CustomerPortal handling added to menus. See #32
CustomerPortal handling added to menus. See #32

--- a/lib/auth.class.php
+++ b/lib/auth.class.php
@@ -245,9 +245,20 @@
     unset($pass);
 
 
+
+if ($user->membergroup != "-99,"){
+    $groups = explode(",","0,".$user->membergroup);
+    }else{
+    $groups = array("-99");
+    BTMain::setUserDetails('PortalLogin','1');
+    $username = $user->id;
+  }
+
 // Log the user in
 BTMain::setUser($username);
-BTMain::setUserDetails('groups',explode(",","0,".$user->membergroup));
+
+BTMain::setUserDetails('groups',$groups);
+
 BTMain::setUserDetails('RealName',$user->Name);
 
 
@@ -348,8 +359,15 @@
  $user = $db->getUserSession($sessID);
 
   if (!$user){
-  $this->LoginInvalid();
-  }
+      $this->LoginInvalid();  
+  }
+
+$cust = new CredLockCust;
+if (is_numeric($user->User) && (BTMain::getConf()->custPortalEnabled) && ($usedets = $cust->checkSession($user->User))){
+$user->username = $usedets->email;
+$user->Name = $usedets->Name;
+$user->membergroup = "-99,";
+}
 
 $expiry = strtotime($user->Expires);
 
@@ -372,7 +390,17 @@
 
 // Users session is valid
 BTMain::setUser($user->username);
-BTMain::setUserDetails('groups',explode(",","0,".$user->membergroup));
+
+
+if ($user->membergroup != "-99,"){
+    $groups = explode(",","0,".$user->membergroup);
+    }else{
+    $groups = array("-99");
+    BTMain::setUserDetails('PortalLogin','1');
+  }
+
+
+BTMain::setUserDetails('groups',$groups);
 BTMain::setUserDetails('RealName',$user->Name);
 
 

--- a/lib/customer.class.php
+++ b/lib/customer.class.php
@@ -113,6 +113,26 @@
 
 
 
+/** Portal sessions have an ID rather than a username stored against them. See if that ID matches our table
+*
+*/
+function checkSession($id){
+$db = new AuthDB;
+$crypt = new Crypto;
+
+$usedets = $db->getPortalByID($id);
+
+if (!$usedets){
+  return false;
+ }
+
+$usedets->membergroup = "-99,";
+$usedets->Name = $crypt->decrypt($usedets->ContactName,'auth')." ".$crypt->decrypt($usedets->ContactSurname,'auth');
+$usedets->email = $crypt->decrypt($usedets->email,'auth');
+return $usedets;
+}
+
+
 
 
 

--- a/lib/db/authdb.class.php
+++ b/lib/db/authdb.class.php
@@ -75,18 +75,35 @@
 
 /** See if a Customer Portal record exists, and return it if it does
 * @arg username
+* @arg state - 1/0 - Does the user have to be active? 
 *
 * @return object
 */
-function getPortalByUsername($username){
+function getPortalByUsername($username,$state = 1){
 $crypt = new Crypto;
 $username=$this->stringEscape($crypt->encrypt($username,'auth'));
-$sql = "SELECT a.*, b.ContactName, b.ContactSurname FROM #__CustPortal as a LEFT JOIN #__Cust as b ON a.id = b.id WHERE a.`email`='$username'";
+$state = $this->stringEscape($state);
+$sql = "SELECT a.*, b.ContactName, b.ContactSurname FROM #__CustPortal as a LEFT JOIN #__Cust as b ON a.id = b.id WHERE a.`email`='$username' AND a.active LIKE '$state'";
 $this->setQuery($sql);
 return $this->loadResult();
 }
 
-
+/** Get a Portal user's record by ID
+* @arg id
+* @arg state - 1/0 - Does the user have to be active? 
+*
+* @return object
+*/
+function getPortalByID($id, $state = 1){
+
+$id=$this->stringEscape($id);
+$state = $this->stringEscape($state);
+$sql = "SELECT a.*, b.ContactName, b.ContactSurname FROM #__CustPortal as a LEFT JOIN #__Cust as b ON a.id = b.id WHERE a.`id`='$id' AND a.active LIKE '$state'";
+$this->setQuery($sql);
+return $this->loadResult();
+
+
+}
 
 /** If an IP has crossed the ban threshold, ban them
 *
@@ -412,7 +429,7 @@
 $date = date('Y-m-d H:i:s');
 $ip = BTMain::getip();
 
-$sql = "SELECT a.ClientIP, a.SessKey, a.`Expires`, b.* FROM #__Sessions as a LEFT JOIN #__Users as b ON a.User = b.username WHERE a.SessionID = '$sess' AND a.Expires > '$date' AND a.`ClientIP` = '$ip'";
+$sql = "SELECT a.ClientIP, a.SessKey, a.`Expires`, a.User, b.* FROM #__Sessions as a LEFT JOIN #__Users as b ON a.User = b.username WHERE a.SessionID = '$sess' AND a.Expires > '$date' AND a.`ClientIP` = '$ip'";
 $this->setQuery($sql);
 
 return $this->loadResult();