public function authenticate()
{
if (empty($this->password)) {
return false;
}
$db = new PHPWS_DB('user_authorization');
if (!Current_User::allowUsername($this->user->username)) {
return false;
}
$password_hash = md5($this->user->username . $this->password);
$db->addColumn('username');
$db->addWhere('username', strtolower($this->user->username));
$db->addWhere('password', $password_hash);
$result = $db->select('one');
return !PHPWS_Error::logIfError($result) && (bool) $result;
}
public function postStaff()
{
@($staff_id = (int) $_POST['staff_id']);
if (!empty($staff_id)) {
$this->loadStaff($staff_id);
} else {
@($user_name = $_POST['username']);
if (empty($user_name) || !Current_User::allowUsername($user_name)) {
$this->message = dgettext('checkin', 'Please try another user name');
return false;
}
// Test user name, make sure exists
$db = new PHPWS_DB('checkin_staff');
$db->addWhere('user_id', 'users.id');
$db->addWhere('users.username', $user_name);
$db->addColumn('id');
$result = $db->select('one');
if (PHPWS_Error::logIfError($result)) {
$this->message = dgettext('checkin', 'Problem saving user.');
return false;
} elseif ($result) {
$this->message = dgettext('checkin', 'User already is staff member.');
return false;
}
// user is allowed and new, get user_id to create staff
$db = new PHPWS_DB('users');
$db->addWhere('username', $user_name);
$db->addColumn('id');
$user_id = $db->select('one');
if (PHPWS_Error::logIfError($result)) {
$this->message = dgettext('checkin', 'Problem saving user.');
return false;
}
if (!$user_id) {
$this->message = dgettext('checkin', 'Could not locate anyone with this user name.');
return false;
}
$this->loadStaff();
$this->staff->user_id = $user_id;
}
// Blank filter to begin with
$filter = 0x0;
// Update last name filter
if ($_POST['last_name'] == 'yes') {
$filter = $filter | LAST_NAME_BITMASK;
if (!empty($_POST['last_name_filter'])) {
$this->staff->filter_type = $filter;
// parseFilter() checks filter_type, so it needs to be updated early
$this->staff->parseFilter($_POST['last_name_filter']);
} else {
$this->message[] = dgettext('checkin', 'Please enter a last name filter.');
}
} else {
$this->staff->lname_filter = null;
$this->staff->lname_regexp = null;
}
// Update reason filter
if ($_POST['reason'] == 'yes') {
$filter = $filter | REASON_BITMASK;
if (!empty($_POST['reason_filter'])) {
$this->staff->_reasons = $_POST['reason_filter'];
} else {
$this->message[] = dgettext('checkin', 'Please pick one or more reasons.');
}
}
// Update gender filter
if ($_POST['gender'] == 'yes') {
$filter = $filter | GENDER_BITMASK;
if (isset($_POST['gender_filter'])) {
$this->staff->gender_filter = $_POST['gender_filter'];
} else {
$this->message[] = dgettext('checkin', 'Please choose a gender filter.');
}
} else {
$this->staff->gender_filter = null;
}
// Update birthdate filter
if ($_POST['birthdate'] == 'yes') {
$filter = $filter | BIRTHDATE_BITMASK;
if (!empty($_POST['start_date']) && !empty($_POST['end_date'])) {
$this->staff->birthdate_filter_start = strtotime($_POST['start_date']);
$this->staff->birthdate_filter_end = strtotime($_POST['end_date']);
} else {
$this->message[] = dgettext('checkin', 'Please enter a start and end date.');
}
} else {
$this->staff->birthdate_filter_start = null;
$this->staff->birthdate_filter_end = null;
}
// Update filter_type
$this->staff->filter_type = $filter;
return empty($this->message) ? true : false;
}
public function setUsername($username)
{
$username = strtolower($username);
if (empty($username) || !Current_User::allowUsername($username)) {
return PHPWS_Error::get(USER_ERR_BAD_USERNAME, 'users', 'setUsername', $username);
}
if (strlen($username) < USERNAME_LENGTH) {
return PHPWS_Error::get(USER_ERR_BAD_USERNAME, 'users', 'setUsername', $username);
}
if ($this->isDuplicateUsername($username, $this->id) || $this->isDuplicateDisplayName($username, $this->id)) {
return PHPWS_Error::get(USER_ERR_DUP_USERNAME, 'users', 'setUsername', $username);
}
if ($this->isDuplicateGroup($username, $this->id)) {
return PHPWS_Error::get(USER_ERR_DUP_GROUPNAME, 'users', 'setUsername', $username);
}
$this->username = $username;
return true;
}
/**
* Logs in a user dependant on their authorization setting
*/
public static function loginUser($username, $password = null)
{
if (!Current_User::allowUsername($username)) {
return PHPWS_Error::get(USER_BAD_CHARACTERS, 'users', 'Current_User::loginUser');
}
// First check if they are currently a user
$user = new PHPWS_User();
$db = new PHPWS_DB('users');
$db->addWhere('username', strtolower($username));
$result = $db->loadObject($user);
if (PHPWS_Error::isError($result)) {
return $result;
}
if ($result == false) {
if (PHPWS_Error::logIfError($user->setUsername($username))) {
return false;
}
} else {
// This user is in the local database
if (!$user->approved) {
return PHPWS_Error::get(USER_NOT_APPROVED, 'users', 'Current_User::loginUser');
}
if (!$user->loadScript()) {
Layout::add(dgettext('users', 'Could not load authentication script. Please contact site administrator.'));
return false;
}
}
if (!Current_User::loadAuthorization($user)) {
Layout::add(dgettext('users', 'Could not load authentication script. Please contact site administrator.'));
return false;
}
$auth = Current_User::getAuthorization();
$auth->setPassword($password);
$result = $auth->authenticate();
if (PHPWS_Error::isError($result)) {
return $result;
}
if ($result == true) {
// If the user id is zero and the authorization wants a new
// user created
if (!$user->id && $auth->create_new_user) {
$user->setActive(true);
$user->setApproved(true);
$auth->createUser();
$user->save();
PHPWS_Core::initModClass('users', 'Action.php');
User_Action::assignDefaultGroup($user);
}
if (!$user->active) {
return PHPWS_Error::get(USER_DEACTIVATED, 'users', 'Current_User:loginUser', $user->username);
}
if ($auth->localUser()) {
$user->login();
}
unset($_SESSION['User']);
$_SESSION['User'] = $user;
return true;
} else {
return false;
}
}
