src/Globals/CoreBundle/Controller/SecurityController.php line 54

Open in your IDE?
  1. <?php
  2. /**
  3.  * Created by PhpStorm.
  4.  * User: xfloyd
  5.  * Date: 9/9/2015
  6.  * Time: 4:57 PM
  7.  */
  9. namespace Globals\CoreBundle\Controller;
  10. use Cassandra\Exception\TruncateException;
  11. use Globals\MailManagementBundle\Entity\Mail;
  12. use Globals\CoreBundle\Entity\ResourceSmsSent;
  13. use Globals\MailManagementBundle\Entity\MailRecipient;
  14. use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
  15. //use \Globals\ResourceManagementBundle\Services\SLogger;
  16. use Symfony\Bundle\FrameworkBundle\Controller\Controller;
  17. use Symfony\Component\HttpFoundation\Request;
  18. use Symfony\Component\HttpFoundation\JsonResponse;
  19. use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
  20. use Symfony\Component\HttpFoundation\Session\Session;
  21. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  22. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  23. use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  24. use Globals\CoreBundle\Services\SendMessageService;
  25. use Twilio\Rest\Client;
  26. use Globals\ResourceManagementBundle\Entity\Resource;
  29. class SecurityController extends Controller
  30. {
  32.     /**
  33.      * Log Error/Status Messages to predefined file location
  34.      *
  35.      * @param $str
  36.      */
  38.     function log($str)
  39.     {
  40.         $file_path "/tmp/slogger_output.txt";
  41.         if (!file_exists($file_path)) {
  42.             $fh fopen($file_path'w');
  43.         } else {
  44.             $fh fopen($file_path'a');
  45.         }
  46.         fwrite($fhprint_r($strtrue) . "\n");
  47.         fclose($fh);
  48.     }
  50.     /**
  51.      * @Route("/")
  52.      * @Route("/login", name="login")
  53.      */
  54.     public function loginAction(Request $request)
  55.     {
  58.         if ($this->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_FULLY') && !$request->isXmlHttpRequest()) {
  59.             /**
  60.              * Used to load this Resource's "NumPerPage" Setting,
  61.              * into the session, to be used on all datatables
  62.              */
  63.             $user $this->container->get("security.token_storage")->getToken()->getUser();
  64.             if (!is_scalar($user) && get_class($user) == "Globals\\ResourceManagementBundle\\Entity\\Resource") {
  65.                 $session = new Session();
  66.                 $session->set("NumPerPage"10);
  67.             }
  68.             return $this->redirect($this->generateUrl('globals_claimmanagement_claimintakecontainer_mainactivity')); // secure_homepage
  69.         }
  71.         try {
  72.             $this->getDoctrine()->getConnection()->connect();
  74.         } catch (\Exception $e) {
  75.             // failed to connect time to go to the main landing page where you can select your customer ID
  76.             return $this->render('CoreBundle:Default:index.html.twig');
  77.         }
  78.         return $this->render('@Core/Default/login_base.html.twig', ['IS_MODAL' => $request->isXmlHttpRequest()]);
  79.     }
  81.     /**
  82.      * @Route("/savesmsresponse")
  83.      */
  84.     public function saveSmsResponse(Request $request)
  85.     {
  86.         // header("content-type: text/xml");
  87.         // $response = new MessagingResponse();
  88.         // $response->message(
  89.         //   "I'm using the Twilio PHP library to respond to this SMS!"
  90.         //  );
  91.         $em $this->container->get("doctrine.orm.entity_manager");
  92.         $twilioresponse json_decode($_REQUEST,true);
  93.         file_put_contents("test.txt",$_REQUEST);
  94.         $messageId $twilioresponse['sid'];
  95.         $messageStatus  $twilioresponse['status'];
  96.         $objSmsInfo =  $em->getRepository("CoreBundle:ResourceSmsSent")->findOneBy(array('smsId'=> $messageId));
  97.         $objSmsInfo->setSmsSentStatus($messageStatus);
  98.         $em->persist($objSmsInfo);
  99.         $em->flush();
  100.         $response 'success';
  101.         return new JsonResponse($response);
  103.         // echo $_SERVER['REQUEST_SCHEME'].'://'.$_SERVER['HTTP_HOST'].
  104.         //  $_SERVER['PHP_SELF'];
  105.         //  dd($_SERVER);
  107.         //  die("dfdfdf");
  108.     }
  109.     /**
  110.      * @Route("/smsvalidate")
  111.      */
  112.     public function smsValidate(Request $request)
  113.     {
  114.          //return $this->redirect($this->generateUrl('globals_claimmanagement_claimintakecontainer_mainactivity')); // secure_homepage
  116.         //$phone_number_only = '+13109895228';
  117.         //$client = new Client('ACd025cc7fe51bd8f5ad59f7aaccaf0446', '73344d257e7d5313e2c89543a99e2d1b');
  118.         //$sms = $client->messages->create(
  119.            // $phone_number_only, // to
  120.            // [
  121.            //     "body" => 'Dear MO, 100000 has been deposited in to your account.But total amount will not change', // message contents
  122.                // "from" => "+17405737242" // from number
  123.            // ]
  124.       //  );
  125.         $em $this->container->get("doctrine.orm.entity_manager");
  126.         $resource $em->getRepository("ResourceManagementBundle:Resource")->find(base64_decode(urldecode($_GET['id'])));
  127.         $objSmsInfo =  $em->getRepository("CoreBundle:ResourceSmsSent")->findOneBy(array('userId'=> base64_decode(urldecode($_GET['id'])),'isActive'=>'Y'),
  128.             array('id' => 'DESC'));
  129.         $smsSentTimeDiff 0;
  130.         if(!empty($objSmsInfo)) {
  131.             $smsSentTime strtotime($objSmsInfo->getSentOn()->format('Y-m-d H:i:s'));
  133.             $currentTime strtotime(date('Y-m-d H:i:s'));
  134.             $smsSentTimeDiff =  $currentTime $smsSentTime;
  135.         }
  140.         return $this->render('@Core/Default/sms_validate.html.twig', ['IS_MODAL' => $request->isXmlHttpRequest(),'smsSentMobileNO'=>$resource->getMobilePhone(),'userId'=>$resource->getId(),'smsSentTimeDiff'=>$smsSentTimeDiff,'counterTot'=>180]);
  141.     }
  142.     /**
  143.      * @Route("/")
  144.      * @Route("/get_auth_info", name="get_auth_info")
  145.      */
  146.     public function getAuthInfoAction(Request $request)
  147.     {
  149.         $em $this->container->get("doctrine.orm.entity_manager");
  150.         $auth_code $request->request->get("auth_code");
  151.         $userId$request->request->get("userId");
  153.         $validsms $em->getRepository("CoreBundle:ResourceSmsSent")->findBy(array("smsStatus" => array('sent','wrong1','wrong2'),'isActive'=>'Y',"userId"=> $userId),
  154.             array('id' => 'DESC'));
  155.         if(!empty($validsms) && $auth_code==$validsms[0]->getSmsCode()) {
  156.             $validsms[0]->setSmsStatus('validated');
  157.             $em->persist($validsms[0]);
  158.             $em->flush();
  159.             $objResource $em->getRepository("ResourceManagementBundle:Resource")->findOneBy([
  160.                 "id" => $userId,
  161.                 "isActive" => 1
  162.             ]);
  163.             $userRole $objResource->getRoles();
  165.             if (in_array('ROLE_REGISTERED',$userRole )) {
  166.                 return new JsonResponse($this->generateUrl('globals_resourcemanagement_resource_resources2'). '#' preg_replace("/^\/(?!app_dev.php)/"""$this->generateUrl('globals_resourcemanagement_resource_editresourceajax', ["id" => $userId])));
  168.             }else{
  169.                 return new JsonResponse(($this->generateUrl('globals_claimmanagement_claimintakecontainer_mainactivity'))); // secure_homepage
  171.                // return new JsonResponse($this->generateUrl('globals_claimmanagement_claimintakecontainer_mainactivity'). '#' . preg_replace("/^\/(?!app_dev.php)/", "", $this->generateUrl('globals_claimmanagement_claimintakefragments_viewmyclaims')));
  173.             }
  174.             //return $this->redirect($this->generateUrl('globals_claimmanagement_claimintakecontainer_mainactivity')); // secure_homepage
  175.         }
  176.         else{
  177.             $validsms $em->getRepository("CoreBundle:ResourceSmsSent")->findOneBy(array('isActive'=>'Y',"userId"=> $userId), array('id' => 'DESC'));
  179.             if($validsms->getSmsStatus()=='sent'){
  180.                    $validsms->setSmsStatus('wrong1');
  181.                 $em->persist($validsms);
  182.                 $em->flush();
  183.                    return new JsonResponse('NOTVALID');
  184.                }
  185.             if($validsms->getSmsStatus()=='wrong1'){
  186.                 $validsms->setSmsStatus('wrong2');
  187.                 $em->persist($validsms);
  188.                 $em->flush();
  189.                 return new JsonResponse('NOTVALID');
  190.             }
  191.             if($validsms->getSmsStatus()=='wrong2'){
  192.                 $validsms->setSmsStatus('wrong3');
  193.                 $em->persist($validsms);
  194.                 $em->flush();
  195.                 return new JsonResponse($this->generateUrl('logout'));
  196.             }
  198.             }
  199.     }
  201.     /**
  202.      * @Route("/")
  203.      * @Route("/resend_auth_code", name="resend_auth_code")
  204.      */
  205.     public function resendAuthCodeAction(Request $request)
  206.     {
  208.         $em $this->container->get("doctrine.orm.entity_manager");
  210.         $userId $request->request->get("userId");
  211.         $callfrm $request->request->get("frm");
  212.         $objSmsInfo $em->getRepository("CoreBundle:ResourceSmsSent")->findOneBy(array('userId' => $userId,'isActive'=>'Y'),
  213.             array('id' => 'DESC'));
  214.         if (!empty($objSmsInfo) && $callfrm!='resend'){
  216.             $objSmsInfo->setSmsStatus('expired');
  218.             $em->persist($objSmsInfo);
  219.             $em->flush();
  220.             return new JsonResponse('Expired');
  221.         }
  223.         $objSmsInfo $em->getRepository("CoreBundle:ResourceSmsSent")->findBy(array('userId' => $userId,'isActive'=>'Y'),
  224.             array('id' => 'DESC'));
  226.         if($callfrm=='resend' && $objSmsInfo[0]->getSmsStatus()!='Sent') {
  227.             $objResInfo $em->getRepository("ResourceManagementBundle:Resource")->findOneBy(array('id' => $userId));
  230.             $messageSendService = new SendMessageService($em);
  231.             $smsArrayData = array();
  232.             $smsArrayData['user_id'] = $userId;
  233.             $smsArrayData['user_mobile_phone'] = $objResInfo->getMobilePhone();
  234.             $messageSendService->sendSMS($smsArrayData);
  236.             return new JsonResponse('Sent');
  237.         }else{
  238.             return new JsonResponse('noSent');
  239.         }
  242.     }
  243.     /**
  244.      * @Route("/login_check", name="login_check")
  245.      */
  246.     public function loginCheckAction()
  247.     {
  248.         // this controller will not be executed,
  249.         // as the route is handled by the Security system
  250.     }
  252.     /**
  253.      * @Route("/check_password", name="check_password")
  254.      */
  255.     public function isPasswordValid(Request $request)
  256.     {
  257.         $response 'error';
  258.         $user false;
  260.         if ($request->isMethod('POST') && $password $request->get('password')) {
  262.             if ($username $this->get('security.token_storage')->getToken()->getUser()->getUsername()) {
  264.                 $em $this->getDoctrine()->getManager();
  265.                 $user $em->getRepository("ResourceManagementBundle:Resource")->findOneBy([
  266.                     "username" => $username,
  267.                     "isActive" => 1
  268.                 ]);
  269.             }
  271.             if ($user
  272.             {
  273.                 // Get the encoder for the users password
  274.                 //$encoder_service = $this->get('security.encoder_factory');
  275.                // $encoder = $encoder_service->getEncoder($user);
  276.                 $passwordService $this->container->get("core.password_validate");
  277.                 if ( $passwordService->passwordIsValidForCurrentUser($password)) {
  278.                     // Password ok
  279.                     $response 'valid';
  280.                 } else {
  281.                     // Password bad
  282.                     $response 'invalid';
  283.                 }
  284.             } else {
  286.                 if ($username $this->get('security.token_storage')->getToken()->getUser()->getUsername()) {
  288.                     $em $this->getDoctrine()->getManager();
  289.                     $query $em->createQuery("SELECT u FROM  \Globals\ResourceManagementBundle\Entity\Resource u WHERE u.username = :username");
  291.                     $query->setParameter('username'$username);
  295.                     $resource $query->getOneOrNullResult();
  296.                 }
  298.                 if ($resource) {
  300.                     // Get the encoder for the users password
  301.                     //$encoder_service = $this->get('security.encoder_factory');
  302.                     // $encoder = $encoder_service->getEncoder($user);
  303.                     $passwordService $this->container->get("core.password_validate");
  304.                     //if ($encoder->isPasswordValid($user->getPassword(), $password, $user->getSalt())) {
  305.                     if ( $passwordService->passwordIsValidForCurrentUser($password)) {
  306.                       
  307.                         // Password ok
  308.                         $response 'valid';
  309.                     } else {
  310.                         // Password bad
  311.                         $response 'invalid';
  312.                     }
  313.                 }
  314.             }
  315.         }
  317.         return new JsonResponse(['response' => $response]);
  318.     }
  320.     /**
  321.      * @Route("/send_forget_password_email", name="send_forget_password_email")
  322.      * @Method({"POST"})
  323.      */
  324.     public function sendForgetPasswordEmailAction(Request $request)
  325.     {
  326.         $user false;
  327.         $forget_password_email $request->request->get('_forget_password_email');
  329.         if ($forget_password_email)
  330.         {
  331.             $em $this->getDoctrine()->getManager();
  332.             $query $em->createQuery("SELECT u FROM \Globals\ResourceManagementBundle\Entity\Resource u WHERE u.email = :email");
  333.             $query->setParameter('email'$forget_password_email);
  334.             $user $query->getOneOrNullResult();
  335.         }
  337.         if ($user && $user_email $user->getEmail()) // let's see if we have the user and the user has an email.
  338.         {
  339.             $x md5(time());
  340.             $y str_split($x16);
  341.             $token $y[0] . date('Hi') . $y[1];
  343.             $user->setPasswordResetToken($token);
  344.             $user->setPasswordChangeDate(new \DateTime());
  345.             $em->persist($user);
  346.             $em->flush();
  348.             $url $this->generateUrl(
  349.                 'password_reset_form',
  350.                 array('password_reset_token' => $token),
  351.                 UrlGeneratorInterface::ABSOLUTE_URL
  352.             );
  354.             $mailer $this->container->get('mail_management.mailer');
  355.             $mailer->setSendingConfig();
  356.             $Mail = new Mail();
  358.             # Recipient
  359.             $Recipient = new MailRecipient();
  360.             $Recipient->setEmail($user_email);
  361.             $Recipient->setDisplayName($user->getFullName());
  362.             $Recipient->setMail($Mail);
  363.             $Recipient->setRecipientId($user->getId());
  364.             $entityName $em->getMetadataFactory()->getMetadataFor(get_class($user))->getName();
  365.             $Recipient->setRecipientType($entityName);
  366.             //$em->persist($Recipient);
  367.             //$em->flush();
  368.             # Adds the single recipient (resource);
  369.             $Mail->addRecipient($Recipient);
  370.             $Mail->setSubject('Forgotten password reset');
  372.             # Finalize the MAIL object
  373.             $Mail->setBody($this->renderView(
  374.                 'CoreBundle:email:forget_password_email.html.twig',
  375.                 array('user' => $user'url' => $url)
  376.             ), 'text/html');
  377.             $mailer->sendEmail($Mail);
  379.             return new JsonResponse(['response' => true]);
  380.         } else {
  381.             return new JsonResponse(['response' => false]);
  382.         }
  383.     }
  385.     /**
  386.      * @Route("/password_reset_form/{password_reset_token}", defaults={"password_reset_token" = 0}, name="password_reset_form")
  387.      */
  388.     public function passwordResetForm(Request $request$password_reset_token)
  389.     {
  390.         $user false;
  392.         $password_reset_token $password_reset_token $password_reset_token $request->request->get('password_reset_token');
  394.         $em $this->getDoctrine()->getManager();
  395.         $query $em->createQuery("SELECT u FROM \Globals\ResourceManagementBundle\Entity\Resource u WHERE u.passwordResetToken = :password_reset_token");
  396.         $query->setParameter('password_reset_token'$password_reset_token);
  397.         $user $query->getOneOrNullResult();
  399.         $reset_token_time str_split($password_reset_token4); //5th segment should be time and we will check if it's 2 hours or less
  401.         if ($request->isMethod('POST'))
  402.         {
  403.             $new_password $request->request->get('new_password');
  405.             if ($new_password)
  406.             {
  407.                 $encoder $this->container->get('security.password_encoder');
  408.                 $encoded $encoder->encodePassword($user$new_password);
  410.                 $user->setPasswordResetToken('');
  411.                 $user->setPassword($encoded);
  412.                 $user->setPasswordChangeDate(new \DateTime());
  413.                 $em->persist($user);
  414.                 $em->flush();
  416.                 return new JsonResponse(['response' => true]);
  417.             }
  418.         } else {
  419.             if ($user && (strtotime($reset_token_time[4]) + 7200 time())) {
  420.                 return $this->render('CoreBundle:Default:password_reset_form.html.twig', array('password_reset_token' => $user->getPasswordResetToken()));
  421.             } else {
  422.                 return $this->render('CoreBundle:Default:index.html.twig');
  423.             }
  424.         }
  425.         return new JsonResponse(['response' => false]);
  426.     }
  428.     /**
  429.      * @Route("/keep_alive", name="keep_alive")
  430.      */
  431.     public function keepAliveAction()
  432.     {
  433.         return new JsonResponse('Alive');
  434.     }
  435.     /**
  436.      *
  437.      * @Route("/forcedpasswordchange", name="forcedpasswordchange")
  438.      */
  439.     public function forcedpasswordchangeAction(Request $request)
  440.     {
  441.        // print_r($request->query->get('id'));
  442.         if ($request->isMethod('POST'))
  443.         {
  444.             //print_r($request->request);
  445.             $user = new Resource();
  446.             $old_password $request->request->get('old_password');
  447.             $new_password $request->request->get('new_password');
  448.             $decoded_id base64_decode(urldecode($request->request->get('_user_token')));
  451.             $em $this->getDoctrine()->getManager();
  452.             $ResourceData $em->getRepository("ResourceManagementBundle:Resource")->findOneBy([
  453.                 "id" => $decoded_id,
  454.                 "isActive" => 1
  455.             ]);
  456.             if(empty($ResourceData)){
  457.                 return new JsonResponse(['response' => false]);
  458.             }
  459.             if ($new_password)
  460.             {
  461.                 $encoder $this->container->get('security.password_encoder');
  462.                 $newEncoded $encoder->encodePassword($user$new_password);
  464.                 $ResourceData->setPasswordResetToken('');
  465.                 $ResourceData->setPassword($newEncoded);
  466.                 $ResourceData->setPasswordChangeDate(new \DateTime());
  467.                 $em->persist($ResourceData);
  468.                 $em->flush();
  470.                 return new JsonResponse(['response' => true]);
  471.             }
  472.         }
  473.         return $this->render('CoreBundle:Default:forced_password_reset_form.html.twig', array("TempId" =>$request->query->get('id') ));
  474.     }
  476. }