| public save ( $runValidation = true, $attributes = null, $allow_overriding = false ) |
public static function logAudit($entity, $action, $description)
{
$audit = new Audit();
$audit->date = date('Y-m-d');
$audit->description = $description;
$audit->user = Confide::user()->username;
$audit->entity = $entity;
$audit->action = $action;
$audit->save();
}
/**
* Internal function which will create an audit record for the object that was
* being tracked.
*
* @param string $object The name of the object that was being tracked.
* @param mixed $object_key The primary key of the object that was being tracked.
* @param string $changes A (serialized) string containing the individual changes of the object.
* @param string $query The SQL query that was executed for this record.
* @param string $type The audit type. This can be one of the following constants:
* TYPE_ADD, TYPE_UPDATE, TYPE_DELETE, or TYPE_SELECT
* @return void
*/
private function save($object, $object_key, $changes, $query, $type, $domain_id = 0)
{
$audit = new Audit();
$audit->setRemoteIpAddress($this->getRemoteIP());
$audit->setObject($object);
$audit->setObjectKey($object_key);
$audit->setDomainId($domain_id);
$audit->setObjectChanges($changes);
$audit->setQuery($query);
$audit->setType($type);
$audit->setCreatedAt(date($this->dateFormat));
$audit->save();
}
public static function add($target, $action, $data = null, $log_message = null, $properties = array())
{
if (!($_target = AuditType::model()->find('name=?', array($target)))) {
$_target = new AuditType();
$_target->name = $target;
if (!$_target->save()) {
throw new Exception("Unable to save audit target: " . print_r($_target->getErrors(), true));
}
}
if (!($_action = AuditAction::model()->find('name=?', array($action)))) {
$_action = new AuditAction();
$_action->name = $action;
if (!$_action->save()) {
throw new Exception("Unable to save audit action: " . print_r($_action->getErrors(), true));
}
}
$audit = new Audit();
$audit->type_id = $_target->id;
$audit->action_id = $_action->id;
$audit->data = $data;
if (!isset($properties['user_id'])) {
if (Yii::app()->session['user']) {
$properties['user_id'] = Yii::app()->session['user']->id;
}
}
if (isset($properties['module'])) {
if ($et = EventType::model()->find('class_name=?', array($properties['module']))) {
$properties['event_type_id'] = $et->id;
} else {
if (!($module = AuditModule::model()->find('name=?', array($properties['module'])))) {
$module = new AuditModule();
$module->name = $properties['module'];
if (!$module->save()) {
throw new Exception("Unable to create audit_module: " . print_r($module->getErrors(), true));
}
}
$properties['module_id'] = $module->id;
}
unset($properties['module']);
}
if (isset($properties['model'])) {
if (!($model = AuditModel::model()->find('name=?', array($properties['model'])))) {
$model = new AuditModel();
$model->name = $properties['model'];
if (!$model->save()) {
throw new Exception("Unable to save audit_model: " . print_r($model->getErrors(), true));
}
}
$properties['model_id'] = $model->id;
unset($properties['model']);
}
foreach ($properties as $key => $value) {
$audit->{$key} = $value;
}
if (!$audit->save()) {
throw new Exception("Failed to save audit entry: " . print_r($audit->getErrors(), true));
}
if (isset($properties['user_id'])) {
$username = User::model()->findByPk($properties['user_id'])->username;
}
$log_message && OELog::log($log_message, @$username);
return $audit;
}
/**
* Authenticates a user.
*
* Uses either BASIC or LDAP authentication. BASIC authenticates against
* the openeyes DB. LDAP uses whichever LDAP is specified in the params.php
* config file.
*
* @return boolean whether authentication succeeds.
* @throws
*/
public function authenticate($force = false)
{
if (!in_array(Yii::app()->params['ldap_method'], array('native', 'zend'))) {
throw new Exception('Unsupported LDAP authentication method: ' . Yii::app()->params['ldap_method'] . ', please use native or zend.');
}
Yii::app()->event->dispatch('user_before_login', array('username' => $this->username));
/**
* Usernames are case sensitive
*/
$user = User::model()->find('username = ?', array($this->username));
if ($user === null) {
Audit::add('login', 'login-failed', null, "User not found in local database: {$this->username}");
$this->errorCode = self::ERROR_USERNAME_INVALID;
return false;
} elseif (!$force && $user->active != 1) {
$user->audit('login', 'login-failed', null, "User not active and so cannot login: {$this->username}");
$this->errorCode = self::ERROR_USER_INACTIVE;
return false;
} elseif (!$force && !Yii::app()->getAuthManager()->checkAccess('OprnLogin', $user->id)) {
$user->audit('login', 'login-failed', "User has not been assigned OprnLogin and so cannot login: {$this->username}", true);
$this->errorCode = self::ERROR_USER_INACTIVE;
return false;
}
if (in_array($user->username, Yii::app()->params['local_users'])) {
Yii::app()->params['auth_source'] = 'BASIC';
}
$this->password = utf8_decode($this->password);
/**
* Here we diverge depending on the authentication source.
*/
if (Yii::app()->params['auth_source'] == 'LDAP') {
/**
* Required for LDAP authentication
*/
if (Yii::app()->params['ldap_method'] == 'zend') {
Yii::import('application.vendors.*');
require_once 'Zend/Ldap.php';
/**
* Check with LDAP for authentication
*/
$options = array('host' => Yii::app()->params['ldap_server'], 'port' => Yii::app()->params['ldap_port'], 'username' => Yii::app()->params['ldap_admin_dn'], 'password' => Yii::app()->params['ldap_password'], 'baseDn' => Yii::app()->params['ldap_admin_dn'], 'useStartTls' => false);
$ldap = $this->getLdap($options);
/**
* Try and bind to the login details provided. This indicates if
* the user is in LDAP.
*/
try {
$ldap->bind("cn=" . $this->username . "," . Yii::app()->params['ldap_dn'], $this->password);
} catch (Exception $e) {
/**
* User not authenticated via LDAP
*/
$audit = new Audit();
$audit->action = "login-failed";
$audit->target_type = "login";
$audit->user_id = $user->id;
$audit->data = "Login failed for user {$this->username}: LDAP authentication failed: " . $e->getMessage() . ": " . $this->username;
$audit->save();
OELog::log("Login failed for user {$this->username}: LDAP authentication failed: " . $e->getMessage(), $this->username);
$this->errorCode = self::ERROR_USERNAME_INVALID;
return false;
}
/**
* User is in LDAP, get their details.
*/
$info = $ldap->getEntry("cn=" . $this->username . "," . Yii::app()->params['ldap_dn'], array('givenname', 'sn', 'mail'));
} else {
if (!($link = ldap_connect(Yii::app()->params['ldap_server']))) {
throw new Exception('Unable to connect to LDAP server.');
}
ldap_set_option($link, LDAP_OPT_NETWORK_TIMEOUT, Yii::app()->params['ldap_native_timeout']);
if (!@ldap_bind($link, "cn={$this->username}," . Yii::app()->params['ldap_dn'], $this->password)) {
$audit = new Audit();
$audit->action = "login-failed";
$audit->target_type = "login";
$audit->user_id = $user->id;
$audit->data = "Login failed for user {$this->username}: LDAP authentication failed: " . ldap_error($link);
$audit->save();
OELog::log("Login failed for user {$this->username}: LDAP authentication failed: " . ldap_error($link));
$this->errorCode = self::ERROR_USERNAME_INVALID;
return false;
}
$attempts = isset(Yii::app()->params['ldap_info_retries']) ? Yii::app()->params['ldap_info_retries'] : 1;
for ($i = 0; $i < $attempts; $i++) {
if ($i > 0 && isset(Yii::app()->params['ldap_info_retry_delay'])) {
sleep(Yii::app()->params['ldap_info_retry_delay']);
}
$sr = ldap_search($link, "cn={$this->username}," . Yii::app()->params['ldap_dn'], "cn={$this->username}");
$info = ldap_get_entries($link, $sr);
if (isset($info[0])) {
break;
}
}
if (!isset($info[0])) {
throw new Exception("Failed to retrieve ldap info for user {$user->username}: " . ldap_error($link) . " [" . print_r($info, true) . "]");
}
$info = $info[0];
}
/**
* Update user db record with details from LDAP.
*/
if (Yii::app()->params['ldap_update_name']) {
if (isset($info['givenname'][0])) {
$user->first_name = $info['givenname'][0];
}
if (isset($info['sn'][0])) {
$user->last_name = $info['sn'][0];
}
}
if (Yii::app()->params['ldap_update_email']) {
if (isset($info['mail'][0])) {
$user->email = $info['mail'][0];
}
}
if (!$user->save()) {
$user->audit('login', 'login-failed', null, "Login failed for user {$this->username}: unable to update user with details from LDAP: " . print_r($user->getErrors(), true));
throw new SystemException('Unable to update user with details from LDAP: ' . print_r($user->getErrors(), true));
}
} elseif (Yii::app()->params['auth_source'] == 'BASIC') {
if (!$force && !$user->validatePassword($this->password)) {
$this->errorCode = self::ERROR_PASSWORD_INVALID;
$user->audit('login', 'login-failed', null, "Login failed for user {$this->username}: invalid password");
return false;
}
} else {
/**
* Unknown auth_source, error
*/
$user->audit('login', 'login-failed', null, "Login failed for user {$this->username}: unknown auth source: " . Yii::app()->params['auth_source']);
throw new SystemException('Unknown auth_source: ' . Yii::app()->params['auth_source']);
}
$this->_id = $user->id;
$this->username = $user->username;
$this->errorCode = self::ERROR_NONE;
// Get all the user's firms and put them in a session
$app = Yii::app();
$firms = array();
foreach ($user->getAvailableFirms() as $firm) {
$firms[$firm->id] = $this->firmString($firm);
}
if (!count($firms)) {
$user->audit('login', 'login-failed', null, "Login failed for user {$this->username}: user has no firm rights and cannot use the system");
throw new Exception('User has no firm rights and cannot use the system.');
}
natcasesort($firms);
$app->session['user'] = $user;
$app->session['firms'] = $firms;
reset($firms);
// Select firm
if ($user->last_firm_id) {
$app->session['selected_firm_id'] = $user->last_firm_id;
} elseif (count($user->firms)) {
// Set the firm to one the user is associated with
$userFirms = $user->firms;
$app->session['selected_firm_id'] = $userFirms[0]->id;
} else {
// The user doesn't have firms of their own to select from so we select
// one arbitrarily
$app->session['selected_firm_id'] = key($firms);
}
// Select site
if ($user->last_site_id) {
$app->session['selected_site_id'] = $user->last_site_id;
} elseif ($default_site = Site::model()->getDefaultSite()) {
$app->session['selected_site_id'] = $default_site->id;
} else {
throw new CException('Cannot find default site');
}
$user->audit('login', 'login-successful', null, "User " . strtoupper($this->username) . " logged in");
return true;
}
| application. Here you may also register your custom route filters.
|
*/
App::before(function ($request) {
});
App::after(function ($request, $response) {
//
});
Event::listen('audit', function ($entity, $action, $description) {
$audit = new Audit();
$audit->date = date('Y-m-d');
$audit->description = $description;
$audit->user = Confide::user()->username;
$audit->entity = $entity;
$audit->action = $action;
$audit->save();
});
Route::filter('limit', function () {
$organization = Organization::find(1);
$members = count(Member::all());
if ($organization->licensed <= $members) {
return View::make('members.memberlimit');
}
});
Route::filter('license', function () {
$organization = Organization::find(1);
$string = $organization->name;
$license_key = $organization->license_key;
$license_code = $organization->license_code;
$validate = $organization->license_key_validator($license_key, $license_code, $string);
if ($validate) {
/**
* Description: logs an audit on the database,
* ¡¡ assumes that there is an active transaction !!
* @param type $user
* @param type $dateTime
* @param type $object
* @param type $operation
* @param type $description
* @throws \Exception
*/
public function logAudit($user, $dateTime, $object, $operation, $description)
{
$a = new Audit();
$a->description = $description;
$a->date_time = $dateTime->getTimestamp();
$a->user = $user;
$a->object = $object;
$a->operation = $operation;
if (!$a->save()) {
throw new \Exception("Error logging audit: " + CJSON::encode($a->getErrors()));
}
}
