function preprocess()
{
// check for posts before drawing anything, so we can redirect
if (isset($_REQUEST['reginput'])) {
$input = strtoupper(trim($_REQUEST['reginput']));
// CL always exits
if ($input == "CL") {
PaycardLib::paycard_reset();
CoreLocal::set("msgrepeat", 1);
CoreLocal::set("strRemembered", 'TO');
CoreLocal::set("toggletax", 0);
CoreLocal::set("togglefoodstamp", 0);
$this->change_page($this->page_url . "gui-modules/pos2.php");
return False;
}
$continue = false;
// when voiding tenders, the input must be an FEC's passcode
if (CoreLocal::get("paycard_mode") == PaycardLib::PAYCARD_MODE_VOID && $input != "" && substr($input, -2) != "CL") {
$db = Database::pDataConnect();
if (Authenticate::checkPermission($input, 11)) {
CoreLocal::set("adminP", $input);
$continue = true;
}
}
// when voiding items, no code is necessary, only confirmation
if (CoreLocal::get("paycard_mode") != PaycardLib::PAYCARD_MODE_VOID && $input == "") {
$continue = true;
}
// go?
if ($continue) {
// send the request, then disable the form
$this->add_onload_command('paycard_submitWrapper();');
$this->action = "onsubmit=\"return false;\"";
}
// if we're still here, display prompt again
} else {
if (CoreLocal::get("paycard_mode") == PaycardLib::PAYCARD_MODE_AUTH) {
// call paycard_void on first load to set up
// transaction and check for problems
$id = CoreLocal::get("paycard_id");
foreach (CoreLocal::get("RegisteredPaycardClasses") as $rpc) {
$myObj = new $rpc();
if ($myObj->handlesType(CoreLocal::get("paycard_type"))) {
$ret = $myObj->paycard_void($id);
if (isset($ret['output']) && !empty($ret['output'])) {
CoreLocal::set("boxMsg", $ret['output']);
$this->change_page($this->page_url . "gui-modules/boxMsg2.php");
return False;
}
break;
}
}
}
}
return True;
}
function mgrauthenticate($password)
{
$ret = array('cancelOrder' => false, 'msg' => _('password invalid'), 'heading' => _('re-enter password'), 'giveUp' => false);
$password = strtoupper($password);
$password = str_replace("'", "", $password);
if (!isset($password) || strlen($password) < 1 || $password == "CL") {
$ret['giveUp'] = true;
return $ret;
}
$priv = sprintf("%d", CoreLocal::get("SecurityCancel"));
if (Authenticate::checkPermission($password, $priv)) {
$this->cancelorder();
$ret['cancelOrder'] = true;
$ret['trans_num'] = ReceiptLib::receiptNumber();
$dbc = Database::tDataConnect();
$dbc->query("update localtemptrans set trans_status = 'X'");
TransRecord::finalizeTransaction(true);
if (CoreLocal::get('LoudLogins') == 1) {
UdpComm::udpSend('twoPairs');
}
} else {
if (CoreLocal::get('LoudLogins') == 1) {
UdpComm::udpSend('errorBeep');
}
}
return $ret;
}
function preprocess()
{
$this->box_color = "coloredArea";
$this->msg = _("enter admin password");
// get calling class (required)
$class = isset($_REQUEST['class']) ? $_REQUEST['class'] : '';
$pos_home = MiscLib::base_url() . 'gui-modules/pos2.php';
if ($class === '' || !class_exists($class)) {
$this->change_page($pos_home);
return False;
}
// make sure calling class implements required
// method and properties
try {
$method = new ReflectionMethod($class, 'adminLoginCallback');
if (!$method->isStatic() || !$method->isPublic()) {
throw new Exception('bad method adminLoginCallback');
}
$property = new ReflectionProperty($class, 'adminLoginMsg');
if (!$property->isStatic() || !$property->isPublic()) {
throw new Exception('bad property adminLoginMsg');
}
$property = new ReflectionProperty($class, 'adminLoginLevel');
if (!$property->isStatic() || !$property->isPublic()) {
throw new Exception('bad property adminLoginLevel');
}
} catch (Exception $e) {
$this->change_page($pos_home);
return False;
}
$this->heading = $class::$adminLoginMsg;
if (isset($_REQUEST['reginput']) || isset($_REQUEST['userPassword'])) {
$passwd = '';
if (isset($_REQUEST['reginput']) && !empty($_REQUEST['reginput'])) {
$passwd = $_REQUEST['reginput'];
} else {
if (isset($_REQUEST['userPassword']) && !empty($_REQUEST['userPassword'])) {
$passwd = $_REQUEST['userPassword'];
}
}
if (strtoupper($passwd) == "CL") {
$class::adminLoginCallback(False);
$this->change_page($this->page_url . "gui-modules/pos2.php");
return False;
} else {
if (empty($passwd)) {
$this->box_color = "errorColoredArea";
$this->msg = _("re-enter admin password");
} else {
$db = Database::pDataConnect();
if (Authenticate::checkPermission($passwd, $class::$adminLoginLevel)) {
$row = Authenticate::getEmployeeByPassword($passwd);
TransRecord::add_log_record(array('upc' => $row['emp_no'], 'description' => substr($class::$adminLoginMsg . ' ' . $row['FirstName'], 0, 30), 'charflag' => 'PW', 'num_flag' => $row['emp_no']));
if (CoreLocal::get('LoudLogins') == 1) {
UdpComm::udpSend('twoPairs');
}
$result = $class::adminLoginCallback(True);
if ($result === True) {
$this->change_page(MiscLib::base_url() . 'gui-modules/pos2.php');
} else {
$this->change_page($result);
}
return False;
} else {
$this->box_color = "errorColoredArea";
$this->msg = _("re-enter admin password");
TransRecord::add_log_record(array('upc' => $passwd, 'description' => substr($class::$adminLoginMsg, 0, 30), 'charflag' => 'PW'));
if (CoreLocal::get('LoudLogins') == 1) {
UdpComm::udpSend('errorBeep');
}
}
}
}
} else {
// beep on initial page load
if (CoreLocal::get('LoudLogins') == 1) {
UdpComm::udpSend('twoPairs');
}
}
return True;
}
public function testAuthenticate()
{
CoreLocal::set('scaleDriver', '');
// don't interact w/ scale
Database::setglobalvalue('LoggedIn', 1);
Database::setglobalvalue('CashierNo', 1);
$fail = Authenticate::checkPassword('9999');
$this->assertEquals(False, $fail);
Database::setglobalvalue('CashierNo', 9999);
$pass = Authenticate::checkPassword('9999');
$this->assertEquals(True, $pass);
Database::setglobalvalue('LoggedIn', 0);
Database::setglobalvalue('CashierNo', 1);
$pass = Authenticate::checkPassword('9999');
$this->assertEquals(True, $pass);
Database::setglobalvalue('LoggedIn', 0);
Database::setglobalvalue('CashierNo', 1);
$pass = Authenticate::checkPassword('56');
$this->assertEquals(True, $pass);
Database::setglobalvalue('LoggedIn', 0);
Database::setglobalvalue('CashierNo', 1);
$fail = Authenticate::checkPassword('invalid password');
$this->assertEquals(false, $fail);
$this->assertEquals(false, Authenticate::checkPermission('56', 50));
$this->assertEquals(false, Authenticate::checkPermission('56', 21));
$this->assertEquals(true, Authenticate::checkPermission('56', 20));
$this->assertEquals(true, Authenticate::checkPermission('56', 10));
$this->assertEquals(false, Authenticate::getEmployeeByPassword('asdf'));
$this->assertInternalType('array', Authenticate::getEmployeeByPassword('56'));
$this->assertEquals(false, Authenticate::getEmployeeByNumber(75));
$this->assertInternalType('array', Authenticate::getEmployeeByNumber(56));
$this->assertEquals(0, Authenticate::getPermission(55));
$this->assertEquals(20, Authenticate::getPermission(56));
}
