Pman/Login.php

[Pman.Base] / Pman / Login.php

diff --git a/Pman/Login.php b/Pman/Login.php
index 71af6c0..f287ac5 100644 (file)
--- a/Pman/Login.php
+++ b/Pman/Login.php
@@ -48,7 +48,11 @@ class Pman_Login extends Pman
             $u = $this->getAuthUser();
             //print_r($u);
             if ($u) {
+                
                 $this->addEvent('LOGOUT');
+                $e = DB_DataObject::factory('Events');
+              
+                session_regenerate_id(true);
                 $u->logout();
             }
             // log it..
@@ -59,6 +63,7 @@ class Pman_Login extends Pman
         
         // general query...
         if (!empty($_REQUEST['getAuthUser'])) {
+            //DB_Dataobject::debugLevel(5);
             $this->sendAuthUserDetails();
             exit;
            
@@ -66,13 +71,18 @@ class Pman_Login extends Pman
         if (!empty($_REQUEST['username'])) {
             $this->post();
         }
+        if (!empty($_REQUEST['switch'])) {
+            $this->switchUser($_REQUEST['switch']);
+        }
+        
+        
         $this->jerr("INVALID REQUEST");
         exit;
     }
     
     function sendAuthUserDetails()
     {
-        
+       // DB_DataObject::debugLevel(1);
         $ff = HTML_FlexyFramework::get();
         $tbl = empty($ff->Pman['authTable']) ? 'Person' : $ff->Pman['authTable'];
         
@@ -84,7 +94,7 @@ class Pman_Login extends Pman
         $au = $u->getAuthUser();
         
         $aur = $au->authUserArray();
-        var_dump($aur);
+         
         /** -- these need modulizing somehow! **/
         
         if ($this->hasModule('Fax')) {
@@ -113,10 +123,20 @@ class Pman_Login extends Pman
     }
 
     
+    function switchUser($id)
+    {
+        // first check they have perms to do this..
+        if (!$this->authUser || ($this->authUser->company_id_comptype != 'OWNER') || !$this->hasPerm('Core.Person', 'E')) {
+            $this->jerr("User switching not permitted");
+        }
+        
+    }
+    
+    
     var $domObj = false;
     function post()
     {
-        
+        //DB_DataObject::debugLevel(1);
         if (!empty($_REQUEST['getAuthUser'])) {
             $this->sendAuthUserDetails();
             exit;
@@ -133,7 +153,9 @@ class Pman_Login extends Pman
             return $this->changePassword($_REQUEST);
         }
         
-         $ff = HTML_FlexyFramework::get();
+        // login attempt..
+        
+        $ff = HTML_FlexyFramework::get();
         $tbl = empty($ff->Pman['authTable']) ? 'Person' : $ff->Pman['authTable'];
         
        
@@ -160,7 +182,8 @@ class Pman_Login extends Pman
         
         if ($u->checkPassword($_REQUEST['password'])) {
             $u->login();
-            $this->addEvent("LOGIN");
+            // we might need this later..
+            $this->addEvent("LOGIN", false, session_id());
             if (!empty($_REQUEST['lang'])) {
                 $u->lang($_REQUEST['lang']);
             }