fetchFirstNoLog($sql)) {
$_SESSION['ADM_ID'] = $userInfo['ADM_ID'];
$_SESSION['ADM_INICJALY_HANDLOWCA'] = $userInfo['ADM_INICJALY_HANDLOWCA'];
$_SESSION['EMPLOYEE_TYPE'] = $userInfo['EMPLOYEE_TYPE'];
$_SESSION['DEFAULT_ACL_GROUP'] = $userInfo['DEFAULT_ACL_GROUP'];
return $userInfo;
}
return [];
}
public static function logged() {
return (!empty($_SESSION['AUTHORIZE_USER']))? true : false;
}
public static function get( $key ) {
return V::get($key, '', $_SESSION);
}
public static function getGroups() {
$groups = User::_fetchGroups();
return $groups;
}
public static function getGroupsIds() {
$groups = User::_fetchGroups();
return array_keys($groups);
}
public static function _fetchGroups() {
static $_groups;
if (!$_groups) {
$user_id = User::getID();
Lib::loadClass('UsersHelper');
$_groups = UsersHelper::getGroupByUser($user_id);
}
return $_groups;
}
public static function loadProfile($force = false) {
return UserProfile::load($force);
}
public static function saveProfile() {
return UserProfile::save();
}
public static function getProfile($key) {
return UserProfile::get($key);
}
public static function setProfile($key, $val) {
UserProfile::set($key, $val);
}
public static function getProfileColumn($column_name, $key) { // TODO: use only in Column.php (only by procesy5.php)
return UserProfile::getColumn($column_name, $key);
}
public static function isAdmin() {
if (in_array(self::get('ADM_ADMIN_LEVEL'), array(0, 1))) {
return true;
}
return false;
}
public static function getRawData() {
$ret = array();
if (self::logged()) {
$ret['id'] = self::getID();
$ret['login'] = self::getName();
$ret['name'] = self::get('ADM_NAME');
$ret['admin_level'] = self::get('ADM_ADMIN_LEVEL');
$ret['opis'] = self::get('ADM_ADMIN_DESC');
}
return $ret;
}
public static function getCurrentUserObject() {
$user = new stdClass();
if (self::logged()) {
$user->ID = $_SESSION['ADM_ID'];
$user->ADM_ACCOUNT = $_SESSION['AUTHORIZE_USER'];
$user->ADM_ACCOUNT = $_SESSION['ADM_ACCOUNT'];
$user->ADM_NAME = $_SESSION['ADM_NAME'];
$user->ADM_TECH_WORKER = $_SESSION['ADM_TECH_WORKER'];
$user->ADM_COMPANY = $_SESSION['ADM_COMPANY'];
$user->ADM_ADMIN_LEVEL = $_SESSION['ADM_ADMIN_LEVEL'];
$user->ADM_PHONE = $_SESSION['ADM_PHONE'];
$user->ADM_ADMIN_EXPIRE = $_SESSION['ADM_ADMIN_EXPIRE'];
$user->ADM_ADMIN_DESC = $_SESSION['ADM_ADMIN_DESC'];
$user->EMPLOYEE_TYPE = $_SESSION['EMPLOYEE_TYPE'];
}
return $user;
}
public static function getAcl($acl = null) {
static $_acl;
if ($_acl) return $_acl;
if (null !== $acl) {// force set acl
$_acl = $acl;
return $_acl;
}
Lib::loadClass('UserAcl');
$_acl = new UserAcl(self::getID(), $use_cache = true);
$_acl->fetchGroups();
return $_acl;
}
public static function reloadAcl() {
IF('123'==V::get('DBG_ACL','',$_GET)){echo'SESSION KEYS (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): [';echo implode(',', array_keys($_SESSION));echo']';}
/*
* [3] => USER_PROFILE
* [29] => CRM_PROCES_USERA_WYKONANE_TESTY-4517
* [30] => TableAjax_Cache
*/
IF('123'==V::get('DBG_ACL','',$_GET)){echo'CONFIG (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($_SESSION['CONFIG']);echo'';}
IF('123'==V::get('DBG_ACL','',$_GET)){echo'TableAjax_Cache (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($_SESSION['TableAjax_Cache']);echo'';}
unset($_SESSION['TableAcl_cache']);
unset($_SESSION['Typespecial_Cache']);
unset($_SESSION['ADM_INICJALY_HANDLOWCA']);
unset($_SESSION['EMPLOYEE_TYPE']);
unset($_SESSION['DEFAULT_ACL_GROUP']);
IF('123'==V::get('DBG_ACL','',$_GET)){echo'SESSION KEYS (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): [';echo implode(',', array_keys($_SESSION));echo']';}
$testySesKey = 'CRM_PROCES_USERA_WYKONANE_TESTY-' . User::getID();
if (isset($_SESSION[$testySesKey])) unset($_SESSION[$testySesKey]);
$userAcl = User::getAcl();
$userAcl->fetchAllPerms(true);
}
public static function auth() {
$route = V::get('_route', '', $_REQUEST);
if (!empty($route)) {
Router::handleAuth($route);
} else {
self::authByRequest();
}
if (User::logged() && !V::get('ADM_ACL_LOADED', false, $_SESSION)) {
$userAcl = User::getAcl();
$userAcl->fetchAllPerms();
$_SESSION['ADM_ACL_LOADED'] = true;
}
if (User::logged() && User::isAdmin()) {
if (V::get('DBG_ON', '', $_REQUEST)) {
DBG::activate();
}
}
if (V::get('DBG_OFF', '', $_REQUEST)) {
DBG::deactivate();
}
}
public static function authByRequest() {
$task = V::get('LOGIN', '', $_REQUEST);
$data = array();
$data['errors'] = array();
Lib::loadClass('Config');
$data['ALLOW_GUEST_ACCOUNT'] = (int)Config::get('ALLOW_GUEST_ACCOUNT');
switch ($task) {
case 'LOGIN':
if (!User::logged()) {
$req_ADM_ACCOUNT = (isset($_REQUEST['ADM_ACCOUNT']))? $_REQUEST['ADM_ACCOUNT'] : '';
$req_ADM_PASSWD = (isset($_REQUEST['ADM_PASSWD']))? $_REQUEST['ADM_PASSWD'] : '';
if (empty($req_ADM_ACCOUNT) || empty($req_ADM_PASSWD)) {
$data['errors'][] = "Proszę podać poprawny login i hasło!";
} else {
try {
User::login($req_ADM_ACCOUNT, $req_ADM_PASSWD);
} catch (Exception $e) {
$data['errors'][] = $e->getMessage();
session_destroy();
unset($_SESSION['AUTHORIZE_USER']);
unset($_SESSION['ADM_ACCOUNT']);
Router::getRoute('Users')->logoutView($data);
exit;
}
}
}
break;
case 'LOGOUT':
if (User::logged()) {
$_SESSION = array();
session_destroy();// Remove the server-side session information.
session_write_close();
session_start();
session_regenerate_id(true);
Router::getRoute('Users')->logoutView($data);
exit;
}
break;
case 'PERMS_RELOAD':
if (User::logged()) {
try {
$dbgExecTime = new DebugExecutionTime();
$dbgExecTime->activate();
$dbgExecTime->log('start');
$routeFixCrmProcesInitIdx = Router::getRoute('FixCrmProcesInitIdx');
if ($routeFixCrmProcesInitIdx) {
$routeFixCrmProcesInitIdx->runMethod('callProcedure');
}
$dbgExecTime->log('FixCrmProcesInitIdx::callProcedure');
$fixAllPermsExecTime = $dbgExecTime->getLastExecTime();
User::reloadAcl();
$dbgExecTime->log('User::reloadAcl');
$fixUserPermsExecTime = $dbgExecTime->getLastExecTime();
} catch (Exception $e) {
$data['errors'][] = $e->getMessage();
}
Router::getRoute('Users')->reloadPermsView($data, $fixUserPermsExecTime);
exit;
}
break;
case 'ANONYMOUS_LOGIN':
if (!User::logged()) {
if ($data['ALLOW_GUEST_ACCOUNT'] != 1) {
$data['errors'][] = "Zablokowane logowaniwe na konto gościa!";
}
else {
$anonim = User::getAnonymousAccount();
if (!$anonim) {
$data['errors'][] = "Konto gościa nie istnieje!";
} else {
try {
User::login($anonim->ADM_ACCOUNT, $anonim->ADM_PASSWD);
} catch (Exception $e) {
$data['errors'][] = $e->getMessage();
}
}
}
}
break;
default:
}
if (!User::logged()) {
Router::getRoute('Users')->loginView($data);
exit;
}
}
public static function kandydatLogin($kandydatId, &$errors = array()) {
$user = self::kandydatLoginByDB($kandydatId, $errors);
if ($user) {
$_SESSION['ADM_ID'] = $user->ID;
$_SESSION['AUTHORIZE_USER'] = $user->ADM_ACCOUNT;
$_SESSION['ADM_ACCOUNT'] = $user->ADM_ACCOUNT;
//$_SESSION['ADM_AREA'] = $user->ADM_AREA;
$_SESSION['ADM_NAME'] = $user->ADM_NAME;
$_SESSION['ADM_TECH_WORKER'] = $user->ADM_TECH_WORKER;
$_SESSION['ADM_COMPANY'] = $user->ADM_COMPANY;
$_SESSION['ADM_ADMIN_LEVEL'] = $user->ADM_ADMIN_LEVEL;
$_SESSION['ADM_PHONE'] = $user->ADM_PHONE;
$_SESSION['ADM_ADMIN_EXPIRE'] = $user->ADM_ADMIN_EXPIRE;
$_SESSION['ADM_ADMIN_DESC'] = $user->ADM_ADMIN_DESC;
$_SESSION['EMPLOYEE_TYPE'] = $user->EMPLOYEE_TYPE;
// save user pass in encrypted form
Lib::loadClass('Crypt');
$_SESSION['ADM_PASS_HASH'] = Crypt::encrypt($pass);
$_SESSION['EMAIL_IMAP_IMPORT_PASSWD_HASH'] = Crypt::encrypt($user->EMAIL_IMAP_IMPORT_PASSWD);
$_SESSION['EMAIL_IMAP_IMPORT_HOST'] = $user->EMAIL_IMAP_IMPORT_HOST;
$_SESSION['EMAIL_IMAP_IMPORT_USERNAME'] = $user->EMAIL_IMAP_IMPORT_USERNAME;
//$keyFromHash = Crypt::decrypt($_SESSION['ADM_PASS_HASH']);
$userAcl = User::getAcl();
$userAcl->fetchAllPerms();
return true;
}
return false;
}
public static function login($login, $pass) {
Lib::loadClass('LDAP');
$ldap = ('1' == V::get('P5_DONT_USE_LDAP_FOR_AUTH', '', $_SERVER)) ? null : LDAP::getInstance();
$authClass = null;
{
$projectName = Config::getProjectName();
$projectPath = Config::getProjectPath();
$pathAuthClass = $projectPath ? "{$projectPath}/auth.php" : null;
if ($pathAuthClass && file_exists($pathAuthClass)) {
require_once $pathAuthClass;
$nameAuthClass = "Auth_{$projectName}";
if (!class_exists($nameAuthClass)) throw new Exception("Auth class not exists for project '{$projectName}'!");
$authClass = $nameAuthClass;
}
}
if ($ldap != null && $ldap->isConnected()) {
$user = self::loginByLDAP($login, $pass);
if ($user) { // user logged in by ldap - update password hash in db
DB::getPDO()->update('ADMIN_USERS', 'ID', $user->ID, [
'ADM_PASSWD_AES' => hash('sha512', $pass), // Mysql: SHA2('{$pass}', 512)
]);
}
} else if ($authClass) {
// $classname::aStaticMethod(); // As of PHP 5.3.0
$user = $authClass::login($login, $pass);
{ // default values
if (!$user->EMAIL_IMAP_IMPORT_HOST) $user->EMAIL_IMAP_IMPORT_HOST = null;
if (!$user->EMAIL_IMAP_IMPORT_USERNAME) $user->EMAIL_IMAP_IMPORT_USERNAME = null;
}
} else {
$user = self::loginByDB($login, $pass);
}
if ($user) {
$_SESSION['ADM_ID'] = $user->ID;
$_SESSION['AUTHORIZE_USER'] = $user->ADM_ACCOUNT;
$_SESSION['ADM_ACCOUNT'] = $user->ADM_ACCOUNT;
//$_SESSION['ADM_AREA'] = $user->ADM_AREA;
$_SESSION['ADM_NAME'] = $user->ADM_NAME;
$_SESSION['ADM_TECH_WORKER'] = $user->ADM_TECH_WORKER;
$_SESSION['ADM_COMPANY'] = $user->ADM_COMPANY;
$_SESSION['ADM_ADMIN_LEVEL'] = $user->ADM_ADMIN_LEVEL;
$_SESSION['ADM_PHONE'] = $user->ADM_PHONE;
$_SESSION['ADM_ADMIN_EXPIRE'] = $user->ADM_ADMIN_EXPIRE;
$_SESSION['ADM_ADMIN_DESC'] = $user->ADM_ADMIN_DESC;
$_SESSION['EMPLOYEE_TYPE'] = $user->EMPLOYEE_TYPE;
// save user pass in encrypted form
Lib::loadClass('Crypt');
$_SESSION['ADM_PASS_HASH'] = Crypt::encrypt($pass);
$_SESSION['EMAIL_IMAP_IMPORT_PASSWD_HASH'] = Crypt::encrypt($user->EMAIL_IMAP_IMPORT_PASSWD);
$_SESSION['EMAIL_IMAP_IMPORT_HOST'] = $user->EMAIL_IMAP_IMPORT_HOST;
$_SESSION['EMAIL_IMAP_IMPORT_USERNAME'] = $user->EMAIL_IMAP_IMPORT_USERNAME;
//$keyFromHash = Crypt::decrypt($_SESSION['ADM_PASS_HASH']);
$userAcl = User::getAcl();
$userAcl->fetchAllPerms();
$_SESSION['ADM_ACL_LOADED'] = true;
return true;
}
return false;
}
public static function loginByLDAP($login, $pass) {
$ldapUser = array();
$DBG = false;
Lib::loadClass('LDAP');
$ldap = LDAP::getInstance();
if (!$ldap->isConnected()) {
throw new Exception("Wystąpiły błędy podczas połączenia do bazy LDAP. Spróbuj ponownie za chwilę.");
}
$filter = (false !== strpos($login, '@'))? "(mail={$login})" : "(uid={$login})";
//$filter = "cn=*";// show all ldap accounts
$justthese = array();//array("uid", "givenName", "mail", "*");
if($DBG){echo'ldap_search (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r(array('ldaprdn'=>$ldap->getBaseDN(), 'filter'=>$filter, 'justthese'=>$justthese));echo'';}
$res = $ldap->search($filter, 'cn=users', $justthese);
if ($ldap->count_entries($res) > 0) {
$entry = $ldap->first_entry($res);
if ($entry) {
$ldapUser['user_dn'] = $ldap->get_dn($entry);
$val = $ldap->get_values($entry, 'uid');
$ldapUser['uid'] = $val[0];
$val = $ldap->get_values($entry, 'mail');
$ldapUser['mail'] = $val[0];
$val = $ldap->get_values($entry, 'cn');
$ldapUser['cn'] = $val[0];
} else {
throw new Exception("Login nie istnieje");
}
if($DBG){// test
echo'';
// print number of entries found
echo "Number of entries found: " . $ldap->count_entries($res) . "\n";
while ( $entry ) {
$dn = $ldap->get_dn($entry);
echo "$dn\n";
$attrs = $ldap->get_attributes($entry);
for ( $i=0; $i < $attrs['count']; $i++) {
echo "$attrs[$i]: ";
for ( $j=0; $j < $attrs[$attrs[$i]]['count']; $j++ ) {
echo $attrs[$attrs[$i]][$j] . " ";
}
echo "\n";
}
echo "\n";
$entry = $ldap->next_entry($entry);
}
$ldap->free_result($res);
echo'';
}// test
}
if (!$ldapUser['user_dn']) {
throw new Exception("Proszę podać poprawny login i hasło!");
}
if($DBG){echo'LDAP user (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($ldapUser);echo'';}
if($DBG){echo'ldap_bind (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r(array('ldaprdn'=>$ldapUser['user_dn'], 'pass'=>'***'));echo'';}
$ldapbind = $ldap->bind($ldapUser['user_dn'], $pass, $errorMsg);
if (!$ldapbind && "Error Binding to LDAP: No additional information is available." === $errorMsg) throw new Exception("Nieprawidłowy login lub hasło");
if (!$ldapbind) throw new Exception("Wystąpiły błędy podczas próby logowania. {$errorMsg}");
$user = new stdClass();
$user->AUTHORIZE_USER = $ldapUser['uid'];
$user->ADM_ACCOUNT = $ldapUser['uid'];
$user->ADM_NAME = $ldapUser['cn'];
$user->OTHER_INFO = $ldapUser['mail'];
$rawUser = DB::getPDO()->fetchFirst("
select u.*
from ADMIN_USERS u
where u.ADM_ACCOUNT = :login
and u.A_STATUS in('WAITING', 'NORMAL')
", [
':login' => $user->ADM_ACCOUNT,
]);
if (!$rawUser) throw new Exception("Wystąpiły błędy podczas próby logowania. Brak użytkownika w bazie danych.");
$user->ID = $rawUser['ID'];
$user->ADM_TECH_WORKER = $rawUser['ADM_TECH_WORKER'];
$user->ADM_COMPANY = $rawUser['ADM_COMPANY'];
$user->ADM_ADMIN_LEVEL = $rawUser['ADM_ADMIN_LEVEL'];
$user->ADM_PHONE = $rawUser['ADM_PHONE'];
$user->ADM_ADMIN_EXPIRE = $rawUser['ADM_ADMIN_EXPIRE'];
$user->ADM_ADMIN_DESC = $rawUser['ADM_ADMIN_DESC'];
$user->EMAIL_IMAP_IMPORT_PASSWD = $rawUser['EMAIL_IMAP_IMPORT_PASSWD'];
$user->EMAIL_IMAP_IMPORT_HOST = $rawUser['EMAIL_IMAP_IMPORT_HOST'];
$user->EMAIL_IMAP_IMPORT_USERNAME = $rawUser['EMAIL_IMAP_IMPORT_USERNAME'];
$user->EMPLOYEE_TYPE = $rawUser['EMPLOYEE_TYPE'];
return $user;
}
public static function loginByDB($login, $pass) {
$rawUser = DB::getPDO()->fetchFirst("
select u.*
from ADMIN_USERS u
where u.ADM_ACCOUNT = :login
and u.ADM_PASSWD_AES = :pass_hash
and u.A_STATUS in('WAITING', 'NORMAL')
", [
':login' => $login,
':pass_hash' => hash('sha512', $pass),
]);
if (!$rawUser) { // TODO: error log - change password for user
error_log("TODO: update password hash for user '{$login}'");
$rawUser = DB::getPDO()->fetchFirst("
select u.*
from ADMIN_USERS u
where u.ADM_ACCOUNT = :login
and ( u.ADM_PASSWD = :pass or u.ADM_PASSWD = md5( :pass ) )
and u.ADM_PASSWD != ''
and u.A_STATUS in('WAITING', 'NORMAL')
", [
':login' => $login,
':pass' => $pass,
]);
}
if (!$rawUser) throw new Exception("Proszę podać poprawny login i hasło!");
$user = new stdClass();
$user->ID = $rawUser['ID'];
$user->ADM_TECH_WORKER = $rawUser['ADM_TECH_WORKER'];
$user->ADM_COMPANY = $rawUser['ADM_COMPANY'];
$user->AUTHORIZE_USER = $rawUser['ADM_ACCOUNT'];
$user->ADM_ACCOUNT = $rawUser['ADM_ACCOUNT'];
$user->ADM_NAME = $rawUser['ADM_NAME'];
$user->ADM_ADMIN_LEVEL = $rawUser['ADM_ADMIN_LEVEL'];
$user->ADM_PHONE = $rawUser['ADM_PHONE'];
$user->ADM_ADMIN_EXPIRE = $rawUser['ADM_ADMIN_EXPIRE'];
$user->ADM_ADMIN_DESC = $rawUser['ADM_ADMIN_DESC'];
$user->EMAIL_IMAP_IMPORT_PASSWD = $rawUser['EMAIL_IMAP_IMPORT_PASSWD'];
$user->EMAIL_IMAP_IMPORT_HOST = $rawUser['EMAIL_IMAP_IMPORT_HOST'];
$user->EMAIL_IMAP_IMPORT_USERNAME = $rawUser['EMAIL_IMAP_IMPORT_USERNAME'];
$user->EMPLOYEE_TYPE = $rawUser['EMPLOYEE_TYPE'];
//$user->ADM_AREA = $rawUser['ADM_AREA'];
//$_SESSION['ADM_PASSWD'] = $pass;
return $user;
}
public static function kandydatLoginByDB($kandydatId, &$errors) {
$db = DB::getDB();
$kandydatId = (int)$kandydatId;
$sql = "SELECT u.*
from `ADMIN_USERS` as u
where
u.`ID`='{$kandydatId}'
and u.`A_STATUS` in('WAITING','NORMAL')
LIMIT 0, 1;
";
$res = $db->query($sql);
if (!$res) {
die("Error SQL login!");
}
$num_rows = $db->num_rows($res);
if ($num_rows == 0) {
$errors[] = "Podales zlego uzytkownika lub/i haslo()";
}
else if ($num_rows == 1) {
if ($r = $db->fetch($res)) {
$user = new stdClass();
$user->ID = $r->ID;
$user->ADM_TECH_WORKER = $r->ADM_TECH_WORKER;
$user->ADM_COMPANY = $r->ADM_COMPANY;
$user->AUTHORIZE_USER = $r->ADM_ACCOUNT;
$user->ADM_ACCOUNT = $r->ADM_ACCOUNT;
$user->ADM_NAME = $r->ADM_NAME;
$user->ADM_ADMIN_LEVEL = $r->ADM_ADMIN_LEVEL;
$user->ADM_PHONE = $r->ADM_PHONE;
$user->ADM_ADMIN_EXPIRE = $r->ADM_ADMIN_EXPIRE;
$user->ADM_ADMIN_DESC = $r->ADM_ADMIN_DESC;
$user->EMAIL_IMAP_IMPORT_PASSWD = $r->EMAIL_IMAP_IMPORT_PASSWD;
$user->EMAIL_IMAP_IMPORT_HOST = $r->EMAIL_IMAP_IMPORT_HOST;
$user->EMAIL_IMAP_IMPORT_USERNAME = $r->EMAIL_IMAP_IMPORT_USERNAME;
$user->EMPLOYEE_TYPE = $r->EMPLOYEE_TYPE;
//$user->ADM_AREA = "$r->ADM_AREA";
//$_SESSION['ADM_PASSWD'] = $pass;
return $user;
}
}
return false;
}
public static function changePassword($login, $oldPass, $newPass) {
if (!is_string($newPass)) throw new Exception("Błąd parametru");
if (strlen($newPass) < 8) throw new Exception("Hasło zbyt krótkie (min. 8 znaków)"); // TODO regex 1 mala litera, 1 mala litera, 1 cyfra, min. 8 znakow
if (!self::logged()) throw new Exception("Użytkownik niezalogwany");
Lib::loadClass('LDAP');
$ldap = LDAP::getInstance();
if ($ldap != null && $ldap->isConnected()) {
return self::changePasswordLDAP($login, $oldPass, $newPass);
} else {
return self::changePasswordDB($login, $oldPass, $newPass);
}
}
public static function changePasswordLDAP($login, $oldPass, $newPass) {
$usrStorageLdap = UserStorageFactory::getStorage('MacOSX');
if (!$usrStorageLdap) throw new Exception("Error storage Ldap not exists");
try {
$user = self::loginByLDAP($login, $oldPass);
} catch (Exception $e) {
throw new Exception("Błędne hasło");
}
if (!$user) throw new Exception("Błąd weryfikacji użytkownika");
if (!$usrStorageLdap->changePassword($login, $newPass)) {
throw new Exception("Błąd podczas zmiany hasła");
}
$affected = DB::getPDO()->update('ADMIN_USERS', 'ID', $user->ID, [
'ADM_PASSWD' => '',
'ADM_PASSWD_AES' => hash('sha512', $newPass), // Mysql: SHA2('{$pass}', 512)
]);
return ($affected > 0);
}
public static function changePasswordDB($login, $oldPass, $newPass) {
try {
$user = self::loginByDB($login, $oldPass);
} catch (Exception $e) {
throw new Exception("Błędne hasło");
}
if (!$user) throw new Exception("Błąd weryfikacji użytkownika");
$affected = DB::getPDO()->update('ADMIN_USERS', 'ID', $user->ID, [
'ADM_PASSWD' => '',
'ADM_PASSWD_AES' => hash('sha512', $newPass), // Mysql: SHA2('{$pass}', 512)
]);
return ($affected > 0);
}
/**
* Check user access.
* @param string $name
* 'menu' - access to view menu
*
* @from [4101] ADM_ADMIN_LEVEL
* Poziom uprawnień - każdy powinien mieć poziom o numerze 3
* kierownicy powinni mieć 2
* a administratorzy 0
* kandydaci poziom 6.
* Poziom 1 umożliwia edycje procesów i zasobów
* poziom 2 umożliwia ocenę testów
* poziom 3 umożliwia widzenie systemu jakości.
*/
public static function hasAccess($name) {
switch ($name) {
case 'menu': {
if (User::get('ADM_ADMIN_LEVEL') < 6) {
return true;
}
else {
Lib::loadClass('Config');
$ALLOW_GUEST_ACCOUNT = (int)Config::get('ALLOW_GUEST_ACCOUNT');
if ($ALLOW_GUEST_ACCOUNT && User::getLogin() == 'anonymous') {
return true;
}
}
break;
}
case 'dbg': {
return (0 == User::get('ADM_ADMIN_LEVEL'));
break;
}
case 'procesy': {
if (User::get('ADM_ADMIN_LEVEL') < 4) return true;
break;
}
case 'procesy_admin': {
if (User::get('ADM_ADMIN_LEVEL') < 2) return true;
break;
}
case 'testy': {
if (User::get('ADM_ADMIN_LEVEL') <= 6) return true;
break;
}
case 'testy_wyniki': {
if (User::get('ADM_ADMIN_LEVEL') < 3) return true;
break;
}
case 'testy_wyniki_edit': {
if (User::get('ADM_ADMIN_LEVEL') < 3) return true;
break;
}
case 'testy_wyniki_read': {
if (User::get('ADM_ADMIN_LEVEL') < 3) return true;
break;
}
case 'user_add_group': {
if (User::get('ADM_ADMIN_LEVEL') < 1) return true;
break;
}
default:
}
return false;
}
public static function hasAccessToEditTable($tableName) {
if (empty($tableName)) return;
$userAcl = User::getAcl();
$userAcl->fetchGroups();
Lib::loadClass('ProcesHelper');
$zasobID = ProcesHelper::getZasobTableID($tableName);
if (!$userAcl->hasTableAcl($zasobID)) {
return false;
}
$tblAcl = $userAcl->getTableAcl($zasobID);
if (empty($tblAcl)) {
echo "Brak dostępu do tabeli nr {$zasobID} '{$tableName}'"; return;
//throw new Exception("Brak dostępu do tabeli nr {$zasobID} '{$tableName}'");
}
$tblAcl->init();
return $tblAcl->hasEditPerms();
}
public static function hasGroup($groupName) {
// TODO: find group by name @see self::getGroups() @used in SchemaReaderProcess
return false;
}
public static function getAnonymousAccount() {
$db = DB::getDB();
if (!$db) die("Error DB connection!");
$sql = "select u.*
from `ADMIN_USERS` as u
where
u.`ADM_ACCOUNT`='anonymous'
and u.`EMPLOYEE_TYPE`='Anonymous'
and u.`A_STATUS` in('NORMAL')
order by u.`ID` asc
limit 1
";
$res = $db->query($sql);
if (!$res) die("Error SQL login!");
$num_rows = $db->num_rows($res);
if ($r = $db->fetch($res)) {
//$_SESSION['ADM_PASSWD'] = $pass;
$user = new stdClass();
$user->ID = "$r->ID";
$user->AUTHORIZE_USER = "$r->ADM_ACCOUNT";
$user->ADM_ACCOUNT = "$r->ADM_ACCOUNT";
$user->ADM_PASSWD = "$r->ADM_PASSWD";
//$user->ADM_AREA = "$r->ADM_AREA";
$user->ADM_NAME = "$r->ADM_NAME";
$user->ADM_TECH_WORKER = "$r->ADM_TECH_WORKER";
$user->ADM_COMPANY = "$r->ADM_COMPANY";
$user->ADM_ADMIN_LEVEL = "$r->ADM_ADMIN_LEVEL";
$user->ADM_PHONE = "$r->ADM_PHONE";
$user->ADM_ADMIN_EXPIRE = "$r->ADM_ADMIN_EXPIRE";
$user->ADM_ADMIN_DESC = "$r->ADM_ADMIN_DESC";
return $user;
}
return false;
}
public static function getLdapGroups() {
$ldapGroups = User::_fetchLdapGroups();
return $ldapGroups;
}
public static function getLdapGroupsNames() {
$ldapGroupsNames = array();
$ldapGroups = User::_fetchLdapGroups();
foreach ($ldapGroups as $kID => $vLDAPGroup) {
$ldapGroupsNames[$kID] = $vLDAPGroup->cn;
}
return $ldapGroupsNames;
}
public static function getLdapGroupsIds() {
$ldapGroups = User::_fetchLdapGroups();
$gidNumbers = array();
if (!empty($ldapGroups)) {
foreach ($ldapGroups as $vLdapGroup) {
$gidNumbers[] = $vLdapGroup->gidNumber;
}
}
return $gidNumbers;
}
public static function _fetchLdapGroups() {
static $_groups;
if (!$_groups) {
$login = User::getLogin();
Lib::loadClass('UsersLdapHelper');
$_groups = UsersLdapHelper::getUserGroups($login, 3);
//echo'getLDAPGroupByUserName (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($_groups);echo'';
}
return $_groups;
}
}