X-Git-Url: https://delta.frontaccounting.com/gitweb/?p=fa-stable.git;a=blobdiff_plain;f=includes%2Fcurrent_user.inc;h=c3d162e037e1d440175cfd6f6118f0a6c2b01d46;hp=a4ee5e85da39e7cd211d64fc21612f7c177ac662;hb=a31195793c023906ab5da62f06ab84aefed445c3;hpb=937d1698664f1021c0767d59950d14628d037aca diff --git a/includes/current_user.inc b/includes/current_user.inc index a4ee5e85..c3d162e0 100644 --- a/includes/current_user.inc +++ b/includes/current_user.inc @@ -9,29 +9,34 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License here . ***********************************************************************/ -include_once($path_to_root . "/includes/prefs/userprefs.inc"); +include_once($path_to_root . "/includes/prefs/userprefs.inc"); +if (!defined('TB_PREF')) { + define('TB_PREF', '&TB_PREF&'); +} //-------------------------------------------------------------------------- class current_user { - var $user; + var $user = 0; var $loginname; var $username; var $name; - var $company; + var $email; + var $company; // user's company var $pos; var $access; var $timeout; var $last_act; var $role_set = false; - + var $old_db; var $logged; var $ui_mode = 0; var $prefs; + var $cur_con; // current db connection (can be different from $company for superuser) - function current_user() + function __construct() { global $def_coy; @@ -49,21 +54,42 @@ class current_user function set_company($company) { - $this->company = $company; + $this->company = (int)$company; } function login($company, $loginname, $password) { - global $security_areas, $security_groups, $security_headings, $path_to_root; - + global $security_areas, $security_groups, $security_headings, $path_to_root, $dflt_lang, $SysPrefs; + $this->set_company($company); $this->logged = false; - $Auth_Result = get_user_for_login($loginname, $password); + set_global_connection($company); + $lang = &$_SESSION['language']; + $lang->set_language($_SESSION['language']->code); + db_set_encoding($_SESSION['language']->encoding); - if (db_num_rows($Auth_Result) > 0) + // Use external authentication source if any. + // Keep in mind you need to have user data set for $loginname + // in FA users table anyway to successfully log in. + $Auth_Result = hook_authenticate($loginname, $password); + + if (!isset($Auth_Result)) // if not used: standard method + $Auth_Result = get_user_auth($loginname, md5($password)); + + if ($SysPrefs->login_delay > 0) + write_login_filelog($loginname, $Auth_Result); + + if ($Auth_Result) { - $myrow = db_fetch($Auth_Result); + $myrow = get_user_by_login($loginname); + if ($myrow['language'] != $dflt_lang) + { // refresh language and user data + $lang->set_language($myrow['language']); + db_set_encoding($_SESSION['language']->encoding); + $myrow = get_user_by_login($loginname); + } + $this->old_db = isset($myrow["full_access"]); if (! @$myrow["inactive"]) { if ($this->old_db) { @@ -105,15 +131,47 @@ class current_user $this->username = $this->loginname; $this->prefs = new user_prefs($myrow); $this->user = @$myrow["id"]; + $this->email = @$myrow["email"]; update_user_visitdate($this->username); $this->logged = true; $this->last_act = time(); $this->timeout = session_timeout(); + flush_dir(user_js_cache()); // refresh cache on login } } return $this->logged; } + function reset_password($company, $email) { + global $SysPrefs; + + $this->set_company($company); + $this->logged = false; + + set_global_connection(); + + $user = get_user_by_email($email); + + if ($user != false) { + + $password = generate_password(); + $hash = md5($password); + + update_user_password($user['id'], $user['user_id'], $hash); + + $sender = get_company_pref('email'); + if (empty($sender)) + $header = ""; + else + $header = "From: $sender"; + + mail($email, _("New password for")." ".$SysPrefs->app_title, $password, $header); + + return true; + } + return false; + } + function check_user_access() { global $security_groups; @@ -124,18 +182,20 @@ class current_user return !isset($security_groups) && is_array($this->role_set); } - function can_access($page_level) + function can_access($sec_area) { global $security_groups, $security_areas; - if (isset($security_groups)) { - return $this->company == 0 && + return is_admin_company() && in_array(20, $security_groups[$this->access]); } - if ($page_level === 'SA_OPEN') + if ($sec_area === 'SA_OPEN') return true; - $code = @$security_areas[$page_level][0]; + if ($sec_area === 'SA_DENIED' || $sec_area === '') + return false; + + $code = $security_areas[$sec_area][0]; // only first registered company has site admin privileges return $code && in_array($code, $this->role_set) @@ -147,36 +207,88 @@ class current_user return $this->can_access($page_level); } - function get_db_connection() + function check_application_access($waapp) + { + if (!$this->hide_inaccessible_menu_items()) + { + return true; + } + + foreach ($waapp->modules as $module) + { + if ($this->check_module_access($module)) + { + return true; + } + } + + return false; + + } + + function check_module_access($module) { - global $db_connections; - $connection = $db_connections[$this->company]; + if (!$this->hide_inaccessible_menu_items()) + { + return true; + } + + if (sizeof($module->lappfunctions) > 0) + { + foreach ($module->lappfunctions as $appfunction) + { + if ($appfunction->label != "" && $this->can_access_page($appfunction->access)) + { + return true; + } + } + } - //print_r($connection); + if (sizeof($module->rappfunctions) > 0) + { + foreach ($module->rappfunctions as $appfunction) + { + if ($appfunction->label != "" && $this->can_access_page($appfunction->access)) + { + return true; + } + } + } - $db = mysql_connect($connection["host"] , - $connection["dbuser"], $connection["dbpassword"]); - mysql_select_db($connection["dbname"],$db); + return false; - if (!defined('TB_PREF')) - define('TB_PREF', $connection["tbpref"]); + } - return $db; + function hide_inaccessible_menu_items() + { + global $SysPrefs; + + if (!isset($SysPrefs->hide_inaccessible_menu_items) || $SysPrefs->hide_inaccessible_menu_items == 0) + { + return false; + } + + else + { + return true; + } } - function update_prefs($price_dec, $qty_dec, $exrate_dec, $percent_dec, - $showgl, $showcodes, $date_format, $date_sep, $tho_sep, $dec_sep, - $theme, $pagesize, $show_hints, $profile, $rep_popup, $query_size, - $graphic_links, $lang, $stickydate, $startup_tab) { - update_user_display_prefs($this->user, $price_dec, - $qty_dec, $exrate_dec, $percent_dec, $showgl, $showcodes, - $date_format, $date_sep, $tho_sep, $dec_sep, $theme, $pagesize, - $show_hints, $profile, $rep_popup, $query_size, $graphic_links, $lang, $stickydate, $startup_tab); - - // re-read the prefs - $user = get_user($this->user); - $this->prefs = new user_prefs($user); + function set_db_connection($id = -1) + { + return set_global_connection($id); + } + + function update_prefs($prefs) + { + global $SysPrefs; + + if (!$SysPrefs->allow_demo_mode) { + update_user_prefs($this->user, $prefs); + } + + $this->prefs = new user_prefs(get_user($this->user)); } } @@ -184,19 +296,50 @@ class current_user function round2($number, $decimals=0) { - $delta = ($number < 0 ? -.000001 : .000001); + $delta = ($number < 0 ? -.0000000001 : .0000000001); return round($number+$delta, $decimals); } +/* + Returns number formatted according to user setup and using $decimals digits after dot + (defualt is 0). When $decimals is set to 'max' maximum available precision is used + (decimals depend on value) and trailing zeros are trimmed. +*/ function number_format2($number, $decimals=0) { - global $thoseps, $decseps; - $tsep = $thoseps[$_SESSION["wa_current_user"]->prefs->tho_sep()]; - $dsep = $decseps[$_SESSION["wa_current_user"]->prefs->dec_sep()]; - //return number_format($number, $decimals, $dsep, $tsep); - $delta = ($number < 0 ? -.000001 : .000001); - return number_format($number+$delta, $decimals, $dsep, $tsep); + global $SysPrefs; + $tsep = $SysPrefs->thoseps[user_tho_sep()]; + $dsep = $SysPrefs->decseps[user_dec_sep()]; + + if ($number == '') + $number = 0; + if($decimals==='max') + $dec = 15 - floor(log10(abs($number))); + else { + $delta = ($number < 0 ? -.0000000001 : .0000000001); + @$number += $delta; + $dec = $decimals; + } + + $num = number_format($number, intval($dec), $dsep, $tsep); + + return $decimals==='max' ? rtrim($num, '0') : $num; + +} + +/* price/float comparision helper to be used in any suspicious place for zero values? +usage: +if (!floatcmp($value1, $value2)) + compare value is 0 +*/ + +define('FLOAT_COMP_DELTA', 0.004); + +function floatcmp($a, $b) +{ + return $a - $b > FLOAT_COMP_DELTA ? 1 : ($b - $a > FLOAT_COMP_DELTA ? -1 : 0); } + // // Current ui mode. // @@ -205,8 +348,7 @@ function fallback_mode() { } function price_format($number) { - return number_format2($number, - $_SESSION["wa_current_user"]->prefs->price_dec()); + return number_format2($number, user_price_dec()); } function price_decimal_format($number, &$dec) @@ -217,17 +359,27 @@ function price_decimal_format($number, &$dec) if ($pos !== false) { $len = strlen(substr($str, $pos + 1)); - if ($len > $dec) + if ($len > $dec && $len < ini_get('precision')-3) $dec = $len; } return number_format2($number, $dec); } +// function money_format doesn't exist in OS Win. +if (!function_exists('money_format')) +{ + function money_format($format, $number) + { + return price_format($number); + } +} + // 2008-06-15. Added extra parameter $stock_id and reference for $dec //-------------------------------------------------------------------- function qty_format($number, $stock_id=null, &$dec) { $dec = get_qty_dec($stock_id); return number_format2($number, $dec); } + // and get_qty_dec function get_qty_dec($stock_id=null) { @@ -236,10 +388,17 @@ function get_qty_dec($stock_id=null) if ($stock_id != null) $dec = get_unit_dec($stock_id); if ($stock_id == null || $dec == -1 || $dec == null) - $dec = $_SESSION["wa_current_user"]->prefs->qty_dec(); + $dec = user_qty_dec(); return $dec; } //------------------------------------------------------------------- +// +// Maximum precision format. Strips trailing unsignificant digits. +// +function maxprec_format($number) { + return number_format2($number, 'max'); +} + function exrate_format($number) { return number_format2($number, $_SESSION["wa_current_user"]->prefs->exrate_dec()); @@ -251,27 +410,31 @@ function percent_format($number) { } function user_numeric($input) { - global $decseps, $thoseps; + global $SysPrefs; $num = trim($input); - $sep = $thoseps[user_tho_sep()]; - if($sep!='') $num = str_replace( $sep, '', $num); - str_replace($sep, '', $num); - $sep = $decseps[user_dec_sep()]; - if($sep!='.') $num = str_replace( $sep, '.', $num); + $sep = $SysPrefs->thoseps[user_tho_sep()]; + if ($sep!='') + $num = str_replace( $sep, '', $num); + + $sep = $SysPrefs->decseps[user_dec_sep()]; + if ($sep!='.') + $num = str_replace( $sep, '.', $num); if (!is_numeric($num)) - return false; + return false; $num = (float)$num; if ($num == (int)$num) - return (int)$num; + return (int)$num; else - return $num; + return $num; } function user_company() { - return $_SESSION["wa_current_user"]->company; + global $def_coy; + + return isset($_SESSION["wa_current_user"]) ? $_SESSION["wa_current_user"]->company : $def_coy; } function user_pos() @@ -291,17 +454,23 @@ function user_qty_dec() function user_price_dec() { - return $_SESSION["wa_current_user"]->prefs->price_dec(); + global $SysPrefs; + + return isset($_SESSION["wa_current_user"]) ? $_SESSION["wa_current_user"]->prefs->price_dec() : 2; } function user_exrate_dec() { - return $_SESSION["wa_current_user"]->prefs->exrate_dec(); + global $SysPrefs; + + return isset($_SESSION["wa_current_user"]) ? $_SESSION["wa_current_user"]->prefs->exrate_dec() : 4; } function user_percent_dec() { - return $_SESSION["wa_current_user"]->prefs->percent_dec(); + global $SysPrefs; + + return isset($_SESSION["wa_current_user"]) ? $_SESSION["wa_current_user"]->prefs->percent_dec() : 1; } function user_show_gl_info() @@ -316,32 +485,56 @@ function user_show_codes() function user_date_format() { - return $_SESSION["wa_current_user"]->prefs->date_format(); + global $SysPrefs; + + return isset($_SESSION["wa_current_user"]) ? $_SESSION["wa_current_user"]->prefs->date_format() : $SysPrefs->dflt_date_fmt; } function user_date_display() { - return $_SESSION["wa_current_user"]->prefs->date_display(); + $fmt ='m/d/Y'; + if (isset($_SESSION["wa_current_user"])) { + $fmt = $_SESSION["wa_current_user"]->prefs->date_display(); + } else { + $sep = user_date_sep(); + $user_date_fmt = user_date_format(); + switch ($user_date_fmt) { + case 0: + $fmt = "m".$sep."d".$sep."Y"; break; + case 1: + $fmt = "d".$sep."m".$sep."Y"; break; + case 2: + $fmt = "Y".$sep."m".$sep."d"; break; + case 3: + $fmt = "M".$sep."j".$sep."Y"; break; + case 4: + $fmt = "j".$sep."M".$sep."Y"; break; + default: + $fmt = "Y".$sep."M".$sep."j"; + } + } } function user_date_sep() { - return $_SESSION["wa_current_user"]->prefs->date_sep(); + global $SysPrefs; + + return isset($_SESSION["wa_current_user"]->prefs->date_sep) ? $_SESSION["wa_current_user"]->prefs->date_sep() : $SysPrefs->dflt_date_sep; } function user_tho_sep() { - return $_SESSION["wa_current_user"]->prefs->tho_sep(); + return isset($_SESSION["wa_current_user"]) ? $_SESSION["wa_current_user"]->prefs->tho_sep() : 0; } function user_dec_sep() { - return $_SESSION["wa_current_user"]->prefs->dec_sep(); + return isset($_SESSION["wa_current_user"]) ? $_SESSION["wa_current_user"]->prefs->dec_sep() : 0; } function user_theme() { - return $_SESSION["wa_current_user"]->prefs->get_theme(); + return isset($_SESSION["wa_current_user"]) ? $_SESSION["wa_current_user"]->prefs->get_theme() : 'default'; } function user_pagesize() @@ -384,30 +577,55 @@ function user_startup_tab() return $_SESSION["wa_current_user"]->prefs->start_up_tab(); } -function set_user_prefs($price_dec, $qty_dec, $exrate_dec, $percent_dec, $showgl, $showcodes, - $date_format, $date_sep, $tho_sep, $dec_sep, $theme, $pagesize, $show_hints, - $print_profile, $rep_popup, $query_size, $graphic_links, $lang, $stickydate, $startup_tab) +function user_transaction_days() { + return $_SESSION["wa_current_user"]->prefs->transaction_days(); +} - $_SESSION["wa_current_user"]->update_prefs($price_dec, $qty_dec, $exrate_dec, $percent_dec, $showgl, $showcodes, - $date_format, $date_sep, $tho_sep, $dec_sep, $theme, $pagesize, $show_hints, - $print_profile, $rep_popup, $query_size, $graphic_links, $lang, $stickydate, $startup_tab); +function user_save_report_selections() +{ + return $_SESSION["wa_current_user"]->prefs->save_report_selections(); +} + +function user_use_date_picker() +{ + return $_SESSION["wa_current_user"]->prefs->use_date_picker(); +} + +function user_def_print_destination() +{ + return $_SESSION["wa_current_user"]->prefs->def_print_destination(); +} + +function user_def_print_orientation() +{ + return $_SESSION["wa_current_user"]->prefs->def_print_orientation(); +} + +function user_check_access($sec_area) +{ + return $_SESSION["wa_current_user"]->can_access($sec_area); +} + +function set_user_prefs($prefs) +{ + $_SESSION["wa_current_user"]->update_prefs($prefs); } function add_user_js_data() { - global $path_to_root, $thoseps, $decseps, $date_system, $dateseps; + global $path_to_root, $SysPrefs; - $ts = $thoseps[user_tho_sep()]; - $ds = $decseps[user_dec_sep()]; + $ts = $SysPrefs->thoseps[user_tho_sep()]; + $ds = $SysPrefs->decseps[user_dec_sep()]; $js = "\n" . "var user = {\n" . "theme: '". $path_to_root . '/themes/'. user_theme().'/'."',\n" . "loadtxt: '"._('Requesting data...')."',\n" . "date: '".Today()."',\n" // server date - . "datesys: ".$date_system.",\n" + . "datesys: ".$SysPrefs->date_system.",\n" . "datefmt: ".user_date_format().",\n" - . "datesep: '".$dateseps[user_date_sep()]."',\n" + . "datesep: '".$SysPrefs->dateseps[user_date_sep()]."',\n" . "ts: '$ts',\n" . "ds: '$ds',\n" . "pdec : " . user_price_dec() . "}\n"; @@ -415,6 +633,18 @@ function add_user_js_data() { add_js_source($js); } +function user_js_cache($id=null) +{ + global $path_to_root; + + if (!$id) + $id = @$_SESSION['wa_current_user']->user; + + if (!$id) + $id = 0; // before login + return $path_to_root.'/company/'.user_company().'/js_cache/'.$id; +} + //-------------------------------------------------------------------------- function session_timeout() @@ -422,4 +652,128 @@ function session_timeout() $tout = @get_company_pref('login_tout'); // mask warning for db ver. 2.2 return $tout ? $tout : ini_get('session.gc_maxlifetime'); } -?> \ No newline at end of file + +//----------------------------------------------------------------------------- +// Inserts $elements into $array at position $index. +// $elements is list of any objects +// +function array_insert(&$array, $index, $elements) +{ + if (!is_array($elements)) $elements = array($elements); + + $head = array_splice($array, 0, $index); + $array = array_merge($head, $elements, $array); +} + +function array_remove(&$array, $index, $len=1) +{ + array_splice($array, $index, $len); +} + +function array_substitute(&$array, $index, $len, $elements) +{ + array_splice($array, $index, $len); + array_insert($array, $index, $elements); +} + +function array_append(&$array, $elements) +{ + foreach($elements as $key => $el) { + if(is_int($key)) + $array[] = $el; + else + $array[$key] = $el; + } +} +// +// Search $needle in $haystack or in $haystack[][$valuekey] +// returns $needle found or null. +// +function array_search_value($needle, $haystack, $valuekey=null) +{ + if (is_array($haystack)) { + foreach($haystack as $key => $value) { + $val = isset($valuekey) ? @$value[$valuekey] : $value; + if ($needle == $val){ + return $value; + } + } + } + return null; +} +// +// Search $needle in $haystack or in $haystack[][$valuekey] +// returns array of keys of $haystack elements found +// +function array_search_keys($needle, $haystack, $valuekey=null) +{ + $keys = array(); + if (is_array($haystack)) { + foreach($haystack as $key => $value) { + $val = isset($valuekey) ? @$value[$valuekey] : $value; + if ($needle == $val){ + $keys[] = $key; + } + } + } + return $keys; +} +// +// Find first (single) $needle in $haystack or in $haystack[][$valuekey] +// returns $haystack element found or null +// +function array_search_key($needle, $haystack, $valuekey=null) +{ + $keys = array_search_keys($needle, $haystack, $valuekey); + return @$keys[0]; +} + +// Recalculate report columns if orientation is landscape. +function recalculate_cols(&$cols) +{ + $factor = (user_pagesize() == "A4" ? 1.4 : 1.3); + foreach($cols as $key => $col) + $cols[$key] = intval($col * $factor); +} + +function flush_dir($path, $wipe = false) +{ + if (!file_exists($path)) + return; + $dir = @opendir($path); + if(!$dir) + return; + + while(false !== ($fname = readdir($dir))) { + if($fname=='.' || $fname=='..' || $fname=='CVS' || (!$wipe && $fname=='index.php')) continue; + if(is_dir($path.'/'.$fname)) { + flush_dir($path.'/'.$fname, $wipe); + if ($wipe) @rmdir($path.'/'.$fname); + } else + @unlink($path.'/'.$fname); + } +} +/* + Returns current path to company private folder. + (Current path can change after chdir). +*/ +function company_path($comp=null) +{ + global $path_to_root, $SysPrefs; + + $comp_path = $SysPrefs->comp_path; + + + if (!isset($comp)) + $comp = user_company(); + + // if path is relative, set current path_to_root + return ($comp_path[0]=='.' ? $path_to_root.'/'.basename($comp_path) : $comp_path) + . '/'.$comp; +} + +function is_admin_company() +{ + return $this->company == 0; +} +