function owner()
{
- $p = DB_DataObject::Factory('Person');
+ $p = DB_DataObject::Factory($this->tableName());
$p->get($this->owner_id);
return $p;
}
(!$this->company_id || ($ff->Pman['auth_comptype'] != $this->company()->comptype))
){
- // force a logout - without a check on the isAuth - as this is called from there..
- $db = $this->getDatabaseConnection();
- $sesPrefix = $ff->appNameShort .'-'.get_class($this) .'-'.$db->dsn['database'] ;
+ $sesPrefix = $this->sesPrefix();
+
$_SESSION[get_class($this)][$sesPrefix .'-auth'] = "";
+
return false;
- $ff->page->jerr("Login not permited to outside companies");
+ //$ff->page->jerr("Login not permited to outside companies");
}
return true;
// ---------------- authentication / passwords and keys stuff ----------------
function isAuth()
{
- $db = $this->getDatabaseConnection();
- // we combine db + project names,
- // otherwise if projects use different 'auth' objects
- // then we get unserialize issues.
- $ff= HTML_FlexyFramework::get();
- $sesPrefix = $ff->appNameShort .'-' .get_class($this) .'-'.$db->dsn['database'] ;
+ @session_start();
+
+ $ff= HTML_FlexyFramework::get();
+
+ $sesPrefix = $this->sesPrefix();
-
if (!empty($_SESSION[get_class($this)][$sesPrefix .'-auth'])) {
// in session...
$a = unserialize($_SESSION[get_class($this)][$sesPrefix .'-auth']);
+
$u = DB_DataObject::factory($this->tableName());
if ($a->id && $u->get($a->id)) { //&& strlen($u->passwd)) {
- return $u->verifyAuth();
+ return $u->verifyAuth(); // got authentication...
-
- return true;
+
}
unset($_SESSION[get_class($this)][$sesPrefix .'-auth']);
+ unset($_SESSION[get_class($this)][$sesPrefix .'-timeout']);
+ setcookie('Pman.timeout', -1, time() + (30*60), '/');
}
if (!$this->canInitializeSystem()) {
join_user_id_id.id IS NOT NULL
");
if($member->find(true)){
- $default_admin = DB_DataObject::factory('Person');
+ $default_admin = DB_DataObject::factory($this->tableName());
if(!$default_admin->get($member->user_id)){
$default_admin = false;
}
}
//var_dump($ff->Pman['local_autoauth']); var_dump($_SERVER); exit;
- $u = DB_DataObject::factory('Person');
+ $u = DB_DataObject::factory($this->tableName());
$ff = HTML_FlexyFramework::get();
+
if (!empty($ff->Pman['local_autoauth']) &&
(!empty($_SERVER['SERVER_ADDR'])) &&
($_SERVER['SERVER_ADDR'] == '127.0.0.1') &&
}
// http basic auth..
- $u = DB_DataObject::factory('Person');
+ $u = DB_DataObject::factory($this->tableName());
if (!empty($_SERVER['PHP_AUTH_USER'])
&&
//}
//die("got this far?");
// not in session or not matched...
- $u = DB_DataObject::factory('Person');
+ $u = DB_DataObject::factory($this->tableName());
$u->whereAdd(' LENGTH(passwd) > 0');
$n = $u->count();
$_SESSION[get_class($this)][$sesPrefix .'-empty'] = $n;
if (!$this->isAuth()) {
return false;
}
- $db = $this->getDatabaseConnection();
$ff= HTML_FlexyFramework::get();
- $sesPrefix = $ff->appNameShort .'-' .get_class($this) .'-'.$db->dsn['database'] ;
+
+ $sesPrefix = $this->sesPrefix();
//var_dump(array(get_class($this),$sesPrefix .'-auth'));
$a = unserialize($_SESSION[get_class($this)][$sesPrefix .'-auth']);
$u = DB_DataObject::factory($this->tableName()); // allow extending this ...
+ $u->autoJoin();
if ($u->get($a->id)) { /// && strlen($u->passwd)) { // should work out the pid .. really..
- return clone($u);
+
+ $_SESSION[get_class($this)][$sesPrefix .'-auth-timeout'] = time() + (30*60); // eg. 30 minutes
+ setcookie('Pman.timeout', time() + (30*60), time() + (30*60), '/');
+
+ $user = clone ($u);
+
+ return clone($user);
+
}
unset($_SESSION[get_class($this)][$sesPrefix .'-auth']);
+ unset($_SESSION[get_class($this)][$sesPrefix .'-timeout']);
+ setcookie('Pman.timeout', -1, time() + (30*60), '/');
+
}
if (empty( $_SESSION[get_class($this)][$sesPrefix .'-empty'] )) {
- $u = DB_DataObject::factory('Person');
+ $u = DB_DataObject::factory($this->tableName());
$u->whereAdd(' LENGTH(passwd) > 0');
$_SESSION[get_class($this)][$sesPrefix .'-empty'] = $u->count();
}
//$ce->initEnums();
- $u = DB_DataObject::factory('Person');
+ $u = DB_DataObject::factory($this->tableName());
$u->id = -1;
// if a company has been created fill that in in company_id_id
if (!$this->verifyAuth()) { // check for company valid..
return false;
}
- $db = $this->getDatabaseConnection();
-
// open up iptables at login..
$dbname = $this->database();
$gr = DB_DataObject::Factory('group_rights');
$gr->applyDefs($g, 0);
}
- $ff= HTML_FlexyFramework::get();
- $sesPrefix = $ff->appNameShort .'-' .get_class($this) .'-'.$db->dsn['database'] ;
-
+
+ $sesPrefix = $this->sesPrefix();
// we should not store the whole data in the session - otherwise it get's huge.
$p = DB_DAtaObject::Factory($this->tableName());
$p->get($this->pid());
+ $d = $p->toArray();
+
+ $_SESSION[get_class($this)][$sesPrefix .'-auth-timeout'] = time() + (30*60); // eg. 30 minutes
+ setcookie('Pman.timeout', time() + (30*60), time() + (30*60), '/');
+
//var_dump(array(get_class($this),$sesPrefix .'-auth'));
- $_SESSION[get_class($this)][$sesPrefix .'-auth'] = serialize((object)$p->toArray());
+ $_SESSION[get_class($this)][$sesPrefix .'-auth'] = serialize((object)$d);
// ensure it's written so that ajax calls can fetch it..
function logout()
{
$this->isAuth(); // force session start..
- $db = $this->getDatabaseConnection();
- $ff= HTML_FlexyFramework::get();
- $sesPrefix = $ff->appNameShort .'-' .get_class($this) .'-'.$db->dsn['database'] ;
- $_SESSION[get_class($this)][$sesPrefix .'-auth'] = "";
-
+ $sesPrefix = $this->sesPrefix();
+
+ $_SESSION[get_class($this)][$sesPrefix .'-auth-timeout'] = -1;
+ $_SESSION[get_class($this)][$sesPrefix .'-auth'] = "";
}
function genPassKey ($t)
{
if (substr($this->passwd,0,1) == '$') {
+
return crypt($val,$this->passwd) == $this->passwd ;
}
// old style md5 passwords...- cant be used with courier....
return md5($val) == $this->passwd;
}
+
function setPassword($value)
{
$salt='';
}
- function generatePassword() // genearte a password (add set 'rawPasswd' to it's value)
+ function generatePassword($length = 5) // genearte a password (add set 'rawPasswd' to it's value)
{
require_once 'Text/Password.php';
- $this->rawPasswd = strtr(ucfirst(Text_Password::create(5)).ucfirst(Text_Password::create(5)), array(
+ $this->rawPasswd = strtr(ucfirst(Text_Password::create($length)).ucfirst(Text_Password::create($length)), array(
"a"=>"4", "e"=>"3", "i"=>"1", "o"=>"0", "s"=>"5", "t"=>"7"));
$this->setPassword($this->rawPasswd);
return $this->rawPasswd;
if (!isset($pcache[$this->id])) {
$pcache[$this->id] = $this->getPerms();
}
+
// echo "<PRE>";print_r($pcache[$au->id]);
// var_dump($pcache[$au->id]);
if (empty($pcache[$this->id][$name])) {
//$this->whereAdd(($this->tableName() == 'Person' ? 'Person' : "join_person_id_id") .
// ".id != ".$au->id);
- $this->whereAdd("Person.id != {$au->id}");
+ $this->whereAdd("{$this->tableName()}.id != {$au->id}");
}
if (!empty($q['query']['comptype_or_company_id'])) {
$id = (int) array_pop($bits);
$ct = $this->escape($bits[0]);
- $this->whereAdd(" join_company_id_id.comptype = '$ct' OR Person.company_id = $id");
+ $this->whereAdd(" join_company_id_id.comptype = '$ct' OR {$this->tableName()}.company_id = $id");
}
if ($q['query']['in_group'] == -1) {
// list all staff who are not in a group.
- $this->whereAdd("Person.id NOT IN (
+ $this->whereAdd("{$this->tableName()}.id NOT IN (
SELECT distinct(user_id) FROM $tn_gm LEFT JOIN
$tn_g ON $tn_g.id = $tn_gm.group_id
WHERE $tn_g.type = ".$q['query']['type']."
if(!empty($q['query']['name'])){
$this->whereAdd("
- Person.name LIKE '%{$this->escape($q['query']['name'])}%'
+ {$this->tableName()}.name LIKE '%{$this->escape($q['query']['name'])}%'
+ ");
+ }
+ if(!empty($q['query']['name_starts'])){
+ $this->whereAdd("
+ {$this->tableName()}.name LIKE '{$this->escape($q['query']['name_starts'])}%'
");
}
"$tn_p.remarks",
"join_company_id_id.name"
);
+ $tbcols = $this->table();
+ foreach(array('firstname','lastname') as $k) {
+ if (isset($tbcols[$k])) {
+ $props[] = "{$tn_p}.{$k}";
+ }
+ }
+
+
+
$str = $x->toSQL(array(
'default' => $props,
");*/
}
+ // project directory rules -- this may distrupt things.
+ $p = DB_DataObject::factory('ProjectDirectory');
+ // if project directories are set up, then we can apply project query rules..
+ if ($p->count()) {
+ $p->autoJoin();
+ $pids = $p->projects($au);
+ if (isset($q['query']['project_id'])) {
+ $pid = (int)$q['query']['project_id'];
+ if (!in_array($pid, $pids)) {
+ $roo->jerr("Project not in users valid projects");
+ }
+ $pids = array($pid);
+ }
+ // project roles..
+ //if (empty($q['_anyrole'])) { // should be project_directry_role
+ // $p->whereAdd("{$p->tableName()}.role != ''");
+ // }
+ if (!empty($q['query']['role'])) { // should be project_directry_role
+ $role = $this->escape($q['query']['role']);
+
+ $p->whereAdd("{$p->tableName()}.role LIKE '%{$role}%'");
+
+ }
+
+ if (!$roo->hasPerm('Core.Projects_All', 'S')) {
+ $peps = $p->people($pids);
+ $this->whereAddIn("{$tn}.id", $peps, 'int');
+ }
+ }
+
+ // fixme - this needs a more generic fix - it was from the mtrack_person code...
+ if (isset($q['query']['ticket_id'])) {
+ // find out what state the ticket is in.
+ $t = DB_DataObject::Factory('mtrack_ticket');
+ $t->autoJoin();
+ $t->get($q['query']['ticket_id']);
+
+ if (!$this->checkPerm('S', $au)) {
+ $roo->jerr("permssion denied to query state of ticket");
+ }
+
+ $p = DB_DataObject::factory('ProjectDirectory');
+ $pids = array($t->project_id);
+
+ $peps = $p->people($pids);
+
+ $this->whereAddIn($this->tableName().'.id', $peps, 'int');
+
+ //$this->whereAdd('join_prole != ''");
+
+ }
}
function setFromRoo($ar, $roo)
{
if (empty($this->email)) {
return true;
}
- $xx = DB_Dataobject::factory('Person');
+ $xx = DB_Dataobject::factory($this->tableName());
$xx->setFrom(array(
'email' => $this->email,
// 'company_id' => $x->company_id
if ($au && $au->id == -1) {
return true;
}
+ // if not authenticated... do not allow in???
+ if (!$au ) {
+ return false;
+ }
// determine if it's staff!!!
-
- if ($au->company()->comptype != 'OWNER') {
+ $owncomp = DB_DataObject::Factory('Companies');
+ $owncomp->get('comptype', 'OWNER');
+ $isStaff = ($au->company_id == $owncomp->id);
+
+
+ if (!$isStaff) {
// - can not change company!!!
if ($changes &&
return false;
}
+
+ // mtrack had the idea that all 'S' should be allowed.. - but filtered later..
+ // ???? do we want this?
+
// edit self... - what about other staff members...
- return $this->company_id == $au->company_id;
+ //return $this->company_id == $au->company_id;
}
-
+
// yes, only owner company can mess with this...
- $owncomp = DB_DataObject::Factory('Companies');
- $owncomp->get('comptype', 'OWNER');
- $isStaff = ($this->company_id == $owncomp->id);
+
switch ($lvl) {
}
}
+ // this is for the To: "{getEmailName()}" <email@address>
+ // not good for Dear XXXX, - use {person.firstname} for that.
function getEmailName()
{
$name = array();
$name = array_filter($name);
- return $name;
+ return implode(' ', $name);
}
return $this->email;
}
+ function sesPrefix()
+ {
+ $ff= HTML_FlexyFramework::get();
+
+ $appname = empty($ff->appNameShort) ? $ff->project : $ff->project . '-' . $ff->appNameShort;
+
+ $db = $this->getDatabaseConnection();
+
+ $sesPrefix = $appname.'-' .get_class($this) .'-'.$db->dsn['database'] ;
+
+ return $sesPrefix;
+ }
+
}
projects / Pman.Core / blobdiff