<?php
/**
* $Id$
*
* @category Admin
* @package Mediboard
* @author SARL OpenXtrem <*****@*****.**>
* @license GNU General Public License, see http://www.gnu.org/licenses/gpl.html
* @version $Revision$
* @link http://www.mediboard.org
*/
CCanDo::checkEdit();
$token_id = CValue::getOrSession("token_id");
$token = new CViewAccessToken();
$token->load($token_id);
$token->loadRefsNotes();
$token->loadRefUser();
$smarty = new CSmartyDP();
$smarty->assign("token", $token);
$smarty->display("inc_edit_token.tpl");
$operation_id = CValue::get("operation_id");
$operation = new COperation();
$operation->load($operation_id);
$praticien = $operation->loadRefChir();
$email = $praticien->_user_email;
if (!$email) {
CAppUI::js("alert('" . addslashes(CAppUI::tr("alert-praticien_email")) . "')");
CApp::rip();
}
$operation->loadRefPlageOp();
$exchange_source = CExchangeSource::get("mediuser-" . CAppUI::$user->_id, "smtp");
$exchange_source->init();
try {
$exchange_source->setRecipient($email);
// Création du token
$token = new CViewAccessToken();
$token->ttl_hours = 24;
$token->user_id = $praticien->_id;
$token->params = "m=planningOp&a=vw_edit_urgence&operation_id={$operation_id}";
if ($msg = $token->store()) {
CAppUI::displayAjaxMsg($msg, UI_MSG_ERROR);
}
$url = $token->getUrl();
// Lien vers la DHE
$subject = CAppUI::conf("reservation subject_mail");
$content = CAppUI::conf("reservation text_mail");
$from = array("[URL]", "[PRATICIEN - NOM]", "[PRATICIEN - PRENOM]", "[DATE INTERVENTION]", "[HEURE INTERVENTION]");
$to = array($url, $praticien->_user_last_name, $praticien->_user_first_name, CMbDT::dateToLocale(CMbDT::date($operation->_datetime_best)), CMbDT::transform($operation->_datetime_best, null, CAppUI::conf("time")));
$subject = str_replace($from, $to, $subject);
$exchange_source->setSubject($subject);
$content = str_replace($from, $to, $content);
<?php
/**
* $Id$
*
* @category Admin
* @package Mediboard
* @author SARL OpenXtrem <*****@*****.**>
* @license GNU General Public License, see http://www.gnu.org/licenses/gpl.html
* @version $Revision$
* @link http://www.mediboard.org
*/
CCanDo::checkEdit();
$token = new CViewAccessToken();
$tokens = $token->loadList();
$smarty = new CSmartyDP();
$smarty->assign("tokens", $tokens);
$smarty->display("inc_list_tokens.tpl");
/**
* Login function, handling standard login, loginas, LDAP connection
* Preferences get loaded on success
*
* @param bool $force_login To allow admin users to login as someone else
*
* @return boolean Job done
*/
static function login($force_login = false)
{
$ldap_connection = CAppUI::conf("admin LDAP ldap_connection");
$allow_login_as_ldap = CAppUI::conf("admin LDAP allow_login_as_admin");
// Login as
$loginas = trim(CValue::request("loginas"));
$passwordas = trim(CValue::request("passwordas"));
// LDAP
$ldap_guid = trim(CValue::get("ldap_guid"));
// Standard login
$username = trim(CValue::request("username"));
$password = trim(CValue::request("password"));
// Token sign-in
$token_hash = trim(CValue::request("token"));
// Test login and password validity
$user = new CUser();
$user->_is_logging = true;
// -------------- Login as: no need to provide a password for administrators
if ($loginas) {
if (self::$instance->user_type != 1 && !$force_login) {
self::setMsg("Auth-failed-loginas-admin", UI_MSG_ERROR);
return false;
}
$username = $loginas;
$password = $ldap_connection ? $passwordas : null;
if (self::$instance->user_type == 1 && $allow_login_as_ldap) {
$password = null;
}
$user->user_username = $username;
$user->_user_password = $password;
} elseif ($ldap_connection && $ldap_guid) {
try {
$user = CLDAP::getFromLDAPGuid($ldap_guid);
} catch (Exception $e) {
self::setMsg($e->getMessage(), UI_MSG_ERROR);
return false;
}
} elseif ($token_hash) {
$token = CViewAccessToken::getByHash($token_hash);
if (!$token->isValid()) {
self::setMsg("Auth-failed-invalidToken", UI_MSG_ERROR);
return false;
}
$token->useIt();
$token->applyParams();
$user->load($token->user_id);
self::$instance->auth_method = "token";
} elseif (self::$auth_info && self::$auth_info->user_id) {
$auth = self::$auth_info;
$user->load($auth->user_id);
self::$instance->auth_method = $auth->auth_method;
} else {
if (!$username) {
self::setMsg("Auth-failed-nousername", UI_MSG_ERROR);
return false;
}
if (!$password) {
self::setMsg("Auth-failed-nopassword", UI_MSG_ERROR);
return false;
}
$user->user_username = $username;
$user->_user_password = $password;
self::$instance->weak_password = self::checkPasswordWeakness($user);
}
if (!$user->_id) {
$user->loadMatchingObject();
self::$instance->auth_method = "basic";
}
// User template case
if ($user->template) {
self::setMsg("Auth-failed-template", UI_MSG_ERROR);
return false;
}
// LDAP case (when not using a ldap_guid), we check is the user in the LDAP directory is still allowed
// TODO we shoud check it when using ldap_guid too
if ($ldap_connection && $username) {
$user_ldap = new CUser();
$user_ldap->user_username = $username;
$user_ldap->loadMatchingObject();
$idex = $user_ldap->loadLastId400(CAppUI::conf("admin LDAP ldap_tag"));
// The user in linked to the LDAP
if ($idex->_id) {
$ldap_guid = $idex->id400;
$user_ldap->_user_password = $password;
$user_ldap->_bound = false;
try {
$user = CLDAP::login($user_ldap, $ldap_guid);
if (!$user->_bound) {
self::setMsg("Auth-failed-combination", UI_MSG_ERROR);
return false;
}
} catch (CMbInvalidCredentialsException $e) {
self::setMsg($e->getMessage(), UI_MSG_WARNING);
return false;
} catch (CMbException $e) {
// No UI_MSG_ERROR nor $e->stepAjax as it needs to run through!
self::setMsg($e->getMessage(), UI_MSG_WARNING);
}
}
}
if (!$user->_bound && !self::checkPasswordAttempt($user)) {
return false;
}
$user->user_login_errors = 0;
$user->store();
// Put user_group in AppUI
self::$instance->user_remote = 1;
$ds = CSQLDataSource::get("std");
// We get the user's group if the Mediusers module is installed
if ($ds->loadTable("users_mediboard") && $ds->loadTable("groups_mediboard")) {
$sql = "SELECT `remote` FROM `users_mediboard` WHERE `user_id` = '{$user->_id}'";
self::$instance->user_remote = $ds->loadResult($sql);
$sql = "SELECT `groups_mediboard`.`group_id`\n FROM `groups_mediboard`, `functions_mediboard`, `users_mediboard`\n WHERE `groups_mediboard`.`group_id` = `functions_mediboard`.`group_id`\n AND `functions_mediboard`.`function_id` = `users_mediboard`.`function_id`\n AND `users_mediboard`.`user_id` = '{$user->_id}'";
self::$instance->user_group = $ds->loadResult($sql);
}
// Test if remote connection is allowed
// Get the client and the proxy IP
$adress = get_remote_address();
self::$instance->ip = $adress["client"];
self::$instance->proxy = $adress["proxy"];
self::$instance->_is_intranet = is_intranet_ip(self::$instance->ip) && self::$instance->ip != self::conf("system reverse_proxy");
if (!self::$instance->_is_intranet && self::$instance->user_remote == 1 && $user->user_type != 1) {
self::setMsg("Auth-failed-user-noremoteaccess", UI_MSG_ERROR);
return false;
}
self::$instance->user_id = $user->_id;
// save the last_login dateTime
CUserAuthentication::logAuth($user);
// <DEPRECATED>
self::$instance->user_first_name = $user->user_first_name;
self::$instance->user_last_name = $user->user_last_name;
self::$instance->user_email = $user->user_email;
self::$instance->user_type = $user->user_type;
self::$instance->user_last_login = $user->getLastLogin();
// </DEPRECATED>
// load the user preferences
self::buildPrefs();
return true;
}
* @package Mediboard
* @subpackage developpement
* @author SARL OpenXtrem <*****@*****.**>
* @license GNU General Public License, see http://www.gnu.org/licenses/gpl.html
* @version $Revision$
*/
CCanDo::checkRead();
$file = CValue::get("file");
list($module, $view) = explode("/", $file, 2);
list($action, $extention) = explode(".", $view);
$user = CUser::get();
$params["m"] = $module;
$params["raw"] = $action;
$params["info"] = 1;
// Could be done throw session cookie forwarding too
$token = new CViewAccessToken();
$token->_spec->loggable = false;
$token->user_id = $user->_id;
$token->params = CMbString::toQuery($params);
$token->datetime_start = "now";
$token->ttl_hours = 1;
$token->store();
$base = CAppUI::conf("base_url");
$url = "{$base}/?token={$token->hash}";
$content = file_get_contents($url);
$token->delete();
// Try and get view properties
if (null == ($props = json_decode($content))) {
CAppUI::stepMessage(UI_MSG_ERROR, "regression_checker-noviewinfo");
return;
}
}
// Update session lifetime
CSessionHandler::setUserDefinedLifetime();
/*
try {
include __DIR__."/classes/CAuth.class.php";
//CAuth::login();
}
catch (AuthenticationFailedException $e) {
CAppUI::setMsg($e->getMessage());
}
*/
// If the user uses a token, his session should not be reset, but only redirected
$token_hash = CValue::get("token");
if ($token_hash) {
$token = CViewAccessToken::getByHash($token_hash);
// If the user is already logged in (in a normal session), keep his session, but use the params
if (CAppUI::$instance->user_id && !CAppUI::$token_expiration) {
if ($token->isValid() && CAppUI::$instance->user_id == $token->user_id) {
$token->useIt();
CAppUI::redirect($token->params);
CApp::rip();
}
} else {
$do_login = true;
}
}
// We force the dialog view if in a token session
if (CAppUI::$token_expiration || $do_login) {
$dialog = 1;
}
