getSession('user', null); if (is_object($user) === false) { $user = json_decode($user, true); } if (!empty($user)) { self::$instance = new self(); foreach ($user as $k => $v) { self::$instance->{$k} = $v; } } else { self::$instance = new self(); } } return self::$instance; } public function jsonSerialize() { return get_object_vars($this); } public function saveLogin() { if ($this->logged) { $system = System::getInstance(); // hack to compatibility with pandora global $config; $config['id_user'] = $this->user; $system->setSessionBase('id_usuario', $this->user); $system->setSession('user', json_encode($this->jsonSerialize())); config_user_set_custom_config(); } } public function isLogged() { $system = System::getInstance(); $autologin = $system->getRequest('autologin', false); $auth_token = $_POST['auth_token']; if ($autologin !== false) { $user = $system->getRequest('user', null); $password = $system->getRequest('password', null); $this->login($user, $password); } else if (empty($auth_token) === false) { $this->login(null, null, $auth_token); } return $this->logged; } public function login($user=null, $password=null, $auth_token='') { global $config; $system = System::getInstance(); if (empty($auth_token) === false && (bool) $config['JWT_signature'] !== false) { $jwt = new JWTRepository($config['JWT_signature']); if ($jwt->setToken($auth_token) && $jwt->validate() ) { $this->logged = true; $this->user = $jwt->payload()->get('id_user'); $this->loginTime = time(); $this->errorLogin = false; $this->saveLogin(); } else { $this->logged = false; $this->errorLogin = __('Token invalid'); } return $this->logged; } if ($system->getConfig('auth', 'mysql') === 'saml') { if ((bool) $system->getRequest('saml', false) === true) { \enterprise_include_once('include/auth/saml.php'); $saml_user_id = enterprise_hook('saml_process_user_login'); if (!$saml_user_id) { $this->logged = false; $this->errorLogin = $system->getConfig('auth_error'); \enterprise_hook('saml_logout', [true]); } else { $this->logged = true; $this->user = $saml_user_id; $this->loginTime = time(); $this->errorLogin = false; } $this->saveLogin(); return $this->logged; } // Maybe back from SAML login. $saml_session = $system->getSession('samlid', null); if ($saml_session !== null) { $this->user = $system->getSession('id_usuario', null); if ($this->user !== null) { $this->loginTime = time(); $this->errorLogin = false; $this->logged = true; } else { // SAML Session OK but not in DB. $this->logged = false; $this->errorLogin = __( 'User cannot log in into this console, please contact administrator' ); } $this->saveLogin(); return $this->logged; } } if (($user == null) && ($password == null)) { $user = $system->getRequest('user', null); $password = $system->getRequest('password', null); } if (empty($user) === false && empty($password) === false ) { $user_in_db = db_get_row_filter( 'tusuario', ['id_user' => $user], '*' ); $this->logged = false; $this->loginTime = false; $this->errorLogin = true; $this->needDoubleAuth = false; $this->errorDoubleAuth = false; if ($user_in_db !== false) { if (((bool) $user_in_db['is_admin'] === false) && ((bool) $user_in_db['not_login'] === true || (is_metaconsole() === false && has_metaconsole() === true && is_management_allowed() === false && (bool) $user_in_db['metaconsole_access_node'] === false)) ) { $this->logged = false; $this->loginTime = false; $this->errorLogin = true; $this->needDoubleAuth = false; $this->errorDoubleAuth = false; } else { $user_proccess_login = process_user_login($user, $password); if ($user_proccess_login !== false) { $this->logged = true; $this->user = $user_proccess_login; $this->loginTime = time(); $this->errorLogin = false; // The user login was successful, but the second step is not completed. if ($this->isDobleAuthRequired()) { $this->needDoubleAuth = true; } } } } } $this->saveLogin(); return $this->logged; } public function getLoginTime() { return $this->loginTime; } public function isWaitingDoubleAuth() { return $this->needDoubleAuth; } public function isDobleAuthRequired($user=false) { if (empty($user) && !empty($this->user)) { $user = $this->user; } if (!empty($user)) { return (bool) db_get_value('id', 'tuser_double_auth', 'id_user', $user); } else { return false; } } public function validateDoubleAuthCode($user=null, $code=null) { if (!$this->needDoubleAuth) { return true; } $system = System::getInstance(); include_once $system->getConfig('homedir').'/include/auth/GAuth/Auth.php'; $result = false; if (empty($user)) { $user = $this->user; } if (empty($code)) { $code = $system->getRequest('auth_code', null); $code = $system->safeOutput($code); } if (!empty($user) && !empty($code)) { $secret = db_get_value('secret', 'tuser_double_auth', 'id_user', $user); if ($secret === false) { $result = false; $this->errorDoubleAuth = [ 'title_text' => __('Double authentication failed'), 'content_text' => __('Secret code not found').'. '.__('Please contact the administrator to reset your double authentication'), ]; } else if (!empty($secret)) { try { $gAuth = new \GAuth\Auth($secret); $result = $gAuth->validateCode($code); // Double auth success if ($result) { $this->needDoubleAuth = false; $this->saveLogin(); } else { $result = false; $this->errorDoubleAuth = [ 'title_text' => __('Double authentication failed'), 'content_text' => __('Invalid code'), ]; } } catch (Exception $e) { $result = false; $this->errorDoubleAuth = [ 'title_text' => __('Double authentication failed'), 'content_text' => __('There was an error checking the code'), ]; } } } return $result; } public function logout() { $system = System::getInstance(); if ($system->getConfig('auth', 'mysql') === 'saml') { \enterprise_include_once('include/auth/saml.php'); \enterprise_hook('saml_logout'); } $this->user = null; $this->logged = false; $this->loginTime = false; $this->errorLogin = false; $this->logout_action = true; $this->needDoubleAuth = false; $this->errorDoubleAuth = false; $system->setSession('user', null); $system->sessionDestroy(); } public function showLoginPage() { global $pandora_version; $ui = Ui::getInstance(); $system = System::getInstance(); $ui->createPage(); if ($this->errorLogin) { $options['type'] = 'onStart'; $options['title_text'] = __('Login Failed'); $options['content_text'] = __('User not found in database or incorrect password.'); $ui->addDialog($options); } if ($this->logout_action) { $options['dialog_id'] = 'logout_dialog'; $options['type'] = 'onStart'; $options['title_text'] = __('Login out'); $options['content_text'] = __('Your session has ended. Please close your browser window to close this %s session.', get_product_name()); $ui->addDialog($options); } $ui->createHeader(); $ui->showFooter(false); $ui->beginContent(); $ui->contentAddHtml( ' ' ); $logo_image = html_print_image( ui_get_mobile_login_icon(), true, [ 'alt' => 'logo', 'border' => 0, ], false, false, false, true ); $ui->contentAddHtml( '' ); $ui->contentAddHtml('
'); $ui->beginForm(''); $ui->formAddHtml(html_print_input_hidden('action', 'login', true)); $options = [ 'name' => 'user', 'value' => $this->user, 'placeholder' => __('user'), // 'autofocus' => 'autofocus', // 'label' => __('User'), ]; $ui->formAddInputText($options); $options = [ 'name' => 'password', 'value' => '', 'placeholder' => __('password'), // 'label' => __('Password'), 'required' => 'required', ]; $ui->formAddInputPassword($options); $spinner = ' '; $ui->formAddHtml($spinner); $options = [ 'value' => __('Login'), 'icon' => 'arrow-r', 'icon_pos' => 'right', 'name' => 'login_btn', ]; $ui->formAddSubmitButton($options); $ui->endForm(); if ($system->getConfig('auth', 'mysql') === 'saml') { // Add SAML login button. $ui->beginForm(''); $ui->formAddHtml( html_print_input_hidden('action', 'login', true) ); $ui->formAddHtml( html_print_input_hidden('saml', '1', true) ); $ui->formAddSubmitButton( [ 'value' => __('Login with SAML'), 'icon' => 'arrow-r', 'icon_pos' => 'right', 'name' => 'login_button_saml', ] ); $ui->endForm(''); } $ui->contentAddHtml('
'); $ui->contentAddHtml('
'.$pandora_version.'
'); $ui->endContent(); $ui->showPage(); $this->errorLogin = false; $this->logout_action = false; } public function showDoubleAuthPage() { global $pandora_version; $ui = Ui::getInstance(); $ui->createPage(); if (!empty($this->errorDoubleAuth)) { $options['type'] = 'onStart'; $options['title_text'] = $this->errorDoubleAuth['title_text']; $options['content_text'] = $this->errorDoubleAuth['content_text'].'
'; $ui->addDialog($options); } $left_button = $ui->createHeaderButton( [ 'icon' => 'ui-icon-back', 'pos' => 'left', 'text' => __('Logout'), 'href' => 'index.php?action=logout', 'class' => 'header-button-left ui-icon-back', ] ); $ui->createHeader('', $left_button); $ui->showFooter(false); $ui->beginContent(); $ui->contentAddHtml( ' ' ); $ui->contentAddHtml( '' ); $ui->contentAddHtml('
'); $ui->beginForm(); $ui->formAddHtml(html_print_input_hidden('action', 'double_auth', true)); $options = [ 'name' => 'auth_code', 'value' => '', 'placeholder' => __('Authenticator code'), 'autofocus' => 'autofocus', // 'label' => __('Authenticator code'), ]; $ui->formAddInputPassword($options); $options = [ 'value' => __('Check code'), 'icon' => 'arrow-r', 'icon_pos' => 'right', 'name' => 'auth_code_btn', ]; $ui->formAddSubmitButton($options); $ui->endForm(); $ui->contentAddHtml('
'); $ui->contentAddHtml('
'.$pandora_version.'
'); $ui->endContent(); $ui->showPage(); $this->errorDoubleAuth = false; } public function getIdUser() { return $this->user; // Oldies methods } public function isInGroup($access='AR', $id_group=0, $name_group=false) { return (bool) check_acl($this->user, $id_group, $access); } public function getIdGroups($access='AR', $all=false) { return array_keys(users_get_groups($this->user, $access, $all)); } public function getInfo() { return users_get_user_by_id($this->user); } }