public function preDispatch(Zend_Controller_Request_Abstract $request) { $auth = Zend_Auth::getInstance(); $publicPages = array(); $publicPages['controllers'] = array('login', 'logout'); $publicPages['actions'] = array(); $controllerName = $request->getControllerName(); $actionName = $request->getActionName(); if (in_array($controllerName, $publicPages['controllers'])) { return true; } PermissionTemplate::auditAccess($controllerName, $actionName); if (!$auth->hasIdentity() && $controllerName != 'index') { // this MUST be placed before checking permission do { if (isset($_SERVER['PHP_AUTH_USER']) && strlen($_SERVER['PHP_AUTH_USER']) > 0) { User::processLogin($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); if ($auth->hasIdentity()) { break; // allow to check permission below } } header('WWW-Authenticate: Basic realm="Unauthorized Access Prohibited (ClearHealth)"'); header('HTTP/1.0 401 Unauthorized'); die(__('You must enter a valid username and password to access.')); } while (false); } if ($auth->hasIdentity()) { $permissionTemplateId = $auth->getIdentity()->permissionTemplateId; if (file_exists('/tmp/emergency') && $controllerName != 'admin-persons' && PermissionTemplate::hasAccess($permissionTemplateId, 'emergency-access', 'allow-emergency-access')) { if (!($controllerName == "emergency-access" && $actionName == 'index')) { return true; } } if ($permissionTemplateId != 'superadmin' && !PermissionTemplate::hasAccess($permissionTemplateId, $controllerName, $actionName)) { $error = 'Access denied. ' . $controllerName . '/' . $actionName . '. '; $error .= 'Please <a href="' . $request->getBaseUrl() . '/logout" title="Login">Login</a>.'; trigger_error($error, E_USER_NOTICE); throw new WebVista_App_AuthException($error); } else { return true; } } throw new WebVista_App_AuthException('You must be authenticated to access the system.'); }
public function processAction() { $result = User::processLogin($_POST['username'], $_POST['password']); $data = array(); $auth = Zend_Auth::getInstance(); if ($auth->hasIdentity()) { $identity = $auth->getIdentity(); //$this->_redirect('login/complete'); //$this->_forward('index','main'); $data['msg'] = __("Login successful."); $data['code'] = 200; } else { //$this->_redirect('login'); //$data['err'] = $result->getMessages(); $data['code'] = 404; } header('Content-Type: application/xml;'); $this->view->data = $data; $this->completeAction(); //$this->render(); }
$loginID = $_POST['loginID']; $password = $_POST['password']; $user = new User(new NamedArguments(array('primaryKey' => $loginID))); //set login remember cookie if it was checked if (isset($_POST['remember'])) { $user->setRememberLogin(); $rememberChecked = 'checked'; } else { $user->unsetRememberLogin(); } //perform login checks if ($user->loginID == '') { $errorMessage = _("Invalid login ID. Please try again."); //perform login, if failed issue message } else { if (!$user->processLogin($password)) { $errorMessage = _("Invalid password. Please try again."); $inputLoginID = $loginID; } else { //login succeeded, perform redirect header('Location: ' . $service); } } //user is already logged in } else { if (isset($_SESSION['loginID'])) { if ($user->getOpenSession()) { $message = _("You are already logged in as ") . $loginID . ".<br />" . _("You may log in as another user below,") . " <a href='" . $service . "'>" . _("return") . "</a> " . _("or") . " <a href='?logout'>" . _("logout") . "</a>."; } $inputLoginID = $user->getRememberLogin(); if ($inputLoginID) {
public function routeByControlVar($incomingVarsArray) { //echo "in controller"; $utilObj = new Utility(); $controlVar = $incomingVarsArray['controlVar']; if ($controlVar == $utilObj::$USER_LOGIN) { $usernameKey = "user"; $usernameValue = $incomingVarsArray["{$usernameKey}"]; $passwordKey = "password"; $passwordValue = $incomingVarsArray["{$passwordKey}"]; //echo "welcome to user Login"; $obj = new User(); $arr = $obj->processLogin($usernameValue, $passwordValue); header('Content-Type: application/json'); echo json_encode($arr); } else { if ($controlVar == $utilObj::$SYNC_USER_TABLE) { //echo "welcome to syncing task table"; $isLogin = $incomingVarsArray['islogin']; if ($isLogin == "1") { $obj = new User(); $arr = $obj->processSyncingForUserTable(); header('Content-Type: application/json'); echo json_encode($arr); } else { $arr = array('Status' => 'Login required to access this feature'); echo json_encode($arr); } } else { if ($controlVar == $utilObj::$SYNC_TASK_TABLE) { //echo "welcome to syncing task table"; $isLogin = $incomingVarsArray['islogin']; if ($isLogin == "1") { $obj = new User(); $usernameKey = "user"; $usernameValue = $incomingVarsArray["{$usernameKey}"]; $dateKey = "date"; $dateValue = $incomingVarsArray["{$dateKey}"]; $arr = $obj->processSyncingForTaskTable($usernameValue, $dateValue); header('Content-Type: application/json'); echo json_encode($arr); } else { $arr = array('Status' => 'Login required to access this feature'); echo json_encode($arr); } } else { if ($controlVar == $utilObj::$SYNC_SHIPMENT_TABLE) { $isLogin = $incomingVarsArray['islogin']; if ($isLogin == "1") { $obj = new User(); $shipmentIdKey = "shipmentid"; $shipmentIdKeyValue = $incomingVarsArray["{$shipmentIdKey}"]; $dateKey = "date"; $dateValue = $incomingVarsArray["{$dateKey}"]; $arr = $obj->processSyncingForShipmentHeaderTable($shipmentIdKeyValue, $dateValue); header('Content-Type: application/json;charset=UTF-8'); echo json_encode($arr, JSON_UNESCAPED_UNICODE); } else { $arr = array('Status' => 'Login required to access this feature'); header('Content-Type: application/json;charset=UTF-8'); echo json_encode($arr); } } else { if ($controlVar == $utilObj::$SYNC_SHIPMENT_DETAIL_TABLE) { $isLogin = $incomingVarsArray['islogin']; if ($isLogin == "1") { $obj = new User(); $shipmentIdKey = "shipmentid"; $shipmentIdKeyValue = $incomingVarsArray["{$shipmentIdKey}"]; $dateKey = "date"; $dateValue = $incomingVarsArray["{$dateKey}"]; $arr = $obj->processSyncingForShipmentDetailTable($shipmentIdKeyValue, $dateValue); header('Content-Type: application/json;charset=UTF-8'); echo json_encode($arr, JSON_UNESCAPED_UNICODE); } else { $arr = array('Status' => 'Login required to access this feature'); header('Content-Type: application/json;charset=UTF-8'); echo json_encode($arr, JSON_UNESCAPED_UNICODE); } } else { if ($controlVar == $utilObj::$UPDATE_DATA_TO_BACK_END_ERP) { $isLogin = $incomingVarsArray['islogin']; if ($isLogin == "1") { $object = new BackEndERPOperation(); $itemIdKey = "itemId"; $itemIdKeyValue = $incomingVarsArray["{$itemIdKey}"]; $arr = $object->updateDataToBackendERPSystem($itemIdKeyValue); header('Content-Type: application/json;charset=UTF-8'); echo json_encode($arr); } else { $arr = array('Status' => 'Login required to access this feature'); header('Content-Type: application/json;charset=UTF-8'); echo json_encode($arr); } } } } } } } }