require_once 'Pman.php';
+/***
+*
+* Auth wrapper..
+*
+* User class must provide the following features.
+*
+* logout()
+* isAuth()
+* getAuthUser();
+* authUserArray()
+* active() -- is user active. // or set prior to checking..
+* authUserName(n) - sets the value prior to a find(true)
+* checkPassword($_REQUEST['password'])) {
+* login();
+* lang(val) - to set the language..
+*/
+
+
+
class Pman_Login extends Pman
{
$u = $this->getAuthUser();
//print_r($u);
if ($u) {
+
$this->addEvent('LOGOUT');
+ $e = DB_DataObject::factory('Events');
+
+ session_regenerate_id(true);
$u->logout();
}
// log it..
// general query...
if (!empty($_REQUEST['getAuthUser'])) {
+ //DB_Dataobject::debugLevel(5);
$this->sendAuthUserDetails();
exit;
if (!empty($_REQUEST['username'])) {
$this->post();
}
+ if (!empty($_REQUEST['switch'])) {
+ $this->switchUser($_REQUEST['switch']);
+ }
+
+
$this->jerr("INVALID REQUEST");
exit;
}
function sendAuthUserDetails()
{
- $u = DB_DataObject::factory('Person');
+ // DB_DataObject::debugLevel(1);
+ $ff = HTML_FlexyFramework::get();
+ $tbl = empty($ff->Pman['authTable']) ? 'Person' : $ff->Pman['authTable'];
+
+ $u = DB_DataObject::factory($tbl);
if (!$u->isAuth()) {
$this->jok(array('id' => 0)); // not logged in..
exit;
}
- $au = $u->getAuthUser();
- $aur = $au->toArray();
- //DB_DataObject::debugLevel(1);
- $c = DB_Dataobject::factory('Companies');
- $im = DB_Dataobject::factory('Images');
- $c->joinAdd($im, 'LEFT');
- $c->selectAdd();
- $c->selectAs($c, 'company_id_%s');
- $c->selectAs($im, 'company_id_logo_id_%s');
- $c->id = $au->company_id;
- $c->limit(1);
- $c->find(true);
-
- $aur = array_merge( $c->toArray(),$aur);
-
- if (empty($c->company_id_logo_id_id)) {
-
- $im = DB_Dataobject::factory('Images');
- $im->ontable = 'Companies';
- $im->onid = $c->id;
- $im->imgtype = 'LOGO';
- $im->limit(1);
- $im->selectAs($im, 'company_id_logo_id_%s');
- if ($im->find(true)) {
-
- foreach($im->toArray() as $k=>$v) {
- $aur[$k] = $v;
- }
- }
- }
-
- // i18n language and coutry lists.
-
- $lang = empty($au->lang) ? 'en' : $au->lang;
- if (empty($_SESSION['Pman_I18N'][$lang])) {
- require_once 'Pman/I18N.php';
- $x = new Pman_I18N();
- $x->setSession($au);
-
+ $ff= HTML_FlexyFramework::get();
+ if (!empty($ff->Pman['auth_comptype']) && $ff->Pman['auth_comptype'] != $u->company()->comptype) {
+ $this->jerr("Login not permited to outside companies");
}
- $aur['i18n'] =$_SESSION['Pman_I18N'][$lang];
-
- // perms + groups.
- $aur['perms'] = $au->getPerms();
- $g = DB_DataObject::Factory('Group_Members');
- $aur['groups'] = $g->listGroupMembership($au, 'name');
- $aur['passwd'] = '';
- $aur['dailykey'] = '';
+ $au = $u->getAuthUser();
+ $aur = $au->authUserArray();
+
/** -- these need modulizing somehow! **/
if ($this->hasModule('Fax')) {
}
+ function switchUser($id)
+ {
+ $tbl = empty($ff->Pman['authTable']) ? 'Person' : $ff->Pman['authTable'];
+ $u = DB_DataObject::factory($tbl);
+ if (!$u->isAuth()) {
+ $this->err("not logged in");
+ }
+
+ $au = $u->getAuthUser();
+
+
+ // first check they have perms to do this..
+ if (!$au|| ($au->company()->comptype != 'OWNER') || !$this->hasPerm('Core.Person', 'E')) {
+ $this->jerr("User switching not permitted");
+ }
+
+
+ $u = DB_DataObject::factory($tbl);
+ $u->get($id);
+ if (!$u->active()) {
+ $this->jerr('Account disabled');
+ }
+ $u->login();
+ // we might need this later..
+ $this->addEvent("SWITCH USER", false, $au->name . ' TO ' . $u->name);
+ $this->jok("SWITCH");
+
+ }
+
+
var $domObj = false;
function post()
{
+ //DB_DataObject::debugLevel(1);
+ if (!empty($_REQUEST['getAuthUser'])) {
+ $this->sendAuthUserDetails();
+ exit;
+ }
+
if (!empty($_REQUEST['passwordRequest'])) { //|| (strpos($_REQUEST['username'], '@') < 1)) {
return $this->changePassword($_REQUEST);
}
+ // login attempt..
- $u = DB_DataObject::factory('Person');
+ $ff = HTML_FlexyFramework::get();
+ $tbl = empty($ff->Pman['authTable']) ? 'Person' : $ff->Pman['authTable'];
+
+
+ $u = DB_DataObject::factory($tbl);
//$u->active = 1;
- $u->whereAdd('LENGTH(passwd) > 1');
- //$u->company_id = $this->company->id;
+
if (empty($_REQUEST['username'])) { //|| (strpos($_REQUEST['username'], '@') < 1)) {
$this->jerr('You typed the wrong Username or Password (0)');
exit;
}
-
- $u->email = $_REQUEST['username'];
+
+ $u->authUserName($_REQUEST['username']);
+
+
if ($u->count() > 1 || !$u->find(true)) {
$this->jerr('You typed the wrong Username or Password (1)');
exit;
}
- if (!$u->active) {
+ if (!$u->active()) {
$this->jerr('Account disabled');
}
+ // check if config allows non-owner passwords.
+ // auth_company = "OWNER" // auth_company = "CLIENT" or blank for all?
+ // perhaps it should support arrays..
+ $ff= HTML_FlexyFramework::get();
+ if (!empty($ff->Pman['auth_comptype']) && $ff->Pman['auth_comptype'] != $u->company()->comptype) {
+ $this->jerr("Login not permited to outside companies");
+ }
+
+
+
if ($u->checkPassword($_REQUEST['password'])) {
$u->login();
- $this->AddEvent("LOGIN");
- if (!empty($_REQUEST['lang']) && $_REQUEST['lang'] != $u->lang) {
- $uu = clone($u);
- $uu->lang = $_REQUEST['lang'];
- $uu->update();
+ // we might need this later..
+ $this->addEvent("LOGIN", false, session_id());
+ if (!empty($_REQUEST['lang'])) {
+ $u->lang($_REQUEST['lang']);
}
// log it..