login([ 'username' => $login, 'password' => $password, 'userData' => true ]); if (!self::$data) { throw new Exception(); } API::getWrapper()->auth = [ 'type' => CJsonRpc::AUTH_TYPE_FRONTEND, 'auth' => self::$data['sessionid'] ]; if (self::$data['gui_access'] == GROUP_GUI_ACCESS_DISABLED) { error(_('GUI access disabled.')); throw new Exception(); } if (isset(self::$data['attempt_failed']) && self::$data['attempt_failed']) { CProfile::init(); CProfile::update('web.login.attempt.failed', self::$data['attempt_failed'], PROFILE_TYPE_INT); CProfile::update('web.login.attempt.ip', self::$data['attempt_ip'], PROFILE_TYPE_STR); CProfile::update('web.login.attempt.clock', self::$data['attempt_clock'], PROFILE_TYPE_INT); if (!CProfile::flush()) { return false; } } return true; } catch (Exception $e) { self::setDefault(); return false; } } /** * Log-out the current user. */ public static function logout(): void { if (API::User()->logout([])) { self::$data = null; session_destroy(); } } public static function checkAuthentication(string $sessionid): bool { try { self::$data = API::User()->checkAuthentication([ 'sessionid' => $sessionid, 'extend' => self::$extend_session ]); if (empty(self::$data)) { CMessageHelper::clear(); self::$data = API::User()->login([ 'username' => ZBX_GUEST_USER, 'password' => '', 'userData' => true ]); if (empty(self::$data)) { throw new Exception(); } } if (self::$data['gui_access'] == GROUP_GUI_ACCESS_DISABLED) { throw new Exception(); } return true; } catch (Exception $e) { return false; } } /** * Checks access of authenticated user to specific access rule. * * @static * * @param string $rule_name Rule name. * * @return bool Returns true if user has access to specified rule, false - otherwise. * * @throws Exception */ public static function checkAccess(string $rule_name): bool { if (empty(self::$data) || self::$data['roleid'] == 0) { return false; } return CRoleHelper::checkAccess($rule_name, self::$data['roleid']); } /** * Sets user data defaults. * * @static */ public static function setDefault(): void { self::$data = [ 'sessionid' => CEncryptHelper::generateKey(), 'username' => ZBX_GUEST_USER, 'userid' => 0, 'lang' => CSettingsHelper::getGlobal(CSettingsHelper::DEFAULT_LANG), 'theme' => CSettingsHelper::getGlobal(CSettingsHelper::DEFAULT_THEME), 'type' => 0, 'gui_access' => GROUP_GUI_ACCESS_SYSTEM, 'debug_mode' => false, 'roleid' => 0, 'autologin' => 0 ]; } /** * Returns the type of the current user. * * @static * * @return int */ public static function getType() { return self::$data ? self::$data['type'] : 0; } /** * Returns true if debug mode is enabled. * * @return bool */ public static function getDebugMode() { return (self::$data && self::$data['debug_mode']); } /** * Returns true if the current user is logged in. * * @return bool */ public static function isLoggedIn() { return (self::$data && self::$data['userid']); } /** * Returns true if the user is not logged in or logged in as Guest. * * @return bool */ public static function isGuest() { return (self::$data && self::$data['username'] == ZBX_GUEST_USER); } /** * Return true if guest user has access to frontend. * * @return bool */ public static function isGuestAllowed() { $guest = DB::select('users', [ 'output' => ['userid'], 'filter' => ['username' => ZBX_GUEST_USER] ]); return check_perm2system($guest[0]['userid']) && getUserGuiAccess($guest[0]['userid']) != GROUP_GUI_ACCESS_DISABLED; } /** * Returns refresh rate in seconds. * * @return int */ public static function getRefresh() { return timeUnitToSeconds(self::$data['refresh']); } /** * Returns interface language attribute value for HTML lang tag. * * @return string */ public static function getLang() { return (self::$data) ? substr(self::$data['lang'], 0, strpos(self::$data['lang'], '_')) : 'en'; } /** * Get user IP address. * * @return string */ public static function getIp(): string { return $_SERVER['REMOTE_ADDR']; } }