w3systemsDevelopment: webconsole/sysadmin_source/openLogin.h Source File

00001 /*
00002   openMetaLogin.h (non private, uses metasite schema)
00003     
00004   Security over admin panels.
00005 
00006 */
00007 #ifndef OPEN_LOGIN_H
00008 #define OPEN_LOGIN_H
00009 
00010 #include "cgiCookie.h"
00011 #include "openDB.hpp"
00012 #include "connectstring"
00013 #include "read_base.hpp"
00014 #include <map>
00015 #include <vector>
00016 // for parsing preferences
00017 #include "ocXML.h"
00018 #include "Session.hpp"
00019 
00020 class openService
00021 {
00022   public:
00023   
00024   // serviceItemMap serviceItems;
00025   
00026   string cat_name; // to satisfy w3intranet in reports
00027   string id,service_name,sequence,tree_depth,menu_name,
00028          uri,xml_params,xml_param1,xml_param2;
00029   bool local_uri, secure;
00030 
00031   openService()
00032   {;}
00033     virtual ~openService()
00034   {;}
00035   openService(const openService&in):cat_name(in.cat_name),id(in.id), sequence(in.sequence),
00036          tree_depth(in.tree_depth), service_name(in.service_name),  menu_name(in.menu_name),
00037          uri(in.uri), local_uri(in.local_uri), xml_params(in.xml_params), xml_param1(in.xml_param1),
00038          xml_param2(in.xml_param2)
00039   {;}
00040   openService & operator = ( const openService & in )
00041   {
00042     id=in.id;
00043     sequence=in.sequence;
00044     tree_depth=in.tree_depth;
00045     service_name=in.service_name;
00046     cat_name=in.cat_name;
00047     menu_name=in.menu_name;
00048     uri=in.uri;
00049     local_uri=in.local_uri;
00050     xml_params=in.xml_params;
00051     xml_param1=in.xml_param1;
00052     xml_param2=in.xml_param2;
00053     secure=in.secure;
00054     return *this;
00055   }
00056 };
00057 
00058 typedef map < string, openService > serviceMap;
00059 typedef vector < string > serviceVector;
00060 
00061 class openLogin
00062 {
00063 protected:
00064   
00065   string id,group_id,first,last,login,password,phone_number,email,preferences;
00066   bool site_admin;
00067   string sql;
00068   string lastError;
00069   serviceMap services;
00070   serviceVector serviceNames;
00071   string fieldTemp;
00072   quickQuery qqry;
00073   openRS & rs;
00074   Session_Obj session;
00075   
00076   void setCookieValue( cgiCookie & cookie, const char * name, string & value )
00077   {
00078     if( value.length() == 0 )
00079     {
00080       // set the timeout to 'Thu, 01-Jan-1970 00:00:00 GMT'
00081       // so the cookie will expire NOW.
00082       string & date = cookie.setTimeout( 1, 1, 1970, 0, 0 );
00083       cookie.set( name, value.c_str() ); 
00084       lastError = date;     
00085       date = ""; // set the date to null fo the next cookie setting.
00086     }
00087     else
00088     {
00089       cookie.set( name, value.c_str() );
00090     }
00091   }
00092   void setVars(void)
00093   {
00094     id=rs.getField(0).format();
00095     group_id=rs.getField(1).format();
00096     first=rs.getField(2).format();
00097     last=rs.getField(3).format();
00098     login=rs.getField(4).format();
00099     password=rs.getField(5).format();
00100     phone_number=rs.getField(6).format();
00101     email=rs.getField(7).format();
00102     site_admin = dynamic_cast<longField&>(rs.getField(8)).get();
00103     preferences = rs.getField(9).format();
00104   }
00105 public:
00106   openLogin(bool inCharge=true):qqry(),rs(qqry.getRS()),site_admin(false),session(inCharge){;}
00107   virtual ~openLogin(){;}
00108 
00109   virtual bool checkUser( const char * user, const char * password )
00110   {
00111     // be pessimistic about the return code
00112     bool bRet = false;
00113     // be pessimistic about the error string
00114     lastError = "Bad Login / Password combination: ";
00115     // establish cookies
00116     cgiCookie cookie;
00117     // cookies valid for entire site
00118     cookie.setPath("/");
00119 
00120     if( user && password && strlen(user) && strlen(password) )
00121     {
00122       // check validity of user & password
00123       sql = "Select u.id,u.group_id,u.first,u.last," // 0,1,2,3
00124             "u.login,u.password,u.phone_number,u.email,g.site_admin,u.preferences " // 4,5,6,7,8
00125             " from metasite.users u inner join metasite.groups g on g.id=u.group_id ";
00126       sql += " where u.login = '";
00127       sql += user;
00128       sql += "' and u.password = '";
00129       sql += password;
00130       sql += "'";
00131 
00132       if( rs.open(sql) )
00133       {
00134         // set the data vars
00135         setVars();
00136 
00137         // set sesson cookies
00138         setCookieValue( cookie, "token", id );
00139 
00140         // error? what error?
00141         lastError = "";
00142         // return true
00143         bRet = true;
00144         rs.close();
00145       } // end if query returned data
00146       else
00147       {
00148         lastError += rs.getErrors();
00149         lastError += " no such user on this site, please try again. ";
00150       }
00151     } // end if user and password
00152     else
00153     {
00154       lastError += " both the login and password must be entered. ";
00155     }
00156 
00157     // End Temp Code
00158     setCookieValue( cookie, "lastError", lastError );
00159     return bRet;
00160   }
00161 
00162   virtual bool testLoginStatus( void )
00163   {
00164     bool bRet = false;
00165     cgiCookie cookie;
00166     string & rId = id;    
00167     
00168     if( rId.length() == 0 || rId == "0") rId = cookie.get("token");
00169     
00170     if( rId.length() > 0 )
00171     {
00172       // Check to see if a real user is here
00173       sql = "Select u.id,u.group_id,u.first,u.last,"
00174             "u.login,u.password,u.phone_number,u.email,g.site_admin,u.preferences "
00175             " from metasite.users u inner join metasite.groups g on g.id=u.group_id where u.id = ";
00176       sql += rId;
00177       if( rs.open(sql) )
00178       {
00179         // set the data vars
00180         setVars();
00181 
00182         bRet = true;
00183         rs.close();
00184       } // end if query returned data
00185       else
00186       {
00187         lastError += "Could not fetch your login!\n";
00188         lastError += "<!--";
00189         lastError += sql;
00190         lastError += " cn: ";
00191         lastError += CONNECTSTRING;
00192         lastError += "-->";
00193       }
00194     } // end if Id has length
00195     return bRet;
00196   }
00197             
00198   bool fetchServices( string criteria = "" )
00199   {
00200     bool bRet = false;
00201     bool open = false;
00202 
00203     // get the role services - tie back to both roles and groups
00204     sql = "select distinct s.id, s.name, s.menu_name, s.uri, "// 0,1,2,3
00205           "s.local_uri, s.secure, " // 4,5
00206           "s.sequence, s.tree_depth, " // 6,7
00207           "s.xml_params, gs.xml_param1, gs.xml_param2 " // 8,9,10
00208           "from metasite.services s "
00209           "inner join metasite.group_services gs on gs.service_id = s.id "
00210           "inner join metasite.role_services rs on rs.service_id = gs.service_id "
00211           "inner join metasite.roles r on r.id = rs.role_id "
00212           "inner join metasite.user_roles ur on ur.role_id = r.id "
00213           "where ur.user_id = ";
00214     sql += id;
00215     sql += " and ur.enabled = 1";
00216     sql += " and rs.enabled = 1";
00217     sql += " and gs.group_id = ";
00218     sql += group_id;
00219     if( criteria.length() )
00220     {
00221       sql += " and ";
00222       sql += criteria;
00223     }
00224     sql += " order by s.sequence, s.tree_depth";
00225 
00226     for( open = rs.open(sql); open; open = rs.next() )
00227     {
00228       bRet = true;
00229       openService service;
00230       service.id =    rs.getField(0).format();
00231       service.service_name =  rs.getField(1).format();
00232       service.menu_name =     rs.getField(2).format();
00233       service.cat_name=service.service_name;
00234       service.uri =           rs.getField(3).format();
00235       service.xml_params =    rs.getField(8).format();
00236       service.xml_param1 =    rs.getField(9).format();
00237       service.xml_param2 =    rs.getField(10).format();
00238       service.local_uri =  dynamic_cast<longField&>(rs.getField(4)).get();
00239       service.secure =     dynamic_cast<longField&>(rs.getField(5)).get();
00240       service.sequence =      rs.getField(6).format();
00241       service.tree_depth =    rs.getField(7).format();
00242       string key = service.service_name;
00243       services.insert(make_pair(key,service));
00244       serviceNames.push_back(key);
00245     }
00246     rs.close();
00247     if( !bRet )
00248     {
00249       lastError += " no services for ";
00250       lastError += first;
00251       lastError += " ";
00252       lastError += last;
00253       lastError += " are enabled. <!--";
00254       lastError += sql;
00255       lastError += " | ";
00256       lastError += rs.getErrors();
00257       lastError += "-->";
00258     }
00259     return bRet;
00260 
00261   }  // end fetch services method
00262 
00263   serviceMap & Services( void )
00264   {
00265     return services;
00266   }
00267   serviceVector & ServiceNames( void )
00268   {
00269     return serviceNames;
00270   }
00271 
00272   string & Id( void )
00273   {
00274     return id;
00275   }
00276   string & Last( void )
00277   {
00278     return last;
00279   }
00280   string & First( void )
00281   {
00282     return first;
00283   }
00284   string FullName( void )
00285   {
00286     return first + " " + last;
00287   }
00288   string & Email ( void )
00289   {
00290     return email;
00291   }
00292   string & PhoneNumber ( void )
00293   {
00294     return phone_number;
00295   }
00296   string & Login ( void )
00297   {
00298     return login;
00299   }
00300   string & Password ( void )
00301   {
00302     return password;
00303   }
00304   string & getSql( void )
00305   {
00306     return sql;
00307   }
00308   string & getLastError( void )
00309   {
00310     return lastError;
00311   }
00312 
00313   //  Added group_id  site_admin
00314   string & GroupId( void )
00315   {
00316     return group_id;
00317   }
00318 
00319   bool SiteAdmin( void )
00320   {
00321     return site_admin;
00322   }
00323   // devolves in this case to id
00324   string & myStaff( void )
00325   {
00326     return id;
00327   }  
00328   Session_Obj & Session( void )
00329   {
00330     return session;
00331   }  
00332   // new preference stuff
00333   string getPreference( string Name )
00334   {
00335     string ret;
00336     xmlParser parser( preferences );
00337     parser.parse();
00338     node_map & nodes = parser.states.nodemap;
00339     node_map::iterator iter;
00340     iter = nodes.lower_bound(Name);
00341     if(iter != nodes.upper_bound(Name))
00342     {
00343       ret = parser.nodeList()[iter->second].data;    
00344     }
00345     return ret;
00346   }
00347   
00348   bool setPreference( string Name, string Value )
00349   {    
00350     xmlParser parser( preferences );
00351     parser.parse();
00352     node_map & nodes = parser.states.nodemap; 
00353     node_map::iterator pos = nodes.lower_bound(Name);
00354     if(pos != nodes.upper_bound(Name))
00355     {
00356       parser.nodeList()[pos->second].data = Value;    
00357     }
00358     else
00359     {
00360       xmlNode aNode;
00361       aNode.name = Name;
00362       aNode.data = Value;
00363       parser.addNode(aNode);
00364     }
00365     preferences = parser.emit();
00366     
00367     return synch();
00368   }
00369   bool synch()
00370   {
00371     bool isGood = false;
00372     if( id.length() )
00373     {
00374       openDbFactory DbMaker(PROVIDER,CONNECTSTRING);
00375       openDB & db = DbMaker.db();
00376       openCmdFactory CmdMaker(db);   
00377       openCMD & cmd = CmdMaker.cmd();
00378       sql = "update users set preferences = '";
00379       sql += preferences;
00380       sql += "' where id = ";
00381       sql += id;
00382       isGood = cmd.execute(sql);           
00383     } 
00384     return isGood;
00385   } 
00386    
00387 };
00388 
00389 
00390 
00391 #endif