public function update(RESTRequest $request)
{
$data = $request->getData();
if (empty($data)) {
throw new RESTCommandException('HTTP POST data is empty');
}
$allowed_to_update_fields = array_fill_keys(array('login', 'password', 'full_name', 'phone', 'account_number', 'tariff_plan', 'status', 'stb_mac', 'comment', 'end_date', 'account_balance'), true);
$account = array_intersect_key($data, $allowed_to_update_fields);
if (empty($account)) {
throw new RESTCommandException('Insert data is empty');
}
$identifiers = $request->getIdentifiers();
if (count($identifiers) == 0) {
throw new RESTCommandException('Identifier required');
}
$users_ids = $this->getUsersIdsFromIdentifiers($identifiers);
if (count($identifiers) == 1 && count($users_ids) == 0) {
throw new RESTCommandException('Account not found');
}
if (count($identifiers) > 1) {
throw new RESTCommandException('Only one identifier allowed');
}
if (!empty($account['login'])) {
$user = User::getByLogin($account['login']);
if (!empty($user) && ($user->getId() != $users_ids[0] || count($users_ids) > 1)) {
throw new RESTCommandException('Login already in use');
}
}
$result = true;
foreach ($users_ids as $user_id) {
$user = User::getInstance($user_id);
$result = $user->updateAccount($account) && $result;
User::clear();
}
return $result;
}
ob_start();
session_start();
include "./common.php";
Admin::checkAuth();
Admin::checkAccess(AdminAccess::ACCESS_VIEW);
foreach (@$_POST as $key => $value) {
//$_POST[$key] = trim($value);
}
$error = '';
$action_name = 'add';
$action_value = _('Add');
$tariff_plans = Mysql::getInstance()->select('id, name')->from('tariff_plan')->orderby('name')->get()->all();
if (!empty($_POST)) {
if (!empty($_POST['login']) && !empty($_POST['password'])) {
$user = \User::getByLogin($_POST['login']);
if (!empty($_POST['stb_mac'])) {
$mac = Middleware::normalizeMac($_POST['stb_mac']);
$_POST['stb_mac'] = $mac;
if (!$mac) {
$error = _('Error: Not valid mac address');
} else {
$user_by_mac = \User::getByMac($mac);
if (!empty($user_by_mac)) {
$error = _('Error: STB with such MAC address already exists');
}
}
}
if ($error) {
} else {
if (!empty($user)) {
public function getFewRecordsTitle($attrName, $attrValue)
{
if ($attrName == 'roles') {
$builtInRoles = Role::builtInRoles();
if (isset($builtInRoles[$attrValue])) {
return $builtInRoles[$attrValue];
} else {
$role = Role::model()->findByAttributes(array('name' => $attrValue));
if ($role) {
return $role->title;
} else {
return parent::getFewRecordsTitle($attrName, $attrValue);
}
}
} elseif ($attrName == 'login') {
$user = User::getByLogin($attrValue);
if ($user) {
return $user->getFullname();
} else {
return parent::getFewRecordsTitle($attrName, $attrValue);
}
} else {
return parent::getFewRecordsTitle($attrName, $attrValue);
}
}
public function checkUserAuth($username, $password, $mac = null, $serial_number = null, OAuthRequest $request)
{
sleep(1);
// anti brute-force delay
$user = null;
if ($username) {
$user = \User::getByLogin($username);
} elseif (!$password && $mac) {
if ($serial_number) {
$_REQUEST['serial_number'] = $serial_number;
}
if ($request->getVersion()) {
$_REQUEST['version'] = $request->getVersion();
}
if ($request->getDeviceId2()) {
$_REQUEST['device_id2'] = $request->getDeviceId2();
$_REQUEST['signature'] = $request->getSignature();
}
// init user as STB
\Stb::getInstance()->getProfile();
$user = \User::getByMac(\Stb::getInstance()->mac);
}
if (!$user) {
$user = \User::authorizeFromOss($username, $password, $mac);
}
if (!$user) {
return false;
}
$possible_user = $user->getProfile();
if (strlen($possible_user['password']) == 32 && md5(md5($password) . $possible_user['id']) == $possible_user['password'] || strlen($possible_user['password']) < 32 && $password == $possible_user['password']) {
if (\Config::getSafe('oauth_force_mac_check', false) && \Config::getSafe('oauth_force_serial_number_check', false)) {
if ($mac == $possible_user['mac'] && ($serial_number == $possible_user['serial_number'] || $possible_user['serial_number'] == '')) {
$verified_user = $possible_user;
}
} else {
if (\Config::getSafe('oauth_force_mac_check', false)) {
if ($mac == $possible_user['mac']) {
$verified_user = $possible_user;
}
} else {
if (\Config::getSafe('oauth_force_serial_number_check', false)) {
if ($serial_number == $possible_user['serial_number'] || $possible_user['serial_number'] == '') {
$verified_user = $possible_user;
}
} else {
$verified_user = $possible_user;
}
}
}
}
if (!empty($verified_user)) {
$user->setSerialNumber($serial_number);
$user->updateUserInfoFromOSS();
if (\Config::getSafe('bind_stb_auth_and_oauth', true)) {
// invalidate stb access_token
$user->resetAccessToken();
}
}
$user->updateIp();
return !empty($verified_user);
}
public static function authorizeFromOss($login, $password, $mac)
{
$oss_wrapper = OssWrapper::getWrapper();
if (!is_callable(array($oss_wrapper, 'authorize'))) {
return false;
}
$info = $oss_wrapper->authorize($login, $password, $mac);
if (!$info) {
return false;
}
$key_map = array('mac' => 'stb_mac', 'ls' => 'account_number', 'fname' => 'full_name', 'tariff' => 'tariff_plan');
$new_account = array();
foreach ($info as $key => $value) {
if (array_key_exists($key, $key_map)) {
$new_account[$key_map[$key]] = $value;
unset($new_account[$key]);
} else {
$new_account[$key] = $value;
}
}
$login = empty($login) && !empty($info['login']) ? $info['login'] : $login;
$new_account['login'] = $login;
$new_account['password'] = $password;
$user = User::getByLogin($login);
if ($user !== false) {
return $user;
}
$uid = self::createAccount($new_account);
if (!$uid) {
return false;
}
return self::getInstance($uid);
}
<?php
function __autoload($className)
{
$file = "classes" . DIRECTORY_SEPARATOR . "{$className}.php";
require_once $file;
}
//старт сессии
session_start();
//проверка логина и пароля
if ($_POST && isset($_POST['login']) && isset($_POST['password'])) {
$login = $_POST['login'];
$user = User::getByLogin($login);
//Берём данные
//если пароль правильный - записываем логин в сессию
if ($user->password == $_POST['password']) {
$_SESSION['login'] = $login;
header('Location: secure.php');
} else {
echo '<b>Неправильный пароль</b>';
}
}
//$_SESSION['']
?>
<html>
<head>
<meta charset="utf-8" />
<title></title>
</head>
<body>
private function checkLoginAndMac($params)
{
if (empty($params['login'])) {
throw new SoapMissingRequiredParam();
}
if (!empty($params['stb_mac'])) {
$params['stb_mac'] = \Middleware::normalizeMac($params['stb_mac']);
if (empty($params['stb_mac'])) {
throw new SoapWrongMacFormat(__METHOD__, __FILE__ . ':' . __FILE__);
}
$user = \User::getByLogin($params['login']);
if (empty($user) || $user->getMac() != $params['stb_mac']) {
$stb = \Stb::getByMac($params['stb_mac']);
if (!empty($stb)) {
throw new SoapMacAddressInUse(__METHOD__, __FILE__ . ':' . __FILE__);
}
}
}
}
