $_REQUEST['action'] == 'Logout' ) { $logout = true; } return $logout; } /** * Has user has requested to resend the multi/2 factor token? * @return bool true === yes, false === no */ public function isUserRequestedResendToken() { return isset($_REQUEST['action']) && $_REQUEST['action'] === 'Resend'; } }