projects / Pman.Base / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Pman/Login.php
[Pman.Base] / Pman / Login.php
1 <?php
2
3 require_once 'Pman.php';
4
5 /***
6
7 * Auth wrapper..
8
9 * User class must provide the following features.
10
11 * logout()
12 * isAuth() 
13 * getAuthUser();
14 * authUserArray() 
15 * active()  -- is user active. // or set prior to checking..
16 * authUserName(n) - sets the value prior to a find(true)
17 * checkPassword($_REQUEST['password'])) {
18 * login();
19 * lang(val) - to set the language..
20 */
21
22
23
24 class Pman_Login extends Pman
25
26     
27     var $masterTemplate = 'login.html';
28     
29     function getAuth() // everyone allowed in here..
30     {
31         parent::getAuth(); // load company..
32         return true;
33         
34     }
35     /**
36      * Accepts:
37      * logout =
38      * 
39      * 
40      */
41     function get() 
42     {
43         
44         
45         
46         
47         if (!empty($_REQUEST['logout'])) {
48             $u = $this->getAuthUser();
49             //print_r($u);
50             if ($u) {
51                 $this->addEvent('LOGOUT');
52                 $u->logout();
53             }
54             // log it..
55             
56             $_SESSION['Pman_I18N'] = array();
57             
58         }
59         
60         // general query...
61         if (!empty($_REQUEST['getAuthUser'])) {
62             $this->sendAuthUserDetails();
63             exit;
64            
65         }
66         if (!empty($_REQUEST['username'])) {
67             $this->post();
68         }
69         $this->jerr("INVALID REQUEST");
70         exit;
71     }
72     
73     function sendAuthUserDetails()
74     {
75         DB_DataObject::debugLevel(1);
76         $ff = HTML_FlexyFramework::get();
77         $tbl = empty($ff->Pman['authTable']) ? 'Person' : $ff->Pman['authTable'];
78         
79         $u = DB_DataObject::factory($tbl);
80         if (!$u->isAuth()) {
81             $this->jok(array('id' => 0)); // not logged in..
82             exit;
83         }
84         $au = $u->getAuthUser();
85         
86         $aur = $au->authUserArray();
87          
88         /** -- these need modulizing somehow! **/
89         
90         if ($this->hasModule('Fax')) {
91             // should check fax module???
92             $f = DB_DataObject::factory('Fax_Queue');
93             $aur['faxMax'] = $f->getMaxId();
94             $aur['faxNumPending'] = $f->getNumPending();
95         }
96         
97         if ($this->hasModule('Documents')) {
98         // inbox...
99             $d = DB_DataObject::factory('Documents_Tracking');
100             $d->person_id = $au->id;
101             //$d->status = 0; // unread
102             $d->whereAdd('date_read IS NULL');
103             $d->applyFilters(array('query'=> array('unread' => 1)), $au);
104             $aur['inbox_unread'] = $d->count();
105         }
106         
107         //echo '<PRE>';print_r($aur);
108         
109         $this->jok($aur);
110         exit;
111         
112             
113     }
114
115     
116     var $domObj = false;
117     function post()
118     {
119         
120         if (!empty($_REQUEST['getAuthUser'])) {
121             $this->sendAuthUserDetails();
122             exit;
123         }
124         
125         
126         if (!empty($_REQUEST['passwordRequest'])) { //|| (strpos($_REQUEST['username'], '@') < 1)) {
127             
128             return $this->passwordRequest($_REQUEST['passwordRequest']);
129             
130         }
131         
132         if (!empty($_REQUEST['changePassword'])) {
133             return $this->changePassword($_REQUEST);
134         }
135         
136         // login attempt..
137         
138         $ff = HTML_FlexyFramework::get();
139         $tbl = empty($ff->Pman['authTable']) ? 'Person' : $ff->Pman['authTable'];
140         
141        
142         $u = DB_DataObject::factory($tbl);
143         //$u->active = 1;
144         
145         
146         if (empty($_REQUEST['username'])) { //|| (strpos($_REQUEST['username'], '@') < 1)) {
147             $this->jerr('You typed the wrong Username or Password (0)');
148             exit;
149         }
150         
151         $u->authUserName($_REQUEST['username']);
152         
153         
154         if ($u->count() > 1 || !$u->find(true)) {
155             $this->jerr('You typed the wrong Username or Password  (1)');
156             exit;
157         }
158         
159         if (!$u->active()) {
160             $this->jerr('Account disabled');
161         }
162         
163         if ($u->checkPassword($_REQUEST['password'])) {
164             $u->login();
165             $this->addEvent("LOGIN");
166             if (!empty($_REQUEST['lang'])) {
167                 $u->lang($_REQUEST['lang']);
168             }
169              // log it..
170             
171             $this->sendAuthUserDetails();
172             exit;
173
174             //exit;
175         }
176         
177          
178         $this->jerr('You typed the wrong Username or Password  (2)'); // - " . htmlspecialchars(print_r($_POST,true))."'");
179         exit;
180     }
181     
182     function passwordRequest($n) 
183     {
184         $u = DB_DataObject::factory('Person');
185         //$u->company_id = $this->company->id;
186         
187         $u->whereAdd('LENGTH(passwd) > 1');
188         $u->email = $n;
189         $u->active = 1;
190         if ($u->count() > 1 || !$u->find(true)) {
191             $this->jerr('invalid User (1)');
192         }
193         // got a avlid user..
194         if (!strlen($u->passwd)) {
195             $this->jerr('invalid User (2)');
196         }
197         // check to see if we have sent a request before..
198         
199         if ($u->no_reset_sent > 3) {
200             $this->jerr('We have issued to many resets - please contact the Administrator');
201         }
202         $this->authFrom = time();
203         $this->authKey = $u->genPassKey($this->authFrom);
204         $this->authKey = md5($u->email . $this->authFrom . $u->passwd);
205         
206         $ret =  $u->sendTemplate('password_reset', $this);
207         if (is_object($ret)) {
208             $this->addEvent('SYSERR',false, $ret->getMessage());
209             $this->jerr($ret->getMessage());
210         }
211         $this->addEvent('PASSREQ',$u, $u->email);
212         $uu = clone($u);
213         $uu->no_reset_sent++;
214         $uu->update($u);
215         $this->jok("done");
216         
217         
218     }
219     function changePassword($r)
220     {
221         $au = $this->getAuthUser();
222         if ($au) {
223             $uu = clone($au);
224             $au->setPassword($r['passwd1']);
225             $au->update($uu);
226             $this->jok($au);
227         }
228         // not logged in -> need to validate 
229         if (empty($r['passwordReset'])) {
230             $this->jerr("invalid request");
231         }
232         // same code as reset pasword
233        
234         $bits = explode('/', $r['passwordReset']);
235         //print_R($bits);
236       
237         $res= $this->resetPassword(@$bits[0],@$bits[1],@$bits[2]);
238           
239         if ($res !== false) {
240             $this->jerr($res);
241         }
242         // key is correct.. let's change password...
243         
244         $u = DB_DataObject::factory('Person');
245         
246         //$u->company_id = $this->company->id;
247         $u->whereAdd('LENGTH(passwd) > 1');
248         $u->active = 1;
249         if (!$u->get($bits[0])) {
250            $this->jerr("invalid id"); // should not happen!!!!
251         }
252         $uu = clone($u);
253         $u->setPassword($r['passwd1']);
254         $u->update($uu);
255         $u->login();
256         
257         $this->jok($u);
258     }
259     
260     
261     
262 }
263
Pman (Base Files)