}
/*Some more include defines specific to client only */
define('CLIENTINC_DIR', INCLUDE_DIR . 'client/');
define('OSTCLIENTINC', TRUE);
//Check the status of the HelpDesk.
if (!is_object($cfg) || !$cfg->getId() || $cfg->isHelpDeskOffline()) {
include './offline.php';
exit;
}
//Forced upgrade? Version mismatch.
if (defined('THIS_VERSION') && strcasecmp($cfg->getVersion(), THIS_VERSION)) {
die('System is offline for an upgrade.');
exit;
}
/* include what is needed on client stuff */
require_once INCLUDE_DIR . 'class.client.php';
require_once INCLUDE_DIR . 'class.ticket.php';
require_once INCLUDE_DIR . 'class.dept.php';
//clear some vars
$errors = array();
$msg = '';
$thisclient = null;
//Make sure the user is valid..before doing anything else.
if ($_SESSION['_client']['userID'] && $_SESSION['_client']['key']) {
$thisclient = new ClientSession($_SESSION['_client']['userID'], $_SESSION['_client']['key']);
}
//print_r($_SESSION);
//is the user logged in?
if ($thisclient && $thisclient->getId() && $thisclient->isValid()) {
$thisclient->refreshSession();
}
function signOn($errors = array())
{
global $ost;
if (!isset($_POST['userid']) || !isset($_POST['token'])) {
return false;
} elseif (!($_config = new Config('pwreset'))) {
return false;
} elseif (!($acct = ClientAccount::lookupByUsername($_POST['userid'])) || !$acct->getId() || !($client = new ClientSession(new EndUser($acct->getUser())))) {
$errors['msg'] = __('Invalid user-id given');
} elseif (!($id = $_config->get($_POST['token'])) || $id != $client->getId()) {
$errors['msg'] = __('Invalid reset token');
} elseif (!($ts = $_config->lastModified($_POST['token'])) && $ost->getConfig()->getPwResetWindow() < time() - strtotime($ts)) {
$errors['msg'] = __('Invalid reset token');
} elseif (!$acct->forcePasswdReset()) {
$errors['msg'] = __('Unable to reset password');
} else {
return $client;
}
}
$loginmsg = _('Excessive failed login attempts');
$errors['err'] = _('You\'ve reached maximum failed login attempts allowed. Try again later.');
} else {
//Timeout is over.
//Reset the counter for next round of attempts after the timeout.
$_SESSION['_user']['laststrike'] = null;
$_SESSION['_user']['strikes'] = 0;
}
}
// Check password
if (!$errors && ($thisuser = new ClientSession($_POST['username'])) && $thisuser->check_passwd($_POST['passwd'])) {
$_SESSION['_user'] = array();
//clear.
$_SESSION['_user']['userID'] = $thisuser->getEmail();
//Email
$_SESSION['_user']['key'] = $thisuser->getId();
//Ticket ID --acts as password when used with email. See above.
$_SESSION['_user']['token'] = $thisuser->getSessionToken();
$_SESSION['TZ_OFFSET'] = $cfg->getTZoffset();
$_SESSION['daylight'] = $cfg->observeDaylightSaving();
// Update last login
$thisuser->update_lastlogin($thisuser->getId());
//Log login info...
$msg = sprintf("%s/%s " . _("logged in"), $thisuser->getEmail(), $thisuser->getId());
Sys::log(LOG_DEBUG, 'Client login', $msg, $thisuser->getEmail());
//Redirect tickets.php
session_write_close();
session_regenerate_id();
@header("Location: tickets.php");
require_once 'tickets.php';
//Just incase. of header already sent error.
//Forced upgrade? Version mismatch.
if (defined('THIS_VERSION') && strcasecmp($cfg->getVersion(), substr(THIS_VERSION, 0, strripos(THIS_VERSION, '.')))) {
die(_('System is offline for an upgrade.'));
exit;
}
// include what is needed on user stuff
require_once INCLUDE_DIR . 'class.ticket.php';
// clear some vars
$errors = array();
$msg = '';
$thisuser = null;
// Has got the user a session? Then make sure the user is valid...before doing anything else.
if ($_SESSION['_user']['userID'] && $_SESSION['_user']['key']) {
if (!$cfg->getUserLogRequired()) {
$thisuser = new UserSession($_SESSION['_user']['userID'], $_SESSION['_user']['key']);
} else {
$thisuser = new ClientSession($_SESSION['_user']['userID'], $_SESSION['_user']['key']);
// Block blocked client
if (!$thisuser->isactive()) {
$errors['err'] = _('Access Disabled. Contact Admin');
$_SESSION['_user'] = array();
session_unset();
session_destroy();
}
}
}
// print_r($_SESSION);
// Is the user logged in?
if ($thisuser && $thisuser->getId() && $thisuser->isValid()) {
$thisuser->refreshSession();
}
