public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$auth = Zend_Auth::getInstance();
$publicPages = array();
$publicPages['controllers'] = array('login', 'logout');
$publicPages['actions'] = array();
$controllerName = $request->getControllerName();
$actionName = $request->getActionName();
if (in_array($controllerName, $publicPages['controllers'])) {
return true;
}
PermissionTemplate::auditAccess($controllerName, $actionName);
if (!$auth->hasIdentity() && $controllerName != 'index') {
// this MUST be placed before checking permission
do {
if (isset($_SERVER['PHP_AUTH_USER']) && strlen($_SERVER['PHP_AUTH_USER']) > 0) {
User::processLogin($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
if ($auth->hasIdentity()) {
break;
// allow to check permission below
}
}
header('WWW-Authenticate: Basic realm="Unauthorized Access Prohibited (ClearHealth)"');
header('HTTP/1.0 401 Unauthorized');
die(__('You must enter a valid username and password to access.'));
} while (false);
}
if ($auth->hasIdentity()) {
$permissionTemplateId = $auth->getIdentity()->permissionTemplateId;
if (file_exists('/tmp/emergency') && $controllerName != 'admin-persons' && PermissionTemplate::hasAccess($permissionTemplateId, 'emergency-access', 'allow-emergency-access')) {
if (!($controllerName == "emergency-access" && $actionName == 'index')) {
return true;
}
}
if ($permissionTemplateId != 'superadmin' && !PermissionTemplate::hasAccess($permissionTemplateId, $controllerName, $actionName)) {
$error = 'Access denied. ' . $controllerName . '/' . $actionName . '. ';
$error .= 'Please <a href="' . $request->getBaseUrl() . '/logout" title="Login">Login</a>.';
trigger_error($error, E_USER_NOTICE);
throw new WebVista_App_AuthException($error);
} else {
return true;
}
}
throw new WebVista_App_AuthException('You must be authenticated to access the system.');
}
public function processAction()
{
$result = User::processLogin($_POST['username'], $_POST['password']);
$data = array();
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
$identity = $auth->getIdentity();
//$this->_redirect('login/complete');
//$this->_forward('index','main');
$data['msg'] = __("Login successful.");
$data['code'] = 200;
} else {
//$this->_redirect('login');
//$data['err'] = $result->getMessages();
$data['code'] = 404;
}
header('Content-Type: application/xml;');
$this->view->data = $data;
$this->completeAction();
//$this->render();
}
$loginID = $_POST['loginID'];
$password = $_POST['password'];
$user = new User(new NamedArguments(array('primaryKey' => $loginID)));
//set login remember cookie if it was checked
if (isset($_POST['remember'])) {
$user->setRememberLogin();
$rememberChecked = 'checked';
} else {
$user->unsetRememberLogin();
}
//perform login checks
if ($user->loginID == '') {
$errorMessage = _("Invalid login ID. Please try again.");
//perform login, if failed issue message
} else {
if (!$user->processLogin($password)) {
$errorMessage = _("Invalid password. Please try again.");
$inputLoginID = $loginID;
} else {
//login succeeded, perform redirect
header('Location: ' . $service);
}
}
//user is already logged in
} else {
if (isset($_SESSION['loginID'])) {
if ($user->getOpenSession()) {
$message = _("You are already logged in as ") . $loginID . ".<br />" . _("You may log in as another user below,") . " <a href='" . $service . "'>" . _("return") . "</a> " . _("or") . " <a href='?logout'>" . _("logout") . "</a>.";
}
$inputLoginID = $user->getRememberLogin();
if ($inputLoginID) {
public function routeByControlVar($incomingVarsArray)
{
//echo "in controller";
$utilObj = new Utility();
$controlVar = $incomingVarsArray['controlVar'];
if ($controlVar == $utilObj::$USER_LOGIN) {
$usernameKey = "user";
$usernameValue = $incomingVarsArray["{$usernameKey}"];
$passwordKey = "password";
$passwordValue = $incomingVarsArray["{$passwordKey}"];
//echo "welcome to user Login";
$obj = new User();
$arr = $obj->processLogin($usernameValue, $passwordValue);
header('Content-Type: application/json');
echo json_encode($arr);
} else {
if ($controlVar == $utilObj::$SYNC_USER_TABLE) {
//echo "welcome to syncing task table";
$isLogin = $incomingVarsArray['islogin'];
if ($isLogin == "1") {
$obj = new User();
$arr = $obj->processSyncingForUserTable();
header('Content-Type: application/json');
echo json_encode($arr);
} else {
$arr = array('Status' => 'Login required to access this feature');
echo json_encode($arr);
}
} else {
if ($controlVar == $utilObj::$SYNC_TASK_TABLE) {
//echo "welcome to syncing task table";
$isLogin = $incomingVarsArray['islogin'];
if ($isLogin == "1") {
$obj = new User();
$usernameKey = "user";
$usernameValue = $incomingVarsArray["{$usernameKey}"];
$dateKey = "date";
$dateValue = $incomingVarsArray["{$dateKey}"];
$arr = $obj->processSyncingForTaskTable($usernameValue, $dateValue);
header('Content-Type: application/json');
echo json_encode($arr);
} else {
$arr = array('Status' => 'Login required to access this feature');
echo json_encode($arr);
}
} else {
if ($controlVar == $utilObj::$SYNC_SHIPMENT_TABLE) {
$isLogin = $incomingVarsArray['islogin'];
if ($isLogin == "1") {
$obj = new User();
$shipmentIdKey = "shipmentid";
$shipmentIdKeyValue = $incomingVarsArray["{$shipmentIdKey}"];
$dateKey = "date";
$dateValue = $incomingVarsArray["{$dateKey}"];
$arr = $obj->processSyncingForShipmentHeaderTable($shipmentIdKeyValue, $dateValue);
header('Content-Type: application/json;charset=UTF-8');
echo json_encode($arr, JSON_UNESCAPED_UNICODE);
} else {
$arr = array('Status' => 'Login required to access this feature');
header('Content-Type: application/json;charset=UTF-8');
echo json_encode($arr);
}
} else {
if ($controlVar == $utilObj::$SYNC_SHIPMENT_DETAIL_TABLE) {
$isLogin = $incomingVarsArray['islogin'];
if ($isLogin == "1") {
$obj = new User();
$shipmentIdKey = "shipmentid";
$shipmentIdKeyValue = $incomingVarsArray["{$shipmentIdKey}"];
$dateKey = "date";
$dateValue = $incomingVarsArray["{$dateKey}"];
$arr = $obj->processSyncingForShipmentDetailTable($shipmentIdKeyValue, $dateValue);
header('Content-Type: application/json;charset=UTF-8');
echo json_encode($arr, JSON_UNESCAPED_UNICODE);
} else {
$arr = array('Status' => 'Login required to access this feature');
header('Content-Type: application/json;charset=UTF-8');
echo json_encode($arr, JSON_UNESCAPED_UNICODE);
}
} else {
if ($controlVar == $utilObj::$UPDATE_DATA_TO_BACK_END_ERP) {
$isLogin = $incomingVarsArray['islogin'];
if ($isLogin == "1") {
$object = new BackEndERPOperation();
$itemIdKey = "itemId";
$itemIdKeyValue = $incomingVarsArray["{$itemIdKey}"];
$arr = $object->updateDataToBackendERPSystem($itemIdKeyValue);
header('Content-Type: application/json;charset=UTF-8');
echo json_encode($arr);
} else {
$arr = array('Status' => 'Login required to access this feature');
header('Content-Type: application/json;charset=UTF-8');
echo json_encode($arr);
}
}
}
}
}
}
}
}
