Exemplo n.º 1
0
 /**
  * Processes a user login request and sets up the session if successful.
  * After calling this method, if $this->isLoggedIn() returns false, an
  * error occurred (which can be retrieved using $this->getLoginError()).
  *
  * @param string User's username.
  * @param string User's password.
  * @param boolean Log this login attempt in Login History?
  * @return void
  */
 public function processLogin($username, $password, $addToHistory = true)
 {
     $db = DatabaseConnection::getInstance();
     /* Is the login information supplied correct? Get the status flag. */
     $users = new Users(-1);
     $loginStatus = $users->isCorrectLogin($username, $password);
     if ($loginStatus == LOGIN_INVALID_USER) {
         $this->_isLoggedIn = false;
         $this->_loginError = 'Invalid username or password.';
         return;
     }
     $sql = sprintf("SELECT\n                user.user_id AS userID,\n                user.user_name AS username,\n                user.password AS password,\n                user.first_name AS firstName,\n                user.last_name AS lastName,\n                user.access_level AS accessLevel,\n                user.site_id AS userSiteID,\n                user.is_demo AS isDemoUser,\n                user.email AS email,\n                user.categories AS categories,\n                user.pipeline_entries_per_page AS pipelineEntriesPerPage,\n                user.column_preferences as columnPreferences,\n                user.can_see_eeo_info as canSeeEEOInfo,\n                site.name AS siteName,\n                site.unix_name AS unixName,\n                site.user_licenses AS userLicenses,\n                site.company_id AS companyID,\n                site.is_demo AS isDemo,\n                site.account_active AS accountActive,\n                site.account_deleted AS accountDeleted,\n                site.time_zone AS timeZone,\n                site.date_format_ddmmyy AS dateFormatDMY,\n                site.is_free AS isFree,\n                site.is_hr_mode AS isHrMode,\n                site.first_time_setup as isFirstTimeSetup,\n                site.localization_configured as isLocalizationConfigured,\n                site.agreed_to_license as isAgreedToLicense,\n                IF(site.last_viewed_day = CURDATE(), 1, 0) AS lastViewedDayIsToday\n            FROM\n                user\n            LEFT JOIN site\n                ON site.site_id = user.site_id\n            WHERE\n                user.user_name = %s", $db->makeQueryString($username));
     $rs = $db->getAssoc($sql);
     /* Invalid username or password. */
     if (!$rs || $db->isEOF()) {
         $this->_isLoggedIn = false;
         $this->_loginError = 'Invalid username or password.';
         return;
     }
     if (isset($_SERVER['REMOTE_ADDR'])) {
         $ip = $_SERVER['REMOTE_ADDR'];
     } else {
         $ip = '';
     }
     if (isset($_SERVER['HTTP_USER_AGENT'])) {
         $userAgent = $_SERVER['HTTP_USER_AGENT'];
     } else {
         $userAgent = '';
     }
     switch ($loginStatus) {
         case LOGIN_INVALID_PASSWORD:
             $this->_isLoggedIn = false;
             $this->_loginError = 'Invalid username or password.';
             /* Log the login as unsuccessful. */
             if ($addToHistory) {
                 $users->addLoginHistory($rs['userID'], $rs['userSiteID'], $ip, $userAgent, false);
             }
             break;
         case LOGIN_ROOT_ONLY:
             $this->_isLoggedIn = false;
             $this->_loginError = 'Only root administrators can login at this time.';
             /* Log the login as unsuccessful. */
             if ($addToHistory) {
                 $users->addLoginHistory($rs['userID'], $rs['userSiteID'], $ip, $userAgent, false);
             }
             break;
         case LOGIN_DISABLED:
             $this->_isLoggedIn = false;
             $this->_loginError = 'Your account is disabled.';
             /* Log the login as unsuccessful. */
             if ($addToHistory) {
                 $users->addLoginHistory($rs['userID'], $rs['userSiteID'], $ip, $userAgent, false);
             }
             break;
         case LOGIN_SUCCESS:
             $this->_username = $rs['username'];
             $this->_password = $rs['password'];
             $this->_userID = $rs['userID'];
             $this->_siteID = $rs['userSiteID'];
             $this->_firstName = $rs['firstName'];
             $this->_lastName = $rs['lastName'];
             $this->_siteName = $rs['siteName'];
             $this->_unixName = $rs['unixName'];
             $this->_userLicenses = $rs['userLicenses'];
             $this->_accessLevel = $rs['accessLevel'];
             $this->_realAccessLevel = $rs['accessLevel'];
             $this->_categories = explode(',', $rs['categories']);
             $this->_isASP = $rs['companyID'] != 0 ? true : false;
             $this->_isHrMode = $rs['isHrMode'] != 0 ? true : false;
             $this->_siteCompanyID = $rs['companyID'] != 0 ? $rs['companyID'] : -1;
             $this->_isFree = $rs['isFree'] == 0 ? false : true;
             $this->_isFirstTimeSetup = $rs['isFirstTimeSetup'] == 0 ? false : true;
             $this->_isLocalizationConfigured = $rs['isLocalizationConfigured'] == 0 ? false : true;
             $this->_isAgreedToLicense = $rs['isAgreedToLicense'] == 0 ? false : true;
             $this->_accountActive = $rs['accountActive'] == 0 ? false : true;
             $this->_accountDeleted = $rs['accountDeleted'] == 0 ? false : true;
             $this->_email = $rs['email'];
             $this->_ip = $ip;
             $this->_userAgent = $userAgent;
             $this->_timeZoneOffset = $rs['timeZone'] - OFFSET_GMT;
             $this->_timeZone = $rs['timeZone'];
             $this->_dateDMY = $rs['dateFormatDMY'] == 0 ? false : true;
             $this->_canSeeEEOInfo = $rs['canSeeEEOInfo'] == 0 ? false : true;
             $this->_pipelineEntriesPerPage = $rs['pipelineEntriesPerPage'];
             $this->_loggedInScript = CATSUtility::getDirectoryName();
             /* SA's can always see EEO Info. */
             if ($this->_accessLevel >= ACCESS_LEVEL_SA) {
                 $this->_canSeeEEOInfo = true;
             }
             if ($rs['isDemo'] == '1' && $_SERVER['REMOTE_ADDR'] != '127.0.0.1' && ENABLE_DEMO_MODE && $rs['isDemoUser'] == 1) {
                 $this->_isDemo = true;
                 $this->_accessLevel = ACCESS_LEVEL_DEMO;
             } else {
                 $this->_isDemo = false;
             }
             /* Account inactive. */
             if ($this->_accountActive == 0) {
                 $this->_accessLevel = ACCESS_LEVEL_READ;
             }
             /* Account deleted. */
             if ($this->_accountDeleted == 1) {
                 $this->_accessLevel = ACCESS_LEVEL_DISABLED;
             }
             if (strlen($rs['columnPreferences']) > 0 && $this->_isDemo == false) {
                 $this->__dataGridColumnPreferences = unserialize($rs['columnPreferences']);
             } else {
                 $this->__dataGridColumnPreferences = array();
             }
             /* Log the login as successful. */
             if ($addToHistory) {
                 $userLoginID = $users->addLoginHistory($this->_userID, $this->_siteID, $this->_ip, $this->_userAgent, true);
             } else {
                 $userLoginID = -1;
             }
             $this->_userLoginID = $userLoginID;
             $this->_isLoggedIn = true;
             if ($rs['lastViewedDayIsToday'] == 0) {
                 $sql = sprintf("UPDATE\n                            site\n                         SET\n                            last_viewed_day = CURDATE(),\n                            page_view_days = page_view_days + 1\n                         WHERE\n                            site_id = %s", $this->_siteID);
                 $rs = $db->query($sql);
             }
             $cookie = $this->getCookie();
             $sql = sprintf("UPDATE\n                        user\n                     SET\n                        session_cookie = %s,\n                        force_logout = 0\n                     WHERE\n                        user_id = %s\n                     AND\n                        site_id = %s", $db->makeQueryString($cookie), $this->_userID, $this->_siteID);
             $rs = $db->query($sql);
             break;
     }
 }