Pman/Login.php
[Pman.Base] / Pman / Login.php
index 81b6408..d07f24a 100644 (file)
@@ -57,7 +57,12 @@ class Pman_Login extends Pman
             //DB_Dataobject::debugLevel(5);
             $this->sendAuthUserDetails();
             exit;
-           
+        }
+        
+        if(!empty($_REQUEST['check_owner_company'])) {
+            $core_company = DB_DataObject::factory('core_company');
+            $core_company->comptype = 'OWNER';
+            $this->jok($core_company->count());
         }
         
         // might be an idea to disable this?!?
@@ -74,7 +79,6 @@ class Pman_Login extends Pman
             $this->switchPublicUser($_REQUEST['loginPublic']);
         }
         
-        
         $this->jerr("INVALID REQUEST");
         exit;
     }
@@ -83,7 +87,8 @@ class Pman_Login extends Pman
     function logout()
     {
         $ff = class_exists('HTML_FlexyFramework2') ?  HTML_FlexyFramework2::get()  :  HTML_FlexyFramework::get();
-        //DB_DAtaObject::debugLevel(1);
+        
+       //DB_DAtaObject::debugLevel(1);
         $u = $this->getAuthUser();
         //print_r($u);
         if ($u) {
@@ -124,11 +129,23 @@ class Pman_Login extends Pman
         $tbl = empty($ff->Pman['authTable']) ? 'core_person' : $ff->Pman['authTable'];
         
         $u = DB_DataObject::factory($tbl);
+        $s = DB_DataObject::factory('core_setting');
+        $oath_require_val = 1;
+        // $oath_require = $s->lookup('core', 'two_factor_authentication_requirement');
+        // if(!empty($oath_require)) {
+        //     if($oath_require->val == 0) {
+        //         $oath_require_val = 0;
+        //     }
+        // } 
+        
         if (!$u->isAuth()) {
-             
-            $this->jok(array('id' => 0)); // not logged in..
+            $this->jok(array(
+                'id' => 0,
+                'require_oath' => $oath_require_val
+            ));
             exit;
         }
+        
         //die("got here?");
         $au = $u->getAuthUser();
         
@@ -177,7 +194,6 @@ class Pman_Login extends Pman
             
     }
 
-    
     function switchUser($id)
     {
         $tbl = empty($ff->Pman['authTable']) ? 'core_person' : $ff->Pman['authTable'];
@@ -188,13 +204,11 @@ class Pman_Login extends Pman
         
         $au = $u->getAuthUser();
         
-        
         // first check they have perms to do this..
         if (!$au|| ($au->company()->comptype != 'OWNER') || !$this->hasPerm('Core.Person', 'E')) {
             $this->jerr("User switching not permitted");
         }
-        
-        
+                
         $u = DB_DataObject::factory($tbl);
         $u->get($id);
         if (!$u->active()) {
@@ -202,7 +216,7 @@ class Pman_Login extends Pman
         }
         $u->login();
             // we might need this later..
-        $this->addEvent("SWITCH USER", false, $au->name . ' TO ' . $u->name);
+        $this->addEvent("SWITCH-USER", false, $au->name . ' TO ' . $u->name);
         $this->jok("SWITCH");
         
     }
@@ -231,8 +245,6 @@ class Pman_Login extends Pman
     {
         //DB_DataObject::debugLevel(1);
         
-        $this->ip_checking();
-        
         if (!empty($_REQUEST['getAuthUser'])) {
             $this->sendAuthUserDetails();
             exit;
@@ -260,14 +272,13 @@ class Pman_Login extends Pman
        
         $u = DB_DataObject::factory($tbl);
         
-        
-        
+        $ip = $this->ip_lookup();
         // ratelimit
-        if (!empty($_SERVER['REMOTE_ADDR'])) {
+        if (!empty($ip)) {
             //DB_DataObject::DebugLevel(1);
             $e = DB_DataObject::Factory('Events');
             $e->action = 'LOGIN-BAD';
-            $e->ipaddr = $_SERVER['REMOTE_ADDR'];
+            $e->ipaddr = $ip;
             $e->whereAdd('event_when > NOW() - INTERVAL 10 MINUTE');
             if ($e->count() > 5) {
                 $this->jerror('LOGIN-RATE', "Login failures are rate limited - please try later");
@@ -295,7 +306,7 @@ class Pman_Login extends Pman
         }
         
         if(!empty($u->oath_key) && empty($_REQUEST['oath_password'])){
-            $this->jerror('LOGIN-BAD','Your account require Two-Factor Authentication');
+            $this->jerror('LOGIN-BAD','Your account requires Two-Factor Authentication');
         }
         
         // check if config allows non-owner passwords.
@@ -315,11 +326,16 @@ class Pman_Login extends Pman
             exit;
         }
         
-        if(!empty($u->oath_key) && !$u->checkTwoFactorAuthentication(trim($_REQUEST['oath_password'],"\x10"))){
+        if(
+            !empty($u->oath_key) && 
+            !$u->checkTwoFactorAuthentication($_REQUEST['oath_password'])
+        ){
             $this->jerror('LOGIN-BAD', 'You typed the wrong Username or Password  (3)');
             exit;
         }
         
+        $this->ip_checking();
+        
         $u->login();
         // we might need this later..
         $this->addEvent("LOGIN", false, session_id());
@@ -483,6 +499,8 @@ class Pman_Login extends Pman
             ));
             
             $core_ip_access->insert();
+            
+            return;
         }
         
         $core_ip_access = DB_DataObject::factory('core_ip_access');
@@ -503,24 +521,25 @@ class Pman_Login extends Pman
             $core_ip_access->sendXMPP();
             
             $this->jerr('NEW-IP-ADDRESS', array('ip' => $ip));
+            
+            return;
         }
         
-        
-        print_R($core_ip_access);exit;
-        
-        $core_ip_access->sendXMPP();
-        exit;
-        
         if(empty($core_ip_access->status)){
             $this->jerr('PENDING-IP-ADDRESS', array('ip' => $ip));
         }
         
         if($core_ip_access->status == -1){
             $this->jerr('BLOCKED-IP-ADDRESS', array('ip' => $ip));
+            return;
         }
         
+        if($core_ip_access->status == -2 && strtotime($core_ip_access->expire_dt) < strtotime('NOW')){
+            $this->jerr('BLOCKED-IP-ADDRESS', array('ip' => $ip));
+            return;
+        }
         
-        
+        return;
     }
     
     function ip_lookup()
@@ -536,7 +555,5 @@ class Pman_Login extends Pman
         
         return $_SERVER['REMOTE_ADDR'];
     }
-    
-    
 }