$userInfo['ID'], 'ADM_ACCOUNT' => $userInfo['LOGIN'], // AUTHORIZE_USER, ADM_ACCOUNT 'ADM_NAME' => implode(" ", [ $userInfo['P_NAME'], $userInfo['P_NAME_SECOND'] ]), // ADM_NAME 'ADM_TECH_WORKER' => "", // ADM_TECH_WORKER 'ADM_COMPANY' => $userInfo['BILLING_OWNER'], // ADM_COMPANY 'ADM_ADMIN_LEVEL' => 5, // ADM_ADMIN_LEVEL // > 5 will show msg for Kandydat 'ADM_PHONE' => "", // ADM_PHONE 'ADM_ADMIN_EXPIRE' => "", // ADM_ADMIN_EXPIRE 'ADM_ADMIN_DESC' => "", // ADM_ADMIN_DESC 'EMPLOYEE_TYPE' => "Klient", // EMPLOYEE_TYPE // [ 'Pracownik','Kandydat','Partner','Anonymous','Kontakt','Skrypt' ] ]; } static function testAuth($login, $pass) { $userInfo = null; $activeUsers = self::makeActiveUsers($login); foreach ($activeUsers as $item) { if (empty($item['PASSWD']) || 32 != strlen($item['PASSWD'])) { continue; // throw new Exception("Proszę użyć funkcji przypomnienia hasła"); } if (md5($pass) === $item['PASSWD']) { $userInfo = $item; break; } } if (!$userInfo) throw new Exception("Proszę podać poprawny login i hasło!"); return $userInfo; } static function getUserID() { // User::getID() => Theme_Auth_panel_biall_net::getUserID() if (User::isAdmin() && !empty($_SESSION['PANEL_BN_USER_SELECTED']) && !empty($_SESSION['PANEL_BN_USERS'])) { return $_SESSION['PANEL_BN_USER_SELECTED']; } else return User::getID(); } // after auth set additional session variables static function authorizedTrigger($login, $pass = '') { $fetchAllUsers = self::fetchActiveUsers($login); $_SESSION['PANEL_BN_USERS'] = (count($fetchAllUsers) > 1) ? array_map(function ($item) { return [ 'ID' => $item['ID'], 'LOGIN' => $item['LOGIN'], 'P_NAME' => $item['P_NAME'], 'P_NAME_SECOND' => $item['P_NAME_SECOND'], 'BILLING_OWNER' => $item['BILLING_OWNER'], ]; }, $fetchAllUsers) : []; } static function test_fetchAllUsers($login) { $sqlTest = " select c.ID , c.user_mail_contact , c.P_NAME, c.P_NAME_SECOND , c.P_PESEL, c.P_NIP , c.A_STATUS, c.STATUS , c.A_CLASSIFIED, c.A_ADM_COMPANY , c.BILLING_OWNER -- 1 BN, 3 NETDAY from COMPANIES c where c.user_mail_contact = :email "; return DB::getPDO()->tryHandleException([ __CLASS__, 'preparePanelBNAuthTables' ], 'fetchAll', [ $sqlTest, [ ':email' => $login ] ]); } static function makeActiveUsers($login) { $activeUsers = self::fetchActiveUsers($login); foreach ($activeUsers as $idx => $item) { if (!$item['ID_AUTH']) { $activeUsers[$idx]['P_PESEL'] = trim(str_replace(' ', '', $item['P_PESEL'])); $activeUsers[$idx]['P_NIP'] = trim(str_replace([' ', '-'], '', $item['P_NIP'])); $passwd = (!empty($activeUsers[$idx]['P_PESEL'])) ? $activeUsers[$idx]['P_PESEL'] : $activeUsers[$idx]['P_NIP']; $hashPass = ($passwd) ? md5($passwd) : null; DB::getPDO()->insert('PANEL_KLIENTA_BN_AUTH', [ 'ID_BILLING_USERS' => $activeUsers[$idx]['ID'], 'LOGIN' => $activeUsers[$idx]['user_mail_contact'], 'PASSWD' => $hashPass, 'A_RECORD_CREATE_DATE' => "NOW()", ]); $activeUsers[$idx]['ID_BILLING_USERS'] = $activeUsers[$idx]['ID']; $activeUsers[$idx]['LOGIN'] = $activeUsers[$idx]['user_mail_contact']; $activeUsers[$idx]['PASSWD'] = $hashPass; } } return $activeUsers; } static function fetchActiveUsers($login) { // TODO: filtr BN / NETDAY ? // TODO: filtr ZGODA_NA mail/fv ? $sql = " select c.ID , c.user_mail_contact , c.P_NAME, c.P_NAME_SECOND , c.P_PESEL, c.P_NIP , c.A_STATUS, c.STATUS , c.A_CLASSIFIED, c.A_ADM_COMPANY , c.BILLING_OWNER -- 1 BN, 3 NETDAY , p.ID as ID_AUTH , p.LOGIN , p.PASSWD , p.REMIND_PASS_KEY , p.REMIND_PASS_VALID_TILL from COMPANIES c left join PANEL_KLIENTA_BN_AUTH p on ( p.ID_BILLING_USERS = c.ID and p.LOGIN = c.user_mail_contact ) where c.user_mail_contact = :email and c.A_CLASSIFIED = :acl and c.A_ADM_COMPANY = :acl "; return DB::getPDO()->tryHandleException([ __CLASS__, 'preparePanelBNAuthTables' ], 'fetchAll', [ $sql, [ ':email' => $login, ':acl' => '27_BIALL-NET' ] ]); } static function fetchUser($login) { $item = DB::getPDO()->tryHandleException([ __CLASS__, 'preparePanelBNAuthTables' ], 'fetchFirst', [ " select c.ID, c.user_mail_contact, c.P_PESEL -- , c.PASSWD , c.P_NAME, c.P_NAME_SECOND , c.BILLING_OWNER -- 1 BN, 3 NETDAY , c.is_firma , c.P_NIP , p.ID as ID_AUTH , p.LOGIN , p.PASSWD , p.REMIND_PASS_KEY , p.REMIND_PASS_VALID_TILL from COMPANIES c left join PANEL_KLIENTA_BN_AUTH p on ( p.ID_BILLING_USERS = c.ID and p.LOGIN = c.user_mail_contact ) where c.user_mail_contact like :email ", [ ':email' => $login, ] ]); if (!$item) throw new Exception("BŁĄD: Brak zarejestrowanego użytkownika o wprowadzonym adresie email."); if (!$item['ID_AUTH']) { $item['P_PESEL'] = trim(str_replace(' ', '', $item['P_PESEL'])); $item['P_NIP'] = trim(str_replace([' ', '-'], '', $item['P_NIP'])); $passwd = (!empty($item['P_PESEL'])) ? $item['P_PESEL'] : $item['P_NIP']; $hashPass = ($passwd) ? md5($passwd) : null; DB::getPDO()->insert('PANEL_KLIENTA_BN_AUTH', [ 'ID_BILLING_USERS' => $item['ID'], 'LOGIN' => $item['user_mail_contact'], 'PASSWD' => $hashPass, 'A_RECORD_CREATE_DATE' => "NOW()", ]); $item['ID_BILLING_USERS'] = $item['ID']; $item['LOGIN'] = $item['user_mail_contact']; $item['PASSWD'] = $hashPass; } return $item; } static function sendRemindPasswd($email, $resetLink, $recipient) { // $recipient = "piotrl86+bn-test-remind@gmail.com"; // TODO: ($recipient) ? $recipient : $email $recipient = "wolczynskit@biall-net.pl"; $headers = "MIME-Version: 1.0\n"; $headers .= "Content-Type: text/plain; charset=\"utf-8\"\n"; $headers .= 'From: Panel klienta BIALL-NET ' . "\r\n"; // $headers .= 'Bcc: piotrl86@gmail.com' . "\r\n"; $subject = "Panel BIALL-NET: Ustawianie nowego hasła"; $body = implode("\r\n\r\n", [ "Ktoś poprosił o wygenerowanie nowego hasła dla następującego konta:", "Nazwa witryny: Panel klienta BIALL-NET", "Nazwa użytkownika: {$email}", "Jeśli to pomyłka po prostu zignoruj tego maila i nic się nie stanie.", "Aby zresetować hasło, przejdź tutaj:", "{$resetLink}", ]); mail($recipient, $subject, $body, $headers); } static function generateRemindKey($email) { $remindKey = substr(md5($email . "" . date("Y-m-d H:i:s")), 0, 16); $remindTill = date("Y-m-d", mktime(0,0,0, date("m"), date("d") + 2, date("Y"))); // $userInfo = self::fetchUser($email); self::makeActiveUsers($email); // creates PANEL_KLIENTA_BN_AUTH if missing DB::getPDO()->execSql(" update PANEL_KLIENTA_BN_AUTH set REMIND_PASS_KEY = :remind_key , REMIND_PASS_VALID_TILL = :remind_till , A_RECORD_UPDATE_DATE = NOW() where LOGIN = :login -- and ID_BILLING_USERS = :id_user ", [ // ':id_user' => $userInfo['ID'], // ':login' => $userInfo['LOGIN'], ':login' => $email, ':remind_key' => $remindKey, ':remind_till' => $remindTill, ]); return $remindKey; } static function setPasswd($email, $newPasswd, $remindKey) { if (empty($email)) throw new Exception("Missing login!"); if (empty($newPasswd)) throw new Exception("Missing password!"); if (empty($remindKey)) throw new Exception("Missing remindKey!"); // TODO: validate password! if (strlen($newPasswd) < 8) throw new Exception("Hasło musi się składać z co najmniej 8 znaków"); $userInfo = self::fetchUser($email); // DBG::nicePrint([ // 'c1' => empty($userInfo['REMIND_PASS_KEY']), // 'c2' => $userInfo['REMIND_PASS_KEY'] !== $remindKey, // 'c2.L' => $userInfo['REMIND_PASS_KEY'], // 'c2.R' => $remindKey, // 'c3' => date("Y-m-d") > $userInfo['REMIND_PASS_VALID_TILL'], // 'c3.L' => date("Y-m-d"), // 'c3.R' => $userInfo['REMIND_PASS_VALID_TILL'], // 'user' => $userInfo, // ], 'DBG'); if (empty($userInfo['REMIND_PASS_KEY']) || $userInfo['REMIND_PASS_KEY'] !== $remindKey || date("Y-m-d") > $userInfo['REMIND_PASS_VALID_TILL'] ) throw new Exception("Odnośnik do resetowania hasła wydaje się być niesprawny. Proszę użyć funkcji przypomnienia hasła."); DB::getPDO()->execSql(" update PANEL_KLIENTA_BN_AUTH set REMIND_PASS_KEY = '' , REMIND_PASS_VALID_TILL = '0000-00-00' , PASSWD = :hash_passwd , A_RECORD_UPDATE_DATE = NOW() where LOGIN = :login -- and ID_BILLING_USERS = :id_user ", [ // ':id_user' => $userInfo['ID'], // ':login' => $userInfo['LOGIN'], ':login' => $email, ':hash_passwd' => md5($newPasswd), ]); } static function preparePanelBNAuthTables() { DB::getPDO()->execSql(" CREATE TABLE IF NOT EXISTS `PANEL_KLIENTA_BN_AUTH` ( `ID` int(11) NOT NULL AUTO_INCREMENT, `ID_BILLING_USERS` int(11) NOT NULL, `LOGIN` varchar(255) NOT NULL DEFAULT '', `PASSWD` varchar(32) NOT NULL DEFAULT '', `REMIND_PASS_KEY` varchar(16) NOT NULL DEFAULT '', `REMIND_PASS_VALID_TILL` date NOT NULL DEFAULT '0000-00-00', `A_ADM_COMPANY` varchar(64) NOT NULL DEFAULT '', `A_CLASSIFIED` varchar(64) NOT NULL DEFAULT '', `A_RECORD_CREATE_DATE` datetime NOT NULL, `A_RECORD_CREATE_AUTHOR` varchar(20) NOT NULL DEFAULT '', `A_RECORD_UPDATE_DATE` datetime NOT NULL, `A_RECORD_UPDATE_AUTHOR` varchar(20) NOT NULL DEFAULT '', PRIMARY KEY (`ID`), UNIQUE KEY `COMPANY_LOGIN` (`LOGIN`, `ID_BILLING_USERS`) ) ENGINE=MyISAM DEFAULT CHARSET=latin2 ; "); DB::getPDO()->execSql(" CREATE TABLE IF NOT EXISTS `PANEL_KLIENTA_BN_AUTH_HIST` ( `ID` int(11) NOT NULL AUTO_INCREMENT, `ID_USERS2` int(11) NOT NULL, `ID_BILLING_USERS` varchar(11) NOT NULL DEFAULT 'N/S;', `LOGIN` varchar(255) NOT NULL DEFAULT 'N/S;', `PASSWD` varchar(32) NOT NULL DEFAULT 'N/S;', `REMIND_PASS_KEY` varchar(16) NOT NULL DEFAULT 'N/S;', `REMIND_PASS_VALID_TILL` varchar(10) NOT NULL DEFAULT 'N/S;', `A_ADM_COMPANY` varchar(64) NOT NULL DEFAULT 'N/S;', `A_CLASSIFIED` varchar(64) NOT NULL DEFAULT 'N/S;', `A_RECORD_CREATE_DATE` varchar(10) NOT NULL DEFAULT 'N/S;', `A_RECORD_CREATE_AUTHOR` varchar(20) NOT NULL DEFAULT 'N/S;', `A_RECORD_UPDATE_DATE` varchar(10) NOT NULL DEFAULT 'N/S;', `A_RECORD_UPDATE_AUTHOR` varchar(20) NOT NULL DEFAULT 'N/S;', PRIMARY KEY (`ID`), KEY `ID_USERS2` (`ID_USERS2`) ) ENGINE=MyISAM DEFAULT CHARSET=latin2 ; "); } }