gitlabFork/ISPConfig3.git - Solinfo Gitblit

Fixed #3979 Mailbox users unable to save autoresponders

Till Brehm

2016-07-24 b9a3ef486ebcde18a5ade37865ff8f397185d24f

commit \| author \| age
11b3da	1	<?php
T	2
	3	/*
b79c5b	4	Copyright (c) 2005 - 2015, Till Brehm, ISPConfig UG
11b3da	5	All rights reserved.
T	6
	7	Redistribution and use in source and binary forms, with or without modification,
	8	are permitted provided that the following conditions are met:
	9
	10	* Redistributions of source code must retain the above copyright notice,
	11	this list of conditions and the following disclaimer.
	12	* Redistributions in binary form must reproduce the above copyright notice,
	13	this list of conditions and the following disclaimer in the documentation
	14	and/or other materials provided with the distribution.
	15	* Neither the name of ISPConfig nor the names of its contributors
	16	may be used to endorse or promote products derived from this software without
	17	specific prior written permission.
	18
	19	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
	20	ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
	21	WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	22	IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	23	INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
	24	BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	25	DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
	26	OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
	27	NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
	28	EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	29	*/
	30
b79c5b	31	require_once '../../lib/config.inc.php';
TB	32	require_once '../../lib/app.inc.php';
11b3da	33
b79c5b	34	// Check if we have an active users ession and no login_as.
TB	35	if($_SESSION['s']['user']['active'] == 1 && @$_POST['login_as'] != 1) {
	36	header('Location: /index.php');
	37	die();
	38	}
11b3da	39
b79c5b	40	$app->uses('tpl');
TB	41	$app->tpl->newTemplate('main_login.tpl.htm');
	42	$app->tpl->setInclude('content_tpl', 'templates/index.htm');
816e7e	43
b79c5b	44	$error = '';
816e7e	45
b79c5b	46	$app->load_language_file('web/login/lib/lang/'.$conf["language"].'.lng');
816e7e	47
b79c5b	48	// Maintenance mode
TB	49	$maintenance_mode = false;
	50	$maintenance_mode_error = '';
	51	$app->uses('ini_parser,getconf');
	52	$server_config_array = $app->getconf->get_global_config('misc');
	53	if($server_config_array['maintenance_mode'] == 'y'){
	54	$maintenance_mode = true;
	55	$maintenance_mode_error = $app->lng('error_maintenance_mode');
	56	}
816e7e	57
b79c5b	58	//* Login Form was sent
TB	59	if(count($_POST) > 0) {
816e7e	60
b79c5b	61	//** Check variables
TB	62	if(!preg_match("/^[\w\.\-\_\@]{1,128}$/", $_POST['username'])) $error = $app->lng('user_regex_error');
dc67af	63	if(!preg_match("/^.{1,256}$/i", $_POST['password'])) $error = $app->lng('pw_error_length');
816e7e	64
b79c5b	65	//** importing variables
TB	66	$ip = ip2long($_SERVER['REMOTE_ADDR']);
	67	$username = $_POST['username'];
	68	$password = $_POST['password'];
	69	$loginAs = false;
	70	$time = time();
816e7e	71
b79c5b	72	if($username != '' && $password != '' && $error == '') {
TB	73	/*
	74	* Check, if there is a "login as" instead of a "normal" login
	75	*/
	76	if (isset($_SESSION['s']['user']) && $_SESSION['s']['user']['active'] == 1){
	77	/*
	78	* only the admin or reseller can "login as" so if the user is NOT an admin or reseller, we
	79	* open the startpage (after killing the old session), so the user
	80	* is logout and has to start again!
	81	*/
	82	if ($_SESSION['s']['user']['typ'] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {
11b3da	83	/*
b79c5b	84	* The actual user is NOT a admin or reseller, but maybe he
TB	85	* has logged in as "normal" user before...
11b3da	86	*/
b79c5b	87
TB	88	if (isset($_SESSION['s_old'])&& ($_SESSION['s_old']['user']['typ'] == 'admin' \|\| $app->auth->has_clients($_SESSION['s_old']['user']['userid']))){
	89	/* The "old" user is admin or reseller, so everything is ok
	90	* if he is reseller, we need to check if he logs in to one of his clients
11b3da	91	*/
b79c5b	92	if($_SESSION['s_old']['user']['typ'] != 'admin') {
c6f36f	93
b79c5b	94	/* this is the one currently logged in (normal user) */
TB	95	$old_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
	96	$old_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $old_client_group_id);
c6f36f	97
b79c5b	98	/* this is the reseller, that shall be re-logged in */
cc7a82	99	$sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?";
b79c5b	100	$tmp = $app->db->queryOneRecord($sql, $username, $password);
TB	101	$client_group_id = $app->functions->intval($tmp['default_group']);
	102	$tmp_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
c6f36f	103
b79c5b	104	if(!$tmp_client \|\| $old_client["parent_client_id"] != $tmp_client["client_id"] \|\| $tmp["default_group"] != $_SESSION["s_old"]["user"]["default_group"] ) {
TB	105	die("You don't have the right to 'login as' this user!");
c6f36f	106	}
b79c5b	107	unset($old_client);
c6f36f	108	unset($tmp_client);
b79c5b	109	unset($tmp);
11b3da	110	}
T	111	}
	112	else {
b79c5b	113	die("You don't have the right to 'login as'!");
11b3da	114	}
b79c5b	115	} elseif($_SESSION['s']['user']['typ'] != 'admin' && (!isset($_SESSION['s_old']['user']) \|\| $_SESSION['s_old']['user']['typ'] != 'admin')) {
TB	116	/* a reseller wants to 'login as', we need to check if he is allowed to */
	117	$res_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
	118	$res_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $res_client_group_id);
	119
	120	/* this is the user the reseller wants to 'login as' */
	121	$sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?";
	122	$tmp = $app->db->queryOneRecord($sql, $username, $password);
	123	$tmp_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $tmp["default_group"]);
	124
	125	if(!$tmp \|\| $tmp_client["parent_client_id"] != $res_client["client_id"]) {
	126	die("You don't have the right to login as this user!");
	127	}
	128	unset($res_client);
	129	unset($tmp);
	130	unset($tmp_client);
	131	}
	132	$loginAs = true;
	133
	134	} else {
	135	/* normal login */
	136	$loginAs = false;
	137	}
	138
	139	//* Check if there are already wrong logins
	140	$sql = "SELECT * FROM `attempts_login` WHERE `ip`= ? AND `login_time` > (NOW() - INTERVAL 1 MINUTE) LIMIT 1";
	141	$alreadyfailed = $app->db->queryOneRecord($sql, $ip);
	142
	143	//* too many failedlogins
	144	if($alreadyfailed['times'] > 5) {
	145	$error = $app->lng('error_user_too_many_logins');
	146	} else {
11b3da	147
b79c5b	148	if ($loginAs){
TB	149	$sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?";
	150	$user = $app->db->queryOneRecord($sql, $username, $password);
	151	} else {
	152
	153	if(stristr($username, '@')) {
	154	//* mailuser login
	155	$sql = "SELECT * FROM mail_user WHERE login = ? or email = ?";
	156	$mailuser = $app->db->queryOneRecord($sql, $username, $username);
	157	$user = false;
	158	if($mailuser) {
	159	$saved_password = stripslashes($mailuser['password']);
	160	//* Check if mailuser password is correct
a4f0db	161	if(crypt(stripslashes($password), $saved_password) == $saved_password) {
6c9798	162	//* Get the sys_user language of the client of the mailuser
TB	163	$sys_user_lang = $app->db->queryOneRecord("SELECT language FROM sys_user WHERE default_group = ?", $mailuser['sys_groupid'] );
	164
b79c5b	165	//* we build a fake user here which has access to the mailuser module only and userid 0
TB	166	$user = array();
	167	$user['userid'] = 0;
	168	$user['active'] = 1;
	169	$user['startmodule'] = 'mailuser';
	170	$user['modules'] = 'mailuser';
	171	$user['typ'] = 'user';
	172	$user['email'] = $mailuser['email'];
	173	$user['username'] = $username;
6c9798	174	if(is_array($sys_user_lang) && $sys_user_lang['language'] != '') {
TB	175	$user['language'] = $sys_user_lang['language'];
	176	} else {
	177	$user['language'] = $conf['language'];
	178	}
b79c5b	179	$user['theme'] = $conf['theme'];
TB	180	$user['app_theme'] = $conf['theme'];
	181	$user['mailuser_id'] = $mailuser['mailuser_id'];
	182	$user['default_group'] = $mailuser['sys_groupid'];
11b3da	183	}
T	184	}
b79c5b	185	} else {
TB	186	//* normal cp user login
	187	$sql = "SELECT * FROM sys_user WHERE USERNAME = ?";
	188	$user = $app->db->queryOneRecord($sql, $username);
7fe908	189	if($user) {
b79c5b	190	$saved_password = stripslashes($user['passwort']);
a4f0db	191	if(substr($saved_password, 0, 1) == '$') {
MB	192	//* The password is encrypted with crypt
	193	if(crypt(stripslashes($password), $saved_password) != $saved_password) {
b79c5b	194	$user = false;
11b3da	195	}
7fe908	196	} else {
a4f0db	197	//* The password is md5 encrypted
b79c5b	198	if(md5($password) != $saved_password) {
a4f0db	199	$user = false;
b79c5b	200	}
7fe908	201	}
MC	202	} else {
b79c5b	203	$user = false;
TB	204	}
	205	}
	206	}
	207
	208	if($user) {
	209	if($user['active'] == 1) {
	210	// Maintenance mode - allow logins only when maintenance mode is off or if the user is admin
	211	if(!$maintenance_mode \|\| $user['typ'] == 'admin'){
	212
	213	// User login right, so attempts can be deleted
	214	$sql = "DELETE FROM `attempts_login` WHERE `ip`=?";
	215	$app->db->query($sql, $ip);
	216	$user = $app->db->toLower($user);
	217
	218	if ($loginAs) $oldSession = $_SESSION['s'];
aae7dc	219
TB	220	// Session regenerate causes login problems on some systems, see Issue #3827
	221	// Set session_regenerate_id to no in security settings, it you encounter
	222	// this problem.
	223	$app->uses('getconf');
	224	$security_config = $app->getconf->get_security_config('permissions');
	225	if(isset($security_config['session_regenerate_id']) && $security_config['session_regenerate_id'] == 'yes') {
	226	if (!$loginAs) session_regenerate_id(true);
	227	}
b79c5b	228	$_SESSION = array();
TB	229	if ($loginAs) $_SESSION['s_old'] = $oldSession; // keep the way back!
	230	$_SESSION['s']['user'] = $user;
	231	$_SESSION['s']['user']['theme'] = isset($user['app_theme']) ? $user['app_theme'] : 'default';
	232	$_SESSION['s']['language'] = $user['language'];
	233	$_SESSION["s"]['theme'] = $_SESSION['s']['user']['theme'];
2be1de	234	if ($loginAs) $_SESSION['s']['plugin_cache'] = $_SESSION['s_old']['plugin_cache'];
b79c5b	235
b2ba0d	236	if(is_file(ISPC_WEB_PATH . '/' . $_SESSION['s']['user']['startmodule'].'/lib/module.conf.php')) {
MB	237	include_once ISPC_WEB_PATH . '/' . $_SESSION['s']['user']['startmodule'].'/lib/module.conf.php';
b79c5b	238	$menu_dir = ISPC_WEB_PATH.'/' . $_SESSION['s']['user']['startmodule'] . '/lib/menu.d';
TB	239	if (is_dir($menu_dir)) {
	240	if ($dh = opendir($menu_dir)) {
	241	//** Go through all files in the menu dir
	242	while (($file = readdir($dh)) !== false) {
	243	if ($file != '.' && $file != '..' && substr($file, -9, 9) == '.menu.php' && $file != 'dns_resync.menu.php') {
	244	include_once $menu_dir . '/' . $file;
	245	}
	246	}
	247	}
	248	}
	249	$_SESSION['s']['module'] = $module;
7fe908	250	}
b79c5b	251	// check if the user theme is valid
TB	252	if($_SESSION['s']['user']['theme'] != 'default') {
	253	$tmp_path = ISPC_THEMES_PATH."/".$_SESSION['s']['user']['theme'];
	254	if(!@is_dir($tmp_path) \|\| !@file_exists($tmp_path."/ispconfig_version") \|\| trim(file_get_contents($tmp_path."/ispconfig_version")) != ISPC_APP_VERSION) {
	255	// fall back to default theme if this one is not compatible with current ispc version
	256	$_SESSION['s']['user']['theme'] = 'default';
	257	$_SESSION['s']['theme'] = 'default';
	258	$_SESSION['show_error_msg'] = $app->lng('theme_not_compatible');
	259	}
	260	}
	261
	262	$app->plugin->raiseEvent('login', $this);
	263
	264	//* Save successfull login message to var
	265	$authlog = 'Successful login for user \''. $username .'\' from '. long2ip($ip) .' at '. date('Y-m-d H:i:s');
a8ccf6	266	$authlog_handle = fopen($conf['ispconfig_log_dir'].'/auth.log', 'a');
M	267	fwrite($authlog_handle, $authlog ."\n");
	268	fclose($authlog_handle);
b79c5b	269
TB	270	/*
	271	* We need LOGIN_REDIRECT instead of HEADER_REDIRECT to load the
	272	* new theme, if the logged-in user has another
	273	*/
	274
	275	if ($loginAs){
	276	echo 'LOGIN_REDIRECT:'.$_SESSION['s']['module']['startpage'];
	277	exit;
	278	} else {
648d51	279	header('Location: ../index.php');
b79c5b	280	die();
TB	281	}
7fe908	282	}
b79c5b	283	} else {
TB	284	$error = $app->lng('error_user_blocked');
7fe908	285	}
MC	286	} else {
b79c5b	287	if(!$alreadyfailed['times'] )
TB	288	{
	289	//* user login the first time wrong
	290	$sql = "INSERT INTO `attempts_login` (`ip`, `times`, `login_time`) VALUES (?, 1, NOW())";
	291	$app->db->query($sql, $ip);
	292	} elseif($alreadyfailed['times'] >= 1) {
	293	//* update times wrong
	294	$sql = "UPDATE `attempts_login` SET `times`=`times`+1, `login_time`=NOW() WHERE `ip` = ? AND `login_time` < NOW() ORDER BY `login_time` DESC LIMIT 1";
	295	$app->db->query($sql, $ip);
	296	}
	297	//* Incorrect login - Username and password incorrect
	298	$error = $app->lng('error_user_password_incorrect');
	299	if($app->db->errorMessage != '') $error .= '<br />'.$app->db->errorMessage != '';
816e7e	300
b79c5b	301	$app->plugin->raiseEvent('login_failed', $this);
TB	302	//* Save failed login message to var
	303	$authlog = 'Failed login for user \''. $username .'\' from '. long2ip($ip) .' at '. date('Y-m-d H:i:s');
	304	$authlog_handle = fopen($conf['ispconfig_log_dir'].'/auth.log', 'a');
	305	fwrite($authlog_handle, $authlog ."\n");
	306	fclose($authlog_handle);
7fe908	307	}
11b3da	308	}
0baace	309	} else {
b79c5b	310	//* Username or password empty
TB	311	if($error == '') $error = $app->lng('error_user_password_empty');
	312	$app->plugin->raiseEvent('login_empty', $this);
	313	}
	314	}
	315
	316	// Maintenance mode - show message when people try to log in and also when people are forcedly logged off
	317	if($maintenance_mode_error != '') $error = '<strong>'.$maintenance_mode_error.'</strong><br><br>'.$error;
	318	if($error != ''){
	319	$error = '<div class="box box_error">'.$error.'</div>';
	320	}
	321
	322	$app->load('getconf');
77f33e	323	$sys_config = $app->getconf->get_global_config('misc');
b79c5b	324
TB	325	$security_config = $app->getconf->get_security_config('permissions');
	326	if($security_config['password_reset_allowed'] == 'yes') {
	327	$app->tpl->setVar('pw_lost_show', 1);
	328	} else {
	329	$app->tpl->setVar('pw_lost_show', 0);
	330	}
0baace	331
b79c5b	332	$app->tpl->setVar('error', $error);
TB	333	$app->tpl->setVar('error_txt', $app->lng('error_txt'));
	334	$app->tpl->setVar('login_txt', $app->lng('login_txt'));
	335	$app->tpl->setVar('pw_lost_txt', $app->lng('pw_lost_txt'));
	336	$app->tpl->setVar('username_txt', $app->lng('username_txt'));
	337	$app->tpl->setVar('password_txt', $app->lng('password_txt'));
	338	$app->tpl->setVar('stay_logged_in_txt', $app->lng('stay_logged_in_txt'));
	339	$app->tpl->setVar('login_button_txt', $app->lng('login_button_txt'));
	340	$app->tpl->setVar('session_timeout', $server_config_array['session_timeout']);
	341	$app->tpl->setVar('session_allow_endless', $server_config_array['session_allow_endless']);
	342	//$app->tpl->setInclude('content_tpl', 'login/templates/index.htm');
	343	$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default');
	344	//die(isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default');
816e7e	345
b79c5b	346	// Logo
TB	347	$logo = $app->db->queryOneRecord("SELECT * FROM sys_ini WHERE sysini_id = 1");
	348	if($logo['custom_logo'] != ''){
	349	$base64_logo_txt = $logo['custom_logo'];
	350	} else {
	351	$base64_logo_txt = $logo['default_logo'];
	352	}
	353	$tmp_base64 = explode(',', $base64_logo_txt, 2);
	354	$logo_dimensions = $app->functions->getimagesizefromstring(base64_decode($tmp_base64[1]));
	355	$app->tpl->setVar('base64_logo_width', $logo_dimensions[0].'px');
	356	$app->tpl->setVar('base64_logo_height', $logo_dimensions[1].'px');
	357	$app->tpl->setVar('base64_logo_txt', $base64_logo_txt);
816e7e	358
b79c5b	359	// Title
0ab064	360	if (!empty($sys_config['company_name'])) {
FS	361	$app->tpl->setVar('company_name', $sys_config['company_name']. ' :: ');
	362	}
816e7e	363
904d8a	364	// Custom Login
FS	365	if ($sys_config['custom_login_text'] != '') {
	366	$custom_login = @($sys_config['custom_login_link'] != '')?'<a href="'.$sys_config['custom_login_link'].'" target="_blank">'.$sys_config['custom_login_text'].'</a>':$sys_config['custom_login_text'];
	367	}
	368	$app->tpl->setVar('custom_login', $custom_login);
	369
b79c5b	370	$app->tpl_defaults();
11b3da	371
b79c5b	372	$app->tpl->pparse();
11b3da	373
7fe908	374	?>