public function update(RESTRequest $request) { $data = $request->getData(); if (empty($data)) { throw new RESTCommandException('HTTP POST data is empty'); } $allowed_to_update_fields = array_fill_keys(array('login', 'password', 'full_name', 'phone', 'account_number', 'tariff_plan', 'status', 'stb_mac', 'comment', 'end_date', 'account_balance'), true); $account = array_intersect_key($data, $allowed_to_update_fields); if (empty($account)) { throw new RESTCommandException('Insert data is empty'); } $identifiers = $request->getIdentifiers(); if (count($identifiers) == 0) { throw new RESTCommandException('Identifier required'); } $users_ids = $this->getUsersIdsFromIdentifiers($identifiers); if (count($identifiers) == 1 && count($users_ids) == 0) { throw new RESTCommandException('Account not found'); } if (count($identifiers) > 1) { throw new RESTCommandException('Only one identifier allowed'); } if (!empty($account['login'])) { $user = User::getByLogin($account['login']); if (!empty($user) && ($user->getId() != $users_ids[0] || count($users_ids) > 1)) { throw new RESTCommandException('Login already in use'); } } $result = true; foreach ($users_ids as $user_id) { $user = User::getInstance($user_id); $result = $user->updateAccount($account) && $result; User::clear(); } return $result; }
ob_start(); session_start(); include "./common.php"; Admin::checkAuth(); Admin::checkAccess(AdminAccess::ACCESS_VIEW); foreach (@$_POST as $key => $value) { //$_POST[$key] = trim($value); } $error = ''; $action_name = 'add'; $action_value = _('Add'); $tariff_plans = Mysql::getInstance()->select('id, name')->from('tariff_plan')->orderby('name')->get()->all(); if (!empty($_POST)) { if (!empty($_POST['login']) && !empty($_POST['password'])) { $user = \User::getByLogin($_POST['login']); if (!empty($_POST['stb_mac'])) { $mac = Middleware::normalizeMac($_POST['stb_mac']); $_POST['stb_mac'] = $mac; if (!$mac) { $error = _('Error: Not valid mac address'); } else { $user_by_mac = \User::getByMac($mac); if (!empty($user_by_mac)) { $error = _('Error: STB with such MAC address already exists'); } } } if ($error) { } else { if (!empty($user)) {
public function getFewRecordsTitle($attrName, $attrValue) { if ($attrName == 'roles') { $builtInRoles = Role::builtInRoles(); if (isset($builtInRoles[$attrValue])) { return $builtInRoles[$attrValue]; } else { $role = Role::model()->findByAttributes(array('name' => $attrValue)); if ($role) { return $role->title; } else { return parent::getFewRecordsTitle($attrName, $attrValue); } } } elseif ($attrName == 'login') { $user = User::getByLogin($attrValue); if ($user) { return $user->getFullname(); } else { return parent::getFewRecordsTitle($attrName, $attrValue); } } else { return parent::getFewRecordsTitle($attrName, $attrValue); } }
public function checkUserAuth($username, $password, $mac = null, $serial_number = null, OAuthRequest $request) { sleep(1); // anti brute-force delay $user = null; if ($username) { $user = \User::getByLogin($username); } elseif (!$password && $mac) { if ($serial_number) { $_REQUEST['serial_number'] = $serial_number; } if ($request->getVersion()) { $_REQUEST['version'] = $request->getVersion(); } if ($request->getDeviceId2()) { $_REQUEST['device_id2'] = $request->getDeviceId2(); $_REQUEST['signature'] = $request->getSignature(); } // init user as STB \Stb::getInstance()->getProfile(); $user = \User::getByMac(\Stb::getInstance()->mac); } if (!$user) { $user = \User::authorizeFromOss($username, $password, $mac); } if (!$user) { return false; } $possible_user = $user->getProfile(); if (strlen($possible_user['password']) == 32 && md5(md5($password) . $possible_user['id']) == $possible_user['password'] || strlen($possible_user['password']) < 32 && $password == $possible_user['password']) { if (\Config::getSafe('oauth_force_mac_check', false) && \Config::getSafe('oauth_force_serial_number_check', false)) { if ($mac == $possible_user['mac'] && ($serial_number == $possible_user['serial_number'] || $possible_user['serial_number'] == '')) { $verified_user = $possible_user; } } else { if (\Config::getSafe('oauth_force_mac_check', false)) { if ($mac == $possible_user['mac']) { $verified_user = $possible_user; } } else { if (\Config::getSafe('oauth_force_serial_number_check', false)) { if ($serial_number == $possible_user['serial_number'] || $possible_user['serial_number'] == '') { $verified_user = $possible_user; } } else { $verified_user = $possible_user; } } } } if (!empty($verified_user)) { $user->setSerialNumber($serial_number); $user->updateUserInfoFromOSS(); if (\Config::getSafe('bind_stb_auth_and_oauth', true)) { // invalidate stb access_token $user->resetAccessToken(); } } $user->updateIp(); return !empty($verified_user); }
public static function authorizeFromOss($login, $password, $mac) { $oss_wrapper = OssWrapper::getWrapper(); if (!is_callable(array($oss_wrapper, 'authorize'))) { return false; } $info = $oss_wrapper->authorize($login, $password, $mac); if (!$info) { return false; } $key_map = array('mac' => 'stb_mac', 'ls' => 'account_number', 'fname' => 'full_name', 'tariff' => 'tariff_plan'); $new_account = array(); foreach ($info as $key => $value) { if (array_key_exists($key, $key_map)) { $new_account[$key_map[$key]] = $value; unset($new_account[$key]); } else { $new_account[$key] = $value; } } $login = empty($login) && !empty($info['login']) ? $info['login'] : $login; $new_account['login'] = $login; $new_account['password'] = $password; $user = User::getByLogin($login); if ($user !== false) { return $user; } $uid = self::createAccount($new_account); if (!$uid) { return false; } return self::getInstance($uid); }
<?php function __autoload($className) { $file = "classes" . DIRECTORY_SEPARATOR . "{$className}.php"; require_once $file; } //старт сессии session_start(); //проверка логина и пароля if ($_POST && isset($_POST['login']) && isset($_POST['password'])) { $login = $_POST['login']; $user = User::getByLogin($login); //Берём данные //если пароль правильный - записываем логин в сессию if ($user->password == $_POST['password']) { $_SESSION['login'] = $login; header('Location: secure.php'); } else { echo '<b>Неправильный пароль</b>'; } } //$_SESSION[''] ?> <html> <head> <meta charset="utf-8" /> <title></title> </head> <body>
private function checkLoginAndMac($params) { if (empty($params['login'])) { throw new SoapMissingRequiredParam(); } if (!empty($params['stb_mac'])) { $params['stb_mac'] = \Middleware::normalizeMac($params['stb_mac']); if (empty($params['stb_mac'])) { throw new SoapWrongMacFormat(__METHOD__, __FILE__ . ':' . __FILE__); } $user = \User::getByLogin($params['login']); if (empty($user) || $user->getMac() != $params['stb_mac']) { $stb = \Stb::getByMac($params['stb_mac']); if (!empty($stb)) { throw new SoapMacAddressInUse(__METHOD__, __FILE__ . ':' . __FILE__); } } } }