git.roojs.org Git - Pman.Base/blob - Pman/Login.php

   1 <?php
   2
   3 require_once 'Pman.php';
   4
   5 class Pman_Login extends Pman
   6 {
   7
   8     var $masterTemplate = 'login.html';
   9
  10     function getAuth() // everyone allowed in here..
  11     {
  12         parent::getAuth(); // load company..
  13         return true;
  14
  15     }
  16     /**
  17      * Accepts:
  18      * logout =
  19      *
  20      *
  21      */
  22     function get()
  23     {
  24
  25
  26
  27
  28         if (!empty($_REQUEST['logout'])) {
  29             $u = $this->getAuthUser();
  30             //print_r($u);
  31             if ($u) {
  32                 $this->addEvent('LOGOUT');
  33                 $u->logout();
  34             }
  35             // log it..
  36
  37             $_SESSION['Pman_I18N'] = array();
  38
  39         }
  40
  41         // general query...
  42         if (!empty($_REQUEST['getAuthUser'])) {
  43             $this->sendAuthUserDetails();
  44             exit;
  45
  46         }
  47         if (!empty($_REQUEST['username'])) {
  48             $this->post();
  49         }
  50         $this->jerr("INVALID REQUEST");
  51         exit;
  52     }
  53
  54     function sendAuthUserDetails()
  55     {
  56
  57         $ff = HTML_FlexyFramework::get();
  58         $tbl = empty($ff->Pman['authTable']) ? 'Person' : $ff->Pman['authTable'];
  59
  60         $u = DB_DataObject::factory($tbl);
  61         if (!$u->isAuth()) {
  62             $this->jok(array('id' => 0)); // not logged in..
  63             exit;
  64         }
  65         $au = $u->getAuthUser();
  66
  67         $aur = $au->authUserArray();
  68
  69         // i18n language and coutry lists.
  70
  71
  72         $lang = empty($au->lang) ? 'en' : $au->lang;
  73         if (empty($_SESSION['Pman_I18N'][$lang])) {
  74             require_once 'Pman/I18N.php';
  75             $x = new Pman_I18N();
  76             $x->setSession($au);
  77
  78         }
  79
  80         $aur['i18n'] =$_SESSION['Pman_I18N'][$lang];
  81
  82         // perms + groups.
  83         $aur['perms']  = $au->getPerms();
  84         $g = DB_DataObject::Factory('Group_Members');
  85         $aur['groups']  = $g->listGroupMembership($au, 'name');
  86
  87         $aur['passwd'] = '';
  88         $aur['dailykey'] = '';
  89
  90         /** -- these need modulizing somehow! **/
  91
  92         if ($this->hasModule('Fax')) {
  93             // should check fax module???
  94             $f = DB_DataObject::factory('Fax_Queue');
  95             $aur['faxMax'] = $f->getMaxId();
  96             $aur['faxNumPending'] = $f->getNumPending();
  97         }
  98
  99         if ($this->hasModule('Documents')) {
 100         // inbox...
 101             $d = DB_DataObject::factory('Documents_Tracking');
 102             $d->person_id = $au->id;
 103             //$d->status = 0; // unread
 104             $d->whereAdd('date_read IS NULL');
 105             $d->applyFilters(array('query'=> array('unread' => 1)), $au);
 106             $aur['inbox_unread'] = $d->count();
 107         }
 108
 109         //echo '<PRE>';print_r($aur);
 110
 111         $this->jok($aur);
 112         exit;
 113
 114
 115     }
 116
 117
 118     var $domObj = false;
 119     function post()
 120     {
 121
 122         if (!empty($_REQUEST['passwordRequest'])) { //|| (strpos($_REQUEST['username'], '@') < 1)) {
 123
 124             return $this->passwordRequest($_REQUEST['passwordRequest']);
 125
 126         }
 127
 128         if (!empty($_REQUEST['changePassword'])) {
 129             return $this->changePassword($_REQUEST);
 130         }
 131
 132
 133         $u = DB_DataObject::factory('Person');
 134         //$u->active = 1;
 135         $u->whereAdd('LENGTH(passwd) > 1');
 136         //$u->company_id = $this->company->id;
 137
 138         if (empty($_REQUEST['username'])) { //|| (strpos($_REQUEST['username'], '@') < 1)) {
 139             $this->jerr('You typed the wrong Username or Password (0)');
 140             exit;
 141         }
 142
 143         $u->email = $_REQUEST['username'];
 144         if ($u->count() > 1 || !$u->find(true)) {
 145             $this->jerr('You typed the wrong Username or Password  (1)');
 146             exit;
 147         }
 148
 149         if (!$u->active) {
 150             $this->jerr('Account disabled');
 151         }
 152
 153         if ($u->checkPassword($_REQUEST['password'])) {
 154             $u->login();
 155             $this->AddEvent("LOGIN");
 156             if (!empty($_REQUEST['lang']) && $_REQUEST['lang'] != $u->lang) {
 157                 $uu = clone($u);
 158                 $uu->lang = $_REQUEST['lang'];
 159                 $uu->update();
 160             }
 161              // log it..
 162
 163             $this->sendAuthUserDetails();
 164             exit;
 165
 166             //exit;
 167         }
 168
 169
 170         $this->jerr('You typed the wrong Username or Password  (2)'); // - " . htmlspecialchars(print_r($_POST,true))."'");
 171         exit;
 172     }
 173
 174     function passwordRequest($n)
 175     {
 176         $u = DB_DataObject::factory('Person');
 177         //$u->company_id = $this->company->id;
 178
 179         $u->whereAdd('LENGTH(passwd) > 1');
 180         $u->email = $n;
 181         $u->active = 1;
 182         if ($u->count() > 1 || !$u->find(true)) {
 183             $this->jerr('invalid User (1)');
 184         }
 185         // got a avlid user..
 186         if (!strlen($u->passwd)) {
 187             $this->jerr('invalid User (2)');
 188         }
 189         // check to see if we have sent a request before..
 190
 191         if ($u->no_reset_sent > 3) {
 192             $this->jerr('We have issued to many resets - please contact the Administrator');
 193         }
 194         $this->authFrom = time();
 195         $this->authKey = $u->genPassKey($this->authFrom);
 196         $this->authKey = md5($u->email . $this->authFrom . $u->passwd);
 197
 198         $ret =  $u->sendTemplate('password_reset', $this);
 199         if (is_object($ret)) {
 200             $this->addEvent('SYSERR',false, $ret->getMessage());
 201             $this->jerr($ret->getMessage());
 202         }
 203         $this->addEvent('PASSREQ',$u, $u->email);
 204         $uu = clone($u);
 205         $uu->no_reset_sent++;
 206         $uu->update($u);
 207         $this->jok("done");
 208
 209
 210     }
 211     function changePassword($r)
 212     {
 213         $au = $this->getAuthUser();
 214         if ($au) {
 215             $uu = clone($au);
 216             $au->setPassword($r['passwd1']);
 217             $au->update($uu);
 218             $this->jok($au);
 219         }
 220         // not logged in -> need to validate
 221         if (empty($r['passwordReset'])) {
 222             $this->jerr("invalid request");
 223         }
 224         // same code as reset pasword
 225
 226         $bits = explode('/', $r['passwordReset']);
 227         //print_R($bits);
 228
 229         $res= $this->resetPassword(@$bits[0],@$bits[1],@$bits[2]);
 230
 231         if ($res !== false) {
 232             $this->jerr($res);
 233         }
 234         // key is correct.. let's change password...
 235
 236         $u = DB_DataObject::factory('Person');
 237
 238         //$u->company_id = $this->company->id;
 239         $u->whereAdd('LENGTH(passwd) > 1');
 240         $u->active = 1;
 241         if (!$u->get($bits[0])) {
 242            $this->jerr("invalid id"); // should not happen!!!!
 243         }
 244         $uu = clone($u);
 245         $u->setPassword($r['passwd1']);
 246         $u->update($uu);
 247         $u->login();
 248
 249         $this->jok($u);
 250     }
 251
 252
 253
 254 }
 255