/** Authenticate an employee by password @param $password password from employee table @param $activity activity identifier to log @return True or False If no one is currently logged in, any valid password will be accepted. If someone is logged in, then only passwords for that user <i>or</i> a user with frontendsecurity >= 30 in the employee table will be accepted. */ public static function checkPassword($password, $activity = 1) { $password = strtoupper($password); $password = str_replace("'", "", $password); $password = str_replace(",", "", $password); $paswword = str_replace("+", "", $password); if ($password == "TRAINING") { $password = 9999; // if password is training, change to '9999' } $query_g = "select LoggedIn,CashierNo from globalvalues"; $db_g = Database::pDataConnect(); $result_g = $db_g->query($query_g); $row_g = $db_g->fetch_array($result_g); if ($row_g["LoggedIn"] == 0) { $query_q = ' SELECT emp_no, FirstName, LastName, ' . $db_g->yeardiff($db_g->now(), 'birthdate') . ' AS age FROM employees WHERE EmpActive = 1 AND CashierPassword = ?'; $prep_q = $db_g->prepare($query_q); $result_q = $db_g->execute($prep_q, array($password)); $num_rows_q = $db_g->num_rows($result_q); if ($num_rows_q > 0) { $row_q = $db_g->fetch_array($result_q); Database::loadglobalvalues(); $transno = Database::gettransno($row_q["emp_no"]); $globals = array("CashierNo" => $row_q["emp_no"], "Cashier" => $row_q["FirstName"] . " " . substr($row_q["LastName"], 0, 1) . ".", "TransNo" => $transno, "LoggedIn" => 1); Database::setglobalvalues($globals); CoreState::cashierLogin($transno, $row_q['age']); } elseif ($password == 9999) { Database::loadglobalvalues(); $transno = Database::gettransno(9999); $globals = array("CashierNo" => 9999, "Cashier" => "Training Mode", "TransNo" => $transno, "LoggedIn" => 1); Database::setglobalvalues($globals); CoreState::cashierLogin($transno, 0); } else { return False; } } else { // longer query but simpler. since someone is logged in already, // only accept password from that person OR someone with a high // frontendsecurity setting $query_a = ' SELECT emp_no, FirstName, LastName, ' . $db_g->yeardiff($db_g->now(), 'birthdate') . ' AS age FROM employees WHERE EmpActive = 1 AND (frontendsecurity >= 30 OR emp_no = ?) AND (CashierPassword = ? OR AdminPassword = ?)'; $args = array($row_g['CashierNo'], $password, $password); $prep_a = $db_g->prepare($query_a); $result_a = $db_g->execute($prep_a, $args); $num_rows_a = $db_g->num_rows($result_a); if ($num_rows_a > 0) { Database::loadglobalvalues(); $row = $db_g->fetch_row($result_a); CoreState::cashierLogin(False, $row['age']); } elseif ($row_g["CashierNo"] == "9999" && $password == "9999") { Database::loadglobalvalues(); CoreState::cashierLogin(False, 0); } else { return false; } } return true; }
public function testCoreState() { // normal session init attempts to recover state // transaction info - e.g., after a browser crash // or reboot. Clear the table so that doesn't // happen $db = Database::tDataConnect(); $db->query('TRUNCATE TABLE localtemptrans'); /** This will trigger any syntax or run-time errors Testing all the invidual values of session might be worthwhile is anyone wants to write all those tests out. They're mostly static values so the test would only catch changes to the defaults. */ CoreState::initiate_session(); $str = CoreState::getCustomerPref('asdf'); $this->assertInternalType('string', $str); $this->assertEquals('', $str); // non-numeric age converts to zero CoreState::cashierLogin(false, 'z'); $this->assertEquals(0, CoreLocal::get('cashierAge')); }