/** * {@inheritdoc} * * Triggers {@link \Mibew\EventDispatcher\Events::OPERATOR_AUTHENTICATE} * event. */ public function setOperatorFromRequest(Request $request) { // Try to get operator from session. if (parent::setOperatorFromRequest($request)) { return true; } // Check if operator had used "remember me" feature. if ($request->cookies->has(REMEMBER_OPERATOR_COOKIE_NAME)) { $cookie_value = $request->cookies->get(REMEMBER_OPERATOR_COOKIE_NAME); list($login, $pwd) = preg_split('/\\x0/', base64_decode($cookie_value), 2); $op = operator_by_login($login); $can_login = $op && isset($pwd) && isset($op['vcpassword']) && calculate_password_hash($op['vclogin'], $op['vcpassword']) == $pwd && !operator_is_disabled($op); if ($can_login) { $this->operator = $op; return true; } } // Provide an ability for plugins to authenticate operator $args = array('operator' => false, 'request' => $request); $dispatcher = EventDispatcher::getInstance(); $dispatcher->triggerEvent(Events::OPERATOR_AUTHENTICATE, $args); if (!empty($args['operator'])) { $this->operator = $args['operator']; return true; } // Operator's data cannot be extracted from the request. return false; }
/** * Generates list of all operators in the system. * * @param Request $request Incoming request. * @return string Rendered page content. */ public function indexAction(Request $request) { $operator = $this->getOperator(); $page = array('errors' => $request->attributes->get('errors', array())); $sort['by'] = $request->query->get('sortby'); if (!in_array($sort['by'], array('login', 'commonname', 'localename', 'lastseen'))) { $sort['by'] = 'login'; } $sort['desc'] = $request->query->get('sortdirection', 'desc') == 'desc'; $page['formsortby'] = $sort['by']; $page['formsortdirection'] = $sort['desc'] ? 'desc' : 'asc'; $list_options['sort'] = $sort; if (in_isolation($operator)) { $list_options['isolated_operator_id'] = $operator['operatorid']; } $operators_list = get_operators_list($list_options); // Prepare operator to render in template foreach ($operators_list as &$item) { $item['vclogin'] = $item['vclogin']; $item['vclocalename'] = $item['vclocalename']; $item['vccommonname'] = $item['vccommonname']; $item['isAvailable'] = operator_is_available($item); $item['isAway'] = operator_is_away($item); $item['lastTimeOnline'] = time() - $item['time']; $item['isDisabled'] = operator_is_disabled($item); } unset($item); $page['allowedAgents'] = $operators_list; $page['canmodify'] = is_capable(CAN_ADMINISTRATE, $operator); $page['availableOrders'] = array(array('id' => 'login', 'name' => getlocal('Login')), array('id' => 'localename', 'name' => getlocal('Name')), array('id' => 'commonname', 'name' => getlocal('International name')), array('id' => 'lastseen', 'name' => getlocal('Last active'))); $page['availableDirections'] = array(array('id' => 'desc', 'name' => getlocal('descending')), array('id' => 'asc', 'name' => getlocal('ascending'))); $page['title'] = getlocal('Operators'); $page['menuid'] = 'operators'; $page = array_merge($page, prepare_menu($operator)); $this->getAssetManager()->attachJs('js/compiled/operators.js'); return $this->render('operators', $page); }
/** * Processes submitting of the form which is generated in * {@link \Mibew\Controller\LoginController::showFormAction()} method. * * Triggers 'operatorLogin' event after operator logged in and pass to it an * associative array with following items: * - 'operator': array of the logged in operator info; * - 'remember': boolean, indicates if system should remember operator. * * @param Request $request Incoming request. * @return string Rendered page content. */ public function submitFormAction(Request $request) { csrf_check_token($request); $login = $request->request->get('login'); $password = $request->request->get('password'); $remember = $request->request->get('isRemember') == 'on'; $errors = array(); $operator = operator_by_login($login); $operator_can_login = $operator && isset($operator['vcpassword']) && check_password_hash($operator['vclogin'], $password, $operator['vcpassword']) && !operator_is_disabled($operator); if ($operator_can_login) { // Login the operator to the system $this->getAuthenticationManager()->loginOperator($operator, $remember); // Redirect the current operator to the needed page. $target = isset($_SESSION[SESSION_PREFIX . 'backpath']) ? $_SESSION[SESSION_PREFIX . 'backpath'] : $request->getUriForPath('/operator'); return $this->redirect($target); } else { if (operator_is_disabled($operator)) { $errors[] = getlocal('Your account is temporarily blocked. Please contact system administrator.'); } else { $errors[] = getlocal("Entered login/password is incorrect"); } } // Rebuild login form $request->attributes->set('errors', $errors); return $this->showFormAction($request); }