Beispiel #1
0
function authuser($dbhost, $dbport, $dbuser, $dbpasswd, $dbname, $cookie)
{
    $db = new myDB($dbhost, $dbuser, $dbpasswd, $dbname, $dbport);
    //Hat sich ein User angemeldet
    $sql = "select sc.session_id,u.id,u.login from auth.session_content sc left join auth.\"user\" u on ";
    $sql .= "(E'--- ' || u.login || chr(10) )=sc.sess_value left join auth.session s on s.id=sc.session_id ";
    $sql .= "where session_id = '{$cookie}' and sc.sess_key='login'";
    $rs = $db->getAll($sql);
    if (count($rs) != 1) {
        // Garnicht mit ERP angemeldet oder zu viele Sessions, sollte die ERP drauf achten
        unset($_SESSION);
        $Url = preg_replace("^crm/.*^", "", $_SERVER['REQUEST_URI']);
        header("location:" . $Url . "controller.pl?action=LoginScreen/user_login");
    }
    $auth = array();
    $uid = $rs[0]["id"];
    $auth["login"] = $rs[0]["login"];
    $sql = "select * from auth.user_config where user_id=" . $uid;
    $rs = $db->getAll($sql);
    $keys = array("countrycode", "stylesheet", "vclimit", "signature", "email", "tel", "fax", "name");
    foreach ($rs as $row) {
        if (in_array($row["cfg_key"], $keys)) {
            $auth[$row["cfg_key"]] = $row["cfg_value"];
        }
    }
    $auth["lang"] = $auth["countrycode"] != '' ? $auth["countrycode"] : 'en';
    $auth["stylesheet"] = substr($auth["stylesheet"], 0, -4);
    //Welcer Mandant ist verbunden
    $sql = "SELECT sess_value FROM auth.session_content WHERE session_id = '{$cookie}' and sess_key='client_id'";
    $rs = $db->getOne($sql);
    $mandant = substr($rs['sess_value'], 4);
    $sql = 'SELECT id as manid,name as mandant,dbhost,dbport,dbname,dbuser,dbpasswd FROM auth.clients WHERE id = ' . $mandant;
    $rs = $db->getOne($sql);
    $auth = array_merge($auth, $rs);
    //Eine der Gruppen des Users darf sales_all_edit
    $sql = "SELECT granted from auth.group_rights G where G.right = 'sales_all_edit' ";
    $sql .= "and G.group_id in (select group_id from auth.user_group where user_id = " . $uid . ")";
    $rs3 = $db->getAll($sql);
    $auth["sales_edit_all"] = 'f';
    if ($rs3) {
        foreach ($rs3 as $row) {
            if ($row["granted"] == 't') {
                $auth["sales_edit_all"] = 't';
                break;
            }
        }
    }
    // Ist der User ein CRM-Supervisor?
    $sql = "SELECT count(*) as cnt from auth.user_group left join auth.group on id=group_id where name = 'CRMTL' and user_id = " . $uid;
    $rs = $db->getOne($sql);
    $auth['CRMTL'] = $rs['cnt'];
    //Session update
    $sql = "update auth.session set mtime = '" . date("Y-M-d H:i:s.100001") . "' where id = '" . $cookie . "'";
    $db->query($sql, "authuser_3");
    //Token lesen
    $sql = "SELECT * FROM auth.session WHERE id = '" . $cookie . "'";
    $rsa = $db->getOne($sql);
    $auth['token'] = $rsa['api_token'];
    return $auth;
}
Beispiel #2
0
function authuser($dbhost, $dbport, $dbuser, $dbpasswd, $dbname, $cookie)
{
    $db = new myDB($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, true);
    $sql = "select sc.session_id,u.id from auth.session_content sc left join auth.user u on ";
    $sql .= "u.login=sc.sess_value left join auth.session s on s.id=sc.session_id ";
    $sql .= "where session_id = '{$cookie}' and sc.sess_key='login'";
    // order by s.mtime desc";
    $rs = $db->getAll($sql, "authuser_1");
    if (!$rs) {
        return false;
    }
    $stmp = "";
    if (count($rs) > 1) {
        header("location:../login.pl?action=logout");
        /*foreach($rs as $row) {
                  $stmp.=$row["session_id"].",";
          }
          $sql1="delete from session where id in (".substr($stmp,-1).")";
          $sql2="delete from session_content where session_id in (".substr($stmp,-1).")";
          $db->query($sql1,"authuser_A");
          $db->query($sql2,"authuser_B");
          $sql3="insert into session ";*/
    }
    $sql = "select * from auth.user where id=" . $rs[0]["id"];
    $rs1 = $db->getAll($sql, "authuser_1");
    if (!$rs1) {
        return false;
    }
    $auth = array();
    $auth["login"] = $rs1[0]["login"];
    $sql = "select * from auth.user_config where user_id=" . $rs[0]["id"];
    $rs1 = $db->getAll($sql, "authuser_2");
    $keys = array("dbname", "dbpasswd", "dbhost", "dbport", "dbuser");
    foreach ($rs1 as $row) {
        if (in_array($row["cfg_key"], $keys)) {
            $auth[$row["cfg_key"]] = $row["cfg_value"];
        }
    }
    $sql = "update auth.session set mtime = '" . date("Y-M-d H:i:s.100001") . "' where id = '" . $rs[0]["session_id"] . "'";
    $db->query($sql, "authuser_3");
    return $auth;
}