bn
/
se


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112
							<?php

Lib::loadClass('User');
Lib::loadClass('LDAP');
Lib::loadClass('DBG');

class ApiUser {

	public $_user;

	public function auth() {
		// session is closed by session_write_close - readonly
		if (User::logged()) {
			DBG::simpleLog('auth', "ApiUser::auth - user logged in '" . User::getLogin() . "'");
			$this->_user = User::getCurrentUserObject();
		}
		else {
			$login = V::get('PHP_AUTH_USER', '', $_SERVER);
			$pass = V::get('PHP_AUTH_PW', '', $_SERVER);
			if (!$login) $this->exitUnauthorized();
			DBG::simpleLog('auth', "ApiUser::auth - try to log user '{$login}'");
			try {
				$ldap = LDAP::getInstance();
				if ($ldap != null && $ldap->isConnected()) {
					DBG::simpleLog('auth', "ApiUser::auth - try login by LDAP '{$login}'");
					$this->_user = User::loginByLDAP($login, $pass);
				} else {
					DBG::simpleLog('auth', "ApiUser::auth - try login by DB '{$login}'");
					$this->_user = User::loginByDB($login, $pass);
				}
			} catch (Exception $e) {
				DBG::simpleLog('auth', "ApiUser::auth - failed login '{$login}'");
				$this->exitUnauthorized();
			}

			if (!$this->_user) {
				$this->exitUnauthorized();
			}

			$this->_saveToSession();
		}
	}

	private function _saveToSession() {
		session_start();
		$_SESSION['ADM_ID'] = $this->_user->ID;
		$_SESSION['AUTHORIZE_USER'] = $this->_user->ADM_ACCOUNT;
		$_SESSION['ADM_ACCOUNT'] = $this->_user->ADM_ACCOUNT;
		//$_SESSION['ADM_AREA'] = $this->_user->ADM_AREA;
		$_SESSION['ADM_NAME'] = $this->_user->ADM_NAME;
		$_SESSION['ADM_TECH_WORKER'] = $this->_user->ADM_TECH_WORKER;
		$_SESSION['ADM_COMPANY'] = $this->_user->ADM_COMPANY;
		$_SESSION['ADM_ADMIN_LEVEL'] = $this->_user->ADM_ADMIN_LEVEL;
		$_SESSION['ADM_PHONE'] = $this->_user->ADM_PHONE;
		$_SESSION['ADM_ADMIN_EXPIRE'] = $this->_user->ADM_ADMIN_EXPIRE;
		$_SESSION['ADM_ADMIN_DESC'] = $this->_user->ADM_ADMIN_DESC;
		$_SESSION['EMPLOYEE_TYPE'] = $this->_user->EMPLOYEE_TYPE;

		// save user pass in encrypted form
		//Lib::loadClass('Crypt');
		//$_SESSION['ADM_PASS_HASH'] = Crypt::encrypt($pass);
		//$_SESSION['EMAIL_IMAP_IMPORT_PASSWD_HASH'] = Crypt::encrypt($this->_user->EMAIL_IMAP_IMPORT_PASSWD);
		//$_SESSION['EMAIL_IMAP_IMPORT_HOST'] = $this->_user->EMAIL_IMAP_IMPORT_HOST;
		//$_SESSION['EMAIL_IMAP_IMPORT_USERNAME'] = $this->_user->EMAIL_IMAP_IMPORT_USERNAME;
		session_write_close();
	}

	public function logout() {
		session_start();
		$_SESSION = array();
		session_destroy();
		session_write_close();
		header('WWW-Authenticate: Basic realm="API"');
		header('HTTP/1.0 401 Unauthorized');
		$apiUrl = "https://{$_SERVER['HTTP_HOST']}{$_SERVER['SCRIPT_NAME']}";
		// $_SERVER[HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
		$httpAccept = V::get('HTTP_ACCEPT', '', $_SERVER);
		if (false !== strpos($httpAccept, 'text/html')) {
			?><!DOCTYPE html>
<html>
<head>
	<meta http-equiv="refresh" content="0; url=<?php echo $apiUrl; ?>" />
</head>
<body>
	Unauthorized - Go to <a href="<?php echo $apiUrl; ?>"><?php echo $apiUrl; ?></a>
</body>
</html>
			<?php
		} else {
			echo "Unauthorized - Go to {$apiUrl}";
		}
		exit;
	}

	public function exitUnauthorized() {
		header('WWW-Authenticate: Basic realm="API"');
		header('HTTP/1.0 401 Unauthorized');
		echo 'Unauthorized';
		exit;
	}

	public function isAdmin() {
		if (isset($this->_user->ADM_ADMIN_LEVEL) && in_array($this->_user->ADM_ADMIN_LEVEL, array(0, 1))) {
			return true;
		}
		return false;
	}

	public function getID() {
		return $this->_user->ID;
	}
}