Changeset 10579 for freepbx/trunk

Show
Ignore:
Timestamp:
11/19/10 16:33:24 (3 years ago)
Author:
p_lindheimer
Message:

closes #4644 make database mode authentication the defaut if not chnanged

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • freepbx/trunk/amp_conf/htdocs/admin/header_auth.php

    r7790 r10579  
    1313 
    1414switch (strtolower($amp_conf['AUTHTYPE'])) { 
     15  case 'webserver': 
     16    // handler for apache doing authentication 
     17    if ((!isset($_SESSION['AMP_user']) || ($_SESSION['AMP_user']->username != $_SERVER['PHP_AUTH_USER'])) && !isset($_REQUEST['logout'])) { 
     18      // not logged in, or username has changed;  and not trying to log out 
     19       
     20      if (isset($_SESSION['logout']) && $_SESSION['logout']) { 
     21        // workaround for HTTP-auth - just tried to logout, don't allow a log in (with the same credentials) 
     22        unset($_SESSION['logout']); 
     23        // afterwards, this falls through to the !AMP_user check below, and sends 401 header, which causes the browser to re-prompt the user 
     24      } else { 
     25        $_SESSION['AMP_user'] = new ampuser($_SERVER['PHP_AUTH_USER']); 
     26         
     27        if ($_SESSION['AMP_user']->username == $amp_conf['AMPDBUSER']) { 
     28          // admin user, grant full access 
     29          $_SESSION['AMP_user']->setAdmin(); 
     30        } 
     31      } 
     32    } 
     33 
     34    if (!isset($_SESSION['AMP_user'])) { 
     35      // not logged in, send headers 
     36      @header('WWW-Authenticate: Basic realm="FreePBX '._('Administration').'"'); 
     37      @header('HTTP/1.0 401 Unauthorized'); 
     38      showview("unauthorized"); 
     39      exit; 
     40    } 
     41  case 'none': 
     42    if (!isset($_SESSION['AMP_user'])) { 
     43      $_SESSION['AMP_user'] = new ampuser($amp_conf['AMPDBUSER']); 
     44      $_SESSION['AMP_user']->setAdmin(); 
     45    } 
     46  break; 
    1547  case 'database': 
     48  default: 
    1649    if (!isset($_SESSION['AMP_user']) && isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW']) && !isset($_REQUEST['logout'])) { 
    1750      if (isset($_SESSION['logout']) && $_SESSION['logout']) { 
     
    4780    } 
    4881  break; 
    49   case 'webserver': 
    50     // handler for apache doing authentication 
    51     if ((!isset($_SESSION['AMP_user']) || ($_SESSION['AMP_user']->username != $_SERVER['PHP_AUTH_USER'])) && !isset($_REQUEST['logout'])) { 
    52       // not logged in, or username has changed;  and not trying to log out 
    53        
    54       if (isset($_SESSION['logout']) && $_SESSION['logout']) { 
    55         // workaround for HTTP-auth - just tried to logout, don't allow a log in (with the same credentials) 
    56         unset($_SESSION['logout']); 
    57         // afterwards, this falls through to the !AMP_user check below, and sends 401 header, which causes the browser to re-prompt the user 
    58       } else { 
    59         $_SESSION['AMP_user'] = new ampuser($_SERVER['PHP_AUTH_USER']); 
    60          
    61         if ($_SESSION['AMP_user']->username == $amp_conf['AMPDBUSER']) { 
    62           // admin user, grant full access 
    63           $_SESSION['AMP_user']->setAdmin(); 
    64         } 
    65       } 
    66     } 
    67  
    68     if (!isset($_SESSION['AMP_user'])) { 
    69       // not logged in, send headers 
    70       @header('WWW-Authenticate: Basic realm="FreePBX '._('Administration').'"'); 
    71       @header('HTTP/1.0 401 Unauthorized'); 
    72       showview("unauthorized"); 
    73       exit; 
    74     } 
    75   case 'none': 
    76   default: 
    77     if (!isset($_SESSION['AMP_user'])) { 
    78       $_SESSION['AMP_user'] = new ampuser($amp_conf['AMPDBUSER']); 
    79       $_SESSION['AMP_user']->setAdmin(); 
    80     } 
    81   break; 
    8282} 
    8383 

  • freepbx/trunk/amp_conf/htdocs/admin/libraries/framework_view.functions.php

    r10370 r10579  
    1313 
    1414switch (strtolower($amp_conf['AUTHTYPE'])) { 
    15   case 'database': 
    16     if (!isset($_SESSION['AMP_user']) && isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW']) && !isset($_REQUEST['logout'])) { 
    17       if (isset($_SESSION['logout']) && $_SESSION['logout']) { 
    18         // workaround for HTTP-auth - just tried to logout, don't allow a log in (with the same credentials) 
    19         unset($_SESSION['logout']); 
    20         // afterwards, this falls through to the !AMP_user check below, and sends 401 header, which causes the browser to re-prompt the user 
    21       } else { 
    22         // not logged in, and have provided a user/pass 
    23         $_SESSION['AMP_user'] = new ampuser($_SERVER['PHP_AUTH_USER']); 
    24          
    25         if (!$_SESSION['AMP_user']->checkPassword(sha1($_SERVER['PHP_AUTH_PW']))) { 
    26           // failed, one last chance -- fallback to amportal.conf db admin user 
    27           if (($_SERVER['PHP_AUTH_USER'] == $amp_conf['AMPDBUSER']) && ($_SERVER['PHP_AUTH_PW'] == $amp_conf['AMPDBPASS'])) { 
    28    
    29             // password succesfully matched amportal.conf db admin user  
    30    
    31             // set admin access 
    32             $_SESSION['AMP_user']->setAdmin(); 
    33           } else { 
    34             // password failed and admin user fall-back failed 
    35             unset($_SESSION['AMP_user']); 
    36           } 
    37         } // else, succesfully logged in 
    38       }  
    39     } 
    40  
    41     if (!isset($_SESSION['AMP_user'])) { 
    42       // not logged in, send headers 
    43       @header('WWW-Authenticate: Basic realm="FreePBX '._('Administration').'"'); 
    44       @header('HTTP/1.0 401 Unauthorized'); 
    45       showview("unauthorized"); 
    46       exit; 
    47     } 
    48   break; 
    4915  case 'webserver': 
    5016    // handler for apache doing authentication 
     
    7440    } 
    7541  case 'none': 
    76   default: 
    7742    if (!isset($_SESSION['AMP_user'])) { 
    7843      $_SESSION['AMP_user'] = new ampuser($amp_conf['AMPDBUSER']); 
    7944      $_SESSION['AMP_user']->setAdmin(); 
     45    } 
     46  break; 
     47  case 'database': 
     48  default: 
     49    if (!isset($_SESSION['AMP_user']) && isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW']) && !isset($_REQUEST['logout'])) { 
     50      if (isset($_SESSION['logout']) && $_SESSION['logout']) { 
     51        // workaround for HTTP-auth - just tried to logout, don't allow a log in (with the same credentials) 
     52        unset($_SESSION['logout']); 
     53        // afterwards, this falls through to the !AMP_user check below, and sends 401 header, which causes the browser to re-prompt the user 
     54      } else { 
     55        // not logged in, and have provided a user/pass 
     56        $_SESSION['AMP_user'] = new ampuser($_SERVER['PHP_AUTH_USER']); 
     57         
     58        if (!$_SESSION['AMP_user']->checkPassword(sha1($_SERVER['PHP_AUTH_PW']))) { 
     59          // failed, one last chance -- fallback to amportal.conf db admin user 
     60          if (($_SERVER['PHP_AUTH_USER'] == $amp_conf['AMPDBUSER']) && ($_SERVER['PHP_AUTH_PW'] == $amp_conf['AMPDBPASS'])) { 
     61   
     62            // password succesfully matched amportal.conf db admin user  
     63   
     64            // set admin access 
     65            $_SESSION['AMP_user']->setAdmin(); 
     66          } else { 
     67            // password failed and admin user fall-back failed 
     68            unset($_SESSION['AMP_user']); 
     69          } 
     70        } // else, succesfully logged in 
     71      }  
     72    } 
     73 
     74    if (!isset($_SESSION['AMP_user'])) { 
     75      // not logged in, send headers 
     76      @header('WWW-Authenticate: Basic realm="FreePBX '._('Administration').'"'); 
     77      @header('HTTP/1.0 401 Unauthorized'); 
     78      showview("unauthorized"); 
     79      exit; 
    8080    } 
    8181  break; 

  • freepbx/trunk/amportal.conf

    r10549 r10579  
    7474 
    7575# AUTHTYPE=database|none 
     76# DEFAULT VALUE: database 
    7677# Authentication type to use for web admininstration. If type set to 'database', the primary 
    7778# AMP admin credentials will be the AMPDBUSER/AMPDBPASS above. 
    78 AUTHTYPE=non
     79AUTHTYPE=databas
    7980 
    8081# AMPADMINLOGO=filename 

  • freepbx/trunk/upgrades/2.9.0alpha1/migrate_ampconf.php

    r10213 r10579  
    4646    ('ASTMANAGER','',0,'Port for the Asterisk Manager<br>Default = 5028','text',NULL,'5038',NULL,NULL), 
    4747    ('ASTMANAGERHOST','localhost',0,'Hostname for the Asterisk Manager<br>Default = localhost','text',NULL,'localhost',NULL,NULL), 
    48     ('AUTHTYPE','database',0,'Authentication type to use for web admin. If type set to <b>database</b>, the primary AMP admin credentials will be the AMPDBUSER/AMPDBPASS above. Valid settings are: none, database<br>Default = none','select','none,database','none',NULL,NULL), 
     48    ('AUTHTYPE','database',0,'Authentication type to use for web admin. If type set to <b>database</b>, the primary AMP admin credentials will be the AMPDBUSER/AMPDBPASS above. Valid settings are: none, database<br>Default = database','select','none,database','database',NULL,NULL), 
    4949    ('BADDESTABORT','FALSE',0,'Setting either of these to true will result in retrieve_conf aborting during a reload if an extension conflict is detected or a destination is detected. It is usually better to allow the reload to go through and then correct the problem but these can be set if a more strict behavior is desired<br>Default = false','select','TRUE,FALSE','FALSE',NULL,NULL), 
    5050    ('CDRDBHOST','',0,'Only used if you dont use the default values provided by FreePBX.<br>Hostname of db server if not the same as AMPDBHOST.','text',NULL,NULL,NULL,NULL),