public static function start()
{
global $gvSessionTimeout;
if (session_status() != PHP_SESSION_NONE) {
return;
}
session_start();
if (isset($_SESSION['lastActivity'])) {
if (time() - $_SESSION['lastActivity'] >= $gvSessionTimeout) {
if (isset($_SESSION['op_code'])) {
Operator::clearTableForLogout($_SESSION['op_code']);
}
// Session expired
session_destroy();
unset($_SESSION);
session_start();
session_regenerate_id();
gfSetDelayedMsg('La sessione è scaduta.', 'Err');
}
}
$_SESSION['lastActivity'] = time();
// Set userlevel
if (!isset($_SESSION['userLevel'])) {
$_SESSION['userLevel'] = Page::NORMAL_USER;
}
if (isset($_SESSION['op_code'])) {
$op = Operator::fromDatabaseByCode($_SESSION['op_code']);
if ($op) {
// This is not really a session variable
// It will be reloaded at every request
// It's just to be used in other classes
$_SESSION['operator'] = $op;
if (!isset($_SESSION['td_served'])) {
$_SESSION['td_served'] = array();
}
} else {
// Operator deleted while still logged in?
self::logoutOperator();
}
}
if (isset($_SESSION['desk_number'])) {
$desk = Desk::fromDatabaseByNumber($_SESSION['desk_number']);
if ($desk) {
$_SESSION['desk'] = $desk;
$desk->updateLastActivityTime();
$desk->save();
} else {
self::logoutOperator();
}
}
}
private function getOperator()
{
if (!$this->operator) {
// Get from session
if (isset($_SESSION['operator'])) {
$this->operator = $_SESSION['operator'];
} else {
if (isset($_SESSION['op_code'])) {
$this->operator = Operator::fromDatabaseByCode($_SESSION['op_code']);
} else {
throw new Exception("Unable to retrieve logged-in operator.");
}
}
}
return $this->operator;
}
public function execute()
{
global $gvMinPasswordLength, $gvPath;
$op_password = gfPostVar('op_password', '');
$op_password_repete = gfPostVar('op_password_repete', '');
// Trim data
$this->op_code = trim($this->op_code);
$this->op_name = trim($this->op_name);
$this->op_surname = trim($this->op_surname);
// Data validation
if ($this->op_code === '' || $this->op_name === '' || $this->op_surname === '') {
$this->message = "Errore: tutti i campi sono obbligatori.";
return true;
}
if ($this->op_id === 0 && $op_password === '') {
$this->message = "Errore: il campo password è obbligatorio.";
return true;
}
if ($op_password && strlen($op_password) < $gvMinPasswordLength) {
$this->message = "Errore: la password deve contenere almeno " . "{$gvMinPasswordLength} caratteri.";
return true;
}
if ($op_password !== $op_password_repete) {
$this->message = "Errore: le password non coincidono.";
return true;
}
// Allow only letters and digits in op_code
if (preg_match('/^[0-9a-z]+$/i', $this->op_code) !== 1) {
$this->message = "Errore: il codice operatore non è valido.";
return true;
}
// Check name
if (preg_match('/^[a-z \'àèéìòù]+$/i', $this->op_name) !== 1) {
$this->message = "Errore: il nome contiene caratteri non validi.";
return true;
}
// Check surname
if (preg_match('/^[a-z \'àèéìòù]+$/i', $this->op_surname) !== 1) {
$this->message = "Errore: il cognome contiene caratteri non validi.";
return true;
}
// Check if code is taken for new operator
$op = Operator::fromDatabaseByCode($this->op_code);
if ($op && ($this->op_id === 0 || $this->op_id !== (int) $op->getId())) {
$this->message = "Errore: il codice operatore non è disponibile.";
return true;
}
unset($op);
// Check operator is offline (only when edit)
if ($this->op_id !== 0) {
$operator = Operator::fromDatabaseById($this->op_id);
if (!$operator) {
$this->message = "Errore interno: il record non è presente.";
return true;
}
if ($operator->isOnline()) {
$this->message = "L'operatore è online, impossibile modificarlo.";
return true;
}
}
if ($this->op_id === 0) {
$op = Operator::newRecord();
$op->setCode($this->op_code);
$op->setName($this->op_name);
$op->setSurname($this->op_surname);
$op->setPassword($op_password);
} else {
$op = Operator::fromDatabaseById($this->op_id);
$op->setCode($this->op_code);
$op->setName($this->op_name);
$op->setSurname($this->op_surname);
if ($op_password) {
$op->setPassword($op_password);
}
}
if ($op->save()) {
gfSetDelayedMsg('Operazione effettuata correttamente', 'Ok');
$redirect = new RedirectOutput("{$gvPath}/application/adminOperatorList");
return $redirect;
} else {
$this->message = "Impossibile salvare le modifiche. Ritentare in seguito.";
return true;
}
}
