projects / fa-stable.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Added hook for authentication from external sources like LDAP.
[fa-stable.git] / includes / current_user.inc
1 <?php
2 /**********************************************************************
3     Copyright (C) FrontAccounting, LLC.
4         Released under the terms of the GNU General Public License, GPL, 
5         as published by the Free Software Foundation, either version 3 
6         of the License, or (at your option) any later version.
7     This program is distributed in the hope that it will be useful,
8     but WITHOUT ANY WARRANTY; without even the implied warranty of
9     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
10     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
11 ***********************************************************************/
12
13 include_once($path_to_root . "/includes/prefs/userprefs.inc");
14 if (!defined('TB_PREF')) {
15         define('TB_PREF', '&TB_PREF&');
16 }
17 //--------------------------------------------------------------------------
18
19 class current_user
20 {
21         var $user;
22         var $loginname;
23         var $username;
24         var $name;
25         var $company; // user's company
26         var $pos;
27         var $access;
28         var $timeout;
29         var $last_act;
30         var $role_set = false;
31         var $old_db;
32         var $logged;
33         var $ui_mode = 0;
34         
35         var $prefs;
36         var $cur_con; // current db connection (can be different from $company for superuser)
37
38         function current_user()
39         {
40                 global $def_coy;
41                 
42                 $this->loginname = $this->username = $this->name = "";
43                 $this->company = isset($def_coy)? $def_coy : 0;
44                 $this->logged = false;
45
46                 $this->prefs = new user_prefs();
47         }
48
49         function logged_in()
50         {
51                 return $this->logged;
52         }
53
54         function set_company($company)
55         {
56                 $this->company = $company;
57         }
58
59         function login($company, $loginname, $password)
60         {
61                 global $security_areas, $security_groups, $security_headings, $path_to_root;
62                 
63                 $this->set_company($company);
64             $this->logged = false;
65
66                 set_global_connection();
67
68                 // Use external authentication source if any.
69                 // Keep in mind you need to have user data set for $loginname
70                 // in FA users table anyway to successfully log in.
71                 $Auth_Result = hook_authenticate($loginname, $password);
72
73                 if (!isset($Auth_Result))       // if not used: standard method
74                         $Auth_Result = get_user_auth($loginname, md5($password));
75
76                 if ($Auth_Result)
77                 {
78                         $myrow = get_user_by_login($loginname);
79                         $this->old_db = isset($myrow["full_access"]);
80                         if (! @$myrow["inactive"]) {
81                                 if ($this->old_db) { 
82                                         // Transition code:
83                                         // db was not yet upgraded after source update to v.2.2
84                                         // give enough access for admin user to continue upgrade
85                                         if (!isset($security_groups) || !isset($security_headings)) {
86                                                 echo "<center><br><br><font size='5' color='red'><b>";
87                                                 echo _('Before software upgrade you have to include old $security_groups and $security_headings arrays from old config.php file to the new one.');
88                                                 echo '<br>'."<a href=$path_to_root/index.php>"._("Back")."</a>";
89                                                 echo "</b></font><br><br></center>";
90                                                 exit;
91                                         }
92                             $this->access = $myrow["full_access"];
93                             if (in_array(20, $security_groups[$this->access]))
94                                                 // temporary access for admin users
95                                                 $this->role_set[] = $security_areas['SA_SOFTWAREUPGRADE'][0];
96                                         else {
97                                                 echo "<center><br><br><font size='5' color='red'><b>";
98                                                 echo _('System is available for site admin only until full database upgrade');
99                                                 echo "</b></font><br><br></center>";
100                                                 exit;
101                                         }
102                         } else {
103                                         $this->role_set = array();
104                             $this->access = $myrow["role_id"];
105                                         // store area codes available for current user role
106                                         $role = get_security_role($this->access);
107                                         if (!$role) 
108                                                 return false;
109                                         foreach( $role['areas'] as $code )
110                                                 // filter only area codes for enabled security sections
111                                                 if (in_array($code&~0xff, $role['sections'])) 
112                                                         $this->role_set[] = $code;
113                         }
114                     $this->name = $myrow["real_name"];
115                     $this->pos = $myrow["pos"];
116                     $this->loginname = $loginname;
117                     $this->username = $this->loginname;
118                     $this->prefs = new user_prefs($myrow);
119                     $this->user = @$myrow["id"];
120                         update_user_visitdate($this->username);
121                         $this->logged = true;
122                                 $this->last_act = time();
123                                 $this->timeout = session_timeout();
124                         }
125                 }
126                 return $this->logged;
127         }
128
129         function check_user_access()
130         {
131                 global $security_groups;
132                 if ($this->old_db) {
133                         // notification after upgrade from pre-2.2 version
134                         return isset($security_groups) && is_array(@$security_groups[$this->access]);
135                 } else
136                         return !isset($security_groups) && is_array($this->role_set);
137         }
138
139         function can_access($page_level)
140         {
141                 global $security_groups, $security_areas;
142                 if (isset($security_groups)) {
143                         return $this->company == 0 &&
144                                 in_array(20, $security_groups[$this->access]);
145                 }
146
147                 if ($page_level === 'SA_OPEN') 
148                         return true;
149                 if ($page_level === 'SA_DENIED' || $page_level === '') 
150                         return false;
151
152                 $code = $security_areas[$page_level][0];
153
154                 // only first registered company has site admin privileges
155                 return $code && in_array($code, $this->role_set)
156                         && ($this->company == 0 || (($code&~0xff) != SS_SADMIN));
157         }
158
159         function can_access_page($page_level)
160         {
161                 return $this->can_access($page_level);
162         }
163
164         function set_db_connection($id = -1)
165         {
166                 return set_global_connection($id);
167         }
168
169         function update_prefs($prefs)
170         {
171                 global $allow_demo_mode;
172                 
173                 if(!$allow_demo_mode) {
174                         update_user_prefs($this->user, $prefs);
175                 }
176
177                 $this->prefs = new user_prefs(get_user($this->user));
178         }
179 }
180
181 //--------------------------------------------------------------------------
182
183 function round2($number, $decimals=0)
184 {
185         $delta = ($number < 0 ? -.0000000001 : .0000000001);
186         return round($number+$delta, $decimals);
187 }
188
189 /*
190         Returns number formatted according to user setup and using $decimals digits after dot 
191         (defualt is 0). When $decimals is set to 'max' maximum available precision is used 
192         (decimals depend on value) and trailing zeros are trimmed.
193 */
194 function number_format2($number, $decimals=0)
195 {
196         global $thoseps, $decseps;
197         $tsep = $thoseps[$_SESSION["wa_current_user"]->prefs->tho_sep()];
198         $dsep = $decseps[$_SESSION["wa_current_user"]->prefs->dec_sep()];
199         //return number_format($number, $decimals, $dsep,       $tsep);
200         if($decimals==='max')
201                 $dec = 15 - floor(log10(abs($number)));
202         else {
203                 $delta = ($number < 0 ? -.0000000001 : .0000000001);
204                 $number += $delta;
205                 $dec = $decimals;
206         }
207
208         $num = number_format($number, $dec, $dsep, $tsep);
209
210         return $decimals==='max' ? rtrim($num, '0') : $num;
211
212 }
213 //
214 //      Current ui mode.
215 //
216 function fallback_mode() {
217     return $_SESSION["wa_current_user"]->ui_mode==0;
218 }
219
220 function price_format($number) {
221     return number_format2($number,
222         $_SESSION["wa_current_user"]->prefs->price_dec());
223 }
224
225 function price_decimal_format($number, &$dec)
226 {
227         $dec = user_price_dec();
228         $str = strval($number);
229         $pos = strpos($str, '.');
230         if ($pos !== false)
231         {
232                 $len = strlen(substr($str, $pos + 1));
233                 if ($len > $dec)
234                         $dec = $len;
235         }
236         return number_format2($number, $dec);
237 }
238 // function money_format doesn't exist in OS Win.
239 if (!function_exists('money_format'))
240 {
241         function money_format($format, $number) 
242         {
243                 return price_format($number);
244         } 
245 }       
246
247 // 2008-06-15. Added extra parameter $stock_id and reference for $dec
248 //--------------------------------------------------------------------
249 function qty_format($number, $stock_id=null, &$dec) {
250         $dec = get_qty_dec($stock_id);
251     return number_format2($number, $dec);
252 }
253
254 // and get_qty_dec
255 function get_qty_dec($stock_id=null)
256 {
257         global $path_to_root;
258         include_once($path_to_root."/inventory/includes/db/items_units_db.inc");
259         if ($stock_id != null)
260                 $dec = get_unit_dec($stock_id);
261         if ($stock_id == null || $dec == -1 || $dec == null)
262                 $dec = $_SESSION["wa_current_user"]->prefs->qty_dec();
263         return $dec;
264 }
265 //-------------------------------------------------------------------
266 //
267 //      Maximum precision format. Strips trailing unsignificant digits.
268 //
269 function maxprec_format($number) {
270     return number_format2($number, 'max');
271 }
272
273 function exrate_format($number) {
274     return number_format2($number,
275         $_SESSION["wa_current_user"]->prefs->exrate_dec());
276 }
277
278 function percent_format($number) {
279     return number_format2($number,
280         $_SESSION["wa_current_user"]->prefs->percent_dec());
281 }
282
283 function user_numeric($input) {
284     global $decseps, $thoseps;
285
286     $num = trim($input);
287     $sep = $thoseps[user_tho_sep()];
288     if ($sep!='')
289         $num = str_replace( $sep, '', $num);
290
291     $sep = $decseps[user_dec_sep()];
292     if ($sep!='.')
293         $num = str_replace( $sep, '.', $num);
294
295     if (!is_numeric($num))
296           return false;
297     $num = (float)$num;
298     if ($num == (int)$num)
299           return (int)$num;
300     else
301           return $num;
302 }
303
304 function user_company()
305 {
306         global $def_coy;
307         
308         return isset($_SESSION["wa_current_user"]) ? $_SESSION["wa_current_user"]->company : $def_coy;
309 }
310
311 function user_pos()
312 {
313         return $_SESSION["wa_current_user"]->pos;
314 }
315
316 function user_language()
317 {
318         return $_SESSION["wa_current_user"]->prefs->language();
319 }
320
321 function user_qty_dec()
322 {
323         return $_SESSION["wa_current_user"]->prefs->qty_dec();
324 }
325
326 function user_price_dec()
327 {
328         return $_SESSION["wa_current_user"]->prefs->price_dec();
329 }
330
331 function user_exrate_dec()
332 {
333         return $_SESSION["wa_current_user"]->prefs->exrate_dec();
334 }
335
336 function user_percent_dec()
337 {
338         return $_SESSION["wa_current_user"]->prefs->percent_dec();
339 }
340
341 function user_show_gl_info()
342 {
343         return $_SESSION["wa_current_user"]->prefs->show_gl_info();
344 }
345
346 function user_show_codes()
347 {
348         return $_SESSION["wa_current_user"]->prefs->show_codes();
349 }
350
351 function user_date_format()
352 {
353         return $_SESSION["wa_current_user"]->prefs->date_format();
354 }
355
356 function user_date_display()
357 {
358         return $_SESSION["wa_current_user"]->prefs->date_display();
359 }
360
361 function user_date_sep()
362 {
363         return $_SESSION["wa_current_user"]->prefs->date_sep();
364 }
365
366 function user_tho_sep()
367 {
368         return $_SESSION["wa_current_user"]->prefs->tho_sep();
369 }
370
371 function user_dec_sep()
372 {
373         return $_SESSION["wa_current_user"]->prefs->dec_sep();
374 }
375
376 function user_theme()
377 {
378         return isset($_SESSION["wa_current_user"]) ?
379                 $_SESSION["wa_current_user"]->prefs->get_theme() : 'default';
380 }
381
382 function user_pagesize()
383 {
384         return $_SESSION["wa_current_user"]->prefs->get_pagesize();
385 }
386
387 function user_hints()
388 {
389         return $_SESSION["wa_current_user"]->prefs->show_hints();
390 }
391
392 function user_print_profile()
393 {
394         return $_SESSION["wa_current_user"]->prefs->print_profile();
395 }
396
397 function user_rep_popup()
398 {
399         return $_SESSION["wa_current_user"]->prefs->rep_popup();
400 }
401
402 function user_query_size()
403 {
404         return $_SESSION["wa_current_user"]->prefs->query_size();
405 }
406
407 function user_graphic_links()
408 {
409         return $_SESSION["wa_current_user"]->prefs->graphic_links();
410 }
411
412 function sticky_doc_date()
413 {
414         return $_SESSION["wa_current_user"]->prefs->sticky_date();
415 }
416
417 function user_startup_tab()
418 {
419         return $_SESSION["wa_current_user"]->prefs->start_up_tab();
420 }
421
422 function set_user_prefs($prefs)
423 {
424         $_SESSION["wa_current_user"]->update_prefs($prefs);
425 }
426
427 function add_user_js_data() {
428         global $path_to_root, $thoseps, $decseps, $date_system, $dateseps;
429
430         $ts = $thoseps[user_tho_sep()];
431         $ds = $decseps[user_dec_sep()];
432
433     $js = "\n"
434           . "var user = {\n"
435           . "theme: '". $path_to_root . '/themes/'. user_theme().'/'."',\n"
436           . "loadtxt: '"._('Requesting data...')."',\n"
437           . "date: '".Today()."',\n"    // server date
438           . "datesys: ".$date_system.",\n"
439           . "datefmt: ".user_date_format().",\n"
440           . "datesep: '".$dateseps[user_date_sep()]."',\n"
441           . "ts: '$ts',\n"
442           . "ds: '$ds',\n"
443           . "pdec : " . user_price_dec() . "}\n";
444
445   add_js_source($js);
446 }
447
448 //--------------------------------------------------------------------------
449
450 function session_timeout()
451 {
452         $tout = @get_company_pref('login_tout'); // mask warning for db ver. 2.2
453         return $tout ? $tout : ini_get('session.gc_maxlifetime');
454 }
455
456 //-----------------------------------------------------------------------------
457 //      Inserts $elements into $array at position $index.
458 //      $elements is list of any objects
459 //
460 function array_insert(&$array, $index, $elements)
461 {
462         if (!is_array($elements)) $elements = array($elements);
463
464         $head  = array_splice($array, 0, $index);
465         $array = array_merge($head, $elements, $array);
466 }
467
468 function array_remove(&$array, $index, $len=1)
469 {
470         array_splice($array, $index, $len);
471 }
472
473 function array_substitute(&$array, $index, $len, $elements)
474 {
475         array_splice($array, $index, $len);
476         array_insert($array, $index, $elements);
477 }
478
479 function array_append(&$array, $elements)
480 {
481         foreach($elements as $key => $el) {
482                 if(is_int($key))
483                         $array[] = $el;
484                 else
485                         $array[$key] = $el;
486         }
487 }
488 //
489 //      Search $needle in $haystack or in $haystack[][$valuekey]
490 //      returns $needle found or null.
491 //
492 function array_search_value($needle, $haystack, $valuekey=null)
493 {
494         foreach($haystack as $key => $value) {
495                 $val = isset($valuekey) ? @$value[$valuekey] : $value;
496                 if ($needle == $val){
497                         return $value;
498                 }
499         }
500         return null;
501 }
502 //
503 //      Search $needle in $haystack or in $haystack[][$valuekey]
504 //      returns array of keys of $haystack elements found
505 //
506 function array_search_keys($needle, $haystack, $valuekey=null)
507 {
508         $keys = array();
509         if($haystack)
510                 foreach($haystack as $key => $value) {
511                         $val = isset($valuekey) ? @$value[$valuekey] : $value;
512                         if ($needle == $val){
513                                 $keys[] = $key;
514                         }
515                 }
516         return $keys;
517 }
518 //
519 //      Find first (single) $needle in $haystack or in $haystack[][$valuekey]
520 //      returns $haystack element found or null
521 //
522 function array_search_key($needle, $haystack, $valuekey=null)
523 {
524         $keys = array_search_keys($needle, $haystack, $valuekey);
525         return @$keys[0];
526 }
527
528 function flush_dir($path, $wipe = false) 
529 {
530         $dir = opendir($path);
531         if(!$dir)
532                 return;
533         while(false !== ($fname = readdir($dir))) {
534                 if($fname=='.' || $fname=='..' || $fname=='CVS' || (!$wipe && $fname=='index.php')) continue;
535                 if(is_dir($path.'/'.$fname)) {
536                     flush_dir($path.'/'.$fname, $wipe);
537                     if ($wipe) @rmdir($path.'/'.$fname);
538                 } else
539                     @unlink($path.'/'.$fname);
540         }
541 }
542 /*
543         Returns current path to company private folder.
544         (Current path can change after chdir).
545 */
546 function company_path($comp=null)
547 {
548         global $path_to_root, $comp_path;
549
550         if (!isset($comp))
551                 $comp = user_company();
552
553         // if path is relative, set current path_to_root
554         return ($comp_path[0]=='.' ? $path_to_root.'/'.basename($comp_path) : $comp_path)
555                         . '/'.$comp;
556 }
557
558 ?>
FrontAccounting stable branch