You cannot access this file

ERROR: You can\'t access this file directly!
'); } include_once($config['homedir'] . "/include/functions_profile.php"); enterprise_include ('include/auth/mysql.php'); $config["user_can_update_info"] = true; $config["user_can_update_password"] = true; $config["admin_can_add_user"] = true; $config["admin_can_delete_user"] = true; $config["admin_can_disable_user"] = false; //currently not implemented $config["admin_can_make_admin"] = true; /** * process_user_login accepts $login and $pass and handles it according to current authentication scheme * * @param string $login * @param string $pass * @param boolean $api * * @return mixed False in case of error or invalid credentials, the username in case it's correct. */ function process_user_login ($login, $pass, $api = false) { global $config, $mysql_cache; // Always authenticate admins against the local database if (strtolower ($config["auth"]) == 'mysql' || is_user_admin ($login)) { return process_user_login_local ($login, $pass, $api); } else { $login_remote = process_user_login_remote ($login, $pass, $api); if ($login_remote == false && $config['fallback_local_auth'] == '1') { return process_user_login_local ($login, $pass, $api); } else { return $login_remote; } } return false; } function process_user_login_local ($login, $pass, $api = false) { global $config, $mysql_cache; // Connect to Database switch ($config["dbtype"]) { case "mysql": if (!$api) { $sql = sprintf ("SELECT `id_user`, `password` FROM `tusuario` WHERE `id_user` = '%s' AND `not_login` = 0 AND `disabled` = 0", $login); } else { $sql = sprintf ("SELECT `id_user`, `password` FROM `tusuario` WHERE `id_user` = '%s' AND `disabled` = 0", $login); } break; case "postgresql": if (!$api) { $sql = sprintf ('SELECT "id_user", "password" FROM "tusuario" WHERE "id_user" = \'%s\' AND "not_login" = 0 AND "disabled" = 0', $login); } else { $sql = sprintf ('SELECT "id_user", "password" FROM "tusuario" WHERE "id_user" = \'%s\' AND "disabled" = 0', $login); } break; case "oracle": if (!$api) { $sql = sprintf ('SELECT id_user, password FROM tusuario WHERE id_user = \'%s\' AND not_login = 0 AND disabled = 0', $login); } else { $sql = sprintf ('SELECT id_user, password FROM tusuario WHERE id_user = \'%s\' AND disabled = 0', $login); } break; } $row = db_get_row_sql ($sql); //Check that row exists, that password is not empty and that password is the same hash if ($row !== false && $row["password"] !== md5 ("") && $row["password"] == md5 ($pass)) { // Login OK // Nick could be uppercase or lowercase (select in MySQL // is not case sensitive) // We get DB nick to put in PHP Session variable, // to avoid problems with case-sensitive usernames. // Thanks to David Muñiz for Bug discovery :) return $row["id_user"]; } else { if (!user_can_login($login)) { $mysql_cache["auth_error"] = "User only can use the API."; $config["auth_error"] = "User only can use the API."; } else { $mysql_cache["auth_error"] = "User not found in database or incorrect password"; $config["auth_error"] = "User not found in database or incorrect password"; } } return false; } function process_user_login_remote ($login, $pass, $api = false) { global $config, $mysql_cache; // Remote authentication switch ($config["auth"]) { // LDAP case 'ldap': if (ldap_process_user_login ($login, $pass) === false) { $config["auth_error"] = "User not found in database or incorrect password"; return false; } break; // Active Directory case 'ad': if (enterprise_hook ('ad_process_user_login', array ($login, $pass)) === false) { $config["auth_error"] = "User not found in database or incorrect password"; return false; } break; // Remote Pandora FMS case 'pandora': if (enterprise_hook ('remote_pandora_process_user_login', array ($login, $pass)) === false) { $config["auth_error"] = "User not found in database or incorrect password"; return false; } break; // Remote Babel Enterprise case 'babel': if (enterprise_hook ('remote_babel_process_user_login', array ($login, $pass)) === false) { $config["auth_error"] = "User not found in database or incorrect password"; return false; } break; // Remote Integria case 'integria': if (enterprise_hook ('remote_integria_process_user_login', array ($login, $pass)) === false) { $config["auth_error"] = "User not found in database or incorrect password"; return false; } break; // Unknown authentication method default: $config["auth_error"] = "User not found in database or incorrect password"; return false; break; } // Authentication ok, check if the user exists in the local database if (is_user ($login)) { if (!user_can_login($login)) { return false; } if (($config["auth"] === 'ad') && (isset($config['ad_advanced_config']) && $config['ad_advanced_config'])) { $return = enterprise_hook ('prepare_permissions_groups_of_user_ad', array ($login, $pass, false, true, defined('METACONSOLE'))); if ($return === "error_permissions") { $config["auth_error"] = __("Problems with configuration permissions. Please contact with Administrator"); return false; } else { if ($return === "permissions_changed") { $config["auth_error"] = __("Your permissions have changed. Please, login again."); return false; } } } return $login; } // The user does not exist and can not be created if ($config['autocreate_remote_users'] == 0 || is_user_blacklisted ($login)) { $config["auth_error"] = __("Ooops User not found in database or incorrect password"); return false; } if ($config["auth"] === 'ad' && (isset($config['ad_advanced_config']) && $config['ad_advanced_config'])) { if ( defined('METACONSOLE') ) { enterprise_include_once('include/functions_metaconsole.php'); enterprise_include_once ('meta/include/functions_groups_meta.php'); $return = groups_meta_synchronizing(); if ($return["group_create_err"] > 0 || $return["group_update_err"] > 0) { $config["auth_error"] = __('Fail the group synchronizing'); return false; } $return = meta_tags_synchronizing(); if ($return['tag_create_err'] > 0 || $return['tag_update_err'] > 0) { $config["auth_error"] = __('Fail the tag synchronizing'); return false; } } // Create the user if (enterprise_hook ('prepare_permissions_groups_of_user_ad', array($login, $pass, array ('fullname' => $login, 'comments' => 'Imported from ' . $config['auth']), false, defined('METACONSOLE'))) === false) { $config["auth_error"] = __("User not found in database or incorrect password"); return false; } } else { $user_info = array ('fullname' => $login, 'comments' => 'Imported from ' . $config['auth']); if ( is_metaconsole() && $config["auth"] === 'ad') $user_info['metaconsole_access_node'] = $config['ad_adv_user_node']; // Create the user in the local database if (create_user ($login, $pass, $user_info ) === false) { $config["auth_error"] = __("User not found in database or incorrect password"); return false; } profile_create_user_profile ($login, $config['default_remote_profile'], $config['default_remote_group'], false, $config['default_assign_tags']); //TODO: Check the creation in the nodes if ( is_metaconsole() ) { enterprise_include_once('include/functions_metaconsole.php'); enterprise_include_once ('meta/include/functions_groups_meta.php'); $return = groups_meta_synchronizing(); if ($return["group_create_err"] > 0 || $return["group_update_err"] > 0) { $config["auth_error"] = __('Fail the group synchronizing'); return false; } $return = meta_tags_synchronizing(); if ($return['tag_create_err'] > 0 || $return['tag_update_err'] > 0) { $config["auth_error"] = __('Fail the tag synchronizing'); return false; } $servers = metaconsole_get_servers(); foreach ($servers as $server) { $perfil_maestro = db_get_row('tperfil', 'id_perfil', $config['default_remote_profile']); if (metaconsole_connect($server) == NOERR ) { if (!profile_exist($perfil_maestro['name'])) { unset($perfil_maestro['id_perfil']); $id_profile = db_process_sql_insert('tperfil', $perfil_maestro); } else { $id_profile = db_get_value('id_perfil', 'tperfil', 'name', $perfil_maestro['name']); } if ($config["auth"] === 'ad') { unset($user_info['metaconsole_access_node']); $user_info['not_login'] = (int) !$config['ad_adv_user_node']; } if (create_user ($login, $pass, $user_info) === false) continue; profile_create_user_profile ($login, $id_profile, $config['default_remote_group'], false, $config['default_assign_tags']); } metaconsole_restore_db(); } } } return $login; } /** * Checks if a user is administrator. * * @param string User id. * * @return bool True is the user is admin */ function is_user_admin ($id_user) { $is_admin = (bool) db_get_value ('is_admin', 'tusuario', 'id_user', $id_user); return $is_admin; } /** * Get the user id field on a mixed structure. * * This function is needed to make auth system more compatible and independant. * * @param mixed User structure to get id. It might be a row returned from * tusuario or tusuario_perfil. If it's not a row, the int value is returned. * * @return int User id of the mixed parameter. */ function get_user_id ($user) { if (is_array ($user)) { if (isset ($user['id_user'])) return $user['id_user']; elseif (isset ($user['id_usuario'])) return $user['id_usuario']; else return false; } else { return $user; } } /** * Check is a user exists in the system * * @param mixed User id. * * @return bool True if the user exists. */ function is_user ($user) { $user = db_get_row('tusuario', 'id_user', get_user_id ($user)); if (! $user) return false; return true; } function user_can_login($user) { $not_login = db_get_value('not_login', 'tusuario', 'id_user', $user); if ($not_login != 0) { return false; } return true; } /** * Gets the users real name * * @param mixed User id. * * @return string The users full name */ function get_user_fullname ($user) { return (string) db_get_value ('fullname', 'tusuario', 'id_user', get_user_id ($user)); } /** * Gets the users email * * @param mixed User id. * * @return string The users email address */ function get_user_email ($user) { return (string) db_get_value ('email', 'tusuario', 'id_user', get_user_id ($user)); } /** * Gets a Users info * * @param mixed User id * * @return mixed An array of users */ function get_user_info ($user) { return db_get_row ("tusuario", "id_user", get_user_id ($user)); } /** * Get a list of all users in an array [username] => array (userinfo) * We can't simplify this because some auth schemes (like LDAP) automatically (or it's at least cheaper to) return all the information * Functions like get_user_info allow selection of specifics (in functions_db) * * @param string Field to order by (id_user, fullname or registered) * * @return array An array of user information */ function get_users ($order = "fullname", $filter = false, $fields = false) { if (is_array($order)) { $filter['order'] = $order['field'] . ' ' . $order['order']; } else { switch ($order) { case "registered": case "last_connect": case "fullname": break; default: $order = "fullname"; break; } $filter['order'] = $order." ASC"; } $output = array(); $result = db_get_all_rows_filter ("tusuario", $filter, $fields); if ($result !== false) { foreach ($result as $row) { $output[$row["id_user"]] = $row; } } return $output; } /** * Sets the last login for a user * * @param string User id */ function process_user_contact ($id_user) { return db_process_sql_update ("tusuario", array ("last_connect" => get_system_time ()), array ("id_user" => $id_user)); } /** * Create a new user * * @return bool false */ function create_user ($id_user, $password, $user_info) { $values = $user_info; $values["id_user"] = $id_user; $values["password"] = md5 ($password); $values["last_connect"] = 0; $values["registered"] = get_system_time (); return (@db_process_sql_insert ("tusuario", $values)) !== false; } /** * Save password history * * @return bool false */ function save_pass_history ($id_user, $password) { $values["id_user"] = $id_user; $values["password"] = md5 ($password); $values["date_begin"] = date ("Y/m/d H:i:s", get_system_time()); return (@db_process_sql_insert ("tpassword_history", $values)) !== false; } /** * Deletes the user * * @param string User id */ function delete_user ($id_user) { $result = db_process_sql_delete('tusuario_perfil', array('id_usuario' => $id_user)); if ($result === false) { return false; } $result = db_process_sql_delete('tusuario', array('id_user' => $id_user)); if ($result === false) { return false; } return true; } /** * Update the password in MD5 for user pass as id_user with * password in plain text. * * @param string user User ID * @param string password Password in plain text. * * @return mixed False in case of error or invalid values passed. Affected rows otherwise */ function update_user_password ($user, $password_new) { global $config; if (isset($config['auth']) && $config['auth'] == 'pandora') { $sql = sprintf("UPDATE tusuario SET password = '" . md5($password_new) . "', last_pass_change = '" . date("Y-m-d H:i:s", get_system_time()) . "' WHERE id_user = '" . $user . "'"); $connection = mysql_connect_db($config['rpandora_server'], $config['rpandora_dbname'], $config['rpandora_user'], $config['rpandora_pass']); $remote_pass_update = db_process_sql ($sql, 'affected_rows', $connection); if (!$remote_pass_update) { $config["auth_error"] = __('Could not changes password on remote pandora'); return false; } } return db_process_sql_update ('tusuario', array ('password' => md5 ($password_new), 'last_pass_change' => date ("Y/m/d H:i:s", get_system_time())), array ('id_user' => $user)); } /** * Update the data of a user that user is choose with * id_user. * * @param string user User ID * @param array values Associative array with index as name of field and content. * * @return mixed False in case of error or invalid values passed. Affected rows otherwise */ function update_user ($id_user, $values) { if (! is_array ($values)) return false; return db_process_sql_update ("tusuario", $values, array ("id_user" => $id_user)); } /** * Authenticate against an LDAP server. * * @param string User login * @param string User password (plain text) * * @return bool True if the login is correct, false in other case */ function ldap_process_user_login ($login, $password) { global $config; if (! function_exists ("ldap_connect")) { $config["auth_error"] = __('Your installation of PHP does not support LDAP'); return false; } // Connect to the LDAP server $ds = @ldap_connect ($config["ldap_server"], $config["ldap_port"]); if (!$ds) { $config["auth_error"] = 'Error connecting to LDAP server'; return false; } // Set the LDAP version ldap_set_option ($ds, LDAP_OPT_PROTOCOL_VERSION, $config["ldap_version"]); if ($config["ldap_start_tls"]) { if (!@ldap_start_tls ($ds)) { $config["auth_error"] = 'Could not start TLS for LDAP connection'; @ldap_close ($ds); return false; } } $ldap_login_attr = isset($config["ldap_login_attr"]) ? io_safe_output($config["ldap_login_attr"]) . "=" : ''; $ldap_base_dn = isset($config["ldap_base_dn"]) ? "," . io_safe_output($config["ldap_base_dn"]) : ''; if (strlen($password) == 0 || !@ldap_bind($ds, io_safe_output($login), $password) ) { $config["auth_error"] = 'User not found in database or incorrect password'; @ldap_close ($ds); return false; } @ldap_close ($ds); return true; } /** * Checks if a user is in the autocreate blacklist. * * @param string User * * @return bool True if the user is in the blacklist, false otherwise. */ function is_user_blacklisted ($user) { global $config; $blisted_users = explode (',', $config['autocreate_blacklist']); foreach ($blisted_users as $blisted_user) { if ($user == $blisted_user) { return true; } } return false; } //Reference the global use authorization error to last auth error. $config["auth_error"] = &$mysql_cache["auth_error"]; ?>