From 971e81756c05263389c0c6fab9ee940516299cd4 Mon Sep 17 00:00:00 2001 From: Albert Santoni Date: Wed, 18 Jun 2014 18:27:16 -0400 Subject: [PATCH] Added ability to login directly with WHMCS credentials (on Airtime login screen) --- .../controllers/LoginController.php | 24 ++++-- .../controllers/WhmcsLoginController.php | 77 ++++++++++++++++++- 2 files changed, 95 insertions(+), 6 deletions(-) diff --git a/airtime_mvc/application/controllers/LoginController.php b/airtime_mvc/application/controllers/LoginController.php index 311b000eb..f5c6a01d0 100644 --- a/airtime_mvc/application/controllers/LoginController.php +++ b/airtime_mvc/application/controllers/LoginController.php @@ -1,5 +1,7 @@ _redirect('Showbuilder'); } else { - $message = _("Wrong username or password provided. Please try again."); - Application_Model_Subjects::increaseLoginAttempts($username); - Application_Model_LoginAttempts::increaseAttempts($_SERVER['REMOTE_ADDR']); - $form = new Application_Form_Login(); - $error = true; + $email = $form->getValue('username'); + $authAdapter = new WHMCS_Auth_Adapter("admin", $email, $password); + $auth = Zend_Auth::getInstance(); + $result = $auth->authenticate($authAdapter); + if ($result->isValid()) { + //set the user locale in case user changed it in when logging in + Application_Model_Preference::SetUserLocale($locale); + + $this->_redirect('Showbuilder'); + } + else { + $message = _("Wrong username or password provided. Please try again."); + Application_Model_Subjects::increaseLoginAttempts($username); + Application_Model_LoginAttempts::increaseAttempts($_SERVER['REMOTE_ADDR']); + $form = new Application_Form_Login(); + $error = true; + } } } } diff --git a/airtime_mvc/application/controllers/WhmcsLoginController.php b/airtime_mvc/application/controllers/WhmcsLoginController.php index 5b05d40c6..44d866be6 100644 --- a/airtime_mvc/application/controllers/WhmcsLoginController.php +++ b/airtime_mvc/application/controllers/WhmcsLoginController.php @@ -17,7 +17,7 @@ class WhmcsLoginController extends Zend_Controller_Action $this->view->layout()->disableLayout(); $this->_helper->viewRenderer->setNoRender(true); - $username = "admin"; + $username = "admin"; //This is just for appearance in your session. It shows up in the corner of the Airtime UI. $email = $_POST["email"]; $password = $_POST["password"]; @@ -87,6 +87,10 @@ class WHMCS_Auth_Adapter implements Zend_Auth_Adapter_Interface { { return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, null); } + if (!$this->verifyClientSubdomainOwnership()) + { + return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, null); + } $identity = array(); @@ -173,4 +177,75 @@ class WHMCS_Auth_Adapter implements Zend_Auth_Adapter_Interface { return true; } + + function verifyClientSubdomainOwnership() + { + $client_postfields = array(); + $client_postfields["username"] = $_SERVER['WHMCS_USERNAME']; + $client_postfields["password"] = md5($_SERVER['WHMCS_PASSWORD']); + $client_postfields["action"] ="getclientsproducts"; + $client_postfields["responsetype"] = "json"; + + $client_postfields["clientid"] = Application_Model_Preference::GetClientId(); + //$client_postfields["stats"] = "true"; + + $query_string = ""; + foreach ($client_postfields as $k => $v) $query_string .= "$k=".urlencode($v)."&"; + + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, WHMCS_API_URL); + curl_setopt($ch, CURLOPT_POST, 1); + curl_setopt($ch, CURLOPT_TIMEOUT, 30); + curl_setopt($ch, CURLOPT_FAILONERROR, 1); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); + curl_setopt($ch, CURLOPT_POSTFIELDS, $query_string); + curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); + $jsondata = curl_exec($ch); + if (curl_error($ch)) { + die(curl_getinfo($ch, CURLINFO_EFFECTIVE_URL)); + //die("Connection Error: ".curl_errno($ch).' - '.curl_error($ch)); + } + curl_close($ch); + + $arr = json_decode($jsondata, true); # Decode JSON String + //$client_id = $arr["clientid"]; + //print_r($arr); + if ($arr["result"] != "success") { + die("Sorry, that email address or password was incorrect."); + } + + $doesAirtimeProductExist = false; + $isAirtimeAccountSuspended = true; + $airtimeProduct = null; + + foreach ($arr["products"] as $product) + { + if (strpos($product[0]["groupname"], "Airtime") === FALSE) + { + //Ignore non-Airtime products + continue; + } + else + { + if ($product[0]["status"] === "Active") { + $airtimeProduct = $product[0]; + $subdomain = ''; + + foreach ($airtimeProduct['customfields']['customfield'] as $customField) + { + if ($customField['name'] === SUBDOMAIN_WHMCS_CUSTOM_FIELD_NAME) + { + $subdomain = $customField['value']; + if ($subdomain . ".airtime.pro" === $_SERVER['SERVER_NAME']) + { + return true; + } + } + } + } + } + } + return false; + } } \ No newline at end of file