projects / Pman.Base / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Pman/Images.php
[Pman.Base] / Pman / Login.php
1 <?php
2
3 require_once 'Pman.php';
4
5 /***
6
7 * Auth wrapper..
8
9 * User class must provide the following features.
10
11 * logout()
12 * isAuth() 
13 * getAuthUser();
14 * authUserArray() 
15 * active()  -- is user active. // or set prior to checking..
16 * authUserName(n) - sets the value prior to a find(true)
17 * checkPassword($_REQUEST['password'])) {
18 * login();
19 * lang(val) - to set the language..
20 */
21
22
23
24 class Pman_Login extends Pman
25
26     
27     var $masterTemplate = 'login.html';
28     
29     function getAuth() // everyone allowed in here..
30     {
31         parent::getAuth(); // load company..
32         return true;
33         
34     }
35     /**
36      * Accepts:
37      * logout =
38      * 
39      * 
40      */
41     function get() 
42     {
43         
44         
45         
46         
47         if (!empty($_REQUEST['logout'])) {
48             $u = $this->getAuthUser();
49             //print_r($u);
50             if ($u) {
51                 $this->addEvent('LOGOUT');
52                 $u->logout();
53             }
54             // log it..
55             
56             $_SESSION['Pman_I18N'] = array();
57             
58         }
59         
60         // general query...
61         if (!empty($_REQUEST['getAuthUser'])) {
62             //DB_Dataobject::debugLevel(5);
63             $this->sendAuthUserDetails();
64             exit;
65            
66         }
67         if (!empty($_REQUEST['username'])) {
68             $this->post();
69         }
70         $this->jerr("INVALID REQUEST");
71         exit;
72     }
73     
74     function sendAuthUserDetails()
75     {
76        // DB_DataObject::debugLevel(1);
77         $ff = HTML_FlexyFramework::get();
78         $tbl = empty($ff->Pman['authTable']) ? 'Person' : $ff->Pman['authTable'];
79         
80         $u = DB_DataObject::factory($tbl);
81         if (!$u->isAuth()) {
82             $this->jok(array('id' => 0)); // not logged in..
83             exit;
84         }
85         $au = $u->getAuthUser();
86         
87         $aur = $au->authUserArray();
88          
89         /** -- these need modulizing somehow! **/
90         
91         if ($this->hasModule('Fax')) {
92             // should check fax module???
93             $f = DB_DataObject::factory('Fax_Queue');
94             $aur['faxMax'] = $f->getMaxId();
95             $aur['faxNumPending'] = $f->getNumPending();
96         }
97         
98         if ($this->hasModule('Documents')) {
99         // inbox...
100             $d = DB_DataObject::factory('Documents_Tracking');
101             $d->person_id = $au->id;
102             //$d->status = 0; // unread
103             $d->whereAdd('date_read IS NULL');
104             $d->applyFilters(array('query'=> array('unread' => 1)), $au);
105             $aur['inbox_unread'] = $d->count();
106         }
107         
108         //echo '<PRE>';print_r($aur);
109         
110         $this->jok($aur);
111         exit;
112         
113             
114     }
115
116     
117     var $domObj = false;
118     function post()
119     {
120         //DB_DataObject::debugLevel(1);
121         if (!empty($_REQUEST['getAuthUser'])) {
122             $this->sendAuthUserDetails();
123             exit;
124         }
125         
126         
127         if (!empty($_REQUEST['passwordRequest'])) { //|| (strpos($_REQUEST['username'], '@') < 1)) {
128             
129             return $this->passwordRequest($_REQUEST['passwordRequest']);
130             
131         }
132         
133         if (!empty($_REQUEST['changePassword'])) {
134             return $this->changePassword($_REQUEST);
135         }
136         
137         // login attempt..
138         
139         $ff = HTML_FlexyFramework::get();
140         $tbl = empty($ff->Pman['authTable']) ? 'Person' : $ff->Pman['authTable'];
141         
142        
143         $u = DB_DataObject::factory($tbl);
144         //$u->active = 1;
145         
146         
147         if (empty($_REQUEST['username'])) { //|| (strpos($_REQUEST['username'], '@') < 1)) {
148             $this->jerr('You typed the wrong Username or Password (0)');
149             exit;
150         }
151         
152         $u->authUserName($_REQUEST['username']);
153         
154         
155         if ($u->count() > 1 || !$u->find(true)) {
156             $this->jerr('You typed the wrong Username or Password  (1)');
157             exit;
158         }
159         
160         if (!$u->active()) {
161             $this->jerr('Account disabled');
162         }
163         
164         if ($u->checkPassword($_REQUEST['password'])) {
165             $u->login();
166             $this->addEvent("LOGIN");
167             if (!empty($_REQUEST['lang'])) {
168                 $u->lang($_REQUEST['lang']);
169             }
170              // log it..
171             
172             $this->sendAuthUserDetails();
173             exit;
174
175             //exit;
176         }
177         
178          
179         $this->jerr('You typed the wrong Username or Password  (2)'); // - " . htmlspecialchars(print_r($_POST,true))."'");
180         exit;
181     }
182     
183     function passwordRequest($n) 
184     {
185         $u = DB_DataObject::factory('Person');
186         //$u->company_id = $this->company->id;
187         
188         $u->whereAdd('LENGTH(passwd) > 1');
189         $u->email = $n;
190         $u->active = 1;
191         if ($u->count() > 1 || !$u->find(true)) {
192             $this->jerr('invalid User (1)');
193         }
194         // got a avlid user..
195         if (!strlen($u->passwd)) {
196             $this->jerr('invalid User (2)');
197         }
198         // check to see if we have sent a request before..
199         
200         if ($u->no_reset_sent > 3) {
201             $this->jerr('We have issued to many resets - please contact the Administrator');
202         }
203         $this->authFrom = time();
204         $this->authKey = $u->genPassKey($this->authFrom);
205         $this->authKey = md5($u->email . $this->authFrom . $u->passwd);
206         
207         $ret =  $u->sendTemplate('password_reset', $this);
208         if (is_object($ret)) {
209             $this->addEvent('SYSERR',false, $ret->getMessage());
210             $this->jerr($ret->getMessage());
211         }
212         $this->addEvent('PASSREQ',$u, $u->email);
213         $uu = clone($u);
214         $uu->no_reset_sent++;
215         $uu->update($u);
216         $this->jok("done");
217         
218         
219     }
220     function changePassword($r)
221     {
222         $au = $this->getAuthUser();
223         if ($au) {
224             $uu = clone($au);
225             $au->setPassword($r['passwd1']);
226             $au->update($uu);
227             $this->jok($au);
228         }
229         // not logged in -> need to validate 
230         if (empty($r['passwordReset'])) {
231             $this->jerr("invalid request");
232         }
233         // same code as reset pasword
234        
235         $bits = explode('/', $r['passwordReset']);
236         //print_R($bits);
237       
238         $res= $this->resetPassword(@$bits[0],@$bits[1],@$bits[2]);
239           
240         if ($res !== false) {
241             $this->jerr($res);
242         }
243         // key is correct.. let's change password...
244         
245         $u = DB_DataObject::factory('Person');
246         
247         //$u->company_id = $this->company->id;
248         $u->whereAdd('LENGTH(passwd) > 1');
249         $u->active = 1;
250         if (!$u->get($bits[0])) {
251            $this->jerr("invalid id"); // should not happen!!!!
252         }
253         $uu = clone($u);
254         $u->setPassword($r['passwd1']);
255         $u->update($uu);
256         $u->login();
257         
258         $this->jok($u);
259     }
260     
261     
262     
263 }
264
Pman (Base Files)