projects / Pman.Base / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Pman/Login.php
[Pman.Base] / Pman / Login.php
1 <?php
2
3 require_once 'Pman.php';
4
5 class Pman_Login extends Pman
6
7     
8     var $masterTemplate = 'login.html';
9     
10     function getAuth() // everyone allowed in here..
11     {
12         parent::getAuth(); // load company..
13         return true;
14         
15     }
16     /**
17      * Accepts:
18      * logout =
19      * 
20      * 
21      */
22     function get() 
23     {
24         
25         
26         
27         
28         if (!empty($_REQUEST['logout'])) {
29             $u = $this->getAuthUser();
30             //print_r($u);
31             if ($u) {
32                 $this->addEvent('LOGOUT');
33                 $u->logout();
34             }
35             // log it..
36             
37             $_SESSION['Pman_I18N'] = array();
38             
39         }
40         
41         // general query...
42         if (!empty($_REQUEST['getAuthUser'])) {
43             $this->sendAuthUserDetails();
44             exit;
45            
46         }
47         if (!empty($_REQUEST['username'])) {
48             $this->post();
49         }
50         $this->jerr("INVALID REQUEST");
51         exit;
52     }
53     
54     function sendAuthUserDetails()
55     {
56         
57         $ff = HTML_FlexyFramework::get();
58         $tbl = empty($ff->Pman['authTable']) ? 'Person' : $ff->Pman['authTable'];
59         
60         $u = DB_DataObject::factory($tbl);
61         if (!$u->isAuth()) {
62             $this->jok(array('id' => 0)); // not logged in..
63             exit;
64         }
65         $au = $u->getAuthUser();
66         
67         $aur = $au->authUserArray();
68         
69         /** -- these need modulizing somehow! **/
70         
71         if ($this->hasModule('Fax')) {
72             // should check fax module???
73             $f = DB_DataObject::factory('Fax_Queue');
74             $aur['faxMax'] = $f->getMaxId();
75             $aur['faxNumPending'] = $f->getNumPending();
76         }
77         
78         if ($this->hasModule('Documents')) {
79         // inbox...
80             $d = DB_DataObject::factory('Documents_Tracking');
81             $d->person_id = $au->id;
82             //$d->status = 0; // unread
83             $d->whereAdd('date_read IS NULL');
84             $d->applyFilters(array('query'=> array('unread' => 1)), $au);
85             $aur['inbox_unread'] = $d->count();
86         }
87         
88         //echo '<PRE>';print_r($aur);
89         
90         $this->jok($aur);
91         exit;
92         
93             
94     }
95
96     
97     var $domObj = false;
98     function post()
99     {
100         
101         if (!empty($_REQUEST['getAuthUser'])) {
102             $this->sendAuthUserDetails();
103             exit;
104         }
105         
106         
107         if (!empty($_REQUEST['passwordRequest'])) { //|| (strpos($_REQUEST['username'], '@') < 1)) {
108             
109             return $this->passwordRequest($_REQUEST['passwordRequest']);
110             
111         }
112         
113         if (!empty($_REQUEST['changePassword'])) {
114             return $this->changePassword($_REQUEST);
115         }
116         
117          $ff = HTML_FlexyFramework::get();
118         $tbl = empty($ff->Pman['authTable']) ? 'Person' : $ff->Pman['authTable'];
119         
120        
121         $u = DB_DataObject::factory($tbl);
122         //$u->active = 1;
123         
124         
125         if (empty($_REQUEST['username'])) { //|| (strpos($_REQUEST['username'], '@') < 1)) {
126             $this->jerr('You typed the wrong Username or Password (0)');
127             exit;
128         }
129         
130         $u->whereAdd('LENGTH(passwd) > 1'); 
131         $u->email = $_REQUEST['username'];
132         
133         if ($u->count() > 1 || !$u->find(true)) {
134             $this->jerr('You typed the wrong Username or Password  (1)');
135             exit;
136         }
137         
138         if (!$u->active) {
139             $this->jerr('Account disabled');
140         }
141         
142         if ($u->checkPassword($_REQUEST['password'])) {
143             $u->login();
144             $this->AddEvent("LOGIN");
145             if (!empty($_REQUEST['lang']) && $_REQUEST['lang'] != $u->lang) {
146                 $uu = clone($u);
147                 $uu->lang = $_REQUEST['lang'];
148                 $uu->update();
149             }
150              // log it..
151             
152             $this->sendAuthUserDetails();
153             exit;
154
155             //exit;
156         }
157         
158          
159         $this->jerr('You typed the wrong Username or Password  (2)'); // - " . htmlspecialchars(print_r($_POST,true))."'");
160         exit;
161     }
162     
163     function passwordRequest($n) 
164     {
165         $u = DB_DataObject::factory('Person');
166         //$u->company_id = $this->company->id;
167         
168         $u->whereAdd('LENGTH(passwd) > 1');
169         $u->email = $n;
170         $u->active = 1;
171         if ($u->count() > 1 || !$u->find(true)) {
172             $this->jerr('invalid User (1)');
173         }
174         // got a avlid user..
175         if (!strlen($u->passwd)) {
176             $this->jerr('invalid User (2)');
177         }
178         // check to see if we have sent a request before..
179         
180         if ($u->no_reset_sent > 3) {
181             $this->jerr('We have issued to many resets - please contact the Administrator');
182         }
183         $this->authFrom = time();
184         $this->authKey = $u->genPassKey($this->authFrom);
185         $this->authKey = md5($u->email . $this->authFrom . $u->passwd);
186         
187         $ret =  $u->sendTemplate('password_reset', $this);
188         if (is_object($ret)) {
189             $this->addEvent('SYSERR',false, $ret->getMessage());
190             $this->jerr($ret->getMessage());
191         }
192         $this->addEvent('PASSREQ',$u, $u->email);
193         $uu = clone($u);
194         $uu->no_reset_sent++;
195         $uu->update($u);
196         $this->jok("done");
197         
198         
199     }
200     function changePassword($r)
201     {
202         $au = $this->getAuthUser();
203         if ($au) {
204             $uu = clone($au);
205             $au->setPassword($r['passwd1']);
206             $au->update($uu);
207             $this->jok($au);
208         }
209         // not logged in -> need to validate 
210         if (empty($r['passwordReset'])) {
211             $this->jerr("invalid request");
212         }
213         // same code as reset pasword
214        
215         $bits = explode('/', $r['passwordReset']);
216         //print_R($bits);
217       
218         $res= $this->resetPassword(@$bits[0],@$bits[1],@$bits[2]);
219           
220         if ($res !== false) {
221             $this->jerr($res);
222         }
223         // key is correct.. let's change password...
224         
225         $u = DB_DataObject::factory('Person');
226         
227         //$u->company_id = $this->company->id;
228         $u->whereAdd('LENGTH(passwd) > 1');
229         $u->active = 1;
230         if (!$u->get($bits[0])) {
231            $this->jerr("invalid id"); // should not happen!!!!
232         }
233         $uu = clone($u);
234         $u->setPassword($r['passwd1']);
235         $u->update($uu);
236         $u->login();
237         
238         $this->jok($u);
239     }
240     
241     
242     
243 }
244
Pman (Base Files)