/** * Index page lists all system users. * * @access public */ public function indexAction() { // Get all users this user is a parent of $this->view->users = $this->user->getUsers(); if ($this->request->isPost()) { // See if they are switching into another user $actiontype = $this->request->getParam('actiontype'); if ($actiontype == 'switchuser') { // Get the switch users id $switchuser = (int) $this->request->getParam('switchuser'); // $createuser = (int) $this->request->getParam('createuser'); // Build the switch user to see if it is a valid id $user = new Application_Model_User($switchuser); if ($user->isValid()) { // Only switch into users the current user is a parent of if ($this->user->isSuperAdmin() || $this->user->isParentOf($switchuser)) { // change the session info to have the new user // horrible action starts here $this->session->asUser($switchuser); $this->session->lastUser($this->user->getId()); // This is here so admins can log into their customers accounts // and import numbers for them, as regular users are not allowed // to import. Probably can figure out a better way to handle this. $this->session->canImport = true; $this->session->isAdmin = true; // direct to the dashboard $this->_redirect('/'); } } } } }
/** * Starts a session for a request * * @access public * @return boolean */ public function start() { // Get our request data $sessionid = $this->getIdFromRequest(); // Check our session id for validity if (!$this->idIsValid($sessionid)) { $sessionid = ''; } // Now see if there is a session id if ($sessionid) { // Set that ID into this object $this->id = $sessionid; // Load up this object with any session data we have if any is found $this->load(); // Now see if there is a user if (is_numeric($this->userid) && $this->userid > 0) { // see if they are trying to switch back if (isset($_POST['switchback'])) { // Make sure we have a lastUser set in the session if ($this->lastUser) { // Save who we just were //$this->lastUser = $this->userid; // Set the last user id $this->userid = $this->lastUser; // Remove the asUser value $this->asUser = null; $this->lastUser = null; } } else { // Now see if this session is a user acting as another user if (!empty($this->asUser)) { if ($this->lastUser == null) { $this->lastUser = $this->userid; } $this->userid = $this->asUser; } } // Now get the user associated with this session $this->user = new Application_Model_User((int) $this->userid); // Register the user to the registry so we can access it elsewhere Zend_Registry::set('user', $this->user); // We have a user in the session, do they exist in the user table if ($this->user->isValid()) { // Yes they do, check their IP before moving on if (substr($this->requestip, 0, 6) == substr($this->ip, 0, 6)) { // Our IPs match (mostly) so carry on $this->set('sendingpage', $this->page); $this->set('sendingaction', $this->action); $this->setPageAndAction(); $this->setTimeCheck(); $this->setLoggedInStatus(); //die($this->loggedIn()); // Update the users last session timestamp now //$this->user->lastSessionTimestamp(date('M d Y g:iA', $this->requesttime), true); // Set our cookie for fetching information next go round setcookie($this->cookiename['id'], $this->id, 0, $this->settings->cookiepath, $this->settings->cookiedomain, $this->settings->cookiesecure); // Set the append session id $this->setAppendSessionId(); // error on save return true; } else { $this->error = 'The current IP address does not match your previous address.'; } } else { $this->error = "User could not be verified: {$this->user->error}"; } } else { // No user, but if there is a userid in the session data, we need to kill this session if (isset($this->sessiondata['userid']) && $this->sessiondata['userid'] > 0) { $this->end($this->sessiondata['userid']); } } } // If we are here we had no session id so we need to create one $userid = isset($this->sessiondata['userid']) ? $this->sessiondata['userid'] : -1; // Create a new session and move on if ($this->create($userid)) { $this->set('sendingpage', ''); $this->set('sendingaction', ''); $this->setPageAndAction(); $this->setTimeCheck(); return true; } return false; }
/** * Every entity must be accessed with a User model (which is also an * entity). This will determine whether the user requesting the entity * has permission to or not. * * @access public * @param Application_Model_User $user User model accessing this entity * @param int $id ID of the entity being requested [optional] */ public function __construct(Application_Model_User $user, $id = null, $loadby = 'id') { // Get our type id up front $this->_setTypeId(); // A user is required to be passed for all entity types other than the User entity. if (!$user->isValid()) { $this->error = 'A valid user model must be passed to access any entities.'; return false; } $this->user = $user; // Standardize the loadby var $loadby = strtolower($loadby); // If an entity id was passed, load its existing data/profile if (!empty($loadby) && $loadby !== 'id') { $this->loadEntityBy($loadby, $id); } else { // Load by id if ($id) { $this->id = $id; $this->loadEntityById($this->id); } } }