public function create(RESTRequest $request) { $data = $request->getData(); if (empty($data)) { throw new RESTCommandException('HTTP POST data is empty'); } $allowed_to_update_fields = array_fill_keys(array('login', 'password', 'full_name', 'phone', 'account_number', 'tariff_plan', 'status', 'stb_mac', 'comment', 'end_date', 'account_balance'), true); $account = array_intersect_key($data, $allowed_to_update_fields); if (empty($account)) { throw new RESTCommandException('Insert data is empty'); } if (!empty($account['stb_mac'])) { $mac = Middleware::normalizeMac($account['stb_mac']); if (!$mac) { throw new RESTCommandException('Not valid mac address'); } $account['stb_mac'] = $mac; } if (empty($account['login'])) { throw new RESTCommandException('Login required'); } $user = User::getByLogin($account['login']); if (!empty($user)) { throw new RESTCommandException('Login already in use'); } if (!empty($account['stb_mac'])) { $user = User::getByMac($account['stb_mac']); if (!empty($user)) { throw new RESTCommandException('MAC address already in use'); } } return (bool) User::createAccount($account); }
//$_POST[$key] = trim($value); } $error = ''; $action_name = 'add'; $action_value = _('Add'); $tariff_plans = Mysql::getInstance()->select('id, name')->from('tariff_plan')->orderby('name')->get()->all(); if (!empty($_POST)) { if (!empty($_POST['login']) && !empty($_POST['password'])) { $user = \User::getByLogin($_POST['login']); if (!empty($_POST['stb_mac'])) { $mac = Middleware::normalizeMac($_POST['stb_mac']); $_POST['stb_mac'] = $mac; if (!$mac) { $error = _('Error: Not valid mac address'); } else { $user_by_mac = \User::getByMac($mac); if (!empty($user_by_mac)) { $error = _('Error: STB with such MAC address already exists'); } } } if ($error) { } else { if (!empty($user)) { $error = _('Error: Login already in use'); } else { Admin::checkAccess(AdminAccess::ACCESS_CREATE); $user_id = \User::createAccount($_POST); if ($user_id) { header("Location: profile.php?id=" . $user_id); exit;
public function checkUserAuth($username, $password, $mac = null, $serial_number = null, OAuthRequest $request) { sleep(1); // anti brute-force delay $user = null; if ($username) { $user = \User::getByLogin($username); } elseif (!$password && $mac) { if ($serial_number) { $_REQUEST['serial_number'] = $serial_number; } if ($request->getVersion()) { $_REQUEST['version'] = $request->getVersion(); } if ($request->getDeviceId2()) { $_REQUEST['device_id2'] = $request->getDeviceId2(); $_REQUEST['signature'] = $request->getSignature(); } // init user as STB \Stb::getInstance()->getProfile(); $user = \User::getByMac(\Stb::getInstance()->mac); } if (!$user) { $user = \User::authorizeFromOss($username, $password, $mac); } if (!$user) { return false; } $possible_user = $user->getProfile(); if (strlen($possible_user['password']) == 32 && md5(md5($password) . $possible_user['id']) == $possible_user['password'] || strlen($possible_user['password']) < 32 && $password == $possible_user['password']) { if (\Config::getSafe('oauth_force_mac_check', false) && \Config::getSafe('oauth_force_serial_number_check', false)) { if ($mac == $possible_user['mac'] && ($serial_number == $possible_user['serial_number'] || $possible_user['serial_number'] == '')) { $verified_user = $possible_user; } } else { if (\Config::getSafe('oauth_force_mac_check', false)) { if ($mac == $possible_user['mac']) { $verified_user = $possible_user; } } else { if (\Config::getSafe('oauth_force_serial_number_check', false)) { if ($serial_number == $possible_user['serial_number'] || $possible_user['serial_number'] == '') { $verified_user = $possible_user; } } else { $verified_user = $possible_user; } } } } if (!empty($verified_user)) { $user->setSerialNumber($serial_number); $user->updateUserInfoFromOSS(); if (\Config::getSafe('bind_stb_auth_and_oauth', true)) { // invalidate stb access_token $user->resetAccessToken(); } } $user->updateIp(); return !empty($verified_user); }
public function getTvAspects() { $user = User::getByMac($this->mac); return $user->getTvChannelsAspect(); }
private function getUserByParams($params) { $params = (array) $params; if (!empty($params['stb_mac'])) { $user = \User::getByMac($params['stb_mac']); } elseif (!empty($params['login'])) { $user = \User::getByLogin($params['login']); } if (empty($user)) { throw new SoapAccountNotFound(__METHOD__, __FILE__ . ':' . __LINE__); } return $user; }