function checkloginAction() { $this->_helper->layout->disableLayout(); $this->_helper->viewRenderer->setNoRender(TRUE); $session = SessionWrapper::getInstance(); $formvalues = $this->_getAllParams(); // debugMessage($formvalues); # check that an email has been provided if (isEmptyString(trim($this->_getParam("email")))) { $session->setVar(ERROR_MESSAGE, $this->_translate->translate("profile_email_error")); $session->setVar(FORM_VALUES, $this->_getAllParams()); // return to the home page $this->_helper->redirector->gotoUrl(decode($this->_getParam(URL_FAILURE))); } if (isEmptyString(trim($this->_getParam("password")))) { $session->setVar(ERROR_MESSAGE, $this->_translate->translate("profile_password_error")); $session->setVar(FORM_VALUES, $this->_getAllParams()); // return to the home page $this->_helper->redirector->gotoUrl(decode($this->_getParam(URL_FAILURE))); } # check which field user is using to login. default is username $credcolumn = "username"; $login = (string) trim($this->_getParam("email")); // $password = encode(sha1(trim($this->_getParam("password")))); # check if credcolumn is emai $validator = new Zend_Validate_EmailAddress(); if ($validator->isValid($login)) { $usertable = new UserAccount(); if ($usertable->findByEmail($login)) { $credcolumn = 'email'; } } if (stringContains('!@#', $login)) { $credcolumn = 'trx'; $loginarray = explode('.', $login); // debugMessage($loginarray); $id = $loginarray[0]; } // debugMessage($credcolumn); exit; $browser = new Browser(); $audit_values = $browser_session = array("browserdetails" => $browser->getBrowserDetailsForAudit(), "browser" => $browser->getBrowser(), "version" => $browser->getVersion(), "useragent" => $browser->getUserAgent(), "os" => $browser->getPlatform(), "ismobile" => $browser->isMobile() ? '1' : 0, "ipaddress" => $browser->getIPAddress()); // debugMessage($audit_values); if ($credcolumn == 'email' || $credcolumn == 'username') { $authAdapter = new Zend_Auth_Adapter_DbTable(Zend_Registry::get("dbAdapter")); // define the table, fields and additional rules to use for authentication $authAdapter->setTableName('useraccount'); $authAdapter->setIdentityColumn($credcolumn); $authAdapter->setCredentialColumn('password'); $authAdapter->setCredentialTreatment("sha1(?) AND status = '1' "); // set the credentials from the login form $authAdapter->setIdentity($login); $authAdapter->setCredential($this->_getParam("password")); // new class to audit the type of Browser and OS that the visitor is using if (!$authAdapter->authenticate()->isValid()) { // debugMessage('invalid'); exit; // add failed login to audit trail $audit_values['module'] = 1; $audit_values['usecase'] = '1.1'; $audit_values['transactiontype'] = USER_LOGIN; $audit_values['status'] = "N"; $audit_values['transactiondetails'] = "Login for user with id '" . $this->_getParam("email") . "' failed. Invalid username or password"; // exit(); $this->notify(new sfEvent($this, USER_LOGIN, $audit_values)); // return to the home page if (!isArrayKeyAnEmptyString(URL_FAILURE, $formvalues)) { $session->setVar(ERROR_MESSAGE, "Invalid Email or Username or Password. <br />Please Try Again."); $this->_helper->redirector->gotoUrl(decode($this->_getParam(URL_FAILURE))); } else { $session->setVar(ERROR_MESSAGE, "Invalid Email or Username or Password. <br />Please Try Again."); $this->_helper->redirector->gotoSimple('login', "user"); } return false; } // user is logged in sucessfully so add information to the session $user = $authAdapter->getResultRowObject(); $useraccount = new UserAccount(); $useraccount->populate($user->id); } // exit; # trx login if ($credcolumn == 'trx') { $useraccount = new UserAccount(); $useraccount->populate($id); // debugMessage($result); exit(); if (isEmptyString($useraccount->getID())) { // return to the home page if (!isArrayKeyAnEmptyString(URL_FAILURE, $formvalues)) { $session->setVar(ERROR_MESSAGE, "Invalid Email or Username or Password. <br />Please Try Again."); $this->_helper->redirector->gotoUrl(decode($this->_getParam(URL_FAILURE))); } else { $session->setVar(ERROR_MESSAGE, "Invalid Email or Username or Password. <br />Please Try Again."); $this->_helper->redirector->gotoSimple('login', "user"); } return false; } } // debugMessage($useraccount->toArray()); exit(); $session->setVar("userid", $useraccount->getID()); $session->setVar("username", $useraccount->getUserName()); $session->setVar("type", $useraccount->getType()); $session->setVar("companyid", $useraccount->getCompanyID()); $session->setVar("istimesheetuser", $useraccount->getIsTimesheetUser()); $session->setVar("browseraudit", $browser_session); $session->setVar("user", json_encode($useraccount->toArray())); $session->setVar("company", json_encode($useraccount->getCompany()->toArray())); // clear user specific cache, before it is used again $this->clearUserCache(); // Add successful login event to the audit trail $audit_values['module'] = 1; $audit_values['usecase'] = '1.1'; $audit_values['transactiontype'] = USER_LOGIN; $audit_values['status'] = "Y"; $audit_values['userid'] = $useraccount->getID(); $audit_values['transactiondetails'] = "Login for user with id '" . $this->_getParam("email") . "' successful"; // $this->notify(new sfEvent($this, USER_LOGIN, $audit_values)); if (isEmptyString($this->_getParam("redirecturl"))) { # forward to the dashboard $this->_helper->redirector->gotoSimple("index", "dashboard"); } else { # redirect to the page the user was coming from if (!isEmptyString($this->_getParam(SUCCESS_MESSAGE))) { $successmessage = decode($this->_getParam(SUCCESS_MESSAGE)); $session->setVar(SUCCESS_MESSAGE, $successmessage); } $this->_helper->redirector->gotoUrl(decode($this->_getParam("redirecturl"))); } }
function processattendanceAction() { $this->_helper->layout->disableLayout(); $this->_helper->viewRenderer->setNoRender(TRUE); $session = SessionWrapper::getInstance(); $config = Zend_Registry::get("config"); $this->_translate = Zend_Registry::get("translate"); $validshift = false; $formvalues = $this->_getAllParams(); /* $formvalues = array( "id" => "", "successmessage" => "Check-In Successfull", "datein" => "Apr 24, 2015", "timein" => "8:40 PM", "inremarks" => "", "status" => "", "userid" => "93" ); */ // debugMessage($formvalues); // exit; $id = decode($formvalues['id']); $formvalues['id'] = $id; $timesheet = new Timesheet(); $user = new UserAccount(); $user->populate($formvalues['userid']); # no shift available at all on profile // validate that user is checking into right shift if (isEmptyString($id)) { $checkindate = date('Y-m-d', strtotime($formvalues['datein'])); $checkintime = date('H:i:s', strtotime($formvalues['timein'])); $checkinfulldate = $checkindate . ' ' . $checkintime; debugMessage('checkin: ' . $checkinfulldate); // if user is already checkin, throw exception if (isCheckedIn($formvalues['userid'], $checkindate)) { $message = "Check-In failed. Active session already exists"; $session->setVar(ERROR_MESSAGE, $message); exit; } $hasshift = false; $scheduleentry = getSessionEntry($user->getID()); // debugMessage($scheduleentry); if (!isEmptyString($scheduleentry['id']) && !isEmptyString($user->getShift()) && $scheduleentry['status'] == 1) { $hasshift = true; } if ($hasshift) { $shift = new ShiftSchedule(); $shift->populate($scheduleentry['id']); // debugMessage($shift->toArray()); $validstartdate = $checkindate; $validstarttime = !isEmptyString($shift->getStartTime()) ? $shift->getStartTime() : $shift->getSession()->getStartTime(); $validfullstartdate = $validstartdate . ' ' . $validstarttime; debugMessage('startin: ' . $validfullstartdate); # compute end date and time $endtime = !isEmptyString($shift->getEndTime()) ? $shift->getEndTime() : $shift->getSession()->getEndTime(); $endday = $checkindate; $starthr = date('H', strtotime($validstarttime)); //debugMessage($starthr); $endhr = date('H', strtotime($endtime)); //debugMessage($endhr); if ($endhr < $starthr) { $nxtday = date('Y-m-d', strtotime($checkindate . " + 1 day")); $endday = $nxtday; } $validenddate = $endday; $validendtime = $endtime; $validfullenddate = $validenddate . ' ' . $validendtime; debugMessage('ending: ' . $validfullenddate); // validate start and end dates for each session $rangevalid = false; if (strtotime($checkinfulldate) >= strtotime($shift->getStartDate() . ' 00:00:00')) { $rangevalid = true; if (!isEmptyString($shift->getEndDate())) { $rangevalid = false; if (strtotime($checkinfulldate) <= strtotime($shift->getEndDate() . ' 23:00:00')) { $rangevalid = true; } } } // also check if the days of the week are in the valid range if ($rangevalid) { $todaywkno = date('w', strtotime($checkinfulldate)); // debugMessage($todaywkno); $wkdaysprofiled = $user->getDaysOfWeekArray(); // debugMessage($wkdaysprofiled); if (!isEmptyString($scheduleentry['workingdays'])) { $wkdaysprofiled = explode(',', preg_replace('!\\s+!', '', trim($scheduleentry['workingdays']))); // debugMessage($wkdaysprofiled); } if (count($wkdaysprofiled) > 0) { if (!in_array($todaywkno, $wkdaysprofiled)) { $rangevalid = false; } } } // now validate the time within the session if ($rangevalid) { if (strtotime($checkinfulldate) >= strtotime($validfullstartdate) && strtotime($checkinfulldate) < strtotime($validfullenddate)) { $validshift = true; $browser = new Browser(); $audit_values = $browser_session = array("browserdetails" => $browser->getBrowserDetailsForAudit(), "browser" => $browser->getBrowser(), "version" => $browser->getVersion(), "useragent" => $browser->getUserAgent(), "os" => $browser->getPlatform(), "ismobile" => $browser->isMobile() ? '1' : 0, "ipaddress" => $browser->getIPAddress()); $formvalues['sessionid'] = $scheduleentry['sessionid']; $formvalues['ipaddress'] = $audit_values['ipaddress']; $formvalues['browser_details'] = json_encode($audit_values); } } } } /* if(!$validshift){ debugMessage('shift fail'); } else { debugMessage('shift passed'); } debugMessage($formvalues); exit; */ if (isEmptyString($id)) { $formvalues['createdby'] = $session->getVar('userid'); if (isArrayKeyAnEmptyString('isrequest', $formvalues)) { $formvalues['isrequest'] = 0; $formvalues['status'] = 0; $formvalues['timesheetdate'] = date('Y-m-d', strtotime($formvalues['datein'])); } else { $formvalues['isrequest'] = 1; if (isArrayKeyAnEmptyString('status', $formvalues)) { $formvalues['status'] = 2; } } } if (!isEmptyString($id)) { $timesheet->populate($id); $formvalues['lastupdatedby'] = $session->getVar('userid'); if (isArrayKeyAnEmptyString('isrequest', $formvalues)) { if (isEmptyString($timesheet->getHours())) { $timesheet->setHours($timesheet->getComputedHours()); } $formvalues['isrequest'] = 0; } else { $formvalues['isrequest'] = 1; } $validshift = true; } if ($validshift) { $timesheet->processPost($formvalues); /* debugMessage($timesheet->toArray()); debugMessage('error '.$timesheet->getErrorStackAsString()); exit(); */ if ($timesheet->hasError()) { $session->setVar(ERROR_MESSAGE, $timesheet->getErrorStackAsString()); } else { try { $timesheet->save(); $session->setVar(SUCCESS_MESSAGE, $this->_translate->translate($this->_getParam(SUCCESS_MESSAGE))); } catch (Exception $e) { $session->setVar(ERROR_MESSAGE, $e->getMessage()); } } } else { $message = "Check-In failed. Invalid shift or session time detected. <br/> Contact admin for resolution."; $session->setVar('contactadmin', 1); if (isAdmin() || isCompanyAdmin()) { $session->setVar('contactadmin', ''); $url = $this->view->baseUrl('config/shifts/tab/schedules/userid/' . $user->getID()); $message = 'Check-In failed. Invalid shift or session time detected. <br/> <a href="' . $url . '">Click here</a> to update schedule for ' . $user->getName(); } $session->setVar(ERROR_MESSAGE, $message); } }