getSetting('System: G Suite Enabled'); $companyName = SettingsManager::getInstance()->getSetting('Company: Name'); $SAMLAutoLogin = SettingsManager::getInstance()->getSetting('SAML: Auto Login') === "1"; $SAMLEnabled = SettingsManager::getInstance()->getSetting("SAML: Enabled") == "1"; $SAMLUserLoaded = false; if (isset($_REQUEST['logout'])) { \Utils\SessionUtils::unsetClientSession(); $user = null; } if (empty($user) || empty($user->email)) { if (!isset($_REQUEST['logout']) && !isset($_POST['SAMLResponse']) && $SAMLAutoLogin && $SAMLEnabled && !empty(SettingsManager::getInstance()->getSetting("SAML: IDP SSO Url"))) { header("Location:" . SettingsManager::getInstance()->getSetting("SAML: IDP SSO Url")); exit(); } if ((!empty($_REQUEST['username']) && !empty($_REQUEST['password'])) || isset($_POST['SAMLResponse']) ) { $suser = null; $ssoUserLoaded = false; if($_REQUEST['username'] != "admin") { if (SettingsManager::getInstance()->getSetting("LDAP: Enabled") === "1") { $ldapResp = \Classes\LDAPManager::getInstance()->checkLDAPLogin($_REQUEST['username'], $_REQUEST['password']); if ($ldapResp->getStatus() == \Classes\IceResponse::ERROR) { header("Location:" . CLIENT_BASE_URL . "login.php?f=1"); exit(); } else { $suser = new \Users\Common\Model\User(); $suser->Load("username = ?", array($_REQUEST['username'])); if (empty($suser)) { header("Location:" . CLIENT_BASE_URL . "login.php?f=1"); exit(); } $ssoUserLoaded = true; } } } if ($SAMLEnabled && isset($_POST['SAMLResponse'])) { $samlData = $_POST['SAMLResponse']; if(array_key_exists('RelayState', $_POST) && !empty( $_POST['RelayState'] ) && $_POST['RelayState'] !== '/') { $relayState = htmlspecialchars($_POST['RelayState']); } else { $relayState = ''; } $ssoUserEmail = (new SAMLManager())->getSSOEmail($samlData, $relayState); LogManager::getInstance()->info('SSO SAML User Email:'.$ssoUserEmail); if (false === $ssoUserEmail) { header("Location:" . CLIENT_BASE_URL . "login.php?f=1"); exit(); } else { $mapping = SettingsManager::getInstance()->getSetting('SAML: Name ID Mapping'); $suser = new \Users\Common\Model\User(); if ($mapping === 'username') { $suser->Load("username = ?", array($ssoUserEmail)); } else { $suser->Load("email = ?", array($ssoUserEmail)); } LogManager::getInstance()->info('SSO SAML User:'.print_r($suser, true)); if (empty($suser)) { header("Location:" . CLIENT_BASE_URL . "login.php?f=1"); exit(); } $ssoUserLoaded = true; $SAMLUserLoaded = true; } } if (empty($suser)) { $suser = new \Users\Common\Model\User(); $suser->Load( "username = ? or email = ?", [ $_REQUEST['username'], $_REQUEST['username'], ] ); if (!\Classes\PasswordManager::verifyPassword($_REQUEST['password'], $suser->password)) { $suser = null; } } if (empty($suser)) { $next = !empty($_REQUEST['next'])?'&next='.$_REQUEST['next']:''; header("Location:".CLIENT_BASE_URL."login.php?f=1".$next); exit(); } $loginCsrf = \Utils\SessionUtils::getSessionObject('csrf-login'); if (!$SAMLUserLoaded && ($_REQUEST['csrf'] != $loginCsrf || empty($_REQUEST['csrf']))) { $next = !empty($_REQUEST['next'])?'&next='.$_REQUEST['next']:''; header("Location:".CLIENT_BASE_URL."login.php?f=1".$next); exit(); } if (!empty($suser)) { $user = $suser; \Utils\SessionUtils::saveSessionObject('user', $user); $suser->last_login = date("Y-m-d H:i:s"); $suser->Save(); if (!$ssoUserLoaded && !empty(\Classes\BaseService::getInstance()->auditManager)) { \Classes\BaseService::getInstance()->auditManager->user = $user; \Classes\BaseService::getInstance()->audit(\Classes\IceConstants::AUDIT_AUTHENTICATION, "User Login"); } if (!empty($_REQUEST['next']) && !empty(($loginRedirect = \Base64Url\Base64Url::decode($_REQUEST['next'])))) { header("Location:" . CLIENT_BASE_URL.$loginRedirect); exit(); } else { if ($user->user_level == "Admin") { if (\Utils\SessionUtils::getSessionObject('account_locked') == "1") { header("Location:".CLIENT_BASE_URL."?g=admin&n=billing&m=admin_System"); exit(); } else { header("Location:".HOME_LINK_ADMIN); exit(); } } else { if (empty($user->default_module)) { header("Location:".HOME_LINK_OTHERS); exit(); } else { $defaultModule = new \Modules\Common\Model\Module(); $defaultModule->Load("id = ?", array($user->default_module)); if ($defaultModule->mod_group == "user") { $defaultModule->mod_group = "modules"; } $homeLink = CLIENT_BASE_URL."?g=".$defaultModule->mod_group."&&n=".$defaultModule->name. "&m=".$defaultModule->mod_group."_".str_replace(" ", "_", $defaultModule->menu); header("Location:".$homeLink); exit(); } } } } else { $next = !empty($_REQUEST['next'])?'&next='.$_REQUEST['next']:''; header("Location:".CLIENT_BASE_URL."login.php?f=1".$next); exit(); } } } else { if ($user->user_level == "Admin") { header("Location:".HOME_LINK_ADMIN); exit(); } else { if (empty($user->default_module)) { header("Location:".HOME_LINK_OTHERS); exit(); } else { $defaultModule = new \Modules\Common\Model\Module(); $defaultModule->Load("id = ?", array($user->default_module)); if ($defaultModule->mod_group == "user") { $defaultModule->mod_group = "modules"; } $homeLink = CLIENT_BASE_URL."?g=".$defaultModule->mod_group."&n=".$defaultModule->name. "&m=".$defaultModule->mod_group."_".str_replace(" ", "_", $defaultModule->menu); header("Location:".$homeLink); exit(); } } } $tuser = \Utils\SessionUtils::getSessionObject('user'); $logoFileUrl = \Classes\UIManager::getInstance()->getCompanyLogoUrl(); $csrfToken = sha1(rand(4500, 100000) . time(). CLIENT_BASE_URL); \Utils\SessionUtils::saveSessionObject('csrf-login', $csrfToken); ?> IceHrm Login

Log in to continue to your IceHrm account



Demo Logins

Admin: (Username = admin/ Password = admin)

Manager: (Username = manager/ Password = demouserpwd)

User: (Username = user1/ Password = demouserpwd)

User: (Username = user2/ Password = demouserpwd)

Log in with Google
Or

Can't remember your password? Reset Password