project-panel_biall_net/auth.php

<?php

// rename file to: `config.php`
// @used by User class to login
// - [ ] use to fetch user groups for acl

/**
 * User object:
 * - ID // ADM_ID
 * - ADM_ACCOUNT // AUTHORIZE_USER, ADM_ACCOUNT
 * - ADM_NAME // ADM_NAME
 * - ADM_TECH_WORKER // ADM_TECH_WORKER
 * - ADM_COMPANY // ADM_COMPANY
 * - ADM_ADMIN_LEVEL // ADM_ADMIN_LEVEL
 * - ADM_PHONE // ADM_PHONE
 * - ADM_ADMIN_EXPIRE // ADM_ADMIN_EXPIRE
 * - ADM_ADMIN_DESC // ADM_ADMIN_DESC
 * - EMPLOYEE_TYPE // EMPLOYEE_TYPE
 * - EMAIL_IMAP_IMPORT_HOST // EMAIL_IMAP_IMPORT_HOST
 * - EMAIL_IMAP_IMPORT_USERNAME // EMAIL_IMAP_IMPORT_USERNAME
 */

class Theme_Auth_panel_biall_net { // TODO: implements AuthBaseInterface {

	static function login($login, $pass) { // @return User object or null

		if (empty($login) || empty($pass)) throw new Exception("Proszę podać login i hasło!");

		// $item = self::fetchUser($login);
		// if (empty($item['PASSWD']) || 32 != strlen($item['PASSWD'])) {
		// 	throw new Exception("Proszę użyć funkcji przypomnienia hasła");
		// }

		// if (md5($pass) !== $item['PASSWD']) {
		// 	throw new Exception("Proszę podać poprawny login i hasło!");
		// }

		$userInfo = null;
		$activeUsers = self::makeActiveUsers($login);
		foreach ($activeUsers as $item) {
			if (empty($item['PASSWD']) || 32 != strlen($item['PASSWD'])) {
				continue; // throw new Exception("Proszę użyć funkcji przypomnienia hasła");
			}
			if (md5($pass) === $item['PASSWD']) {
				$userInfo = $item;
				break;
			}
		}
		if (!$userInfo) throw new Exception("Proszę podać poprawny login i hasło!");

		return (object)[
			'ID' => $userInfo['ID'],
			'ADM_ACCOUNT' => $userInfo['LOGIN'], // AUTHORIZE_USER, ADM_ACCOUNT
			'ADM_NAME' => implode(" ", [ $userInfo['P_NAME'], $userInfo['P_NAME_SECOND'] ]), // ADM_NAME
			'ADM_TECH_WORKER' => "", // ADM_TECH_WORKER
			'ADM_COMPANY' => $userInfo['BILLING_OWNER'], // ADM_COMPANY
			'ADM_ADMIN_LEVEL' => 5, // ADM_ADMIN_LEVEL // > 5 will show msg for Kandydat
			'ADM_PHONE' => "", // ADM_PHONE
			'ADM_ADMIN_EXPIRE' => "", // ADM_ADMIN_EXPIRE
			'ADM_ADMIN_DESC' => "", // ADM_ADMIN_DESC
			'EMPLOYEE_TYPE' => "Klient", // EMPLOYEE_TYPE // [ 'Pracownik','Kandydat','Partner','Anonymous','Kontakt','Skrypt' ]
		];
	}
	static function testAuth($login, $pass) {
		$userInfo = null;
		$activeUsers = self::makeActiveUsers($login);
		foreach ($activeUsers as $item) {
			if (empty($item['PASSWD']) || 32 != strlen($item['PASSWD'])) {
				continue; // throw new Exception("Proszę użyć funkcji przypomnienia hasła");
			}
			if (md5($pass) === $item['PASSWD']) {
				$userInfo = $item;
				break;
			}
		}

		if (!$userInfo) throw new Exception("Proszę podać poprawny login i hasło!");
		return $userInfo;
	}

	static function getUserID() { // User::getID() => Theme_Auth_panel_biall_net::getUserID()
		if (User::isAdmin() && !empty($_SESSION['PANEL_BN_USER_SELECTED']) && !empty($_SESSION['PANEL_BN_USERS'])) {
			return $_SESSION['PANEL_BN_USER_SELECTED'];
		} else return User::getID();
	}

	// after auth set additional session variables
	static function authorizedTrigger($login, $pass = '') {
		$fetchAllUsers = self::fetchActiveUsers($login);
		$_SESSION['PANEL_BN_USERS'] = (count($fetchAllUsers) > 1) ? array_map(function ($item) {
			return [
				'ID' => $item['ID'],
				'LOGIN' => $item['LOGIN'],
				'P_NAME' => $item['P_NAME'],
				'P_NAME_SECOND' => $item['P_NAME_SECOND'],
				'BILLING_OWNER' => $item['BILLING_OWNER'],
			];
		}, $fetchAllUsers) : [];
	}

	static function test_fetchAllUsers($login) {
		$sqlTest = "
			select c.ID
				, c.user_mail_contact
				, c.P_NAME, c.P_NAME_SECOND
				, c.P_PESEL, c.P_NIP
				, c.A_STATUS, c.STATUS
				, c.A_CLASSIFIED, c.A_ADM_COMPANY
				, c.BILLING_OWNER -- 1 BN, 3 NETDAY
			from COMPANIES c
			where c.user_mail_contact = :email
		";
		return DB::getPDO()->tryHandleException([ __CLASS__, 'preparePanelBNAuthTables' ], 'fetchAll', [
			$sqlTest, [ ':email' => $login ]
		]);
	}

	static function makeActiveUsers($login) {
		$activeUsers = self::fetchActiveUsers($login);

		foreach ($activeUsers as $idx => $item) {
			if (!$item['ID_AUTH']) {
				$activeUsers[$idx]['P_PESEL'] = trim(str_replace(' ', '', $item['P_PESEL']));
				$activeUsers[$idx]['P_NIP'] = trim(str_replace([' ', '-'], '', $item['P_NIP']));
				$passwd = (!empty($activeUsers[$idx]['P_PESEL'])) ? $activeUsers[$idx]['P_PESEL'] : $activeUsers[$idx]['P_NIP'];
				$hashPass = ($passwd) ? md5($passwd) : null;
				DB::getPDO()->insert('PANEL_KLIENTA_BN_AUTH', [
					'ID_BILLING_USERS' => $activeUsers[$idx]['ID'],
					'LOGIN' => $activeUsers[$idx]['user_mail_contact'],
					'PASSWD' => $hashPass,
					'A_RECORD_CREATE_DATE' => "NOW()",
				]);
				$activeUsers[$idx]['ID_BILLING_USERS'] = $activeUsers[$idx]['ID'];
				$activeUsers[$idx]['LOGIN'] = $activeUsers[$idx]['user_mail_contact'];
				$activeUsers[$idx]['PASSWD'] = $hashPass;
			}
		}

		return $activeUsers;
	}

	static function fetchActiveUsers($login) {
		// TODO: filtr BN / NETDAY ?
		// TODO: filtr ZGODA_NA mail/fv ?
		$sql = "
			select c.ID
				, c.user_mail_contact
				, c.P_NAME, c.P_NAME_SECOND
				, c.P_PESEL, c.P_NIP
				, c.A_STATUS, c.STATUS
				, c.A_CLASSIFIED, c.A_ADM_COMPANY
				, c.BILLING_OWNER -- 1 BN, 3 NETDAY
				, p.ID as ID_AUTH
				, p.LOGIN
				, p.PASSWD
				, p.REMIND_PASS_KEY
				, p.REMIND_PASS_VALID_TILL
			from COMPANIES c
				left join PANEL_KLIENTA_BN_AUTH p on ( p.ID_BILLING_USERS = c.ID and p.LOGIN = c.user_mail_contact )
			where c.user_mail_contact = :email
				and c.A_CLASSIFIED = :acl
				and c.A_ADM_COMPANY = :acl
		";
		return DB::getPDO()->tryHandleException([ __CLASS__, 'preparePanelBNAuthTables' ], 'fetchAll', [
			$sql, [ ':email' => $login, ':acl' => '27_BIALL-NET' ]
		]);
	}

	static function fetchUser($login) {
		$item = DB::getPDO()->tryHandleException([ __CLASS__, 'preparePanelBNAuthTables' ], 'fetchFirst', [
			"
				select c.ID, c.user_mail_contact, c.P_PESEL
			--		, c.PASSWD
					, c.P_NAME, c.P_NAME_SECOND
					, c.BILLING_OWNER -- 1 BN, 3 NETDAY
					, c.is_firma
					, c.P_NIP
					, p.ID as ID_AUTH
					, p.LOGIN
					, p.PASSWD
					, p.REMIND_PASS_KEY
					, p.REMIND_PASS_VALID_TILL
				from COMPANIES c
					left join PANEL_KLIENTA_BN_AUTH p on ( p.ID_BILLING_USERS = c.ID and p.LOGIN = c.user_mail_contact )
				where c.user_mail_contact like :email
			",
			[
				':email' => $login,
			]
		]);
		if (!$item) throw new Exception("BŁĄD: Brak zarejestrowanego użytkownika o wprowadzonym adresie email.");

		if (!$item['ID_AUTH']) {
			$item['P_PESEL'] = trim(str_replace(' ', '', $item['P_PESEL']));
			$item['P_NIP'] = trim(str_replace([' ', '-'], '', $item['P_NIP']));
			$passwd = (!empty($item['P_PESEL'])) ? $item['P_PESEL'] : $item['P_NIP'];
			$hashPass = ($passwd) ? md5($passwd) : null;
			DB::getPDO()->insert('PANEL_KLIENTA_BN_AUTH', [
				'ID_BILLING_USERS' => $item['ID'],
				'LOGIN' => $item['user_mail_contact'],
				'PASSWD' => $hashPass,
				'A_RECORD_CREATE_DATE' => "NOW()",
			]);
			$item['ID_BILLING_USERS'] = $item['ID'];
			$item['LOGIN'] = $item['user_mail_contact'];
			$item['PASSWD'] = $hashPass;
		}

		return $item;
	}

	static function sendRemindPasswd($email, $resetLink, $recipient) {
		$recipient = "piotrl86+bn-test-remind@gmail.com"; // TODO: ($recipient) ? $recipient : $email

		$headers = "MIME-Version: 1.0\n";
		$headers .= "Content-Type: text/plain; charset=\"utf-8\"\n";
		$headers .= 'From: Panel klienta BIALL-NET <noreply@biall-net.pl>' . "\r\n";
		// $headers .= 'Bcc: piotrl86@gmail.com' . "\r\n";

		$subject = "Panel BIALL-NET: Ustawianie nowego hasła";

		$body = implode("\r\n\r\n", [
			"Ktoś poprosił o wygenerowanie nowego hasła dla następującego konta:",
			"Nazwa witryny: Panel klienta BIALL-NET",
			"Nazwa użytkownika: {$email}",
			"Jeśli to pomyłka po prostu zignoruj tego maila i nic się nie stanie.",
			"Aby zresetować hasło, przejdź tutaj:",
			"{$resetLink}",
		]);

		mail($recipient, $subject, $body, $headers);
	}

	static function generateRemindKey($email) {
		$remindKey = substr(md5($email . "" . date("Y-m-d H:i:s")), 0, 16);
		$remindTill = date("Y-m-d", mktime(0,0,0, date("m"), date("d") + 2, date("Y")));
		// $userInfo = self::fetchUser($email);
		self::makeActiveUsers($email); // creates PANEL_KLIENTA_BN_AUTH if missing
		DB::getPDO()->execSql("
			update PANEL_KLIENTA_BN_AUTH
			set REMIND_PASS_KEY = :remind_key
				, REMIND_PASS_VALID_TILL = :remind_till
				, A_RECORD_UPDATE_DATE = NOW()
			where LOGIN = :login
		--		and ID_BILLING_USERS = :id_user
		", [
			// ':id_user' => $userInfo['ID'],
			// ':login' => $userInfo['LOGIN'],
			':login' => $email,
			':remind_key' => $remindKey,
			':remind_till' => $remindTill,
		]);
		return $remindKey;
	}

	static function setPasswd($email, $newPasswd, $remindKey) {
		if (empty($email)) throw new Exception("Missing login!");
		if (empty($newPasswd)) throw new Exception("Missing password!");
		if (empty($remindKey)) throw new Exception("Missing remindKey!");

		// TODO: validate password!
		if (strlen($newPasswd) < 8) throw new Exception("Hasło musi się składać z co najmniej 8 znaków");

		$userInfo = self::fetchUser($email);

		// DBG::nicePrint([
		// 	'c1' => empty($userInfo['REMIND_PASS_KEY']),
		// 	'c2' => $userInfo['REMIND_PASS_KEY'] !== $remindKey,
		// 	'c2.L' => $userInfo['REMIND_PASS_KEY'],
		// 	'c2.R' => $remindKey,
		// 	'c3' =>  date("Y-m-d") > $userInfo['REMIND_PASS_VALID_TILL'],
		// 	'c3.L' => date("Y-m-d"),
		// 	'c3.R' => $userInfo['REMIND_PASS_VALID_TILL'],
		// 	'user' => $userInfo,
		// ], 'DBG');
		if (empty($userInfo['REMIND_PASS_KEY'])
			|| $userInfo['REMIND_PASS_KEY'] !== $remindKey
			|| date("Y-m-d") > $userInfo['REMIND_PASS_VALID_TILL']
		) throw new Exception("Odnośnik do resetowania hasła wydaje się być niesprawny. Proszę użyć funkcji przypomnienia hasła.");

		DB::getPDO()->execSql("
			update PANEL_KLIENTA_BN_AUTH
			set REMIND_PASS_KEY = ''
				, REMIND_PASS_VALID_TILL = '0000-00-00'
				, PASSWD = :hash_passwd
				, A_RECORD_UPDATE_DATE = NOW()
			where LOGIN = :login
		--		and ID_BILLING_USERS = :id_user
		", [
			// ':id_user' => $userInfo['ID'],
			// ':login' => $userInfo['LOGIN'],
			':login' => $email,
			':hash_passwd' => md5($newPasswd),
		]);
	}

	static function preparePanelBNAuthTables() {
		DB::getPDO()->execSql("
			CREATE TABLE IF NOT EXISTS `PANEL_KLIENTA_BN_AUTH` (
				`ID` int(11) NOT NULL AUTO_INCREMENT,
				`ID_BILLING_USERS` int(11) NOT NULL,
				`LOGIN` varchar(255) NOT NULL DEFAULT '',
				`PASSWD` varchar(32) NOT NULL DEFAULT '',
				`REMIND_PASS_KEY` varchar(16) NOT NULL DEFAULT '',
				`REMIND_PASS_VALID_TILL` date NOT NULL DEFAULT '0000-00-00',
				`A_ADM_COMPANY` varchar(64) NOT NULL DEFAULT '',
				`A_CLASSIFIED` varchar(64) NOT NULL DEFAULT '',
				`A_RECORD_CREATE_DATE` datetime NOT NULL,
				`A_RECORD_CREATE_AUTHOR` varchar(20) NOT NULL DEFAULT '',
				`A_RECORD_UPDATE_DATE` datetime NOT NULL,
				`A_RECORD_UPDATE_AUTHOR` varchar(20) NOT NULL DEFAULT '',
				PRIMARY KEY (`ID`),
				UNIQUE KEY `COMPANY_LOGIN` (`LOGIN`, `ID_BILLING_USERS`)
			) ENGINE=MyISAM  DEFAULT CHARSET=latin2 ;
		");
		DB::getPDO()->execSql("
			CREATE TABLE IF NOT EXISTS `PANEL_KLIENTA_BN_AUTH_HIST` (
				`ID` int(11) NOT NULL AUTO_INCREMENT,
				`ID_USERS2` int(11) NOT NULL,
				`ID_BILLING_USERS` varchar(11) NOT NULL DEFAULT 'N/S;',
				`LOGIN` varchar(255) NOT NULL DEFAULT 'N/S;',
				`PASSWD` varchar(32) NOT NULL DEFAULT 'N/S;',
				`REMIND_PASS_KEY` varchar(16) NOT NULL DEFAULT 'N/S;',
				`REMIND_PASS_VALID_TILL` varchar(10) NOT NULL DEFAULT 'N/S;',
				`A_ADM_COMPANY` varchar(64) NOT NULL DEFAULT 'N/S;',
				`A_CLASSIFIED` varchar(64) NOT NULL DEFAULT 'N/S;',
				`A_RECORD_CREATE_DATE` varchar(10) NOT NULL DEFAULT 'N/S;',
				`A_RECORD_CREATE_AUTHOR` varchar(20) NOT NULL DEFAULT 'N/S;',
				`A_RECORD_UPDATE_DATE` varchar(10) NOT NULL DEFAULT 'N/S;',
				`A_RECORD_UPDATE_AUTHOR` varchar(20) NOT NULL DEFAULT 'N/S;',
				PRIMARY KEY (`ID`),
				KEY `ID_USERS2` (`ID_USERS2`)
			) ENGINE=MyISAM  DEFAULT CHARSET=latin2 ;
		");
	}

}