}
unset($_SESSION[get_class($this)][$sesPrefix .'-auth']);
unset($_SESSION[get_class($this)][$sesPrefix .'-timeout']);
- setcookie('Pman.timeout', -1, time() + (30*60), '/');
+ //setcookie('Pman.timeout', -1, time() + (30*60), '/');
return false;
}
if (isset($_SESSION[get_class($this)][$sesPrefix .'-auth'])) {
$_SESSION[get_class($this)][$sesPrefix .'-auth-timeout'] = time() + (30*60); // eg. 30 minutes
- setcookie('Pman.timeout', time() + (30*60), time() + (30*60), '/');
+ //setcookie('Pman.timeout', time() + (30*60), time() + (30*60), '/');
}
// not really sure why it's cloned..
return clone (self::$authUser);
$d = $p->toArray();
$_SESSION[get_class($this)][$sesPrefix .'-auth-timeout'] = time() + (30*60); // eg. 30 minutes
- setcookie('Pman.timeout', time() + (30*60), time() + (30*60), '/');
+ //setcookie('Pman.timeout', time() + (30*60), time() + (30*60), '/');
//var_dump(array(get_class($this),$sesPrefix .'-auth'));
$_SESSION[get_class($this)][$sesPrefix .'-auth'] = serialize((object)$d);
$oath_require = $s->lookup('core', 'two_factor_auth_required');
$aur['require_oath'] = $oath_require ? $oath_require->val : 0;
- $aur['core_person_settings'] = array();
-
- $core_person_settings = DB_DataObject::factory('core_person_settings');
- $core_person_settings->setFrom(array(
- 'person_id' => $this->id
- ));
-
- $aur['core_person_settings'] = $core_person_settings->fetchAll('scope', 'data');
+ $aur['core_person_settings'] = $this->settings();
return $aur;
}
+ function settings($return_obj = false)
+ {
+ $cs = DB_DataObject::factory('core_person_settings');
+ $cs->setFrom(array(
+ 'person_id' => $this->id
+ ));
+ return $return_obj ? $cs->fetchAll() : $cs->fetchAll('scope', 'data');;
+ }
+ function toRooSingleArray($authUser, $request)
+ {
+ $ret = $this->toArray();
+ foreach( $this->settings() as $k=>$v) {
+ $ret['core_person_settings['. $k .']'] = $v;
+ }
+
+ return $ret;
+ }
// ----------PERMS------ ----------------
function getPerms()
{
// #2307 Search Country!!
if (!empty($q['query']['in_country'])) {
// DB_DataObject::debugLevel(1);
- $inc = $q['query']['in_country'];
+ $inc = $this->escape($q['query']['in_country']);
$this->whereAdd("$tn_p.countries LIKE '%{$inc}%'");
}
function beforeInsert($req, $roo)
{
+ if (!empty($req['_bulk_update_passwords'])) {
+ $this->bulkUpdatePasswords($req['_bulk_update_passwords'], $roo);
+ return;
+ }
+
$p = DB_DataObject::factory('core_person');
if ($roo->authUser->id > -1 || $p->count() > 1) {
$pp = DB_DataObject::factory('core_person');
- $pp->email = trim($this->email);
+ $pp->whereAdd('LOWER(email) = "' . $pp->escape(strtolower(trim($this->email))) . '"');
if ($pp->count()){
- $roo->jerr("that email already exists in the database");
+ $roo->jerror("NOTICE-DUPE-EMAIL", "that email already exists in the database");
}
$pd->company_id = $this->company_id;
$pd->insert();
}
-
+ if (!empty($req['core_person_settings'])) {
+ $this->updateSettings($req['core_person_settings'], $roo);
+ }
}
+ function onUpdate($old, $req,$roo, $event)
+ {
+ if (!empty($req['core_person_settings'])) {
+ $this->updateSettings($req['core_person_settings'], $roo);
+ }
+ }
+
+ // there should really be a registry of valid scope values!?
+ function updateSettings($ar, $roo)
+ {
+ //DB_DataObject::debugLevel(1);
+ $old = array();
+ foreach($this->settings(true) as $o) {
+ $old[$o->scope] = $o;
+ }
+ foreach($ar as $k=>$v) {
+ if (isset($old[$k])) {
+ $oo = clone($old[$k]);
+ $old[$k]->data = $v;
+ $old[$k]->update($oo);
+ continue;
+ }
+ $cs = DB_DataObject::Factory('core_person_settings');
+ $cs->setFrom(array(
+ 'person_id' =>$this->id,
+ 'scope' => $k,
+ 'data' => $v
+ ));
+ $cs->insert();
+ }
+ // we dont delete old stuff....
+ }
+
+
function importFromArray($roo, $persons, $opts)
{
if (empty($opts['prefix'])) {
$ff= HTML_FlexyFramework::get();
$appname = empty($ff->appNameShort) ? $ff->project : $ff->project . '-' . $ff->appNameShort;
-
$dname = method_exists($this, 'getDatabaseConnection') ? $this->getDatabaseConnection()->dsn['database'] : $this->databaseNickname();
-
$sesPrefix = $appname.'-' .get_class($this) .'-' . $dname;
return $sesPrefix;
function loginPublic() // used where???
{
$this->isAuth(); // force session start..
-
$db = $this->getDatabaseConnection();
-
$ff = HTML_FlexyFramework::get();
if(empty($ff->Pman) || empty($ff->Pman['login_public'])){
function beforeUpdate($old, $q, $roo)
{
$this->email = trim($this->email);
+
+ $p = DB_DataObject::factory('core_person');
+ if ($roo->authUser->id > -1 || $p->count() > 1) {
+ $pp = DB_DataObject::factory('core_person');
+ $pp->whereAdd('LOWER(email) = "' . $pp->escape(strtolower(trim($this->email))) . '"');
+ $pp->whereAdd('id != ' . $old->id);
+ if ($pp->count()){
+ $roo->jerror("NOTICE-DUPE-EMAIL", "that email already exists in the database");
+ }
+ }
}
function generateOathKey()
return $content;
}
-
+ function bulkUpdatePasswords($data, $roo)
+ {
+
+ if ( !$roo->hasPerm("Core.Staff", "E")) {
+ $roo->jerr("permission denied");
+ }
+ $rows = explode("\n",$data);
+ $upd = array();
+ $bad = array();
+
+ foreach($rows as $i=>$row) {
+ if (!strlen(trim($row))) {
+ continue;
+ }
+ $bits = preg_split('/\s+/', trim($row));
+ if (count($bits) != 2) {
+ $bad[] = "Invalid line: {$row}";
+ continue;
+ }
+ // validate.
+ $upd[strtolower($bits[0])] = $bits[1];
+
+ }
+ if (empty($upd)) {
+
+ $roo->jerr(empty($bad) ? "No rows to update": ("ERRORS: ". implode("\n", $bad)));
+ return;
+ }
+ // next fetch them all.
+ $p = DB_DataObject::factory('core_person');
+ $p->whereAddIn('email', array_keys($upd), 'string');
+ foreach($p->fetchAll() as $p) {
+ $map[strtolower($p->email)] = $p;
+ }
+ foreach($upd as $k=>$nv) {
+ if (!isset($map[$k])) {
+ $bad[] = "Missing account with email: " . $k;
+ continue;
+ }
+ if ($map[$k]->id == $roo->authUser->id) {
+ $bad[] = "You can not update your own password here: " . $k;
+ continue;
+ }
+ }
+ if (!empty($bad)) {
+ $roo->jerr("ERRORS: ". implode("\n", $bad));
+ return;
+ }
+ foreach($map as $k => $p) {
+ $pp = clone($p);
+ $p->setPassword($upd[$k]);
+ $p->update($pp);
+ }
+ $roo->jok("Updated");
+
+
+ }
}
projects / Pman.Core / blobdiff