/**
* A callback function which checks the validity of passwords on the form.
* It checks to ensure that the right user is logging in with the right
* password.
*
* @param $data
* @param $form
* @param $callback_pass
* @return unknown_type
*/
public static function callback($data, $form, $callback_pass = null)
{
$user = Model::load(".users");
$userData = $user->get(array("conditions" => "user_name='{$data["username"]}'"), Model::MODE_ASSOC, false, false);
if (count($userData) == 0) {
$form->addError("Please check your username or password");
return true;
} else {
if ($userData[0]["role_id"] == null) {
$form->addError("Sorry! your account has no role attached!");
return true;
} else {
if (User::getPermission("can_log_in_to_web", $userData[0]["role_id"])) {
$home = Application::getLink("/");
/* Verify the password of the user or check if the user is logging in
* for the first time.
*/
if ($userData[0]["password"] == md5($data["password"]) || $userData[0]["user_status"] == 2) {
switch ($userData[0]["user_status"]) {
case "0":
$form->addError("Your account is currently inactive" . "please contact the system administrator.");
return true;
break;
case "1":
$_SESSION["logged_in"] = true;
$_SESSION["user_id"] = $userData[0]["user_id"];
$_SESSION["user_name"] = $userData[0]["user_name"];
$_SESSION["user_firstname"] = $userData[0]["first_name"];
$_SESSION["user_lastname"] = $userData[0]["last_name"];
$_SESSION["read_only"] = $userData[0]['read_only'];
$_SESSION["role_id"] = $userData[0]["role_id"];
$_SESSION['branch_id'] = $userData[0]['branch_id'];
$_SESSION["department_id"] = $userData[0]['department_id'];
Sessions::bindUser($userData[0]['user_id']);
User::log("Logged in");
Application::redirect($home);
break;
case "2":
$_SESSION["logged_in"] = true;
$_SESSION["user_id"] = $userData[0]["user_id"];
$_SESSION["user_name"] = $userData[0]["user_name"];
$_SESSION["role_id"] = $userData[0]["role_id"];
$_SESSION["department_id"] = $userData[0]['department_id'];
$_SESSION["user_firstname"] = $userData[0]["first_name"];
$_SESSION["user_lastname"] = $userData[0]["last_name"];
$_SESSION['branch_id'] = $userData[0]['branch_id'];
$_SESSION["user_mode"] = "2";
Sessions::bindUser($userData[0]['user_id']);
User::log("Logged in for first time");
Application::redirect($home);
break;
}
} else {
$form->addError("Please check your username or password");
return true;
}
} else {
$form->addError("You are not allowed to log in from this terminal");
return true;
}
}
}
}
public function auth()
{
$user = Model::load("system.users");
$userData = $user->get(array("filter" => "user_name = ?", "bind" => [$_REQUEST['username']]));
/* Verify the password of the user or check if the user is logging in
* for the first time.
*/
if ($userData[0]["password"] == md5($_REQUEST["password"]) || $userData[0]["user_status"] == 2) {
switch ($userData[0]["user_status"]) {
case "0":
http_response_code(403);
$this->error('This account has been disabled');
break;
case "2":
http_response_code(403);
$this->error('Please login through the web ui to setup your account');
break;
case "1":
http_response_code(200);
$_SESSION["logged_in"] = true;
$_SESSION["user_id"] = $userData[0]["user_id"];
$_SESSION["user_name"] = $userData[0]["user_name"];
$_SESSION["user_firstname"] = $userData[0]["first_name"];
$_SESSION["user_lastname"] = $userData[0]["last_name"];
$_SESSION["role_id"] = $userData[0]["role_id"];
$_SESSION['branch_id'] = $userData[0]['branch_id'];
Sessions::bindUser($userData[0]['user_id']);
User::log("Logged in through API");
$this->output(array('session_id' => session_id()));
break;
}
} else {
http_response_code(403);
$this->error('Invalid username or password');
}
}
private static function redirectToChangePassword($data)
{
$_SESSION["logged_in"] = true;
$_SESSION["user_id"] = $data[0]["user_id"];
$_SESSION["user_name"] = $data[0]["user_name"];
$_SESSION["role_id"] = $data[0]["role_id"];
$_SESSION["department_id"] = $data[0]['department_id'];
$_SESSION["user_firstname"] = $data[0]["first_name"];
$_SESSION["user_lastname"] = $data[0]["last_name"];
$_SESSION['branch_id'] = $data[0]['branch_id'];
$_SESSION["user_mode"] = "2";
$_SESSION["user_status"] = $data[0]['user_status'];
//this is added to pass the user status as wyf hard codes the "2" to redirect
Sessions::bindUser($data[0]['user_id']);
User::log("Logged in for first time");
Application::redirect(self::getHomeRedirect());
}
public function login()
{
if (preg_match("/(0100)(?<user_id>[0-9]*)/", $_REQUEST["username"], $matches) > 0) {
$conditions = "user_id='{$matches['user_id']}'";
} else {
$conditions = "user_name='{$_REQUEST['username']}'";
}
$user = Model::load("system.users");
$userData = $user->get(array("fields" => null, "conditions" => $conditions), Model::MODE_ASSOC, false, false);
/* Verify the password of the user or check if the user is logging in
* for the first time.
*/
if ($userData[0]["password"] == md5($_REQUEST["password"]) || $userData[0]["user_status"] == 2) {
switch ($userData[0]["user_status"]) {
case "0":
$return = array("success" => false, "status" => 101, "message" => "Account is inactive please contact system administrator");
break;
case "1":
$return = array("success" => true, "status" => 100, "message" => "Logged in.", 'user_id' => $userData[0]['user_id'], "session_id" => session_id());
$_SESSION["logged_in"] = true;
$_SESSION["user_id"] = $userData[0]["user_id"];
$_SESSION["user_name"] = $userData[0]["user_name"];
$_SESSION["user_firstname"] = $userData[0]["first_name"];
$_SESSION["user_lastname"] = $userData[0]["last_name"];
$_SESSION["role_id"] = $userData[0]["role_id"];
$_SESSION['branch_id'] = $userData[0]['branch_id'];
Sessions::bindUser($userData[0]['user_id']);
User::log("Logged in through API");
break;
case "2":
$return = array("success" => false, "status" => 102, "message" => "New account. Please log in through the web interface to setup password.");
break;
}
} else {
$return = array("success" => false, "status" => 101, "message" => "Invalid username or password");
}
return $this->format($return);
}
