Envoi de L'IP sinon cela ne passe pas la sécurité...
This commit is contained in:
Michael RICOIS
parent
a906b033e7
commit
b197776d64
@ -10,10 +10,10 @@ class UserController extends Zend_Controller_Action
|
|||||||
{
|
{
|
||||||
Zend_Registry::get('firebug')->info('updateProfil');
|
Zend_Registry::get('firebug')->info('updateProfil');
|
||||||
$ws = new WsScores();
|
$ws = new WsScores();
|
||||||
$InfosLogin = $ws->getInfosLogin($login);
|
$InfosLogin = $ws->getInfosLogin($login, $_SERVER['REMOTE_ADDR']);
|
||||||
$identity = new stdClass;
|
$identity = new stdClass;
|
||||||
$identity->username = $login;
|
$identity->username = $login;
|
||||||
$identity->password = $password;
|
$identity->password = $password;
|
||||||
$identity->email = $InfosLogin->result->email;
|
$identity->email = $InfosLogin->result->email;
|
||||||
$identity->profil = $InfosLogin->result->profil;
|
$identity->profil = $InfosLogin->result->profil;
|
||||||
$identity->pref = $InfosLogin->result->pref;
|
$identity->pref = $InfosLogin->result->pref;
|
||||||
@ -31,19 +31,19 @@ class UserController extends Zend_Controller_Action
|
|||||||
$identity->typeScore = $InfosLogin->result->typeScore;
|
$identity->typeScore = $InfosLogin->result->typeScore;
|
||||||
$identity->timeout = (!empty($InfosLogin->result->timeout)) ?
|
$identity->timeout = (!empty($InfosLogin->result->timeout)) ?
|
||||||
$InfosLogin->result->timeout : 1800;
|
$InfosLogin->result->timeout : 1800;
|
||||||
$identity->time = time() + $identity->timeout;
|
$identity->time = time() + $identity->timeout;
|
||||||
$identity->modeEdition = false;
|
$identity->modeEdition = false;
|
||||||
return $identity;
|
return $identity;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function init()
|
public function init()
|
||||||
{
|
{
|
||||||
require_once 'Scores/Utilisateur.php';
|
require_once 'Scores/Utilisateur.php';
|
||||||
require_once 'Scores/WsScores.php';
|
require_once 'Scores/WsScores.php';
|
||||||
|
|
||||||
$this->view->headLink()->appendStylesheet('/themes/default/styles/user.css', 'all');
|
$this->view->headLink()->appendStylesheet('/themes/default/styles/user.css', 'all');
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Affiche le fomulaire d'edition des paramètres utilisateur
|
* Affiche le fomulaire d'edition des paramètres utilisateur
|
||||||
*/
|
*/
|
||||||
@ -52,29 +52,29 @@ class UserController extends Zend_Controller_Action
|
|||||||
$user = new Utilisateur();
|
$user = new Utilisateur();
|
||||||
if (!$user->checkPerm('MONPROFIL')){
|
if (!$user->checkPerm('MONPROFIL')){
|
||||||
$this->_forward('perms', 'error');
|
$this->_forward('perms', 'error');
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->view->headLink()->appendStylesheet('/themes/default/styles/form.css', 'all');
|
$this->view->headLink()->appendStylesheet('/themes/default/styles/form.css', 'all');
|
||||||
$this->view->headScript()->appendFile('/themes/default/scripts/user.js', 'text/javascript');
|
$this->view->headScript()->appendFile('/themes/default/scripts/user.js', 'text/javascript');
|
||||||
|
|
||||||
$request = $this->getRequest();
|
$request = $this->getRequest();
|
||||||
|
|
||||||
$messages = '';
|
$messages = '';
|
||||||
$isProfilUpdated = false;
|
$isProfilUpdated = false;
|
||||||
$isPasswordUpdated = false;
|
$isPasswordUpdated = false;
|
||||||
$updateResult = false;
|
$updateResult = false;
|
||||||
|
|
||||||
$ws = new WsScores();
|
$ws = new WsScores();
|
||||||
|
|
||||||
$login = $request->getParam('login', '');
|
$login = $request->getParam('login', '');
|
||||||
$op = $request->getParam('op');
|
$op = $request->getParam('op');
|
||||||
|
|
||||||
if ($request->isPost()) {
|
if ($request->isPost()) {
|
||||||
$options = $request->getParam('frmOptions', '');
|
$options = $request->getParam('frmOptions', '');
|
||||||
$action = $options['action'];
|
$action = $options['action'];
|
||||||
|
|
||||||
if ($login=='') $login = $options['login'];
|
if ($login=='') $login = $options['login'];
|
||||||
|
|
||||||
//Enregistrement des données new & update
|
//Enregistrement des données new & update
|
||||||
if (in_array($action, array('new','update'))) {
|
if (in_array($action, array('new','update'))) {
|
||||||
$infos = new stdClass();
|
$infos = new stdClass();
|
||||||
@ -92,12 +92,12 @@ class UserController extends Zend_Controller_Action
|
|||||||
if ($options['changepwd']==1){
|
if ($options['changepwd']==1){
|
||||||
$infos->password = $options['password'];
|
$infos->password = $options['password'];
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( in_array($options['profil'], array('Administrateur', 'SuperAdministrateur'))
|
if ( in_array($options['profil'], array('Administrateur', 'SuperAdministrateur'))
|
||||||
&& !in_array('monprofil', $options['droits']) ) {
|
&& !in_array('monprofil', $options['droits']) ) {
|
||||||
$options['droits'][] = 'monprofil';
|
$options['droits'][] = 'monprofil';
|
||||||
}
|
}
|
||||||
|
|
||||||
$infos->droits = $options['droits'];
|
$infos->droits = $options['droits'];
|
||||||
$infos->pref = $options['pref'];
|
$infos->pref = $options['pref'];
|
||||||
$infos->profil = isset($options['profil']) ? $options['profil'] : 'Utilisateur';
|
$infos->profil = isset($options['profil']) ? $options['profil'] : 'Utilisateur';
|
||||||
@ -110,7 +110,7 @@ class UserController extends Zend_Controller_Action
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
//Liste de tous les droits
|
//Liste de tous les droits
|
||||||
$listeDroits = $ws->getListeDroits();
|
$listeDroits = $ws->getListeDroits();
|
||||||
$droitsLib = array();
|
$droitsLib = array();
|
||||||
@ -118,7 +118,7 @@ class UserController extends Zend_Controller_Action
|
|||||||
$droitsLib[strtoupper($droit->code)] = $droit->desc;
|
$droitsLib[strtoupper($droit->code)] = $droit->desc;
|
||||||
}
|
}
|
||||||
$this->view->assign('droitsLib', $droitsLib);
|
$this->view->assign('droitsLib', $droitsLib);
|
||||||
|
|
||||||
//Liste de toutes les préférences
|
//Liste de toutes les préférences
|
||||||
$listePrefs = $ws->getListePrefs();
|
$listePrefs = $ws->getListePrefs();
|
||||||
$prefsLib = array();
|
$prefsLib = array();
|
||||||
@ -126,24 +126,24 @@ class UserController extends Zend_Controller_Action
|
|||||||
$prefsLib[strtoupper($pref->code)] = $pref->desc;
|
$prefsLib[strtoupper($pref->code)] = $pref->desc;
|
||||||
}
|
}
|
||||||
$this->view->assign('prefsLib', $prefsLib);
|
$this->view->assign('prefsLib', $prefsLib);
|
||||||
|
|
||||||
//Récupération des informations de l'identité
|
//Récupération des informations de l'identité
|
||||||
$auth = Zend_Auth::getInstance();
|
$auth = Zend_Auth::getInstance();
|
||||||
$identity = $auth->getIdentity();
|
$identity = $auth->getIdentity();
|
||||||
if ($identity->idClient == $options['idClient'] && $identity->username == $login) {
|
if ($identity->idClient == $options['idClient'] && $identity->username == $login) {
|
||||||
//Modification lors du changement de mot de passe
|
//Modification lors du changement de mot de passe
|
||||||
if ($options['changepwd']==1 && $updateResult) {
|
if ($options['changepwd']==1 && $updateResult) {
|
||||||
|
|
||||||
$identity->password = md5($login.'|'.$options['password']);
|
$identity->password = md5($login.'|'.$options['password']);
|
||||||
$auth->getStorage()->write($identity);
|
$auth->getStorage()->write($identity);
|
||||||
|
|
||||||
}
|
}
|
||||||
//Mise à jour du profil
|
//Mise à jour du profil
|
||||||
if ($isProfilUpdated && $updateResult) {
|
if ($isProfilUpdated && $updateResult) {
|
||||||
|
|
||||||
$identity = $this->updateProfil($identity->username, $identity->password);
|
$identity = $this->updateProfil($identity->username, $identity->password);
|
||||||
$auth->getStorage()->write($identity);
|
$auth->getStorage()->write($identity);
|
||||||
|
|
||||||
}
|
}
|
||||||
//Gestion mode edition en SESSION
|
//Gestion mode edition en SESSION
|
||||||
if ($action=='update') {
|
if ($action=='update') {
|
||||||
@ -152,28 +152,28 @@ class UserController extends Zend_Controller_Action
|
|||||||
|
|
||||||
$identity->modeEdition = true;
|
$identity->modeEdition = true;
|
||||||
$auth->getStorage()->write($identity);
|
$auth->getStorage()->write($identity);
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( $isProfilUpdated || $isPasswordUpdated ) {
|
if ( $isProfilUpdated || $isPasswordUpdated ) {
|
||||||
$this->view->assign('message', $message);
|
$this->view->assign('message', $message);
|
||||||
}
|
}
|
||||||
|
|
||||||
$isAdmin = false;
|
$isAdmin = false;
|
||||||
if ( $identity->profil == 'Administrateur'
|
if ( $identity->profil == 'Administrateur'
|
||||||
|| $identity->profil == 'SuperAdministrateur' ) {
|
|| $identity->profil == 'SuperAdministrateur' ) {
|
||||||
$isAdmin = true;
|
$isAdmin = true;
|
||||||
}
|
}
|
||||||
$this->view->assign('isAdmin', $isAdmin);
|
$this->view->assign('isAdmin', $isAdmin);
|
||||||
|
|
||||||
$isSuperAdmin = false;
|
$isSuperAdmin = false;
|
||||||
if ($identity->profil == 'SuperAdministrateur') {
|
if ($identity->profil == 'SuperAdministrateur') {
|
||||||
$isSuperAdmin = true;
|
$isSuperAdmin = true;
|
||||||
}
|
}
|
||||||
$this->view->assign('isSuperAdmin', $isSuperAdmin);
|
$this->view->assign('isSuperAdmin', $isSuperAdmin);
|
||||||
|
|
||||||
Zend_Registry::get('firebug')->info('action : '.$action);
|
Zend_Registry::get('firebug')->info('action : '.$action);
|
||||||
if ($op=='new'){
|
if ($op=='new'){
|
||||||
Zend_Registry::get('firebug')->info('Gestion first user SD');
|
Zend_Registry::get('firebug')->info('Gestion first user SD');
|
||||||
@ -184,7 +184,7 @@ class UserController extends Zend_Controller_Action
|
|||||||
$reponse = $ws->getListeClients($idClient);
|
$reponse = $ws->getListeClients($idClient);
|
||||||
$InfosClient = $reponse->result->item[0];
|
$InfosClient = $reponse->result->item[0];
|
||||||
$options->idClient = $idClient;
|
$options->idClient = $idClient;
|
||||||
if ($identity->idClient!=1 && $identity->profil!='SuperAdministrateur') {
|
if ($identity->idClient!=1 && $identity->profil!='SuperAdministrateur') {
|
||||||
$options->profil = 'Utilisateur';
|
$options->profil = 'Utilisateur';
|
||||||
}
|
}
|
||||||
$this->view->assign('options', $options);
|
$this->view->assign('options', $options);
|
||||||
@ -195,7 +195,7 @@ class UserController extends Zend_Controller_Action
|
|||||||
}elseif (!empty($action) || $action!='new') {
|
}elseif (!empty($action) || $action!='new') {
|
||||||
if ( !empty($login) && $identity->username != $login ) {
|
if ( !empty($login) && $identity->username != $login ) {
|
||||||
Zend_Registry::get('firebug')->info('getInfosLogin');
|
Zend_Registry::get('firebug')->info('getInfosLogin');
|
||||||
$reponse = $ws->getInfosLogin($login);
|
$reponse = $ws->getInfosLogin($login, $_SERVER['REMOTE_ADDR']);
|
||||||
$this->view->assign('options', $reponse->result);
|
$this->view->assign('options', $reponse->result);
|
||||||
$this->view->assign('loginVu', $reponse->result->login);
|
$this->view->assign('loginVu', $reponse->result->login);
|
||||||
$this->view->assign('droits', explode(' ', strtolower($reponse->result->droits)));
|
$this->view->assign('droits', explode(' ', strtolower($reponse->result->droits)));
|
||||||
@ -217,7 +217,7 @@ class UserController extends Zend_Controller_Action
|
|||||||
$this->view->assign('pref', array());
|
$this->view->assign('pref', array());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Renvoi vers le wiki
|
* Renvoi vers le wiki
|
||||||
*/
|
*/
|
||||||
@ -229,25 +229,25 @@ class UserController extends Zend_Controller_Action
|
|||||||
$url = 'http://infos.scores-decisions.com/?do=login&u='.$login.'&p='.$password;
|
$url = 'http://infos.scores-decisions.com/?do=login&u='.$login.'&p='.$password;
|
||||||
$this->_redirect($url);
|
$this->_redirect($url);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Téléchargement de la consommation au format CSV
|
* Téléchargement de la consommation au format CSV
|
||||||
*/
|
*/
|
||||||
public function consoAction()
|
public function consoAction()
|
||||||
{
|
{
|
||||||
$this->view->headScript()->appendFile('/themes/default/scripts/conso.js', 'text/javascript');
|
$this->view->headScript()->appendFile('/themes/default/scripts/conso.js', 'text/javascript');
|
||||||
|
|
||||||
$user = new Utilisateur();
|
$user = new Utilisateur();
|
||||||
|
|
||||||
$request = $this->getRequest();
|
$request = $this->getRequest();
|
||||||
$idClient = $request->getParam('idClient', $user->getIdClient());
|
$idClient = $request->getParam('idClient', $user->getIdClient());
|
||||||
$login = $request->getParam('login', '');
|
$login = $request->getParam('login', '');
|
||||||
|
|
||||||
$this->view->assign('idClient', $idClient);
|
$this->view->assign('idClient', $idClient);
|
||||||
$this->view->assign('login', $login);
|
$this->view->assign('login', $login);
|
||||||
$this->view->assign('profil', $user->getProfil());
|
$this->view->assign('profil', $user->getProfil());
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Renvoi vers le formulaire utilisateur avec les paramètres de la requete
|
* Renvoi vers le formulaire utilisateur avec les paramètres de la requete
|
||||||
*/
|
*/
|
||||||
@ -256,7 +256,7 @@ class UserController extends Zend_Controller_Action
|
|||||||
$params = $this->getRequest()->getParams();
|
$params = $this->getRequest()->getParams();
|
||||||
$this->_forward('index', 'user', null, $params);
|
$this->_forward('index', 'user', null, $params);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Suppression d'un utilisateur
|
* Suppression d'un utilisateur
|
||||||
*/
|
*/
|
||||||
@ -270,7 +270,7 @@ class UserController extends Zend_Controller_Action
|
|||||||
//Redirect
|
//Redirect
|
||||||
$this->_forward('liste');
|
$this->_forward('liste');
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Activation d'un utilisateur
|
* Activation d'un utilisateur
|
||||||
*/
|
*/
|
||||||
@ -284,7 +284,7 @@ class UserController extends Zend_Controller_Action
|
|||||||
//Redirect
|
//Redirect
|
||||||
$this->_forward('liste');
|
$this->_forward('liste');
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Désactivation d'un utilisateur
|
* Désactivation d'un utilisateur
|
||||||
*/
|
*/
|
||||||
@ -298,7 +298,7 @@ class UserController extends Zend_Controller_Action
|
|||||||
//Redirect
|
//Redirect
|
||||||
$this->_forward('liste');
|
$this->_forward('liste');
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Méthode AJAX pour modifier le password d'un utilisateur
|
* Méthode AJAX pour modifier le password d'un utilisateur
|
||||||
*/
|
*/
|
||||||
@ -306,17 +306,17 @@ class UserController extends Zend_Controller_Action
|
|||||||
{
|
{
|
||||||
//Redirect
|
//Redirect
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Affiche la liste des utiliateurs
|
* Affiche la liste des utiliateurs
|
||||||
*/
|
*/
|
||||||
public function listeAction()
|
public function listeAction()
|
||||||
{
|
{
|
||||||
$user = new Utilisateur();
|
$user = new Utilisateur();
|
||||||
|
|
||||||
$request = $this->getRequest();
|
$request = $this->getRequest();
|
||||||
$idClient = $request->getParam('idClient', $user->getIdClient());
|
$idClient = $request->getParam('idClient', $user->getIdClient());
|
||||||
|
|
||||||
if (!$user->isSuperAdmin() && !$user->isAdmin()) {
|
if (!$user->isSuperAdmin() && !$user->isAdmin()) {
|
||||||
$this->renderScript('error/perms.phtml');
|
$this->renderScript('error/perms.phtml');
|
||||||
}
|
}
|
||||||
@ -329,7 +329,7 @@ class UserController extends Zend_Controller_Action
|
|||||||
$this->view->assign('utilisateurs', $utilisateurs);
|
$this->view->assign('utilisateurs', $utilisateurs);
|
||||||
$this->view->assign('idClient', $idClient);
|
$this->view->assign('idClient', $idClient);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gestion de l'authentification
|
* Gestion de l'authentification
|
||||||
*/
|
*/
|
||||||
@ -373,7 +373,7 @@ class UserController extends Zend_Controller_Action
|
|||||||
$this->_helper->layout()->disableLayout();
|
$this->_helper->layout()->disableLayout();
|
||||||
$this->render('login');
|
$this->render('login');
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gestion de la déconnexion
|
* Gestion de la déconnexion
|
||||||
*/
|
*/
|
||||||
@ -381,37 +381,37 @@ class UserController extends Zend_Controller_Action
|
|||||||
{
|
{
|
||||||
Zend_Auth::getInstance()->clearIdentity();
|
Zend_Auth::getInstance()->clearIdentity();
|
||||||
$this->_helper->layout()->disableLayout();
|
$this->_helper->layout()->disableLayout();
|
||||||
|
|
||||||
$request = $this->getRequest();
|
$request = $this->getRequest();
|
||||||
$message = $request->getParam('message');
|
$message = $request->getParam('message');
|
||||||
$this->view->assign('message', $message);
|
$this->view->assign('message', $message);
|
||||||
|
|
||||||
$url = 'http://www.scores-decisions.com/';
|
$url = 'http://www.scores-decisions.com/';
|
||||||
|
|
||||||
if (APPLICATION_ENV != 'production'){
|
if (APPLICATION_ENV != 'production'){
|
||||||
$url = 'http://'.$_SERVER['SERVER_NAME'].$this->view->url(array(
|
$url = 'http://'.$_SERVER['SERVER_NAME'].$this->view->url(array(
|
||||||
'controller' => 'user',
|
'controller' => 'user',
|
||||||
'action' => 'login',
|
'action' => 'login',
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->view->assign('url', $url);
|
$this->view->assign('url', $url);
|
||||||
$this->view->headMeta()->appendHttpEquiv('refresh', '5; url='.$url);
|
$this->view->headMeta()->appendHttpEquiv('refresh', '5; url='.$url);
|
||||||
$this->render('logout');
|
$this->render('logout');
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Mettre à jour le mode edition en session sans refresh de la page
|
* Mettre à jour le mode edition en session sans refresh de la page
|
||||||
*/
|
*/
|
||||||
public function editionsessionAction()
|
public function editionsessionAction()
|
||||||
{
|
{
|
||||||
$this->_helper->layout()->disableLayout();
|
$this->_helper->layout()->disableLayout();
|
||||||
$this->_helper->viewRenderer->setNoRender(true);
|
$this->_helper->viewRenderer->setNoRender(true);
|
||||||
$request = $this->getRequest();
|
$request = $this->getRequest();
|
||||||
$mode = $request->getParam('mode', 'false');
|
$mode = $request->getParam('mode', 'false');
|
||||||
$auth = Zend_Auth::getInstance();
|
$auth = Zend_Auth::getInstance();
|
||||||
$identity = $auth->getIdentity();
|
$identity = $auth->getIdentity();
|
||||||
if ($identity->idClient == 1) {
|
if ($identity->idClient == 1) {
|
||||||
if ($mode == 'false') {
|
if ($mode == 'false') {
|
||||||
$identity->modeEdition = false;
|
$identity->modeEdition = false;
|
||||||
echo 0;
|
echo 0;
|
||||||
@ -421,10 +421,10 @@ class UserController extends Zend_Controller_Action
|
|||||||
}
|
}
|
||||||
$auth->getStorage()->write($identity);
|
$auth->getStorage()->write($identity);
|
||||||
} else {
|
} else {
|
||||||
echo 0;
|
echo 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Changer le theme de l'utilisateur
|
* Changer le theme de l'utilisateur
|
||||||
*/
|
*/
|
||||||
@ -432,20 +432,20 @@ class UserController extends Zend_Controller_Action
|
|||||||
{
|
{
|
||||||
$this->_helper->layout()->disableLayout();
|
$this->_helper->layout()->disableLayout();
|
||||||
$this->_helper->viewRenderer->setNoRender(true);
|
$this->_helper->viewRenderer->setNoRender(true);
|
||||||
|
|
||||||
$request = $this->getRequest();
|
$request = $this->getRequest();
|
||||||
$nom = $request->getParam('nom', 'default');
|
$nom = $request->getParam('nom', 'default');
|
||||||
|
|
||||||
$auth = Zend_Auth::getInstance();
|
$auth = Zend_Auth::getInstance();
|
||||||
$identity = $auth->getIdentity();
|
$identity = $auth->getIdentity();
|
||||||
|
|
||||||
$identity->theme = $nom;
|
$identity->theme = $nom;
|
||||||
|
|
||||||
$auth->getStorage()->write($identity);
|
$auth->getStorage()->write($identity);
|
||||||
|
|
||||||
//Rediriger vers l'écran de recherche
|
//Rediriger vers l'écran de recherche
|
||||||
$this->_redirect('/');
|
$this->_redirect('/');
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
Loading…
x
Reference in New Issue
Block a user