public function check($with_csrf = false)
{
if ($with_csrf && !$this->isValidCsrfToken()) {
return;
}
$key = !empty($_SESSION[self::IDENTIFIER]) ? $_SESSION[self::IDENTIFIER] : !1;
$cookies = Application::$request_variables['cookie'];
$cookie_key = !empty($cookies[self::IDENTIFIER]) ? $cookies[self::IDENTIFIER] : !1;
if (!$key) {
if ($cookie_key) {
$key_manager = new KeyManager();
list($user_id, $access_key) = $key_manager->getPair($cookie_key);
if (!is_numeric($user_id)) {
$this->removeCookie(self::IDENTIFIER);
return;
}
$user = new User($this->db);
$user->allocateById($user_id);
if (!$user->hasAccessKey($access_key)) {
$this->removeCookie(self::IDENTIFIER);
return;
}
$this->setSession(self::IDENTIFIER, $cookie_key);
$this->user_row = $user->getRowData();
$this->result = !$user->isEmpty();
}
} else {
$key_manager = new KeyManager();
$user_id = $key_manager->getPair($key)[0];
$user = new User($this->db);
$user->allocateById($user_id);
$this->user_row = $user->getRowData();
$this->result = !$user->isEmpty();
}
}
public function getAppliedFields()
{
try {
$this->apply($this->user->getCompanyId() === $this->company->getId() ? $this->user->getAccessFlag() : 2, $this->company);
return $this->result;
} catch (NotFoundCompanyException $err) {
return $err->getError();
}
}
public function signIn()
{
$mEmail = $this->data['email'];
$mPassword = $this->data['password'];
$mCompanyDomain = $this->data['domain'];
$user = new User($this->db);
$user->allocateByEmail($mEmail);
$mCompany = new Company($this->db);
$mCompany->allocateByDomain($mCompanyDomain);
if ($user->isEmpty() || $mCompany->isEmpty() || $mCompany->getId() != $user->getCompanyId() || !$user->isPasswordEqual($mPassword)) {
return;
}
$user->updateRecentActivityTime();
$key_manager = new KeyManager();
$access_key = $this->generateKey();
$key = $key_manager->createKey($user->getId(), $access_key);
$csrf_token = sha1($key . 'success');
$user->addAccessKey($access_key);
$this->setCookie(CheckAuthorization::IDENTIFIER, $key, time() + 365 * 24 * 3600, '/', $_SERVER['HTTP_HOST']);
$this->setCookie(CheckAuthorization::CSRF_TOKEN_NAME, $csrf_token, time() + 365 * 24 * 3600, '/', $_SERVER['HTTP_HOST']);
$this->setSession(CheckAuthorization::IDENTIFIER, $key);
$this->result = true;
}
public function userToggleSmsNotify()
{
$check_auth = new CheckAuthorization($this->getQemyDb());
$check_auth->check(true);
$user = new User($this->getQemyDb(), $check_auth->getUserRow());
$user->setAuthChecker($check_auth);
if (!$user->isAuth()) {
Application::denied();
$this->setData(array('result' => false));
return $this;
}
$this->setData(array('result' => $user->toggleSmsEnabled()));
return $this;
}
/**
* @param int $access_flag
* @param User $mTargetUser
*/
private function apply($access_flag, $mTargetUser)
{
if ($this->context_company->isEmpty()) {
throw new NotFoundCompanyException();
}
if ($access_flag == 2) {
throw new UserAccessDeniedException();
}
$mAccessManager = new UserAccessManager();
$tempUserFields = array();
if ($mAccessManager->can($access_flag, 'id')) {
$tempUserFields['id'] = intval($mTargetUser->getId());
}
if ($mAccessManager->can($access_flag, 'email')) {
$tempUserFields['email'] = $mTargetUser->getEmail();
}
if ($mAccessManager->can($access_flag, 'first_name')) {
$tempUserFields['first_name'] = $mTargetUser->getFirstName();
}
if ($mAccessManager->can($access_flag, 'last_name')) {
$tempUserFields['last_name'] = $mTargetUser->getLastName();
}
if ($mAccessManager->can($access_flag, 'patronymic')) {
$tempUserFields['patronymic'] = $mTargetUser->getPatronymicName();
}
if ($mAccessManager->can($access_flag, 'photo')) {
$tempUserFields['photo'] = $mTargetUser->getPhoto();
}
if ($mAccessManager->can($access_flag, 'phone')) {
$tempUserFields['phone'] = $mTargetUser->getPhone();
}
if ($mAccessManager->can($access_flag, 'register_time')) {
$tempUserFields['register_time'] = intval($mTargetUser->getRegisterTime());
}
if ($mAccessManager->can($access_flag, 'last_logged_time')) {
$tempUserFields['last_logged_time'] = intval($mTargetUser->getLastLoggedTime());
}
if ($mAccessManager->can($access_flag, 'company_id')) {
$tempUserFields['company_id'] = intval($mTargetUser->getCompanyId());
}
if ($mAccessManager->can($access_flag, 'access_flag')) {
$tempUserFields['access_flag'] = intval($mTargetUser->getAccessFlag());
}
if ($mAccessManager->can($access_flag, 'access_flag')) {
$tempUserFields['user_group'] = $mTargetUser->getUserGroupKey();
}
if ($mAccessManager->can($access_flag, 'sms_notify')) {
$tempUserFields['sms_notify'] = $mTargetUser->isSmsNotificationEnabled();
}
if ($mAccessManager->can($access_flag, 'recent_activity_time')) {
$tempUserFields['recent_activity_time'] = intval($mTargetUser->getRecentActivityTime());
}
$this->result = $tempUserFields;
}
public function createCompany($params)
{
//TODO: create company
/*
* 1) Провалидировать все поля
* 2) Сохранить (ready)
*/
$valid = false;
$result = false;
$user_created = false;
$errors = array();
$mName = trim($params['company_name']);
$mDomain = mb_strtolower(trim($params['company_domain']), 'utf-8');
$mCountry = trim($params['company_country']);
$mCity = trim($params['company_city']);
$mWebsite = mb_strtolower(trim($params['company_site']), 'utf-8');
$mCompanyType = trim($params['company_type']);
$mLoginEmail = mb_strtolower(trim($params['login_email']), 'utf-8');
$mLoginPassword = trim($params['login_password']);
$mLoginConfirmPassword = trim($params['login_confirm_password']);
$mContactEmail = mb_strtolower(trim($params['contacts_email']), 'utf-8');
$mContactPhone = trim($params['contacts_phone']);
$mValidator = new Validation();
if (empty($mName) || strlen($mName) < 2 || strlen($mName) > 250) {
array_push($errors, 'name');
}
if (empty($mCountry)) {
array_push($errors, 'country');
}
if (!empty($mWebsite) && !$mValidator->isValidUrl($mWebsite)) {
array_push($errors, 'website');
}
if (empty($mDomain) || !$mValidator->isValidCompanyDomain($mDomain) || $this->isDomainInUse($mDomain)) {
array_push($errors, 'domain');
}
$company_types = array(-1, 1, 2, 3);
if (!is_numeric($mCompanyType) || !$mCompanyType || !in_array($mCompanyType, $company_types)) {
array_push($errors, 'company_type');
}
if (empty($mLoginEmail) || !$mValidator->isValidEmail($mLoginEmail) || $this->isEmailInUse($mLoginEmail)) {
array_push($errors, 'login_email');
}
if (empty($mLoginPassword) || strlen($mLoginPassword) < 6 || strlen($mLoginPassword) > 200) {
array_push($errors, 'login_password');
}
if (empty($mLoginConfirmPassword) || $mLoginPassword != $mLoginConfirmPassword) {
array_push($errors, 'login_confirm_password');
}
if (empty($mContactEmail) || !$mValidator->isValidEmail($mContactEmail)) {
array_push($errors, 'contact_email');
}
if (!empty($mContactPhone) && !$mValidator->isValidPhone($mContactPhone)) {
array_push($errors, 'contact_phone');
}
if (!count($errors)) {
$valid = true;
}
$mAdminUser = null;
if ($valid) {
//создаем админа, получаем его id
$mUsersManager = new UsersManager($this->db);
$admin_user_id = $mUsersManager->createAdminForCompany(array('email' => $mLoginEmail, 'password' => $mLoginPassword, 'confirm_password' => $mLoginConfirmPassword));
if ($admin_user_id != -1) {
$user_created = true;
$mAdminUser = new User($this->db);
$mAdminUser->allocateById($admin_user_id);
}
}
if ($valid && $user_created) {
$this->db->query("INSERT INTO `companies` (name, country, city, website, company_type, user_id, domain, contact_email,\n contact_phone, register_time, max_count_services, employees_number, end_subscription_time, stop_company_time,\n sms_enabled, email_enabled)\n VALUES(?s, ?s, ?s, ?s, ?s, ?i, ?s, ?s, ?s, ?i, ?i, ?i, ?i, ?i, ?i, ?i)", $mName, $mCountry, $mCity, $mWebsite, $mCompanyType, $mAdminUser->getId(), $mDomain, $mContactEmail, $mContactPhone, time(), self::MAX_COUNT_SERVICES_TRIAL, self::DEFAULT_EMPLOYEES_NUMBER, time() + self::SUBSCRIPTION_TIME_TRIAL, time() + self::SUBSCRIPTION_TIME_TRIAL + self::ADDITIONAL_TIME_TRIAL, self::DEFAULT_SMS_ENABLED, self::DEFAULT_EMAIL_ENABLED);
$inserted_company_id = $this->db->insertedId();
$mAdminUser->setCompanyId($inserted_company_id);
$result = true;
}
return $result;
}
