protected function btnLogin_Click($strFormId, $strControlId, $strParameter) { if ($_SERVER['REMOTE_ADDR'] != "127.0.0.1" && substr($_SERVER['REMOTE_ADDR'], 0, 8) != "192.168.") { $ip_array = json_decode(file_get_contents("http://192.168.1.168:8888/eBayBO/service.php?action=getClientIp")); //file_put_contents("/tmp/xx.log", print_r($ip_array, true)); if (!in_array($_SERVER['REMOTE_ADDR'], $ip_array)) { $blnError = true; $this->txtUsername->Warning = QApplication::Translate('Invalid username or password.'); return 0; } } $blnError = false; $strUsername = $this->txtUsername->Text; $strPassword = $this->txtPassword->Text; $objUserAccount = UserAccount::LoadByUsername($strUsername); $errorMessage = QApplication::Translate('Invalid username or password.'); // Check if that username exists if (!$objUserAccount) { $blnError = true; $this->txtUsername->Warning = $errorMessage; } elseif (!$objUserAccount->ActiveFlag) { $blnError = true; $this->txtUsername->Warning = $errorMessage; } elseif (sha1($strPassword) != $objUserAccount->PasswordHash) { $blnError = true; $this->txtPassword->Warning = $errorMessage; } else { QApplication::Login($objUserAccount); // If the user has access to the assets module, send them there. Otherwise, send them to the home module. $objRoleModule = RoleModule::LoadByRoleIdModuleId($objUserAccount->RoleId, 2); if ($objRoleModule->AccessFlag) { QApplication::Redirect('./inventory/'); } else { Qapplication::Redirect('./home/'); } } }
protected function btnLogin_Click($strFormId, $strControlId, $strParameter) { $blnError = false; $strUsername = $this->txtUsername->Text; $strPassword = $this->txtPassword->Text; $objUserAccount = UserAccount::LoadByUsername($strUsername); $errorMessage = 'Invalid username or password.'; $objHasher = new PasswordHash(8, PORTABLE_PASSWORDS); // Check if that username exists if (!$objUserAccount) { $blnError = true; $this->txtPassword->Warning = $errorMessage; } elseif (!$objUserAccount->ActiveFlag) { $blnError = true; $this->txtPassword->Warning = $errorMessage; } elseif (!$objHasher->CheckPassword(sha1($strPassword), $objUserAccount->PasswordHash)) { $blnError = true; $this->txtPassword->Warning = $errorMessage; } else { QApplication::Login($objUserAccount); $objAssetRoleModule = RoleModule::LoadByRoleIdModuleId($objUserAccount->RoleId, 2); $objInventoryRoleModule = RoleModule::LoadByRoleIdModuleId($objUserAccount->RoleId, 3); $objContactsRoleModule = RoleModule::LoadByRoleIdModuleId($objUserAccount->RoleId, 4); $objShippingRoleModule = RoleModule::LoadByRoleIdModuleId($objUserAccount->RoleId, 5); $objReceivingRoleModule = RoleModule::LoadByRoleIdModuleId($objUserAccount->RoleId, 6); $objReportsRoleModule = RoleModule::LoadByRoleIdModuleId($objUserAccount->RoleId, 7); if (array_key_exists('strReferer', $_GET)) { QApplication::Redirect($_GET['strReferer']); } else { if ($objAssetRoleModule->AccessFlag) { // If the user has access to the assets module, send them there, otherwise... QApplication::Redirect('./assets/'); } else { if ($objInventoryRoleModule->AccessFlag) { Qapplication::Redirect('./inventory/'); } else { if ($objContactsRoleModule->AccessFlag) { Qapplication::Redirect('./contacts/'); } else { if ($objShippingRoleModule->AccessFlag) { Qapplication::Redirect('./shipping/'); } else { if ($objReceivingRoleModule->AccessFlag) { Qapplication::Redirect('./receiving/'); } else { if ($objReportsRoleModule->AccessFlag) { Qapplication::Redirect('./reports/'); } } } } } } } } }