2010-10-29 13:19:51 +00:00
|
|
|
<?php
|
2010-12-06 20:00:18 +00:00
|
|
|
/**
|
|
|
|
* Do authentication of users and session management
|
|
|
|
*
|
|
|
|
* @category DMS
|
2013-02-14 11:10:53 +00:00
|
|
|
* @package SeedDMS
|
2010-12-06 20:00:18 +00:00
|
|
|
* @license GPL 2
|
|
|
|
* @version @version@
|
|
|
|
* @author Markus Westphal, Malcolm Cowe, Uwe Steinmann <uwe@steinmann.cx>
|
|
|
|
* @copyright Copyright (C) 2002-2005 Markus Westphal,
|
|
|
|
* 2006-2008 Malcolm Cowe, 2010 Uwe Steinmann
|
|
|
|
* @version Release: @package_version@
|
|
|
|
*/
|
2010-10-29 13:19:51 +00:00
|
|
|
|
2016-01-29 15:48:21 +00:00
|
|
|
require_once("inc.ClassSession.php");
|
2016-03-04 08:40:49 +00:00
|
|
|
require_once("inc.ClassAccessOperation.php");
|
2016-01-29 15:48:21 +00:00
|
|
|
|
2014-03-21 07:07:18 +00:00
|
|
|
$refer = $_SERVER["REQUEST_URI"];
|
2010-10-29 13:19:51 +00:00
|
|
|
if (!strncmp("/op", $refer, 3)) {
|
|
|
|
$refer="";
|
2014-03-21 07:07:18 +00:00
|
|
|
} else {
|
|
|
|
$refer = urlencode($refer);
|
2010-10-29 13:19:51 +00:00
|
|
|
}
|
2016-08-22 15:00:52 +00:00
|
|
|
|
|
|
|
/* Check if this is a ajax call. In that case do not redirect to any page */
|
|
|
|
$isajax = isset($_GET['action']) && ($_GET['action'] != 'show');
|
|
|
|
|
2015-07-14 19:23:54 +00:00
|
|
|
if (!isset($_COOKIE["mydms_session"])) {
|
2016-01-29 15:48:21 +00:00
|
|
|
if($settings->_enableGuestLogin && $settings->_enableGuestAutoLogin) {
|
|
|
|
$session = new SeedDMS_Session($db);
|
|
|
|
if(!$dms_session = $session->create(array('userid'=>$settings->_guestID, 'theme'=>$settings->_theme, 'lang'=>$settings->_language))) {
|
2016-08-22 15:00:52 +00:00
|
|
|
if(!$isajax)
|
|
|
|
header("Location: " . $settings->_httpRoot . "out/out.Login.php?referuri=".$refer);
|
2016-01-29 15:48:21 +00:00
|
|
|
exit;
|
|
|
|
}
|
|
|
|
$resArr = $session->load($dms_session);
|
2016-02-02 09:02:13 +00:00
|
|
|
} elseif($settings->_autoLoginUser) {
|
2015-07-14 19:23:54 +00:00
|
|
|
if(!($user = $dms->getUser($settings->_autoLoginUser))/* || !$user->isGuest()*/) {
|
2016-08-22 15:00:52 +00:00
|
|
|
if(!$isajax)
|
|
|
|
header("Location: " . $settings->_httpRoot . "out/out.Login.php?referuri=".$refer);
|
2015-07-14 19:23:54 +00:00
|
|
|
exit;
|
|
|
|
}
|
|
|
|
$theme = $user->getTheme();
|
2020-11-16 15:55:56 +00:00
|
|
|
if (strlen($theme)==0 || !empty($settings->_overrideTheme)) {
|
2015-07-14 19:23:54 +00:00
|
|
|
$theme = $settings->_theme;
|
2020-11-16 15:55:56 +00:00
|
|
|
// $user->setTheme($theme);
|
2015-07-14 19:23:54 +00:00
|
|
|
}
|
|
|
|
$lang = $user->getLanguage();
|
|
|
|
if (strlen($lang)==0) {
|
|
|
|
$lang = $settings->_language;
|
|
|
|
$user->setLanguage($lang);
|
|
|
|
}
|
|
|
|
$session = new SeedDMS_Session($db);
|
2016-02-02 09:02:13 +00:00
|
|
|
if(!$dms_session = $session->create(array('userid'=>$user->getID(), 'theme'=>$theme, 'lang'=>$lang))) {
|
2016-08-22 15:00:52 +00:00
|
|
|
if(!$isajax)
|
|
|
|
header("Location: " . $settings->_httpRoot . "out/out.Login.php?referuri=".$refer);
|
2015-07-14 19:23:54 +00:00
|
|
|
exit;
|
|
|
|
}
|
2016-02-02 09:02:13 +00:00
|
|
|
$resArr = $session->load($dms_session);
|
2015-07-14 19:23:54 +00:00
|
|
|
} else {
|
2016-08-22 15:00:52 +00:00
|
|
|
if(!$isajax)
|
|
|
|
header("Location: " . $settings->_httpRoot . "out/out.Login.php?referuri=".$refer);
|
2015-07-14 19:23:54 +00:00
|
|
|
exit;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
/* Load session */
|
|
|
|
$dms_session = $_COOKIE["mydms_session"];
|
|
|
|
$session = new SeedDMS_Session($db);
|
|
|
|
if(!$resArr = $session->load($dms_session)) {
|
2020-05-26 12:51:58 +00:00
|
|
|
setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot); //delete cookie
|
2016-08-22 15:00:52 +00:00
|
|
|
if(!$isajax)
|
|
|
|
header("Location: " . $settings->_httpRoot . "out/out.Login.php?referuri=".$refer);
|
2015-07-14 19:23:54 +00:00
|
|
|
exit;
|
|
|
|
}
|
2016-02-02 09:02:13 +00:00
|
|
|
}
|
2010-10-29 13:19:51 +00:00
|
|
|
|
2016-02-02 09:02:13 +00:00
|
|
|
/* Update last access time */
|
2017-03-23 16:25:54 +00:00
|
|
|
if((int)$resArr['lastAccess']+60 < time())
|
|
|
|
$session->updateAccess($dms_session);
|
2014-05-22 04:37:56 +00:00
|
|
|
|
2016-02-02 09:02:13 +00:00
|
|
|
/* Load user data */
|
|
|
|
$user = $dms->getUser($resArr["userID"]);
|
|
|
|
if (!is_object($user)) {
|
2020-05-26 12:51:58 +00:00
|
|
|
setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot); //delete cookie
|
2016-08-22 15:00:52 +00:00
|
|
|
if(!$isajax)
|
|
|
|
header("Location: " . $settings->_httpRoot . "out/out.Login.php?referuri=".$refer);
|
2016-02-02 09:02:13 +00:00
|
|
|
exit;
|
|
|
|
}
|
2015-07-14 19:35:53 +00:00
|
|
|
|
2016-07-12 15:40:54 +00:00
|
|
|
$origuser = null;
|
2016-02-19 07:21:22 +00:00
|
|
|
if($resArr["su"] && $su = $dms->getUser($resArr["su"])) {
|
|
|
|
if($user->isAdmin() || $user->maySwitchToUser($su)) {
|
2016-07-12 15:40:54 +00:00
|
|
|
$origuser = $user;
|
2016-02-19 07:21:22 +00:00
|
|
|
$user = $su;
|
2016-02-02 09:02:13 +00:00
|
|
|
} else {
|
2016-11-17 15:00:08 +00:00
|
|
|
// $session->resetSu();
|
2013-04-19 06:44:51 +00:00
|
|
|
}
|
2010-10-29 13:19:51 +00:00
|
|
|
}
|
2016-02-02 09:02:13 +00:00
|
|
|
$theme = $resArr["theme"];
|
|
|
|
$lang = $resArr["language"];
|
2010-10-29 13:19:51 +00:00
|
|
|
|
2010-11-15 12:01:21 +00:00
|
|
|
$dms->setUser($user);
|
2020-12-18 09:08:30 +00:00
|
|
|
if($settings->_useHomeAsRootFolder && !$user->isAdmin() && $user->getHomeFolder()) {
|
|
|
|
$dms->checkWithinRootDir = true;
|
|
|
|
$dms->setRootFolderID($user->getHomeFolder());
|
|
|
|
}
|
2016-04-12 10:22:36 +00:00
|
|
|
$role = $user->getRole();
|
|
|
|
$dms->noReadForStatus = $role->getNoAccess();
|
2016-03-09 17:25:17 +00:00
|
|
|
|
2016-05-03 05:03:31 +00:00
|
|
|
/* Include additional language file for view
|
|
|
|
* This file must set $LANG[xx][]
|
2013-01-24 08:02:58 +00:00
|
|
|
*/
|
2015-07-14 19:23:54 +00:00
|
|
|
if(file_exists($settings->_rootDir . "view/".$theme."/languages/" . $lang . "/lang.inc")) {
|
|
|
|
include $settings->_rootDir . "view/".$theme."/languages/" . $lang . "/lang.inc";
|
2012-12-13 21:33:15 +00:00
|
|
|
}
|
2010-10-29 13:19:51 +00:00
|
|
|
|
2016-08-22 15:00:52 +00:00
|
|
|
/* if this is a ajax call, then exit early as the rest of the script is irrelevant */
|
|
|
|
if($isajax)
|
|
|
|
return;
|
|
|
|
|
2012-08-28 06:36:33 +00:00
|
|
|
/* Check if password needs to be changed because it expired. If it needs
|
|
|
|
* to be changed redirect to out/out.ForcePasswordChange.php. Do this
|
|
|
|
* check only if password expiration is turned on, we are not on the
|
2016-07-12 15:40:54 +00:00
|
|
|
* page to change the password or the page that changes the password, the
|
2023-03-29 18:57:48 +00:00
|
|
|
* current user is not admin, and no user substitution has occured. */
|
2012-08-28 06:36:33 +00:00
|
|
|
|
2016-07-12 15:40:54 +00:00
|
|
|
if (!$user->isAdmin() && $origuser == null) {
|
2012-08-28 06:36:33 +00:00
|
|
|
if($settings->_passwordExpiration > 0) {
|
2018-11-08 15:38:32 +00:00
|
|
|
if(basename($_SERVER['SCRIPT_NAME']) != 'out.ForcePasswordChange.php' && basename($_SERVER['SCRIPT_NAME']) != 'op.EditUserData.php' && basename($_SERVER['SCRIPT_NAME']) != 'op.Logout.php') {
|
2012-08-28 06:36:33 +00:00
|
|
|
$pwdexp = $user->getPwdExpiration();
|
2016-08-08 10:57:07 +00:00
|
|
|
if($pwdexp && substr($pwdexp, 0, 10) != '0000-00-00') {
|
2012-08-28 06:36:33 +00:00
|
|
|
$pwdexpts = strtotime($pwdexp); // + $pwdexp*86400;
|
|
|
|
if($pwdexpts > 0 && $pwdexpts < time()) {
|
|
|
|
header("Location: ../out/out.ForcePasswordChange.php");
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2014-03-06 10:32:45 +00:00
|
|
|
|
2016-07-12 15:40:54 +00:00
|
|
|
/* Check if secret is set for 2-factor authentication. Redirect to Setup2Factor.php
|
|
|
|
* if secret is not set and 2-factor authentication is turned on. Also check if
|
|
|
|
* already on the page Setup2Factor.php and no user substiation has occured.
|
|
|
|
*/
|
2018-03-27 11:43:56 +00:00
|
|
|
if($settings->_enable2FactorAuthentication && $settings->_guestID != $user->getID() && $settings->_autoLoginUser != $user->getID() && $origuser == null && $user->getSecret() == '') {
|
|
|
|
if(basename($_SERVER['SCRIPT_NAME']) != 'out.Setup2Factor.php' && basename($_SERVER['SCRIPT_NAME']) != 'op.Setup2Factor.php') {
|
2016-07-12 15:40:54 +00:00
|
|
|
header("Location: ../out/out.Setup2Factor.php");
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-03-06 10:32:45 +00:00
|
|
|
/* Update cookie lifetime */
|
|
|
|
if($settings->_cookieLifetime) {
|
|
|
|
$lifetime = time() + intval($settings->_cookieLifetime);
|
2021-07-07 07:46:29 +00:00
|
|
|
setcookie("mydms_session", $dms_session, $lifetime, $settings->_httpRoot, null, false, true);
|
2014-03-06 10:32:45 +00:00
|
|
|
}
|