public function api_login()
{
//почта
$mail = isset($this->request->data['mail']) ? $this->request->data['mail'] : null;
//пароль
$password = isset($this->request->data['password']) ? $this->request->data['password'] : null;
if ($password == null or $mail == null) {
$status = 'error';
response_ajax(array('error' => 'password_invalid'), $status);
exit;
}
if ($mail == null) {
$status = 'error';
response_ajax(array('error' => 'mail_invalid'), $status);
exit;
}
$hashed_pass = get_hash(Configure::read('USER_AUTH_SALT'), $password);
$check_user = $this->User->find('count', array('conditions' => array('password' => $hashed_pass, 'mail' => $mail)));
if ($check_user > 0) {
//удачная авторизация
$this->Session->write('User', $mail);
$user_id_data = $this->User->find('first', array('conditions' => array('mail' => $mail)));
$user_id = $user_id_data['User']['id'];
$this->loadModel('Userauth');
$auth_data = array('user_id' => $user_id, 'ip' => get_ip(), 'browser' => get_ua(), 'os' => get_os());
$this->Userauth->save($auth_data);
$this->Session->write('user_id', $user_id);
$status = 'success';
response_ajax(array('result' => 'login'), $status);
} else {
$status = 'error';
response_ajax(array('error' => 'user_not_found'), $status);
}
exit;
}
function store_data()
{
$cookie = fetch_cookie();
# Validated for certain safety measures.
$ua_id = get_ua();
$tokens = param_val("tokens", "/^[:_a-zA-Z0-9 ,-]+\$/");
global $dbhandle;
$sql = sprintf("REPLACE INTO survey (\n status_a, \n status_aaaa,\n status_ds4,\n status_ds6,\n status_ipv4,\n status_ipv6,\n status_v6ns,\n status_v6mtu,\n status_dsmtu,\n \n time_a,\n time_aaaa,\n time_ds4,\n time_ds6,\n time_ipv4,\n time_ipv6,\n time_v6ns,\n time_v6mtu,\n time_dsmtu,\n \n tokens,\n ua_id,\n \n cookie, ip, ip4, ip6\n \n )\n VALUES ('%s','%s','%s','%s','%s','%s','%s','%s','%s',\n '%s','%s','%s','%s','%s','%s','%s','%s','%s',\n '%s','%s',\n '%s','%s','%s','%s')", mysql_real_escape_string(fetch_status("a"), $dbhandle), mysql_real_escape_string(fetch_status("aaaa"), $dbhandle), mysql_real_escape_string(fetch_status("ds4"), $dbhandle), mysql_real_escape_string(fetch_status("ds6"), $dbhandle), mysql_real_escape_string(fetch_status("ipv4"), $dbhandle), mysql_real_escape_string(fetch_status("ipv6"), $dbhandle), mysql_real_escape_string(fetch_status("v6ns"), $dbhandle), mysql_real_escape_string(fetch_status("v6mtu"), $dbhandle), mysql_real_escape_string(fetch_status("dsmtu"), $dbhandle), mysql_real_escape_string(fetch_time("a"), $dbhandle), mysql_real_escape_string(fetch_time("aaaa"), $dbhandle), mysql_real_escape_string(fetch_time("ds4"), $dbhandle), mysql_real_escape_string(fetch_time("ds6"), $dbhandle), mysql_real_escape_string(fetch_time("ipv4"), $dbhandle), mysql_real_escape_string(fetch_time("ipv6"), $dbhandle), mysql_real_escape_string(fetch_time("v6ns"), $dbhandle), mysql_real_escape_string(fetch_time("v6mtu"), $dbhandle), mysql_real_escape_string(fetch_time("dsmtu"), $dbhandle), mysql_real_escape_string($tokens, $dbhandle), mysql_real_escape_string($ua_id, $dbhandle), mysql_real_escape_string($cookie, $dbhandle), mysql_real_escape_string(remote_addr(), $dbhandle), mysql_real_escape_string(fetch_addr("ip4"), $dbhandle), mysql_real_escape_string(fetch_addr("ip6"), $dbhandle));
# print $sql;
$result = mysql_query($sql, $dbhandle);
if (!$result) {
$message = 'Invalid query: ' . mysql_error() . "\n";
$message .= 'Whole query: ' . $sql;
die($message);
}
# header("HTTP/1.0 204 No Content");
}
public function setError($error)
{
//получение массива конфига ошибки
$this->error = Configure::read($error);
if ($this->error == NULL) {
//Вызвана неопознанная ошибка
$this->setError('ERROR_1');
} else {
//получение ID ошибки
$this->error_id = $this->error["ID"];
//получение типа ошибки
$this->error_type = $this->error["TYPE"];
//получение типа ответа пользоватею
$this->error_respone = $this->error["RESPONSE"];
//получение статуса информирования админа
$this->error_info = $this->error["INFO"];
//получение текста ошибки
$this->error_text = $this->error["TEXT"];
//получение содержимого ответа при ошибке
$this->error_respone_content = $this->error["RESPONSE_CONTENT"];
//если ошибка - предупреждение, логирование не производится
if ($this->_is_log_active() and $this->error_type !== "WARNING") {
$os = get_os();
$ip = get_ip();
$ua = get_ua();
$user_id = $this->Session->read('User.id');
//запись в БД
$this->_database_error_log($this->error_id, $this->error_type, $ua, $os, $ip, $user_id);
}
//если тип ошибки не Стандартная (есть ответ)
if ($this->error_type !== "STD") {
//ответ аяксом
if ($this->error_respone == "AJAX") {
$this->_ajax_error($this->error_respone_content);
//редирект на страницу
} else {
if ($this->error_respone == "HTML") {
$this->redirect(array('controller' => 'error', 'action' => 'index'));
} else {
if ($this->error_respone == "404") {
throw new NotFoundException();
} else {
if ($this->error_respone == "DIE") {
$this->_app_exit($this->error_respone_content);
}
}
}
}
}
//сообщение срочное и критичное => Отправляется администратору незамедлительно
if ($this->error_info == "YES") {
$this->Email->from = Configure::read('SITE_MAIL');
$this->Email->to = Configure::read('ADMIN_MAIL');
$this->Email->subject = "Уведомление об ошибке";
$this->Email->message = "Ошибка";
$this->Email->send();
}
//в случае критичной ошибки выходим из приложения
if ($this->error_type == "CR") {
$this->_app_exit($this->error_respone_content);
}
}
}
public function login()
{
//почта
$mail = $this->request->data['User']['mail'];
//авторизация через бэкофис
$bo = $this->request->data['User']['backoffice'] ? true : false;
//пароль
$password = $this->request->data['User']['password'];
$hashed_pass = get_hash(Configure::read('USER_AUTH_SALT'), $password);
$check_user = $this->User->find('count', array('conditions' => array('password' => $hashed_pass, 'mail' => $mail)));
if ($check_user) {
//удачная авторизация
$this->Session->write('User', $mail);
$user_id_data = $this->User->find('first', array('conditions' => array('mail' => $mail)));
$user_id = $user_id_data['User']['id'];
$this->loadModel('Userauth');
$auth_data = array('user_id' => $user_id, 'ip' => get_ip(), 'browser' => get_ua(), 'os' => get_os());
$this->Userauth->save($auth_data);
$this->Session->write('user_id', $user_id);
if ($bo) {
$this->redirect(array('controller' => 'backoffice', 'action' => 'index'));
} else {
$this->redirect(array('controller' => 'index', 'action' => 'index'));
}
} else {
$auth_error_text = L("WRONG_LOGIN_OR_PASSWORD");
$this->set('auth_error', 'true');
$this->set('auth_error_text', $auth_error_text);
if ($bo) {
$this->redirect(array('controller' => 'backoffice', 'action' => 'index', '?' => array('auth_error' => 'true', 'auth_error_text' => $auth_error_text)));
} else {
$this->redirect(array('controller' => 'index', 'action' => 'index', '?' => array('auth_error' => 'true', 'auth_error_text' => $auth_error_text)));
}
}
exit;
}
public function login()
{
//почта
$mail = $this->request->data['Admin']['mail'];
//пароль
$password = $this->request->data['Admin']['password'];
$hashed_pass = get_hash(Configure::read('USER_AUTH_SALT'), $password);
$this->loadModel('Admin');
$check_admin = $this->Admin->find('count', array('conditions' => array('password' => $hashed_pass, 'mail' => $mail)));
if ($check_admin) {
$has_access = $this->Admin->find('first', array('conditions' => array('password' => $hashed_pass, 'mail' => $mail)));
$has_access = $has_access['Admin']['status'];
if ($has_access == 1) {
$this->Session->write('Admin', $mail);
$admin_id_data = $this->Admin->find('first', array('conditions' => array('mail' => $mail)));
$admin_id = $admin_id_data['Admin']['id'];
//запись авторизации
$this->loadModel('Adminauth');
$auth_data = array('admin_id' => $admin_id, 'ip' => get_ip(), 'browser' => get_ua(), 'os' => get_os());
$admin_auth_data = $this->Adminauth->save($auth_data);
$this->Session->write('admin_id', $admin_id);
$this->redirect(array('controller' => 'admin', 'action' => 'index'));
} else {
$auth_error_text = "Доступ заблокирован";
$this->set('auth_error', 'true');
$this->set('auth_error_text', $auth_error_text);
$this->redirect(array('controller' => 'admin', 'action' => 'auth', '?' => array('auth_error' => 'true', 'auth_error_text' => $auth_error_text)));
}
} else {
$auth_error_text = "Не правильный пароль или логин";
$this->set('auth_error', 'true');
$this->set('auth_error_text', $auth_error_text);
$this->redirect(array('controller' => 'admin', 'action' => 'auth', '?' => array('auth_error' => 'true', 'auth_error_text' => $auth_error_text)));
}
}