/**
* Index page lists all system users.
*
* @access public
*/
public function indexAction()
{
// Get all users this user is a parent of
$this->view->users = $this->user->getUsers();
if ($this->request->isPost()) {
// See if they are switching into another user
$actiontype = $this->request->getParam('actiontype');
if ($actiontype == 'switchuser') {
// Get the switch users id
$switchuser = (int) $this->request->getParam('switchuser');
// $createuser = (int) $this->request->getParam('createuser');
// Build the switch user to see if it is a valid id
$user = new Application_Model_User($switchuser);
if ($user->isValid()) {
// Only switch into users the current user is a parent of
if ($this->user->isSuperAdmin() || $this->user->isParentOf($switchuser)) {
// change the session info to have the new user // horrible action starts here
$this->session->asUser($switchuser);
$this->session->lastUser($this->user->getId());
// This is here so admins can log into their customers accounts
// and import numbers for them, as regular users are not allowed
// to import. Probably can figure out a better way to handle this.
$this->session->canImport = true;
$this->session->isAdmin = true;
// direct to the dashboard
$this->_redirect('/');
}
}
}
}
}
/**
* Starts a session for a request
*
* @access public
* @return boolean
*/
public function start()
{
// Get our request data
$sessionid = $this->getIdFromRequest();
// Check our session id for validity
if (!$this->idIsValid($sessionid)) {
$sessionid = '';
}
// Now see if there is a session id
if ($sessionid) {
// Set that ID into this object
$this->id = $sessionid;
// Load up this object with any session data we have if any is found
$this->load();
// Now see if there is a user
if (is_numeric($this->userid) && $this->userid > 0) {
// see if they are trying to switch back
if (isset($_POST['switchback'])) {
// Make sure we have a lastUser set in the session
if ($this->lastUser) {
// Save who we just were
//$this->lastUser = $this->userid;
// Set the last user id
$this->userid = $this->lastUser;
// Remove the asUser value
$this->asUser = null;
$this->lastUser = null;
}
} else {
// Now see if this session is a user acting as another user
if (!empty($this->asUser)) {
if ($this->lastUser == null) {
$this->lastUser = $this->userid;
}
$this->userid = $this->asUser;
}
}
// Now get the user associated with this session
$this->user = new Application_Model_User((int) $this->userid);
// Register the user to the registry so we can access it elsewhere
Zend_Registry::set('user', $this->user);
// We have a user in the session, do they exist in the user table
if ($this->user->isValid()) {
// Yes they do, check their IP before moving on
if (substr($this->requestip, 0, 6) == substr($this->ip, 0, 6)) {
// Our IPs match (mostly) so carry on
$this->set('sendingpage', $this->page);
$this->set('sendingaction', $this->action);
$this->setPageAndAction();
$this->setTimeCheck();
$this->setLoggedInStatus();
//die($this->loggedIn());
// Update the users last session timestamp now
//$this->user->lastSessionTimestamp(date('M d Y g:iA', $this->requesttime), true);
// Set our cookie for fetching information next go round
setcookie($this->cookiename['id'], $this->id, 0, $this->settings->cookiepath, $this->settings->cookiedomain, $this->settings->cookiesecure);
// Set the append session id
$this->setAppendSessionId();
// error on save
return true;
} else {
$this->error = 'The current IP address does not match your previous address.';
}
} else {
$this->error = "User could not be verified: {$this->user->error}";
}
} else {
// No user, but if there is a userid in the session data, we need to kill this session
if (isset($this->sessiondata['userid']) && $this->sessiondata['userid'] > 0) {
$this->end($this->sessiondata['userid']);
}
}
}
// If we are here we had no session id so we need to create one
$userid = isset($this->sessiondata['userid']) ? $this->sessiondata['userid'] : -1;
// Create a new session and move on
if ($this->create($userid)) {
$this->set('sendingpage', '');
$this->set('sendingaction', '');
$this->setPageAndAction();
$this->setTimeCheck();
return true;
}
return false;
}
/**
* Every entity must be accessed with a User model (which is also an
* entity). This will determine whether the user requesting the entity
* has permission to or not.
*
* @access public
* @param Application_Model_User $user User model accessing this entity
* @param int $id ID of the entity being requested [optional]
*/
public function __construct(Application_Model_User $user, $id = null, $loadby = 'id')
{
// Get our type id up front
$this->_setTypeId();
// A user is required to be passed for all entity types other than the User entity.
if (!$user->isValid()) {
$this->error = 'A valid user model must be passed to access any entities.';
return false;
}
$this->user = $user;
// Standardize the loadby var
$loadby = strtolower($loadby);
// If an entity id was passed, load its existing data/profile
if (!empty($loadby) && $loadby !== 'id') {
$this->loadEntityBy($loadby, $id);
} else {
// Load by id
if ($id) {
$this->id = $id;
$this->loadEntityById($this->id);
}
}
}
