public function __construct($param, $config, $db = "")
{
$server = "dcatvi05.tmw.ac.at";
$param->set("current_time", iso(time()));
// autentification
$auth = new LDAP($server);
//==========================================================
switch ($param->cmd()) {
/*****************************************
* autentification: log in
*/
case "login":
# replace . to whitespace
$user = str_replace(".", " ", $param->user());
# if user and password -> try login
if ($user and $param->password()) {
# log in
if ($auth->login($user, $param->password())) {
$_SESSION["logged"] = true;
$_SESSION["user"] = $auth->user();
} else {
$_SESSION["logged"] = false;
$_SESSION["user"] = false;
}
}
break;
/*****************************************
* autentification: log out
*/
/*****************************************
* autentification: log out
*/
case "logout":
unset($_SESSION["logged"]);
unset($_SESSION["user"]);
break;
/*****************************************
* database add data
* if query defined, add occurence of all field supported
* without query, add new record
*/
/*****************************************
* database add data
* if query defined, add occurence of all field supported
* without query, add new record
*/
case "add":
$add_data = [];
// debug($db);
$add = new Config($config->add());
$add_fields = $add->get($param->db_cmd());
if ($add_fields) {
foreach ($add_fields["data"] as $key => $value) {
# timestamp
if ($value == "NOW") {
$add_data[$key] = iso(time());
}
# data for field
if ($param->get($value)) {
$add_data[$key] = $param->get($value);
}
}
}
# add occurence
if (array_key_exists("query", $add_fields)) {
$query = replace_param($add_fields["query"], $param->get());
$db->add_occ($query, $add_data);
} else {
$db->add($add_data);
}
/*****************************************
* database delete records
*/
/*****************************************
* database delete records
*/
case "delete":
foreach ($param->get() as $key => $value) {
if (substr($key, 0, 6) == "delete") {
// debug($value);
$db->remove($value);
}
}
break;
}
}
$database = new Database($config['database']);
} catch (Exception $e) {
$error->send(500, 'database_unavailable', 'Cannot connect to database', 'Adapt configuration to be able to create a valid database connection');
}
// Validate we have a proper access token
if (!isset($_GET['access_token'])) {
$error->send(401, 'oauth_token_missing', 'Missing OAuth token', 'Client must supply a valid OAuth2 access token with board-level permissions');
}
if (!$oauth->validToken($_SERVER['REQUEST_URI'], $_GET['access_token'])) {
$error->send(403, 'oauth_token_invalid', 'OAuth token invalid', 'Access token is invalid, has expired, or does not have sufficient access privileges');
}
// Setup the LDAP connection
if (!$ldap->connect()) {
$error->send(502, 'ldap_unavailable', 'LDAP server not responding', 'The API cannot connect to the LDAP server');
}
if (!$ldap->login()) {
$error->send(500, 'ldap_login_failure', 'Cannot login to LDAP server', 'The API cannot login to the LDAP server');
}
/*
* API endpoint definition
*/
$app = new \Slim\Slim();
// JSON-encoded data of all current members with passes
$app->get('/users', function () use($ldap, $database) {
// Construct required data
$users = $ldap->getAllUsers();
$timestamps = $database->getLastEntries();
$data = array_map(function ($user) use($timestamps) {
$user['last_entry'] = isset($timestamps[$user['uid']]) ? $timestamps[$user['uid']] : 'Voor 1 september 2015 (of nooit)';
return $user;
}, $users);
public static function login($username, $password)
{
if (Configs::get_system_param("auth_method") != "LDAP") {
$local_user = DigiplayDB::select("* FROM users WHERE username = '******' AND password = '******';", "User");
if ($local_user) {
self::$data["user"] = true;
self::$user_object = $local_user;
} else {
return false;
}
} else {
$ldap_instance = new LDAP();
if (!$ldap_instance->login($username, $password)) {
return false;
}
if (is_object($ldap_instance) && get_class($ldap_instance) == "LDAP") {
if ($ldap_instance->login_status()) {
self::$data = $ldap_instance->userdetails();
self::$data["user"] = true;
# Get the user's info, or insert them as a new user if there isn't any
self::$user_object = Users::get_by_username(self::$data["username"]);
if (!self::$user_object) {
$id = DigiplayDB::insert("users", array("username" => self::$data["username"], "password" => NULL), "id");
self::$user_object = Users::get_by_id($id);
}
} else {
return false;
}
}
}
if (self::$user_object) {
$result = self::$user_object->get_config_var("user_curlogin");
if ($result) {
self::$data["lastlogin"] = $result;
DigiplayDB::query("UPDATE usersconfigs SET val = '" . time() . "' WHERE userid = " . self::$user_object->get_id() . " AND configid = 3;");
} else {
DigiplayDB::query("INSERT INTO usersconfigs (userid,configid,val) VALUES (" . self::$user_object->get_id() . ",3,'" . time() . "');");
DigiplayDB::query("INSERT INTO usersconfigs (userid,configid,val) VALUES (" . self::$user_object->get_id() . ",1,'');");
}
return true;
} else {
return false;
}
}
function processLogin()
{
/*if(isset($_GET["username"]) and $_GET["username"]=="guest"){
$_SESSION["username"]="******";
$_SESSION["email"]="CY0000";
header("Location:home.php");
}*/
if (isset($_POST["email"]) and isset($_POST["password"])) {
require_once "class.db.Utils.php";
require_once "class.LDAP.php";
require_once "class.MD5.php";
require_once "class.db.Log.php";
$ldap = new LDAP();
$md5 = new MD5();
$email = $_POST["email"];
if ($email != "") {
if (!strpos($email, "@cyou-inc.com")) {
$email = $email . '@cyou-inc.com';
}
if ($_POST["password"] != "") {
$usermsg = "";
$usermsg = $ldap->login($email, $_POST["password"]);
if ($usermsg) {
$email = substr($_POST["email"], 0, strpos($_POST["email"], "@"));
$username = $usermsg["username"];
$employee_id = $usermsg["employee_id"];
$department = $usermsg["department"];
$db = new UserDB();
$user = $db->hasUser($_POST["email"]);
//如果数据库里修改了用户名则使用修改后的,否则使用num值
if ($user) {
$username = $user["username"];
} else {
$db->insertLDAP(array("email" => $_POST["email"], "username" => $username, "employee_id" => $employee_id, "department" => $department));
}
//保存session
$_SESSION["username"] = $username;
$_SESSION["email"] = $email;
$_SESSION["password"] = $md5->string2secret($_POST["password"]);
//保存cookie
setcookie("email", $_SESSION["email"], time() + 3600 * 24 * 7);
setcookie("username", $_SESSION["username"], time() + 3600 * 24 * 7);
setcookie("password", $_SESSION["password"], time() + 3600 * 24 * 7);
//记录登陆日志
$data['event'] = 'login';
$data['page'] = 'login.php';
$data['description'] = 'login success';
$data['username'] = $_SESSION["email"];
$data['ip'] = getIP();
$db = new LogDB();
$db->insertLog($data);
header("Location: home.php");
} else {
displayLoginForm("您输入的帐号或密码有误,请重试");
}
} else {
displayLoginForm("密码不能为空");
}
} else {
displayLoginForm("帐号不能为空");
}
} else {
displayLoginForm("登陆失败,请稍后重试");
}
}
