Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Check if there is a session, to avoid PHP warnings #165

Open
wants to merge 6 commits into from

2 participants

@CloCkWeRX

No description provided.

@CloCkWeRX

The relevant commit is 3acbd03

@Sugared
Collaborator

Hi CloCkWeRX,

thanks for submitting this pull request. Your fix in commit 3acbd03 looks like something we would like to use but we need 2 things from you before we can proceed:

  1. A bug entered into our bug portal ( http://bugs.sugarcrm.com/ ) with steps on how to reproduce the bug being solved for our QA team to track the issue. Please remember to reference your pull request in the bug
  2. A signed contribution agreement ( http://www.sugarforge.org/content/community/participate/agreement.html ) which you can scan, sign, and email back to me at eddy@sugarcrm.com

Once we get these we can pull in your commit.

thanks!

@CloCkWeRX

Hi.
In short, no.
My changes are GPL'd only, feel free to ignore them if that's not compatible with your additional licencing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Mar 25, 2013
  1. Whitespace, coding style cleanup

    Daniel O'Connor authored
  2. Whitespace, coding style cleanup

    Daniel O'Connor authored
  3. Whitespace, coding style cleanup

    Daniel O'Connor authored
Commits on Apr 15, 2013
  1. Check if there is a session, to avoid PHP warnings

    Daniel O'Connor authored
Commits on Apr 17, 2013
  1. Merge git://github.com/sugarcrm/sugarcrm_dev

    Daniel O'Connor authored
  2. Merge branch 'master' into fix_session_warning

    Daniel O'Connor authored
This page is out of date. Refresh to see the latest.
View
5 modules/Users/authentication/EmailAuthenticate/EmailAuthenticate.php
@@ -48,6 +48,7 @@
class EmailAuthenticate extends SugarAuthenticate {
var $userAuthenticateClass = 'EmailAuthenticateUser';
var $authenticationDir = 'EmailAuthenticate';
+
/**
* Constructs EmailAuthenticate
* This will load the user authentication class
@@ -55,8 +56,6 @@ class EmailAuthenticate extends SugarAuthenticate {
* @return EmailAuthenticate
*/
function EmailAuthenticate(){
-
parent::SugarAuthenticate();
}
-
-}
+}
View
60 modules/Users/authentication/EmailAuthenticate/EmailAuthenticateUser.php
@@ -48,12 +48,12 @@ class EmailAuthenticateUser extends SugarAuthenticateUser {
/**
- * this is called when a user logs in
- *
- * @param STRING $name
- * @param STRING $password
- * @return boolean
- */
+ * this is called when a user logs in
+ *
+ * @param STRING $name
+ * @param STRING $password
+ * @return boolean
+ */
function loadUserOnLogin($name, $password) {
global $login_error;
@@ -104,48 +104,40 @@ function loadUserOnLogin($name, $password) {
* @param unknown_type $password
*/
function sendEmailPassword($user_id, $password){
+ $result = $GLOBALS['db']->query("SELECT email1, email2, first_name, last_name FROM users WHERE id='$user_id'");
+ $row = $GLOBALS['db']->fetchByAssoc($result);
- $result = $GLOBALS['db']->query("SELECT email1, email2, first_name, last_name FROM users WHERE id='$user_id'");
- $row = $GLOBALS['db']->fetchByAssoc($result);
-
- global $sugar_config;
- if(empty($row['email1']) && empty($row['email2'])){
+ global $sugar_config;
+ if (empty($row['email1']) && empty($row['email2'])) {
- $_SESSION['login_error'] = 'Please contact an administrator to setup up your email address associated to this account';
- return;
- }
+ $_SESSION['login_error'] = 'Please contact an administrator to setup up your email address associated to this account';
+ return;
+ }
- require_once("include/SugarPHPMailer.php");
- global $locale;
+ require_once("include/SugarPHPMailer.php");
+ global $locale;
$OBCharset = $locale->getPrecedentPreference('default_email_charset');
$notify_mail = new SugarPHPMailer();
- $notify_mail->CharSet = $sugar_config['default_charset'];
- $notify_mail->AddAddress(((!empty($row['email1']))?$row['email1']: $row['email2']),$locale->translateCharsetMIME(trim($row['first_name'] . ' ' . $row['last_name']), 'UTF-8', $OBCharset));
-
- if (empty($_SESSION['authenticated_user_language'])) {
- $current_language = $sugar_config['default_language'];
- }
- else {
- $current_language = $_SESSION['authenticated_user_language'];
- }
+ $notify_mail->CharSet = $sugar_config['default_charset'];
+ $notify_mail->AddAddress(((!empty($row['email1']))?$row['email1']: $row['email2']),$locale->translateCharsetMIME(trim($row['first_name'] . ' ' . $row['last_name']), 'UTF-8', $OBCharset));
+
+ if (empty($_SESSION['authenticated_user_language'])) {
+ $current_language = $sugar_config['default_language'];
+ } else {
+ $current_language = $_SESSION['authenticated_user_language'];
+ }
$notify_mail->Subject = 'Sugar Token';
$notify_mail->Body = 'Your sugar session authentication token is: ' . $password;
$notify_mail->setMailerForSystem();
$notify_mail->From = 'no-reply@sugarcrm.com';
$notify_mail->FromName = 'Sugar Authentication';
- if(!$notify_mail->Send()) {
+ if (!$notify_mail->Send()) {
$GLOBALS['log']->warn("Notifications: error sending e-mail (method: {$notify_mail->Mailer}), (error: {$notify_mail->ErrorInfo})");
- }
- else {
+ } else {
$GLOBALS['log']->info("Notifications: e-mail successfully sent");
}
-
-
-
- }
+ }
}
-
-?>
View
5 modules/Users/authentication/SugarAuthenticate/SugarAuthenticate.php
@@ -314,7 +314,10 @@ function validateIP() {
*
*/
function logout(){
- session_destroy();
+ if (session_id()) {
+ session_destroy();
+ }
+
ob_clean();
header('Location: index.php?module=Users&action=Login');
sugar_cleanup(true);
View
182 modules/Users/authentication/SugarAuthenticate/SugarAuthenticateUser.php
@@ -42,94 +42,96 @@
* This file is where the user authentication occurs. No redirection should happen in this file.
*
*/
-class SugarAuthenticateUser{
-
- /**
- * Does the actual authentication of the user and returns an id that will be used
- * to load the current user (loadUserOnSession)
- *
- * @param STRING $name
- * @param STRING $password
- * @param STRING $fallback - is this authentication a fallback from a failed authentication
- * @return STRING id - used for loading the user
- */
- function authenticateUser($name, $password, $fallback=false)
- {
- $row = User::findUserPassword($name, $password, "(portal_only IS NULL OR portal_only !='1') AND (is_group IS NULL OR is_group !='1') AND status !='Inactive'");
+class SugarAuthenticateUser {
+
+ /**
+ * Does the actual authentication of the user and returns an id that will be used
+ * to load the current user (loadUserOnSession)
+ *
+ * @param STRING $name
+ * @param STRING $password
+ * @param STRING $fallback - is this authentication a fallback from a failed authentication
+ * @return STRING id - used for loading the user
+ */
+ function authenticateUser($name, $password, $fallback=false)
+ {
+ $row = User::findUserPassword($name, $password, "(portal_only IS NULL OR portal_only !='1') AND (is_group IS NULL OR is_group !='1') AND status !='Inactive'");
- // set the ID in the seed user. This can be used for retrieving the full user record later
- //if it's falling back on Sugar Authentication after the login failed on an external authentication return empty if the user has external_auth_disabled for them
- if (empty ($row) || !empty($row['external_auth_only'])) {
- return '';
- } else {
- return $row['id'];
- }
- }
- /**
- * Checks if a user is a sugarLogin user
- * which implies they should use the sugar authentication to login
- *
- * @param STRING $name
- * @param STRIUNG $password
- * @return boolean
- */
- function isSugarLogin($name, $password)
- {
- $row = User::findUserPassword($name, $password, "(portal_only IS NULL OR portal_only !='1') AND (is_group IS NULL OR is_group !='1') AND status !='Inactive' AND sugar_login=1");
- return !empty($row);
- }
-
- /**
- * this is called when a user logs in
- *
- * @param STRING $name
- * @param STRING $password
- * @param STRING $fallback - is this authentication a fallback from a failed authentication
- * @return boolean
- */
- function loadUserOnLogin($name, $password, $fallback = false, $PARAMS = array()) {
- global $login_error;
-
- $GLOBALS['log']->debug("Starting user load for ". $name);
- if(empty($name) || empty($password)) return false;
- $input_hash = $password;
- $passwordEncrypted = false;
- if (!empty($PARAMS) && isset($PARAMS['passwordEncrypted']) && $PARAMS['passwordEncrypted']) {
- $passwordEncrypted = true;
- }// if
- if (!$passwordEncrypted) {
- $input_hash = SugarAuthenticate::encodePassword($password);
- } // if
- $user_id = $this->authenticateUser($name, $input_hash, $fallback);
- if(empty($user_id)) {
- $GLOBALS['log']->fatal('SECURITY: User authentication for '.$name.' failed');
- return false;
- }
- $this->loadUserOnSession($user_id);
- return true;
- }
- /**
- * Loads the current user bassed on the given user_id
- *
- * @param STRING $user_id
- * @return boolean
- */
- function loadUserOnSession($user_id=''){
- if(!empty($user_id)){
- $_SESSION['authenticated_user_id'] = $user_id;
- }
-
- if(!empty($_SESSION['authenticated_user_id']) || !empty($user_id)){
- $GLOBALS['current_user'] = new User();
- if($GLOBALS['current_user']->retrieve($_SESSION['authenticated_user_id'])){
-
- return true;
- }
- }
- return false;
-
- }
-
-}
-
-?>
+ // set the ID in the seed user. This can be used for retrieving the full user record later
+ //if it's falling back on Sugar Authentication after the login failed on an external authentication return empty if the user has external_auth_disabled for them
+ if (empty ($row) || !empty($row['external_auth_only'])) {
+ return '';
+ }
+
+ return $row['id'];
+ }
+
+ /**
+ * Checks if a user is a sugarLogin user
+ * which implies they should use the sugar authentication to login
+ *
+ * @param STRING $name
+ * @param STRIUNG $password
+ * @return boolean
+ */
+ function isSugarLogin($name, $password)
+ {
+ $row = User::findUserPassword($name, $password, "(portal_only IS NULL OR portal_only !='1') AND (is_group IS NULL OR is_group !='1') AND status !='Inactive' AND sugar_login=1");
+ return !empty($row);
+ }
+
+ /**
+ * this is called when a user logs in
+ *
+ * @param STRING $name
+ * @param STRING $password
+ * @param STRING $fallback - is this authentication a fallback from a failed authentication
+ * @return boolean
+ */
+ function loadUserOnLogin($name, $password, $fallback = false, $PARAMS = array()) {
+ global $login_error;
+
+ $GLOBALS['log']->debug("Starting user load for ". $name);
+ if(empty($name) || empty($password)) return false;
+ $input_hash = $password;
+ $passwordEncrypted = false;
+ if (!empty($PARAMS) && isset($PARAMS['passwordEncrypted']) && $PARAMS['passwordEncrypted']) {
+ $passwordEncrypted = true;
+ }
+
+ if (!$passwordEncrypted) {
+ $input_hash = SugarAuthenticate::encodePassword($password);
+ }
+
+ $user_id = $this->authenticateUser($name, $input_hash, $fallback);
+ if (empty($user_id)) {
+ $GLOBALS['log']->fatal('SECURITY: User authentication for '.$name.' failed');
+ return false;
+ }
+
+ $this->loadUserOnSession($user_id);
+ return true;
+ }
+
+ /**
+ * Loads the current user bassed on the given user_id
+ *
+ * @param STRING $user_id
+ * @return boolean
+ */
+ function loadUserOnSession($user_id=''){
+ if (!empty($user_id)) {
+ $_SESSION['authenticated_user_id'] = $user_id;
+ }
+
+ if (!empty($_SESSION['authenticated_user_id']) || !empty($user_id)) {
+ $GLOBALS['current_user'] = new User();
+ if ($GLOBALS['current_user']->retrieve($_SESSION['authenticated_user_id'])) {
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+}
Something went wrong with that request. Please try again.