w3systemsDevelopment: intra/reports/openLogin.h Source File

00001 /*
00002 
00003   openLogin.h
00004 
00005   Security over INTRANET admin panels.
00006 
00007 */
00008 
00009 // this is for validation against a totally different source of information
00010 #ifdef ALTSLOGINSOURCE
00011 #include ALTSLOGINSOURCE
00012 #define OPEN_LOGIN_H
00013 #endif
00014 
00015 #ifndef OPEN_LOGIN_H
00016 #define OPEN_LOGIN_H
00017 
00018 #warning USING DEFAULT OPENLOGIN HEADER, NO ALTSLOGINSOURCE
00019 
00020 #include "openDB.hpp"
00021 #include "connectstring"
00022 #include "read_base.hpp"
00023 #include <map>
00024 #include <vector>
00025 #include "Session.hpp"
00026 
00027 class openService
00028 {
00029   public:
00030   // serviceItemMap serviceItems;
00031 
00032   string id,cat_name,sequence,tree_depth,menu_name,
00033          uri,xml_params,xml_param1,xml_param2;
00034   bool local_uri, secure;
00035 
00036   openService()
00037   {;}
00038     virtual ~openService()
00039   {;}
00040   openService(const openService&in):id(in.id), sequence(in.sequence),
00041          tree_depth(in.tree_depth), cat_name(in.cat_name),  menu_name(in.menu_name),
00042          uri(in.uri), local_uri(in.local_uri), xml_params(in.xml_params), xml_param1(in.xml_param1),
00043          xml_param2(in.xml_param2)
00044   {;}
00045   openService & operator = ( const openService & in )
00046   {
00047     id=in.id;
00048     sequence=in.sequence;
00049     tree_depth=in.tree_depth;
00050     cat_name=in.cat_name;
00051     menu_name=in.menu_name;
00052     uri=in.uri;
00053     local_uri=in.local_uri;
00054     xml_params=in.xml_params;
00055     xml_param1=in.xml_param1;
00056     xml_param2=in.xml_param2;
00057     secure=in.secure;
00058     return *this;
00059   }
00060 };
00061 
00062 typedef map < string, openService > serviceMap;
00063 typedef vector < string > serviceVector;
00064 
00065 class openLogin
00066 {
00067 protected:
00068   
00069   string id,group_id,first,last,login,password,phone_number,email;
00070   bool site_admin;
00071   string sql;
00072   string lastError;
00073   serviceMap services;
00074   serviceVector serviceNames;
00075   string fieldTemp;
00076   quickQuery qqry;
00077   openRS & rs;
00078   Session_Obj session;
00079   
00080   void setCookieValue( cgiCookie & cookie, string name, string & value )
00081   {
00082     if( value.length() == 0 )
00083     {
00084       // set the timeout to 'Thu, 01-Jan-1970 00:00:00 GMT'
00085       // so the cookie will expire NOW.
00086       string & date = cookie.setTimeout( 1, 1, 1970, 0, 0 );
00087       cookie.set( name.c_str(), value.c_str() ); 
00088       lastError = date;     
00089       date = ""; // set the date to null for the next cookie setting.
00090     }
00091     else
00092     {
00093       cookie.set( name.c_str(), value.c_str() );
00094     }
00095   }
00096   void setVars(void)
00097   {
00098     id=rs.getField(0).format();
00099     group_id=rs.getField(1).format();
00100     first=rs.getField(2).format();
00101     last=rs.getField(3).format();
00102     login=rs.getField(4).format();
00103     password=rs.getField(5).format();
00104     phone_number=rs.getField(6).format();
00105     email=rs.getField(7).format();
00106     site_admin = dynamic_cast<longField&>(rs.getField(8)).get();
00107   }
00108 public:
00109   string token;
00110   openLogin():qqry(),rs(qqry.getRS()),site_admin(false),session(),token("intraToken"){;}
00111   virtual ~openLogin(){;}
00112 
00113   virtual bool checkUser( const char * user, const char * password )
00114   {
00115     // be pessimistic about the return code
00116     bool bRet = false;
00117     // be pessimistic about the error string
00118     lastError = "Bad Login / Password combination: ";
00119     // establish cookies
00120     cgiCookie cookie;
00121     // cookies valid for entire site
00122     cookie.setPath("/");
00123 
00124     if( user && password && strlen(user) && strlen(password) )
00125     {
00126       // check validity of user & password
00127       sql = "Select u.id,u.group_id,u.first,u.last," // 0,1,2,3
00128             "u.login,u.password,u.phone_number,u.email,g.site_admin " // 4,5,6,7,8
00129             " from users u inner join groups g on g.id=u.group_id ";
00130       sql += " where u.login = '";
00131       sql += user;
00132       sql += "' and u.password = '";
00133       sql += password;
00134       sql += "'";
00135 
00136 
00137       if( rs.open(sql) )
00138       {
00139         // set the data vars
00140         setVars();
00141 
00142         // set sesson cookies
00143         setCookieValue( cookie, token, id );
00144 
00145         // error? what error?
00146         lastError = "";
00147         // return true
00148         bRet = true;
00149         rs.close();
00150       } // end if query returned data
00151       else
00152       {
00153         lastError += rs.getErrors();
00154         lastError += " no such user on this site, please try again. ";
00155       }
00156     } // end if user and password
00157     else
00158     {
00159       lastError += " both the login and password must be entered. ";
00160     }
00161     setCookieValue( cookie, "lastError", lastError );
00162     return bRet;
00163   }
00164 
00165   virtual bool testLoginStatus( void )
00166   {
00167     bool bRet = false;
00168     cgiCookie cookie;
00169     string & rId = id;    
00170     
00171     if( rId.length() == 0 || rId == "0") rId = cookie.get(token.c_str());
00172     
00173     if( rId.length() > 0 )
00174     {
00175        bRet = getUser(rId);
00176     } // end if Id has length
00177     return bRet;
00178   }
00179   
00180   // New Interface!!!
00181   bool getUser(string & rId)
00182   {
00183     bool bRet = false;
00184       // Check to see if a real user is here
00185     sql = "Select u.id,u.group_id,u.first,u.last,"
00186           "u.login,u.password,u.phone_number,u.email,g.site_admin "
00187           " from users u inner join groups g on g.id=u.group_id where u.id = ";
00188     sql += rId;
00189 
00190     if( rs.open(sql) )
00191     {
00192       // set the data vars
00193       setVars();
00194 
00195       bRet = true;
00196       rs.close();
00197     } // end if query returned data
00198     else
00199     {
00200       lastError += "Could not fetch your login!\n";
00201       lastError += "<!--";
00202       lastError += sql;
00203       lastError += "-->";
00204     }
00205     return bRet;
00206   }
00207             
00208   bool fetchServices( string criteria = "" )
00209   {
00210     bool bRet = false;
00211     bool open = false;
00212 
00213     // get the role services - tie back to both roles and groups
00214     sql = "select distinct s.id, s.cat_name, s.menu_name, s.uri, "// 0,1,2,3
00215           "s.local_uri, s.secure, " // 4,5
00216           "s.sequence, s.tree_depth, " // 6,7
00217           "s.xml_params"
00218 #ifndef BOOTSTRAP          
00219           ", gs.xml_param1, gs.xml_param2 " // 8,9,10
00220 #endif           
00221           " from services s "
00222 #ifndef BOOTSTRAP            
00223           "inner join group_services gs on gs.service_id = s.id "
00224           "inner join role_services rs on rs.service_id = gs.service_id "
00225           "inner join roles r on r.id = rs.role_id "
00226           "inner join user_roles ur on ur.role_id = r.id "
00227           "where ur.user_id = ";
00228     sql += id;
00229     sql += " and ur.enabled = 1";
00230     sql += " and rs.enabled = 1";
00231     sql += " and gs.group_id = ";
00232     sql += group_id;
00233     
00234     if( criteria.length() )
00235     {
00236       sql += " and ";
00237       sql += criteria;
00238     }
00239 #else
00240   ;    
00241 #endif 
00242          
00243     sql += " order by s.sequence, s.tree_depth";
00244 
00245     for( open = rs.open(sql); open; open = rs.next() )
00246     {
00247       bRet = true;
00248       openService service;
00249       service.id =    rs.getField(0).format();
00250       service.cat_name =  rs.getField(1).format();
00251       service.menu_name =     rs.getField(2).format();
00252       service.uri =           rs.getField(3).format();
00253       service.local_uri =  dynamic_cast<longField&>(rs.getField(4)).get();
00254       service.secure =     dynamic_cast<longField&>(rs.getField(5)).get();
00255       service.sequence =      rs.getField(6).format();
00256       service.tree_depth =    rs.getField(7).format();      
00257       service.xml_params =    rs.getField(8).format();
00258 #ifndef BOOTSTRAP                  
00259       service.xml_param1 =    rs.getField(9).format();
00260       service.xml_param2 =    rs.getField(10).format();
00261 #endif
00262       string key = service.uri;
00263       if( services.find(key) != services.end() )
00264       {
00265         services.insert(make_pair(key,service));
00266         serviceNames.push_back(key);
00267       }
00268     }
00269     rs.close();
00270     if( !bRet )
00271     {
00272       lastError += " no services for ";
00273       lastError += first;
00274       lastError += " ";
00275       lastError += last;
00276       lastError += " are enabled. <!--";
00277       lastError += sql;
00278       lastError += " | ";
00279       lastError += rs.getErrors();
00280       lastError += "-->";
00281     }
00282     return bRet;
00283 
00284   }  // end fetch services method
00285 
00286   serviceMap & Services( void )
00287   {
00288     return services;
00289   }
00290   serviceVector & ServiceNames( void )
00291   {
00292     return serviceNames;
00293   }
00294 
00295   string & Id( void )
00296   {
00297     return id;
00298   }
00299   string myStaff( void )
00300   {
00301     // of course, I am part of my staff
00302     return id;
00303   }
00304   string & Last( void )
00305   {
00306     return last;
00307   }
00308   string & First( void )
00309   {
00310     return first;
00311   }
00312   string & Email ( void )
00313   {
00314     return email;
00315   }
00316   string & PhoneNumber ( void )
00317   {
00318     return phone_number;
00319   }
00320   string & Login ( void )
00321   {
00322     return login;
00323   }
00324   string & Password ( void )
00325   {
00326     return password;
00327   }
00328   string & getSql( void )
00329   {
00330     return sql;
00331   }
00332   string & getLastError( void )
00333   {
00334     return lastError;
00335   }
00336   string FullName( void )
00337   {
00338     return first + " " + last;
00339   }
00340   
00341   //  Added group_id  site_admin
00342   string & GroupId( void )
00343   {
00344     return group_id;
00345   }
00346   bool SiteAdmin( void )
00347   {
00348     return site_admin;
00349   }
00350   Session_Obj & Session( void )
00351   {
00352     return session;
00353   }
00354 };
00355 
00356 
00357 
00358 #endif