return $this->logout();
}
+ if(!empty($_REQUEST['user_has_oath'])) {
+ return $this->checkUserOath();
+ }
+
// general query...
if (!empty($_REQUEST['getAuthUser'])) {
//DB_Dataobject::debugLevel(5);
$this->sendAuthUserDetails();
exit;
-
+ }
+
+ if(!empty($_REQUEST['check_owner_company'])) {
+ $core_company = DB_DataObject::factory('core_company');
+ $core_company->comptype = 'OWNER';
+ $this->jok($core_company->count());
}
// might be an idea to disable this?!?
$this->switchPublicUser($_REQUEST['loginPublic']);
}
-
$this->jerr("INVALID REQUEST");
exit;
}
function logout()
{
$ff = class_exists('HTML_FlexyFramework2') ? HTML_FlexyFramework2::get() : HTML_FlexyFramework::get();
- //DB_DAtaObject::debugLevel(1);
+
+ //DB_DAtaObject::debugLevel(1);
$u = $this->getAuthUser();
//print_r($u);
if ($u) {
}
-
function switchUser($id)
{
$tbl = empty($ff->Pman['authTable']) ? 'core_person' : $ff->Pman['authTable'];
$au = $u->getAuthUser();
-
// first check they have perms to do this..
if (!$au|| ($au->company()->comptype != 'OWNER') || !$this->hasPerm('Core.Person', 'E')) {
$this->jerr("User switching not permitted");
}
-
-
+
$u = DB_DataObject::factory($tbl);
$u->get($id);
if (!$u->active()) {
}
$u->login();
// we might need this later..
- $this->addEvent("SWITCH USER", false, $au->name . ' TO ' . $u->name);
+ $this->addEvent("SWITCH-USER", false, $au->name . ' TO ' . $u->name);
$this->jok("SWITCH");
}
}
if(!empty($u->oath_key) && empty($_REQUEST['oath_password'])){
- $this->jerror('LOGIN-BAD','Your account require Two-Factor Authentication');
+ $this->jerror('LOGIN-BAD','Your account requires Two-Factor Authentication');
}
// check if config allows non-owner passwords.
$ff= HTML_FlexyFramework::get();
if (!empty($ff->Pman['auth_comptype']) && $ff->Pman['auth_comptype'] != $u->company()->comptype) {
//print_r($u->company());
- $test = $u->company()->comptype;
- print_r($test);exit;
$this->jerror('LOGIN-BADUSER', "Login not permited to outside companies"); // serious failure
}
return $_SERVER['REMOTE_ADDR'];
}
-
-
}