2.9.2 114 employees change pass

cli.php

@@ -2,12 +2,6 @@
 <?php
 namespace Core2;
 
-require_once 'inc/classes/Error.php';
-require_once 'inc/classes/Cli.php';
-require_once 'inc/classes/Registry.php';
-require_once 'inc/classes/Config.php';
-require_once 'inc/classes/I18n.php';
-
 try {
     if (PHP_SAPI !== 'cli') {
         throw new \Exception("Allowed for CLI only.");
@@ -17,6 +11,11 @@
         throw new \Exception("Composer autoload is missing.");
     }
     require_once($autoload);
+    require_once 'inc/classes/Error.php';
+    require_once 'inc/classes/Cli.php';
+    require_once 'inc/classes/Registry.php';
+    require_once 'inc/classes/Config.php';
+    require_once 'inc/classes/I18n.php';
 
     $_SERVER['SERVER_NAME'] = '_';
     $options = getopt('c:m:a:p:s:h', array(

conf.ini

@@ -11,7 +11,7 @@
 
 [production]
 ; ## Текущая версия ядра
-version = 2.9.1
+version = 2.9.2
 
 ; ## Используется в модуле webservice
 ; ## Время в секундах на которое выписывается вебтокен пользователя

inc/CoreController.php

@@ -392,10 +392,23 @@ public function action_seq(): string {
 
 			if ($rows) {
 				$rows_seq = array_values($rows);
+                $records  = [];
 
-				foreach ($_POST['data'] as $k => $row_id) {
-					$where = $this->db->quoteInto("{$id_name} = ?", $row_id);
-                    $this->db->update($table_name, ['seq' => $rows_seq[$k]], $where);
+                foreach ($_POST['data'] as $k => $row_id) {
+                    $records[$row_id] = $rows_seq[$k];
+                }
+
+
+                $is_custom = $records
+                    ? $this->customSequence($resource, $records)
+                    : false;
+
+
+				if ( ! $is_custom) {
+                    foreach ($records as $row_id => $sequence) {
+                        $where = $this->db->quoteInto("{$id_name} = ?", $row_id);
+                        $this->db->update($table_name, ['seq' => $sequence], $where);
+                    }
                 }
 			}
 
@@ -1106,4 +1119,55 @@ public function action_workhorse() {
             echo Alert::danger($e->getMessage());
         }
     }
+
+
+    /**
+     * Проверка модуля на реализацию собственного удаления
+     * @param string $resource
+     * @param array  $records
+     * @return bool
+     * @throws Exception
+     */
+    private function customSequence(string $resource, array $records): bool {
+
+        $mod             = explode('xxx', $resource);
+        $mod             = explode("_", $mod[0]);
+        $controller_name = "Mod" . ucfirst(strtolower($mod[0])) . "Controller";
+
+        $this->requireController($mod[0], $controller_name);
+        $controller = new $controller_name();
+
+        return $controller instanceof Sequence
+            ? $controller->sequence($resource, $records)
+            : false;
+    }
+
+
+    /**
+     * @param string $module_name
+     * @param string $mod_controller
+     * @return void
+     * @throws Exception
+     */
+    private function requireController(string $module_name, string $mod_controller): void {
+
+        $location        = $this->getModuleLocation($module_name); //определяем местоположение модуля
+        $controller_path = $location . "/" . $mod_controller . ".php";
+
+        if ( ! file_exists($controller_path)) {
+            throw new Exception(sprintf($this->translate->tr("Модуль не найден: %s"), $mod_controller), 400);
+        }
+
+        $autoload = $location . "/vendor/autoload.php";
+
+        if (file_exists($autoload)) { //подключаем автозагрузку если есть
+            require_once $autoload;
+        }
+
+        require_once $controller_path; // подлючаем контроллер
+
+        if ( ! class_exists($mod_controller)) {
+            throw new RuntimeException(sprintf($this->translate->tr("Модуль сломан: %s"), $location));
+        }
+    }
 }

inc/Interfaces/Sequence.php

@@ -0,0 +1,16 @@
+<?php
+
+
+/**
+ *
+ */
+interface Sequence {
+
+    /**
+     * @param string $resource_name
+     * @param array  $records
+     * Если возвращено true, то будет считаться, что вы самостоятельно сортировали объекты
+     * Если возвращено false будет считаться, что нужно применить стандартную процедуру сортировки
+     */
+    public function sequence(string $resource_name, array $records): bool;
+}

inc/Traits/Import.php

@@ -65,6 +65,8 @@ public function getFieldImport(array $options, array $data): string {
 
             if ($options['rows_select'] == 'checked') {
                 $tpl->row->checked_row->assign('[ROW_NUMBER]', $num);
+            } else {
+                $tpl->row->start_row->assign('[ROW_NUMBER]', $num);
             }
 
             $col = 0;

inc/classes/Error.php

@@ -106,7 +106,9 @@ public static function catchException(\Exception $exception): void {
                 self::Exception('Нет такой страницы', 404);
 
             } elseif ($message == 'expired') {
-                setcookie($cnf->session->name, false);
+                if ($cnf && $cnf?->session?->name) {
+                    setcookie($cnf->session->name, false);
+                }
                 header("{$_SERVER['SERVER_PROTOCOL']} 403 Forbidden");
                 die();
             }

inc/classes/Init.php

@@ -93,77 +93,78 @@
 
     $section = !empty($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : 'production';
 
-    $conf     = new Core2\Config($config_origin);
-    $config   = $conf->getData()->merge($conf->readIni($conf_file, $section));
+    $conf          = new Core2\Config($config_origin);
+    $system_config = $conf->getData()->merge($conf->readIni($conf_file, $section));
+
 
 
     $conf_d = __DIR__ . "/../../conf.ext.ini";
     if (file_exists($conf_d)) {
-        $config->merge($conf->readIni($conf_d, $section));
+        $system_config->merge($conf->readIni($conf_d, $section));
     }
 
     if (empty($_SERVER['HTTPS'])) {
-        if (isset($config->system) && ! empty($config->system->https)) {
+        if (isset($system_config->system) && ! empty($system_config->system->https)) {
             header('Location: https://' . $_SERVER['SERVER_NAME']);
             exit(); // TODO нужно убрать
         }
     }
-    $tz = $config->system->timezone;
+    $tz = $system_config->system->timezone;
     if (!empty($tz)) {
         date_default_timezone_set($tz);
     }
-    if (!$config) throw new Exception("Unable to load configuration.");
+    if (!$system_config) throw new Exception("Unable to load configuration.");
 }
 catch (Exception $e) {
     Error::Exception($e->getMessage());
 }
 
 // отладка приложения
-if ($config->debug->on) {
+if ($system_config->debug->on) {
     error_reporting(E_ALL);
     ini_set('display_errors', 1);
 } else {
     ini_set('display_errors', 0);
 }
 
 //проверяем настройки для базы данных
-if ($config->database) {
-    if (empty($config->database->adapter)) {
+if ($system_config->database) {
+    if (empty($system_config->database->adapter)) {
         Error::Exception('Database adapter is empty!');
     }
-    if (empty($config->database->params->dbname)) {
+    if (empty($system_config->database->params->dbname)) {
         Error::Exception('Database name is empty!');
     }
 }
 
 //конфиг стал только для чтения
-$config->setReadOnly();
+$system_config->setReadOnly();
 
 
-if (isset($config->include_path) && $config->include_path) {
-    set_include_path(get_include_path() . PATH_SEPARATOR . $config->include_path);
+if (isset($system_config->include_path) && $system_config->include_path) {
+    set_include_path(get_include_path() . PATH_SEPARATOR . $system_config->include_path);
 }
 
 //подключаем мультиязычность
 require_once 'I18n.php';
-$translate = new I18n($config);
+$translate = new I18n($system_config);
 
 //сохраняем конфиг
-Registry::set('config', $config);
+Registry::set('config', $system_config);
 
 //обрабатываем конфиг ядра
 $core_conf_file = __DIR__ . "/../../conf.ini";
 if (file_exists($core_conf_file)) {
-    $config = new Core2\Config();
-    Registry::set('core_config', $config->readIni($core_conf_file, 'production'));
+    $core_config = new Core2\Config();
+    Registry::set('core_config', $core_config->readIni($core_conf_file, 'production'));
 }
 
 require_once 'Acl.php';
 require_once 'Common.php';
 require_once 'SSE.php';
 
+
 /**
- * Class Init
  * @property Core2\Model\Modules $dataModules
  */
 class Init extends Acl {
@@ -173,9 +174,6 @@ class Init extends Acl {
      */
     private $auth;
 
-    protected $is_rest = array();
-    protected $is_soap = array();
-
 
     /**
      * Общая проверка аутентификации
@@ -250,13 +248,6 @@ public function checkAuth() {
 
             $auth = new SessionContainer('Auth');
             if (!empty($auth->ID) && is_int($auth->ID)) {
-                if (!empty($_POST['login']) && !empty($_POST['password'])) {
-                    //попытка повторного входа
-                    return [
-                        'status'     => 'success',
-                        'return_url' => DOC_PATH,
-                    ];
-                }
                 if (!$auth->getManager()->isValid()) {
                     $this->closeSession('Y');
                 }
@@ -327,24 +318,28 @@ public function dispatch() {
 
             if (isset($route['module'])) {
                 if (isset($route['api']) && $route['api'] === 'openapi') {
+
                     if ($route['action'] == 'core2.json') {
-                        define("SERVER", (!empty($_SERVER['HTTPS']) ? 'https://' : 'http://') . $_SERVER['SERVER_NAME'] . DOC_PATH);
+                        define("SERVER", ( ! empty($_SERVER['HTTPS']) ? 'https://' : 'http://') . $_SERVER['SERVER_NAME'] . DOC_PATH);
                         //генерация свагера для общего API
                         require_once "OpenApi.php";
                         header("Cache-Control: no-cache");
                         $schema = new \Core2\OpenApi();
-                        $html = $schema->render();
+                        $html   = $schema->render();
                         return $html;
                     }
+
                     if ($route['action'] == 'sections') {
                         require_once "OpenApiSpec.php";
                         header('Content-Type: application/json');
                         $schema = new \Core2\OpenApiSpec();
                         $this->setupAcl();
+
                         if ( ! empty($route['params'])) {
                             $section = key($route['params']);
                             return json_encode($schema->getSectionSchema($section));
                         }
+
                         return json_encode([ 'sections' => $schema->getSections() ]);
                     }
                 }
@@ -359,6 +354,11 @@ public function dispatch() {
                     $sse = new Core2\SSE();
                     $sse->run();
                     return '';
+                } elseif ($route['module'] === 'change_pass') {
+                    require_once 'Login.php';
+                    $login = new Login();
+                    $this->setupSkin();
+                    return $login->dispatch($route);
                 }
             }
 
@@ -370,6 +370,9 @@ public function dispatch() {
             $this->logActivity($logExclude);
             //TODO CHECK DIRECT REQUESTS except iframes
 
+            //Проверка устаревания пароля
+            $this->checkExpired();
+
             require_once 'Zend_Session_Namespace.php'; //DEPRECATED
             require_once 'core2/inc/Interfaces/Delete.php';
             require_once 'core2/inc/Interfaces/File.php';
@@ -548,6 +551,39 @@ public function dispatch() {
     }
 
 
+    /**
+     * Проверка на устаревание пароля пользователя
+     * @return void
+     * @throws Exception
+     */
+    private function checkExpired()
+    {
+
+        if ($this->config->registry->pass_expired == 'Y') {
+            if ( ! empty($this->auth->check_expired)) {
+                return;
+            }
+
+            if ( ! empty($this->config->registry->pass_expired_exception_user_id)) {
+                $exception_ids = explode(',', $this->config->registry->pass_expired_exception_user_id);
+                if (in_array($this->auth->ID, $exception_ids)) {
+                    $this->auth->check_expired = 1;
+                    return;
+                }
+            }
+
+            $data_user = $this->dataUsers->getUserById($this->auth->ID);
+
+            if (
+                (new DateTime($data_user['date_expired'])) < (new DateTime())) {
+                header('Location: /change_pass');
+                exit;
+            }
+            $this->auth->check_expired = 1;
+        }
+    }
+
+
 
     /**
      * проверка модуля на доступность
@@ -751,7 +787,7 @@ private function checkToken() {
                     //http basic auth allowed
                     [$login, $password] = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
                     $user = $this->dataUsers->getUserByLogin($login);
-                    if ($user && \Core2\Tool::password_verify_secure($password, (string)$user['u_pass'])) {
+                    if ($user && $user['u_pass'] === Tool::pass_salt(md5($password))) {
                         $auth = new \StdClass();
 
                         $auth->LIVEID = 0;

inc/classes/LdapAuth.php

@@ -199,7 +199,7 @@ public function getLdapInfo(string $login): void {
                 ]);
 
                 if ( ! $isset_email) {
-                    $where = $this->db->quoteInto('id = ?', $user_id);
+                    $where = $this->db->quoteInto('u_id = ?', $user_id);
                     $this->db->update('core_users', [
                         'email' => $data['mail'][0],
                     ], $where);