public function create(RESTRequest $request)
 {
     $data = $request->getData();
     if (empty($data)) {
         throw new RESTCommandException('HTTP POST data is empty');
     }
     $allowed_to_update_fields = array_fill_keys(array('login', 'password', 'full_name', 'phone', 'account_number', 'tariff_plan', 'status', 'stb_mac', 'comment', 'end_date', 'account_balance'), true);
     $account = array_intersect_key($data, $allowed_to_update_fields);
     if (empty($account)) {
         throw new RESTCommandException('Insert data is empty');
     }
     if (!empty($account['stb_mac'])) {
         $mac = Middleware::normalizeMac($account['stb_mac']);
         if (!$mac) {
             throw new RESTCommandException('Not valid mac address');
         }
         $account['stb_mac'] = $mac;
     }
     if (empty($account['login'])) {
         throw new RESTCommandException('Login required');
     }
     $user = User::getByLogin($account['login']);
     if (!empty($user)) {
         throw new RESTCommandException('Login already in use');
     }
     if (!empty($account['stb_mac'])) {
         $user = User::getByMac($account['stb_mac']);
         if (!empty($user)) {
             throw new RESTCommandException('MAC address already in use');
         }
     }
     return (bool) User::createAccount($account);
 }
示例#2
0
    //$_POST[$key] = trim($value);
}
$error = '';
$action_name = 'add';
$action_value = _('Add');
$tariff_plans = Mysql::getInstance()->select('id, name')->from('tariff_plan')->orderby('name')->get()->all();
if (!empty($_POST)) {
    if (!empty($_POST['login']) && !empty($_POST['password'])) {
        $user = \User::getByLogin($_POST['login']);
        if (!empty($_POST['stb_mac'])) {
            $mac = Middleware::normalizeMac($_POST['stb_mac']);
            $_POST['stb_mac'] = $mac;
            if (!$mac) {
                $error = _('Error: Not valid mac address');
            } else {
                $user_by_mac = \User::getByMac($mac);
                if (!empty($user_by_mac)) {
                    $error = _('Error: STB with such MAC address already exists');
                }
            }
        }
        if ($error) {
        } else {
            if (!empty($user)) {
                $error = _('Error: Login already in use');
            } else {
                Admin::checkAccess(AdminAccess::ACCESS_CREATE);
                $user_id = \User::createAccount($_POST);
                if ($user_id) {
                    header("Location: profile.php?id=" . $user_id);
                    exit;
 public function checkUserAuth($username, $password, $mac = null, $serial_number = null, OAuthRequest $request)
 {
     sleep(1);
     // anti brute-force delay
     $user = null;
     if ($username) {
         $user = \User::getByLogin($username);
     } elseif (!$password && $mac) {
         if ($serial_number) {
             $_REQUEST['serial_number'] = $serial_number;
         }
         if ($request->getVersion()) {
             $_REQUEST['version'] = $request->getVersion();
         }
         if ($request->getDeviceId2()) {
             $_REQUEST['device_id2'] = $request->getDeviceId2();
             $_REQUEST['signature'] = $request->getSignature();
         }
         // init user as STB
         \Stb::getInstance()->getProfile();
         $user = \User::getByMac(\Stb::getInstance()->mac);
     }
     if (!$user) {
         $user = \User::authorizeFromOss($username, $password, $mac);
     }
     if (!$user) {
         return false;
     }
     $possible_user = $user->getProfile();
     if (strlen($possible_user['password']) == 32 && md5(md5($password) . $possible_user['id']) == $possible_user['password'] || strlen($possible_user['password']) < 32 && $password == $possible_user['password']) {
         if (\Config::getSafe('oauth_force_mac_check', false) && \Config::getSafe('oauth_force_serial_number_check', false)) {
             if ($mac == $possible_user['mac'] && ($serial_number == $possible_user['serial_number'] || $possible_user['serial_number'] == '')) {
                 $verified_user = $possible_user;
             }
         } else {
             if (\Config::getSafe('oauth_force_mac_check', false)) {
                 if ($mac == $possible_user['mac']) {
                     $verified_user = $possible_user;
                 }
             } else {
                 if (\Config::getSafe('oauth_force_serial_number_check', false)) {
                     if ($serial_number == $possible_user['serial_number'] || $possible_user['serial_number'] == '') {
                         $verified_user = $possible_user;
                     }
                 } else {
                     $verified_user = $possible_user;
                 }
             }
         }
     }
     if (!empty($verified_user)) {
         $user->setSerialNumber($serial_number);
         $user->updateUserInfoFromOSS();
         if (\Config::getSafe('bind_stb_auth_and_oauth', true)) {
             // invalidate stb access_token
             $user->resetAccessToken();
         }
     }
     $user->updateIp();
     return !empty($verified_user);
 }
示例#4
0
 public function getTvAspects()
 {
     $user = User::getByMac($this->mac);
     return $user->getTvChannelsAspect();
 }
 private function getUserByParams($params)
 {
     $params = (array) $params;
     if (!empty($params['stb_mac'])) {
         $user = \User::getByMac($params['stb_mac']);
     } elseif (!empty($params['login'])) {
         $user = \User::getByLogin($params['login']);
     }
     if (empty($user)) {
         throw new SoapAccountNotFound(__METHOD__, __FILE__ . ':' . __LINE__);
     }
     return $user;
 }