public function authenticate() { if (empty($this->password)) { return false; } $db = new PHPWS_DB('user_authorization'); if (!Current_User::allowUsername($this->user->username)) { return false; } $password_hash = md5($this->user->username . $this->password); $db->addColumn('username'); $db->addWhere('username', strtolower($this->user->username)); $db->addWhere('password', $password_hash); $result = $db->select('one'); return !PHPWS_Error::logIfError($result) && (bool) $result; }
public function postStaff() { @($staff_id = (int) $_POST['staff_id']); if (!empty($staff_id)) { $this->loadStaff($staff_id); } else { @($user_name = $_POST['username']); if (empty($user_name) || !Current_User::allowUsername($user_name)) { $this->message = dgettext('checkin', 'Please try another user name'); return false; } // Test user name, make sure exists $db = new PHPWS_DB('checkin_staff'); $db->addWhere('user_id', 'users.id'); $db->addWhere('users.username', $user_name); $db->addColumn('id'); $result = $db->select('one'); if (PHPWS_Error::logIfError($result)) { $this->message = dgettext('checkin', 'Problem saving user.'); return false; } elseif ($result) { $this->message = dgettext('checkin', 'User already is staff member.'); return false; } // user is allowed and new, get user_id to create staff $db = new PHPWS_DB('users'); $db->addWhere('username', $user_name); $db->addColumn('id'); $user_id = $db->select('one'); if (PHPWS_Error::logIfError($result)) { $this->message = dgettext('checkin', 'Problem saving user.'); return false; } if (!$user_id) { $this->message = dgettext('checkin', 'Could not locate anyone with this user name.'); return false; } $this->loadStaff(); $this->staff->user_id = $user_id; } // Blank filter to begin with $filter = 0x0; // Update last name filter if ($_POST['last_name'] == 'yes') { $filter = $filter | LAST_NAME_BITMASK; if (!empty($_POST['last_name_filter'])) { $this->staff->filter_type = $filter; // parseFilter() checks filter_type, so it needs to be updated early $this->staff->parseFilter($_POST['last_name_filter']); } else { $this->message[] = dgettext('checkin', 'Please enter a last name filter.'); } } else { $this->staff->lname_filter = null; $this->staff->lname_regexp = null; } // Update reason filter if ($_POST['reason'] == 'yes') { $filter = $filter | REASON_BITMASK; if (!empty($_POST['reason_filter'])) { $this->staff->_reasons = $_POST['reason_filter']; } else { $this->message[] = dgettext('checkin', 'Please pick one or more reasons.'); } } // Update gender filter if ($_POST['gender'] == 'yes') { $filter = $filter | GENDER_BITMASK; if (isset($_POST['gender_filter'])) { $this->staff->gender_filter = $_POST['gender_filter']; } else { $this->message[] = dgettext('checkin', 'Please choose a gender filter.'); } } else { $this->staff->gender_filter = null; } // Update birthdate filter if ($_POST['birthdate'] == 'yes') { $filter = $filter | BIRTHDATE_BITMASK; if (!empty($_POST['start_date']) && !empty($_POST['end_date'])) { $this->staff->birthdate_filter_start = strtotime($_POST['start_date']); $this->staff->birthdate_filter_end = strtotime($_POST['end_date']); } else { $this->message[] = dgettext('checkin', 'Please enter a start and end date.'); } } else { $this->staff->birthdate_filter_start = null; $this->staff->birthdate_filter_end = null; } // Update filter_type $this->staff->filter_type = $filter; return empty($this->message) ? true : false; }
public function setUsername($username) { $username = strtolower($username); if (empty($username) || !Current_User::allowUsername($username)) { return PHPWS_Error::get(USER_ERR_BAD_USERNAME, 'users', 'setUsername', $username); } if (strlen($username) < USERNAME_LENGTH) { return PHPWS_Error::get(USER_ERR_BAD_USERNAME, 'users', 'setUsername', $username); } if ($this->isDuplicateUsername($username, $this->id) || $this->isDuplicateDisplayName($username, $this->id)) { return PHPWS_Error::get(USER_ERR_DUP_USERNAME, 'users', 'setUsername', $username); } if ($this->isDuplicateGroup($username, $this->id)) { return PHPWS_Error::get(USER_ERR_DUP_GROUPNAME, 'users', 'setUsername', $username); } $this->username = $username; return true; }
/** * Logs in a user dependant on their authorization setting */ public static function loginUser($username, $password = null) { if (!Current_User::allowUsername($username)) { return PHPWS_Error::get(USER_BAD_CHARACTERS, 'users', 'Current_User::loginUser'); } // First check if they are currently a user $user = new PHPWS_User(); $db = new PHPWS_DB('users'); $db->addWhere('username', strtolower($username)); $result = $db->loadObject($user); if (PHPWS_Error::isError($result)) { return $result; } if ($result == false) { if (PHPWS_Error::logIfError($user->setUsername($username))) { return false; } } else { // This user is in the local database if (!$user->approved) { return PHPWS_Error::get(USER_NOT_APPROVED, 'users', 'Current_User::loginUser'); } if (!$user->loadScript()) { Layout::add(dgettext('users', 'Could not load authentication script. Please contact site administrator.')); return false; } } if (!Current_User::loadAuthorization($user)) { Layout::add(dgettext('users', 'Could not load authentication script. Please contact site administrator.')); return false; } $auth = Current_User::getAuthorization(); $auth->setPassword($password); $result = $auth->authenticate(); if (PHPWS_Error::isError($result)) { return $result; } if ($result == true) { // If the user id is zero and the authorization wants a new // user created if (!$user->id && $auth->create_new_user) { $user->setActive(true); $user->setApproved(true); $auth->createUser(); $user->save(); PHPWS_Core::initModClass('users', 'Action.php'); User_Action::assignDefaultGroup($user); } if (!$user->active) { return PHPWS_Error::get(USER_DEACTIVATED, 'users', 'Current_User:loginUser', $user->username); } if ($auth->localUser()) { $user->login(); } unset($_SESSION['User']); $_SESSION['User'] = $user; return true; } else { return false; } }