Congegni
/
sintonia
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'whmcs-login' into whmcs-login-saas

This commit is contained in:
Albert Santoni 2014-06-18 20:20:30 -04:00
parent 20c069fc65 76659c80c4
commit 6402e6d2b6
1 changed files with 17 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
airtime_mvc/application/controllers/WhmcsLoginController.php
View File

@ -84,11 +84,12 @@ class WHMCS_Auth_Adapter implements Zend_Auth_Adapter_Interface {
} }
function authenticate() { function authenticate() {
if (!$this->validateCredentialsWithWHMCS($this->email, $this->password)) list($credentialsValid, $clientId) = $this->validateCredentialsWithWHMCS($this->email, $this->password))
if (!$credentialsValid)
{ {
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, null); return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, null);
} }
if (!$this->verifyClientSubdomainOwnership()) if (!$this->verifyClientSubdomainOwnership($clientId))
{ {
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, null); return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, null);
} }
@ -139,7 +140,8 @@ class WHMCS_Auth_Adapter implements Zend_Auth_Adapter_Interface {
$identity["email"] = $this->email; $identity["email"] = $this->email;
return $identity; return $identity;
} }
//Returns an array! Read the code carefully:
private function validateCredentialsWithWHMCS($email, $password) private function validateCredentialsWithWHMCS($email, $password)
{ {
$client_postfields = array(); $client_postfields = array();
@ -173,21 +175,28 @@ class WHMCS_Auth_Adapter implements Zend_Auth_Adapter_Interface {
$arr = json_decode($jsondata, true); # Decode JSON String $arr = json_decode($jsondata, true); # Decode JSON String
if ($arr["result"] != "success") { if ($arr["result"] != "success") {
return false; return array(false, -1);
} }
$clientId = $arr["userid"];
return true; return array(true, $clientId);
} }
function verifyClientSubdomainOwnership() function verifyClientSubdomainOwnership($clientId)
{ {
//Do a quick safety check to ensure the client ID we're authenticating
//matches up to the owner of this instance.
if ($clientId != Application_Model_Preference::GetClientId())
{
return false;
}
$client_postfields = array(); $client_postfields = array();
$client_postfields["username"] = $_SERVER['WHMCS_USERNAME']; $client_postfields["username"] = $_SERVER['WHMCS_USERNAME'];
$client_postfields["password"] = md5($_SERVER['WHMCS_PASSWORD']); $client_postfields["password"] = md5($_SERVER['WHMCS_PASSWORD']);
$client_postfields["action"] ="getclientsproducts"; $client_postfields["action"] ="getclientsproducts";
$client_postfields["responsetype"] = "json"; $client_postfields["responsetype"] = "json";
$client_postfields["clientid"] = Application_Model_Preference::GetClientId(); $client_postfields["clientid"] = $clientId;
//$client_postfields["stats"] = "true"; //$client_postfields["stats"] = "true";
$query_string = ""; $query_string = "";
@ -238,7 +247,7 @@ class WHMCS_Auth_Adapter implements Zend_Auth_Adapter_Interface {
if ($customField['name'] === SUBDOMAIN_WHMCS_CUSTOM_FIELD_NAME) if ($customField['name'] === SUBDOMAIN_WHMCS_CUSTOM_FIELD_NAME)
{ {
$subdomain = $customField['value']; $subdomain = $customField['value'];
if ($subdomain . ".airtime.pro" === $_SERVER['SERVER_NAME']) if (($subdomain . ".airtime.pro") === $_SERVER['SERVER_NAME'])
{ {
return true; return true;
} }