getAuthUser(); //print_r($u); if ($u) { $this->addEvent('LOGOUT'); $e = DB_DataObject::factory('Events'); session_regenerate_id(true); $u->logout(); } // log it.. $_SESSION['Pman_I18N'] = array(); } // general query... if (!empty($_REQUEST['getAuthUser'])) { //DB_Dataobject::debugLevel(5); $this->sendAuthUserDetails(); exit; } if (!empty($_REQUEST['username'])) { $this->post(); } if (!empty($_REQUEST['switch'])) { $this->switchUser($_REQUEST['switch']); } $this->jerr("INVALID REQUEST"); exit; } function sendAuthUserDetails() { // DB_DataObject::debugLevel(1); $ff = HTML_FlexyFramework::get(); $tbl = empty($ff->Pman['authTable']) ? 'Person' : $ff->Pman['authTable']; $u = DB_DataObject::factory($tbl); if (!$u->isAuth()) { $this->jok(array('id' => 0)); // not logged in.. exit; } $au = $u->getAuthUser(); $aur = $au->authUserArray(); /** -- these need modulizing somehow! **/ if ($this->hasModule('Fax')) { // should check fax module??? $f = DB_DataObject::factory('Fax_Queue'); $aur['faxMax'] = $f->getMaxId(); $aur['faxNumPending'] = $f->getNumPending(); } if ($this->hasModule('Documents')) { // inbox... $d = DB_DataObject::factory('Documents_Tracking'); $d->person_id = $au->id; //$d->status = 0; // unread $d->whereAdd('date_read IS NULL'); $d->applyFilters(array('query'=> array('unread' => 1)), $au); $aur['inbox_unread'] = $d->count(); } //echo '
';print_r($aur); $this->jok($aur); exit; } function switchUser($id) { // first check they have perms to do this.. if (!$this->authUser || ($this->authUser->company_id_comptype != 'OWNER') || !$this->hasPerm('Core.Person', 'E')) { $this->jerr("User switching not permitted"); } $old = clone($this->authUser); $tbl = empty($ff->Pman['authTable']) ? 'Person' : $ff->Pman['authTable']; $u = DB_DataObject::factory($tbl); $u->get($id); if (!$u->active()) { $this->jerr('Account disabled'); } $u->login(); // we might need this later.. $this->addEvent("SWITCH USER", false, $old->name . ' TO ' . $u->name); $this->jok("SWITCH"); } var $domObj = false; function post() { //DB_DataObject::debugLevel(1); if (!empty($_REQUEST['getAuthUser'])) { $this->sendAuthUserDetails(); exit; } if (!empty($_REQUEST['passwordRequest'])) { //|| (strpos($_REQUEST['username'], '@') < 1)) { return $this->passwordRequest($_REQUEST['passwordRequest']); } if (!empty($_REQUEST['changePassword'])) { return $this->changePassword($_REQUEST); } // login attempt.. $ff = HTML_FlexyFramework::get(); $tbl = empty($ff->Pman['authTable']) ? 'Person' : $ff->Pman['authTable']; $u = DB_DataObject::factory($tbl); //$u->active = 1; if (empty($_REQUEST['username'])) { //|| (strpos($_REQUEST['username'], '@') < 1)) { $this->jerr('You typed the wrong Username or Password (0)'); exit; } $u->authUserName($_REQUEST['username']); if ($u->count() > 1 || !$u->find(true)) { $this->jerr('You typed the wrong Username or Password (1)'); exit; } if (!$u->active()) { $this->jerr('Account disabled'); } if ($u->checkPassword($_REQUEST['password'])) { $u->login(); // we might need this later.. $this->addEvent("LOGIN", false, session_id()); if (!empty($_REQUEST['lang'])) { $u->lang($_REQUEST['lang']); } // log it.. $this->sendAuthUserDetails(); exit; //exit; } $this->jerr('You typed the wrong Username or Password (2)'); // - " . htmlspecialchars(print_r($_POST,true))."'"); exit; } function passwordRequest($n) { $u = DB_DataObject::factory('Person'); //$u->company_id = $this->company->id; $u->whereAdd('LENGTH(passwd) > 1'); $u->email = $n; $u->active = 1; if ($u->count() > 1 || !$u->find(true)) { $this->jerr('invalid User (1)'); } // got a avlid user.. if (!strlen($u->passwd)) { $this->jerr('invalid User (2)'); } // check to see if we have sent a request before.. if ($u->no_reset_sent > 3) { $this->jerr('We have issued to many resets - please contact the Administrator'); } $this->authFrom = time(); $this->authKey = $u->genPassKey($this->authFrom); $this->authKey = md5($u->email . $this->authFrom . $u->passwd); $ret = $u->sendTemplate('password_reset', $this); if (is_object($ret)) { $this->addEvent('SYSERR',false, $ret->getMessage()); $this->jerr($ret->getMessage()); } $this->addEvent('PASSREQ',$u, $u->email); $uu = clone($u); $uu->no_reset_sent++; $uu->update($u); $this->jok("done"); } function changePassword($r) { $au = $this->getAuthUser(); if ($au) { $uu = clone($au); $au->setPassword($r['passwd1']); $au->update($uu); $this->jok($au); } // not logged in -> need to validate if (empty($r['passwordReset'])) { $this->jerr("invalid request"); } // same code as reset pasword $bits = explode('/', $r['passwordReset']); //print_R($bits); $res= $this->resetPassword(@$bits[0],@$bits[1],@$bits[2]); if ($res !== false) { $this->jerr($res); } // key is correct.. let's change password... $u = DB_DataObject::factory('Person'); //$u->company_id = $this->company->id; $u->whereAdd('LENGTH(passwd) > 1'); $u->active = 1; if (!$u->get($bits[0])) { $this->jerr("invalid id"); // should not happen!!!! } $uu = clone($u); $u->setPassword($r['passwd1']); $u->update($uu); $u->login(); $this->jok($u); } }