Exemple #1
0
function anmelden()
{
    ini_set("gc_maxlifetime", "3600");
    global $ERPNAME;
    // ! das funzt nicht mit $_SESSION[ERPNAME] weil die Session in loginok.php zerstört wird...
    global $erpConfigFile;
    //Konfigurationsfile der ERP einlesen
    $deep = is_dir("../" . $ERPNAME) ? "../" : "../../";
    // anmelden() aus einem Unterverzeichnis
    if (file_exists($deep . $ERPNAME . "/config/" . $erpConfigFile . ".conf")) {
        $lxo = fopen($deep . $ERPNAME . "/config/" . $erpConfigFile . ".conf", "r");
    } else {
        if (file_exists($deep . $ERPNAME . "/config/" . $erpConfigFile . ".conf.default")) {
            $lxo = fopen($deep . $ERPNAME . "/config/" . $erpConfigFile . ".conf.default", "r");
        } else {
            return false;
        }
    }
    $dbsec = false;
    $tmp = fgets($lxo, 512);
    //Parameter für die Auth-DB in der ERP-Konfiguration finden
    while (!feof($lxo)) {
        if (preg_match("/^[\\s]*#/", $tmp) || $tmp == "\n") {
            //Kommentar, ueberlesen
            $tmp = fgets($lxo, 512);
            continue;
        }
        if ($dbsec && preg_match("!\\[.+]!", $tmp)) {
            $dbsec = false;
        }
        if ($dbsec) {
            if (preg_match("/db[ ]*=[ ]*(.+)/", $tmp, $hits)) {
                $dbname = $hits[1];
            }
            if (preg_match("/password[ ]*=[ ]*(.+)/", $tmp, $hits)) {
                $dbpasswd = $hits[1];
            }
            if (preg_match("/user[ ]*=[ ]*(.+)/", $tmp, $hits)) {
                $dbuser = $hits[1];
            }
            if (preg_match("/host[ ]*=[ ]*(.+)/", $tmp, $hits)) {
                $dbhost = $hits[1] ? $hits[1] : "localhost";
            }
            if (preg_match("/port[ ]*=[ ]*([0-9]+)/", $tmp, $hits)) {
                $dbport = $hits[1] ? $hits[1] : "5432";
            }
            if (preg_match("/\\[[a-z]+/", $tmp)) {
                $dbsec = false;
            }
            $tmp = fgets($lxo, 512);
            continue;
        }
        if (preg_match("/cookie_name[ ]*=[ ]*(.+)/", $tmp, $hits)) {
            $cookiename = $hits[1];
        }
        //if ( preg_match("/dbcharset[ ]*=[ ]*(.+)/",$tmp,$hits) )   $dbcharset = $hits[1];
        if (preg_match("/session_timeout[ ]*=[ ]*(.+)/", $tmp, $hits)) {
            $sesstime = $hits[1];
        }
        if (preg_match("!\\[authentication/database\\]!", $tmp)) {
            $dbsec = true;
        }
        $tmp = fgets($lxo, 512);
    }
    if (!$cookiename) {
        $cookiename = $_SESSION['erpConfigFile'] . '_session_id';
    }
    if (!$sesstime) {
        $sesstime = 480;
    }
    fclose($lxo);
    $cookie = $_COOKIE[$cookiename];
    if (!$cookie) {
        header("location: ups.html");
    }
    // Benutzer anmelden
    error_log("!{$ERPNAME}!{$dbhost},{$dbport},{$dbuser},{$dbpasswd},{$dbname},{$cookie}!", 0);
    $auth = authuser($dbhost, $dbport, $dbuser, $dbpasswd, $dbname, $cookie);
    if (!$auth) {
        return false;
    }
    // Anmeldung des Users fehlgeschlagen
    chkdir($auth["dbname"]);
    // gibt es unter dokumente ein Verzeichnis mit dem Instanznamen
    chkdir($auth["dbname"] . '/tmp/');
    foreach ($auth as $key => $val) {
        $_SESSION[$key] = $val;
    }
    // Mandanten + Userdaten in Session speichern
    $_SESSION["sessid"] = $cookie;
    $_SESSION["cookie"] = $cookiename;
    $_SESSION["sesstime"] = $sesstime;
    // Benutzer/Gruppen/Gruppenzuordnung aus der ERP als Arrays in Session schreiben
    $db_new = new myDB($dbhost, $dbuser, $dbpasswd, $dbname, $dbport);
    $sql_all_users = "SELECT usr.id AS user_id, usr.login, usrc.cfg_value AS name FROM auth.user AS usr INNER JOIN auth.user_config AS usrc ON usr.id = usrc.user_id WHERE usrc.cfg_key = 'name' ORDER by usr.id";
    $sql_all_groups = "SELECT grp.id AS grp_id, grp.name AS grp_name FROM auth.group AS grp ORDER by grp.id";
    $sql_all_assignments = "SELECT usrg.user_id AS user_id, usrg.group_id AS group_id FROM auth.user_group AS usrg ORDER by usrg.user_id";
    $all_users = $db_new->getAll($sql_all_users);
    $all_groups = $db_new->getAll($sql_all_groups);
    $all_assignments = $db_new->getAll($sql_all_assignments);
    // $_SESSSION['ok'] da anmelden 2x durchlaufen wird ?? Bessere Lösung ?
    if (!$_SESSION['ok']) {
        $_SESSION['all_erp_users'] = $all_users;
        $_SESSION['all_erp_groups'] = $all_groups;
        $_SESSION['all_erp_assignments'] = $all_assignments;
    }
    $_SESSION['ok'] = "1";
    // Mit der Mandanten-DB verbinden
    $_SESSION["db"] = new myDB($_SESSION["dbhost"], $_SESSION["dbuser"], $_SESSION["dbpasswd"], $_SESSION["dbname"], $_SESSION["dbport"]);
    if (!$_SESSION["db"]) {
        return false;
    } else {
        $_SESSION['Admin'] = $auth['Admin'];
        $charset = ini_get("default_charset");
        //if ( $charset == "" ) $charset = $dbcharset;
        if ($charset == "") {
            $charset = 'UTF8';
        }
        $_SESSION["charset"] = $charset;
        include_once "inc/UserLib.php";
        $user_data = getUserStamm(0, $_SESSION["login"]);
        $BaseUrl = empty($_SERVER['HTTPS']) ? 'http://' : 'https://';
        $BaseUrl .= $_SERVER['HTTP_HOST'];
        $BaseUrl .= preg_replace("^crm/.*^", "", $_SERVER['REQUEST_URI']);
        if ($user_data) {
            foreach ($user_data as $key => $val) {
                $_SESSION[$key] = $val;
            }
        }
        if (isset($_SESSION['sql_error']) && $_SESSION['sql_error']) {
            $_SESSION['db']->setShowError(true);
        } else {
            $_SESSION['db']->setShowError(false);
        }
        $_SESSION['dir_mode'] = $user_data['dir_mode'] != '' ? octdec($user_data['dir_mode']) : 493;
        // 0755
        $_SESSION["loginCRM"] = $user_data["id"];
        $_SESSION['theme'] = $user_data['theme'] == '' || $user_data['theme'] == 'base' ? '' : $user_data['theme'];
        $sql = "SELECT  * from schema_info where tag like 'relea%' order by itime desc limit 1";
        $rs = $_SESSION["db"]->getOne($sql);
        $tmp = substr($rs['tag'], 8);
        $_SESSION["ERPver"] = strtr($tmp, '_', '.');
        $_SESSION["menu"] = makeMenu($_SESSION["sessid"], $_SESSION["token"]);
        $_SESSION["basepath"] = $BaseUrl;
        $_SESSION['token'] = False;
        return true;
    }
}
Exemple #2
0
function authuser($dbhost, $dbport, $dbuser, $dbpasswd, $dbname, $cookie)
{
    $db = new myDB($dbhost, $dbuser, $dbpasswd, $dbname, $dbport);
    //Hat sich ein User angemeldet
    $sql = "select sc.session_id,u.id,u.login from auth.session_content sc left join auth.\"user\" u on ";
    $sql .= "(E'--- ' || u.login || chr(10) )=sc.sess_value left join auth.session s on s.id=sc.session_id ";
    $sql .= "where session_id = '{$cookie}' and sc.sess_key='login'";
    $rs = $db->getAll($sql);
    if (count($rs) != 1) {
        // Garnicht mit ERP angemeldet oder zu viele Sessions, sollte die ERP drauf achten
        unset($_SESSION);
        $Url = preg_replace("^crm/.*^", "", $_SERVER['REQUEST_URI']);
        header("location:" . $Url . "controller.pl?action=LoginScreen/user_login");
    }
    $auth = array();
    $uid = $rs[0]["id"];
    $auth["login"] = $rs[0]["login"];
    $sql = "select * from auth.user_config where user_id=" . $uid;
    $rs = $db->getAll($sql);
    $keys = array("countrycode", "stylesheet", "vclimit", "signature", "email", "tel", "fax", "name");
    foreach ($rs as $row) {
        if (in_array($row["cfg_key"], $keys)) {
            $auth[$row["cfg_key"]] = $row["cfg_value"];
        }
    }
    $auth["lang"] = $auth["countrycode"] != '' ? $auth["countrycode"] : 'en';
    $auth["stylesheet"] = substr($auth["stylesheet"], 0, -4);
    //Welcer Mandant ist verbunden
    $sql = "SELECT sess_value FROM auth.session_content WHERE session_id = '{$cookie}' and sess_key='client_id'";
    $rs = $db->getOne($sql);
    $mandant = substr($rs['sess_value'], 4);
    $sql = 'SELECT id as manid,name as mandant,dbhost,dbport,dbname,dbuser,dbpasswd FROM auth.clients WHERE id = ' . $mandant;
    $rs = $db->getOne($sql);
    $auth = array_merge($auth, $rs);
    //Eine der Gruppen des Users darf sales_all_edit
    $sql = "SELECT granted from auth.group_rights G where G.right = 'sales_all_edit' ";
    $sql .= "and G.group_id in (select group_id from auth.user_group where user_id = " . $uid . ")";
    $rs3 = $db->getAll($sql);
    $auth["sales_edit_all"] = 'f';
    if ($rs3) {
        foreach ($rs3 as $row) {
            if ($row["granted"] == 't') {
                $auth["sales_edit_all"] = 't';
                break;
            }
        }
    }
    // Ist der User ein CRM-Supervisor?
    $sql = "SELECT count(*) as cnt from auth.user_group left join auth.group on id=group_id where name = 'CRMTL' and user_id = " . $uid;
    $rs = $db->getOne($sql);
    $auth['CRMTL'] = $rs['cnt'];
    //Session update
    $sql = "update auth.session set mtime = '" . date("Y-M-d H:i:s.100001") . "' where id = '" . $cookie . "'";
    $db->query($sql, "authuser_3");
    //Token lesen
    $sql = "SELECT * FROM auth.session WHERE id = '" . $cookie . "'";
    $rsa = $db->getOne($sql);
    $auth['token'] = $rsa['api_token'];
    return $auth;
}
Exemple #3
0
function authuser($dbhost, $dbport, $dbuser, $dbpasswd, $dbname, $cookie)
{
    $db = new myDB($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, true);
    $sql = "select sc.session_id,u.id from auth.session_content sc left join auth.user u on ";
    $sql .= "u.login=sc.sess_value left join auth.session s on s.id=sc.session_id ";
    $sql .= "where session_id = '{$cookie}' and sc.sess_key='login'";
    // order by s.mtime desc";
    $rs = $db->getAll($sql, "authuser_1");
    if (!$rs) {
        return false;
    }
    $stmp = "";
    if (count($rs) > 1) {
        header("location:../login.pl?action=logout");
        /*foreach($rs as $row) {
                  $stmp.=$row["session_id"].",";
          }
          $sql1="delete from session where id in (".substr($stmp,-1).")";
          $sql2="delete from session_content where session_id in (".substr($stmp,-1).")";
          $db->query($sql1,"authuser_A");
          $db->query($sql2,"authuser_B");
          $sql3="insert into session ";*/
    }
    $sql = "select * from auth.user where id=" . $rs[0]["id"];
    $rs1 = $db->getAll($sql, "authuser_1");
    if (!$rs1) {
        return false;
    }
    $auth = array();
    $auth["login"] = $rs1[0]["login"];
    $sql = "select * from auth.user_config where user_id=" . $rs[0]["id"];
    $rs1 = $db->getAll($sql, "authuser_2");
    $keys = array("dbname", "dbpasswd", "dbhost", "dbport", "dbuser");
    foreach ($rs1 as $row) {
        if (in_array($row["cfg_key"], $keys)) {
            $auth[$row["cfg_key"]] = $row["cfg_value"];
        }
    }
    $sql = "update auth.session set mtime = '" . date("Y-M-d H:i:s.100001") . "' where id = '" . $rs[0]["session_id"] . "'";
    $db->query($sql, "authuser_3");
    return $auth;
}