private function generateUserNameFromContact($contact) {
$uname = "";
if ($contact->getSurname() == "") {
$uname = $contact->getFirstName();
} else if ($contact->getFirstname() == "") {
$uname = $contact->getSurname();
} else {
$uname = substr_utf($contact->getFirstname(), 0, 1) . $contact->getSurname();
}
$uname = strtolower(trim(str_replace(" ", "", $uname)));
if ($uname == "") {
$uname = strtolower(str_replace(" ", "_", lang("new user")));
}
$base = $uname;
for ($i=2; Contacts::getByUsername($uname) instanceof Contact; $i++) {
$uname = $base . $i;
}
return $uname;
}
/**
* Validate user information in order to give acces to the administration panel
* */
function password_autentify()
{
if (!logged_user()->isCompanyAdmin(owner_company())) {
flash_error(lang('no access permissions'));
ajx_current("empty");
return;
}
// if
if (isset($_POST['enetedPassword'])) {
$userName = array_var($_POST, 'userName');
$pass = array_var($_POST, 'enetedPassword');
if (trim($userName) == '') {
flash_error(lang('username value missing'));
ajx_current("empty");
return;
}
// if
if (trim($pass) == '') {
flash_error(lang('password value missing'));
ajx_current("empty");
return;
}
// if
$user = Contacts::getByUsername($userName);
if (!$user instanceof Contact) {
flash_error(lang('invalid login data'));
ajx_current("empty");
return;
}
// if
if (!$user->isValidPassword($pass)) {
flash_error(lang('invalid login data'));
ajx_current("empty");
return;
}
// if
if ($userName != logged_user()->getUsername()) {
flash_error(lang('invalid login data'));
ajx_current("empty");
return;
}
$_SESSION['admin_login'] = time();
$this->redirectToUrl($_POST['url']);
} else {
$last_login = array_var($_SESSION, 'admin_login', 0);
if ($last_login >= time() - ADMIN_SESSION_TIMEOUT) {
$this->redirectToUrl(array_var($_GET, 'url', get_url('administration', 'index')));
}
}
tpl_assign('url', array_var($_GET, 'url', get_url('administration', 'index')));
}
/**
* Log user back in
*
* @access public
* @param void
* @return null
*/
function relogin()
{
ajx_current("empty");
$login_data = array_var($_POST, 'login');
if (!is_array($login_data)) {
$login_data = array();
}
// if
$username = array_var($login_data, 'username');
$password = array_var($login_data, 'password');
$remember = array_var($login_data, 'remember', '') != '';
if (function_exists('logged_user') && logged_user() instanceof Contact && logged_user()->getUsername() == $username && logged_user()->isUser()) {
flash_error(lang("already logged in"));
return;
}
// if
if (trim($username == '')) {
flash_error(lang("username value missing"));
return;
}
// if
if (trim($password) == '') {
flash_error(lang("password value missing"));
return;
}
// if
$user = Contacts::getByUsername($username, owner_company());
if (!($user instanceof Contact && $user->isUser()) || $user->getDisabled()) {
flash_error(lang('invalid login data'));
return;
}
// if
if (!$user->isValidPassword($password)) {
flash_error(lang('invalid login data'));
return;
}
// if
try {
CompanyWebsite::instance()->logUserIn($user, $remember);
} catch (Exception $e) {
flash_error(lang('invalid login data'));
return;
}
// try
}
/**
* This function will use session ID from session or cookie and if presend log user
* with that ID. If not it will simply break.
*
* When this function uses session ID from cookie the whole process will be treated
* as new login and users last login time will be set to current time.
*
* @access public
* @param void
* @return boolean
*/
private function initLoggedUser()
{
//Hack for API Auth & Magic login!
if (isset($_REQUEST['auth']) && !empty($_REQUEST['auth']) || array_var($_REQUEST, 'm') == "login") {
if (array_var($_REQUEST, 'm') != "login") {
$contact = Contacts::findAll(array("conditions" => "`token` = '" . $_REQUEST['auth'] . "'"));
$contact = $contact[0];
} else {
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
if (preg_match(EMAIL_FORMAT, $username)) {
$contact = Contacts::getByEmail($username);
} else {
$contact = Contacts::getByUsername($username);
}
if ($contact) {
if (!$contact->isValidPassword($password)) {
die('API Response: Invalid password.');
}
} else {
die('API Response: Invalid username.');
}
}
if ($contact instanceof Contact) {
$this->logUserIn($contact, false);
if (array_var($_REQUEST, 'm') == "login") {
$temp = array('token' => $contact->getToken(), 'username' => $contact->getUsername(), 'user_id' => $contact->getId(), 'company' => owner_company()->getName());
echo json_encode($temp);
exit;
}
} else {
die('API Response: Invalid authorization code.');
}
}
$user_id = Cookie::getValue('id');
$twisted_token = Cookie::getValue('token');
$remember = (bool) Cookie::getValue('remember', false);
if (empty($user_id) || empty($twisted_token)) {
return false;
// we don't have a user
}
// if
$user = Contacts::findById($user_id);
if (!$user instanceof Contact) {
return false;
// failed to find user
}
// if
if (!$user->isValidToken($twisted_token)) {
return false;
// failed to validate token
}
// if
$last_act = $user->getLastActivity();
if ($last_act instanceof DateTimeValue) {
$session_expires = $last_act->advance(SESSION_LIFETIME, false);
}
if (!$last_act instanceof DateTimeValue || $session_expires != null && DateTimeValueLib::now()->getTimestamp() < $session_expires->getTimestamp()) {
$this->setLoggedUser($user, $remember, true);
} else {
$this->logUserIn($user, $remember);
}
// if
}
if(Env::isDebugging()) {
benchmark_timer_set_marker('Handle request');
} // if
if(isset($_GET['a'])){
if($_GET['a'] == 'login')
{
//ADD THIRD PARTY SO IT DOES NOT LOAD MOODLE OR WORDPRESS
$third_party = 1;
define('WP_USE_THEMES', false);
require_once('/../wp-blog-header.php');
$current_user = wp_get_current_user();
$_SESSION["id"] = $current_user->ID;
ajx_current("empty");
$user = Contacts::getByUsername($current_user->user_login, owner_company());
try {
CompanyWebsite::instance()->logUserIn($user, 0);
} catch(Exception $e) {
flash_error(lang('invalid login data'));
return;
} // try
}}
// Get controller and action and execute...
try {
if (!defined( 'CONSOLE_MODE' )) {
Env::executeAction(request_controller(), request_action()) ;
}
