comptype= 'OWNER'; $x->find(true); if (!empty($q['query']['company_project_id'])) { $add = ''; if (!empty($q['query']['company_include_self'])) { $add = ' OR Companies.id = ' . $x->id; } if (!empty($q['query']['company_not_self'])) { $add = ' AND Companies.id != ' . $x->id; } $pids = array(); $pid = $q['query']['company_project_id']; if (strpos($pid, ',')) { $bits = explode(',', $pid); foreach($bits as $b) { $pids[] = (int)$b; } } else { $pids = array($pid); } $pids = implode(',', $pids); $this->whereAdd("Companies.id IN ( SELECT distinct(company_id) FROM ProjectDirectory where project_id IN ($pids) ) $add" ); } if (!empty($q['query']['comptype'])) { $this->whereAddIn('comptype', explode(',', $q['query']['comptype']), 'string'); } if (!empty($q['query']['province'])) { $prov = $this->escape($q['query']['province']); $this->whereAdd("province LIKE '$prov%'"); } } function toEventString() { return $this->name; } // ---------- AUTHENTICATION function isAuth() { $db = $this->getDatabaseConnection(); $sesPrefix = $db->dsn['database']; @session_start(); if (!empty($_SESSION[__CLASS__][$sesPrefix .'-auth'])) { // in session... $a = unserialize($_SESSION[__CLASS__][$sesPrefix .'-auth']); $u = DB_DataObject::factory('Companies'); if ($u->get($a->id)) { //&& strlen($u->passwd)) { return true; } $_SESSION[__CLASS__][$sesPrefix .'-auth'] = ''; } // not in session or not matched... return false; } function getAuthUser() { if (!$this->isAuth()) { return false; } $db = $this->getDatabaseConnection(); $sesPrefix = $db->dsn['database']; if (!empty($_SESSION[__CLASS__][$sesPrefix .'-auth'])) { $a = unserialize($_SESSION[__CLASS__][$sesPrefix .'-auth']); $u = DB_DataObject::factory('Companies'); if ($u->get($a->id)) { /// && strlen($u->passwd)) { return clone($u); } } return false; } function login() { $this->isAuth(); // force session start.. $db = $this->getDatabaseConnection(); $sesPrefix = $db->dsn['database']; $_SESSION[__CLASS__][$sesPrefix .'-auth'] = serialize($this); } function logout() { $this->isAuth(); // force session start.. $db = $this->getDatabaseConnection(); $sesPrefix = $db->dsn['database']; $_SESSION[__CLASS__][$sesPrefix .'-auth'] = ""; } // ---------- AUTHENTICATION function checkPassword($val) { //echo '
'.$val . print_R($this,true); if (substr($this->passwd,0,1) == '$') { return crypt($val,$this->passwd) == $this->passwd ; } // old style md5 passwords...- cant be used with courier.... return md5($val) == $this->passwd; } function setPassword($value) { $salt=''; while(strlen($salt)<9) { $salt.=chr(rand(64,126)); //php -r var_dump(crypt('testpassword', '$1$'. (rand(64,126)). '$')); } $this->passwd = crypt($value, '$1$'. $salt. '$'); } function onUpload($controller) { $image = DB_DataObject::factory('Images'); return $image->onUploadWithTbl($this, 'logo_id'); } function onUpdate($old, $req,$roo) { if (!empty($req['password1'])) { $this->setPassword($req['password1']); $this->update(); } } function onInsert($req, $roo) { if (!empty($this->logo_id)) { // update images table to sycn with this.. $img = DB_DataObject::factory('Images'); if ($img->get($this->logo_id) && ($img->onid != $this->id)) { $img->onid = $this->id; $img->update(); } } if (!empty($req['password1'])) { $this->setPassword($req['password1']); $this->update(); } $img = DB_DataObject::factory('Images'); $img->onid= 0; $img->ontable = 'Companies'; $img->imgtype = 'LOGO'; // should check uploader!!! if ($img->find()) { while($img->fetch()) { $ii = clone($img); $ii->onid = $this->id; $ii->update(); $this->logo_id = $ii->id; } $this->update(); } } function beforeDelete() { // should check for members.... $img = DB_DataObject::factory('Images'); $img->ontable = 'Companies'; $img->onid = $this->id; $img->find(); while ($img->fetch()) { $img->beforeDelete(); $img->delete(); } return true; } /** * check who is trying to access this. false == access denied.. */ function checkPerm($lvl, $au, $changes = false) { // do we have an empty system.. if ($au && $au->id == -1) { return true; } if ($au->company()->comptype != 'OWNER') { // hacking! if ($changes && isset($changes['comptype']) && $changes['comptype'] != $this->comptype) { return false; } return $this->id == $au->company_id; } return $au->hasPerm("Core.Companies", $lvl); } function logoImageToHTML($size) { $i = DB_DataObject::factory('Images'); if (!$this->logo_id || !$i->get($this->logo_id)) { return ''; } return $i->toHTML($size); } }