Begun implementing framework for Customer login portal. See #32
Begun implementing framework for Customer login portal. See #32

--- a/Install/index.php
+++ b/Install/index.php
@@ -559,7 +559,10 @@
   PRIMARY KEY (`id`),
   UNIQUE KEY `idx_failed_user_ip` (`username`,`FailedIP`),
   KEY `idx_failedips` (`FailedIP`)
-) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=latin1;'
+) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=latin1;',
+
+'CREATE TABLE CustPortal( `id` INT NOT NULL, `email` TEXT, `pass` TEXT, `active` TINYINT(1), PRIMARY KEY (`id`));',
+'CREATE UNIQUE INDEX idx_portal_logins ON CustPortal(`email`(100));'
 
 );
 

--- a/conf/config.php.example
+++ b/conf/config.php.example
@@ -56,4 +56,8 @@
 
 // Time in hours to block the IP for
 $conf->banLength = 24;
+
+
+// Enable the customer facing portal?
+$conf->custPortalEnabled = 1;
 ?>

--- a/lib/Handler.php
+++ b/lib/Handler.php
@@ -14,6 +14,7 @@
 require_once 'lib/plugins.php';
 require_once 'lib/db/loggingdb.class.php';
 require_once 'lib/crypto.php';
+require_once 'lib/customer.class.php';
 
 
 $html = new genOutput;

--- a/lib/auth.class.php
+++ b/lib/auth.class.php
@@ -40,6 +40,30 @@
 
 return md5($salt.date('y-m-dHis'));
 
+}
+
+
+/** Generate a random password of the specified length
+*
+* @arg length - INT
+*
+* @return string
+*
+*/
+function generatePassword($length = 8){
+
+ $key="(=?)+.,abcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+ $x = 0;
+ $p = '';
+
+  while ($x < $length){
+  $select = mt_rand(1,strlen($key)) - 1;
+  $p .= $key[$select];
+  $x++;
+  }
+
+return $p;
+  
 }
 
 

--- /dev/null
+++ b/lib/customer.class.php
@@ -1,1 +1,69 @@
+<?php
+/** Customer Portal related functions
+*
+* Copyright (c) 2012 B Tasker
+* Released under GNU GPL V2
+* See LICENSE
+*
+*/ 
 
+defined('_CREDLOCK') or die;
+
+class CredLockCust{
+
+/** Add a customer 
+*
+* @arg name - Customer's name
+* @arg group - Group ID
+* @arg firstname - Their given name
+* @arg surname - Family name
+* @arg email - Email address
+*
+*/
+function add($name,$group,$firstname,$surname,$email){
+$db = new CustDB;
+$id = $db->addCustomer($name,$group,$firstname,$surname,$email);
+$auth = new ProgAuth;
+$db = new AuthDB;
+
+if (!$id){
+  return false;
+}
+
+// We add the customer to the portal, even if we won't let them log-in (i.e. the portal is disabled)
+$password = $auth->generatePassword();
+$salt = $auth->createSalt();
+$pass = md5($password.$salt);
+
+
+if ($db->addCusttoPortal($id,$email,$pass.":".$salt,1)) {
+
+    if (BTMain::getConf()->custPortalEnabled){
+    global $notifications;
+    $notifications->setNotification("<div class='alert alert-success'>The customer has been successfully added to the customer portal and can use the password <i>$password</i> to manage their credentials</div>");
+    }
+}
+
+return $id;
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+
+}
+
+
+
+
+?>
+

--- a/lib/db/Customer.php
+++ b/lib/db/Customer.php
@@ -48,7 +48,7 @@
 $log = new Logging;
 $log->logEntry($newcust,3);
 
-return true;
+return $newcust;
 
 
 

--- a/lib/db/authdb.class.php
+++ b/lib/db/authdb.class.php
@@ -25,6 +25,36 @@
 return $this->loadResult();
 
 }
+
+
+
+
+/** Add a customer record to the portal authentication table
+*
+* @arg id - Customers Id
+* @arg email - Customer's login email address
+* @arg pass - A pre-salted pass phrase
+* @arg active - tinyint(1)
+*
+* @return mysql object
+*/
+function addCusttoPortal($id,$email,$pass,$active = 0){
+
+$crypt = new Crypto;
+
+$id = $this->stringEscape($id);
+$email = $this->stringEscape($crypt->encrypt($email,'auth'));
+$pass = $this->stringEscape($crypt->encrypt($pass,'auth'));
+$active = $this->stringEscape($active);
+
+
+
+$sql = "INSERT INTO #__CustPortal VALUES('$id','$email','$pass','$active')";
+$this->setQuery($sql);
+return $this->runQuery();
+
+}
+
 
 
 /** If an IP has crossed the ban threshold, ban them

--- a/views/Customer/add.php
+++ b/views/Customer/add.php
@@ -14,8 +14,8 @@
 
 if (BTMain::getVar('AddCustSubmitted')){
 
-$db = new CustDB;
 
+$cust = new CredLockCust;
 $crypt = new Crypto;
 $frmname = BTMain::getVar('FrmName');
 $fname = BTMain::getVar('FrmconName');
@@ -34,7 +34,7 @@
 	 }
 
 
-if ($db->addCustomer(htmlspecialchars($frmname),BTMain::getVar('frmGroup'),htmlspecialchars($fname),htmlspecialchars($sname),htmlspecialchars($email))){
+if ($cust->add(htmlspecialchars($frmname),BTMain::getVar('frmGroup'),htmlspecialchars($fname),htmlspecialchars($sname),htmlspecialchars($email))){
 
 
 $notifications->setNotification("addCustSuccess");