function owner()
{
- $p = DB_DataObject::Factory($this->tableName());
+ // this might be a Person in some old code?
+ $p = DB_DataObject::Factory('core_person');
$p->get($this->owner_id);
return $p;
}
// ---------------- authentication / passwords and keys stuff ----------------
function isAuth()
{
- @session_start();
+ // do not start a session if we are using http auth...
+ if (empty($_SERVER['PHP_AUTH_USER']) && php_sapi_name() != "cli") {
+ @session_start();
+ }
$ff= HTML_FlexyFramework::get();
}
- if (empty($_SERVER['PATH_INFO']) || $_SERVER['PATH_INFO'] == '/Login' || $_SERVER['PATH_INFO'] == '/PasswordReset'
- ) {
+ if (empty($_SERVER['PATH_INFO']) || $_SERVER['PATH_INFO'] == '/Login') {
$auto_auth_allow = false;
}
- //var_dump($auto_auth_allow);
+ //var_dump($auto_auth_allow);
// local auth -
$default_admin = false;
if ($auto_auth_allow) {
$u = DB_DataObject::factory($this->tableName());
$u->whereAdd(' LENGTH(passwd) > 0');
$n = $u->count();
+ if (empty($_SESSION[get_class($this)]) || !is_array($_SESSION[get_class($this)])) {
+ $_SESSION[get_class($this)] = array();
+ }
$_SESSION[get_class($this)][$sesPrefix .'-empty'] = $n;
if (class_exists('PEAR')) {
$error = PEAR::getStaticProperty('DB_DataObject','lastError');
$this->isAuth(); // force session start..
$sesPrefix = $this->sesPrefix();
-
$_SESSION[get_class($this)][$sesPrefix .'-auth-timeout'] = -1;
-
$_SESSION[get_class($this)][$sesPrefix .'-auth'] = "";
-
self::$authUser = false;
}
$month = $m > -1 ? date('Y-m') : date('Y-m', strtotime('LAST MONTH'));
return md5(implode(',' , array($month, $this->email , $this->passwd, $this->id)));
- }
+ }
+ /**
+ * When we generate autologin urls:
+ * eg. /Somesite/Test/12
+ * it will generate:
+ * /Somesite/Test/12/{datetime}/{sha256(url + expires_datetime + password)}
+ *
+ * eg. genAutoLoginURL($sub, $expires)
+ */
+ function genAutoLoginURL($url, $expires = false)
+ {
+ $expires = $expires === false ? strtotime("NOW + 1 WEEK") : $expires;
+ //echo serialize(array($url, $expires, $this->email, $this->passwd));
+ //echo hash('sha256', serialize(array($url, $expires, $this->email, $this->passwd)));
+
+ return $url.'/'.$this->id .'/'.$expires.'/'.
+ hash('sha256',
+ serialize(
+ array($url, $expires, $this->email,$this->passwd)
+ )
+ );
+
+ }
+
+ function validateAutoLogin($called)
+ {
+ $bits = explode("/",$called);
+ if (count($bits) < 4) {
+ return false; // unrelated.
+ }
+ $hash = array_pop($bits);
+ $time = array_pop($bits);
+
+ $id = array_pop($bits);
+ if (!is_numeric($time) || !is_numeric($id)) {
+ return false; // wrong format.
+ }
+ $u = DB_DataObject::Factory($this->tableName());
+ $u->get($id);
+ $url = implode("/", $bits);
+ if ($time < time()) {
+ return "Expired";
+ }
+ //echo serialize(array('/'.$url, $time, $u->email, $u->passwd));
+ //echo hash('sha256', serialize(array('/'.$url, $time, $u->email, $u->passwd)));
+ if ($hash == hash('sha256', serialize(array('/'.$url, $time*1, $u->email, $u->passwd)))) {
+ $u->login();
+ return $u;
+ }
+ return false;
+ }
+
function checkTwoFactorAuthentication($val)
{
function company()
{
+ if (empty($this->company_id)) {
+ return false;
+ }
$x = DB_DataObject::factory('core_company');
$x->autoJoin();
$x->get($this->company_id);
function authUserArray()
{
-
$aur = $this->toArray();
if ($this->id < 1) {
return $aur;
}
-
//DB_DataObject::debugLevel(1);
$c = DB_Dataobject::factory('core_company');
$im = DB_Dataobject::factory('Images');
$oath_require = $s->lookup('core', 'two_factor_auth_required');
$aur['require_oath'] = $oath_require ? $oath_require->val : 0;
+ $aur['core_person_settings'] = array();
+
+ $core_person_settings = DB_DataObject::factory('core_person_settings');
+ $core_person_settings->setFrom(array(
+ 'person_id' => $this->id
+ ));
+
+ $aur['core_person_settings'] = $core_person_settings->fetchAll('scope', 'data');
+
return $aur;
}
$roo->jerr('Fail to generate QR Code');
}
- $roo->jok($qrcode);
+ $roo->jdata(array(
+ 'secret' => $hash,
+ 'image' => $qrcode,
+ 'issuer' => $person->qrCodeIssuer()
+ ));
}
if(!empty($q['two_factor_auth_code'])) {
)"
);
}
+ if(!empty($q['in_group_starts'])){
+
+ $v = $this->escape($q['in_group_starts']);
+
+ $this->whereAdd("
+ $tn_p.id IN (
+ SELECT
+ DISTINCT(user_id) FROM $tn_gm
+ LEFT JOIN
+ $tn_g
+ ON
+ $tn_g.id = $tn_gm.group_id
+ WHERE
+ $tn_g.name LIKE '{$v}%'
+ )"
+ );
+ }
+
+
// #2307 Search Country!!
if (!empty($q['query']['in_country'])) {
if (!$roo->hasPerm('Core.Projects_All', 'S')) {
$peps = $p->people($pids);
- $this->whereAddIn("{$tn}.id", $peps, 'int');
+ $this->whereAddIn("{$this->tableName()}.id", $peps, 'int');
}
}
LENGTH({$this->tableName()}.oath_key) AS length_oath_key
");
}
+ if (isset($q['_with_group_membership'])) {
+ $this->selectAddGroupMemberships();
+ }
-
+ }
+
+ function selectAddGroupMemberships()
+ {
+ $this->selectAdd("
+
+ COALESCE((
+ SELECT
+ GROUP_CONCAT( CASE WHEN core_group.display_name = '' THEN core_group.name ELSE core_group.display_name END separator '\n')
+ FROM
+ core_group_member
+ LEFT JOIN
+ core_group
+ ON
+ core_group.id = core_group_member.group_id
+ WHERE
+ core_group_member.user_id = core_person.id
+ ORDER BY
+ core_group.display_name ASC
+ ), '') as member_of");
}
function setFromRoo($ar, $roo)
{
- $this->setFrom($ar);
+ $this->setFrom($ar);
if(!empty($ar['_enable_oath_key'])){
$oath_key = $this->generateOathKey();
}
// this only applies to our owner company..
$c = $this->company();
- if (empty($c->comptype_name) || $c->comptype_name != 'OWNER') {
+ if (empty($c) || empty($c->comptype_name) || $c->comptype_name != 'OWNER') {
return true;
}
return false;
}
- $issuer = (empty($this->name)) ?
- rawurlencode('ROOJS') : rawurlencode($this->name);
+ $issuer = rawurlencode($this->qrCodeIssuer());
$uri = "otpauth://totp/{$issuer}:{$this->email}?secret={$hash}&issuer={$issuer}&algorithm=SHA1&digits=6&period=30";
return "data:image/png;base64,{$base64}";
}
+ function qrCodeIssuer()
+ {
+ $pg= HTML_FlexyFramework::get()->page;
+
+ $issuer = (empty($pg->company->name)) ? 'ROOJS' : "{$pg->company->name}";
+
+ return $issuer;
+ }
+
static function test_ADMIN_PASSWORD_RESET($pg, $to)
{
$ff = HTML_FlexyFramework::get();