Unauthorized

Auth

...
TODO: login...
Aktywacja konta
_printFormFactoryJS(); ?> _getUsersTableAcl(); $fieldsList = $this->_getRegisterValuesFromArray($_POST); DBG::_(true, true, "tblAcl", $tblAcl, __CLASS__, __FUNCTION__, __LINE__); DBG::_(true, true, "fieldsList", $fieldsList, __CLASS__, __FUNCTION__, __LINE__); $tableHash = 'routeAuthRegister'; ?>
Zarejestruj konto $vCol) : ?> isAllowed($kID, 'C')) : ?>
true, 'tabindex'=>(++$tabindex), 'maxGrid'=>8); echo $tblAcl->showFormItem('C', $kID, "f{$kID}", $vCol['value'], $fieldParams); ?>
_printFormFactoryJS(); ?> _fetchUsersTableAcl(); if (!$_usersTblAcl) throw new Exception("Error No Table ACL!"); return $_usersTblAcl; } public function _fetchUsersTableAcl() { $tableName = 'TEST_PERMS';//'ADMIN_USERS'; $formFields = $this->_getRegisterFormFields(); $overrideLabels = array(); $overrideLabels['ADM_NAME'] = 'Imię i nazwisko'; $overrideLabels['EMAIL'] = "Email"; $overrideLabels['ADM_PASSWD'] = "Hasło"; $idTable = ProcesHelper::getZasobTableID($tableName); if (!$idTable) throw new Exception("Brak id tabeli"); //DBG::_(true, true, "idTable", $idTable, __CLASS__, __FUNCTION__, __LINE__); $userAcl = User::getAcl(); //DBG::_(true, true, "userAcl", $userAcl, __CLASS__, __FUNCTION__, __LINE__); if (!$userAcl->hasTableAcl($idTable)) { // .cnf--auth-{host}.ini.php $conf = Config::getConfFile('auth'); if (!$conf) throw new Exception("Config file for 'auth' not found!"); $isRegisterAllowed = V::get('allow_register', false, $conf); //DBG::_(true, true, "conf (isRegisterAllowed={$isRegisterAllowed})", $conf, __CLASS__, __FUNCTION__, __LINE__); if (!$isRegisterAllowed) throw new Exception("Brak uprawnień do rejestracji"); $zasobTblInfo = ProcesHelper::getZasobTableInfoByUri($tblUri = "default_db/{$tableName}"); if (!$zasobTblInfo) throw new HttpException("Brak zasobu dla tabeli użytkowników", 404); //DBG::_(true, true, "zasobTblInfo", $zasobTblInfo, __CLASS__, __FUNCTION__, __LINE__); { $tableConfig = array(); $tableConfig['ID_TABLE'] = $idTable; $tableConfig['db'] = $zasobTblInfo->P__ID; $tableConfig['name'] = $zasobTblInfo->DESC; $tableConfig['label'] = $zasobTblInfo->DESC_PL; $tableConfig['opis'] = $zasobTblInfo->OPIS; //DBG::_(true, true, "formFields", $formFields, __CLASS__, __FUNCTION__, __LINE__); //DBG::_(true, true, "tableConfig", $tableConfig, __CLASS__, __FUNCTION__, __LINE__); } { $fieldsConfig = array(); $fldsInfo = ProcesHelper::getZasobTableFieldsInfo($idTable); //DBG::_(true, true, "fldsInfo", $fldsInfo, __CLASS__, __FUNCTION__, __LINE__); foreach ($fldsInfo as $fldInfo) { if (!in_array($fldInfo->DESC, $formFields)) continue; $fldConf = array(); $fldConf['ID_CELL'] = $fldInfo->ID; $fldConf['CELL_NAME'] = $fldInfo->DESC; $fldConf['CELL_DESC'] = (array_key_exists($fldInfo->DESC, $overrideLabels))? $overrideLabels[$fldInfo->DESC] : $fldInfo->OPIS; $fldConf['CELL_LABEL'] = (array_key_exists($fldInfo->DESC, $overrideLabels))? $overrideLabels[$fldInfo->DESC] : $fldInfo->DESC_PL; $fldConf['SORT_PRIO'] = $fldInfo->SORT_PRIO; if ('ADM_PASSWD' == $fldInfo->DESC) { $fldConf['FORM_TREAT'] = 'WXC'; } else { $fldConf['FORM_TREAT'] = 'RWXC'; } $fieldsConfig[$fldInfo->ID] = $fldConf; } //DBG::_(true, true, "fieldsConfig", $fieldsConfig, __CLASS__, __FUNCTION__, __LINE__); } {// TODO: init and save in session default perms //DBG::_(true, true, "ses tbl cache[{$idTable}]", $_SESSION['TableAcl_cache'][$idTable], __CLASS__, __FUNCTION__, __LINE__); $tblAcl = TableAcl::buildInstance($idTable, $tableConfig); $tblAcl->initFieldsFromConfig($fieldsConfig); $tblAcl->save(); //DBG::_(true, true, "ses tbl cache[{$idTable}]", $_SESSION['TableAcl_cache'][$idTable], __CLASS__, __FUNCTION__, __LINE__); } //throw new Exception("Brak uprawnień do tabeli ID={$idTable}"); } //DBG::_(true, true, "_SESSION['UserAcl_cache']['foundTables']", $_SESSION['UserAcl_cache']['foundTables'], __CLASS__, __FUNCTION__, __LINE__); //$tblAcl = $userAcl->getTableAcl($idTable); if (!$tblAcl) throw new Exception("Brak tabeli"); $tblAcl->init(); //DBG::_(true, true, "tblAcl", $tblAcl, __CLASS__, __FUNCTION__, __LINE__); return $tblAcl; } public function _getRegisterValuesFromArray($args = array()) { $fieldsList = array(); $tblAcl = $this->_getUsersTableAcl(); $formFields = $this->_getRegisterFormFields(); $fieldsListAll = $tblAcl->getFields(); foreach ($formFields as $vColName) { $vColID = $tblAcl->getFieldIdByName($vColName); if (!isset($fieldsListAll[$vColID])) { throw new Exception("Brak uprawnień do pola '{$vColName}'"); } $fieldsList[$vColID] = $fieldsListAll[$vColID]; $value = ''; $value = V::get("f{$vColID}", $value, $args); $fieldsList[$vColID]['value'] = $value; } return $fieldsList; } public function registerAction() { $args = $_POST; $resData = new stdClass(); $resData->_args = $args;// TODO: DBG $resData->type = 'error'; $resData->msg = 'Error'; header('Content-type: application/json; charset="utf-8"'); try { $itemData = array(); $tblAcl = $this->_getUsersTableAcl(); $fieldsList = $this->_getRegisterValuesFromArray($args); $ds = $tblAcl->getDataSource(); foreach ($fieldsList as $idFld => $fldData) { $itemData[$fldData['name']] = $fldData['value']; } if (!filter_var($itemData['EMAIL'], FILTER_VALIDATE_EMAIL)) { throw new Exception("Proszę podać poprawny adres email"); } $itemData['EMPLOYEE_TYPE'] = 'Anonymous'; $itemData['A_STATUS'] = 'WAITING';// TODO: konto oczekuje aktywacji? z config //$itemData['ADM_ADMIN_LEVEL'] = '6'; $itemData['A_AUTH_TOKEN'] = md5("ADMIN_USERS.auth_token." . time()); $itemData['A_AUTH_TOKEN_VALID'] = date("Y-m-d H:i:s", mktime(6 + date('H'), date('i'), date('s'), date("m"), date("d"), date("Y"))); $resData->userName = User::getName(); $resData->id = $ds->addItem($itemData); { $resData->_fieldsList = $fieldsList;// TODO: DBG $resData->_tblAcl = $tblAcl;// TODO: DBG $resData->_itemData = $itemData;// TODO: DBG } if ($resData->id > 0) { $resData->type = 'success'; $resData->msg = "Pomyślnie utworzono konto w systemie"; // TODO: konto oczekuje aktywacji? z config } } catch (Exception $e) { $resData->type = 'error'; $resData->msg = $e->getMessage(); } echo json_encode($resData); } public function activateAction() { $args = $_REQUEST; $resData = new stdClass(); $resData->_args = $args;// TODO: DBG $resData->type = 'error'; $resData->msg = 'Error'; header('Content-type: application/json; charset="utf-8"'); try { $token = V::get('activateHash', '', $args); // e3360132c963ae5b21ff6de77bcbbed6 if (32 != strlen($token)) throw new Exception("Wrong token"); if (!preg_match('/^[a-fA-F0-9]+$/', $token)) throw new Exception("Wrong token"); $tblAcl = $this->_getUsersTableAcl(); $ds = $tblAcl->getDataSource(); $tblName = $tblAcl->getName(); $dbs = DB::getDataSource(); $sqlToken = $dbs->_($token); $sql = " select t.`ID` from `{$tblName}` t where t.`A_AUTH_TOKEN`='{$sqlToken}' and t.`A_AUTH_TOKEN_VALID` is not null and t.`A_AUTH_TOKEN_VALID` > NOW() and t.`A_STATUS`='WAITING' "; //DBG::_(true, true, "sql", $sql, __CLASS__, __FUNCTION__, __LINE__); $items = $dbs->getListByQuery($sql); if (0 == count($items)) throw new Exception("Kod nieaktywny"); $idUser = V::get('ID', 0, reset($items), 'int'); if ($idUser <= 0) throw new Exception("Kod nieaktywny"); //DBG::_(true, true, "items", $items, __CLASS__, __FUNCTION__, __LINE__); $itemData = array(); $itemData['ID'] = $idUser; $itemData['A_STATUS'] = 'NORMAL'; $itemData['A_AUTH_TOKEN_VALID'] = 'NULL'; $ds->updateItem($itemData); { $resData->_fieldsList = $fieldsList;// TODO: DBG $resData->_tblAcl = $tblAcl;// TODO: DBG $resData->_itemData = $itemData;// TODO: DBG } $resData->type = 'success'; $resData->msg = "Pomyślnie aktywowano konto w systemie"; } catch (Exception $e) { $resData->type = 'error'; $resData->msg = $e->getMessage(); $resData->errorCode = $e->getLine(); } echo json_encode($resData); } }