/**
* Performs the logic for logging into the LWS backend CMS.
*
* @param sfRequest $request A request object
*/
public function executeIndex(sfWebRequest $request)
{
$this->setLayout('login');
if ($request->isMethod('POST')) {
$dao = new DAO();
$pw = md5($dao->getEscapedSQLString(trim($request->getPostParameter('pw'))));
$email = $dao->getEscapedSQLString(trim(strtolower($request->getPostParameter('email'))));
$dao->query("\n \t\t\tSELECT be_user.*, role \n \t\t\tFROM be_user INNER JOIN be_role USING(role_id) \n \t\t\tWHERE email='{$email}' AND password='******' LIMIT 1\n \t\t");
if ($dao->queryOK()) {
$user = $dao->next();
$dao->query("SELECT last_login_ts FROM be_user WHERE email='{$user['email']}'");
// I know that there is a record in the DB with this email, so no need to check
$ts_row = $dao->next();
$last_login = is_null($ts_row['last_login_ts']) ? 'N/A' : date('M jS Y @ g:i A', $ts_row['last_login_ts']);
$dao->query("UPDATE be_user SET last_login_ts=UNIX_TIMESTAMP() WHERE email='{$user['email']}'");
$this->getUser()->setAttribute('be_user', array('first_name' => $user['first_name'], 'last_name' => $user['last_name'], 'full_name' => "{$user['first_name']} {$user['last_name']}", 'email' => $user['email'], 'role' => $user['role'], 'phone' => $user['phone'], 'phone_ext' => $user['phone_ext'], 'last_login' => $last_login, 'password' => $user['password']));
$this->getUser()->setAuthenticated(true);
$this->getUser()->addCredential($user['role']);
} else {
if ($this->getUser()->hasAttribute('be_user')) {
$this->getUser()->getAttributeHolder()->remove('be_user');
}
$this->getUser()->setAuthenticated(false);
$this->getUser()->setFlash('login_error', 'Invalid email and/or password!');
}
// allows users to go directly to requested page after login
$uri = $this->getContext()->getRouting()->getCurrentInternalUri(true);
$this->redirect($uri);
}
return sfView::SUCCESS;
}
private static function verificarCredenciais($sql)
{
$sucesso = false;
self::$novoLogin = false;
if (isset($_POST["user_login"])) {
self::$login = (string) $_POST["user_login"];
} else {
if (isset($_SESSION["user_login"])) {
self::$login = (string) $_SESSION["user_login"];
} else {
self::$login = "";
}
}
if (isset($_POST["senha_login"])) {
self::$senha = (string) $_POST["senha_login"];
} else {
if (isset($_SESSION["senha_login"])) {
self::$senha = (string) $_SESSION["senha_login"];
} else {
self::$senha = "";
}
}
if (self::$login and self::$senha) {
self::$conexao = self::obterConexao();
if (self::$conexao) {
$parametros = array("login" => self::$login, "senha" => md5(self::$senha));
$model_usuario_sistema = new ModelUsuario_Sistema($parametros);
$usuario = DAO::query($sql, $model_usuario_sistema);
if ($usuario) {
$usuario = $usuario[0];
$sucesso = true;
if (!isset($_SESSION["user_login"]) && !isset($_SESSION["senha_login"]) && $usuario->get('data_ultimo_acesso')) {
$usuarioDAO = new Usuario_SistemaDAO();
$usuarioDAO->atualizarDataUltimoAcesso($usuario);
}
$_SESSION["user_login"] = $usuario->get("login");
$_SESSION["user_nome"] = $usuario->get("nome");
$_SESSION["senha_login"] = self::$senha;
$_SESSION["id"] = $usuario->get("id");
$_SESSION["id_centro_custo"] = $usuario->get("id_centro_custo");
$_SESSION["centro_custo"] = $usuario->get("centro_custo");
$_SESSION["id_tipo_centro_custo"] = $usuario->get("tipo_centro_custo");
$_SESSION["id_centro_custo_superior"] = $usuario->get("id_superior");
$_SESSION["centro_custo_superior"] = $usuario->get("centro_superior");
$_SESSION["id_tipo_centro_custo_superior"] = $usuario->get("tipo_centro_custo_superior");
$_SESSION["id_cargo"] = $usuario->get("id_cargo");
$_SESSION["cargo"] = $usuario->get("cargo");
$_SESSION["data_ultimo_acesso"] = $usuario->get("data_ultimo_acesso");
$_SESSION["cpf"] = $usuario->get("cpf");
self::$novoLogin = ((string) isset($_REQUEST["user_login"]) || (string) isset($_REQUEST["url"])) && (string) isset($_REQUEST["senha_login"]) ? "1" : "0";
} else {
$_SESSION["erro_login"] = "******";
}
} else {
$_SESSION["erro_login"] = DB::errorMessage(self::$conexao);
}
}
return $sucesso;
}
/**
* Cette méthode permet de créer l'objet de connexion à une base de données
*
* @param string $pool Nom du pool de connection
* @param string $dbname Nom de la base de données
* @return DatabaseInterface
*/
static function createConnexion($pool, $dbname){
global $_CONST;
if (isset($dbname) && isset($_CONST["POOL"][$pool]["ABSTRACTION"])){
$driverOptions = array();
// Connexion
if($_CONST["POOL"][$pool]["ABSTRACTION"] == "PDO"){
// Classe d'abstraction DAO utilisant PDO
require_once("drivers/DAO.class.php");
// Gestion des options du driver PDO
if(isset($_CONST["POOL"][$pool]["FORCE_ENCODING"]) && $_CONST["POOL"][$pool]["FORCE_ENCODING"]!='') {
if(defined('PDO::MYSQL_ATTR_INIT_COMMAND')) {
$driverOptions[PDO::MYSQL_ATTR_INIT_COMMAND] = "SET NAMES ".$_CONST["POOL"][$pool]["FORCE_ENCODING"];
$fix_force_encoding_bug = false;
} else {
$fix_force_encoding_bug = true;
}
}
if(isset($_CONST["POOL"][$pool]["PERSISTENT"]) && $_CONST["POOL"][$pool]["PERSISTENT"]===true) {
$driverOptions[PDO::ATTR_PERSISTENT] = true;
}
// Ouverture d'une connexion avec PDO
$connexion = new DAO($_CONST["POOL"][$pool]["TYPE"], $dbname, $_CONST["POOL"][$pool]["USER"], $_CONST["POOL"][$pool]["PASS"], $_CONST["POOL"][$pool]["HOST"], $_CONST["POOL"][$pool]["PORT"], $driverOptions);
if(isset($fix_force_encoding_bug) && $fix_force_encoding_bug) {
$connexion->query("SET NAMES ".$_CONST["POOL"][$pool]["FORCE_ENCODING"]);
}
}elseif($_CONST["POOL"][$pool]["ABSTRACTION"] == "MYSQL"){
/** Classe d'abstraction MYSQL */
require_once("drivers/Mysqlux.class.php");
// Ouverture d'une connexion avec MYSQL
$connexion = new Mysqlux($_CONST["POOL"][$pool]["TYPE"],$dbname, $_CONST["POOL"][$pool]["USER"], $_CONST["POOL"][$pool]["PASS"], $_CONST["POOL"][$pool]["HOST"], $_CONST["POOL"][$pool]["PORT"], $driverOptions);
if(isset($_CONST["POOL"][$pool]["FORCE_ENCODING"]) && $_CONST["POOL"][$pool]["FORCE_ENCODING"]!='') {
$connexion->query("SET NAMES ".$_CONST["POOL"][$pool]["FORCE_ENCODING"]);
}
}else{
// Génération d'une DataBaseException
throw new DataBaseException("Erreur de connection '".$dbname."'","La couche d'abastraction '".$_CONST["POOL"][$pool]["ABSTRACTION"]."' n'est pas impléméntée !","");
}
$connexion->logType = isset($_CONST["POOL"][$pool]["LOG"]) ? $_CONST["POOL"][$pool]["LOG"] : null;
}else{
// Génération d'une DataBaseException
throw new DataBaseException("Erreur de connection '".$dbname."'","La base de données '".$dbname."' n'est pas configurée !","");
}
return $connexion;
}
public function executeUpdatePassword(sfWebRequest $request)
{
$form = $request->getPostParameters();
if (md5($form['cpw']) == $form['user_pw']) {
$dao = new DAO();
$dao->query("UPDATE be_user SET password=MD5('{$form['npw']}') WHERE email='{$form['user_email']}'");
if ($dao->updateOK()) {
$html = 'Your password has been changed successfully.';
} else {
$err = $dao->getError();
$html = "Your password has not been changed.<br />{$err}";
}
} else {
$html = 'Your supplied current password is invalid. Your password was not changed.';
}
$response = $this->getResponse();
$response->setContentType('text/html');
$response->sendHttpHeaders();
return $this->renderText($html);
}
