function authuser($dbhost, $dbport, $dbuser, $dbpasswd, $dbname, $cookie)
{
$db = new myDB($dbhost, $dbuser, $dbpasswd, $dbname, $dbport);
//Hat sich ein User angemeldet
$sql = "select sc.session_id,u.id,u.login from auth.session_content sc left join auth.\"user\" u on ";
$sql .= "(E'--- ' || u.login || chr(10) )=sc.sess_value left join auth.session s on s.id=sc.session_id ";
$sql .= "where session_id = '{$cookie}' and sc.sess_key='login'";
$rs = $db->getAll($sql);
if (count($rs) != 1) {
// Garnicht mit ERP angemeldet oder zu viele Sessions, sollte die ERP drauf achten
unset($_SESSION);
$Url = preg_replace("^crm/.*^", "", $_SERVER['REQUEST_URI']);
header("location:" . $Url . "controller.pl?action=LoginScreen/user_login");
}
$auth = array();
$uid = $rs[0]["id"];
$auth["login"] = $rs[0]["login"];
$sql = "select * from auth.user_config where user_id=" . $uid;
$rs = $db->getAll($sql);
$keys = array("countrycode", "stylesheet", "vclimit", "signature", "email", "tel", "fax", "name");
foreach ($rs as $row) {
if (in_array($row["cfg_key"], $keys)) {
$auth[$row["cfg_key"]] = $row["cfg_value"];
}
}
$auth["lang"] = $auth["countrycode"] != '' ? $auth["countrycode"] : 'en';
$auth["stylesheet"] = substr($auth["stylesheet"], 0, -4);
//Welcer Mandant ist verbunden
$sql = "SELECT sess_value FROM auth.session_content WHERE session_id = '{$cookie}' and sess_key='client_id'";
$rs = $db->getOne($sql);
$mandant = substr($rs['sess_value'], 4);
$sql = 'SELECT id as manid,name as mandant,dbhost,dbport,dbname,dbuser,dbpasswd FROM auth.clients WHERE id = ' . $mandant;
$rs = $db->getOne($sql);
$auth = array_merge($auth, $rs);
//Eine der Gruppen des Users darf sales_all_edit
$sql = "SELECT granted from auth.group_rights G where G.right = 'sales_all_edit' ";
$sql .= "and G.group_id in (select group_id from auth.user_group where user_id = " . $uid . ")";
$rs3 = $db->getAll($sql);
$auth["sales_edit_all"] = 'f';
if ($rs3) {
foreach ($rs3 as $row) {
if ($row["granted"] == 't') {
$auth["sales_edit_all"] = 't';
break;
}
}
}
// Ist der User ein CRM-Supervisor?
$sql = "SELECT count(*) as cnt from auth.user_group left join auth.group on id=group_id where name = 'CRMTL' and user_id = " . $uid;
$rs = $db->getOne($sql);
$auth['CRMTL'] = $rs['cnt'];
//Session update
$sql = "update auth.session set mtime = '" . date("Y-M-d H:i:s.100001") . "' where id = '" . $cookie . "'";
$db->query($sql, "authuser_3");
//Token lesen
$sql = "SELECT * FROM auth.session WHERE id = '" . $cookie . "'";
$rsa = $db->getOne($sql);
$auth['token'] = $rsa['api_token'];
return $auth;
}
function authuser($dbhost, $dbport, $dbuser, $dbpasswd, $dbname, $cookie)
{
$db = new myDB($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, true);
$sql = "select sc.session_id,u.id from auth.session_content sc left join auth.user u on ";
$sql .= "u.login=sc.sess_value left join auth.session s on s.id=sc.session_id ";
$sql .= "where session_id = '{$cookie}' and sc.sess_key='login'";
// order by s.mtime desc";
$rs = $db->getAll($sql, "authuser_1");
if (!$rs) {
return false;
}
$stmp = "";
if (count($rs) > 1) {
header("location:../login.pl?action=logout");
/*foreach($rs as $row) {
$stmp.=$row["session_id"].",";
}
$sql1="delete from session where id in (".substr($stmp,-1).")";
$sql2="delete from session_content where session_id in (".substr($stmp,-1).")";
$db->query($sql1,"authuser_A");
$db->query($sql2,"authuser_B");
$sql3="insert into session ";*/
}
$sql = "select * from auth.user where id=" . $rs[0]["id"];
$rs1 = $db->getAll($sql, "authuser_1");
if (!$rs1) {
return false;
}
$auth = array();
$auth["login"] = $rs1[0]["login"];
$sql = "select * from auth.user_config where user_id=" . $rs[0]["id"];
$rs1 = $db->getAll($sql, "authuser_2");
$keys = array("dbname", "dbpasswd", "dbhost", "dbport", "dbuser");
foreach ($rs1 as $row) {
if (in_array($row["cfg_key"], $keys)) {
$auth[$row["cfg_key"]] = $row["cfg_value"];
}
}
$sql = "update auth.session set mtime = '" . date("Y-M-d H:i:s.100001") . "' where id = '" . $rs[0]["session_id"] . "'";
$db->query($sql, "authuser_3");
return $auth;
}
