88 $MESSAGE = LEPTON_core::getGlobal(
"MESSAGE");
90 if (NULL === self::$instance)
92 self::$instance = $this;
97 if (isset($config_array[
'USERS_TABLE']))
99 $this->USERS_TABLE = $config_array[
'USERS_TABLE'];
102 if (isset($config_array[
'GROUPS_TABLE']))
104 $this->GROUPS_TABLE = $config_array[
'GROUPS_TABLE'];
107 if (isset($config_array[
'USERNAME_FIELDNAME']))
109 $this->username_fieldname = $config_array[
'USERNAME_FIELDNAME'];
112 if (isset($config_array[
'PASSWORD_FIELDNAME']))
114 $this->password_fieldname = $config_array[
'PASSWORD_FIELDNAME'];
117 if (isset($config_array[
'MAX_ATTEMPTS']))
119 $this->max_attempts = $config_array[
'MAX_ATTEMPTS'];
122 if (isset($config_array[
'WARNING_URL']))
124 $this->warning_url = $config_array[
'WARNING_URL'];
127 if (isset($config_array[
'LOGIN_URL']))
129 $this->login_url = $config_array[
'LOGIN_URL'];
132 if (isset($config_array[
'TEMPLATE_DIR']))
134 $this->template_dir = $config_array[
'TEMPLATE_DIR'];
137 if (isset($config_array[
'TEMPLATE_FILE']))
139 $this->template_file = $config_array[
'TEMPLATE_FILE'];
142 if (isset($config_array[
'FRONTEND']))
144 $this->frontend = $config_array[
'FRONTEND'];
147 if (isset($config_array[
'frontend']))
149 $this->frontend = $config_array[
'frontend'];
152 if (isset($config_array[
'FORGOTTEN_DETAILS_APP']))
154 $this->forgotten_details_app = $config_array[
'FORGOTTEN_DETAILS_APP'];
157 if (isset($config_array[
'REDIRECT_URL']))
159 $this->redirect_url = $config_array[
'REDIRECT_URL'];
164 $sTempURL = ($_POST[
'redirect'] ??
"");
165 if( $sTempURL ==
"" )
167 $sTempURL = ( $_GET[
'redirect'] ??
"");
169 $this->redirect_url = htmlspecialchars(strip_tags($sTempURL,
""));
173 if ($this->get_post(
'username_fieldname') !=
null)
175 $username_fieldname = $this->get_post(
'username_fieldname');
176 $password_fieldname = $this->get_post(
'password_fieldname');
180 $username_fieldname =
'username';
181 $password_fieldname =
'password';
184 if ($this->get_post($username_fieldname) !=
null)
186 $this->username = htmlspecialchars($this->get_post($username_fieldname), ENT_QUOTES);
190 $this->username =
'';
193 $this->password = $this->get_post($password_fieldname) ??
"";
196 if ($this->get_post($username_fieldname) !=
null)
198 $this->username_len = strlen($this->username);
199 $this->password_len = strlen($this->password);
202 $this->url = $this->get_post(
'url') ??
"";
203 if ($this->redirect_url !=
'')
208 if (strlen($this->url) < 2)
210 $token = (!LEPTOKEN_LIFETIME) ?
'' :
'?leptoken=' . $this->createLepToken();
211 $this->url = ($config_array[
'DEFAULT_URL'] ??
"") . $token;
214 if ($this->is_authenticated() ===
true)
217 header(
'Location: '.$this->url);
220 elseif (($this->username ==
'') && ($this->password ==
''))
222 $this->message = $MESSAGE[
'LOGIN_BOTH_BLANK'];
225 elseif ($this->username ==
'')
227 $this->message = $MESSAGE[
'LOGIN_USERNAME_BLANK'];
230 elseif ($this->password ==
'')
232 $this->message = $MESSAGE[
'LOGIN_PASSWORD_BLANK'];
235 elseif ($this->username_len < $config_array[
'MIN_USERNAME_LEN'])
237 $this->message = $MESSAGE[
'LOGIN_USERNAME_TOO_SHORT'];
240 elseif ($this->password_len < $config_array[
'MIN_PASSWORD_LEN'])
242 $this->message = $MESSAGE[
'LOGIN_PASSWORD_TOO_SHORT'];
250 $token = (!LEPTOKEN_LIFETIME) ?
'' :
'?leptoken=' . $this->createLepToken();
255 $browser_fingerprint = hash( self::FINGERPRINT_HASH_ALGO, $_SERVER[
'HTTP_USER_AGENT'] );
256 $ip_fingerprint = hash(self::FINGERPRINT_HASH_ALGO, $_SERVER[
'REMOTE_ADDR'] );
261 'temp_time' => TIME()
268 "`temp_ip`='".$ip_fingerprint.
"' AND `temp_browser`='".$browser_fingerprint.
"'"
274 if (TFA ===
'local' && LEPTOKEN_LIFETIME > 0)
277 $oTFA->initialize(intval($_SESSION[
'USER_ID']));
279 if (isset($_REQUEST[
'redirect']))
281 if ($oTFA->key_new ===
true)
283 if (isset($_POST[
'submit']) )
285 $oTFA->set_fe_pin(
'create');
290 header(
'Location: '.LEPTON_URL.
'/account/logout.php');
296 if (isset($_POST[
'submit']))
298 $oTFA->display_fe_pin(
'display');
303 header(
'Location: '.LEPTON_URL.
'/account/logout.php');
310 if ($oTFA->key_new ===
true)
312 if (isset($_POST[
'submit']))
314 $oTFA->set_be_pin(
'create');
319 header(
'Location: '.ADMIN_URL.
'/logout/index.php');
325 if (!isset($_POST[
'lkey']))
327 $oTFA->display_be_pin(
'display');
332 header(
'Location: '.ADMIN_URL.
'/logout/index.php');
341 if (TFA ===
'mail' && LEPTOKEN_LIFETIME > 0)
344 $oTFA->initialize(intval($_SESSION[
'USER_ID']));
345 if(isset($_REQUEST[
'redirect']))
348 $oTFA->display_fe_pin(
'display');
353 if (!isset($_POST[
'lkey']) )
356 $oTFA->display_be_pin(
'display');
361 header(
'Location: '.ADMIN_URL.
'/logout/index.php');
369 header(
"Location: ".$this->url . $token);
374 $this->message = $MESSAGE[
'LOGIN_AUTHENTICATION_FAILED'];
390 $loginName = (preg_match(
'/[\;\=\&\|<> ]/', $this->username) ?
'' : $this->username);
393 'SELECT `password` FROM `'.$this->USERS_TABLE.
'` WHERE `username` = "'.$loginName.
'" AND `active` = 1',
399 if (!empty($results_array))
401 $check = password_verify($this->password,$results_array[
'password']);
407 $authenticated_user = [];
409 'SELECT * FROM `'.$this->USERS_TABLE.
'` WHERE `username` = "'.$loginName.
'" AND `active` = 1',
415 $this->user_id = intval($authenticated_user[
'user_id']);
416 $_SESSION[
'USER_ID'] =$this->user_id;
417 $_SESSION[
'GROUP_ID'] = $authenticated_user[
'group_id'];
418 $_SESSION[
'GROUPS_ID'] = $authenticated_user[
'groups_id'];
419 $_SESSION[
'USERNAME'] = $authenticated_user[
'username'];
420 $_SESSION[
'DISPLAY_NAME'] = $authenticated_user[
'display_name'];
421 $_SESSION[
'EMAIL'] = $authenticated_user[
'email'];
422 $_SESSION[
'HOME_FOLDER'] = $authenticated_user[
'home_folder'];
425 if ($authenticated_user[
'language'] !=
'')
427 $_SESSION[
'LANGUAGE'] = $authenticated_user[
'language'];
431 if ($authenticated_user[
'timezone_string'] !=
'')
433 $_SESSION[
'TIMEZONE_STRING'] = $authenticated_user[
'timezone_string'];
435 $timezone_string = ($_SESSION[
'TIMEZONE_STRING'] ?? DEFAULT_TIMEZONE_STRING);
436 date_default_timezone_set($timezone_string);
439 if ($authenticated_user[
'date_format'] !=
'')
441 $_SESSION[
'DATE_FORMAT'] = $authenticated_user[
'date_format'];
446 $_SESSION[
'USE_DEFAULT_DATE_FORMAT'] =
true;
449 if ($authenticated_user[
'time_format'] !=
'')
451 $_SESSION[
'TIME_FORMAT'] = $authenticated_user[
'time_format'];
456 $_SESSION[
'USE_DEFAULT_TIME_FORMAT'] =
true;
460 $_SESSION[
'SYSTEM_PERMISSIONS'] = [];
461 $_SESSION[
'MODULE_PERMISSIONS'] = [];
462 $_SESSION[
'TEMPLATE_PERMISSIONS'] = [];
463 $_SESSION[
'GROUP_NAME'] = [];
466 foreach (explode(
",", $this->get_session(
'GROUPS_ID')) as $cur_group_id)
468 $results_array_2 = [];
470 "SELECT * FROM ".$this->GROUPS_TABLE.
" WHERE group_id = ".$cur_group_id,
476 if (empty($results_array_2))
481 $_SESSION[
'GROUP_NAME'][$cur_group_id] = $results_array_2[
'name'];
484 $_SESSION[
'SYSTEM_PERMISSIONS'] = array_merge($_SESSION[
'SYSTEM_PERMISSIONS'], explode(
',', $results_array_2[
'system_permissions']));
489 $_SESSION[
'MODULE_PERMISSIONS'] = explode(
',', $results_array_2[
'module_permissions']);
493 $_SESSION[
'MODULE_PERMISSIONS'] = array_merge($_SESSION[
'MODULE_PERMISSIONS'], explode(
',', $results_array_2[
'module_permissions']));
499 $_SESSION[
'TEMPLATE_PERMISSIONS'] = explode(
',', $results_array_2[
'template_permissions']);
503 $_SESSION[
'TEMPLATE_PERMISSIONS'] = array_intersect($_SESSION[
'TEMPLATE_PERMISSIONS'], explode(
',', $results_array_2[
'template_permissions']));
505 $first_group =
false;
508 if (
false === $this->frontend)
511 $aTempGroups = explode(
",",$authenticated_user[
'groups_id']);
512 $bGotBackendAccess =
false;
513 foreach($aTempGroups as $tempGroupId)
515 $check_backend = intval(
$database->get_one(
"SELECT `backend_permission` FROM `".$this->GROUPS_TABLE.
"` WHERE `group_id` = ".$tempGroupId ) );
516 if( 1 === $check_backend)
518 $bGotBackendAccess =
true;
519 $_SESSION[
'SYSTEM_PERMISSIONS'][] =
"backend_permission";
523 if (
false === $bGotBackendAccess)
532 "login_when" => time(),
533 "login_ip" => $_SERVER[
'REMOTE_ADDR']
540 "user_id = ".$authenticated_user[
'user_id']