_user = User::getCurrentUserObject(); } else { $login = V::get('PHP_AUTH_USER', '', $_SERVER); $pass = V::get('PHP_AUTH_PW', '', $_SERVER); if (!$login) { $this->exitUnauthorized(); } try { $ldap = LDAP::getInstance(); if ($ldap != null && $ldap->isConnected()) { $this->_user = User::loginByLDAP($login, $pass); } else { $this->_user = User::loginByDB($login, $pass); } } catch (Exception $e) { $this->exitUnauthorized(); } if (!$this->_user) { $this->exitUnauthorized(); } $this->_saveToSession(); } } private function _saveToSession() { $_SESSION['ADM_ID'] = $this->_user->ID; $_SESSION['AUTHORIZE_USER'] = $this->_user->ADM_ACCOUNT; $_SESSION['ADM_ACCOUNT'] = $this->_user->ADM_ACCOUNT; //$_SESSION['ADM_AREA'] = $this->_user->ADM_AREA; $_SESSION['ADM_NAME'] = $this->_user->ADM_NAME; $_SESSION['ADM_TECH_WORKER'] = $this->_user->ADM_TECH_WORKER; $_SESSION['ADM_COMPANY'] = $this->_user->ADM_COMPANY; $_SESSION['ADM_ADMIN_LEVEL'] = $this->_user->ADM_ADMIN_LEVEL; $_SESSION['ADM_PHONE'] = $this->_user->ADM_PHONE; $_SESSION['ADM_ADMIN_EXPIRE'] = $this->_user->ADM_ADMIN_EXPIRE; $_SESSION['ADM_ADMIN_DESC'] = $this->_user->ADM_ADMIN_DESC; $_SESSION['EMPLOYEE_TYPE'] = $this->_user->EMPLOYEE_TYPE; // save user pass in encrypted form //Lib::loadClass('Crypt'); //$_SESSION['ADM_PASS_HASH'] = Crypt::encrypt($pass); //$_SESSION['EMAIL_IMAP_IMPORT_PASSWD_HASH'] = Crypt::encrypt($this->_user->EMAIL_IMAP_IMPORT_PASSWD); //$_SESSION['EMAIL_IMAP_IMPORT_HOST'] = $this->_user->EMAIL_IMAP_IMPORT_HOST; //$_SESSION['EMAIL_IMAP_IMPORT_USERNAME'] = $this->_user->EMAIL_IMAP_IMPORT_USERNAME; } public function logout() { header('WWW-Authenticate: Basic realm="API"'); header('HTTP/1.0 401 Unauthorized'); $apiUrl = "https://{$_SERVER['HTTP_HOST']}{$_SERVER['SCRIPT_NAME']}"; // $_SERVER[HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 $httpAccept = V::get('HTTP_ACCEPT', '', $_SERVER); if (false !== strpos($httpAccept, 'text/html')) { ?> Unauthorized - Go to _user->ADM_ADMIN_LEVEL) && in_array($this->_user->ADM_ADMIN_LEVEL, array(0, 1))) { return true; } return false; } public function getID() { return $this->_user->ID; } }