/**
* Check if the user is already authentified, if yes, then performs some additional validations to redirect towards the desired "portal"
* @param string|null $sRequestedPortalId The requested "portal" interface, null for any
* @param bool $bMustBeAdmin Whether or not the user must be an admin to access the current page
* @param int iOnExit What action to take if the user is not logged on (one of the class constants EXIT_...)
*/
static function DoLoginEx($sRequestedPortalId = null, $bMustBeAdmin = false, $iOnExit = self::EXIT_PROMPT)
{
$operation = utils::ReadParam('loginop', '');
$sMessage = self::HandleOperations($operation);
// May exit directly
$iRet = self::Login($iOnExit);
if ($iRet == self::EXIT_CODE_OK) {
if ($bMustBeAdmin && !UserRights::IsAdministrator()) {
if ($iOnExit == self::EXIT_RETURN) {
return self::EXIT_CODE_MUSTBEADMIN;
} else {
require_once APPROOT . '/setup/setuppage.class.inc.php';
$oP = new SetupPage(Dict::S('UI:PageTitle:FatalError'));
$oP->add("<h1>" . Dict::S('UI:Login:Error:AccessAdmin') . "</h1>\n");
$oP->p("<a href=\"" . utils::GetAbsoluteUrlAppRoot() . "pages/logoff.php\">" . Dict::S('UI:LogOffMenu') . "</a>");
$oP->output();
exit;
}
}
$iRet = call_user_func(array(self::$sHandlerClass, 'ChangeLocation'), $sRequestedPortalId, $iOnExit);
}
if ($iOnExit == self::EXIT_RETURN) {
return $iRet;
} else {
return $sMessage;
}
}
$oLog->DBInsertNoReload();
} catch (Exception $e) {
IssueLog::Error("Failed to log issue into the DB");
}
}
IssueLog::Error($e->getMessage());
}
// For debugging only
//throw $e;
} catch (Exception $e) {
require_once APPROOT . '/setup/setuppage.class.inc.php';
$oP = new SetupPage(Dict::S('UI:PageTitle:FatalError'));
$oP->add("<h1>" . Dict::S('UI:FatalErrorMessage') . "</h1>\n");
$oP->error(Dict::Format('UI:Error_Details', $e->getMessage()));
//$oP->p($e->getTraceAsString());
$oP->output();
if (MetaModel::IsLogEnabledIssue()) {
if (MetaModel::IsValidClass('EventIssue')) {
try {
$oLog = new EventIssue();
$oLog->Set('message', $e->getMessage());
$oLog->Set('userinfo', '');
$oLog->Set('issue', 'PHP Exception');
$oLog->Set('impact', 'Page could not be displayed');
$oLog->Set('callstack', $e->getTrace());
$oLog->Set('data', array());
$oLog->DBInsertNoReload();
} catch (Exception $e) {
IssueLog::Error("Failed to log issue into the DB");
}
}
/**
* Displays the specified 'step' of the wizard
* @param WizardStep $oStep The 'step' to display
*/
protected function DisplayStep(WizardStep $oStep)
{
$oPage = new SetupPage($oStep->GetTitle());
if ($oStep->RequiresWritableConfig()) {
$sConfigFile = utils::GetConfigFilePath();
if (file_exists($sConfigFile)) {
// The configuration file already exists
if (!is_writable($sConfigFile)) {
$oP = new SetupPage('Installation Cannot Continue');
$oP->add("<h2>Fatal error</h2>\n");
$oP->error("<b>Error:</b> the configuration file '" . $sConfigFile . "' already exists and cannot be overwritten.");
$oP->p("The wizard cannot modify the configuration file for you. If you want to upgrade " . ITOP_APPLICATION . ", make sure that the file '<b>" . realpath($sConfigFile) . "</b>' can be modified by the web server.");
$oP->output();
return;
}
}
}
$oPage->add_linked_script('../setup/setup.js');
$oPage->add_script("function CanMoveForward()\n{\n" . $oStep->JSCanMoveForward() . "\n}\n");
$oPage->add_script("function CanMoveBackward()\n{\n" . $oStep->JSCanMoveBackward() . "\n}\n");
$oPage->add('<form id="wiz_form" method="post">');
$oStep->Display($oPage);
// Add the back / next buttons and the hidden form
// to store the parameters
$oPage->add('<input type="hidden" id="_class" name="_class" value="' . get_class($oStep) . '"/>');
$oPage->add('<input type="hidden" id="_state" name="_state" value="' . $oStep->GetState() . '"/>');
foreach ($this->aParameters as $sCode => $value) {
$oPage->add('<input type="hidden" name="_params[' . $sCode . ']" value="' . htmlentities($value, ENT_QUOTES, 'UTF-8') . '"/>');
}
$oPage->add('<input type="hidden" name="_steps" value="' . htmlentities(json_encode($this->aSteps), ENT_QUOTES, 'UTF-8') . '"/>');
$oPage->add('<table style="width:100%;"><tr>');
if (count($this->aSteps) > 0 && $oStep->CanMoveBackward()) {
$oPage->add('<td style="text-align: left"><button id="btn_back" type="submit" name="operation" value="back"> << Back </button></td>');
}
if ($oStep->CanMoveForward()) {
$oPage->add('<td style="text-align:right;"><button id="btn_next" class="default" type="submit" name="operation" value="next">' . htmlentities($oStep->GetNextButtonLabel(), ENT_QUOTES, 'UTF-8') . '</button></td>');
}
$oPage->add('</tr></table>');
$oPage->add("</form>");
$oPage->add('<div id="async_action" style="display:none;overflow:auto;max-height:100px;color:#F00;font-size:small;"></div>');
// The div may become visible in case of error
// Hack to have the "Next >>" button, be the default button, since the first submit button in the form is the default one
$oPage->add_ready_script(<<<EOF
\$('form').each(function () {
\tvar thisform = \$(this);
\t\tthisform.prepend(thisform.find('button.default').clone().removeAttr('id').removeAttr('disabled').css({
\t\tposition: 'absolute',
\t\tleft: '-999px',
\t\ttop: '-999px',
\t\theight: 0,
\t\twidth: 0
\t}));
});
\$('#btn_back').click(function() { \$('#wiz_form').data('back', true); });
\$('#wiz_form').submit(function() {
\tif (\$(this).data('back'))
\t{
\t\treturn CanMoveBackward();
\t}
\telse
\t{
\t\treturn CanMoveForward();
\t}
});
\$('#wiz_form').data('back', false);
WizardUpdateButtons();
EOF
);
$oPage->output();
}
/**
* Check if the user is already authentified, if yes, then performs some additional validations:
* - if $bMustBeAdmin is true, then the user must be an administrator, otherwise an error is displayed
* - if $bIsAllowedToPortalUsers is false and the user has only access to the portal, then the user is redirected to the portal
* @param bool $bMustBeAdmin Whether or not the user must be an admin to access the current page
* @param bool $bIsAllowedToPortalUsers Whether or not the current page is considered as part of the portal
* @param int iOnExit What action to take if the user is not logged on (one of the class constants EXIT_...)
*/
static function DoLogin($bMustBeAdmin = false, $bIsAllowedToPortalUsers = false, $iOnExit = self::EXIT_PROMPT)
{
$sMessage = '';
// In case we need to return a message to the calling web page
$operation = utils::ReadParam('loginop', '');
if ($operation == 'logoff') {
if (isset($_SESSION['login_mode'])) {
$sLoginMode = $_SESSION['login_mode'];
} else {
$aAllowedLoginTypes = MetaModel::GetConfig()->GetAllowedLoginTypes();
if (count($aAllowedLoginTypes) > 0) {
$sLoginMode = $aAllowedLoginTypes[0];
} else {
$sLoginMode = 'form';
}
}
self::ResetSession();
$oPage = self::NewLoginWebPage();
$oPage->DisplayLoginForm($sLoginMode, false);
$oPage->output();
exit;
} else {
if ($operation == 'forgot_pwd') {
$oPage = self::NewLoginWebPage();
$oPage->DisplayForgotPwdForm();
$oPage->output();
exit;
} else {
if ($operation == 'forgot_pwd_go') {
$oPage = self::NewLoginWebPage();
$oPage->ForgotPwdGo();
$oPage->output();
exit;
} else {
if ($operation == 'reset_pwd') {
$oPage = self::NewLoginWebPage();
$oPage->DisplayResetPwdForm();
$oPage->output();
exit;
} else {
if ($operation == 'do_reset_pwd') {
$oPage = self::NewLoginWebPage();
$oPage->DoResetPassword();
$oPage->output();
exit;
} else {
if ($operation == 'change_pwd') {
$sAuthUser = $_SESSION['auth_user'];
UserRights::Login($sAuthUser);
// Set the user's language
$oPage = self::NewLoginWebPage();
$oPage->DisplayChangePwdForm();
$oPage->output();
exit;
}
}
}
}
}
}
if ($operation == 'do_change_pwd') {
$sAuthUser = $_SESSION['auth_user'];
UserRights::Login($sAuthUser);
// Set the user's language
$sOldPwd = utils::ReadPostedParam('old_pwd', '', false, 'raw_data');
$sNewPwd = utils::ReadPostedParam('new_pwd', '', false, 'raw_data');
if (UserRights::CanChangePassword() && (!UserRights::CheckCredentials($sAuthUser, $sOldPwd) || !UserRights::ChangePassword($sOldPwd, $sNewPwd))) {
$oPage = self::NewLoginWebPage();
$oPage->DisplayChangePwdForm(true);
// old pwd was wrong
$oPage->output();
exit;
}
$sMessage = Dict::S('UI:Login:PasswordChanged');
}
$iRet = self::Login($iOnExit);
if ($iRet == self::EXIT_CODE_OK) {
if ($bMustBeAdmin && !UserRights::IsAdministrator()) {
if ($iOnExit == self::EXIT_RETURN) {
return self::EXIT_CODE_MUSTBEADMIN;
} else {
require_once APPROOT . '/setup/setuppage.class.inc.php';
$oP = new SetupPage(Dict::S('UI:PageTitle:FatalError'));
$oP->add("<h1>" . Dict::S('UI:Login:Error:AccessAdmin') . "</h1>\n");
$oP->p("<a href=\"" . utils::GetAbsoluteUrlAppRoot() . "pages/logoff.php\">" . Dict::S('UI:LogOffMenu') . "</a>");
$oP->output();
exit;
}
}
$iRet = call_user_func(array(self::$sHandlerClass, 'ChangeLocation'), $bIsAllowedToPortalUsers, $iOnExit);
}
if ($iOnExit == self::EXIT_RETURN) {
return $iRet;
} else {
return $sMessage;
}
}
