DataObjects/Core_person.php

[Pman.Core] / DataObjects / Core_person.php
diff --git a/DataObjects/Core_person.php b/DataObjects/Core_person.php

index 471a180..3ef5e12 100644 (file)
--- a/DataObjects/Core_person.php
+++ b/DataObjects/Core_person.php
@@ -265,6 +265,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
              // in session...
              $a = unserialize($_SESSION[get_class($this)][$sesPrefix .'-auth']);
              $u = DB_DataObject::factory($this->tableName());
+            $u->autoJoin();
              if ($a->id && $u->get($a->id)) { //&& strlen($u->passwd)) {
                  if ($u->verifyAuth()) {
                      self::$authUser = $u;
@@ -275,21 +276,6 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
              unset($_SESSION[get_class($this)][$sesPrefix .'-timeout']);
              setcookie('Pman.timeout', -1, time() + (30*60), '/');
              return false;
-        
-        
-        if (!empty($_SESSION[get_class($this)][$sesPrefix .'-auth'])) {
-            // in session...
-            $a = unserialize($_SESSION[get_class($this)][$sesPrefix .'-auth']);
-             
-            $u = DB_DataObject::factory($this->tableName());
-            if ($a->id && $u->get($a->id)) { //&& strlen($u->passwd)) {
-              
-                return $u->verifyAuth();  // got authentication...
-                
-    
-            }
-            
-            
          }
          
          // http basic auth..
@@ -303,7 +289,10 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
              &&
              $u->checkPassword($_SERVER['PHP_AUTH_PW'])
             ) {
-            $_SESSION[get_class($this)][$sesPrefix .'-auth'] = serialize($u);
+            // logged in via http auth
+            // http auth will not need session... 
+            //$_SESSION[get_class($this)][$sesPrefix .'-auth'] = serialize($u);
+            self::$authUser = $u;
              return true; 
          }
          //die("test init");
@@ -317,16 +306,20 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
          if (!empty($ff->Pman['local_autoauth']) && $ff->Pman['local_autoauth'] === true) {
              $auto_auth_allow  = true;
          }
-        if  (
-                (!empty($_SERVER['SERVER_ADDR'])) &&
-                (
-                    $_SERVER['SERVER_ADDR'] == '127.0.0.1' &&
-                    $_SERVER['REMOTE_ADDR'] == '127.0.0.1'
-                )
-                ||
+        if  ( !empty($ff->Pman['local_autoauth'])
+             &&
+                !empty($_SERVER['SERVER_ADDR']) &&
+                !empty($_SERVER['REMOTE_ADDR']) &&
                  (
-                    $_SERVER['SERVER_ADDR'] == '::1' &&
-                    $_SERVER['REMOTE_ADDR'] == '::1'
+                    (
+                       $_SERVER['SERVER_ADDR'] == '127.0.0.1' &&
+                       $_SERVER['REMOTE_ADDR'] == '127.0.0.1'
+                   )
+                   ||
+                   (
+                       $_SERVER['SERVER_ADDR'] == '::1' &&
+                       $_SERVER['REMOTE_ADDR'] == '::1'
+                   )
                  )
                  
              ){
@@ -334,7 +327,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
          }
          
          
-        if (empty($_SERVER['PATH_INFO']) || $_SERVER['PATH_INFO'] == '/Login') {
+        if (empty($_SERVER['PATH_INFO']) ||  $_SERVER['PATH_INFO'] == '/Login') {
              $auto_auth_allow  = false;
          }
          //var_dump($auto_auth_allow);
@@ -352,6 +345,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
              ");
              if($member->find(true)){
                  $default_admin = DB_DataObject::factory($this->tableName());
+                $default_admin->autoJoin();
                  if(!$default_admin->get($member->user_id)){
                      $default_admin = false;
                  }
@@ -360,17 +354,18 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
          
          //var_dump($ff->Pman['local_autoauth']);         var_dump($_SERVER); exit;
          $u = DB_DataObject::factory($this->tableName());
+        $u->autoJoin();
          $ff = HTML_FlexyFramework::get();
          
-        if ($auto_auth_allow &&
+        if ($auto_auth_allow && 
              ($default_admin ||  $u->get('email', $ff->Pman['local_autoauth']))
          ) {
              
              $user = $default_admin ? $default_admin->toArray() : $u->toArray();
              
              // if we request other URLS.. then we get auto logged in..
-            
-            $_SESSION[get_class($this)][$sesPrefix .'-auth'] = serialize((object) $user);
+            self::$authUser = $default_admin ? $default_admin : $u;;
+            //$_SESSION[get_class($this)][$sesPrefix .'-auth'] = serialize((object) $user);
              return true;
          }
          
@@ -417,23 +412,15 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
          
          //var_dump(array(get_class($this),$sesPrefix .'-auth'));
         
-        if (!empty($_SESSION[get_class($this)][$sesPrefix .'-auth'])) {
-            $a = unserialize($_SESSION[get_class($this)][$sesPrefix .'-auth']);
-            
-            $u = DB_DataObject::factory($this->tableName()); // allow extending this ...
-            $u->autoJoin();
-            if ($u->get($a->id)) { /// && strlen($u->passwd)) {  // should work out the pid .. really..
-                
+        if (self::$authUser) {
+             
+            if (isset($_SESSION[get_class($this)][$sesPrefix .'-auth'])) {
                  $_SESSION[get_class($this)][$sesPrefix .'-auth-timeout'] = time() + (30*60); // eg. 30 minutes
                  setcookie('Pman.timeout', time() + (30*60), time() + (30*60), '/');
-                
-                $user = clone ($u);
-                return clone($user);
-            
              }
-            unset($_SESSION[get_class($this)][$sesPrefix .'-auth']);
-            unset($_SESSION[get_class($this)][$sesPrefix .'-timeout']);
-            setcookie('Pman.timeout', -1, time() + (30*60), '/');
+            // not really sure why it's cloned..
+            return   clone (self::$authUser);
+             
              
          }
          
@@ -513,6 +500,12 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
          
          //var_dump(array(get_class($this),$sesPrefix .'-auth'));
          $_SESSION[get_class($this)][$sesPrefix .'-auth'] = serialize((object)$d);
+        
+        $pp = DB_DAtaObject::Factory($this->tableName());
+        $pp->get($this->pid());
+        $pp->autoJoin();
+        
+        self::$authUser = $pp;
          // ensure it's written so that ajax calls can fetch it..
          
          
@@ -528,6 +521,8 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
          
          $_SESSION[get_class($this)][$sesPrefix .'-auth'] = "";
          
+        self::$authUser = false;
+        
      }    
      function genPassKey ($t) 
      {
@@ -631,7 +626,8 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
          if (!func_num_args()) {
              return $this->lang;
          }
-        $val = array_shift(func_get_args());
+        $ar = func_get_args();
+        $val = array_shift($ar);
          if ($val == $this->lang) {
              return;
          }
@@ -698,7 +694,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
          $aur['require_oath'] = 1;
          
          $s = DB_DataObject::Factory('core_setting');
-        $oath_require = $s->lookup('core', 'two_factor_authentication_requirement');
+        $oath_require = $s->lookup('core', 'two_factor_auth_required');
          $aur['require_oath'] = $oath_require ?  $oath_require->val : 0;
          
          return $aur;
@@ -816,7 +812,11 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
                  $roo->jerr('Fail to generate QR Code');
              }
              
-            $roo->jok($qrcode);
+            $roo->jdata(array(
+                'secret' => $hash,
+                'image' => $qrcode,
+                'issuer' => $person->issuer
+            ));
          }
          
          if(!empty($q['two_factor_auth_code'])) {
@@ -1430,7 +1430,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
          return $sesPrefix;
      }
      
-    function loginPublic()
+    function loginPublic() // used where???
      {
          $this->isAuth(); // force session start..
           
@@ -1475,8 +1475,8 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
              return false;
          }
          
-        $issuer = (empty($this->name)) ? 
-            rawurlencode('ROOJS') : rawurlencode($this->name);
+        
+        $issuer = rawurlencode($this->issuer);
          
          $uri = "otpauth://totp/{$issuer}:{$this->email}?secret={$hash}&issuer={$issuer}&algorithm=SHA1&digits=6&period=30";
          
@@ -1496,4 +1496,32 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
          return "data:image/png;base64,{$base64}";
      }
      
+    function qrCodeIssuer()
+    {
+        $pg= HTML_FlexyFramework::get()->page;
+        
+        $this->issuer = (empty($pg->company->name)) ?  'COBA KYC' : "{$pg->company->name} COBA KYC";
+        
+        return;
+    }
+    
+    static function test_ADMIN_PASSWORD_RESET($pg, $to)
+    {
+        $ff = HTML_FlexyFramework::get();
+        $person = DB_DataObject::Factory('core_person');
+        $person->id = -1;
+        
+        return array(
+            'HTTP_HOST' => $_SERVER['SERVER_NAME'],
+            'person' => $person,
+            'authFrom' => 'FAKE_LINK',
+            'authKey' => 'FAKE_KEY',
+
+            'rcpts' => $to->email,
+        );
+        
+        return $content;
+    }
+    
+    
   }