projects / Pman.Core / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
DataObjects/Core_person.php
[Pman.Core] / DataObjects / Core_person.php
diff --git a/DataObjects/Core_person.php b/DataObjects/Core_person.php
index 39613d2..f2cb1fd 100644 (file)
--- a/DataObjects/Core_person.php
+++ b/DataObjects/Core_person.php
@@ -172,18 +172,13 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
             // h embeds images here..
             $body = $mime->get();
             $headers = $mime->headers($headers);
-            
         }
         
-         
-        
         return array(
             'recipients' => $recipents,
             'headers'    => $headers,
             'body'      => $body
         );
-        
-        
     }
     
     
@@ -195,10 +190,8 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
      */
     function sendTemplate($templateFile, $args)
     {
-        
         $ar = $this->buildMail($templateFile, $args);
       
-        
         //print_r($recipents);exit;
         $mailOptions = PEAR::getStaticProperty('Mail','options');
         $mail = Mail::factory("SMTP",$mailOptions);
@@ -211,7 +204,6 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         error_reporting($oe);
        
         return $ret;
-    
     }
     
   
@@ -438,7 +430,10 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         }
                 
              
-        if (isset(   $_SESSION[get_class($this)][$sesPrefix .'-empty'] ) && $_SESSION[get_class($this)][$sesPrefix .'-empty']  < 1) {
+        if (
+            isset(   $_SESSION[get_class($this)][$sesPrefix .'-empty'] ) && 
+            $_SESSION[get_class($this)][$sesPrefix .'-empty']  < 1
+        ) {
             
             // fake person - open system..
             //$ce = DB_DataObject::factory('core_enum');
@@ -525,8 +520,17 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
     
     function checkTwoFactorAuthentication($val)
     {
+        // also used in login
+        
         require_once 'System.php';
         
+        if(
+            empty($this->id) ||
+            empty($this->oath_key)
+        ) {
+            return false;
+        }
+        
         $oathtool = System::which('oathtool');
         
         if (!$oathtool) {
@@ -667,6 +671,12 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         $aur['dailykey'] = '';
         $aur['oath_key'] = '';
         
+        $aur['oath_key_enable'] = !empty($this->oath_key);
+        
+        $s = DB_DataObject::Factory('core_setting');
+        $oath_require = $s->lookup('core', 'two_factor_authentication_requirement');
+        
+        $aur['disable_oath'] = (bool)  ? 1 : 0;
         
         return $aur;
     }
@@ -758,6 +768,60 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
     function applyFilters($q, $au, $roo)
     {
         //DB_DataObject::DebugLevel(1);
+        if(!empty($q['_to_qr_code'])){
+            $person = DB_DataObject::factory('Core_person');
+            $person->id = $q['id']; 
+            
+            if(!$person->find(true)) {
+                $roo->jerr('_invalid_person');
+            }
+            
+            $hash = $this->generateOathKey();
+            
+            $_SESSION[__CLASS__] = 
+                isset($_SESSION[__CLASS__]) ? 
+                    $_SESSION[__CLASS__] : array();
+            $_SESSION[__CLASS__]['oath'] = 
+                isset($_SESSION[__CLASS__]['oath']) ? 
+                    $_SESSION[__CLASS__]['oath'] : array();
+                
+            $_SESSION[__CLASS__]['oath'][$person->id] = $hash;
+
+            $qrcode = $person->generateQRCode($hash);
+            
+            if(empty($qrcode)){
+                $roo->jerr('Fail to generate QR Code');
+            }
+            
+            $roo->jok($qrcode);
+        }
+        
+        if(!empty($q['two_factor_auth_code'])) {
+            $person = DB_DataObject::factory('core_person');
+            $person->get($q['id']);
+            $o = clone($person);
+            $person->oath_key = $_SESSION[__CLASS__]['oath'][$person->id];
+            
+            if($person->checkTwoFactorAuthentication($q['two_factor_auth_code'])) {
+                $person->update($o);
+                unset($_SESSION[__CLASS__]['oath'][$person->id]);
+                $roo->jok('DONE');
+            }
+            
+            $roo->jerr('_invalid_auth_code');
+        }
+        
+        if(!empty($q['oath_key_disable'])) {
+            $person = DB_DataObject::factory('core_person');
+            $person->get($q['id']);
+            
+            $o = clone($person);
+            
+            $person->oath_key = '';
+            $person->update($o);
+            
+            $roo->jok('DONE');
+        }
         
         if (!empty($q['query']['is_owner'])) {
             $this->whereAdd(" join_company_id_id.comptype = 'OWNER'");
@@ -823,10 +887,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
                 // list all staff who are not in a group.
                 $this->whereAdd("{$this->tableName()}.id NOT IN (
                     SELECT distinct(user_id) FROM $tn_gm LEFT JOIN
-                        $tn_g ON $tn_g.id = $tn_gm.group_id
-                        WHERE $tn_g.type = ".$q['query']['type']."
-                    )");
-                
+                        $tn_g ON $tn_g.id = $tn_gm.group_id)");
                 
             } else {
                 
@@ -1043,19 +1104,6 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
             ");
         }
         
-        $cgm = DB_DataObject::Factory('core_group_member')->tableName();
-        
-        $this->selectAdd("
-           (
-            SELECT GROUP_CONCAT({$cgm}.group_id) 
-                FROM 
-                    {$cgm}
-                WHERE 
-                    {$cgm}.user_id = {$this->tableName()}.id
-                ) AS membership_list    
-            
-        ");    
-        
         
     }
     
@@ -1064,7 +1112,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         $this->setFrom($ar);
         
         if(!empty($ar['_enable_oath_key'])){
-            $this->generateOathKey();
+            $oath_key = $this->generateOathKey();
         }
         
         if (!empty($ar['passwd1'])) {
@@ -1131,23 +1179,22 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         $p = DB_DataObject::Factory('core_group_member');
         $p->user_id = $this->id;
         $mem = $p->fetchAll();  // fetch all the rows and set the $mem variable to the rows data, just like mysqli_fetch_assoc
-   
-        $e->logDeletedRecord($p);
-        
+        $e->logDeletedRecord($mem);
+                
         foreach($mem as $p) { 
             $p->delete();
         }  
         
-        $e = DB_DataObject::Factory('events');
+        $e = DB_DataObject::Factory('Events');        
         $e->person_id = $this->id;
         $eve = $e->fetchAll();  // fetch all the rows and set the $mem variable to the rows data, just like mysqli_fetch_assoc
-        
+
+        $e->logDeletedRecord($eve);
         foreach($eve as $e) { 
             $e->delete();
         }  
         
         
-        
         // anything else?  
         
     }
@@ -1238,6 +1285,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         }
         $c->find(true);
         $this->company_id = $c->id;
+        $this->email = trim($this->email);
         
     }
     
@@ -1383,112 +1431,31 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
     
     function beforeUpdate($old, $q, $roo)
     {
-       
-        
-        if(!empty($q['_generate_oath_key'])){
-            $o = clone($this);
-            $this->generateOathKey();
-            $this->update($o);
-            $roo->jok('OK');
-        }
-        
-        if(!empty($q['_to_qr_code'])){
-            $qrcode = $this->generateQRCode();
-            
-            if(empty($qrcode)){
-                $roo->jerr('Fail to generate QR Code');
-            }
-            
-            $roo->jok($qrcode);
-        }
-        
-        if(!empty($q['membership_list'])){
-            
-             
-            if ($roo->authUser->id == $old->id) {
-                // you are editing yourself...
-                
-                // if was admin before....
-                   // -if new membership does not icnlude  admin id
-                      // -- then show error
-                
-                
-            }
-            
-            
-            
-            
-         
-            $x = PDO_DataObject::factory('core_group_member');
-            $x->select('group_id');
-            $x->user_id = $q['id'];
-            
-            $ar = $x->fetchAll('group_id');
-            
-            $group_id_arr = explode(",", $q['membership_list']);
-            
-            $result_del = array_diff($ar, $group_id_arr);
-            
-            // check if id needs to be deleted
-            if(!empty($result_del)){
-                /*
-                $x = PDO_DataObject::factory('core_group_member');
-                $x->user_id = $q['id'];
-                $x->whereAddIn('group_id', $result_del, 'int');
-                foreach($x->fetchAll() as $cgm) {
-                    $cgm->delete();
-                }
-                
-                
-                */
-                foreach($result_del as $group_id){
-                    $x = PDO_DataObject::factory('core_group_member');
-                    $x->user_id = $q['id'];
-                    $x->group_id = $group_id;
-                    $x->find(true);
-                    $x->delete();
-                }
-            }
-            
-            $result_add = array_diff($group_id_arr, $ar);
-            
-            
-            // insert data into core_person_member...
-            //PDO_DataObject::Factory('coremytable_group_member')->set([ 'group_id' => 'test', 'user_id' => "{$this->tableName()}.id"])->insert();
-            if(!empty($result_add)){
-                foreach($result_add as $gid){
-                    PDO_DataObject::Factory('core_group_member')->set(array(
-                        'group_id'=> $gid,
-                        'user_id' => $q['id']
-                    ))->insert();
-                }
-            }
-        }
+        $this->email = trim($this->email);
     }
     
     function generateOathKey()
     {
-        $hex = bin2hex(openssl_random_pseudo_bytes(10));
-        
         require 'Base32.php';
         
         $base32 = new Base32();
         
-        $this->oath_key = $base32->base32_encode($hex);
-        
-        return $this->oath_key;
-        
+        return $base32->base32_encode(bin2hex(openssl_random_pseudo_bytes(10)));
     }
     
-    function generateQRCode()
+    function generateQRCode($hash)
     {
-        if(empty($this->oath_key)){
+        if(
+            empty($this->email) &&
+            empty($hash)
+        ){
             return false;
         }
         
-        $issuer = (empty($this->name)) ? rawurlencode('ROOJS') : rawurlencode($this->name);
+        $issuer = (empty($this->name)) ? 
+            rawurlencode('ROOJS') : rawurlencode($this->name);
         
-        $uri = "otpauth://totp/{$issuer}:{$this->email}?secret={$this->oath_key}&issuer={$issuer}&algorithm=SHA1&digits=6&period=30";
+        $uri = "otpauth://totp/{$issuer}:{$this->email}?secret={$hash}&issuer={$issuer}&algorithm=SHA1&digits=6&period=30";
         
         require_once 'Image/QRCode.php';
         
Pman Core