PageRenderTime 54ms CodeModel.GetById 28ms RepoModel.GetById 1ms app.codeStats 0ms

/modules/Users/authentication/EmailAuthenticate/EmailAuthenticateUser.php

https://github.com/yinhm/sugarcrm
PHP | 164 lines | 85 code | 28 blank | 51 comment | 22 complexity | 1fb65f7799d038da1b41f4f4ba15d9cb MD5 | raw file
Possible License(s): LGPL-2.1, MPL-2.0-no-copyleft-exception 
    

  1. <?php
    2. 

  2. if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
    3. 

  3. /*********************************************************************************
    4. 

  4.  * SugarCRM is a customer relationship management program developed by
    5. 

  5.  * SugarCRM, Inc. Copyright (C) 2004-2010 SugarCRM Inc.
    6. 

  6.  * 
    7. 

  7.  * This program is free software; you can redistribute it and/or modify it under
    8. 

  8.  * the terms of the GNU Affero General Public License version 3 as published by the
    9. 

  9.  * Free Software Foundation with the addition of the following permission added
    10. 

  10.  * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
    11. 

  11.  * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
    12. 

  12.  * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
    13. 

  13.  * 
    14. 

  14.  * This program is distributed in the hope that it will be useful, but WITHOUT
    15. 

  15.  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
    16. 

  16.  * FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
    17. 

  17.  * details.
    18. 

  18.  * 
    19. 

  19.  * You should have received a copy of the GNU Affero General Public License along with
    20. 

  20.  * this program; if not, see http://www.gnu.org/licenses or write to the Free
    21. 

  21.  * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
    22. 

  22.  * 02110-1301 USA.
    23. 

  23.  * 
    24. 

  24.  * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
    25. 

  25.  * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
    26. 

  26.  * 
    27. 

  27.  * The interactive user interfaces in modified source and object code versions
    28. 

  28.  * of this program must display Appropriate Legal Notices, as required under
    29. 

  29.  * Section 5 of the GNU Affero General Public License version 3.
    30. 

  30.  * 
    31. 

  31.  * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
    32. 

  32.  * these Appropriate Legal Notices must retain the display of the "Powered by
    33. 

  33.  * SugarCRM" logo. If the display of the logo is not reasonably feasible for
    34. 

  34.  * technical reasons, the Appropriate Legal Notices must display the words
    35. 

  35.  * "Powered by SugarCRM".
    36. 

  36.  ********************************************************************************/
    37. 

  37. 

  38. 

  39. 

  40. /**
    41. 

  41.  * This file is where the user authentication occurs. No redirection should happen in this file.
    42. 

  42.  *
    43. 

  43.  */
    44. 

  44. require_once('modules/Users/authentication/SugarAuthenticate/SugarAuthenticateUser.php');
    45. 

  45. class EmailAuthenticateUser extends SugarAuthenticateUser {
    46. 

  46.     var $passwordLength = 4;
    47. 

  47.     
    48. 

  48. 

  49.     /**
    50. 

  50. 	 * this is called when a user logs in 
    51. 

  51. 	 *
    52. 

  52. 	 * @param STRING $name
    53. 

  53. 	 * @param STRING $password
    54. 

  54. 	 * @return boolean
    55. 

  55. 	 */
    56. 

  56.     function loadUserOnLogin($name, $password) {
    57. 

  57.       
    58. 

  58.         global $login_error;
    59. 

  59.          
    60. 

  60.         $GLOBALS['log']->debug("Starting user load for ". $name);
    61. 

  61.         if(empty($name) || empty($password)) return false;
    62. 

  62.        
    63. 

  63.         if(empty($_SESSION['lastUserId'])){
    64. 

  64.             $user_hash = SugarAuthenticate::encodePassword($password);
    65. 

  65.             $user_id = $this->authenticateUser($name, $user_hash);
    66. 

  66.             if(empty($user_id)) {
    67. 

  67.                 $GLOBALS['log']->fatal('SECURITY: User authentication for '.$name.' failed');
    68. 

  68.                 return false;
    69. 

  69.             }
    70. 

  70.         }
    71. 

  71.         
    72. 

  72.         if(empty($_SESSION['emailAuthToken'])){
    73. 

  73.             $_SESSION['lastUserId'] = $user_id;
    74. 

  74.             $_SESSION['lastUserName'] = $name;
    75. 

  75.             $_SESSION['emailAuthToken'] = '';
    76. 

  76.             for($i = 0; $i < $this->passwordLength; $i++){
    77. 

  77.                 $_SESSION['emailAuthToken'] .= chr(mt_rand(48,90));
    78. 

  78.             }
    79. 

  79.             $_SESSION['emailAuthToken']  =  str_replace(array('<', '>'), array('#', '@'), $_SESSION['emailAuthToken']);
    80. 

  80.             $_SESSION['login_error'] = 'Please Enter Your User Name and Emailed Session Token';
    81. 

  81.             $this->sendEmailPassword($user_id, $_SESSION['emailAuthToken']);
    82. 

  82.             return false;
    83. 

  83.         }else{
    84. 

  84.             if(strcmp($name, $_SESSION['lastUserName']) == 0 && strcmp($password, $_SESSION['emailAuthToken']) == 0){
    85. 

  85.                 $this->loadUserOnSession($_SESSION['lastUserId']);
    86. 

  86.                 unset($_SESSION['lastUserId']);
    87. 

  87.                 unset($_SESSION['lastUserName']);
    88. 

  88.                 unset($_SESSION['emailAuthToken']);
    89. 

  89.                 return true;
    90. 

  90.             }
    91. 

  91.              
    92. 

  92.         }
    93. 

  93.         
    94. 

  94.          $_SESSION['login_error'] = 'Please Enter Your User Name and Emailed Session Token';
    95. 

  95.         return false;
    96. 

  96.     }
    97. 

  97.     
    98. 

  98.     
    99. 

  99.     /**
    100. 

  100.      * Sends the users password to the email address or sends 
    101. 

  101.      *
    102. 

  102.      * @param unknown_type $user_id
    103. 

  103.      * @param unknown_type $password
    104. 

  104.      */
    105. 

  105.     function sendEmailPassword($user_id, $password){
    106. 

  106. 	
    107. 

  107. 	    $result = $GLOBALS['db']->query("SELECT email1, email2, first_name, last_name FROM users WHERE id='$user_id'");
    108. 

  108. 	    $row = $GLOBALS['db']->fetchByAssoc($result);
    109. 

  109. 	   
    110. 

  110. 	    global $sugar_config;
    111. 

  111. 	    if(empty($row['email1']) && empty($row['email2'])){
    112. 

  112. 	       
    113. 

  113. 	        $_SESSION['login_error'] = 'Please contact an administrator to setup up your email address associated to this account';
    114. 

  114. 	       return;
    115. 

  115. 	    }
    116. 

  116. 	    
    117. 

  117. 	    require_once("include/SugarPHPMailer.php");
    118. 

  118. 		global $locale;
    119. 

  119.         $OBCharset = $locale->getPrecedentPreference('default_email_charset');
    120. 

  120.         $notify_mail = new SugarPHPMailer();
    121. 

  121. 		$notify_mail->CharSet = $sugar_config['default_charset'];
    122. 

  122. 		$notify_mail->AddAddress(((!empty($row['email1']))?$row['email1']: $row['email2']),$locale->translateCharsetMIME(trim($row['first_name'] . ' ' . $row['last_name']), 'UTF-8', $OBCharset));
    123. 

  123.     
    124. 

  124. 		if (empty($_SESSION['authenticated_user_language'])) {
    125. 

  125. 			$current_language = $sugar_config['default_language'];
    126. 

  126. 		}
    127. 

  127. 		else {
    128. 

  128. 			$current_language = $_SESSION['authenticated_user_language'];
    129. 

  129. 		}
    130. 

  130.         $mail_settings = new Administration();
    131. 

  131.         $mail_settings->retrieveSettings('mail');
    132. 

  132. 	
    133. 

  133. 

  134. 		        $notify_mail->Subject = 'Sugar Token';
    135. 

  135. 				$notify_mail->Body = 'Your sugar session authentication token  is: ' . $password;
    136. 

  136. 				if ($mail_settings->settings['mail_sendtype'] == "SMTP") {
    137. 

  137. 					$notify_mail->Mailer = "smtp";
    138. 

  138. 					$notify_mail->Host = $mail_settings->settings['mail_smtpserver'];
    139. 

  139. 					$notify_mail->Port = $mail_settings->settings['mail_smtpport'];
    140. 

  140. 					if ($mail_settings->settings['mail_smtpauth_req']) {
    141. 

  141. 						$notify_mail->SMTPAuth = TRUE;
    142. 

  142. 						$notify_mail->Username = $mail_settings->settings['mail_smtpuser'];
    143. 

  143. 						$notify_mail->Password = $mail_settings->settings['mail_smtppass'];
    144. 

  144. 					}
    145. 

  145. 				}
    146. 

  146. 

  147. 				$notify_mail->From = 'no-reply@sugarcrm.com';
    148. 

  148. 				$notify_mail->FromName = 'Sugar Authentication';
    149. 

  149. 

  150. 				if(!$notify_mail->Send()) {
    151. 

  151. 					$GLOBALS['log']->warn("Notifications: error sending e-mail (method: {$notify_mail->Mailer}), (error: {$notify_mail->ErrorInfo})");
    152. 

  152. 				}
    153. 

  153. 				else {
    154. 

  154. 					$GLOBALS['log']->info("Notifications: e-mail successfully sent");
    155. 

  155. 				}
    156. 

  156. 			
    157. 

  157. 			
    158. 

  158. 		
    159. 

  159. 	}
    160. 

  160.     
    161. 

  161. 

  162. }
    163. 

  163. 

  164. ?>
    165. 

  165.